Configuring a BAS Interface

If an interface is used for broadband user access, you must configure it as a BAS interface and set an access type and other attributes.

Context

When configuring a BAS interface, you need the following information:

  • BAS interface number

  • Access type and authentication method

  • Specified domains for the BAS interface

  • Additional functions of the BAS interface

  • Packet processing methods

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run interface interface-type interface-number [. subinterface-number ]

    The interface view is displayed.

  3. Run bas

    A BAS interface is created, and the BAS interface view is displayed.

    The bas command run in the view of an interface configures the interface as a BAS interface. An Ethernet interface or its sub-interface, or an Eth-Trunk interface or its sub-interface can be configured as a BAS interface.

  4. Run commit

    The configuration is committed.

  5. Configure an access type.

    • Run access-type layer2-subscriber [ default-domain [ authentication dname ] ]

      The access type is set to Layer 2 subscriber access, and attributes are configured for this access type.

    The access type cannot be configured on the Ethernet interface that is added to an Eth-Trunk interface. You can configure the access type of such an Ethernet interface only on the associated Eth-Trunk interface.

  6. Run authentication-method-ipv6 ppp [ web ]

    PPP or PPP+web authentication for IPv6 users is configured.

  7. (Optional) Run any of the following commands:

    The permit-domain command cannot be configured together with the deny-domain, deny-domain-list, or permit-domain-list command on a BAS interface.

    • To configure a default authentication domain, run the default-domain authentication [ force | replace ] domain-name command.

      To specify the default authentication domain for PPP users, run the default-domain authentication ppp-user domain-name command.

      • If the default-domain authentication ppp-user domain-name command is configured, the authentication domain specified in this step is used as the default authentication domain for PPP users.
      • If the default-domain authentication ppp-user domain-name command is not configured but the default-domain authentication [ force | replace ] domain-name command is configured, the authentication domain specified using the default-domain authentication [ force | replace ] domain-name command is used as the default authentication domain for PPP users.
      • If neither of the commands is configured, the default authentication domain for PPP users is default1.

    • To configure a roaming domain, run the roam-domain domain-name command.

    • To configure a domain for user access, run the permit-domain domain-name &count command.

    • To configure a domain denying user access, run the deny-domain domain-name &<1-16> command.

    • To configure a list of domains denying user access, run the deny-domain-list domainlist-name command.

  8. (Optional) Configure additional functions of the BAS interface.

    • Configure access triggered by packets.

      • Run ipv6-trigger

        Access triggered by IPv6 packets is configured.

      • Or run nd-trigger

        Access triggered by NS or NA packets is configured.

    • Configure the accounting packet copy function.

      Run accounting-copy radius-server radius-name

      The accounting packet copy function is enabled.

    • Configure user detection parameters.

      Run user detect retransmit number interval time

      User detection parameters are configured.

    • Block the BAS interface.

      Run block [ start-vlan { start-vlan [ end-vlan end-vlan ] [ qinq qinq-vlan ] | any qinq start-qinq-vlan [ end-qinq-vlan ] } ]

      The BAS interface is blocked.

    • Limit the number of users on the BAS interface.

      Run access-limit user-number

      The number of users on the BAS interface is limited.

      If the command is run and the VLAN information is specified, the number of users in specified VLAN(s) on the BAS interface is limited.

      If the command is run and the VLAN information is not specified, the number of users in each VLAN on the BAS interface is limited. If the two types of configurations coexist on a BAS interface, they do not conflict. The number of users in the specified VLAN is subject to the limit set for the specified VLAN. The number of users in any one of the other unspecified VLANs is subject to the limit set for each VLAN on the BAS interface.

  9. (Optional) Configure packet processing methods.

    • Configure a method for processing access-line-id information.

      Run client-option82 [ basinfo-insert { cn-telecom | version3 } | version1 ] or client-access-line-id [ basinfo-insert cn-telecom | version1 ]

      The NetEngine 8000 F is configured to trust the access-line-id information sent from the client.

      Or run basinfo-insert cn-telecom

      The NetEngine 8000 F is configured to distrust the access-line-id information sent from the client and insert the access-line-id information in the format defined by cn-telecom.

      Or run basinfo-insert version2

      The NetEngine 8000 F is configured to insert the access-line-id information in the format defined by version2 if the NetEngine 8000 F does not trust the access-line-id information sent from the DHCP client.

      The router parses and transmits access-line-id information based on the following configurations:
      • Run the option82-relay-mode dslam { auto-identify | config-identify } or access-line-id dslam { auto-identify | config-identify } command to allow the router to extract information from the access-line-id field in the packet sent from the DSLAM and add the information to Agent-CircuitID and Agent-RemoteID attributes sent to the RADIUS server. Or run the option82-relay-mode include { allvalue | { agent-circuit-id | agent-remote-id [ separator ] }* } or access-line-id include { allvalue | { agent-circuit-id | agent-remote-id [ separator ] }* } command to allow the NAS-Port-Id attribute sent to the RADIUS server to contain access-line-id information.
      • Run the option82-relay-mode subopt { agent-circuit-id { hex | string } | agent-remote-id { hex | string } or access-line-id translate { agent-circuit-id { hex | string } | agent-remote-id { hex | string } command to configure the format of Agent-CircuitID or Agent-RemoteID information.

      Or run vbas vbas-mac-address [ auth-mode { ignore | reject } ]

      The function of locating a user through the virtual BAS (VBAS) is enabled.

    • (Optional) Configure a method for processing link-account information.

      Run link-account resolve

      The accounting-request packets carrying link-account information are sent to a RADIUS server.

      Before running the command, set the access type to Layer 2 subscriber access.

      The command affects RADIUS attribute 25 for accounting-request packets sent by the device to a RADIUS accounting server.

      An interface fills the link-account information in RADIUS attribute 25 class if both the following situations are met:
      • Users getting online from the interface do not need to be authenticated and RADIUS accounting is configured on the interface.
      • For common Layer 2 users, VLANs and VLAN descriptions are configured on the interface.

  10. Run commit

    The configuration is committed.

Parent Topic: Configuring PPPoEv6 Access
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >