Got it
Huawei Enterprise Support Community
Community Forums Routing & Switching
Configuring PBR to a PPPo...

Configuring PBR to a PPPoE user

Created: Aug 7, 2019 05:19:24Latest reply: Nov 19, 2019 01:44:39 5348 25 27 0 6
  Rewarded HiCoins: 0 (problem resolved)
View the author 1#

Hi there, everybody!


This post enquires about configuring PBR to a PPPoE user. Please see more details below.


ISSUE DESCRIPTION


Is it possible to configure a PBR on a NE20 with the PPPoE function without the necessity to send a Radius Parameter HW-Policy-route?


Huawei NE20


On Cisco and Juniper routers, we have a option to configure a policy route and put on a profile to apply to users, but on Huawei I can't find this option.


If possible, can you share an example with us of configuring PBR to a PPPoE user? Thanks!

NE20EBRASPPPoEpbr

Like (27) Dislike (0) Favorite(6) Share Report
Previous: Bgp attributes
Next: I would buy a router with SIM Card slot
Featured Answers

Best answer

Recommended answer

(5) (0)
Popeye_Wang
Admin Created Aug 15, 2019 06:34:51

Hi there!


I have consulted with R&D and confirmed that it is currently impossible to redirect BAS users based on source/destination addresses through PBR on the NE. 

We have submitted this requirement to the R&D department. I hope this function will be implemented in the next version or patch.
View more
  • x
  • convention:
(1) (0)
from 22#
LuizPuppin
LuizPuppin HCIE Author Created Aug 15, 2019 14:48:21

@Popeye_Wang could you send to me any news when you receive? I have a group with more than 1300 Huawei Network admins of Brazilian ISP Market and I can send to them all news that I receive.
View more
  • x
  • convention:
All Answers
(0) (0)
2#
LuizPuppin
LuizPuppin HCIE Author Created Aug 7, 2019 05:32:38

To be more specific, I need a possibility to configure a PBR but need to include some exceptions with ACL. This is possible in Juniper and Cisco, but on Huawei I saw on HedEx that to PPPoE clients the only ACL possible is to match MAC Address, not IP.
View more
  • x
  • convention:
(0) (0)
3#
chenhui
chenhui Admin Created Aug 7, 2019 07:07:04

Posted by LuizPuppin at 2019-08-07 05:32 To be more specific, I need a possibility to configure a PBR but need to include some exceptions wit ...
I'm not sure what's your meaning, maybe you can give an example about what you wanna do.
View more
  • x
  • convention:
(0) (0)
4#
EliasK
EliasK Created Aug 7, 2019 11:23:10

Hello, i have the same problem...
View more
  • x
  • convention:
(0) (0)
5#
ebelotto
ebelotto Created Aug 7, 2019 11:57:43

We have similar situations that bring a heavy reliance on administrative systems for ISPs because of the imperativeness of having Radius server attributes or the use of UCL ACLs. I believe that being able to keep controls isonically on the NE20s or NE40s would be a big step towards increasing utilization of these devices rather than moving to Juniper or Cisco.
View more
  • x
  • convention:
(0) (0)
6#
jocthbr
jocthbr Created Aug 7, 2019 15:43:34

I'm facing the same problem here. I'm making the PBR outsite the NE box, because it can't do inside without a radius parameter.
View more
  • x
  • convention:
(0) (0)
7#
LuizPuppin
LuizPuppin HCIE Author Created Aug 8, 2019 03:27:20

Posted by chenhui at 2019-08-06 20:07 I'm not sure what's your meaning, maybe you can give an example about what you wanna do.
@chenhui,

We need a possible to configure L3 Policies to PPPoE clients, like is possible on CISCO ASR ande JUNIPER MX. See examples on this two plataforms:

JUNIPER:
This policy is applied to all connected PPPoE users via connection template and do directions based on some conditions:

firewall {
family inet {
filter "$filter-up" {
interface-specific;
term protege-gerencia {
from {
protocol tcp;
destination-port [ 7722 7780 8728 8291 8729 ];
}
then {
discard;
}
}
term CDNs {
from {
destination-address {
186.xxx.yyy.192/26;
186.xxx.yyy.240/28;
186.xxx.yyy.0/26;
186.xxx.yyy.0/30;
186.xxx.yyy.4/30;
}
source-prefix-list {
pl-CGNAT;
}
}
then {
policer "$shaper-up";
accept;
}
}
term accept-pbr {
from {
source-prefix-list {
pl-CGNAT;
}
}
then {
policer "$shaper-up";
routing-instance VRF_CGNAT;
}
}
term accept-instala {
from {
source-prefix-list {
pl-AGUARD_INSTA;
}
}
then {
policer "$shaper-up";
routing-instance VRF_BLOQUEADO;
}
}
term accept-bloqueado {
from {
source-prefix-list {
pl-BLOQUEADO;
}
}
then {
policer "$shaper-up";
routing-instance VRF_BLOQUEADO;
}
}
term accept {
then {
policer "$shaper-up";
accept;
}
}
}
filter "$filter-down" {
interface-specific;
term accept {
then {
policer "$shaper-down";
service-filter-hit;
accept;
}
}
}
}

CISCO ASR9K
This policy do the redirect of CGNAT traffic and is applied to a Dynamic Profile to each PPPoE user:

policy-map type pbr CGNAT-POLICY
class type traffic CGNAT
redirect ipv4 nexthop 172.29.5.62
!
class type traffic class-default
transmit
!
end-policy-map
!
View more
  • x
  • convention:
(0) (0)
8#
chenhui
chenhui Admin Created Aug 8, 2019 07:26:41

Posted by LuizPuppin at 2019-08-08 03:27 @chenhui,We need a possible to configure L3 Policies to PPPoE clients, like is possible on CISCO A ...
from the Cisco configuration, it seems that you are trying to redirect the PPPoE users' traffic?
View more
  • x
  • convention:
(0) (0)
9#
rganacim
rganacim Created Aug 8, 2019 08:18:35

Posted by chenhui at 2019-08-08 07:26 from the Cisco configuration, it seems that you are trying to redirect the PPPoE users' traffic?
Hello @chenhui,

I have the same issue. I want to redirect PPPoE users to a CGNAT box, just like we do with Cisco/Juniper, based on ACL (some hosts or destinations are redirected), without using radius attribute for the policy route (that redirects ALL the traffic).
View more
  • x
  • convention:
(0) (0)
10#
Provesi
Provesi Created Aug 8, 2019 21:23:46

Hello,

I have the same issue. I want to redirect PPPoE users to a CGNAT box, just like we do with Cisco/Juniper, based on ACL (some hosts or destinations are redirected), without using radius attribute for the policy route (that redirects ALL the traffic).
View more
  • x
  • convention:
123
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.