Example for Configuring User-side Multicast CAC for IPoE Access Users
This section provides an example for configuring user-side multicast CAC for IPoE access users.
Networking Requirements
On the network shown in Figure 1, PC 1 and PC 2 belong to the domain named ipv4, and they support the IPoE access mode. You are required to configure user-side multicast CAC to meet the following requirements:
PC 1 and PC 2 can access the network through GE 0/1/0 on the BRAS in IPoE mode.
The BRAS neither authenticates nor performs accounting for PC 1 and PC 2.
Supported authentication modes: RADIUS, and none
Supported accounting modes: RADIUS, and none
PC 1 and PC 2 can join the multicast groups 235.1.1.1 and 236.1.1.1.
The BRAS uses GE 0/1/0 to communicate with the access network device and uses GE 0/1/1 and GE 0/1/2 to communicate with the PIM-SM devices.
Configuration Roadmap
The configuration roadmap is as follows:
Configure an IPv4 address pool.
Configure AAA schemes.
Configure an AAA domain.
Configure the IPoE access mode:
Configure an authentication scheme.
Configure the GE interface as a BAS interface and set the user access mode.
Enable session-based multicast traffic replication on the BAS interface.
Configure basic multicast functions:
Enable multicast routing.
Enable PIM-SM on interfaces on the BRAS.
Enable IGMP on the BRAS interface connected to users.
Configure user-side multicast CAC:
Configure a multicast bandwidth limit policy.
Bind the multicast bandwidth limit policy to the AAA domain.
Bind the multicast bandwidth limit policy to the BRAS interface connected to users.
Enable user-side multicast CAC on a specific interface board.
Data Preparation
IPv4 address pool name, address range, and gateway address
Authentication and accounting schemes
Name of the domain to which users belong
BAS interface parameters
Procedure
- Configure an IPv4 address pool.
<HUAWEI> system-view [~HUAWEI] sysname BRAS [*HUAWEI] commit [~BRAS] ip pool ipv4 bas local [~BRAS-ip-pool-ipv4] gateway 10.0.0.1 255.255.0.0 [~BRAS-ip-pool-ipv4] section 1 10.0.0.1 10.0.255.255 [~BRAS-ip-pool-ipv4] quit
- Configure AAA schemes.
# Configure an authentication scheme.
[~BRAS] aaa [~BRAS-aaa] authentication-scheme none [*BRAS-aaa-authen-none] authentication-mode none [*BRAS-aaa-authen-none] commit [~BRAS-aaa-authen-none] quit
# Configure an accounting scheme.
[~BRAS-aaa] accounting-scheme none [*BRAS-aaa-accounting-none] accounting-mode none [*BRAS-aaa-accounting-none] commit [~BRAS-aaa-accounting-none] quit [~BRAS-aaa] quit
- Configure an AAA domain.
[~BRAS] aaa [~BRAS-aaa] domain ipv4 [*BRAS-aaa-domain-ipv4] authentication-scheme none [*BRAS-aaa-domain-ipv4] accounting-scheme none [*BRAS-aaa-domain-ipv4] commit [~BRAS-aaa-domain-ipv4] ip-pool ipv4 [~BRAS-aaa-domain-ipv4] quit [~BRAS-aaa] quit
- Configure a BAS interface. Specify a user access type and an authentication mode for the interface.
[~BRAS-GigabitEthernet0/1/0] bas [~BRAS-GigabitEthernet0/1/0-bas] access-type layer2-subscriber default-domain authentication ipv4 [~BRAS-GigabitEthernet0/1/0-bas] authentication-method bind [~BRAS-GigabitEthernet0/1/0-bas] quit
# Run the display access-user domain ipv4 command to check information about users who have gone online. The command output shows that the users with IDs 352 and 353 have gone online in IPoE mode.[~BRAS] display access-user domain ipv4 ------------------------------------------------------------------------------ UserID Username Interface IP address MAC Vlan IPv6 address Access type ------------------------------------------------------------------------------ 352 PC1@ipv4 GE0/1/0 10.0.0.1 00-e0-fc-12-34-56 -/- - IPOE 353 PC2@ipv4 GE0/1/0 10.0.0.2 00-e0-fc-22-34-56 -/- - IPOE ------------------------------------------------------------------------------ Normal users : 2 RUI Local users : 0 RUI Remote users : 0 Total users : 2
- Enable session-based multicast traffic replication on the BAS interface.
[~BRAS-GigabitEthernet0/1/0] bas [*BRAS-GigabitEthernet0/1/0-bas] multicast copy by-session [*BRAS-GigabitEthernet0/1/0-bas] commit [~BRAS-GigabitEthernet0/1/0-bas] quit [~BRAS-GigabitEthernet0/1/0] quit
- Configure basic multicast functions.
[~BRAS] multicast routing-enable [*BRAS] interface gigabitethernet 0/1/1 [*BRAS-GigabitEthernet0/1/1] undo shutdown [*BRAS-GigabitEthernet0/1/1] ip address 10.1.1.1 255.255.255.0 [*BRAS-GigabitEthernet0/1/1] pim sm [*BRAS-GigabitEthernet0/1/0] quit [*BRAS] interface GigabitEthernet 0/1/2 [*BRAS-GigabitEthernet0/1/2] undo shutdown [*BRAS-GigabitEthernet0/1/2] ip address 10.1.2.1 255.255.255.0 [*BRAS-GigabitEthernet0/1/2] pim sm [*BRAS-GigabitEthernet0/1/2] quit [*BRAS] commit [~BRAS] interface gigabitethernet 0/1/0 [~BRAS-GigabitEthernet0/1/0] pim sm [*BRAS-GigabitEthernet0/1/0] igmp enable [*BRAS-GigabitEthernet0/1/0] quit [*BRAS] commit
- Verify the configuration.
# After users go online, run the display access-user command to check information about users.
[~BRAS] display access-user username PC1@ipv4 -------------------------------------------------------------------------- UserID Username Interface IP address MAC Vlan IPv6 address Access type -------------------------------------------------------------------------- 1 PC1@ipv4 GE0/1/0 10.0.0.1 00-e0-fc-12-34-56 -/- - IPOE -------------------------------------------------------------------------- Normal users : 1 RUI Local users : 0 RUI Remote users : 0 Total users : 1 [~BRAS] display access-user username PC2@ipv4 -------------------------------------------------------------------------- UserID Username Interface IP address MAC Vlan IPv6 address Access type -------------------------------------------------------------------------- 2 PC2@ipv4 GE0/1/0 10.0.0.2 00-e0-fc-22-34-56 -/- - IPOE -------------------------------------------------------------------------- Normal users : 1 RUI Local users : 0 RUI Remote users : 0 Total users : 1
- Configure user-side multicast CAC.
# Configure a multicast bandwidth limit policy.
[~BRAS] multicast bas-policy [~BRAS-multicast-bas-policy] policy policy1 [~BRAS-multicast-bas-policy-policy1] unspecified-channel permit [~BRAS-multicast-bas-policy-policy1] channel huawei [~BRAS-multicast-bas-policy-policy1-channel-huawei] group 235.1.1.1 mask 32 source 1.1.1.1 mask 24 per-bandwidth 1000 level-1 [~BRAS-multicast-bas-policy-policy1-channel-huawei] group 236.1.1.1 mask 32 source 2.1.1.1 mask 24 per-bandwidth 2000 level-1 [~BRAS-multicast-bas-policy-policy1-channel-huawei] quit [~BRAS-multicast-bas-policy-policy1] quit [~BRAS-multicast-bas-policy] quit
# Configure a multicast bandwidth limit policy and limit the bandwidth of each user in the AAA domain.
[~BRAS] aaa [~BRAS-aaa] domain ipv4 [~BRAS-aaa-domain-ipv4] multicast bas-policy policy1 out bandwidth 10000 level-1 8000 interface GigabitEthernet [~BRAS-aaa-domain-ipv4] quit [~BRAS-aaa] quit
# Configure a multicast bandwidth limit policy and limit the bandwidth on the interface through which users go online.
[~BRAS] interface GigabitEthernet0/1/0 [~BRAS-GigabitEthernet0/1/0] multicast bas-policy policy1 out bandwidth 30000 level-1 20000 [~BRAS-GigabitEthernet0/1/0] quit
# Enable user-side multicast CAC on the interface board through which users go online.
[~BRAS] slot 1 [~BRAS-slot-1] multicast bas-policy out enable interface gigabitEthernet [~BRAS-slot-1] quit
- Verify the configuration.
# Run the display multicast bas-policy policy command to check information about global policy entries delivered to an interface board.
<HUAWEI> display multicast bas-policy policy policy1 slot 1 Policy Index: 1 Unspecified-Channel Permit: Enable ---------------------------------------------------------------------------------------------- Channel Index:0 Group-Address Mask Source-Address Mask Bandwidth(kbit/s) Level 235.1.1.1 32 1.1.1.1 24 1000 1 236.1.1.1 32 2.1.1.1 24 1000 1 -----------------------------------------------------------------------------------------------
# Run the display multicast bas-policy out user command to check information about the multicast BAS policy of a specific user.
<HUAWEI> display multicast bas-policy out user 1 User-ID: 1 Policy Index: 1 Bandwidth(kbit/s): 10000 Level-1(kbit/s): 8000 Level-2(kbit/s): 2000 Used-Bandwidth(kbit/s): 5000 Used-Level-1(kbit/s): 3000 Used-Level-2(kbit/s): 2000# Run the display multicast bas-policy out interface command to check information about the multicast BAS policy and bandwidth statistics of a specific interface.
<HUAWEI> display multicast bas-policy out interface GigabitEthernet0/1/0 Interface: GigabitEthernet0/1/0 Policy Index: 1 Bandwidth(kbit/s): 30000 Level-1(kbit/s): 20000 Level-2(kbit/s): 10000 Used-Bandwidth(kbit/s): 10000 Used-Level-1(kbit/s): 8000 Used-Level-2(kbit/s): 2000
Configuration Files
# sysname BRAS # multicast routing-enable # ip pool ipv4 bas local gateway 10.0.0.1 255.255.0.0 section 1 10.0.0.1 10.0.255.255 # aaa # authentication-scheme none authentication-mode none # accounting-scheme none accounting-mode none # domain ipv4 authentication-scheme none accounting-scheme none ip-pool ipv4 multicast bas-policy policy1 out bandwidth 10000 level-1 8000 interface GigabitEthernet # interface GigabitEthernet0/1/1 undo shutdown ip address 10.1.1.1 255.255.255.0 pim sm # interface GigabitEthernet0/1/2 undo shutdown ip address 10.1.2.1 255.255.255.0 pim sm # interface GigabitEthernet0/1/0 pim sm igmp enable bas # access-type layer2-subscriber default-domain authentication ipv4 authentication-method bind multicast copy by-session # multicast bas-policy policy1 out bandwidth 30000 level-1 20000 # multicast bas-policy policy policy1 unspecified-channel permit channel huawei group 235.1.1.1 mask 32 source 1.1.1.1 mask 24 per-bandwidth 1000 level-1 group 236.1.1.1 mask 32 source 2.1.1.1 mask 24 per-bandwidth 2000 level-1 # slot 1 multicast bas-policy out enable interface GigabitEthernet # return