Utilization of the same BNG with different username databases Highlighted

With the growth of the number of acquisitions and fusion on the Brazilian ISP market, is more frequent the ask to help to configure the BNG server to use two different users database at the moment of subscriber authentication, cause during the unification of the operations, is normal that different databases coexist.

To be possible to share the same BNG to different operations on fusion process, are necessary some tasks that I will describe here:

First Step:

        Configure a “radius-server group” pointing to the radius server of each of the ISP involved.

radius-server group ISP-1

 radius-server shared-key-cipher %^%#tE;&::5;b6Jdr4@.Y#FYlK\m,(E~MW-IOa2sKzF&%^%#

 radius-server authentication 192.168.0.1 1812 weight 0

 radius-server accounting 192.168.0.1 1813 weight 0

 radius-server source interface LoopBack0

 radius-server user-name original

#

radius-server group ISP-2

 radius-server shared-key-cipher %^%#tE;&::5;b6Jdr4@.Y#FYlK\m,(E~MW-IOa2sKzF&%^%#

 radius-server authentication 172.16.0.1 1812 weight 0

 radius-server accounting 172.16.0.1 1813 weight 0

 radius-server source interface LoopBack0

 radius-server user-name original

#

Second Step:

        Configure a domain to each of the ISP:

#

aaa

domain isp1.com.br

  authentication-scheme default

  accounting-scheme acct1

  radius-server group ISP-1

#

aaa

domain isp2.com.br

  authentication-scheme default

  accounting-scheme acct1

  radius-server group ISP-2

Third Step:

        In this step we can make the reference of the domain of two different forms:

        If the subscribers are divided into different VLANs, in the other words,  if the subscriber of each ISP are divided on your respective VLAN block, we can make the association of the domain directly on the interfaces:

interface Eth-Trunk1.300

user-vlan 300 qinq 1 4094

bas

 #

  access-type layer2-subscriber default-domain authentication isp1.com.br

 #

#      

interface Eth-Trunk1.400

user-vlan 400 qinq 1 4094

bas

 #

  access-type layer2-subscriber default-domain authentication isp2.com.br

 #

#     

        But, if it is not possible to separate the subscribers on VLANs, they need to use your username with the specific domain after the @.

user_xpto@isp1.com.br

user_wyz@isp2.com.br

       With these simple configurations is possible to share the same BNG server using different subscribers database without interferences.

     I hope I have helped the community. I ask you to comment on your experience with the subject and leave different tips or suggestions for use for what we discuss.

#MVE

#HuaweiEnterpriseCommunity