client-option82

Function

The client-option82 command configures the device to trust the access-line-id information (for a DHCP user) sent from the DHCP client.

The undo client-option82 command restores the default access-line-id information.

By default, the device does not trust the access-line-id information sent from a DHCP client or insert BAS information in the format defined by cn-telecom before the access-line-id information.

This command is supported only on the NetEngine 8000 F1A.

Format

client-option82 [ basinfo-insert { cn-telecom [ version2 ] | version3 } | version1 ]

undo client-option82 [ basinfo-insert { cn-telecom [ version2 ] | version3 } | version1 ]

Parameters

Parameter Description Value
basinfo-insert

Inserts information about the BAS interface.

-
cn-telecom

Inserts information about the BAS interface in the telecom format.

-
version2

Inserts information about the BAS interface in the version2 format.

-
version3

Specifies encapsulating the access-line-id information into a DHCP packet in version3 format.

-
version1

Specifies encapsulating the access-line-id information into a DHCP packet in version1 format.

-

Views

BAS interface view (GE), BAS interface view (VE), BAS interface view (trunk)

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
bras-control write

Usage Guidelines

Usage Scenario

IP DSLAMs are used as the main devices for broadband access. An IP DSLAM obtains DHCP discovery messages, DHCPv6 solicit messages, and PPPoE discovery messages, and then inserts the access-line-id (dhcpv4 option82/pppoe+/dhcpv6 option18+37+17) field to the messages. The inserted information is used to identify the physical location of a user.

The NetEngine 8000 F can trust or untrust the inserted information:

  • Trusting the DHCP access-line-id field

    The commandclient-option82 [ basinfo-insert { cn-telecom | version3 } | version1 ] is configured.

    If a DHCP sent by a client contains the access-line-id field, the NetEngine 8000 F trusts the access-line-id field, and sends the message to the DHCP server, RADIUS serverwithout changing the access-line-id field.

    If the client-option82 command is run, and a DHCP sent by a client contains the access-line-id field, the NetEngine 8000 F encapsulates access-line-id field without changing.

    For example, the access-line-id field carried in a client packet is abc, the access-line-id field encapsulated by is abc.

    If the client-option82 command is run and a DHCP sent by a client contains no access-line-id field, the NetEngine 8000 F creates an access-line-id field based on the physical location of the user that is determined according to the user information such as the VLAN, and then inserts the access-line-id to the message before sending the message to the DHCP server, RADIUS server. encapsulates access-line-id field into a DHCP packet in one of the following formats:
  • Encapsulation format on a GE interface: eth <0>///:.

    For example, huawei eth 0/1/0/1:50.60
  • Encapsulation format on a trunk interface: trunk <0>/<0>//:.

    For example, huawei trunk 0/0/2/11:200.100

    If client-option82 basinfo-insert cn-telecom is set and a DHCP sent by a client contains the access-line-id field, the NetEngine 8000 F will insert the BAS information in the format defined by cn-telecom in one of the following formats:

    BAS information in the format defined by cn-telecom + user information by the client sent
  • Encapsulation format on a GE interface: eth //:.
  • Encapsulation format on a trunk interface:trunk 0/2/:.

    For example, the access-line-id field carried in a client packet is abc, the access-line-id field encapsulated by is eth 0/1/13:4096.4 abc.

    If client-option82 basinfo-insert cn-telecom is set and a DHCP sent by a client contains no the access-line-id field, the NetEngine 8000 F will insert the BAS information in the format defined by cn-telecom in one of the following formats:

    BAS information in the format defined by cn-telecom + 0/0/0/0/0/0
  • Encapsulation format on a GE interface: eth //:.
  • Encapsulation format on a trunk interface:trunk 0/2/:.

    For example, the access-line-id field encapsulated by is eth 0/1/13:4096.4 0/0/0/0/0/0

    If the client-option82 basinfo-insert cn-telecom version2 command is run and the packet sent by the client carries the access-line-id information (not starting with 0 0/0/0:0.0) in the non-standard format defined by cn-telecom, the encapsulation format is as follows: physical information in the format defined by cn-telecom (interface type slot ID/subcard ID/port number:vlan information) + information carried in the user access request.
  • GE interface: eth <slot>/<subslot>/<port>/:< outer VLAN ID>.< inner VLAN ID>
  • Trunk interface: trunk 0/2/<trunk-id>:< outer VLAN ID>.< inner VLAN ID>

    For example, if the user access packet carries abc, the Option 82 information is eth 0/1/13:4096.4 abc.

    If the client-option82 basinfo-insert cn-telecom version2 command is run and the packet sent by the client carries the access-line-id information (starting with 0 0/0/0:0.0) in the standard format defined by cn-telecom, the encapsulation format is as follows: physical information in the format defined by cn-telecom (interface type slot ID/subcard ID/port number:vlan information) + the information following 0 0/0/0:0.0 carried in the user access request.
  • GE interface: eth <slot>/<subslot>/<port>/:< outer VLAN ID>.< inner VLAN ID>
  • Trunk interface: trunk 0/2/<trunk-id>:< outer VLAN ID>.< inner VLAN ID>

    For example, if the user access packet carries 0 0/0/0:0.0 abc, the Option 82 information is eth 0/1/13:4096.4 abc.

    If the client-option82 basinfo-insert cn-telecom version2 command is run and the packet sent by the client does not carry the access-line-id information, the encapsulation format is as follows: physical information in the format defined by cn-telecom (interface type slot ID/subcard ID/port number:vlan information) + 0/0/0/0/0/0.
  • GE interface: eth <slot>/<subslot>/<port>/:< outer VLAN ID>.< inner VLAN ID>
  • Trunk interface: trunk 0/2/<trunk-id>:< outer VLAN ID>.< inner VLAN ID>

    Format example: eth 0/1/13:4096.4 0/0/0/0/0/0.

    After the client-option82 basinfo-insert version3 command is run, if a message sent by a client carries Option 82 information and the length of the Circuit-Id attribute in Option 82 is not 0, the Option 82 encapsulation format is: +BAS interface information in the format defined by cn-telecom (IfType//:vlan)+circuit-id+remote-id.
  • Encapsulation format on a GE interface: eth //:.
  • Encapsulation format on a trunk interface: trunk <0>/<2>/:.

    For example, if ABC is carried in the Option 82 field of a user message, the device encapsulates the Option 82 information in the format of HUAWEI eth 0/1/13:4096.4 ABC.

    NOTE:

    If version3 is specified and the length of the Option 82 field in a user message is too long, the device truncates the excessive part. Specifically, the value of the newly generated Option 82 field is truncated if its length exceeds 200 bytes.

    After the client-option82 basinfo-insert version3 command is run, if a message sent by a client carries Option 82 information and the length of the Circuit-Id attribute in Option 82 is 0, the Option 82 encapsulation format is: +BAS interface information in the format defined by cn-telecom (IfType//:vlan)+0/0/0/0/0/0+circuit-id+remote-id.
  • Encapsulation format on a GE interface: eth //:.
  • Encapsulation format on a trunk interface: trunk <0>/<2>/:.

    For example, if BC (Remote-Id) is carried in the Option 82 field of a user message, the device encapsulates Option 82 in the format of HUAWEI eth 0/1/13:4096.4 0/0/0/0/0/0BC.

    NOTE:

    If version3 is specified and the length of the Option 82 field in a user message is too long, the device truncates the excessive part. Specifically, the value of the newly generated Option 82 field is truncated if its length exceeds 200 bytes.

    The client-option82 version1 command provides the following functions:
  1. Uses the BAS interface information to generate access-line-id information based on the encapsulation format specified in this command when the access-line-id information (dhcpv4 option82/pppoe+) reported by a client needs to be trusted and a packet reported by the client does not carry access-line-id information. The encapsulation formats are described as follows:
    • Encapsulation format on a GE interface: -..-.

      For example, the encapsulation format on a GE interface is huawei-1.0.1-50.60.
    • Encapsulation format on a trunk interface: -<0>.-.

      For example, the encapsulation format on a trunk interface is huawei-trunk-0.11-200.100.
  2. Enables PPPoE username replacement. For a PPPoE user, if you configure the default-user-name command to use the access-line-id information to generate a username, the access-line-id field is used to generate a username when an authentication request packet reported by a client carries the access-line-id field. If an authentication request packet reported by a client does not carry access-line-id field, the BAS interface information is used to generate the access-line-id information in the format specified in function 1. The AAA component generates a new username based on the suboption information in access-line-id. Eventually, the newly generated username is replaced with the username carried in the PPP authentication request packet.
  3. Enables static route allocation for PPPoE users. The dhcp option121 route command configured in the AAA domain or the Radius attribute HW-DHCPv4-Option121 is used to allocate static routes to PPPoE users. The Radius attribute takes precedence over the dhcp option121 route command. The BRAS uses PPPoE PADN Tag 0x121 IP_ROUTE_ADD to send the information to the client. By default, the dhcp option121 route command and the HW-DHCPv4-Option121 attribute take effect only for IPoE users.
  4. Obtains PPPoE client-id information from a packet sent by the client for authentication. The NetEngine 8000 F parses information in PPPoE PADR Tag 0x0103 Host-unique as the client-id information. If the packet does not carry PPPoE PADR Tag 0x0103 Host-unique, the NetEngine 8000 F uses a hexadecimal character string corresponding to the client's MAC address to generate the client-id information for the PPPoE user. For example, the client's MAC address is 00e0-fc12-3456, and the generated client-id information is 00e0fc123456.
  5. Enables the Class attribute in a RADIUS accounting packet to encapsulate the client-id information (DHCPv4 Option61/DHCPv6 Option1/PPPoE PADR Tag 0x0103 Host-unique).

    After you configure this command and the radius-attribute usermac-as-option61 command in the RADIUS server group view, the client-id information is encapsulated into the Class attributes in RADIUS accounting packets in the format of SERIAL_NUMBER:.

    The RADIUS server sends an authentication request packet carrying the Class attribute to the BRAS. The BRAS encapsulates the received Class attribute into an accounting request packet. Currently, the NetEngine 8000 F supports eight Class attributes. If RADIUS authentication is used, the BRAS encapsulates the client-id information into the Class attribute in a RADIUS accounting packet only when the number of Class attributes in the RADIUS authentication request packet is less than or equal to seven and the client has the client-id information. If only accounting is used, the BRAS encapsulates the client-id information into the Class attribute in a RADIUS accounting packet only if the client has the client-id information.

    NOTE:

    To use all the five functions for common Layer 2 users, configure this command.

    This command does not depend on the access-line-id attach command. When you configure the client-option82 version1 command, the Option82 information generated based on the BAS interface information is used for user authentication.
  • Untrusting the DHCP access-line-id field

    The undo client-option82 or the basinfo-insert cn-telecom or thebasinfo-insert version2 command is configured.

    The NetEngine 8000 F untrusts the access-line-id field or the PPPoE+ field contained in the DHCP sent by a client. Instead, the NetEngine 8000 F creates an access-line-id field based on the physical location of the user that is determined through the user information such as the VLAN, and then inserts the access-line-id to the message before sending the message to the DHCP server, or RADIUS server.

    If undo client-option82 is set, the NetEngine 8000 F encapsulates access-line-id information in the following formats:

    circuit id (slot(two bits) + subslot(one bit) + port(one bit) + inner vlan(four bits) + interface type) + remote id (hostname+ slot(two bits) + subslot(one bit) + port(one bit) + inner vlan(four bits) + interface type)

    For example, 0205-0000-GE MSE-108-0205-0000-GE

    If basinfo-insert cn-telecom is set, the NetEngine 8000 F will insert the BAS information in the format defined by cn-telecom in one of the following formats:

    BAS information in the format defined by cn-telecom + 0/0/0/0/0/0
  • Encapsulation format on a GE interface: //:.
  • Encapsulation format on a trunk interface: //:.

    For example, eth 0/1/13:4096.4 0/0/0/0/0/0

    If basinfo-insert version2 is set, the NetEngine 8000 F will insert the BAS information in the format defined by version2 in one of the following formats:
  • Encapsulation format on a GE interface: eth <0>///:.

    For example, huawei eth 0/1/0/1:50.60
  • Encapsulation format on a trunk interface: trunk <0>/<0>//:.

    For example, huawei trunk 0/0/2/11:200.100

Prerequisites

Before running this command, set the access type of the user by the access-type command.

Precautions

1.This command is supported only on the admin VS.

2.The functions of the client-option82 command and the client-access-line-id command are the same. Both of them are used to configure a mode of processing the access-line-id information. If they have been both run in the same view, the last configuration takes effect.

3.The client-option82 version1 command is mutually exclusive with the following commands:

  • client-option82 basinfo-insert cn-telecom

    client-option82 [ basinfo-insert { cn-telecom | version3 } ]
  • access-line-id basinfo-insert cn-telecom
  • basinfo-insert cn-telecom
  • basinfo-insert version2

    The client-option82 basinfo-insert version3, client-option82 basinfo-insert cn-telecom, and client-option82 version1 commands are mutually exclusive.

4.If both the client-option82 and client-option82 version1 commands are configured, the client-option82 version1 command takes effect.

5.After the BRAS device is configured with the client-option82 command, if the packets sent by the client do not carry the Option 82 information, the packets sent by the BRAS device to the remote server carry the Option 82 information that is generated by default.

6.The client-option82 version1 command configuration does not take effect for DHCPv6 users. It has the same effect as the client-option82 configuration.

Example

# Enable a BAS interface GE 0/1/1 to encapsulate access-line-id information into a DHCP packet in a version1 format.
<HUAWEI> system-view
[~HUAWEI] interface GigabitEthernet 0/1/1
[~HUAWEI-GigabitEthernet0/1/1] bas
[~HUAWEI-GigabitEthernet0/1/1-bas] access-type layer2-subscriber
[*HUAWEI-GigabitEthernet0/1/1-bas] commit
[~HUAWEI-GigabitEthernet0/1/1-bas] client-option82 version1
# Insert information about the BAS interface GE 0/1/1 before the DHCP access-line-id information reported by the client.
<HUAWEI> system-view
[~HUAWEI] interface GigabitEthernet 0/1/1
[~HUAWEI-GigabitEthernet0/1/1] bas
[~HUAWEI-GigabitEthernet0/1/1-bas] access-type layer2-subscriber
[*HUAWEI-GigabitEthernet0/1/1-bas] commit
[~HUAWEI-GigabitEthernet0/1/1-bas] client-option82 basinfo-insert cn-telecom
# Configure the BAS interface GE 0/1/1 to trust the DHCP access-line-id field reported by a client.
<HUAWEI> system-view
[~HUAWEI] interface GigabitEthernet 0/1/1
[~HUAWEI-GigabitEthernet0/1/1] bas
[~HUAWEI-GigabitEthernet0/1/1-bas] access-type layer2-subscriber
[*HUAWEI-GigabitEthernet0/1/1-bas] commit
[~HUAWEI-GigabitEthernet0/1/1-bas] client-option82
Parent Topic: IPoE Access Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >