Professional Documents
Culture Documents
Zxuas 10600 Vol I
Zxuas 10600 Vol I
Version 2.8.01
ZTE CORPORATION
ZTE Plaza, Keji Road South,
Hi-Tech Industrial Park,
Nanshan District, Shenzhen,
P. R. China
518057
Tel: (86) 755 26771900 800-9830-9830
Fax: (86) 755 26772236
URL: http://support.zte.com.cn
E-mail: doc@zte.com.cn
LEGAL INFORMATION
The contents of this document are protected by copyright laws and international treaties. Any reproduction or
distribution of this document or any portion of this document, in any form by any means, without the prior written
consent of ZTE CORPORATION is prohibited. Additionally, the contents of this document are protected by
contractual confidentiality obligations.
All company, brand and product names are trade or service marks, or registered trade or service marks, of ZTE
CORPORATION or of their respective owners.
This document is provided “as is”, and all express, implied, or statutory warranties, representations or conditions
are disclaimed, including without limitation any implied warranty of merchantability, fitness for a particular purpose,
title or non-infringement. ZTE CORPORATION and its licensors shall not be liable for damages resulting from the
use of or reliance on the information contained herein.
ZTE CORPORATION or its licensors may have current or pending intellectual property rights or applications
covering the subject matter of this document. Except as expressly provided in any written license between ZTE
CORPORATION and its licensee, the user of this document shall not acquire any license to the subject matter
herein.
The contents of this document and all policies of ZTE CORPORATION, including without limitation policies related to
support or training are subject to change without notice.
Revision History
Document
ZXUAS 10600 Universal Access Server user manual(volume I)
Name
Document Revision
Product Version V2.8.01 R1.1
Number
Equipment Installation Date
Presentation:
(Introductions, Procedures, Illustrations, Completeness, Level of Detail, Organization,
Appearance)
Good Fair Average Poor Bad N/A
Intelligibility:
(Language, Vocabulary, Readability & Clarity, Technical Accuracy, Content)
Good Fair Average Poor Bad N/A
Please check the suggestions which you feel can improve this documentation:
Improve the overview/introduction Make it more concise/brief
Improve the Contents Add more step-by-step procedures/tutorials
Improve the organization Add more troubleshooting information
Include more figures Make it less technical
Your Add more examples Add more/better quick reference aids
suggestions for Add more detail Improve the index
improvement of
this Other suggestions
documentation __________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
# Please feel free to write any comments on an attached sheet.
If you wish to be contacted regarding your comments, please complete the following:
Name Company
Postcode Address
Telephone E-mail
This page is intentionally blank.
Contents
Chapter 1.......................................................................... 1
System Introduction........................................................ 1
Overview ............................................................................. 1
Product Overview.................................................................. 1
Functions............................................................................. 2
Technical Features and Parameters.......................................... 4
Chapter 2.......................................................................... 7
Chapter 3........................................................................ 29
Chapter 4........................................................................ 39
Chapter 5........................................................................ 61
Chapter 6........................................................................ 77
BRAS Service.................................................................. 77
Overview ...........................................................................77
BRAS Overview ...................................................................78
BRAS Interface Configuration ................................................80
Configuring VBUI Interface ...................................................84
Service Access List (SAL) Configuration .................................. 88
Configuring Domain .............................................................91
Domain User Template Configuration .....................................94
Configuring Subscriber (User) ...............................................96
Point to Point Protocol ..........................................................98
PPP Authentication Protocols............................................... 100
Password Authentication Protocols (PAP) .............................. 100
Challenge Handshake Authentication Protocol (CHAP)............. 102
Configuring PPP Quick-redial............................................... 103
Configuring PPP Idle Timer ................................................. 104
Configuring Flow Statistics ................................................. 105
Access Control ............................................................ 105
Configuring Access Control ................................................. 105
Configuring PPPoE............................................................. 106
Configuring PPPoEoV ......................................................... 108
Configuring PPPoA............................................................. 109
Configuring PPPoEoA ......................................................... 111
Configuring Static IPoE ...................................................... 113
Configuring Static IPoEoV................................................... 116
Configuring Static IPoEoA................................................... 118
DHCP Web Access Configuration.......................................... 121
Configuring QinQ .............................................................. 127
Chapter7....................................................................... 129
Chapter8....................................................................... 153
Figures..........................................................................163
Tables ...........................................................................165
Index ............................................................................173
About this Manual
Purpose
This Manual provides procedures and guidelines for ZXUAS
10600 Carrie Class BRAS.
Intended Audience
This document is intended for engineers and technicians who
perform operation activities on the ZTE routers and switches.
Chapter Summary
Chapter 1 System Introduction
Chapter 2 Structure and Principles
Chapter 3 User Interface Configuration
Chapter 4 System Management
Chapter 5 Interface Configuration
Chapter 6 BRAS Services
Chapter 7 BRAS Security
Chapter 8 DHCP
Related Documentation
The following documentation is related to this manual:
ZXUAS 10600 Installation Manual
ZXUAS 10600 Command Manual
Conventions
Typographical ZTE documents employ the following typographical conventions.
Conventions
TABLE 2 TYPOGRAPHICAL CONVENTIONS
Typeface Meaning
Italics References to other Manuals and documents.
“Quotes” Links on screens.
Bold Menus, menu options, function names, input
fields, radio button names, check boxes, drop-
down lists, dialog box names, window names.
CAPS Keys on the keyboard and buttons on screens
and company name.
Constant width Text that you type, program code, files and
directory names, and function names.
[] Optional parameters.
{} Mandatory parameters.
| Select one of the parameters that are delimited
by it.
Note: Provides additional information about a
certain topic.
Checkpoint: Indicates that a particular step needs
to be checked before proceeding further.
Tip: Indicates a suggestion or hint to make things
easier or more productive for the reader.
Typeface Meaning
Drag Refers to pressing and holding a mouse button and
moving the mouse.
System Introduction
Overview
Introduction This chapter covers brief introduction of software/hardware
structure of ZXUAS 10600 Carrier Class BRAS.
Contents This chapter covers the following topics:
Topic Page No
Product Overview 1
Functions 2
Product Overview
Introduction With increase of Internet services in exponential order, IP
becomes the first choice in transmission mode for new
generation of basic network infrastructure around the world. The
IP protocol-based services will soon dominate the networks of
service providers, and communication networks are now
experiencing a profound revolution. To adapt to this revolution,
all network carriers are beginning to construct broadband IP
network for loading data, voice, video services. The key
technology of constructing the IP network is network
interconnection and router technology.
Internet, routers are the key equipment for the interconnection
and inter-working of multiple networks, and play an extremely
important role.
High As demands for bandwidth increase in an amazing way,
Bandwidth backbone network transmission rate has normally reached 2.5
Routers GB/s or even higher currently. Thus, traditional routers, which
are based on software forwarding technology, cannot meet the
Functions
Structure ZXUAS 10600 Carrier Class BRAS integrates IP routing and
switching technologies, current broadband network technologies.
In aspect of system design, routing engine and forwarding
engine are separated, partial forwarding table is divorced from
global routing table and fast hardware is adopted to realize the
packet header processing, routing, and forwarding of the IP
packets.
ZXUAS 10600 Carrier Class BRAS adopts CROSSBAR switching
structure to enhance data communication speed among
respective interface units. ZXUAS 10600 Carrier Class BRAS
leaves behind the “Best Effort” working mode or traditional
routers; this is the new generation of super large capacity wire
speed switching-type routers.
The structure of ZXUAS 10600 Carrier Class BRAS fully loaded is
shown in Figure 1.
F I G U R E 1 Z X U AS 1 0 6 0 0 C A R R I E R C L A S S B R AS
T A B L E 4 P O W E R S U P P L Y R E Q U I R E M E N T S O F Z X U AS 1 0 6 0 0 C A R R I E R C L A S S
B R AS
Overview
Introduction This chapter describes structure and principles of ZXUAS 10600
Carrier Class BRAS.
Contents This chapter covers following topics.
Topic Page No
F I G U R E 2 Z X U AS 1 0 6 0 0 C A R R I E C L A S S B R AS S O F T W A R E S Y S T E M
a
d BNPC
BUPC#2 b B
T
S e BSFC
BUPC#1
R
c
f BIC
PCI
CPU&
100BASE-TX Switch&PHY 16×100BASE-TX
Bridge
SDRAM ISA/BOOT/
FLASH CARD
RPU Manage
Control/
Monitor
MPU Master/Slave
ISA/BOOT/
SDRAM FLASH CARD
Console
CPU& 2×100BASE-TX
Bridge PCI 10/100BASE-TX
DEBUG
On front panel of BUPC, there are four LED indicators and two
switches.
Indicator Functions
Indicator Functions
BUPC
BNPC
BNPC
BNPC
CROSSSBAR
PCI bus
100BASE-TX
CPU PORT
CROSSSBAR
CROSSSBAR
512KBOOT 2MB program 32MB
FLASH FLASH SDRAM
CROSSSBAR
Arbitration/
scheduling
FPGA
On front panel of BSFC, there are four LED indicators and two
switches. Table 6 shows functions of BSFC.
Indicator Functions
Fast Ethernet
interface Network Processor Card
32×62.5M b/s ×4
SDRAM SDRAM
(Sending
PCI (Receiving
direction) direction)
SRAM Network SRAM
Network
processor processor
BUF1 BUF2
100BASE-T X
ROM/FLASH ROM/FLASH
then send them out. Besides, it can conduct the operations like
ACL filtering, etc., according to the configuration.
The network processor supports SDRAM of at most 256MB. The
bus frequency of SDRAM can reach 100MHz. The network
processor in the sending direction communicates with the
receiving-direction one and the network adaptor via the PCI bus.
Bus The bus conversion module FPGA mainly conducts following four
Conversion operations:
Module FPGA
1. In the upward direction, it converts the data format of the
network processor into that of the high-speed serial
backplane chip, and forwards data.
2. In the downward direction, it converts the data format of the
high-speed serial backplane chip into that of the network
processor, and forwards data.
3. It realizes the error processing function of the NPCI.
4. It realizes the queue scheduling and flow management
functions like QoS, VOQ, etc.
PCI Network This module is used to execute the communication between the
Adaptor network processor and the BUPC, and to realize the functions of
Module downloading the software version from the BUPC, synchronously
updating the routing protocol, etc. The Ethernet controller, which
is adopted by the PCI network adaptor module, has following
features:
1. Integrating MAC, PHY, and the PCI bus interface MASTER
controller.
2. Supporting 10M/100M adaptive; complying with the full-
duplex flow control of 802.3x.
3. Supporting the PCI burst transmission.
High-speed The parallel-to-serial and serial-to-parallel chips, are used to
Serial convert the 32-bit parallel packets processed by the network
Backplane Chip processor into the serial data and then send them to the BSFC,
or to convert the serial data from the BSFC into 32-bit parallel
data and then send them to the network processor.
The serial data rate of a single high-speed serial backplane chip
can reach 2.125Gb/s. We can use two such chips to realize the
bandwidth of 4.25Gb/s, and to connect the CROSSBAR on the
BSFC, thus conducting the high-speed, large capacity switching
works.
Panel Front panel of BNPCT is shown in Figure 11.
Indicator and
Switch FIGURE 11 BNPCT FRONT P ANEL
On front panel of BNPCT, there are four LED indicators and one
switch.
Indicator Functions
Power
UART × 2 UPC card
supply
Humidity and
temperature sensor
CPU
Infrared sensor
Smog
EPLD sensor
Fan state
External BITS
clock
BITS PHY SFC card
Indicator Functions
ZXUAS 10600 On front panel of ZXUAS 10600 Carrier Class BRAS BIC, there
Carrier Class are 7 interfaces, which are: 10/100M Ethernet interface, MON
BRAS BIC interface, COM interface, PWR interface, FAN1 interface, FAN2
interface and BITS clock interface.
Among them, MON interface, PWR interface, FAN1 interface and
FAN2 interface are monitoring system interfaces, respectively
connected with infrared sensor, primary power supply and
monitoring interfaces of fan groups I and II.
The 10/100M Ethernet interface and COM interface are
connected with background computer. BITS clock interface is
connected with the BITS clock source via the 75 Ω coaxial cable.
Indicator Functions
Indicator Functions
The Gigabit Ethernet Interface (GEI) card has 4 SFP, every SFP
has 2 LED indicators in yellow and green respectively. Table
11shows their functions.
Indicator Functions
Indicator Functions
T AB L E 1 4 AT M 3 FR O N T P AN E L I N D I C AT O R S
Indicator Functions
User Interface
Configuration
Overview
Introduction This chapter describes common configuration methods,
command modes and use of command lines of ZXUAS 10600
Carrier Class BRAS.
Contents This chapter covers following topics.
Topic Page No
29
Configuration Methods
Configuration Modes 33
Configuration Methods
Introduction To provide users with maximum operation flexibility, ZXUAS
10600 Carrier Class BRAS provides multiple configuration
methods. A user can select suitable configuration methods
according to connected network. Configuration methods are
described as follows:
Configuration through COM port: This is main method to
configure a UAS.
Configuration in Telnet: Through this method, UAS can be
configured from any part of network
3. Select Com port, which are using for connection with UAS,
Click > OK button as shown in Figure 21 .
Result: Com Properties Window appears
Important! Be sure that Com port is rightly selected
END OF STEPS.
username Global
<username> Configures user name and
password password for Telnet login
<password>
END OF STEPS.
Configuration Modes
Introduction For users to configure and manage UASs conveniently, ZXUAS
10600 assigns commands to different modes according to
different functions and rights. A command can only be carried
out in a special mode. In any command mode, just enter a
question mark "?", and the commands that can be used in the
mode can be viewed. Command modes of ZXUAS 10600 are as
follows:
User mode
Privileged mode
Global configuration mode
Interface configuration mode
Route Configuration mode
Diagnosis mode
VRF configuration mode
BRAS configuration mode
Domain configuration mode
User Mode When using HyperTerminal mode to log on to system, system
enters into user mode automatically. If using Telnet mode to log
on, a user enters into user mode after entering the user name
and password. DOS prompt of user mode is host name of UAS
followed by a ">", as follows (the default host name is ZXUAS):
ZXUAS>
ZXUAS>enable
Password: (The input password will not be displayed on the screen)
ZXUAS#
Routing protocols used are RIP, OSPF, IS-IS and BGP. In above
example, routing protocol OSPF is configured.
To return from route configuration mode to global configuration
mode input exit command and to return from route
configuration mode to privileged mode directly input end
command or press <CTRL + Z>.
Diagnosis In privileged mode, uses diagnose command to enter diagnosis
Mode mode as follows:
ZXUAS#diagnose
Test commands:
ZXUAS(diag)#
ZXUAS(config)#bras
ZXUAS(config-bras)#
ZXUAS>?
Exec commands:
enable Turn on privileged commands
exit Exit from the EXEC
login Login as a particular user
logout Exit from the EXEC
ping Send echo messages
quit Quit from the EXEC
show Show running system information
telnet Open a telnet connection
trace Trace route to destination
who List users who is logining on
ZXUAS>
ZXUAS#co?
configure copy
ZXUAS#co
ZXUAS#con<Tab>
ZXUAS#configure (there is a space between “configure” and the
cursor)
ZXUAS#configure?
terminal Enter configuration mode
ZXUAS#configure
ZXUAS#von ter
^
% Invalid input detected at '^' marker.
ZXUAS#
ZXUAS#cl?
clear clock
ZXUAS#clock ?
set Set the time and date
ZXUAS#clock set ?
hh:mm:ss Current Time
ZXUAS#clock set 13:32:00
% Incomplete command.
ZXUAS#
Command Function
Command
System Management
Overview
Introduction This topic covers brief introduction about System Management of
ZXUAS 10600 Carrier Class BRAS.
Contents This chapter covers following topics.
Topic Page No
File Management 40
TFTP Configuration 43
IMG
CFG
DATA
IMG:
System mapping files (that is, image files) are stored under this
directory. The extended name of the image files is .zar. The
image files are dedicated compression files. Version upgrading
means change of corresponding image files under the directory.
CFG:
Configuration files are stored under this directory. File name of
configuration files is startrun.dat. When a command is used to
modify UAS configuration, information is stored in memory.
To prevent loss of configuration information, upon UAS power-
off/power-on, write command must be used to write memory
information into startrun.dat. To clear original configuration in
UAS, upon data reconfiguration, use delete command to delete
startrun.dat file and reboot UAS.
DATA:
This directory is used to store the log.dat file that records alarm
information.
File Management
Introduction ZXUAS 10600 provides many commands for file operations.
Command format is similar to DOS commands as present in
Microsoft Windows Operating System.
Purpose Refer to below procedure for file management on ZTE ZXUAS
10600 Carrier Class BRAS.
Prerequisite Refer to Configuration Methods (Chapter 3) to access the UAS
for configuration.
Steps 1. To display current directory path, use pwd command in
Privileged mode as shown in Table 17.
mkdir Privilege
<directory- This creates new directory in flash
name>
rmdir Privilege
<directory- This deletes directory in flash
name>
ZXUAS#dir
Directory of flash:/
TFTP Configuration
Introduction
8. To save log in specific path, this can be chosen from Log tab.
By default do not log request option is selected as shown in
Figure 31.
END OF STEPS.
Prerequisite
Refer to Configuration Methods (Chapter 3) to access the UAS
CLI for configuration.
Make sure TFTP server is up and running.
Version
Upgrade in In case of System abnormality, following procedure is executed.
Case of System
Abnormality
[ZXUAS Boot]:c
'.' = clear field; '-' = go to previous field; ^D = quit Boot Location
[0:Net,1:Flash] : 0 (0 indicates booting from the background TFTP,
and 1 indicates booting from the FLASH)
Client IP [0:bootp]: 168.4.168.168 (Corresponding to the address of
the management Ethernet port) Netmask: 255.255.0.0
Server IP [0:bootp]: 168.4.168.89 (Corresponding to the address
of the background TFTP Server)
Gateway IP: 168.4.168.168 (The gateway address is the address of
the management Ethernet port)
Boot Path: ZXUAS.zar (Use the default value)
Enable Password:(Use the default value)
Enable Password Confirm:(Use the default value)
[ZXUAS Boot]:
[ZXUAS Boot]:@
Loading... get file ZXUAS.zar[15922273] successfully!
file size 15922273.
...
Start ZXUAS-TSR MPU
Version V1.2.m.n Built at Mar 22 2004, 11:03:18
*****************************************
Welcome to ZXUAS 10600
*****************************************
ZXUAS>
Note: The boot mode also can be changed to "Boot from the
FLASH" by using the command nvram imgfile- location local
in the global configuration mode.
9. Under [ZXUAS Boot]: enter “@” and press <ENTER>, system
boots with new image from FLASH
10. After normal boot, view the image version under running
and confirm whether the upgrading is successful.
END OF STEPS.
3. To copy the image file into TFTP server, FTP server or copy
from TFTP server, FTP server into UAS, use copy command
as shown in Table 38.
END OF STEPS.
Example:
ZXUAS(config)#banner incoming #
Enter TEXT message. End with the character '#'.
***********************************
Welcome to ZXUAS Broadband Remote Access Server of ZTE
Corportioan
***********************************
#
ZXUAS(config)#
Command Command
Command Format Mode Function
ZXUAS#show version
ZXR10 Router Operating System Software, ZTE Corporation
ZXUAS ROS Version V4.8.01
ZXUAS 10600 Software, Version V2.8.01.b01, RELEASE
SOFTWARE/*OS version is 2.8.01*/
Copyright (c) 2005-2010 by ZTE Corporation
Compiled Sep 19 2006, 09:38:16
System image files from net <ftp://168.168.168.1/zxuas.zar>
System uptime is 0 days, 16 hours, 56 minutes
[RPU,panel 2,master]
Main processor: PENTIUM II with 512M bytes of memory
ROM: System Bootstrap, Version: ZXUAS 10600 BOOT 1.0,RELEASE
SOFTWARE
[MPU,panel 2,master]
Main processor: PENTIUM II with 512M bytes of memory
8K bytes of non-volatile configuration memory
64M bytes of processor board System flash (Read/Write)
ROM: System Bootstrap, Version:ZXUAS 10600 BOOT 1.0,RELEASE
SOFTWARE
System serial: 10020
[BSFC,panel 2,master]
Main processor: PowerPC 8240 with 64M bytes of memory
ROM: System Bootstrap, Version: ZXUAS T128 BOOT 2.6.02,RELEASE
SOFTWARE
[BNPCT,panel 2]
Main processor: XSCALE with 512M bytes of memory in slot 2
System with multiple processors (2 Network processors)
Every network processor with 512M bytes of memory
ROM(4M): System Bootstrap, Version:ZXUAS 10600 BOOT 1.0,
RELEASE SOFTWARE
Related None
Information
Interface Configuration
Overview
Introduction This chapter describes different types of interfaces on ZXUAS
10600 Carrier Class BRAS and their configuration examples for
further illustration.
Contents This chapter covers following topics.
Topic Page No
Interfaces Types 61
Physical Interfaces 62
Interfaces Types
Interfaces are divided into following types.
Physical interfaces
Logical interfaces
Interface Description
Type
Physical Interfaces
Physical interfaces cover the following topics.
Ethernet Interface Configuration
no interface
This enables the interface
shutdown
ip vrf interface
forwarding This configures the interface
<vrf- associated with the VRF
name>
ip address interface
This configures the IP address for
ip-address
interface
mask
speed interface
This sets the speed for the interface
{10|100}
ZXUAS#configure terminal
ZXUAS(config)#interface fei_1/2
ZXUAS(config-if)#no shutdown
ZXUAS(config-if)#ip address 10.61.86.88 255.0.0.0
ZXUAS(config-if)#speed 100
ZXUAS(config-if)#duplex full
/*show the interface information*/
ZXUAS(config)#show ip interface fei_1/2
fei_1/2 AdminStatus is up, PhyStatus is up, line protocol is up
Internet address is 10.61.86.88/8
Broadcast address is 255.255.255.255
MTU is 1500 bytes
ICMP unreachables are always sent
ZXUAS(config)#interface fei_1/2
ZXUAS(config-if)#ip address 10.1.1.2 255.255.255.252
ZXUAS(config-if)#duplex full
Pos Framing PoS use PPP in High-Level Data Link Control (HDLC)-like framing
(as specified in RFC 1662) for data encapsulation at Layer 2
(data link) of Open System Interconnection (OSI) stack. This
method provides efficient packet delineation and error control.
The frame format for PPP in HDLC-like framing is shown in
Figure 34.
clock board
source
<boardname>
This configures clock source for
{system|free- global config
POS interface
run|line
<interface-
number>}
ip address
<ip-address>
This configures an ip address of
<net-mask> interface config
an interface
[<broadcast-
address>]
ZXUAS(config)#interface pos48_4/4
ZXUAS(config-if)#ip address 192.168.1.1 255.255.255.252
Configuring ATM
Introduction Asynchronous transfer mode (ATM) is a high-performance, cell-
oriented switching and multiplexing technology that utilizes
fixed-length packets to carry different types of traffic. Networks
that have been primarily focused on providing better voice
services are evolving to meet new multimedia communications
challenges and competitive pressures.
Services based on asynchronous transfer mode (ATM) and
synchronous digital hierarchy (SDH)/synchronous optical
network (SONET) architectures provide flexibility essential for
success in this market. The most basic service building block is
ATM virtual circuit, which is an end-to-end connection that has
defined end points and routes.
In ATM networks, all information is formatted into fixed-length
cells consisting of 48 bytes (8 bits per byte) of payload and 5
bytes of cell header. The fixed cell size ensures that time-critical
information such as voice or video is not adversely affected by
long data frames or packets. The header is organized for
efficient switching in high-speed hardware implementations and
carries payload-type information, virtual-circuit identifiers, and
header error check.
ATM Standards ZXUAS 10600 provides ATM 155M and ATM 622M standard
speed interfaces. They can support IP Over ATM, Encapsulation
of IP Over ATM LLC/SNAP, ATM AAL5, IP routing, ATM cell
processing, 256 PVCs and point-to-point connection.
Purpose Refer to below procedure for ATM configuration on ZTE ZXUAS
10600 Carrier Class BRAS.
Prerequisite Refer to Configuration Methods (Chapter 3) to access the UAS
CLI for configuration.
Steps
interface
This enters into interface
<interface- Global config
configuration mode
number>
atm pvc
<vpi> Interface config This creates PVC
<vci>
ip address
<ip-address>
This configures an ip address of
<net-mask> Interface config
an interface
[<broadcast-
address>]
TABLE 64 OAM-RETRY
ZXUAS(config)#interface atm155_1/1.1
ZXUAS(config-if)#atm pvc 2 40
ZXUAS(config-if)#ip address 10.10.0.2 255.255.255.252
Configuration of ZXUAS 10600-2:
Configuring Smart-Group
Introduction Smart Group refers to aggregation of multiple physical interfaces
into one logical interface to provide higher aggregated
bandwidth, load balancing, and link redundancy. One
SmartGroup interface can contain up to eight Ethernet interfaces
in the same board slot. One Ethernet interface board can
support up to 31 SmartGroup interfaces.
Purpose Refer to below procedure for smart group on ZTE ZXUAS 10600.
Prerequisite Refer to Configuration Methods (Chapter 3) to access the UAS
for configuration.
Steps 1. To create a smartgroup interface and to enter into it, use
interface smartgroup{1-64} command in interface
configuration mode as shown in Table 65.
ip address
<ip-address>
This configures an ip address of
<net-mask> Interface config
an interface
[<broadcast-
address>]
smartgroup
This adds Ethernet interfaces
<interface- Interface config
into smartgroup
number>
BRAS Service
Overview
Introduction This chapter covers the basic concepts and configuration of
BRAS access features which includes subscriber domain, access
interfaces, virtual interfaces, authorization, accounting and
access control.
Contents This chapter covers the following topics:
Topic Page No
BRAS Overview 78
Configuring Domain 91
Topic Page No
BRAS Overview
Broadband Remote Access Server (B-RAS) is an application
running on your UAS that:
Aggregates the output from digital subscriber line access
multiplexers (DSLAMs)
Provides user Point-to-Point Protocol (PPP) sessions or IP-
over-Asynchronous
Transfer Mode (ATM) sessions
Enforces quality of service (QoS) policies
Routes traffic into an Internet service provider’s (ISP’s)
backbone network
A DSLAM collects data traffic from multiple subscribers into a
centralized point so that it can be uploaded to the UAS over an
ATM connection via a DS3, OC3, E3, or OC12 link.
UAS provides logical termination for PPP sessions, as well as the
interface to authentication and accounting systems.
ZTE ZXUAS 10600 provides unique concepts for RAS which
includes:
Domain Domain is an aggregate of bras service management features,
which has AAA system, legal user group and some services
management policy.
By using domain ZXUAS 10600 is able to manage user groups,
which have their own resources and configurations, such as:
D o m a in S u b s c rib e r-
1
D o m a in A lia s -1
S u b s c rib e r- n
VRF R a d iu s G ro u p
R o s _ In te rfa c e
IP P O O L -1
VRF
VBUI
IP P O O L -n
Sub- Sub-
In te rfa c e In te rfa c e
Q oS ACL
T AB L E 6 8 AC C E S S TY P E CO M M AN D
access-
type {eth |
This configures user access to
adsl- Sub interface
circuit interface
dmt|adsl-
cap | xdsl}
T AB L E 6 9 AT M P V C C OM M AN D
atm pvc
[<vpi>
<vci> Sub interface This creats PVC
[through
<vci>]
T AB L E 7 0 B IN D AU T H E N T I C AT I O N C O M M AN D
bind
authentication This binds the dynamic circuit
{pap|chap|chap- Sub interface which encapsulated in PPP to the
pap} [maximum particular interface
sessions]
bind vbui
vbui-
This statical binds the circuit to vbui
number Sub interface
interface
[maximum
sessions]
dot1Q {<
This sets the vlan_id for a Ethernet
vlan-id | Sub interface
interface
none }
dslam
This configures vlan and mac
{name
Sub interface address for the DSLAM for the
<vlan
interface
mac>}
Result: This configures vlan and mac address for the DSLAM for
the interface.
8. To set the encapsulate mode for the bras service interface,
use command encapsulation {ppp-over-ethernet|multi| ip-
over-ethernet | bridge1483 | route1483| ppp llc|dot1q{ppp-
over-ethernet|ip-over-ethernet|multi}} in sub interface
config mode. This is shown in Table 75.
encapsulation
{ppp-over-
ethernet|multi|
ip-over-ethernet
| bridge1483 |
This sets encapsulation mode for
route1483| ppp Sub interface
the bras service interface
llc|dot1q{ppp-
over-
ethernet|ip-
over-
ethernet|multi}}
Result: This sets the encapsulation mode for the brass service
interface.
9. To config subscriber location information, use command
subscriber location in sub interface configuration mode.
This is shown in Table 76.
show interface
This displays sub interface
<type_slot/port.sub privileged
information
port>
ZXUAS#configure terminal
ZXUAS(config)#interface fei_1/1.1 bras
ZXUAS(config-subif)#encapsulation multi
ZXUAS(config-subif)#bind multi vbui vbui1 authentication chap-pap
ZXUAS(config-subif)#subscriber location dhcp-option82 /*depend on
2. To set aged time for arp, use command arp timeout in VBUI
interface configuration mode. This is shown in Table 79 .
T AB L E 7 9 AR P TIM E O U T C OM M AN D
arp
VBUI interface This sets time for arp
timeout
dhcp
VBUI interface This identifies option60
option60
dhcp trust-
VBUI interface This configures trust option
option82
ip address
<ip-
This configures ip address for vbui
address> VBUI interface
interface
<net-
mask>
Dns
VBUI
<primary|secondary> This configures DNS
interface
<ip address>
ip pool <1-
2000>
poolname VBUI interface This configures ip pool for user
start-ip
end-ip
dhcp user
VBUI interface This monitors DHCP user idle time
-detect
web
authentication VBUI This configures web force
subscriber interface authentication
web force
web
server ip- VBUI interface This configures web server address
address
ZXUAS#configure terminal
ZXUAS(config)#interface vbui100
ZXUAS(config-if)#arp timeout 5000
ZXUAS(config-if)#dhcp option60
ZXUAS(config-if)#dhcp trust-option82 /*connected device use
option82 to support user location information which need configure in
ZXUAS 10600 */
ZXUAS(config-if)#ip address 100.100.128.100 255.0.0.0
ZXUAS(config-if)#ip pool abc 100.100.128.1 100.100.128.254
ZXUAS(config-if)#dhcp idle period 180 traffic 50
ZXUAS(config-if)#dns primary 200.101.1.10
ZXUAS(config-if)#web authentication subscriber web force
ZXUAS(config-if)#web server 10.61.96.90
ZXUAS(config-if)#ip dhcp auth-on-up enable
ZXUAS(config-if)#dhcp user-detect /* set the detect times for DHCP
user and the interval, this function is not adapt to the user which
encapsulate IPOA*/
T AB L E 9 0 AL I AS C O M M AN D
alias
SAL config This configures the alias for SAL
<name>
default
domain This configures Default domain for
SAL config
<domain- SAL
name>
deny
{domain
<domain- SAL config This denies domain to access
name> |
any}
none
domain
SAL config This allows the access for the users
<domain-
name>
permit
{domain
This configures permit domain
<domain- SAL config
access
name> |
any}
translate
{src-
domain This translates the user’s domain
<src- SAL config name to the appointed domain
domain> | name
any} <dest-
domain>
ZXUAS(config)#bras
ZXUAS(config-bras)#sal 1
ZXUAS(config-sal-1)#alias special-sal
ZXUAS(config-sal-1)#default domain zte.com.cn /*zte.com.cn is the
alias for one established domain*/
ZXUAS(config-sal-1)#deny domain 8
ZXUAS(config-sal-1)#permit domain another.com.cn /* zte.com.cn is
the alias for one established domain */
ZXUAS(config-sal-1)#translate src-domain zte.com.cn des-domain
another.com.cn
---------------------------------
ZXUAS(config)#int fei_1/1.1 bras
ZXUAS(config-subif)#sal 1
Configuring Domain
Purpose Refer to below procedure for the configuration of domain.
Prerequisite Refer to Configuration Methods (Chapter 3) to access the UAS
CLI for configuration.
Steps For the configuration of domain, perform the following steps:
1. To enter into BRAS configuration mode, use command bras
in global configuration mode. This is shown in Table 96 .
T AB L E 9 8 AL I AS C O M M AN D
T AB L E 9 9 AC C O U N T I N G GRO U P C OM M AN D
authentication-type Domain
{none|local|radius|local- config This sets the mode for user
radius|radius- authentication
local|radius-none}
circuit- Domain
authentication config This sets circuit authentication
enable
12. To set the maximum user number for the domain, use
command max-subscriber <number> in domain
configuration mode. This is shown in Table 107.
Result: This sets the maximum user number for the domain.
END OF STEPS.
Example:
ZXUAS#configure terminal
ZXUAS(config)#bras
ZXUAS(config-bras)#
ZXUAS(config-bras)#domain 2
ZXUAS(config-domain-2)#alias zte.com
ZXUAS(config-domain-2)#accounting-group 8
ZXUAS(config-domain-2)#accounting-type radius
ZXUAS(config-domain-2)#authentication-group 10
ZXUAS(config-domain-2)#authentication-type radius
ZXUAS(config-domain-2)#l2tp-accounting enable /*open l2tp
accounting, configure depend on needed*/
ZXUAS(config-domain-2)#ppp web-force timer 5 count 2 /*set the web
force to the user in domain, configure depend on needed */
ZXUAS(config-domain-2)#circuit-authentication enable
ZXUAS(config-domain-2)#max-subscriber 1000
access-list
Subscriber This configures ACL associate with
<acl-
template user template
number>
access-
list-
Subscriber This configures ACL associate with
outside
template user template
<acl-
number>
ip address
{ip-
address|pool
Subscriber This configures ip address for the
pool-
template user
name|interface
interface-
name|vrf}
timeout
Subscriber This configures timeout for PPP or
absolute
template PPoE user
<minutes>
ZXUAS#config terminal
ZXUAS(config)#bras
ZXUAS(config-bras)#domain 10
ZXUAS(config-domain-10)#subscriber-template
ZXUAS(config-domain-subtmp)#ip address pool my-pool
ZXUAS(config-domain-subtmp)#pppoe url http://www.zte.com.cn/
ZXUAS(config-domain-subtmp)#timeout absolute 200
Subscriber
<username>
This enters into user configuration
domain- Bras config
mode
name<domain-
name>
Result: This sets the web browser to a special URL when PPPoeE
user establishes the session.
END OF STEPS.
Example:
The example is given below:
ZXUAS#configure terminal
ZXUAS(config)#bras
ZXUAS(config-bras)#subscriber loyalty domain-name zte.com.cn /*
zte.com.cn is a domain’s alias */
ZXUAS(config-sub-loyalty)#ip address pool tele-pool
ZXUAS(config-sub-loyalty)#tcp-limit mode mon-sum-rate /*configure
the user’s TCP connect mode */
ZXUAS(config-sub-loyalty)#tcp-limit rate 800 /*user TCP speed */
ZXUAS(config-sub-loyalty)#tcp-limit num 10 /*user TCP connect
number*/
ZXUAS(config-sub-loyalty)#cir-bind bras 1 10 vlan 10 /*appoint the
access location for user*/
ZXUAS(config-sub-loyalty)#password loyal
ZXUAS(config-sub-loyalty)#ppp url http://www.zte.com.cn/
fei_6/1.2
192.168.1.2/30
fei_6/1.1
192.168.1.1/30
ZXUAS 10600-1 ZXUAS 10600-2
Configuration of ZXUAS10600-2:
Challenge Handshake
Authentication Protocol (CHAP)
Introduction Challenge Handshake Authentication Protocol (CHAP) verifies the
identity of peer by means of a three-way handshake. These are
the general steps performed in CHAP.
LCP (Link Control Protocol) phase is complete, and CHAP is
negotiated between both devices, authenticator sends a
challenge message to peer.
Peer responds with a value calculated through a one-way
hash function (Message Digest 5 (MD5)).
Authenticator checks response against its own calculation of
expected hash value. If values match, authentication is
successful. Otherwise, connection is terminated.
This authentication method depends on a "secret" known only to
authenticator and peer. The secret is not sent over the link.
Although authentication is only one-way, this can negotiate
CHAP in both directions, with the help of the same secret set for
mutual authentication.
Purpose Refer to below procedure for challenge handshake authentication
protocol (CHAP) on ZTE ZXUAS 10600.
Prerequisite Refer to Configuration Methods (Chapter 3) to access the UAS
CLI for configuration.
Steps In these steps, PPP (CHAP) configuration occurs through Hyper
Terminal emulation software, present in Windows Operating
System.
1. To bind the interface for PPP authentication CHAP mode, use
bind authentication chap command in bras interface
configuration mode as shown in Table 120.
bind
BRAS This binds the interface for PPP
authentication
subinterface authentication (CHAP mode)
chap
Example:
As shown in Figure 43, fei_6/1.1 interface of ZXUAS 10600-1 is
connected to fei_6/1.2 of ZXUAS 10600-2.
fei_6/1.2
192.168.1.2/30
fei_6/1.1
192.168.1.1/30
ZXUAS 10600-1 ZXUAS 10600-2
Configuration of ZXUAS10600-2:
ZXUAS#configure terminal
ZXUAS(config)#bras
ZXUAS(config-bras)#domain 1
ZXUAS(config-domain-1) quick-redial enable
ZXUAS#config ter
Enter configuration commands, one per line. End with CTRL/Z.
ZXUAS(config)#int fei_1/1.1 bras
ZXUAS(config-subif)#ppp idle interval-period 60 traffic-limit 50
flow- BRAS
statistics This configures flow statistics
enable
ZXUAS#configure terminal
ZXUAS(config)#bras
ZXUAS(config-bras)#flow-statistics enable
Access Control
Configuring Access Control
Introduction ZXUAS 10600 supports many types of access control. These
access control can be configured as BRAS sub-interfaces.
Purpose Refer to below procedure for the configuration of access circuits.
Prerequisite Refer to Configuration Methods (Chapter 3) to access the UAS
CLI for configuration.
access-type < BRAS-
adsl-cap| adsl- subinterface
dmt| async|
cable| Ethernet|
g3fax | hdlc-
clear-channel |
idsl |isdn-async-
This configures the access circuits
v110 |isdn-
for BRAS
async-v120 |
isdn-sync| piafs|
sdsl| sync|
virtual| wireless|
wireless-
ieee802-
11|x25|x75>
ZXUAS#config ter
ZXUAS(config)#int fei_1/1.1 bras
ZXUAS(config-subif)#access-type adsl-cap
Configuring PPPoE
Introduction Point-to-Point Protocol over Ethernet (PPPoE) is a specification
for connecting multiple computer users on an Ethernet local area
network to a remote site through common customer premises
equipment.
Purpose Refer to below procedure for the configuration of PPPoE
authentication.
Prerequisite Refer to Configuration Methods (Chapter 3) to access the UAS
CLI for configuration.
Below steps must be covered in order to configure PPPoE.
interface Global
<interface- config This enables to enter into the
number> <logical Ethernet sub-interface
interface- configuration mode
number><bras/vrf>
bind Ethernet
<authentication> sub-interface This configures the bind type
<type>
Configuring PPPoEoV
Introduction Point-to-Point Protocol over Ethernet over Vlan (PPPoEoV) is a
protocol in which user comes from Ethernet with specific VLAN
ID.
Purpose Refer to below procedure for the configuration of PPPoEoV.
Prerequisite Refer to Configuration Methods (Chapter 3) to access the UAS
CLI for configuration.
Below steps must be covered in order to configure PPPoEoV.
Configuring Network Interface
Configuring VBUI Interface
Configuring Domain
Steps 1. To enter into the Ethernet sub-interface configuration mode,
use interface <interface-number> <logical interface-
number><bras/vrf> command in global configuration mode
as shown in Table 129.
interface Global
<interface- config This enables to enter into the
number> <logical Ethernet sub-interface
interface- configuration mode
number><bras/vrf>
bind Ethernet
<authentication> sub-interface This configures the bind type
<type>
Configuring PPPoA
Introduction Point-to-Point Protocol (PPP) over ATM is a network protocol for
encapsulating PPP frames in ATM AAL5. It is used mainly with
cable modem and DSL services. It offers standard PPP features
such as authentication, encryption, and compression.
Purpose Refer to below procedure for the PPPoA configuration.
Prerequisite Refer to Configuration Methods (Chapter 3) to access the UAS
CLI for configuration.
Below steps must be covered in order to configure PPPoA.
interface Global
<interface- config This enables to enter into the
number> <logical ATM sub-interface configuration
interface- mode
number><bras/vrf>
Configuring PPPoEoA
Introduction Point-to-Point Protocol (PPPoEoA) over Ethernet over atm is a
network protocol for encapsulating PPP frames first into Ethernet
then into ATM cell.
Purpose Refer to below procedure for the PPPoEoA configuration.
Prerequisite Refer to Configuration Methods (Chapter 3) to access the UAS
CLI for configuration.
Below steps must be covered in order to configure PPPoEoA.
Configuring Network Interface
Configuring VBUI Interface
Configuring Domain
Steps 1. To enter into the ATM sub-interface configuration mode, use
interface <interface-number> <logical interface-
interface Global
<interface- config This enables to enter into the
number> <logical ATM sub-interface configuration
interface- mode
number><bras/vrf>
interface
This enables to enter into the VBUI
vbui<vbui Global config
interface mode
number>
ip host <ip
VBUI This configures the static ip
address><slot><port
interface address for the user
number>
interface Global
<interface- config This enables to enter into the
number> <logical Ethernet sub-interface
interface- configuration mode
number><bras/vrf>
ZXUAS(config)#interface vbui1
ZXUAS(config-if)#ip address 12.1.1.3 255.255.0.0
ZXUAS(config-if)#ip host 12.1.1.4 slot 7 port 14 /*user connect to
device through slot 7 interface 14 */
ZXUAS(config-if)#exit
interface
This enables to enter into the VBUI
vbui<vbui global
interface mode
number>
ip host <ip
VBUI This configures the static ip
address><slot><port
interface address for the user
number>
interface Global
<interface- This enables to enter into the
number> <logical Ethernet sub-interface
interface- configuration mode
number><bras/vrf>
ZXUAS(config)#interface vbui1
ZXUAS(config-if)#ip address 12.1.1.3 255.255.0.0
ZXUAS(config-if)#ip host 12.1.1.4 slot 7 port 14 vlan 10 /*user come
from slot 7 interface 14 which vlan id 10. */
ZXUAS(config-if)#exit
interface
This enables to enter into the VBUI
vbui<vbui global
interface mode
number>
ip host <ip
VBUI This configures the static ip
address><slot><port
interface address for the user
number>
interface Global
<interface- This enables to enter into the
number> <logical ATM sub-interface configuration
interface- mode
number><bras/vrf>
ZXUAS(config)#interface vbui1
ZXUAS(config-if)#ip address 12.1.1.3 255.255.0.0
ZXUAS(config-if)#ip host 12.1.1.4 slot 7 port 14
ZXUAS(config-if)#exit
interface
This enables to enter into the VBUI
vbui<vbui Global config
interface mode
number>
ip pool <1-
2000>
poolname VBUI interface This configures ip pool for user
start-ip
end-ip
ip dhcp
This configures IP DHCP mode as a
mode VBUI interface
server
server
ip dhcp
server
This sets the gateway of DHCP
gateway VBUI interface
client
<ip
address>
web
authentication VBUI This configures web
subscriber interface authentication subscriber
web
web
server <ip VBUI interface This configures web server address
address>
Configuring QinQ
Introduction When received Ethernet packet with tag, encapsulate the new
vlan tag. This vlan tag is called outer vlan tag. Whereas in the
send side, take out this outer vlan tag, and send the packet to
relative interface.
Purpose Refer to below procedure for the static QinQ configuration.
ZXUAS#configure terminal
ZXUAS(config)#interface fei_1/1.12 bras
ZXUAS(config-subif)#encapsulation dot1q ip-over-ethernet
ZXUAS(config-subif)#dot1q 12 /*outer vlan tag*/
ZXUAS(config-subif)#qinq 12 second-dot1q 20 /*20 is the inner vlan
tag */
ZXUAS(config-subif)#bind vbui vbui1
BRAS Security
Overview
Introduction This chapter introduces configuration of radius and security
measures.
Contents This chapter covers the following contents:
Topic Page No
Radius (AAA)
Radius Overview
Intoduction RADIUS (Remote Authentication Dial-In User Service) is a
distributed, client/server protocol. Radius manages dispersive
dialed users. Radius manages authentication, authorization, and
accounting of users by a simple user database and can modify
the service for users depending on service type. Users submit
authentication and accounting request to Radius server through
BRAS.
When users want to establish connection to BRAS and obtain the
right to visit some other networks or use some network resource.
BRAS are responsible to send the user’s authentication and
accounting information to RADIUS server. RADIUS protocol
stipulates how to transmit this information between BRAS and
RADIUS server. RADIUS server is responsible to receive user’s
request from BRAS, authenticate name and password, and then
sends configuration information needed by user to BRAS.
Transactions between BRAS and RADIUS server are
authenticated through use of a shared secret. In addition, any
user passwords are sent encrypted between client and RADIUS
server, to eliminate the possibility that someone snooping on an
unsecured network could determine a user’s password.
RADIUS configuration is only configured in some parameters, it
needs to appoint to use RADIUS method in domain mode to
allow RADIUS protocol work, it also needs to set authentication
and accounting type as RADIUS.
AAA ZXUAS 10600 support user’s authentication, authorization and
description accounting (AAA). The description of AAA is as follows:
Authentication: Act of verifying a claimed identity, in the
form of a pre-existing label from a mutually known as name
space.
Authorization: Act of determining if a particular right, such as
access to some resource, can be granted to the presenter of
a particular credential.
Accounting: Act of collecting information on resource usage
for the purpose of trend analysis, auditing, billing or cost
allocation.
Radius
authentication- This configures authentication
Global config
group <1- server group
2000>
algorithm
This sets the selective algorithm of
{first|round- authentication
RADIUS server
robin}
nas-ip-
address This configures the nas-ip of Radius
authentication
<ip- server
address>
server
<server-
num>
<ipaddress> This configures parameters of
authentication
key Radius server
<keystr>
[port
<portnum>]
user-name-
format
This configures the user name
{include- authentication
format in the packet
domain|strip-
domain}
calling-
station- This defines calling-station-id
authentication
format <1- format
2>
end
authentication This exits to Privilege mode
max-
This sets overtime re-send
retries <1- authentication
parameters
255>
nas-port-id-format
This sets nas-port-id
<china-te1><class1> authentication
format
<class2> <class3>
vendor
authentication This sets vendor
<enable/disable>
ZXUAS#configure terminal
ZXUAS(config)#radius authentication-group 10
ZXUAS(config-auth-group-10)#algorithm round-robin
ZXUAS(config-auth-group-10)#alias zte-auth
ZXUAS(config-auth-group-10)#server 2 10.61.88.88 key zte-auth
ZXUAS(config-auth-group-10)#user-name-format strip-domain
ZXUAS(config-authgrp-1)#nas-ip-address 10.168.0.1
ZXUAS(config-auth-group-10)#exit
ZXUAS(config)#bras
ZXUAS(config-bras)#domain 10 /*configure domain 10 associate
with RADIUS server group */
ZXUAS(config-domain-10)#authentication-group 10
ZXUAS(config-domain-10)#authentication-type radius /*three types,
none-authentication, local-authenticatio and radius authentication*/
ZXUAS(config-domain-10)#end
ZXUAS#write
radius
accounting- This configures accounting server
global
group <1- group
2000>
server
<server-
num>
<ipaddress> This configures the parameters of
accounting
key Radius server
<keystr>
[port
<portnum>]
local-buffer
This configures saved accounting
enable accounting
information in buffer
{enable|disable}
user-name-
format This configures user name format
{include- accounting in the packet which sends to the
domain|strip- RADIUS server from BRAS
domain}
calling-
station- This defines calling-station-id
accounting
format <1- format
2>
end
accounting This exits to Privilege mode
nas-ip-
address accounting This sets NAS IP address
<A.B.C.D>
nas-port-id-format
<china- This configures nas port id
accounting
te1><class1><class2> format
<class3>
vendor
accounting This sets vendor
<enable/disable>
ZXUAS#configure terminal
ZXUAS(config)#radius accounting-group 8
ZXUAS(config-acct-group-8)#algorithm round-robin
ZXUAS(config-acct-group-8)#alias zte-acct
ZXUAS(config-acct-group-8)#server 2 10.61.88.86 key zte-acct
ZXUAS(config-acct-group-8)#user-name-format strip-domain
ZXUAS(config-acct-group-8)#local-buffer enable
ZXUAS(config-acct-group-8)#exit
ZXUAS(config)#bras
ZXUAS(config-bras)#domain 10 /*configure domain 10 associate
with accounting server group*/
ZXUAS(config-domain-10)#accounting-group 8
ZXUAS(config-domain-10)#accounting-type radius /*none-accounting,
or radius accounting*/
ZXUAS(config-domain-10)#end
ZXUAS#write
Prerequisite Refer to
Configuration Methods (Chapter 3) to access the UAS CLI for
configuration.
Steps 1. To configure RADIUS authentication server group detection,
use command radius-ping authentication-group in
franchise mode. This is shown in Table 213.
radius-ping
authentication-
This configures RADIUS
group<1-
privilege authentication server group
2000><sub-
detection
name><domain-
name><password>
radius-ping
accounting-
This configures RADIUS
group<1-
privilege accounting server group
2000><sub-
detection
name><domain-
name><password>
ZXUAS>en
Password:
ZXUAS#radius-ping authentication-group 10 test-user china-telecomm
test /*the parameters is the serial number of server, user name,
domain name, password */
ZXUAS#radius-ping accounting-group 20 acc-user 30 acc-pass
ZXUAS#configure terminal
Enter configuration commands, one per line. End with CTRL/Z.
ZXUAS(config)#bras
ZXUAS(config-bras)#domain 20
ZXUAS(config-domain-20)#mix-authorization enable
ZXUAS(config-domain-20)#alias zte.com
ZXUAS(config-domain-20)#accounting-group 8
ZXUAS(config-domain-20)#accounting-type radius
ZXUAS(config-domain-20)#authentication-group 10
ZXUAS(config-domain-20)#authentication-type radius
ZXUAS(config-domain-20)#exit
ZXUAS(config-bras)#subscriber user2 domain 20 /*create user
associate with the domain 20 */
Packt Limit
Speed limitation (nuit:packet/seconds)
<Parameters>
Example:
The example given below shows the configuration to enter into
BRAS mode and then into security mode by using security
command. The will limit the speed of the special speed.
ZXUAS#configure terminal
ZXUAS(config)#bras
ZXUAS(config-bras)#security
ZXUAS(config-security)#packet-limit uni-arp-reply 20 /*set the speed
of arp reply packet received by the user interface in bnpc */
ZXUAS(config-security)#packet-limit icmp 50
ZXUAS(config-security)#packet-limit nni-bgp 50
ZXUAS(config-security)#packet-limit nni-radius 80
ZXUAS(config-security)#packet-limit telnet 30
ZXUAS(config-security)#packet-limit uni-ppp-padi 80
permit
mac <mac-
This configures MAC address control
address> Security
access
ctrl-rate
<ctrl-rate>
ZXUAS#configure terminal
ZXUAS(config)#bras
ZXUAS(config-bras)#security
ZXUAS(config-security)#permit mac 1234.5566.7788 ctrl-rate 1000
ppp auth-fail
{auto|record|none}[cap-
time time][fail-limit This configures the manage
limit][cap-limit Security mode after PPP
limit][cap-item size][rec- authentication fails
item size][rate-limit
limit]
Parameter of Description
PPP auth-fail
Parameter of Description
PPP auth-fail
Example:
This example shows that enter into security mode and use
security command. Configure the manage mode after PPPP
authentication fails.
ZXUAS#configure terminal
ZXUAS(config)#bras
ZXUAS(config-bras)#security
ZXUAS(config-security)#ppp auth-fail auto rec-item 50
timer-
BRAS This creates timer container
containers
time rule
Timer This defines time rule
T AB L E 2 2 5 TIM E R C O N T AI N E R AP P L Y C O M M AN D
timer-
This associates the domain with
container- Domain
timer container
apply
ZXUAS#configure terminal
ZXUAS(config)#bras
ZXUAS(config-bras)#
ZXUAS(config-bras)#timer-containers 30000
ZXUAS(config-timer-30000)#timer-rule 10 include start-time 8:30 end-
time 17:30
ZXUAS(config-timer-30000)#timer-rule 10 exclude start-time 11:30
end-time 13:30
ZXUAS(config-timer-30000)#rule-apply 10 acl 100 /*associate the
timer rule with acl 100 */
ZXUAS(config-timer-30000)#exit
ZXUAS(config-bras)#domain 100
ZXUAS(config-domain-100)#timer-container-apply 30000 enable
/*associate the domain 100 with timer container 30000 */
ZXUAS#configure terminal
ZXUAS(config)#bras
ZXUAS(config-bras)#internet-log
ZXUAS(config-net-log)#rule 10 username abc@10
Configuration IP Verification
Introduction Unicast reverse path filters (URPF) is a technology for avoid the
IP address attackers. When this function is enable, the network
circuit check the received datagram in URPF technology, in order
to avoid the IP address cheat.
Purpose Refer to below procedure for unitcst reverse path filters
(URPF)on ZTE ZXUAS 10600.
Prerequisite Refer to Configuration Methods (Chapter 3) to access the UAS
CLI for configuration.
Steps 1. To configure Ip verify, use command ip verify in interface
configuration mode. This is shown in Table 228.
ZXUAS#configure terminal
Enter configuration commands, one per line. End with CTRL/Z.
ZXUAS(config)#interface fei_2/2
ZXUAS(config-if)#ip verify strict
mirror
global This configures interface mirror
ZXUAS#configure terminal
ZXUAS(config)#mirror slot 8 destination-port 8 source-port 2 direction
both
DHCP
Overview
Introduction This chapter describes DHCP server and relay on ZXUAS 10600
Carrier Class BRAS and their configuration examples for further
illustration.
Contents This chapter covers following topics.
Topic Page No
interface
This enables to enter into the VBUI
vbui<vbui global
interface mode
number>
ip pool <1-
2000><words><start- VBUI
This creates ip pool.
ip><end-ip>dhcp-slot interface
<slot-num>
ip dhcp
mode VBUI interface This configures DHCP server mode
server
ip dhcp
VBUI interface This sets gateway of dhcp client
server
ip dhcp
global This enables DHCP
enable
ip dhcp
global This configures DHCP server
server
ip dhcp
global This configures DHCP relay
relay
dhcp-
server- global This enables detect private DHCP
detect
interface
This enables to enter into the VBUI
vbui<vbui global
interface mode
number>
ip dhcp
This configures IP DHCP mode as
mode VBUI interface
relay server
relay
ip dhcp
This configures IP DHCP relay agent
relay VBUI interface
ip address
agent
ip dhcp
This configures IP DHCP relay
relay Global
server ip address
server
ip dhcp
Global This enables DHCP function
enable
ip dhcp
relay
This configures DHCP relay proxy
send- Global
release packet
release
enable
ZXUAS(config)#interface vbui1
ZXUAS(config-if)#ip address 12.1.1.3 255.255.0.0
ZXUAS(config-if)#ip pool my-pool 12.1.1.1 12.1.1.200 dhcp-slot 7
/*for DHCP server method,ip pool is associate with bnpct*/
ZXUAS(config-if)#ip dhcp mode sever
ZXUAS(config-if)#ip dhcp server gateway 12.1.1.3
ZXUAS(config-if)#exit
ZXUAS(config)#ip dhcp enable
ZXUAS(config)#ip dhcp server dns 202.0.0.1 202.0.0.2 /**202.0.0.1 is
the primary DNS,
and 202.0.0.2 is the second DNS.*/
ZXUAS(config)#interface vbui1
ZXUAS(config-if)#ip address 12.1.1.3 255.255.0.0
ZXUAS(config-if)#ip dhcp mode relay
ZXUAS(config-if)#ip dhcp relay agent 12.1.1.3
ZXUAS(config-if)#ip dhcp relay server 200.0.0.1
ZXUAS(config-if)#exit
ZXUAS(config)#ip dhcp enable
ZXUAS(config)#ip dhcp relay send-release enable /*when user is down
for a long time, bras send a request to DHCP server to release the
source for that user.*/
ip dhcp
relay This enables the function to release
global
send- request command to DHCP Server
release
ZXUAS#configure terminal
ZXUAS(config)#ip dhcp relay send-release enable