value-added-service(BAS interface view)
Function
The value-added-service policy command applies a DAA policy to Layer 2 or Layer 3 leased line users.
The undo value-added-service policy command cancels the application of a DAA policy to Layer 2 or Layer 3 leased line users.
By default, no DAA policy is applied to Layer 2 or Layer 3 leased line users.
This command is supported only on the NetEngine 8000 F1A.
Usage Guidelines
Usage Scenario
When enterprise users access the Router over a Layer 3 leased line, each enterprise belongs to a VPN. The DAA template varies from enterprise to enterprise. By applying a DAA template to a BAS interface, you can configure different DAA templates for users in the same enterprise or the same DAA template for users in different enterprises. When Layer 2 or Layer 3 leased line users are not authenticated, applying a DAA policy to a BAS interface is also required to allow access control between Layer 2 or Layer 3 leased line users.
Prerequisites
- A DAA template has been created.
- The BAS interface has been configured as a Layer 2 or Layer 3 leased line interface.
Configuration Impact
If the value-added-service policy command is run more than once, the latest configuration overrides the previous one. The command can be modified or deleted when users are online.
Example
<HUAWEI> system-view [~HUAWEI] interface GigabitEthernet 0/1/2 [~HUAWEI-GigabitEthernet0/1/2] bas [*HUAWEI-GigabitEthernet0/1/2-bas] display this access-type layer3-leased-line user-name sr-test-eth password cipher %@%##!!!!!!!!!"!!!!"!!!!(!!!!1];16qfZ81fv"uMoKKZ.1k"`AO!X2K2N.b~'NB^V!!!!!!!!!!1!!!!o/4J(q"J1F.!K9%M!6x8%@%# default-domain authentication enterprise_sr qos-profile sr1_qos inbound qos-profile sr1_qos outbound # [*HUAWEI-GigabitEthernet0/1/2-bas] value-added-service policy demo