Creating an Address Pool
It is essential to configure the type, name, gateway, and address segment of an address pool.
Procedure
- Run system-view
The system view is displayed.
- (Optional) Run access wait-request-time dhcpv4 time-value
The timeout period for a router to wait for a Request message from a client in response to an Offer message sent to the client is set.
- Perform either of the corresponding operations according to the type of the address pool to be created.
- Create a dynamic address pool.
- Run ip pool pool-name bas dynamic
A dynamic address pool is created, and the dynamic address pool view is displayed.
- Run radius-server group group-name
A RADIUS server group is bound to the dynamic address pool.
- Run authentication-name authentication-name password cipher password
An authentication name and a password are configured for the BRAS to apply to a RADIUS server for dynamic address segments.
- (Optional) Run ip used-threshold upper-limit upper-value lower-limit lower-value
The upper and lower address usage thresholds are configured for the dynamic address pool. The lower threshold for address segment release must be less than the upper threshold for address segment application.
The BRAS checks the dynamic address pool usage every 10 minutes. If the BRAS detects that the dynamic address pool usage reaches the upper threshold, the BRAS applies to the RADIUS server for new address segments. If the BRAS detects that the dynamic address pool usage falls below the lower threshold, the BRAS applies to the RADIUS server for releasing address segments.
- (Optional) Run detect retransmit retransmit-value interval days hours minutes
The number of retransmission times and a retransmission interval for detecting address segment availability are configured for the dynamic address pool.
- Run ip pool pool-name bas dynamic
- Create a non-dynamic address pool.
- Run ip pool pool-name [ bas { local | remote } [ rui-slave ] | server ]
A non-dynamic address pool is created, and the address pool view is displayed.
Up to 4096 address pools can be configured in the system, including access-side address pools and network-side address pools. The address pool names must be unique.
- Run gateway ip-address mask
The gateway address and mask of the pool are configured.
The gateway address and mask are used to determine whether the IP addresses in the address segments are on the same subnet as the gateway. Therefore, you must configure the gateway address and mask before configuring the address segments.
Or run gateway unnumbered interface interface-type interface-number
An unnumbered interface gateway is configured for an address pool.
Before configuring a gateway for an IP address pool, ensure that the gateway address and user addresses are on the same network segment, but the gateway address cannot be assigned to users. As a result, many IP addresses are wasted. This command allows the loopback address of the device to be used as the gateway address for all users. This prevents IP addresses from being wasted in each address pool.
The borrowed interface must be configured with an IP address.
The gateway unnumbered interface interface-type interface-number command can only be configured in the IPv4 local address pool.
If an IP address pool is bound to a domain, the interface gateway can be configured, deleted or changed only after the address pool is unbound from the domain.
The gateway address's mask length of the remote address pool must be the same as the gateway address's mask length of the server address pool on the DHCP server.
The ppp-gateway unnumbered loopback command can be run in the AAA view when a PPP user who receives a Framed-Ip-Address from the RADIUS server needs to choose a loopback interface address as the gateway address.
- Run section section-number start-ip-address [ end-ip-address ]
An address segment is configured.
A maximum of 256 address segments can be configured in an address pool. An address segment contains a maximum of 65536 IP addresses. The address segments cannot overlap each other.
- (Optional) Run wait-request-time time-value
The timeout period for a router to wait for a Request message from a client in response to an Offer message sent to the client is set.
The wait-request-time time-value command is run in the IP address pool view whereas the access wait-request-time dhcpv4 time-value command is run in the system view. If the two commands are both run, the wait-request-time time-value command takes effect.
- (Optional) Run weight weight-value
A weight is configured for the IPv4 address pool.
- After the weight is configured for the IPv4 address pool, you must run the ip-pool algorithm loading-share remote command in the system view to configure the device to assign addresses from remote IPv4 address pools based on their weights.
- The ip-pool algorithm loading-share remote command applies only to IPv4 remote address pools.
- Run quit
Return to the system view.
- (Optional) Run ip-pool algorithm loading-share remote [ chasten { restrain-period period-value | timeout-threshold threshold-value } * ]
A period during which a remote address pool is suppressed and a threshold for the number of NAK packets in the suppressed remote address pool are configured.
- (Optional) Run dhcp-server check-remote-ip loose
The BRAS is disabled from checking whether the IP addresses assigned by the DHCP server are on the network segment to which the gateway address of the remote address pool belongs.
The dhcp-server check-remote-ip loose command takes effect for remote address pools and remote RUI address pools only.
- Run ip pool pool-name [ bas { local | remote } [ rui-slave ] | server ]
- Create a dynamic address pool.
- (Optional) Run ip-attribute public
The public network attribute is configured for an IP address pool or an IP address pool group.
To use the ip-attribute public command, you must also run the ip-pool usage-status threshold command to configure the upper and lower thresholds for public IP address pool usage in a domain, so that the pool usage status to be sent to the RADIUS server can be calculated.
The ip-attribute public command takes effect only on local address pools.
- (Optional) Run lease days [ hours [ minutes ] ]
The lease of the address pool is configured.
The ip-attribute public command takes effect only on local address pools.
- (Optional) Run rebinding-time days [ hours [ minutes ] ]
The rebinding time of IP addresses is set.
The ip-attribute public command takes effect only on local address pools.
- (Optional) Run renewal-time days [ hours [ minutes ] ]
The renewal time of IP addresses is set.
The ip-attribute public command takes effect only on local address pools.
- (Optional) Run recycle start-ip-address [ end-ip-address ]
The status of these IP addresses is set to idle.
When the user is not online, you can reclaim the occupied IP address manually by running this command.
- (Optional) Run conflict auto-recycle interval interval-time
The interval at which conflicting addresses are automatically reclaimed is set.
If interval-time is 0, the automatic address reclaim function is disabled. Conflicting addresses will not be assigned to users. You must run the reset conflict-ip-address command to reclaim conflicting addresses.
If interval-time is not 0, the usage of IP addresses in the address pool exceeds the alarm threshold and the address conflict time exceeds the specified interval-time value, the router automatically reclaims some conflicting addresses and assigns them to users.
This command is valid only in the view of the local or server address pool.
- (Optional) Run reserved ip-address { lease | mac }
The reservation type of an IP address for a user is configured.
If a user is assigned a lease of four days during the first login, the user can still use the originally-allocated IP address provided that the user goes online for the second time within four days. This is called lease-based IP address reservation.
If a user's MAC address and the allocated IP address are recorded during the first login, the user can still use the originally-allocated IP address when the user goes online for the second time. This is called MAC-address-based IP address reservation.
- (Optional) Run vpn-instance vpn-instance-name
The address pool is bound to a VPN instance.
- (Optional) Run warning-threshold warning-threshold-value
The alarm threshold for the address usage of an address pool is set. If the address usage exceeds the threshold, an alarm is generated on the router.
- (Optional) Set the alarm threshold for the address usage of the IPv4 address pool bound to the VPN instance.
- (Optional) Run warning-exhaust
The address exhaustion alarm function is enabled for the address pool.
After this command is executed, the system generates an address exhaustion alarm when IP addresses in the address pool are exhausted, prompting the administrator to plan the IP addresses. When IP addresses in the address pool are exhausted, users cannot go online.
When IP address usage of the address pool falls below 90%, the address exhaustion alarm is cleared.
- (Optional) Run frame-ip lease manage
The lease management function of IP addresses delivered by the RADIUS server is enabled in an IP address pool.
- (Optional) Run option33 route dest-ip gateway-ip
A user route is configured for the address pool.
- (Optional) Run option router disable
The device is disabled from sending DHCP packets carrying Option 3 (network gateway address) to the client.
- (Optional) Enable the automatic recycling of IP addresses assigned in RADIUS authentication responses.
- Run commit
The configuration is committed.