Got it

How configure IPoe Brass in ME60

Created: Oct 4, 2018 11:29:29Latest reply: Nov 2, 2018 07:30:30 1801 5 0 0 1
  Rewarded HiCoins: 0 (problem resolved)
This post was last edited by atande at 2018-10-04 11:34.   We have the ME60 installed, we want to configure the IpoE Brass, I have already gone through several configuration options recommended in the documentation, I can’t understand what the problem is .. the interface seems to come up but no packets go through it, below is part of the ME configuration and the switch to the subscriber network.

[~BraSS]display current-configuration
!Software Version V800R009C10SPC200
#
dns resolve
dns server 192.168.11.1
#
vlan batch 11 15 23 36 39 78 to 79 95 to 99 111 120 150
vlan batch 180 182 190 210 to 211 1111
#
dhcp-server group abXX //(Radius server)
 dhcp-server 192.168.XX.136 
#
dhcp-server group XXX // (ISC-DHCP)
 dhcp-server 192.168.XX.1 
#
dot1x-template 1
#
user-group cerberus
undo telnet server enable
undo telnet ipv6 server enable
#
radius-server source interface Eth-Trunk1
radius-attribute framed-ip-address encapsulation-method version2
#
radius-server group rd2
 radius-server shared-key-cipher %^%#\S\pYG%[n(```L(\jRD9!Q'=>v5gEQR!6y1A}R45l#W~Tc7yI1DbDY+:hY4R%^%#   
 radius-server authentication 192.168.11.136 1812 weight 0
 radius-server accounting 192.168.11.136 1813 weight 0
#
#
soc
#

ip pool net33 bas remote //## ip pool for remoute DHCP(192.168.11.1) only NAT
 gateway 192.168.33.1 255.255.255.0
 dhcp-server group XXX
 dns-server 192.168.11.1
#

ip pool pool2 bas local //## ip pool for IPoE (Radius server 192.168.11.136)
 gateway 192.168.210.1 255.255.255.0
 section 0 192.168.210.10 192.168.210.200
 dns-server 195.XXX.XXX.50 195.XXX.XXX.135
#
ip pool vlan15 bas remote
 gateway 192.168.15.1 255.255.255.0
 dhcp-server group XXX
 dns-server 192.168.11.1
acl number 2000
 rule 5 permit source 192.168.11.0 0.0.0.255
#
acl number 3001 // ### ACL for NAT
 rule 5 permit ip source 192.168.210.0 0.0.0.255
 
 rule 25 permit ip source 192.168.15.0 0.0.0.255
 
#
traffic classifier classifier1 operator or
 if-match acl 3001
#
traffic behavior behavior1
 nat bind instance nat1
#
traffic policy policy1
 share-mode
 classifier classifier1 behavior behavior1 precedence 1
#
aaa
 protocol-statistics enable

 #
 authentication-scheme default0
  authentication-mode none
 #
 authentication-scheme default1
 #
 authentication-scheme default
  authentication-mode local radius
 #
 authentication-scheme auth2
 #
 authentication-scheme auth3
 #
 authorization-scheme default
 #
 accounting-scheme default0
 #
 accounting-scheme default1
 #
 accounting-scheme acct2
 #
 accounting-scheme acct3

 
 #
 domain cerber ## Domain for remoute DHCP
  authentication-scheme default0
  accounting-scheme default0
  ip-pool vlan15
 
  user-group cerberus bind nat instance nat1
 
 domain ipoe // Domain for  IPoE
  authentication-scheme auth3
  accounting-scheme acct3
  radius-server group rd2
  ip-pool pool2
#

interface Vlanif11 // Vlan  managment 
 ip address 192.168.11.XXX 255.255.255.0
 dhcp select relay
 ip relay address 192.168.11.1 // remoute DHCP server
#

#
interface Vlanif210
#
interface Vlanif1111 // Vlan for Nat
 ip address 11.11.11.30 255.255.255.252
 ip address 11.11.11.38 255.255.255.252 sub
 ip netstream inbound
 ip netstream outbound
#
interface Eth-Trunk1
 portswitch
 port trunk allow-pass vlan 11 1111
 mode lacp-static
 traffic-policy policy1 inbound vlan 1111
#
interface Eth-Trunk1.111 // BGP
 vlan-type dot1q 111
 ip address 195.XX.XX.156 255.255.255.192
#
interface Eth-Trunk1.210 // IPoE to user-side network
  user-vlan 210
 bas
 #
  access-type layer2-subscriber default-domain authentication ipoe
 #
#
          

#
interface Virtual-Template0
 ppp authentication-mode auto
#
interface GigabitEthernet0/0/0
 speed auto
 duplex auto
 shutdown
#
interface GigabitEthernet1/0/0
 undo shutdown
 eth-trunk 1
 undo dcn
#


network topologi:

accesses network(vlan210)--switch Nexus (vlan 11,210,111,1111)-ME60-X8- internet

config interface Nexus switch to ME:

interface port-channel6
  switchport mode trunk
  switchport trunk allowed vlan 11,111,210,1111

In switch:show mac address-table vlan 210Legend:
        * - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
        age - seconds since last seen,+ - primary entry using vPC Peer-Link,
        (T) - True, (F) - False, C - ControlPlane MAC
   VLAN     MAC Address      Type      age     Secure NTFY Ports
---------+-----------------+--------+---------+------+----+------------------
*  210     64d1.54a4.d792   dynamic  0         F      F    Po1 --interface to user-side network(access)
*  210     98de.d0f0.123f   dynamic  0         F      F    Po1
*  210     e84d.d0b6.1411   dynamic  0         F      F    Po1


but any packets and mac in interface ME....

[BraSS]display interface Eth-Trunk 1.210
Eth-Trunk1.210 current state : UP (ifindex: 57)
Line protocol current state : UP
Last line protocol up time : 2018-10-04 11:34+03:00
Link quality grade : GOOD
Description:
Route Port,Hash arithmetic : According to flow, Maximal BW: 10Gbps, Current BW: 10Gbps, The Maximum Transmit Unit is 1500
Internet Address is unnumbered, using address of NULL0(0.0.0.0/8)
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 2444-27b6-b868
Current system time: 2018-10-04 11:34+03:00
    Last 300 seconds input rate 0 bits/sec, 0 packets/sec
    Last 300 seconds output rate 0 bits/sec, 0 packets/sec
    Input: 0 packets,0 bytes
           0 unicast,0 broadcast,0 multicast
           0 errors,0 drops
    Output:0 packets,0 bytes
           0 unicast,0 broadcast,0 multicast
           0 errors,0 drops
    Last 300 seconds input utility rate:  0.00%
    Last 300 seconds output utility rate: 0.00%
----------------------------------------------------------
PortName                      Status              Weight  
----------------------------------------------------------
GigabitEthernet1/0/0          UP                  1       
----------------------------------------------------------
The Number of Ports in Trunk : 1
The Number of UP Ports in Trunk : 1

-BraSS]display bas-interface

  ---------------------------------------------------------------------------
   Interface                BASIF-access-type       config-state   access-number
  ---------------------------------------------------------------------------
   Eth-Trunk1.210           Layer2-subscriber       Updated        0
  ---------------------------------------------------------------------------
  Total 1 BASIF is configured

Perhaps someone has already encountered such a problem .. transferring Bas interface to Laer3 also doesn’t solve the problem of passing packets, and even if I pick up the bass interface on a separate physical МЕ port, do not take effect
  • x
  • convention:

Featured Answers
Skay
Created Nov 2, 2018 07:30:30

This post was last edited by Skay at 2018-11-05 07:20.

hi  atande , i checked your provide configuration , it seems normal . for detail issue , you can contact to me make a remote session help to solve this issue .

because we need to check some current status and do some debugging key information on the live device . get the error debugging information then provide the corresponding solution .

i hope i can help you solve this case .

View more
  • x
  • convention:

All Answers
Darsh
Darsh Created Oct 4, 2018 12:08:48

kindly check below steps :
ipoe-service-type
Function
The ipoe-service-type command configures a basic protocol stack for IPoE dual-stack users.

The undo ipoe-service-type command restores the default configuration.

By default, no protocol stack is configured for IPoE dual-stack users.

Format
ipoe-service-type { ipv4 | ipv6 }

undo ipoe-service-type

Parameters
None

Views
BAS interface view

Default Level
2: Configuration level

Task Name and Operations
Task Name Operations
bras-control write
Usage Guidelines
Usage Scenario

In cold standby scenarios, to implement load balancing among multiple BRASs, run the ipoe-service-type command to configure a basic protocol stack for IPoE dual-stack users.

Configuration Impact

If IPv4 is specified as the basic protocol stack for an IPoE dual-stack user, the device strictly checks whether the user is online from the IPv4 stack before allowing the user to go online from the IPv6 stack. If the user is offline from the IPv4 stack, the user is denied access from the IPv6 stack. Likewise, if IPv6 is specified as the basic protocol stack for an IPoE dual-stack user, the device allows the user to go online from IPv4 stack only after it detects that the user is online from the IPv6 stack.

Precautions

This command is supported only on the Admin VS.

This function is not supported for Layer 2 and Layer 3 leased line users.

Example
# Specify IPv4 as the basic protocol stack on the interface 2/0/0.

<HUAWEI> system-view
[~HUAWEI] interface GigabitEthernet 2/0/0
[~HUAWEI-GigabitEthernet2/0/0] bas
[~HUAWEI-GigabitEthernet2/0/0] ipoe-service-type ipv4
View more
  • x
  • convention:

atande
atande Created Oct 4, 2018 12:53:16

Applied but not yet helped solve the problem .. perhaps somewhere else something
View more
  • x
  • convention:

faysalji
faysalji Author Created Oct 5, 2018 04:33:01

Have you checked the configuration examples in the following docs to trace the fault?
http://support.huawei.com/enterprise/en/doc/EDOC0100504786?section=j008#dc_ne_cfg_013597
View more
  • x
  • convention:

atande
atande Created Oct 5, 2018 11:27:24

I read this documentation, but it refers to an older firmware version, we use the latest firmware version and the latest patch. The examples in this document did not help me ..
maybe something else

#
interface Eth-Trunk1.210
 ip address 10.111.210.2 255.255.255.0
 vlan-type dot1q 210 default
 bas
 #
  access-type layer3-subscriber default-domain authentication ipoe
  ipoe-service-type ipv4
 #
#


display interface Eth-Trunk1.210
Eth-Trunk1.210 current state : UP (ifindex: 57)
Line protocol current state : UP
Last line protocol up time : 2018-10-04 07:41+03:00
Link quality grade : GOOD
Description:
Route Port,Hash arithmetic : According to flow, Maximal BW: 10Gbps, Current BW: 10Gbps, The Maximum Transmit Unit is 1500
Internet Address is 10.111.210.2/24
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 2444-27b6-b868
Encapsulation dot1q Virtual LAN, The number of Vlan is 1, Vlan ID 210
Current system time: 2018-10-04 07:41+03:00
    Last 300 seconds input rate 0 bits/sec, 0 packets/sec
    Last 300 seconds output rate 0 bits/sec, 0 packets/sec
    Input: 0 packets,0 bytes
           0 unicast,0 broadcast,0 multicast
           0 errors,0 drops
    Output:0 packets,0 bytes
           0 unicast,0 broadcast,0 multicast
           0 errors,0 drops
    Last 300 seconds input utility rate:  0.00%
    Last 300 seconds output utility rate: 0.00%
----------------------------------------------------------
PortName                      Status              Weight  
----------------------------------------------------------
GigabitEthernet1/0/0          UP                  1       
----------------------------------------------------------
The Number of Ports in Trunk : 1
The Number of UP Ports in Trunk : 1

##display bas

  ---------------------------------------------------------------------------
   Interface                BASIF-access-type       config-state   access-number
  ---------------------------------------------------------------------------
   Eth-Trunk1.210           Layer3-subscriber       Updated        0
  ---------------------------------------------------------------------------
  Total 1 BASIF is configured

##display domain ipoe
  ------------------------------------------------------------------------------
  Domain-name                     : ipoe                           
  Domain-state                    : Active
  Authentication-scheme-name      : auth3
  Accounting-scheme-name          : acct3
  Authorization-scheme-name       : -
  Primary-DNS-IP-address          : -
  Second-DNS-IP-address           : -
  Primary-DNS-IPV6-address        : -
  Second-DNS-IPV6-address         : -
  Web-server-URL-parameter        : No
  Portal-server-URL-parameter     : No
  Primary-NBNS-IP-address         : -
  Second-NBNS-IP-address          : -
  Time-range                      : Disable
  Idle-cut direction              : Both
  Idle-data-attribute (time,flow) : 0, 60
  User detect interval            : 0s
  User detect retransmit times    : 0
  Install-BOD-Count               : 0
  Report-VSM-User-Count           : 0
  Value-added-service             : default
  User-access-limit               : 1045504
  Online-number                   : 0
  Web-IP-address                  : -
  Web-IPv6-address                : -
  Web-URL                         : -
  Web-auth-server                 : -
  Web-auth-state                  : -
  Web-server-mode                 : get
  Slave Web-IP-address            : -
  Slave Web-IPv6-address          : -
  Slave Web-URL                   : -
  Slave Web-auth-server           : -
  Slave Web-auth-state            : -
  Web-server identical-url        : Disable
  Portal-server-IP                : -
  Portal-URL                      : -
  Portal-force-times              : 2
  Portal-server identical-url     : Disable
  Service-policy(Portal)          : -
  Ds-lite IPv4 portal             : Disable
  PPPoE-user-URL                  : Disable
  AdminUser-priority              : 16
  IPUser-ReAuth-Time              : 300s
  mscg-name-portal-key            : -
  Portal-user-first-url-key       : -
  User-session-limit              : 4294967295
  Ancp auto qos adapt             : Disable
  L2TP-group-name                 : -
  User-lease-time-no-response     : 0s
  RADIUS-server-template          : rd2
  Two-acct-template               : -
  RADIUS-server-pre-template      : -
                                    -
                                    -
  HWTACACS-server-template        : -
  Bill Flow                       : Disable
  Tunnel-acct-2867                : Disable
  Qos-profile-name inbound        : -
  Qos-profile-name outbound       : -

  Flow Statistic:
  Flow-Statistic-Up               : Yes
  Flow-Statistic-Down             : Yes
  Source-IP-route                 : Disable
  IP-warning-threshold            : -
  IP-warning-threshold(Low)       : -
  IPv6-warning-threshold          : -
  IPv6-warning-threshold(Low)     : -
  Multicast Forwarding            : Yes
  Multicast Virtual               : No
  Max-multilist num               : 4
  Multicast-profile               : -
  Multicast-profile ipv6          : -
  Multicast-policy                : -
  Multicast-bandwidth             : -
  Multicast-bandwidth-level-1     : -
  IP-address-pool-name            : pool2
  Quota-out                       : Offline
  Service-type                    : -
  User-basic-service-ip-type      : -/-/-
  PPP-ipv6-address-protocol       : Ndra
  IPv6-information-protocol       : Stateless dhcpv6
  IPv6-PPP-assign-interfaceid     : Disable
  IPv6-PPP-NDRA-halt              : Disable
  IPv6-PPP-NDRA-unicast           : Disable
  Trigger-packet-wait-delay       : 60s
  Peer-backup                     : Enable
  Reallocate-ip-address           : Disable
  Cui  enable                     : Disable
  Igmp enable                     : Enable
  L2tp-user radius-force          : Disable
  Accounting dual-stack           : Separate
  Radius server domain-annex      : -
  Dhcp-option64-service           : Disable
  Parse-separator                 : -
  Parse-segment-value             : -
  Dhcp-receive-server-packet      : -
  Http-hostcar                    : Disable
  Public-address assign-first     : Disable
  Public-address nat              : Enable
  Dhcp-user auto-save             : Disable
  IP-pool usage-status threshold  : 255 , 255
  Select-Pool-Rule                : gateway + local priority
  AFTR name                       : -
  Traffic-rate-mode               : Separate
  Traffic-statistic-mode          : Separate
  Rate-limit-mode-inbound         : Car
  Rate-limit-mode-outbound        : Car
  Service-change-mode             : Stop-start
  DAA Direction                   : both
  Session Volumequota apply direction: both
  Soap-server group               : -
  Nas logic-sysname               : -
  Multicast-flow separate(L2tp)   : No
  Accounting exclude-type vlan    : -/-
  Framed-ip urpf                  : Enable
  Local backup                    : Enable
  DAA start accounting merge      : disable
  DAA stop accounting merge       : disable
  DAA interim accounting merge    : disable
  DAA merged interim accounting interval(minute) : --
  DAA merged interim accounting hash  : disable
  EDSG stop accounting merge      : disable
  EDSG interim accounting merge   : disable
  EDSG merged interim accounting interval(minute): --
  EDSG merged interim accounting hash : disable
  Stop dropped flow direction     : -
  Interval dropped flow direction : -
  Edsg family-schedule inbound    : Disable
  Edsg family-schedule outbound   : Disable
  Layer2 IPoE ip-pool select-mode : Local
  Layer2 PPPoE ip-pool select-mode: Local
  ------------------------------------------------------------------------------

###display access-user
  ------------------------------------------------------------------------------
  Total users                        : 1
  IPv4 users                         : 0
  IPv6 users                         : 0
  Dual-Stack users                   : 0
  Lac users                          : 0
  RUI local users                    : 0
  RUI remote users                   : 0
  Wait authen-ack                    : 0
  Authentication success             : 1
  Accounting ready                   : 1
  Accounting state                   : 0
  Wait leaving-flow-query            : 0
  Wait accounting-start              : 0
  Wait accounting-stop               : 0
  Wait authorization-client          : 0
  Wait authorization-server          : 0
  ------------------------------------------------------------------------------
  Domain-name                        Online-user
  ------------------------------------------------------------------------------
  default0                           : 0                                   
  default1                           : 0                                   
  default_admin                      : 1                                   
                                   
  ipoe                               : 0                                   
  ------------------------------------------------------------------------------
  The used CID table are             :
  528443
  ------------------------------------------------------------------------------
###
I don’t want to roll back to an older firmware at all, because in the current configuration, both NAT and OSPF, BGP work, they work without problems, but this IPOE doesn’t want to run

View more
  • x
  • convention:

Skay
Skay Created Nov 2, 2018 07:30:30

This post was last edited by Skay at 2018-11-05 07:20.

hi  atande , i checked your provide configuration , it seems normal . for detail issue , you can contact to me make a remote session help to solve this issue .

because we need to check some current status and do some debugging key information on the live device . get the error debugging information then provide the corresponding solution .

i hope i can help you solve this case .

View more
  • x
  • convention:

Comment

You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.
Information Protection Guide
Thanks for using Huawei Enterprise Support Community! We will help you learn how we collect, use, store and share your personal information and the rights you have in accordance with Privacy Policy and User Agreement.