Got it
Huawei Enterprise Support Community
Community Forums Routing & Switching
[NE Configuration Cases i...

[NE Configuration Cases in Education Scenarios] Configuring Web, PPPoE, and Static Access Modes on the same network

Latest reply: Nov 6, 2021 08:11:48 1978 38 22 0 4
View the author 1#

This section provides an example for configuring web, PPPoE, and static access modes on the same network.

Applicable Products and Versions

This configuration example applies to NE40E/ME60 series products running V600R008C10 or later.

Networking Requirements

On the network shown in Figure 1-11, we can configure web, PPPoE, and static access modes. The configurations include:

  • Configure web access to allow a user to access the network. After the user goes online, the user information can be viewed on the device, and user charging information is generated on a RADIUS server.

  • Configure PPPoE access to allow a user to access the network. After the user goes online, the user information can be viewed on the device, and user charging information is generated on a RADIUS server.

  • Configure static access to allow a user to access the network. After the user goes online, the user information can be viewed on the device, and user charging information is generated on a RADIUS server.

Figure 1-11  Configuring web, PPPoE, and static access modes on the same network 
imgDownload?uuid=385c4988575849698787b63
Table 1-23  Data Preparation

Device

Item

Data

Device

IP address of the RADIUS authentication server

172.16.45.220

Gateway IP address

10.0.0.1

IP address of the web authentication server

192.168.10.2

IP address of the portal server

192.168.10.2

Configuration Roadmap

  1. Configure web authentication.

  2. Configure PPPoE access.

  3. Configure static access.

Procedure

  1. Configure web access.

    # 
//Configure a RADIUS server.
radius-server group radius
 radius-server authentication 172.16.45.220 1812 weight 0
 radius-server accounting 172.16.45.220 1813 weight 0
radius-server shared-key Huawei
#
//Configure an address pool.
ip pool pool1 bas local
 gateway 10.0.0.1 255.255.255.0
 section 0 10.0.0.2 10.0.0.200
#
//Configure a web server.
web-auth-server 192.168.10.2 port 50100 key simple huawei
//Configure a pre-authentication domain.
user-group preweb     
#
aaa
 http-redirect enable
 authentication-scheme none
  authentication-mode none
 #
 accounting-scheme none
  accounting-mode none
 #
 domain preweb
  authentication-scheme none
  accounting-scheme none
  ip-pool pool1
user-group preweb
  web-server 192.168.10.2
  web-server url http://192.168.10.2
 #
#
//Limit the resources available to the user when the user is in the pre-authentication domain.
acl number 6000    
 rule 5 permit ip source user-group preweb destination ip-address 127.0.0.1 0
 rule 15 permit ip source ip-address 127.0.0.1 0 destination user-group preweb
 rule 20 permit ip source user-group preweb destination ip-address 192.168.10.2 0
 rule 25 permit ip source ip-address 192.168.10.2 0 destination user-group preweb
#
acl number 6001   
 rule 5 permit tcp source user-group preweb destination-port eq www
 rule 10 permit tcp source user-group preweb destination-port eq 8080
#
acl number 6002   
 rule 5 permit ip source ip-address any destination user-group preweb
 rule 10 permit ip source user-group preweb destination ip-address any
#
traffic classifier web-deny operator or   
 if-match acl 6002
traffic classifier web-permit operator or
 if-match acl 6000
traffic classifier preweb operator or
 if-match acl 6001
#
traffic behavior web-deny
 deny
traffic behavior web-permit
traffic behavior preweb
 http-redirect
#
traffic policy preweb
 share-mode
//Allow the access to the web server.
 classifier web-permit behavior web-permit   
//Enable the device to redirect a user to the web authentication page when the user enters an HTTP address.
 classifier preweb behavior preweb    
//Configure the device to deny other traffic.
 classifier web-deny behavior web-deny 
#
traffic-policy preweb inbound
//Configure an authentication domain.
aaa
domain jyc
  authentication-scheme radius
  accounting-scheme radius
  radius-server group radius
  portal-server 192.168.10.2
  portal-server url http://192.168.10.2/portal/admin
//Configure an authentication interface.
interface GigabitEthernet0/1/1
 bas
 #
//Configure an authentication domain (this configuration is not needed if manual input of an authentication domain is configured using the access-type layer2-subscriber default-domain pre-authentication preweb access-type command). 
access-type layer2-subscriber default-domain pre-authentication preweb authentication jyc  
  authentication-method web ppp
 #
#
//Configure a QoS profile to limit the traffic rates.
qos-profile 1M
 car cir 1000 cbs 1000 green pass red discard
#
aaa
 domain jyc
  qos-profile 1M inbound
  qos-profile 1M outbound

  2. Configure PPPoE access.

    //Configure an address pool that does not contain the IP addresses of static users.
ip pool pool1 bas local
 gateway 10.0.0.1 255.255.255.0
 section 0 10.0.0.2 10.0.0.200
 excluded-ip-address 10.0.0.101
//Configure PPPoE authentication on a BAS interface. Enable ARP packet trigger on the BAS interface.
interface GigabitEthernet0/1/1
 bas
  authentication-method ppp web  
  arp-trigger

  3. Configure static access.

    //Configure the methods for obtaining the default user name and password.
aaa
 default-user-name include ip-address //Indicates that the device uses the IP address contained in an access request packet as the user name.
 default-password cipher Root@123  
//Configure a static user.
static-user 10.0.0.101 10.0.0.101 gateway 10.0.0.1 interface GigabitEthernet0/1/1 mac-address 2c27-d724-1649 domain-name jyc

  4. Verify the configuration.

    • Run the display access-user domain preweb command to check information about online users of the specified domain.


Click to Read The Full Documentation...

PPPoEUser Access

The post is synchronized to: NE Configuration Cases in Typical Scenarios

Like (22) Dislike (0) Favorite(4) Share Report
routerup
routerup Created Mar 18, 2019 06:18:15 (0) (0)
Thanks for sharing  
Previous: [NE Configuration Cases in Education Scenarios] Example for configuring common Web authentication + DAA (rate limit)
Next: 【NE Configuration Cases in Typical Scenarios 02】 Education Industry Case
(0) (0)
2#
sim_157
Created Mar 13, 2019 09:17:17

hello Mr. moderator, could you share more theorical threads?
View more
  • x
  • convention:
(0) (0)
3#
sim_157
Created Mar 13, 2019 09:18:54

I want to learn pppoe more detailed, such as how it works
View more
  • x
  • convention:
(0) (0)
4#
sim_157
Created Mar 13, 2019 09:20:26

and your cases are really helpful,
View more
  • x
  • convention:

NeillP
NeillP Created Nov 28, 2020 20:46:26 (0) (0)
 
(0) (0)
5#
NE_Router
Official Created Mar 14, 2019 01:07:32

Posted by sim_157 at 2019-03-13 09:18I want to learn pppoe more detailed, such as how it works

Hello,
Here is a link of PPPoE feature description:
http://support.huawei.com/hedex/ ... 0Access&lang=en
It contents feature principle and usage scenario of PPPoE.

What's More, if you want to learn about how to configure PPPoE function, you could check this link:
http://support.huawei.com/hedex/ ... uration&lang=en
View more
  • x
  • convention:
(0) (0)
6#
Scott_Qing
Created Mar 14, 2019 02:52:49

Posted by sim_157 at 2019-03-13 09:18 I want to learn pppoe more detailed, such as how it works
I used to deal with pppoe, but it was long time ago, I almost forgot all of them,
View more
  • x
  • convention:
(0) (0)
7#
Scott_Qing
Created Mar 14, 2019 02:54:21

Posted by NE_Router at 2019-03-14 01:07 Posted by sim_157 at 2019-03-14 01:07I want to learn pppoe more detailed, such as how it worksHello,H ...
thanks for the documentation guiding, I can review pppoe
View more
  • x
  • convention:
(0) (0)
8#
wy666
Created Mar 18, 2019 05:50:41

your cases are really helpful
View more
  • x
  • convention:

NeillP
NeillP Created Nov 28, 2020 20:46:34 (0) (0)
 
(0) (0)
9#
rou
Created Mar 18, 2019 05:55:32

hope for more sharing
View more
  • x
  • convention:
(0) (0)
10#
qiuzhengrong
Created Mar 18, 2019 06:03:48

Helpful post, thanks
View more
  • x
  • convention:
1234
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.