8. 广西电信E320业务配置介绍

8.广西电信E320现有业务配置介绍广西电信E320现有业务配置介绍广西电信E320上业务应用，比四川电信、重庆电信E320的业务应用要多，业务配置类型也比较新，比如采用了lag端口聚合、动态vlan分配、DSI方式生成DHCP子接口、不同业务不同VR等应用方式，所以熟悉业务配置、了解配置特点就很重要。1、普通pppoe用户1.1、pppoe原理图DSLModemtim@isp1.comISP2ISP1ISP2MAC=XMAC=AEtherType=0x8864DAMAC=XSAMAC=APhysicalPPPoEHeaderSessionID=0x123PPPHeaderDAIP=2.2.2.2SAIP=1.1.1.2RFC2516:GeneralframeformatPCrequirementsPPPoE两个阶段:DiscoverystagePPPsessionstage广西电信E320现有业务配置介绍PADIPADOPADRPADSLCPrequestLCPack期间LCPIdentiticationPppPAPPppPAPIPIPCPrequestIPIPCPrejectIPIPCPNAKIPIPCPACK该阶段分配ip地址IPV6请求被拒绝Pppoe过程LCP阶段1.2、完整pppoe用户拨号过程图广西电信E320现有业务配置介绍1.3、广西电信普通pppoe配置介绍首先，定义profile。profilepppoe-svlanvlanauto-configurepppoelockout-timenonesvlanethertype8100vlanprofilepppoepppoe-svlan-base!profilepppoe-svlan-baseipunnumberedloopback0ipsa-validatepppauthenticationpappppoesessions250pppoemtu1434!●单vlan用户，不需要配置svlanethertype8100，新建profile●ipsa配置防止用户端的伪地址攻击●子接口最大session数设置为250，不设置，则采用限制最大session数端口配置interfacelagT64G-1-EthTrunk1member-interfaceGigabitEthernet0/0/2ethernetdescriptionWangGuanVlan16-TO-SCL-T64Gencapsulationvlanauto-configurevlanprofilevlanbulk-configsvlanpppoe-svlanvlanbulk-configsvlansvlan-range50503040vlanbulk-configsvlansvlan-range180019481002022vlanbulk-configsvlansvlan-range195119601002022vlanbulk-configsvlansvlan-range2600289927002799●端口为lag聚合端口●auto-configurevlan设置vlan的自动感应●调用了名称为pppoe-svlan的profile广西电信E320现有业务配置介绍profilepppoe-autoipunnumberedloopback0ipsa-validateIppolicysecondary-inputUser_Local_Inputpppauthenticationpapchappppoesessions5！profileatm-autoatmatm1483auto-configurepppoelockout-timenoneatmpvcaal5snapatmatm1483profilepppoepppoe-auto!●ATM拨号的profile定义interfaceatm4/0/4atmsonetstm-1atmclockinternalchassisatmoamflushatmbulk-configATM-DSLAMatmbulk-configATM-DSLAMvc-range6632896atmbulk-configATM-DSLAMvc-range7732799profileatm1483bulk-config-nameATM-DSLAMatm-autoauto-configureatm1483●flush为discard掉接收到oam、其他cell●自动感应vc、vp广西电信E320现有业务配置介绍2、校园网业务配置模式2.1、新建一个校园网VRE320#conftE320(config）#vircampus2.2、定义profileprofilecampus-pppoeipunnumberedloopback0pppauthenticationvirtual-routercampuspappppkeepalive40pppoesessions250pppoemtu1460profilecampusvlanauto-configurepppoelockout-timenonevlanprofilepppoecampus-pppoe!●定义到VR”campus”认证●loopback0配置VR“campus”里面2.3、端口定义interfacelag3member-interfaceGigabitEthernet0/0/2member-interfaceGigabitEthernet0/1/2encapsulationvlanauto-configurevlanvlanbulk-configpppoe-vlanprofilevlanbulk-configpppoe-vlancampusvlanbulk-configpppoe-vlanvlan-range10002467vlanbulk-configpppoe-vlanvlan-range24692510广西电信E320现有业务配置介绍3、L2TP业务配置介绍3.1、L2TP拓扑图RADIUSModemtyler@isp1.comhome1@isp2.comISP2RADIUSDSLRouterISP1PPPIPPPPIPL2TPTunnelsLACLNSLNSRADIUS●LAC▲物理链路连接▲启动l2tp的tunnel和session●LNS▲位于L2TPtunnel的终端▲终结ppp的session▲管理用户的ip接口广西电信E320现有业务配置介绍3.2、L2TP用户拨号过程ISP2RADIUSdave@isp2.comRADIUSLACerx3lo0=3.3.3.1LNSerx1lo0=33.33.33.1LCPConfReqLCPConfReqLCPConfAckLCPConfAckInitialAuthenticationUser发起到LAC的PPP连接LAC作初始的认证，并确定:本地终结PPP会话或者将PPP会话导入到LNS的隧道隧道属性可以通过以下途径获得:AAAdomainmapRADIUS使用UDP端口1701作为目的端口源端口可以为任意J固定使用1701使用router-id作为LAC源IPStartControlConnectionRequest(SCCRQ)StartControlConnectionReply(SCCRP)StartControlConnectionConnected(SCCCN)Zero-LengthBody(ZLBACK)HelloHelloL2TPTunnelControlConnection广西电信E320现有业务配置介绍ISP2RADIUSRADIUSControlConnectionLACerx3lo0=3.3.3.1L2TPTunnelLNSerx1lo0=33.33.33.1Session(dave@isp2.com)dave@isp2.com1.1.1.2IncomingCallRequest(ICRQ)IncomingCallReply(ICRP)IncomingCallConnected(ICCN)Zero-LengthBodyACK(ZLB)UserAuthenticationCompletesNCPIPCPCompletes广西电信E320现有业务配置介绍3.3、L2TP在E320上实现方式●广西电信目前E320做为L2TP的LAC。●LNS不集中，不同VPDN建有不同LNS●有二种实现方式★采用AAAdomain-map方式，在E320配置LNS的tunnel信息aaadomain-mapfca1.gxauth-router-namedefaultip-router-namedefaultipv6-router-namedefaulttunnel3address202.103.230.146identificationgxfcadslclient-nameadslpasswordgxfcadsl★采用radius方式，E320不做任何配置，radius返回LNS各种信息。●identification表明tunnel的名称●LNS的ip地址、密码等。4、MPLS下各VRF业务配置介绍●广西电信采用BGP+OSPF协议实现MPLS业务E320#shconfcategoryip-protocolsvirtual-routerMPLS-VPNvirtual-routerMPLS-VPNiprouter-id218.65.148.34noipsource-route!access-listMyRIDpermitiphost218.65.148.34any!广西电信E320现有业务配置介绍routerbgp64646neighbor222.217.179.1remote-as64646neighbor222.217.179.1update-sourceloopback0neighbor222.217.179.2remote-as64646neighbor222.217.179.2update-sourceloopback0!address-familyvpnv4unicastneighbor222.217.179.1activateneighbor222.217.179.1send-communityneighbor222.217.179.1send-communityextendedneighbor222.217.179.2activateneighbor222.217.179.2send-communityneighbor222.217.179.2send-communityextendedexit-address-family!address-familyipv4unicastvrfCTVPN52476-GX_LAODONGTINGnosynchronizationnoauto-summaryredistributestaticredistributeconnectedexit-address-family!address-familyipv4unicastvrfCTVPN53031-GX_LIQUANnosynchronizationnoauto-summaryredistributestaticredistributeconnectedexit-address-familyrouterospf99router-id218.65.148.34!passive-interfaceloopback0address222.217.179.38area0.0.0.20address222.217.179.42area0.0.0.20!redistributestaticredistributeconnectedipvrfCTVPN52476-GX_LAODONGTINGrd4809:52476route-targe