H3C vBRAS典型配置案例集

发布日期：2025-01-04 15:00 点击次数：206

1 简介本文档介绍H3C vBRAS系列虚拟路由器IPoE Web NAT功能典型配置举例。H3C vBRAS虚拟路由器有别于H3C公司以往的各系列物理路由器，是一款运行在标准服务器虚拟机上的纯软件路由器产品。NAT功能是在内部网络和外部网络之间建立连接时产生地址映射关系，使IPoE Web用户能够在内部网络访问外部网络的组网环境。 2 配置前提 · 本文档不严格与具体软、硬件版本对应，如果使用过程中与产品实际情况有差异，请参考相关产品手册，或以设备实际情况为准。 · 本文档中的配置均是在实验室环境下进行的配置和验证，配置前设备的所有参数均采用出厂时的缺省配置。如果您已经对设备进行了配置，为了保证配置效果，请确认现有配置和以下举例中的配置不冲突。 · 本文档假设您已了解ACL、QoS、策略路由、AAA、NAT等特性。 3 配置举例 3.1 组网需求如图1所示： · Host作为DHCP Client经由VXLAN网络以IPoE方式接入到vBRAS。 · vBRAS作为DHCP服务器为Host动态分配IP地址。 · RADIUS服务器通过交换机与vBRAS路由可达。 · 由一台已安装H3C iMC的公网服务器承担Portal认证服务器和Portal Web服务器的职责。图1 IPoE Web NAT功能典型配置举例组网图 3.2 配置思路设备配置IPoE Web认证。在IPoE Web配置基础上配置备份组和地址转换组。在ACL中匹配用户流量，同时设备开启NAT会话的备份统计功能，最后在认证前域配置私网地址类型，接口下开启NAT转换功能。 3.3 使用版本本举例是在vBRAS1000_H3C-CMW710-E1116-X64版本上进行配置和验证的。 3.4 配置注意事项 IPoE Web认证配置与Portal认证配置，有相互干扰部分，建议两者不要同时在同一接口下配置。 3.5 配置步骤 3.5.1 配置Portal Server 1. 配置Portal主页 (1) 单击导航树中[接入策略管理/Portal服务管理/服务器配置]菜单项，进入服务器配置页面。 (2) 配置Portal主页（采用缺省配置即可），单击<确定>按钮完成操作。图2 服务器配置页面 2. 增加Portal认证的地址组范围 (1) 单击导航树中[接入策略管理/Portal服务管理/IP地址组配置]菜单项，进入IP地址组配置页面。 (2) 单击<增加>按钮，进入增加IP地址组页面。 (3) 输入IP地址组名，输入起始地址11.0.0.2，终止地址11.0.255.254，类型选择NAT。。其余参数采用缺省配置。用户主机IP地址必须包含在该IP地址组范围内，设备配置的转换地址须包含在转换地址范围内。 (4) 单击<确定>按钮完成操作。图3 增加IP地址组页面 3. 增加Portal接入设备信息 (1) 单击导航树中[接入策略管理/Portal服务管理/设备配置]菜单项，进入设备配置页面。 (2) 单击<增加>按钮，进入增加设备信息页面。 (3) 输入设备名，输入IP地址100.100.1.3，该地址为与接入用户相连的设备接口IP地址。输入密钥123456，组网方式选择“直连”。其余参数采用缺省配置。 (4) 单击<确定>按钮完成操作。图4 增加设备信息页面 4. 增加端口组信息 (1) 单击导航树中[接入策略管理/Portal服务管理/设备配置]菜单项，进入设备配置页面。 (2) 在设备列表中，单击端口组信息管理图标，进入端口组信息配置页面。 (3) 单击<增加>按钮，进入增加端口组信息页面。 (4) 配置端口组信息相关参数后，单击<确定>按钮完成操作。图5 增加端口组信息页面 (5) 输入端口组名，选择IP地址组，用户接入网络时使用的IP地址必须属于所选的IP地址组。其余参数采用缺省配置。 (6) 单击<确定>按钮完成操作。 3.5.2 配置vBRAS # 配置IPoE WEB认证（配置过程略）。 # 创建备份组，并将节点加入备份组，其中slot1配置为主节点，slot2配置为备节点。 [vBRAS] failover group 1 [vBRAS-failover-group-1] bind slot 1 primary [vBRAS-failover-group-1] bind slot 2 secondary [vBRAS-failover-group-1] quit # 创建冗余组，并为其添加成员接口和备份组。 [vBRAS] redundancy group A_Wifi [vBRAS-redundancy-group-A_Wifi] member interface Reth2 [vBRAS-redundancy-group-A_Wifi] member interface Reth3 [vBRAS-redundancy-group-A_Wifi] member failover group 1 # 在冗余组A_Wifi下，创建冗余组节点1，并将其与主板绑定，成为主节点。 [vBRAS-redundancy-group-A_Wifi] node 1 [vBRAS-redundancy-group-A_Wifi-node-1] bind slot 1 [vBRAS-redundancy-group-A_Wifi-node-1] priority 100 [vBRAS-redundancy-group-A_Wifi-node-1] track 1 interface ten-gigabitethernet 1/5/0 [vBRAS-redundancy-group-A_Wifi-node-1] track 2 interface ten-gigabitethernet 1/6/0 [vBRAS-redundancy-group-A_Wifi-node-1] quit # 在冗余组A_Wifi下，创建冗余组节点2，并将其与备板绑定，成为备节点。 [vBRAS-redundancy-group-A_Wifi] node 2 [vBRAS-redundancy-group-A_Wifi-node-2] bind slot 2 [vBRAS-redundancy-group-A_Wifi-node-2] track 3 interface ten-gigabitethernet 2/5/0 [vBRAS-redundancy-group-A_Wifi-node-2] track 4 interface ten-gigabitethernet 2/6/0 [vBRAS-redundancy-group-A_Wifi-node-2] quit [vBRAS-redundancy-group-A_Wifi] quit # 创建地址组，并配置NAT地址组与备份组绑定，设置端口块范围，配置端口块大小，添加NAT转换地址成员。 [vBRAS] nat address-group 1 [vBRAS-address-group-1] failover-group 1 [vBRAS-address-group-1] port-range 1000 65535 [vBRAS-address-group-1] port-block block-size 200 [vBRAS-address-group-1] address 211.9.83.1 211.9.83.254 [vBRAS-address-group-1] quit # 配置ACL，匹配需转换的源IP地址。 [vBRAS] acl advanced 3000 [vBRAS-acl-ipv4-adv-3000] rule 0 permit ip source 11.0.0.0 0.0.255.255 [vBRAS-acl-ipv4-adv-3000] quit # 对匹配指定ACL中permit规则的业务，配置处理此业务的备份组。 [vBRAS] session service-location acl 3000 failover-group 1 # 开启会话统计功能和NAT动态端口块备份功能。 [vBRAS] session statistics enable # 开启NAT端口块备份功能。 [vBRAS] nat port-block synchronization enable # 配置认证前域地址类型为私网IPv4地址，URL地址参数增加用户的私网IP。 [vBRAS] domain name a-wifi_pre [vBRAS-a-wifi_pre] user-address-type private-ipv4 [vBRAS-a-wifi_pre] web-server url-parameter userip source-address [vBRAS-a-wifi_pre] quit # 创建以太网冗余接口3，并配置出方向动态地址转换。 [vBRAS] interface reth 3 [vBRAS-Reth3] nat outbound 3000 address-group 1 3.6 验证配置 # 在vBRAS查看用户状态，用户处于认证前域，详细信息中包含分配的私网IP地址、转换后的公网IP地址以及端口块。 <vBRAS> display ip subscriber session verbose Basic: Description : - Username : admin Domain : a-wifi_pre VPN instance : N/A IP address : 11.0.89.53 User address type : private-ipv4 MAC address : 000c-2956-4dcc Service-VLAN/Customer-VLAN : -/- Access interface : Vsi1 User ID : 0x38200186 VPI/VCI(for ATM) : -/- VSI Index : 0 VSI link ID : 83886080 VXLAN ID : 1002 DNS servers : 27.27.27.200 IPv6 DNS servers : N/A DHCP lease : 86400 sec DHCP remain lease : N/A Access time : Apr 2 15:10:32 2018 Online time(hh:mm:ss) : 00:00:26 Service node : Slot 1 CPU 0 Authentication type : Web pre-auth IPv4 access type : DHCP IPv4 detect state : N/A State : Online AAA: ITA policy name : N/A IP pool : a-wifi_pre IPv6 pool : N/A Primary DNS server : N/A Secondary DNS server : N/A Primary IPv6 DNS server : N/A Secondary IPv6 DNS server : N/A Session idle cut : N/A Session duration : 111 sec, remaining: N/A Traffic quota : N/A Traffic remained : N/A Acct start-fail action : Online Acct update-fail action : Online Acct quota-out action : Offline Dual-stack accounting mode : Merge Max IPv4 multicast addresses: 4 IPv4 multicast address list : N/A Max IPv6 multicast addresses: 4 IPv6 multicast address list : N/A Accounting start time : Apr 2 15:10:32 2018 Redirect URL : :8080/portal QoS: User profile : N/A Session group profile : N/A User group ACL : a-wifi (active) Inbound CAR : N/A Outbound CAR : N/A Inbound user priority : N/A Outbound user priority : N/A NAT: Global IP address : 211.9.86.224 Port block : 10000-10999 Flow statistic: Uplink packets/bytes : 15/780 Downlink packets/bytes : 0/0 IPv6 uplink packets/bytes : 0/0 IPv6 downlink packets/bytes : 0/0 # 查看用户生成的动态端口块表项 <vBRAS>display nat port-block dynamic Slot 1: Local VPN Local IP Global IP Port block Connections Extend --- 11.0.89.53 211.9.86.224 11000-11999 1 --- Total mappings found: 1 Slot 2: Local VPN Local IP Global IP Port block Connections Extend --- 11.0.89.53 211.9.86.224 11000-11999 1 --- Total mappings found: 1 # 登录Web界面，输入任意IP地址，重定向至iMC Portal登录页面，如下图所示。图6 iMC Portal登录页面 # 用户认证通过后，执行以下命令查看详细信息。详细信息中包含分配的私网IP地址、转换后的公网IP地址以及端口块。 <vBRAS>display ip subscriber session verbose Basic: Description : - Username : admin Domain : a-wifi VPN instance : N/A IP address : 11.0.89.53 User address type : private-ipv4 MAC address : 000c-2956-4dcc Service-VLAN/Customer-VLAN : -/- Access interface : Vsi1 User ID : 0x38200188 VPI/VCI(for ATM) : -/- VSI Index : 0 VSI link ID : 83886080 VXLAN ID : 1002 DNS servers : 27.27.27.200 IPv6 DNS servers : N/A DHCP lease : 86400 sec DHCP remain lease : N/A Access time : Apr 2 15:14:27 2018 Online time(hh:mm:ss) : 00:00:08 Service node : Slot 1 CPU 0 Authentication type : Web IPv4 access type : DHCP IPv4 detect state : N/A State : Online AAA: ITA policy name : N/A IP pool : a-wifi_pre IPv6 pool : N/A Primary DNS server : N/A Secondary DNS server : N/A Primary IPv6 DNS server : N/A Secondary IPv6 DNS server : N/A Session idle cut : 60 sec, 10240 bytes, direction:Both Session duration : 86400 sec, remaining: N/A Traffic quota : N/A Traffic remained : N/A Acct start-fail action : Online Acct update-fail action : Online Acct quota-out action : Offline Dual-stack accounting mode : Merge Max IPv4 multicast addresses: 4 IPv4 multicast address list : N/A Max IPv6 multicast addresses: 4 IPv6 multicast address list : N/A Accounting start time : Apr 2 15:16:10 2018 QoS: User profile : N/A Session group profile : N/A User group ACL : N/A Inbound CAR : N/A Outbound CAR : N/A Inbound user priority : N/A Outbound user priority : N/A NAT: Global IP address : 211.9.86.224 Port block : 12000-12999 Flow statistic: Uplink packets/bytes : 2683/139706 Downlink packets/bytes : 0/0 IPv6 uplink packets/bytes : 0/0 IPv6 downlink packets/bytes : 0/0 # 输入用户名admin，密码123456，提示用户上线成功，IPoE会话显示用户已经上线。图7 用户上线成功页面 3.7 配置文件 vBRAS的配置文件如下： # sysname vBRAS # failover group 1 bind slot 1 primary bind slot 2 secondary # telnet server enable # irf mac-address persistent always irf auto-update enable irf auto-merge enable irf domain 1016231237 irf member 1 priority 32 irf member 2 priority 31 # router id 100.100.1.2 # track 1 interface Ten-GigabitEthernet1/5/0 # track 2 interface Ten-GigabitEthernet1/6/0 # track 3 interface Ten-GigabitEthernet2/5/0 # track 4 interface Ten-GigabitEthernet2/6/0 # isis 100 cost-style wide network-entity 04.5090.0100.0100.0100.0088.00 # address-family ipv4 unicast # mpls lsr-id 100.100.1.2 # ppp flow-statistics frequency fast # ip fast-forwarding aging-time 60 # dhcp enable dhcp relay client-information record # lldp global enable # ip subscriber timer traffic 30000 # flow-interval 60 # password-recovery enable # vlan 1 # irf-port 1 port group interface GigabitEthernet1/3/0 type data port group interface GigabitEthernet1/4/0 type control # irf-port 2 port group interface GigabitEthernet2/3/0 type data port group interface GigabitEthernet2/4/0 type control # traffic classifier 31 operator and if-match acl 3899 # traffic classifier a-wifi_deny operator and if-match acl 3528 # traffic classifier a-wifi_http operator and if-match acl 3526 # traffic classifier a-wifi_https operator and if-match acl 3527 # traffic classifier a-wifi_out operator and if-match acl 3529 # traffic classifier a-wifi_permit operator and if-match acl 3525 # traffic classifier tetong operator and if-match acl 3999 # traffic classifier web_deny operator and # traffic behavior a-wifi_deny filter deny # traffic behavior a-wifi_http redirect http-to-cpu # traffic behavior a-wifi_https redirect https-to-cpu # traffic behavior a-wifi_out filter permit # traffic behavior a-wifi_permit filter permit # traffic behavior tetong remark qos-local-id 3999 # traffic behavior web_deny # qos policy a-wifi classifier a-wifi_permit behavior a-wifi_permit classifier a-wifi_http behavior a-wifi_http classifier a-wifi_https behavior a-wifi_https classifier a-wifi_deny behavior a-wifi_deny # qos policy out classifier a-wifi_out behavior a-wifi_out classifier a-wifi_deny behavior a-wifi_deny # qos policy tetong classifier tetong behavior tetong # qos policy web # dhcp server ip-pool a-wifi_pre gateway-list 11.0.0.1 export-route network 11.0.0.0 mask 255.255.0.0 export-route address range 11.0.0.2 11.0.255.254 dns-list 27.27.27.200 # policy-based-route tetong permit node 3999 if-match qos-local-id 3999 apply next-hop 5.1.1.1 apply next-hop 29.29.0.2 # nqa entry 1 1 type icmp-echo destination ip 28.28.28.100 frequency 500 history-record enable history-record number 10 probe count 3 probe timeout 500 reaction 1 checked-element probe-fail threshold-type consecutive 3 action-type trigger-only # nqa schedule 1 1 start-time now lifetime forever # mpls ldp # l2vpn enable l2vpn statistics interval 60 # vsi a-wifi gateway vsi-interface 1 vxlan 1002 tunnel 0 # interface Reth1 ip address 172.16.17.88 255.255.255.0 member interface GigabitEthernet1/1/0 priority 32 member interface GigabitEthernet2/1/0 priority 31 # interface Reth2 description downlink mtu 2000 ip address 100.100.100.2 255.255.255.0 member interface Ten-GigabitEthernet1/5/0.1000 priority 101 member interface Ten-GigabitEthernet2/5/0.1000 priority 100 # interface Reth3 description uplink ip address 200.200.200.2 255.255.255.0 isis enable 100 isis circuit-level level-2 isis circuit-type p2p isis small-hello mpls enable mpls ldp enable member interface Ten-GigabitEthernet1/6/0.2000 priority 101 member interface Ten-GigabitEthernet2/6/0.2000 priority 100 nat outbound 3000 address-group 1 mad arp enable # interface Reth255 ip address 5.1.1.25 255.255.255.0 member interface Ten-GigabitEthernet1/5/0.50 priority 99 member interface Ten-GigabitEthernet2/5/0.50 priority 100 # interface Virtual-Template1 ppp authentication-mode pap domain ppp ppp account-statistics enable # interface Virtual-Template11 ppp authentication-mode pap domain ppp # interface NULL0 # interface LoopBack1 ip address 100.100.1.1 255.255.255.255 # interface LoopBack2 description LoopBack ip address 100.100.1.2 255.255.255.255 isis enable 100 # interface LoopBack3 ip address 100.100.1.3 255.255.255.255 isis enable 100 # interface GigabitEthernet1/1/0 ip address dhcp-alloc # interface GigabitEthernet1/2/0 # interface GigabitEthernet1/3/0 # interface GigabitEthernet1/4/0 # interface GigabitEthernet2/1/0 # interface GigabitEthernet2/2/0 # interface GigabitEthernet2/3/0 # interface GigabitEthernet2/4/0 # interface Ten-GigabitEthernet1/5/0 mtu 2000 ip address dhcp-alloc # interface Ten-GigabitEthernet1/5/0.50 vlan-type dot1q vid 50 # interface Ten-GigabitEthernet1/5/0.1000 vlan-type dot1q vid 1000 # interface Ten-GigabitEthernet1/6/0 ip address dhcp-alloc # interface Ten-GigabitEthernet1/6/0.2000 vlan-type dot1q vid 2000 # interface Ten-GigabitEthernet2/5/0 # interface Ten-GigabitEthernet2/5/0.50 vlan-type dot1q vid 50 # interface Ten-GigabitEthernet2/5/0.1000 vlan-type dot1q vid 1000 # interface Ten-GigabitEthernet2/6/0 # interface Ten-GigabitEthernet2/6/0.2000 vlan-type dot1q vid 2000 # interface Vsi-interface1 ip policy-based-route tetong portal bas-ip 100.100.1.3 portal apply mac-trigger-server mts ip subscriber l2-connected enable ip subscriber initiator dhcp enable ip subscriber initiator unclassified-ip enable ip subscriber timer quiet 120 undo ip subscriber user-detect ip ip subscriber authentication-method web ip subscriber roaming enable ip subscriber password ciphertext $c$3$XSv6wTRQGTLHWDzfCsGEQ+G536Q3T5R9bg== ip subscriber unclassified-ip domain a-wifi_pre ip subscriber pre-auth domain a-wifi_pre ip subscriber username string admin ip subscriber pre-auth track 11 fail-permit user-group fail # interface Vsi-interface2 ip subscriber l2-connected enable ip subscriber initiator dhcp enable ip subscriber initiator unclassified-ip enable ip subscriber roaming enable ip subscriber password ciphertext $c$3$XSv6wTRQGTLHWDzfCsGEQ+G536Q3T5R9bg== ip subscriber dhcp domain a-wifi_pre # interface Tunnel0 mode vxlan source 100.100.1.1 destination 31.31.31.31 # bgp 65009 router-id 100.100.1.2 # address-family ipv4 unicast network 11.0.0.0 255.255.0.0 network 211.9.80.0 255.255.240.0 # address-family vpnv4 # ip vpn-instance vrf1 # address-family ipv4 unicast import-route direct import-route static # scheduler logfile size 16 # line class aux user-role network-operator # line class console user-role network-admin # line class vty user-role network-operator # line aux 0 1 user-role network-operator # line con 0 1 user-role network-admin # line vty 0 63 authentication-mode none user-role network-admin user-role network-operator idle-timeout 0 0 # ip route-static 11.0.0.0 16 NULL0 preference 180 description Blackhole-Route ip route-static 31.31.31.31 32 100.100.100.1 ip route-static 172.16.0.0 16 172.16.17.1 ip route-static 211.9.80.0 20 NULL0 preference 180 description Blackhole-Route # mad exclude interface GigabitEthernet1/1/0 # snmp-agent snmp-agent local-engineid 800063A280FA163E07CF5200000001 snmp-agent community write private snmp-agent community read public snmp-agent sys-info version all # ssh server enable ssh user root service-type all authentication-type password # undo arp resolving-route enable arp source-mac aging-time 60 # qos apply policy a-wifi global inbound qos apply policy out global outbound # redundancy group A_Wifi preempt-delay 5 member interface Reth2 member interface Reth3 member failover group 1 node 1 bind slot 1 priority 100 track 1 interface Ten-GigabitEthernet1/5/0 track 2 interface Ten-GigabitEthernet1/6/0 node 2 bind slot 2 track 3 interface Ten-GigabitEthernet2/5/0 track 4 interface Ten-GigabitEthernet2/6/0 # acl advanced 3000 rule 0 permit ip source 11.0.0.0 0.0.255.255 # acl advanced 3099 rule 0 permit ip destination 29.29.0.1 0 user-group a-wifi rule 5 permit ip source 29.29.0.1 0 user-group a-wifi # acl advanced 3525 rule 0 permit ip destination 28.28.28.100 0 user-group a-wifi rule 1 permit ip destination 27.27.27.200 0 user-group a-wifi rule 5 permit ip vpn-instance vrf1 destination 28.28.28.100 0 user-group a-wifi rule 10 permit ip user-group fail # acl advanced 3526 rule 0 permit tcp destination-port eq www user-group a-wifi rule 5 permit tcp vpn-instance vrf1 destination-port eq www user-group a-wifi # acl advanced 3527 rule 0 permit tcp destination-port eq 443 user-group a-wifi rule 5 permit tcp vpn-instance vrf1 destination-port eq 443 user-group a-wifi # acl advanced 3528 rule 0 permit ip user-group a-wifi rule 5 permit ip vpn-instance vrf1 user-group a-wifi # acl advanced 3529 rule 0 permit ip source 28.28.28.100 0 user-group a-wifi rule 1 permit ip source 27.27.27.200 0 user-group a-wifi rule 5 permit ip vpn-instance vrf1 source 28.28.28.100 0 user-group a-wifi # acl advanced 3899 rule 0 permit ip destination 100.100.1.1 0 # acl advanced 3999 description for_tetong_user rule 0 deny ip destination 28.28.28.100 0 rule 5 permit ip # user-profile free1 free-rule acl 3099 # user-profile ita qos car inbound any cir 10000 cbs 625000 ebs 0 qos car outbound any cir 10000 cbs 625000 ebs 0 qos apply policy ita inbound qos apply policy ita outbound # user-profile tetong qos apply policy tetong inbound # radius scheme aaa primary authentication 172.16.15.200 primary accounting 172.16.15.200 key authentication cipher $c$3$itzc+vpeFDkhR1RnKJUsmyT6XdbuSmdNbw== key accounting cipher $c$3$721n+GQFC7t0pV48LIXKz5+4cbrhop2I1w== timer realtime-accounting 2 user-name-format without-domain attribute 31 mac-format section three separator - lowercase username-authorization apply # radius scheme imc primary authentication 28.28.28.100 key cipher $c$3$VZu0tiAzF7dsNLte//lIN2qiTA5tQOwPrg== primary accounting 28.28.28.100 key cipher $c$3$sVaIfL3KQcnQth+As4Qdx6rbEmnK/QhY0w== user-name-format without-domain # radius scheme jsct primary authentication 28.28.28.100 primary accounting 28.28.28.100 key authentication cipher $c$3$5h3Z95wgcIYC6H1lWl+o8Sb/RQSZtP04Pg== key accounting cipher $c$3$LciZpm5DvPcpuDZgEoBFnEnAs9PF+8HzCA== timer realtime-accounting 3 user-name-format without-domain nas-ip 100.100.1.3 # radius dynamic-author server client ip 172.16.15.200 key cipher $c$3$aa50yCTQvxx6DzUQl2ePmLhY6TK1IqC7vg== # domain name a-wifi state block time-range offline state block time-range name a-wifi-online authorization-attribute idle-cut 1 nas-id domain-a-wifi authentication ipoe radius-scheme jsct authorization ipoe radius-scheme jsct accounting ipoe radius-scheme jsct # domain name a-wifi_pre authorization-attribute user-group a-wifi authorization-attribute ip-pool a-wifi_pre authorization-attribute session-timeout 111 service-type stb session-time include-idle-time nas-id h3c/vbras:a-wifi_pre authentication ipoe none authorization ipoe none accounting ipoe none user-address-type private-ipv4 web-server url :8080/portal web-server ip 28.28.28.100 web-server url-parameter userip source-address web-server url-parameter mac source-mac section 1 uppercase web-server url-parameter oriUrl original-url web-server url-parameter nas-id nas-id web-server url-parameter remote-id remote-id # domain name awifi authorization-attribute user-profile tetong authorization-attribute car inbound cir 4194303 outbound cir 4194303 pir 4194303 nas-id domain-a-wifi authentication ipoe radius-scheme aaa authorization ipoe radius-scheme aaa accounting ipoe radius-scheme aaa # domain name system # domain default enable a-wifi # role name level-0 description Predefined level-0 role # role name level-1 description Predefined level-1 role # role name level-2 description Predefined level-2 role # role name level-3 description Predefined level-3 role # role name level-4 description Predefined level-4 role # role name level-5 description Predefined level-5 role # role name level-6 description Predefined level-6 role # role name level-7 description Predefined level-7 role # role name level-8 description Predefined level-8 role # role name level-9 description Predefined level-9 role # role name level-10 description Predefined level-10 role # role name level-11 description Predefined level-11 role # role name level-12 description Predefined level-12 role # role name level-13 description Predefined level-13 role # role name level-14 description Predefined level-14 role # user-group a-wifi # user-group fail # user-group system # local-user root class manage password hash $h$6$zR1H0VQKmsPSrlki$QB3JtZ08KMBi8Gv85yP7uFPqnoF5l0biJjfApRvDod6fdejdI6o1vtjhSLvhfMsge/GBT+FZjAfbkkuQo307wg== service-type ftp service-type ssh telnet http https authorization-attribute user-role network-admin # local-user ip class network authorization-attribute user-role network-operator # local-user ipoe class network password cipher $c$3$FD4eC+mzM7K89XgqLWUievRGDyg11cfiqw== service-type ipoe authorization-attribute session-timeout 111 authorization-attribute user-role network-operator # ftp server enable # session service-location acl 3000 failover-group 1 session service-location acl 3001 failover-group 1 session statistics enable session synchronization enable session synchronization dns http # nat port-block synchronization enable # nat address-group 1 failover-group 1 port-range 1000 65535 port-block block-size 1000 extended-block-number 2 address 211.9.83.1 211.9.83.254 # portal server A-wifi ip 28.28.28.100 key cipher $c$3$jlIVq1QmzD/7Ym8rm9WdCnVeYtViHM0BFA== # portal mac-trigger-server mts ip 28.28.28.100 binding-retry interval 3 aging-time 100 # netconf soap http enable netconf soap https enable # http-redirect https-port 6000 # return 4 相关资料 · H3C vBRAS系列虚拟宽带远程接入服务器 ?classID=103&fileID=165210配置指导 · H3C vBRAS系列虚拟宽带远程接入服务器 ?classID=103&fileID=165210命令参考

Cartesi 中文站

H3C vBRAS典型配置案例集