Zxuas 10600 Vol I

ZXUAS 10600
Universal Access Server

User Manual Volume (I)
Version 2.8.01
ZTE CORPORATION
ZTE Plaza, Keji Road South,
Hi-Tech Industrial Park,
Nanshan District, Shenzhen,
P. R. China
518057
Tel: (86) 755 26771900 800-9830-9830
Fax: (86) 755 26772236
URL: http://support.zte.com.cn
E-mail: doc@zte.com.cn
LEGAL INFORMATION
Copyright © 2006 ZTE CORPORATION.
The contents of this document are protected by copyright laws and international treaties. Any reproduction or
distribution of this document or any portion of this document, in any form by any means, without the prior written
consent of ZTE CORPORATION is prohibited. Additionally, the contents of this document are protected by
contractual confidentiality obligations.
All company, brand and product names are trade or service marks, or registered trade or service marks, of ZTE
CORPORATION or of their respective owners.
This document is provided “as is”, and all express, implied, or statutory warranties, representations or conditions
are disclaimed, including without limitation any implied warranty of merchantability, fitness for a particular purpose,
title or non-infringement. ZTE CORPORATION and its licensors shall not be liable for damages resulting from the
use of or reliance on the information contained herein.
ZTE CORPORATION or its licensors may have current or pending intellectual property rights or applications
covering the subject matter of this document. Except as expressly provided in any written license between ZTE
CORPORATION and its licensee, the user of this document shall not acquire any license to the subject matter
herein.
The contents of this document and all policies of ZTE CORPORATION, including without limitation policies related to
support or training are subject to change without notice.
Revision History
Date Revision No. Serial No. Reason for Revision

2/2/2007 R1.0 sjz20062442 First edition
9/3/2007 R1.1 sjz20062442 Updated
ZTE CORPORATION
Values Your Comments & Suggestions!
Your opinion is of great value and will help us improve the quality of our product
documentation and offer better services to our customers.
Please fax to: (86) 755-26772236; or mail to Documentation R&D Department,
ZTE CORPORATION, ZTE Plaza, A Wing, Keji Road South, Hi-Tech Industrial Park,
Shenzhen, P. R. China 518057.
Thank you for your cooperation!
Document
ZXUAS 10600 Universal Access Server user manual（volume I）
Name
Document Revision
Product Version V2.8.01 R1.1
Number
Equipment Installation Date
Presentation:
(Introductions, Procedures, Illustrations, Completeness, Level of Detail, Organization,
Appearance)
Good Fair Average Poor Bad N/A
Your evaluation Accessibility:

of this
(Contents, Index, Headings, Numbering, Glossary)
documentation
Intelligibility:
(Language, Vocabulary, Readability & Clarity, Technical Accuracy, Content)
Please check the suggestions which you feel can improve this documentation:
Improve the overview/introduction Make it more concise/brief
Improve the Contents Add more step-by-step procedures/tutorials
Improve the organization Add more troubleshooting information
Include more figures Make it less technical
Your Add more examples Add more/better quick reference aids
suggestions for Add more detail Improve the index
improvement of
this Other suggestions
documentation __________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
# Please feel free to write any comments on an attached sheet.
If you wish to be contacted regarding your comments, please complete the following:
Name Company
Postcode Address
Telephone E-mail
This page is intentionally blank.
Contents
About this Manual ............................................................. i

Purpose ................................................................................ i
Intended Audience ................................................................. i
Prerequisite Skill and Knowledge .............................................. i
What is in This Manual ............................................................ i
Related Documentation.......................................................... ii
Conventions ......................................................................... ii
How to Get in Touch............................................................. iii
Chapter 1.......................................................................... 1
System Introduction........................................................ 1
Overview ............................................................................. 1
Product Overview.................................................................. 1
Functions............................................................................. 2
Technical Features and Parameters.......................................... 4
Chapter 2.......................................................................... 7
Structure and Principles .................................................. 7

Overview ............................................................................. 7
General Structure and Operational Principles............................. 8
Ultra Protocol processor control Card (BUPC) .......................... 10
Switch Fabric Card (BSFC).................................................... 14
BRAS Network Processor Card (BNPC).................................... 17
BRAS Network Processor Card Type (BNPCT) ......................... 17
Bridge Interface & alarm monitor Card (BIC)........................... 20
Line Interface Card ............................................................. 22
Chapter 3........................................................................ 29
User Interface Configuration......................................... 29

Overview ........................................................................... 29
Configuration Methods ......................................................... 29
Configuring Serial Port Connection ......................................... 30
Configuring Telnet Connection...............................................32
Configuration Modes ............................................................33
Command Line Usage ..........................................................36
Chapter 4........................................................................ 39
System Management ..................................................... 39

Overview ...........................................................................39
Introduction to File System...................................................39
File Management.................................................................40
TFTP Configuration ..............................................................43
Software Version Upgrading.................................................. 49
Data Backup and Recovery ...................................................55
Configuring System Parameters.............................................56
Viewing System Information .................................................58
Chapter 5........................................................................ 61
Interface Configuration ................................................. 61

Overview ...........................................................................61
Interfaces Types .................................................................61
Interface Naming Rules ........................................................62
Physical Interfaces ..............................................................62
Configuring Network Interface...............................................62
Configuring Ethernet Interfaces ............................................. 65
Configuring Packet over Sonet ..............................................67
Configuring ATM..................................................................71
Configuring Smart-Group .....................................................75
Chapter 6........................................................................ 77
BRAS Service.................................................................. 77
Overview ...........................................................................77
BRAS Overview ...................................................................78
BRAS Interface Configuration ................................................80
Configuring VBUI Interface ...................................................84
Service Access List (SAL) Configuration .................................. 88
Configuring Domain .............................................................91
Domain User Template Configuration .....................................94
Configuring Subscriber (User) ...............................................96
Point to Point Protocol ..........................................................98
PPP Authentication Protocols............................................... 100
Password Authentication Protocols (PAP) .............................. 100
Challenge Handshake Authentication Protocol (CHAP)............. 102
Configuring PPP Quick-redial............................................... 103
Configuring PPP Idle Timer ................................................. 104
Configuring Flow Statistics ................................................. 105
Access Control ............................................................ 105
Configuring Access Control ................................................. 105
Configuring PPPoE............................................................. 106
Configuring PPPoEoV ......................................................... 108
Configuring PPPoA............................................................. 109
Configuring PPPoEoA ......................................................... 111
Configuring Static IPoE ...................................................... 113
Configuring Static IPoEoV................................................... 116
Configuring Static IPoEoA................................................... 118
DHCP Web Access Configuration.......................................... 121
Configuring QinQ .............................................................. 127
Chapter7....................................................................... 129
BRAS Security .............................................................. 129

Overview ......................................................................... 129
Radius (AAA) .............................................................. 130
Radius Overview ............................................................... 130
Configuring Radius Authentication ....................................... 131
Radius Accounting Configuration ......................................... 136
Configuring Radius Server Group Detection........................... 142
Configuring Local and Radius Authorization........................... 143
BRAS Security Measures .............................................. 144
Configuring BRAS Security ................................................. 144
Configuring MAC Address Control Access .............................. 146
Configuring PPP Authentication Failed Management................ 147
Configuring Service Timer Management ............................... 148
Security Log Configuration ................................................. 150
Configuration IP Verification ............................................... 151
Configuring Interface Mirror................................................ 151
Chapter8....................................................................... 153
DHCP ............................................................................ 153

Overview ......................................................................... 153
Configuring DHCP Server.................................................... 153
Configuring DHCP Relay ..................................................... 156
Release Resource Request to DHCP Server............................ 160
Figures..........................................................................163
Tables ...........................................................................165
Index ............................................................................173
About this Manual
Purpose
This Manual provides procedures and guidelines for ZXUAS
10600 Carrie Class BRAS.
Intended Audience
This document is intended for engineers and technicians who
perform operation activities on the ZTE routers and switches.
Prerequisite Skill and Knowledge

To use this document effectively, users should have a general
understanding of OSI Model, Data communication concepts,
Routing protocols.
What is in This Manual

This Manual contains the following chapters:
TABLE 1 CHAPTER SUMM ARY
Chapter Summary
Chapter 1 System Introduction
Chapter 2 Structure and Principles
Chapter 3 User Interface Configuration
Chapter 4 System Management
Chapter 5 Interface Configuration
Chapter 6 BRAS Services
Chapter 7 BRAS Security
Chapter 8 DHCP
Confidential and Proprietary Information of ZTE CORPORATION i

ZXUAS 10600 Universal Access Server User Manual（Volume I）
Related Documentation
The following documentation is related to this manual:
ZXUAS 10600 Installation Manual
ZXUAS 10600 Command Manual
Conventions
Typographical ZTE documents employ the following typographical conventions.
Conventions
TABLE 2 TYPOGRAPHICAL CONVENTIONS
Typeface Meaning
Italics References to other Manuals and documents.
“Quotes” Links on screens.
Bold Menus, menu options, function names, input
fields, radio button names, check boxes, drop-
down lists, dialog box names, window names.
CAPS Keys on the keyboard and buttons on screens
and company name.
Constant width Text that you type, program code, files and
directory names, and function names.
[] Optional parameters.
{} Mandatory parameters.
| Select one of the parameters that are delimited
by it.
Note: Provides additional information about a
certain topic.
Checkpoint: Indicates that a particular step needs
to be checked before proceeding further.
Tip: Indicates a suggestion or hint to make things
easier or more productive for the reader.
Mouse TABLE 3 MOUSE OPERATION CONVENTIONS

Operation
Conventions Typeface Meaning
Click Refers to clicking the primary mouse button (usually
the left mouse button) once.
Double-click Refers to quickly clicking the primary mouse button
(usually the left mouse button) twice.
Right-click Refers to clicking the secondary mouse button
(usually the right mouse button) once.
ii Confidential and Proprietary Information of ZTE CORPORATION

About this Manual
Typeface Meaning
Drag Refers to pressing and holding a mouse button and
moving the mouse.
How to Get in Touch

The following sections provide information on how to obtain
support for the documentation and the software.
Customer If you have problems, questions, comments, or suggestions
Support regarding your product, contact us by e-mail at
support@zte.com.cn. You can also call our customer support
center at (86) 755 26771900 and (86) 800-9830-9830.
Documentation ZTE welcomes your comments and suggestions on the quality
Support and usefulness of this document. For further questions,
comments, or suggestions on the documentation, you can
contact us by e-mail at doc@zte.com.cn; or you can fax your
comments and suggestions to (86) 755 26772236. You can also
browse our website at http://support.zte.com.cn, which contains
various interesting subjects like documentation, knowledge base,
forum and service request.
Confidential and Proprietary Information of ZTE CORPORATION iii

Chapter 1
System Introduction
Overview
Introduction This chapter covers brief introduction of software/hardware
structure of ZXUAS 10600 Carrier Class BRAS.
Contents This chapter covers the following topics:
Topic Page No
Product Overview 1
Functions 2
Technical Features and Parameters 4
Product Overview
Introduction With increase of Internet services in exponential order, IP
becomes the first choice in transmission mode for new
generation of basic network infrastructure around the world. The
IP protocol-based services will soon dominate the networks of
service providers, and communication networks are now
experiencing a profound revolution. To adapt to this revolution,
all network carriers are beginning to construct broadband IP
network for loading data, voice, video services. The key
technology of constructing the IP network is network
interconnection and router technology.
Internet, routers are the key equipment for the interconnection
and inter-working of multiple networks, and play an extremely
important role.
High As demands for bandwidth increase in an amazing way,
Bandwidth backbone network transmission rate has normally reached 2.5
Routers GB/s or even higher currently. Thus, traditional routers, which
are based on software forwarding technology, cannot meet the
Confidential and Proprietary Information of ZTE CORPORATION 1

wire speed forwarding requirements of current backbone

broadband networks. However, high-speed routers, which are
based on high performance network processors and hardware
ASIC circuit packet forwarding technology, can forward packets
with line speed of 10Gb/s in real time, and have been largely
used over backbone networks.
ZTE ZXUAS ZXUAS 10600 is a Carrier Class BRAS adopting high
10600 Carrier performance network processors, hardware ASIC circuit for high
Class BRAS packet forwarding. This adopts a brand-new hardware
architecture, hardware route table and packet forwarding
technologies, which enable it to flexibly and reliably transmit IP
services and ensure the Quality of Service (QoS).
Functions
Structure ZXUAS 10600 Carrier Class BRAS integrates IP routing and
switching technologies, current broadband network technologies.
In aspect of system design, routing engine and forwarding
engine are separated, partial forwarding table is divorced from
global routing table and fast hardware is adopted to realize the
packet header processing, routing, and forwarding of the IP
packets.
ZXUAS 10600 Carrier Class BRAS adopts CROSSBAR switching
structure to enhance data communication speed among
respective interface units. ZXUAS 10600 Carrier Class BRAS
leaves behind the “Best Effort” working mode or traditional
routers; this is the new generation of super large capacity wire
speed switching-type routers.
The structure of ZXUAS 10600 Carrier Class BRAS fully loaded is
shown in Figure 1.
2 Confidential and Proprietary Information of ZTE CORPORATION

F I G U R E 1 Z X U AS 1 0 6 0 0 C A R R I E R C L A S S B R AS
ZXUAS 10600 Carrier Class BRAS has eight interface module

slots. Following interface cards are supported.
16-port Fast Ethernet Electric Interface Card G Type Card for
BAS（BFEIG）
16-port Fast Ethernet Optical Interface Card G Type Card for
BAS（BFEOG）
4-port Gigabit Ethernet SFP Interface Card for BAS(BGEII)
1-port OC-48c/STM-16c POS Interface Card for BAS (BP48)
8-port OC-3c/STM-1c ATM Interface Card for BAS (BA3C)
With respect to software, a network operating system (ROS)
platform is developed. ROS is property of ZTE Corporation and is
used for ZXUAS 10600 Carrier Class BRAS. ZXUAS 10600 Carrier
Class BRAS has powerful protocol support functions, supporting
the following network protocols and standards:
Link layer protocols: PPP, 802.1Q
Network layer protocols: IP, ICMP, ARP
Transport layer protocols: TCP, UDP
Routing protocols: RIP v1/v2, OSPF v2, IS-IS, BGP4
Supporting MPLS/VPN

Application layer protocols: Telnet, FTP, TFTP, H.323

Network layer control and application: ACL
Network management protocols: SNMP v1/v2/v3, RMON v1,
NTP
Technical Features and Parameters

System 1. Backplane switching capability
Performance
i) Backplane switching capability of ZXUAS 10600 Carrier
Indices
Class BRAS is: 64Gb/s; non-blocking switching.
2. Packet forwarding rate
For packets with the size of 64 bytes or so:
i) Packet forwarding rate of ZXUAS 10600 Carrier Class
BRAS is: 48Mpps.
3. Routing table capacity
i) Maximum routing table capacity of ZXUAS 10600 Carrier
Class BRAS is 256K pieces of routes.
System 1. Component backup and redundancy
Security
The redundancy design is adopted for the protocol processing
and control card, switch fabric card, and power supply of
ZXUAS 10600 Carrier Class BRAS.
2. Mean Time Between Failures (MTBF)
MTBF > 200000h.
3. Mean Time To Recovery (MTTR)
MTTR < 10 Min
Environment Working temperature: 0C~+45 C (recommended
Requirements temperature range: +15 C~+30 C)
Storage temperature: -10 C~+70 C
Relative humidity: 20%~90%
Power Supply Power supply component of ZXUAS 10600 Carrier Class BRAS is
Requirements an optional one. When equipment room of user can provide
stable and reliable –48 V DC power supply, this corollary power
component of ZTE Corporation can be left unselected. Table 4
shows power supply requirements of ZXUAS 10600 Carrier Class
BRAS.
T A B L E 4 P O W E R S U P P L Y R E Q U I R E M E N T S O F Z X U AS 1 0 6 0 0 C A R R I E R C L A S S
B R AS
ZXUAS 10600 Carrier Class BRAS
Power consumption <1200W
DC power supply Nominal voltage: -48V

ZXUAS 10600 Carrier Class BRAS

Allowed voltage range: -57V~-40V
Maximum input current: 30A
AC power supply Rated voltage: 220V~230V
(Selecting corollary Allowed voltage range: 130V~300V
component) Maximum input current: 15A
Frequency: 45Hz~60Hz
Corollary power component:
ZXDU45


Chapter 2
Structure and Principles
Overview
Introduction This chapter describes structure and principles of ZXUAS 10600
Carrier Class BRAS.
Contents This chapter covers following topics.
Topic Page No
General Structure and Operational Principles 8
Ultra Protocol processor control Card (BUPC) 10
Switch Fabric Card (BSFC) 14
BRAS Network Processor Card (BNPC) 17
Bridge Interface & alarm monitor Card (BIC) 20
Line Interface Card 22

General Structure and Operational

Principles
Hardware Hardware design of ZXUAS 10600 Carrier Class BRAS adopts
Structure modular design based on high-speed serial backplane. Its
architecture adopts popular multi-processor, concurrent
processing CROSSBAR space division switching structure. Main
parts of system adopt 1+1 redundancy design, smooth
upgrading capability and good maintainability of system has
been taken into account during the design.
ZXUAS 10600 Carrier Class BRAS has eight (8) BNPCs.
According to functions realized by hardware circuits, ZXUAS
10600 Carrier Class BRAS mainly comprises of following parts:
High-speed backplane unit.
Protocol processing and control function sub-unit.
High-speed switching network function sub-unit.
High-speed network processing function sub-unit.
High-speed interface function sub-unit.
Bridge monitoring alarm sub-system.
Power supply sub-system.
Mechanical structure sub-system.
High-speed High-speed backplane unit consists of a double-faced backplane.

backplane unit Backplane is connected with other functional units via the data
bus, control bus, clock bus etc. Power supply sub-system, also
via backplane, provides –48V DC power supply that is filtered
once for respective functional units.
Protocol Protocol processing, control function sub-unit and high-speed
processing and network processing function sub-unit adopts redundancy design.
control Ultra protocol processor control card and switch fabric card
function sub- adopt 1+1 redundancy design. To facilitate maintenance and
unit management, ZXUAS 10600 Carrier Class BRAS also connects
the operation and maintenance background via the 10/100BASE-
TX or Console interface on ultra protocol processor control card.
Power supply ZXUAS 10600 Carrier Class BRAS provides two kinds of power
sub-system supplies, 220V AC power supply and –48 DC one. When former
is used, this is necessary to configure the corollary power supply
component provided by ZTE Corporation. This component can
commutate 220V AC power supply into –48V DC power supply. –
48V DC power supply, which is obtained by connecting external
power supply or through commutation by power supply
component, will supply –48V DC voltage to other cards in
system after filtered by primary power supply processing system
of ZXUAS 10600 Carrier Class BRAS. Then, respective cards

convert –48V power supply into the working voltages required

by respective chips (5V, 3.3V, 2.5V, etc) through the DC/DC
conversion.
Various interface network processor cards and switch fabric
cards communicate with ultra protocol processor control card via
100M fast Ethernet. Primary power supply module
communicates with ultra protocol processor control card via
RS232 serial line. Also, Ethernet communication mode is
adopted for communication between the ultra protocol processor
control card, operation/ maintenance background and
monitoring alarm system.
High-speed High-speed serial line (2.125 GB/s) is used for data transmission
serial line between each interface network processor card and switch fabric
card. To facilitate addition of switching arbitration scheduler, a
piece of communication bus is added between each interface
network processor card and each switch fabric card.
Software As soul of whole router system, ZXUAS 10600 Carrier Class
Structure BRAS software part is responsible for creation of routing table,
security management, user interface management etc. In terms
of structure, software part comprises following subsystems, as
illustrated in Figure 2.
F I G U R E 2 Z X U AS 1 0 6 0 0 C A R R I E C L A S S B R AS S O F T W A R E S Y S T E M
1. Distributed operating system platform

Distributed operating system is a multi-processor, multi-task
real time operating system. This is basis for upper layer
software to run in router architecture. This is responsible for
managing distributed hardware structure of whole router
system in lower layer and providing a uniform operating
platform to upper layer programs of each processor.
2. Protocol system
Protocol system is kernel of router software architecture. This
system is responsible for route selection, forwarding,
interaction, creation and maintenance of routing table.
Protocol system can be divided into a support protocol
system and a routing protocol system.
i) Support protocol system implements TCP, UDP, IP, and
TELNET protocols. This is the basis for OSPF, BGP, and

SNMP also knows as bottom layer bearer for network

Operation, Administration and Maintenance (OAM)
commands.
ii) Routing protocol system implements IP, ARP, ICMP, RIP,
OSPF, IS-IS, and BGP dynamic routing protocols,
synchronization and maintenance of routing table, and
routing interaction that are core functions.
3. Network OAM
Network OAM system is in top layer of whole router and is
main approach for operator to operate and control the router.
System implements SNMPv2 Agent function and provides
command line operation window. User can perform network
management via serial terminal, Telnet and SNMP Manager,
mainly including network configuration management, fault
management, performance management, and security
management.
4. Security system
Security system controls security of the UAS network and
protocols. This is responsible for data encryption, decryption,
key analysis, and protocol authentication.
Ultra Protocol processor control Card

(BUPC)
Ultra Protocol processor control Card (BUPC) is main control
node of ZXUAS 10600 Carrier Class BRAS, and has following
major functions:
1. Managing and maintaining the entire UAS, guaranteeing
all line interface cards work normally and executing
routing and forwarding IP data packets.
2. Conducting routing protocol processing (including
RIPv1/v2, OSPFv2, IS-IS, and BGP-4), maintaining global
routing table and guaranteeing partial routing table of
each line interface card is consistent with global routing
table.
3. Conducting SNMP processing and providing remote
monitoring, management function of UAS.
4. Providing interface of operation and management
functions of UAS system, and realizing the functions of
maintaining, configuring, and managing the UAS.
To ensure high reliability of the system, active/standby mode is
adopted for two BUPCs of ZXUAS 10600 Carrier Class BRAS.
Position of BUPC in system and bried interface connection
relationship with other cards is shown in Figure 3.

FIGURE 3 STRUCTURAL RELATIONSHIP OF BUPC IN SYSTEM
a
d BNPC
BUPC#2 b B
T
S e BSFC
BUPC#1
R
c
f BIC
a~f has following meanings respectively.

1. a: 16-channel Ethernet interface signals; realizing the
active/standby mode on the BUPC.
2. b: interface signals with other cards, e.g., the signal for
card being in position, card reset signal, and
active/standby card interface signal; realizing the
active/standby mode on the BUPC.
3. c: background management interface signals; realizing
the active/standby mode on the BUPC.
4. d: interface Ethernet signals of the NPC and BUPC,
including the signal for card being in position and card
reset signal.
5. e: Ethernet signal for signals of the BSFC and BUPC,
including the signal for card being in position and card
reset signal, as well as the active/standby indication
signal.
6. f: background management interface signal of BIC and
BUPC.
Working ZXUAS 10600 Carrier Class BRAS BUPCs consist of following
Principles modules and interfaces: routing module, management module,
control and monitoring module, background management
interface, and commissioning interface. Routing module and
management module are two sets of processor systems,
including CPU, North Bridge, and south bridge.
BUPCs of ZXUAS 10600 Carrier Class BRAS have the same
principles. However, there is a little difference in the structure
(mainly in the internal communication). Working principles of
BUPCs is shown in Figure 4 .

FIGURE 4 WORKING PRINCIPLES OF BUPC
PCI
CPU&
100BASE-TX Switch&PHY 16×100BASE-TX
Bridge
SDRAM ISA/BOOT/
FLASH CARD
RPU Manage
Control/
Monitor
MPU Master/Slave
ISA/BOOT/
SDRAM FLASH CARD
Console
CPU& 2×100BASE-TX
Bridge PCI 10/100BASE-TX
DEBUG
Routing Routing module uses one processor of dual-processor system,

Module and is specifically used to run large dynamic routing protocols,
like BGP-4, OSPFv2, IS-IS, etc., guaranteeing high performance
and high reliability.
CPU (RPU) of routing module generates the PCI bus via bridge
chip, and connects one port of internal communication module to
receive and send data via 10/100M PCI network controller.
Transmission bandwidth between routing module and internal
communication module is 100Mb/s, thus, earning enough
communication bandwidth between the routing module and each
card.
Management Management module uses other processor of BUPC dual-
Module processor system and mainly realizes such overall functions as
control, maintenance, configuration, management, facilitating
flexible upgrading and perfection of versions.
CPU (MPU) of management module generates PCI bus via bridge
chip and connects two 100M Ethernet controllers on PCI bus.
Among them, one Ethernet controller connects one port of
internal communication module, so as to communicate with RPU
and other cards. Other Ethernet controller connects background
maintenance network, so as to communicate with operation and
maintenance terminal and to conduct the security filtering for
packets sent from the background.
Internal In BUPC of ZXUAS 10600 Carrier Class BRAS, there is an

Communication internal communication module (Ethernet switching module).
Module This switching module provides communication links for BUPC,
NPC, BSFC, and background management.
Internal communication module in ZXUAS 10600 Carrier Class
BRAS provides 16 Ethernet interfaces. These 16 Ethernet
interfaces are allocated as follows:

MPU internal network adaptor: 1

RPU network adaptor: 1
Active/standby BUPC communication: 1
Commissioning network port: 2
BNPC: 8
BSFC: 2
Idle: 1
Control and Control and monitoring module is realized through the Field
Monitoring Programmable Gate Array (FPGA). Its major functions are:
Module
1. Providing equipment address allocation and logical code
translation of ISA bus.
2. Confirming active/standby working states of two BUPCs,
including the power-on initial state establishment and
active/standby switching, command-able switching,
manual switching, reset switching, fault switching
(Watchdog overflow) etc.
3. Monitoring running status of other cards in system, and
informing upper layer software of state change of other
cards in interrupted mode.
4. Monitoring running status of these two CPUs (MPU and
RPU).
Control and monitoring module is shown as the
“Control/Monitor” in Figure 4 .
Panel Front panel of the BUPC is shown in Figure 5

Indicator and
Switch FIGURE 5 BUPC FRONT PANEL
On front panel of BUPC, there are four LED indicators and two
switches.
TABLE 5 BUPC FRONT P ANEL INDICATOR FUNCTIONS
Indicator Functions
RUN indicator Run indicator: It flashes with a frequency of

(green) 1/second if the system runs normally
ALM indicator (red) Alarm indicator: It is on if fault occurs to the
system and is off in normal state.
MST indicator Active status indicator: It is on if the card is in
(green) the active state and meanwhile the standby
status indicator is off.

Indicator Functions
OFF indicator Standby status indicator: It is on if the card is

(green) in the standby state and meanwhile the active
RST switch Reset switch: It is used to reset the card.
EXCH switch Manual switching switch: It is used to

manually switch between the active state and
the standby state.
RJ45 interface marked as “DEBUG” on front panel of BUPC is

debug interface.
Switch Fabric Card (BSFC)

Large capacity high-speed switching network sub-unit is core of
UAS. Function bearer is Switch Fabric Card (BSFC), whose major
function is to realize switching of IP packets. This can
automatically conduct routing switching of variable-length IP
packets in the case that the CPU control is unnecessary. Its
major functions are:
1. Realizing high-speed switching of IP packets through point-
to-point connection on backplane of high-speed serial bit
stream of 2.125 GB/s between CROSSBAR chip and high-
speed serial backplane chip using switching function of
CROSSBAR chip.
2. Providing high-precision and high-stability system clock for
system (complying with the ITU-TG.813 recommendations)
by using internal clock module with digital phase-lock loop
circuit through the external timing or line timing.
3. Managing and controlling running status of BSFC and
communicating with BUPC.
BSFC of ZXUAS 10600 Carrier Class BRAS adopts 64G high-
speed CROSSBAR switching structure to realize serial point-to-
point connection with 8 BNPCs via high-speed backplane BTSR,
so as to conduct internal unblocked switching and transmission
of multiple IP packets together with high-speed backplane chip
on BNPC.
As BSFC holds a very important position in system, so the
active/standby dual hot backup mode is adopted. Each BSFC can
notify respective BNPCs of the active/standby working mode of
this card via the relevant signal lines, thus enabling IP packets
to be transmitted on the high-speed link of the active card.
Figure 6 shows structural relationship of BSFC in system.

FIGURE 6 BSFC STRUCTURAL RELATIONSHIP
Bras switch fabric card(BSFC)
BUPC
BNPC
BNPC
BNPC
Serial high-speed signal line of 2.125 GB/s is used between

BSFC and each BNPC, while 100BASE-TX communication control
signal line is used for connection with BUPC.
Working Figure 7 shows working principles of BSFC.
Principles
Four CROSSBAR chips are core of card. They conduct high-speed
switching of IP packets with cooperation of high-speed serial
backplane chip on BNPC. CPU and its peripheral memories are
embedded in system. Major functions are to monitor working
status of CORSSBAR chip, clock module and to communicate
with BUPC via Ethernet.
DPLL clock module realizes function of synchronizing system
clocks. Clock source sent from network interface or BITS
interface will be sent to interface card and BITS interface via
clock division drive after phase-lock and frequency-doubling by
clock module, thus synchronizing entire system.
FIGURE 7 BSFC PRINCIPLES
CROSSSBAR
PCI bus
100BASE-TX
CPU PORT
CROSSSBAR
CROSSSBAR
512KBOOT 2MB program 32MB
FLASH FLASH SDRAM
CROSSSBAR
Arbitration/
scheduling
FPGA
NPC clock DPLL clock

FPGA
transceiver processor module
interface

Switching Chip ZXUAS 10600 Carrier Class BRAS, switching of IP packets is

conducted by CROSSBAR chip on BSFC and high-speed serial
backplane chip on BNPC. CROSSBAR chip has following functions
and features:
1. High-speed serial line with coding rate of 2.125 GB/s is
used between CROSSBAR chip on BSFC and high-speed
serial backplane chip on BNPC, conducting the point-to-
point connection via backplane.
2. CROSSBAR chip is a 16x16, fully synchronous space
division switching chip.
3. CROSSBAR chip has parallel CPU interfaces for controlling
working mode inside chip and reading state information
on switching.
4. CROSSBAR chip uses primary clock of 62.5MHz, which is
synchronization clock for all high-speed serial backplane
chips to receive data via serial data channel. The
synchronization is automatically realized.
Panel Front panel of BSFC is shown in Figure 8
Indicator and
Switch FIGURE 8 FRONT P ANEL OF BSFC
On front panel of BSFC, there are four LED indicators and two
switches. Table 6 shows functions of BSFC.
TABLE 6 BSFC FRONT P ANEL INDICATOR AND SWITCHES
Indicator Functions
RUN indicator Run indicator: It flashes with a frequency of 1

(green) time per second if the system runs normally
ALM indicator (red) Alarm indicator: It is on if fault occurs to the
MST indicator Active status indicator: It is on if the card is in
(green) the active state and meanwhile the standby
OFF indicator Standby status indicator: It is on if the card is
(green) in the standby state and meanwhile the active
EXCH switch Manual switching switch: It is used to

manually switch between the active state and
the standby state.

BRAS Network Processor Card

(BNPC)
Major functions of BRAS Network Processor Card (BNPC) are:
1. In receiving direction, parsing IP packets from link layer
frames; making TTL and Checksum checks for IP packet
headers; conducting address filtering and routing for IP
packet headers; cooperating with switching network to edit
IP packet headers and to manage buffer and queue
scheduling of packets.
2. In sending direction, shucking off switching flag headers of IP
packets sent from switching structure; encapsulating them as
data link layer frames and then sending them out.
Interface corresponding to BNPC may be such network interfaces
as Ethernet, POS and ATM. Figure 9 shows structural
relationship in entire system.
FIGURE 9 BNPC STRUCTURE RELATIONSHIP OF ENTIRE SYSTEM
Ultra Protocol processor

control Card
POS interface Network Processor Card
Switch Fabric Card
Gigabit Ethernet Network Processor Card

interface
Fast Ethernet
interface Network Processor Card
BRAS Network Processor Card

Type (BNPCT)
Working The BNPCT is on the basis of taking the network processor as
Principles the core, and the high-speed serial backplane chip as the
extension bridge. The BNPCT consists of the network processor,
high-speed serial IC, bus conversion module FPGA, PCI network
adaptor, etc. Figure 10 shows its working principles.

FIGURE 10 BNPCT PRINCIPLES
Switch fabric card (SFC)
2.125G 2.125G 2.125G 2.125G
SerDes SerDes SPROM
32×62.5M b/s ×4
T ransmit FPGA Receive
32×80M b/s 32×80M b/s
SDRAM SDRAM
(Sending
PCI (Receiving
direction) direction)
SRAM Network SRAM
Network
processor processor
BUF1 BUF2
100BASE-T X
ROM/FLASH ROM/FLASH
CPUBUS POS PHY Ethernet interface POS PHY
UPC/SFC UPC/SFC Interface card
In Figure 10 , the two network processors are respectively

called the receiving-direction network processor and the
sending-direction network processor.
During the system initialization after power-on, the sending-
direction network processor detects the type of the interface
card via the CPU BUS, and exchanges information with the
receiving-direction network processor via the PCI bus. Then, it
configures related network processing functions according to
different types.
Network In the receiving direction, the network processor differentiates
Processors the types of received packets. If the PPP packets are received,
then it will take out the IP packets and send them to the SDRAM
packet buffer. If the IP packets are received, then it will directly
send them to the packet buffer. The network processor, after
parsing the IP packets from the link layer frames; will make the
TTL and Checksum checks for the IP packet headers, conduct
the address filtering and routing for the IP packet headers, and
cooperate with the switching network to edit the IP packet
headers, and to manage the buffer and queue scheduling of
packets.
In the sending direction, the network processor peels off the
switching flag headers of IP packets sent from the switching
structure, and encapsulates them as the link layer frames and

then send them out. Besides, it can conduct the operations like
ACL filtering, etc., according to the configuration.
The network processor supports SDRAM of at most 256MB. The
bus frequency of SDRAM can reach 100MHz. The network
processor in the sending direction communicates with the
receiving-direction one and the network adaptor via the PCI bus.
Bus The bus conversion module FPGA mainly conducts following four
Conversion operations:
Module FPGA
1. In the upward direction, it converts the data format of the
network processor into that of the high-speed serial
backplane chip, and forwards data.
2. In the downward direction, it converts the data format of the
high-speed serial backplane chip into that of the network
processor, and forwards data.
3. It realizes the error processing function of the NPCI.
4. It realizes the queue scheduling and flow management
functions like QoS, VOQ, etc.
PCI Network This module is used to execute the communication between the
Adaptor network processor and the BUPC, and to realize the functions of
Module downloading the software version from the BUPC, synchronously
updating the routing protocol, etc. The Ethernet controller, which
is adopted by the PCI network adaptor module, has following
features:
1. Integrating MAC, PHY, and the PCI bus interface MASTER
controller.
2. Supporting 10M/100M adaptive; complying with the full-
duplex flow control of 802.3x.
3. Supporting the PCI burst transmission.
High-speed The parallel-to-serial and serial-to-parallel chips, are used to
Serial convert the 32-bit parallel packets processed by the network
Backplane Chip processor into the serial data and then send them to the BSFC,
or to convert the serial data from the BSFC into 32-bit parallel
data and then send them to the network processor.
The serial data rate of a single high-speed serial backplane chip
can reach 2.125Gb/s. We can use two such chips to realize the
bandwidth of 4.25Gb/s, and to connect the CROSSBAR on the
BSFC, thus conducting the high-speed, large capacity switching
works.
Panel Front panel of BNPCT is shown in Figure 11.
Indicator and
Switch FIGURE 11 BNPCT FRONT P ANEL
On front panel of BNPCT, there are four LED indicators and one
switch.

TABLE 7 BNPCT FRONT P ANEL INDICATORS AND SWITCHES
Indicator Functions
RUN indicator Run indicator: It flashes synchronously with

(green) run indicator on BUPC if card runs normally.
ALM indicator (red) Alarm indicator: It is on if fault occurs to
LIC RUN indicator Interface card running indicator: It is
(green) permanently on when the line interface card
works normally, while off when the card does
not exist or works abnormally.
LIC ALM indicator Interface card alarm indicator: When it is
(red) permanently on, it indicates line interface card
works abnormally. And when it is off, it
indicates the card works normally.
Bridge Interface & alarm monitor

Card (BIC)
Bridge Interface & alarm monitor Card (BIC) is monitoring and
interface transit card of UAS. Its major functions are: monitoring
running environment of system, providing BITS clock interface,
serial interface and Ethernet transit, providing auxiliary alarm
information etc.
Working On BIC, there is a set of CPU system. CPU periodically collects
Principles external environmental data via EPLD, reading and controlling
states of infrared sensor, humidity and temperature sensor,
cooling fans and primary power supply. Besides, it
communicates with MPU of BUPC via the serial port.
Working principles of BIC are as shown in Figure 12

FIGURE 12 BIC PRINCIPLES
Power
UART × 2 UPC card
supply
Humidity and
temperature sensor
CPU
Infrared sensor
Smog
EPLD sensor
Fan state
One channel to the Power supply state

background
Ethernet/serial Two channels to the
port UPC
External BITS
clock
BITS PHY SFC card
Monitoring 1. Smog sensor

System
Smog sensor on BIC generates current signals once it detects
smog. Then card converts current signals into level signals,
which sent to EPLD.
2. Humidity and temperature sensor
Temperature and humidity sensor modulates variation of
temperature and humidity into square wave varying with
frequency. Building a counter in EPLD can obtain temperature
and humidity corresponding to environment.
3. Infrared sensor
After infrared sensor is started, this can detect ambient
environment at any time and once this detects that someone
is coming near, this signal will have level reversion.
4. Primary power supply monitoring interface
Primary power supply monitoring module provides two kinds
of interfaces. One of them is standard serial port and other is
private interface which can be used to monitor states of
over-voltage and under-voltage.
5. Fan monitoring interface
Fan monitoring and control card sends states of fans to
related registers of EPLD for query.
Panel Front panel of BIC is shown in Figure 13.

Indicator and
Switch

FIGURE 13 BIC FRONT P ANEL
On BICs of both ZXUAS 10600, there are two LED indicators.

Table 8 shows their functions.
TABLE 8 BIC FRONT P ANEL INDICATORS
Indicator Functions
RUN indicator Run indicator: When it is on, it indicates

(green) normal running.
Environment alarm indicator: When it is on, it
ALM indicator (red) indicates there are environment alarms, and
checks are needed.
When the green indicator is on, it indicates
10/100M indicator there are connections. When the yellow one
flashes, it indicates it is in the activated state.
ZXUAS 10600 On front panel of ZXUAS 10600 Carrier Class BRAS BIC, there
Carrier Class are 7 interfaces, which are: 10/100M Ethernet interface, MON
BRAS BIC interface, COM interface, PWR interface, FAN1 interface, FAN2
interface and BITS clock interface.
Among them, MON interface, PWR interface, FAN1 interface and
FAN2 interface are monitoring system interfaces, respectively
connected with infrared sensor, primary power supply and
monitoring interfaces of fan groups I and II.
The 10/100M Ethernet interface and COM interface are
connected with background computer. BITS clock interface is
connected with the BITS clock source via the 75 Ω coaxial cable.
Line Interface Card

Line interface card is external interface of wire speed UAS, is
used to access interface services of different rates and different
types. Line interface card provides one or more high-speed
network interfaces.
Function Function of line interface card is to mutually convert signals on
physical line and frames at link layer. After line interface card
receives frames and converts them into packets, these packets
will be sent to packet processing card. Then, forwarding engine
will find destination port to conduct high-speed packet
forwarding.
Interface Sub- In line interface card, there are multiple types of interface sub-
Units units, including SONET/SDH interface, Ethernet interface. Link
layers of different types of interfaces are encapsulated

differently. For example, link frame format of network interface

is PPP in HDLC, while that of Ethernet interface is 802.3 frame or
Ethernet-II frame.
Line interface card is connected with the network processor card
via the POS-PHY bus. What is transmitted via the POS-PHY bus
is the layer-2 protocol data unit like PPP packet or MAC frame.
16-port Fast This line interface card provides sixteen 100Base-TX interfaces
Ethernet for UAS. Their major functions are to receive, send and extract
Interface Card Ethernet frames (MAC frames) and to schedule and control FIFO
(BT-16FE- queues on the interfaces.
E100RJ-T)
BT-16FE-E100RJ-T and BNPCT are connected via backplane. Data
flow bus interface of 32x75Mb/s is adopted between them, thus
meeting demands for bandwidth. BT-16FE-E100RJ-T only receives
and sends of MAC frames, but does not process Ethernet frames.
BNPCT is responsible for all MAC frame generation, destination
address searching and IP packet conversion.
Front panel of 8-port FEIE is shown in Figure 14.
FIGURE 14 16-PORT BT-16FE-E100RJ-T FRONT P ANEL
On front panel of BT-16FE-E100RJ-T, there are 16 RJ45 sockets in

all. Each socket (i.e., each port) has two LED indicators in yellow
and green respectively. Table 9 shows their functions.
TABLE 9 FEIE FRONT P ANEL
Indicator Functions
On: Ethernet is in 100M link state;

Green indicator on
each port Off: Ethernet is in 10M link state or physical
link is not through.
On: physical link with peer end is established;
Yellow indicator on Flashing: there is data being transmitted on
each port physical link;
Off: physical link is not through.
16-port Fast
16-port Fast Ethernet SFP Interface Card (BT-16FE-SFP-T)
Ethernet SFP
provides 16 100Base-FX interfaces for UAS. Its major function is
Interface Card
to receive, send and extract the Ethernet frames (MAC frames)
(BT-16FE-SFP-T)
and to schedule and control the FIFO queues on interfaces.
BT-16FE-SFP-T and BNPCT are connected via backplane. Data
flow bus interface of 32x75Mb/s is adopted between them,
meeting demands for bandwidth. BT-16FE-SFP-T only receives
and sends of MAC frames but does not process Ethernet frames.
BNPCT is responsible for all MAC frame generation, destination
address searching and IP packet conversion.

Figure 15shows the front panels.
FIGURE 15 BT-16FE-SFP-T FRONT P ANEL
On BT-16FE-SFP-T, each port has one LED indicator. 16

indicators of 16-port FEIF are marked as 1 to 16 respectively.
Indicators are used to indicate physical link state of each port.
Each indicator has three states, and Table 10shows the
meanings of each state.
TABLE 10 BT-16FE-SFP-T FRONT PANEL INDICATORS
Indicator Functions
On: Ethernet is in 100M link state;

Green indicator on
each port Off: Ethernet is in 10M link state or physical
link is not through.
On: physical link with peer end is established;
Yellow indicator on Flashing: there is data being transmitted on
each port physical link;
Off: physical link is not through.
4-port Gigabit Gigabit Ethernet Interface (GEI) card provides 4 1000Base-

Ethernet SX/LX/LH interfaces for UAS. Its major function is to receive,
Interface Card send and extract Ethernet frames (MAC frames).
(BT-04GE-SFP-T)
Interface between BT-04GE-SFP-T and BNPCT adopts one set of
32x75Mb/s data flow bus. MAC frames are transmitted on data
flow bus. BT-04GE-SFP-T only receives and sends of MAC frames
but does not process Ethernet frames. BNPCT is responsible for
all MAC frame generation, destination address searching and IP
packet conversion.
Figure 16 shows the front panels.
FIGURE 16 4-PORT BT-04GE-SFP-T FRONT P ANEL
The Gigabit Ethernet Interface (GEI) card has 4 SFP, every SFP
has 2 LED indicators in yellow and green respectively. Table
11shows their functions.

TABLE 11 GEI FRONT PANEL AND INDICATOR
Indicator Functions
Green indicator on On: Ethernet is in link state;

each port Off: physical link is not through.
On: there is data being transmitted on
Yellow indicator on physical link;
each port Off: there is no data being transmitted on
physical link.
1-port POS48 OC-48c/STM-16c POS Interface (BT-01P48) card provides one

Interface Card standard 2.5G optical interface for UAS. Its major functions are:
(BT-01P48)
1. Realizing O/E conversion of one channel of 2.5 GB/s signals.
2. Mapping POS frames of OC-48c; conducting data width
conversion; transmitting PPP packets together with BNPCT.
3. Recovering clock and data of line.
4. Extracting and operating related information of physical layer
and data link layer, like information on running, maintenance
and performance monitoring; reporting states of POS48 and
line to BNPCT in interrupted mode.
BT-01P48 can be divided into multiple types according to
transmission distance and transmission medium.
Figure 17shows their front panels.
FIGURE 17 1-PORT BT-01P48
(a) 2km single-mode fiber
(b) 15km single-mode fiber
(c) 80km single-mode fiber

Features of the 1-port BT-01P48 is shown in Table 12 .

TABLE 12 1-PORT BT-01P48 FEATURES
Port Type Features
LC connector, single-mode fiber, with

SMF/2KM wavelength of 1310nm and maximum
transmission distance of 2km
SMF/15KM(P48) wavelength of 1310nm and maximum
SMF/80KM wavelength of 1550nm and maximum
On front panel of BT-01P48, there are 4 LED indicators. Table

13shows their functions.
TABLE 13 BT-01P48 FRONT P ANEL INDICATOR
Indicator Functions
Indicating state of card, it is on when card

RUN (green)
works normally.
Indicating state of the card, it is on if fault
ALM (red)
occurs and is off in normal state.
Indicating the status of the optical port, it is
SD (green) on if optical signals are available, and it is off
if no optical signals are available.
Indicating the status of the link, it is on if the
PPP (green) link is successfully set up and is off if the link
fails to be set up.
8-port ATM3 OC-3c/STM-1c ATM Interface (ATM3) card provides eight

Interface Card standard OC-3c optical interface. Realizing the standard 1+1 or
(BT-08A3-SFP-T) 1:N protection function in SDH standard. The interface card
support the POS and ATM encapsulation, the card and BNPCT
are connected via backplane,receives and sends the data packet
according to OC-3c speed.
Figure 18 shows the front panels.
FIGURE 18 8-PORT ATM3 FRONT P ANEL
On front panel of ATM3, there are 10 LED indicators. Each port

has one indicator, Table 14 shows their functions.

T AB L E 1 4 AT M 3 FR O N T P AN E L I N D I C AT O R S
Indicator Functions
Indicating state of card, it is on when card

RUN (green)
works normally.
Indicating state of the card, it is on if fault
ALM (red)
occurs and is off in normal state.
Indicating the status of the No.1 optical port,
P1(green) it is on if optical signals are available, and it is
off if no optical signals are available.
Indicating the status of the No.2~8 optical
P2~P8 (green) port, it is on if optical signals are available,
and it is off if no optical signals are available.

Chapter 3
User Interface
Configuration
Overview
Introduction This chapter describes common configuration methods,
command modes and use of command lines of ZXUAS 10600
Carrier Class BRAS.
Topic Page No
29
Configuration Methods
Configuring Serial Port Connection 30
Configuring Telnet Connection 32
Configuration Modes 33
Command Line Usage 36
Configuration Methods
Introduction To provide users with maximum operation flexibility, ZXUAS
10600 Carrier Class BRAS provides multiple configuration
methods. A user can select suitable configuration methods
according to connected network. Configuration methods are
described as follows:
Configuration through COM port: This is main method to
configure a UAS.
Configuration in Telnet: Through this method, UAS can be
configured from any part of network

Configuration through NM workstation: This method needs

corresponding NM software supporting SNMP protocol.
Downloading UAS configuration files through TFTP/FTP Server
Configuration on management network interface through
host in Telnet
FIGURE 19 ZXUAS 10600 CARRIER CLASS BRAS CONFIGURATION

METHODS
Configuring Serial Port Connection

Purpose Refer to below procedure for serial port configuration on ZXUAS
10600.
Prerequisites To do serial port configuration, there must be a DB-9 serial cable,
connected between Computer System and UAS.
Steps In these steps, CLI accessibility occurs through Hyper Terminal
emulation software present in Windows Operating System
1. Click>Start>Programs>Accessories>
Communications > HyperTerminal
2. Click> HyperTerminal, Type ZTE as connection name,
Click> OK button as shown in Figure 20 .
Result: Connect To Window appears.

FIGURE 20 CONNECTION WINDOW
3. Select Com port, which are using for connection with UAS,
Click > OK button as shown in Figure 21 .
Result: Com Properties Window appears
Important! Be sure that Com port is rightly selected
FIGURE 21 CONNECT TO WINDOW
4. Click > Restore Defaults, select Bits Per Second >

9600, select Data bits>8, select Parity > None, select
Stop bits>1, select Flow control Æ None, select Click
Æ OK, then Press> Enter button as shown in Figure 22.

Result: CLI Appears

Important! These options can be manually selected or by
dropping down the radio buttons
FIGURE 22 COM PROPERTIES WINDOW
END OF STEPS.
Configuring Telnet Connection

Purpose Refer to below procedure delivers information about how to
configure telnet connection on ZXUAS 10600.
Prerequisite For telnet connection, there must be an ip address configured on
any interface of UAS.
Steps 1. Enter into command prompt and type telnet <ip address> of
UAS interface
Result: CLI windows appears

2. Enter username and password of UAS to access UAS as
shown in Figure 23.
Result: ZXUAS> sign appears

FIGURE 23 EXPRESSION CLI WINDOW
3. Write enable command, if there is password to access the

UAS privileged mode, then write password.
Result: a # sign appears which shows enabled mode or

privileged mode.
4. To prevent an unauthorized access to UAS in Telnet mode,
user name and password for Telnet access must be
configured on UAS. To log on to UAS, the configured user
name and password must be input. Use the following
command to configure the user name and password for
remote login as shown in Table 15.
TABLE 15 USERNAME COMM AND
Command Command Command Function

Format Mode
username Global
<username> Configures user name and
password password for Telnet login
<password>
END OF STEPS.
Configuration Modes
Introduction For users to configure and manage UASs conveniently, ZXUAS
10600 assigns commands to different modes according to
different functions and rights. A command can only be carried
out in a special mode. In any command mode, just enter a
question mark "?", and the commands that can be used in the
mode can be viewed. Command modes of ZXUAS 10600 are as
follows:
User mode

Privileged mode
Global configuration mode
Interface configuration mode
Route Configuration mode
Diagnosis mode
VRF configuration mode
BRAS configuration mode
Domain configuration mode
User Mode When using HyperTerminal mode to log on to system, system
enters into user mode automatically. If using Telnet mode to log
on, a user enters into user mode after entering the user name
and password. DOS prompt of user mode is host name of UAS
followed by a ">", as follows (the default host name is ZXUAS):
ZXUAS>
In user mode, a user can run commands, such as ping and

telnet and also can view some system information.
Privileged
In user mode, enter enable command and corresponding
Mode
password to enter privileged mode, as follows:
ZXUAS>enable
Password: (The input password will not be displayed on the screen)
ZXUAS#
In privileged mode, a user can view more detailed configuration

information and also can enter configuration mode to configure
entire UAS. Therefore, a password must be used to prevent
illegal use of unauthorized users.
To return from privileged mode to user mode, use disable
command.
Global In privileged mode, input config terminal command to enter
Configuration into global configuration mode, as follows:
Mode
ZXUAS#configure terminal
Enter configuration commands, one par line, End with Ctrl-Z
ZXUAS(config)#
Commands in global configuration mode act on entire system,

not merely on a protocol or interface.
To return from global configuration mode to privileged mode,
input exit or end command or press <CTRL + Z>.
Interface In global configuration mode, use interface command to enter
Configuration interface configuration mode as shown in following example:
Mode

ZXUAS(config)#interface fei_2/1 (fei_2/1 is an interface name,

indicating first interface of Ethernet interface module in slot 2)
ZXUAS(config-if)#
To return from interface configuration mode to global

configuration mode, input exit command and to return from
interface configuration mode to privileged mode directly input
end command or press <CTRL + Z>.
Route
In global configuration mode, use router command to enter
Configuration
route configuration mode as shown in following example:
Mode
ZXUAS(config)#router ospf 1
ZXUAS(config-router)#
Routing protocols used are RIP, OSPF, IS-IS and BGP. In above
example, routing protocol OSPF is configured.
To return from route configuration mode to global configuration
mode input exit command and to return from route
configuration mode to privileged mode directly input end
command or press <CTRL + Z>.
Diagnosis In privileged mode, uses diagnose command to enter diagnosis
Mode mode as follows:
ZXUAS#diagnose
Test commands:
ZXUAS(diag)#
Diagnosis test commands are provided in diagnosis mode. These

commands can be used to test cards used in a UAS including bus
and connectivity tests. In a diagnosis test, this is much better
not to conduct UAS configuration.
To return from diagnosis mode to privileged mode, input exit or
VRF In global configuration mode, use ip vrf <vrfname> command to
configuration enter VRF configuration mode as shown in following example:
mode
ZXUAS(config)#ip vrf vpn1 (vpn1 is vrf name,)
ZXUAS(config-vrf)#
To return from VRF configuration mode to global configuration

mode input exit command and to return from VRF configuration
mode to privileged mode directly input end command or press
<CTRL + Z>.
BRAS In global configuration mode, use bras command to enter BRAS
Configuration configuration mode as shown in following example:
Mode

ZXUAS(config)#bras
ZXUAS(config-bras)#
To return from BRAS configuration mode to global configuration

mode input exit command and to return from BRAS
configuration mode to privileged mode directly input end
command or press <CTRL + Z>.
DOMAIN In BRAS configuration mode, use domain <number>
Configuration command to enter DOMAIN configuration mode as shown in
Mode following example:
ZXUAS(config-bras)#domain 1 (1 is domain number)

ZXUAS(config-domain-1)#
To return from DOMAIN configuration mode to BRAS

configuration mode input exit command and to return from
DOMAIN configuration mode to privileged mode directly input
Command Line Usage

Online Help In any command mode, enter a question mark (?) after DOS
prompt of system, a list of available commands in command
mode is displayed. With context-sensitive help function,
keywords and parameter lists of any commands can be obtained.
Prerequisite Refer to Configuration Methods to access the UAS for
configuration.
Steps 1. In any command mode, enter a question mark “?” after DOS
prompt of system and a list of all commands in mode and
brief description of commands is displayed. For example:
ZXUAS>?
Exec commands:
enable Turn on privileged commands
exit Exit from the EXEC
login Login as a particular user
logout Exit from the EXEC
ping Send echo messages
quit Quit from the EXEC
show Show running system information
telnet Open a telnet connection
trace Trace route to destination
who List users who is logining on
ZXUAS>
2. Input a question mark after a character or string, commands

or a list of keywords starting with character or string can be

displayed. Note that there is no space between character

(string) and question mark. For example:
ZXUAS#co?
configure copy
ZXUAS#co
3. Press <Tab> after character string, if command or keyword

starting with this string is a unique one, command or
keyword is complemented and a space is added after it.
Note: There is no space between string and <TAB> key.
Example:
ZXUAS#con<Tab>
ZXUAS#configure (there is a space between “configure” and the
cursor)
4. Input a question mark after a command, a keyword or a

parameter, next keyword or parameter to be input is listed
and also a brief explanation is given.
Note: A space must be entered before question mark.
Example:
ZXUAS#configure?
terminal Enter configuration mode
ZXUAS#configure
If a wrong command, keyword or parameter is input, after

pressing <ENTER>, user interface will use a "^" symbol to
isolate error. The "^" appears under first character of incorrect
command, keyword or parameter, as shown in following
example:
ZXUAS#von ter
^
% Invalid input detected at '^' marker.
ZXUAS#
In following example, suppose that a clock is to be set and

context-sensitive help is used to check syntax for setting clock.
ZXUAS#cl?
clear clock
ZXUAS#clock ?
set Set the time and date
ZXUAS#clock set ?
hh:mm:ss Current Time
ZXUAS#clock set 13:32:00
% Incomplete command.
ZXUAS#

In the end of above example, system prompts "Incomplete

command", indicating that other keywords or parameters must
be input.
Command ZXUAS 10600 also allows abbreviation of a command or
Abbreviation keyword into characters or a string that uniquely identifies
command or keyword. For example, show command can be
abbreviated sh or sho.
Command User interface supports function of recording input commands. A
History maximum of ten history commands can be recorded. The
function is very useful in re-invocation of a long or complicated
command or ingress.
To re-invoke a command from record buffer, conduct one of
following operations as shown in Table 16.
TABLE 16 RECORD BUFFER COMMAND
Command Function
Command
Press <Ctrl-P> or Re-invokes the latest command in the record

the up arrow key buffer. Repeat these keys to invoke old
commands forwards
Rolls the commands downward. When the last
Press <Ctrl-N> or
command line is reached, one more operation
the down arrow
will roll the commands from the beginning of
key
the buffer cyclically.
Use show history command in privileged mode and latest

several commands in that mode will be listed.

Chapter 4
System Management
Overview
Introduction This topic covers brief introduction about System Management of
Topic Page No
Introduction to File System 39
File Management 40
TFTP Configuration 43
Software Version Upgrading 49
Data Backup and Recovery 55
Configuring System Parameters 56
Viewing System Information 58
Introduction to File System

In ZXUAS 10600 Carrier Class BRAS, main storage device is
flash. Image files and configuration files of ZXUAS 10600 are
stored in flash. Operations, such as version upgrading and
configuration saving, must be conducted in flash.
Flash consists of three directories:

IMG
CFG
DATA
IMG:
System mapping files (that is, image files) are stored under this
directory. The extended name of the image files is .zar. The
image files are dedicated compression files. Version upgrading
means change of corresponding image files under the directory.
CFG:
Configuration files are stored under this directory. File name of
configuration files is startrun.dat. When a command is used to
modify UAS configuration, information is stored in memory.
To prevent loss of configuration information, upon UAS power-
off/power-on, write command must be used to write memory
information into startrun.dat. To clear original configuration in
UAS, upon data reconfiguration, use delete command to delete
startrun.dat file and reboot UAS.
DATA:
This directory is used to store the log.dat file that records alarm
information.
File Management
Introduction ZXUAS 10600 provides many commands for file operations.
Command format is similar to DOS commands as present in
Microsoft Windows Operating System.
Purpose Refer to below procedure for file management on ZTE ZXUAS
10600 Carrier Class BRAS.
Prerequisite Refer to Configuration Methods (Chapter 3) to access the UAS
for configuration.
Steps 1. To display current directory path, use pwd command in
Privileged mode as shown in Table 17.
TABLE 17 PWD COMM AND

Format Mode
pwd Privilege This display current directory path
Result: This shows the flash: / sign.

2. To display subdirectory information, files under a designated
equipment or directory, use dir [<directory-name>]
command in Privilege mode as shown in Table 18.

TABLE 18 DIR COMM AND WINDOW

Format Mode
dir Privilege This display files, subdirectory

[<directory- information under a designated
name>] directory
This displays information about flash files including attribute,

size, time and names of the same.
Result: This shows directory of flash files.
3. To delete a file under a designated directory of current
equipment, use delete <directory&filename> command in
Privilege mode as shown in Table 19
TABLE 19 DELETE COMM AND WINDOW
Command Command Function

Command Format Mode
delete Privilege This deletes a file under a

<directory&filename> designated directory of
the current equipment
<directory&filename> parameter is from 1-80 characters.

Result: A Prompt appears, Are you sure to delete files with
options [Yes/No].
4. To enter into specific directory, use cd <directory-name> in
Privilege mode as shown in Table 20.
TABLE 20 CD COMMAND WINDOW

Format Mode
cd Privilege This command enable to Enter into

<directory- a file directory of a designated file
name> equipment or the current
equipment
<directory-name> represents 1-80 characters.

Result: This command sets prompt into designated directory
like flash: / [directory name].
5. To return back to root directory, use cd .. command in
Privilege mode as shown in Table 21.
TABLE 21 CD.. COMM AND WINDOW

Format Mode
cd .. Privilege This command makes return to

root directory

Result: This permits to go back to root directory.

Important! This is to notice down that there is one space after
writing Cd and then “..”.
6. To make directory in flash, use mkdir <directory-name>
TABLE 22 MKDIR COMM AND WINDOW

Format Mode
mkdir Privilege
<directory- This creates new directory in flash
name>
<directory-name> represents 1-32 characters.

Result: This makes a new directory in flash.
7. To delete a directory in flash, use rmdir <directory-name>
TABLE 23 RMDIR COMM AND WINDOW

Format Mode
rmdir Privilege
<directory- This deletes directory in flash
name>
Result: This deletes a designated directory in flash.

8. To modify name of directory in flash, use rename
<oldname> <newname> command in Privilege mode as
shown in Table 24.
TABLE 24 RMDIR COMM AND WINDOW

Format Mode
rename Privilege This modifies the name of a

<oldname> designated file or directory in
<newname> flash
<oldname> <newname> represents 1-80 characters.

Result: This renames designated file or directory in flash.
END OF STEPS.
Example View of current file information.
ZXUAS#dir
Directory of flash:/

attribute size date time name

1 drwx 512 MAY-17-2004 14:22:10 IMG
2 drwx 512 MAY-17-2004 14:38:22 CFG
3 drwx 512 MAY-17-2004 14:38:22 DATA
65007616 bytes total (48863232 bytes free)
ZXUAS#cd img (Enter the directory img)
ZXUAS#dir (Show the current directory information)
Directory of flash:/img
1 drwx 512 MAY-17-2004 14:22:10 .
2 drwx 512 MAY-17-2004 14:22:10 ..
3 -rwx 15922273 MAY-17-2004 14:29:18 ZXUAS.ZAR
ZXUAS#
Create directory and then removing
ZXUAS#mkdir ABC (Add a subdirectory ABC under the current

directory)
ZXUAS#dir (View the current directory information and find that
the directory ABC has been added successfully)
1 drwx 512 MAY-17-2004 14:22:10 IMG
2 drwx 512 MAY-17-2004 14:38:22 CFG
3 drwx 512 MAY-17-2004 14:38:22 DATA
4 drwx 512 MAY-17-2004 15:40:24 ABC
ZXUAS#rmdir ABC (Delete the subdirectory ABC)
ZXUAS#dir (View the current directory information and find that
the directory ABC has been deleted successfully)
1 drwx 512 MAY-17-2004 14:22:10 IMG
2 drwx 512 MAY-17-2004 14:38:22 CFG
3 drwx 512 MAY-17-2004 14:38:22 DATA
ZXUAS#
Related For more information about System Management please refer to

Information below procedures.
TFTP Configuration
Introduction

By use of FTP or TFTP, image files and configuration files of UAS

can be backed up and recovered. ZXUAS 10600 supports FTP
and TFTP modes. ZXUAS 10600 can serve as FTP/TFTP client.
TFTP (Trivial file transfer protocol) sets as an example for
description.
Purpose Refer to below procedure for TFTP configuration.
Prerequisites Refer to Configuration Methods (Chapter 3) to access the UAS
CLI for configuration.
There must be TFTP software installed in computer system, so it
behaves as a TFTP server for transferring files between UAS and
System.
Steps In these steps, Solarwinds TFTP is used for TFTP software part, a
free TFTP server software program which is installed on
Microsoft Windows XP (SP2).
In these steps, CLI configuration of UAS occurs through Hyper
Terminal emulation software, present in Windows Operating
System.
TFTP SolarWinds TFTP is downloaded from
Configuration http://www.solarwinds.net/Download-Tools.htm. When
downloading is completed, run SolarWinds-TFTP-Server.exe
from downloaded location.
After installation follow these steps to configure TFTP.
1. Select SolarWinds TFTP server from start menu, preceding
with program menu Click>TFTP Server as shown in Figure
24.
FIGURE 24 TFTP SERVER SELECTION WINDOW
Result: A Windows XP Firewall prompt appears that SolarWinds

TFTP wants to run.

Note: This occurs only if Windows XP firewall is enabled. For

other firewall configurations, refer to their documentation.
Important! This is to be in notice that TFTP uses
communication port# 69.
2. Click>Unblock for permanently allowing TFTP server to run
as shown in Figure 25.
FIGURE 25 WINDOWS FIREWALL ALERT
Result: SolarWinds TFTP window is displayed, showing an ip

address configured on Ethernet interface of computer
system on left side and TFTP directory on right side of taskbar.
3. Select file menu and then Click>Configure as shown in
Figure 26.
FIGURE 26 MAIN TFTP WINDOW
4. A different directory for storing image files can be selected.

By default this is C:\TFTP-Root as shown in Figure 27.

FIGURE 27 TFTP-ROOT DIRECTORY
Result: This displays current root directory for image files.

5. Select security tab from TFTP Server Configuration window,
there are some options available: Transmit only, receive only,
Transmit and Receive files. Select Transmit and Receive files
as shown in Figure 28. By default Receive files option is
selected.
FIGURE 28 TFTP SECURITY WINDOW

Result: Transmit and Receive files option is selected for both

transmitting and receiving files between TFTP server computer
system and UAS.
6. Click> Advanced Security tab if further security is required,

specify the range of permitted ip addresses as shown in
Figure 29. By default all ip addresses are permitted.
FIGURE 29 ADVANCED SECURITY WINDOW
Result: All IP addresses range is selected.
7. Select Auto-Close Tab if TFTP server require to automatically

shutdown after a period of inactivity as shown in Figure 30 .
By default this time sets to Never.

FIGURE 30 AUTO-CLOSE WINDOW
Result: Never option is selected.
8. To save log in specific path, this can be chosen from Log tab.
By default do not log request option is selected as shown in
Figure 31.
FIGURE 31 LOG WINDOW
Result: Do not log option is selected.
END OF STEPS.

Example For example refer to below topic.

Related For more information about System Management please follow
Information below procedures.
For more information about SolarWinds TFTP server visit
http://www.solarwinds.net
Software Version Upgrading

Introduction Normally, version upgrading is needed only when original
version does not support some functions or equipment cannot
run normally due to some reasons. If version-upgrading
operations are not performed properly, upgrading failure may
occur or system may even break down.
Version upgrading must be done with complete knowledge,

principles and operations of ZXUAS 10600.
Version upgrading includes two cases:
Version Upgrade in case of System Abnormality

Version Upgrade in case of Normal System
Purpose Refer to below procedure for version upgrading.
Prerequisite
Refer to Configuration Methods (Chapter 3) to access the UAS
Make sure TFTP server is up and running.
Version
Upgrade in In case of System abnormality, following procedure is executed.
Case of System
Abnormality
Steps In these steps, File Management occurs through Hyper Terminal

emulation software, present in Windows Operating System.
1. Connect serial port of ZXUAS 10600(COM port on BIC) to

serial port of TFTP Server Computer System with the console
cable.
Result: TFTP server computer system and UAS are ready
to transfer files.
2. Connect management Ethernet port of UAS (10/100M
Ethernet port on BIC) to network port of TFTP Server

Computer System with Ethernet cable and make sure

connections are correct.
Result: Media (Ethernet cable) is ready to transfer files.
3. Configure both TFTP Server Computer System Ethernet port
and UAS management Ethernet port of UAS in same network
section.
Result: Different IP addresses belonging to same network
are configured.
4. Restart ZXUAS and press any key to enter into Boot status
according to prompt on HyperTerminal as shown in Table 25.
TABLE 25 BOOT WINDOW
ZXUAS System Boot Version: 1.0

Creation date: Dec 31 2002, 14:01:52
...
Press any key to stop for change parameters...
2
[ZXUAS Boot]:
Result: Boot terminal is shown.

5. Input "c" in the Boot status and press <ENTER> to enter into
parameter modification status as shown in Table 26.
Result: Parameter modification status window is displayed
6. Change the boot mode to "Boot from the background TFTP";
change the address of the TFTP Server to corresponding
TFTP Server Computer System IP address as shown in Table
26.
Result: Boot mode is changed from normal boot to TFTP
boot.
7. Change Client address and gateway address to address of
built-in Ethernet interface and configure corresponding
subnet mask as shown in Table 27 .

TABLE 26 VERSION UPGRADING COMM AND WINDOW
[ZXUAS Boot]:c
'.' = clear field; '-' = go to previous field; ^D = quit Boot Location
[0:Net,1:Flash] : 0 (0 indicates booting from the background TFTP,
and 1 indicates booting from the FLASH)
Client IP [0:bootp]: 168.4.168.168 (Corresponding to the address of
the management Ethernet port) Netmask: 255.255.0.0
Server IP [0:bootp]: 168.4.168.89 (Corresponding to the address
of the background TFTP Server)
Gateway IP: 168.4.168.168 (The gateway address is the address of
the management Ethernet port)
Boot Path: ZXUAS.zar (Use the default value)
Enable Password:(Use the default value)
Enable Password Confirm:(Use the default value)
[ZXUAS Boot]:
Result: The following prompt "[ZXUAS Boot]:" appears.

8. Enter “@” and press <ENTER>, System boots with the image
from the background TFTP Server automatically as shown in
Table 27 .
TABLE 27 TFTP IM AGE SYSTEM BOOTING
[ZXUAS Boot]:@
Loading... get file ZXUAS.zar[15922273] successfully!
file size 15922273.
...
Start ZXUAS-TSR MPU
Version V1.2.m.n Built at Mar 22 2004, 11:03:18
Synchronizing .................... .........................OK!
*****************************************
Welcome to ZXUAS 10600
*****************************************
ZXUAS>
Result: System boots with TFTP image.

9. For normal boot, use show version command in Privilege
mode to view whether the new image has run in the memory.
If old image still runs in the memory, this indicates that the
boot from the TFTP server has failed. Please repeat the
above operations once again from Step 1. This command is
shown in Table 28 .

TABLE 28 SHOW VERSION COMM AND WINDOW

Format Mode
show Privilege This indicates software version of

version flash and new image file present in
directory
Result: This indicates new image file present in directory.

10. Use delete command in Privilege mode to delete old image
file ZXUAS.zar under the IMG directory in the flash only if
space is not sufficient, otherwise just change its name. The
command is shown in Table 29 .

Format Mode
delete Privilege This deletes file present in flash
Result: This deletes old image file.

11. Copy new image file in background TFTP Server into IMG
directory in FLASH. The name of the image file is ZXUASzar.
The operation of copying the image file to the flash in TFTP
mode is shown in Table 30 .
TABLE 30 COPY COMM AND WINDOW
ZXUAS#copy tftp: //168.4.168.89/zxuas.zar

flash: /img/zxuas.zar
Starting copying file
.................................................................
.................................................................
......................................
file copying successful.
ZXUAS#
Result: This copies new image file in flash.

12. Check whether the new image file exists in FLASH using
command show version in Privilege mode. If file does not
exist, this indicates a copy failure. This is shown in Table 31.
Important! If file does not exist, this indicates a copy failure.

Format Mode

directory


13.Reboot ZXUAS 10600, based on method mentioned in Step 8;
change boot mode to "Boot from the flash". In this case,
"Boot path" will change to "/flash/img/ZXUAS.zar"
automatically.
Note: The boot mode also can be changed to "Boot from the
FLASH" by using the command nvram imgfile- location local
in the global configuration mode.
14. Under [ZXUAS Boot]: enter “@” and press <ENTER>, system
boots with new image from FLASH.
15. After normal boot, view the image version under running and
confirm whether the upgrading is successful.
Version Version upgrade during normal system working is same as
Upgrade in upgrading during system abnormality. Only difference is, boot
Case of Normal mode is not required to upgrade system.
System
Steps 1. Connect serial port of ZXUAS 10600 (COM port on BIC) to

serial port of TFTP Server Computer System with console
cable.
Result: TFTP server computer system and UAS are ready
to transfer files.
2. Connect management Ethernet port of UAS (10/100M
Ethernet port on BIC) to the network port of TFTP Server
Computer System with an Ethernet cable, and make sure the
connections are correct.
Result: Media (Ethernet cable) is ready to transfer files.
3. Configure both TFTP Server Computer System Ethernet port
and UAS management Ethernet port of UAS in the same
network section.
Result: Different IP addresses belonging to same network
are configured.
4. View information about the currently running image by using
show version command in Privilege mode as shown in
Table 32.

Format Mode

directory

5. Use the delete command in Privilege mode to delete the old

image file ZXUAS.zar under the IMG directory in the FLASH
only if space is not sufficient, otherwise just change its name.
The command is shown in Table 33.

Format Mode
delete Privilege This deletes file present in flash
Result: This deletes old image file.

6. Copy new image file in background TFTP Server into IMG
directory in FLASH. The name of the image file is ZXUAS.zar.
The operation of copying the image file to the FLASH in FTP
mode is shown in Table 34.
ZXUAS#copy tftp: //168.4.168.89/ZXUAS.zar

flash: /img/ZXUAS.zar
Starting copying file
.................................................................
.................................................................
......................................
file copying successful.
ZXUAS#
Result: This copies new image file in flash.

7. Check whether the new image file exists in FLASH using
command show version in Privilege mode as shown in
Table 35.
Important! If file does not exist, this indicates a copy failure.

Format Mode

directory
Result: This indicates new image file present in directory

8. Reboot ZXUAS 10600, based on method mentioned in Step 8,
change the boot mode to "Boot from the FLASH". In this case,
"Boot path" will change to "/flash/img/ZXUAS.zar"
automatically.

Note: The boot mode also can be changed to "Boot from the
FLASH" by using the command nvram imgfile- location local
in the global configuration mode.
9. Under [ZXUAS Boot]: enter “@” and press <ENTER>, system
boots with new image from FLASH
10. After normal boot, view the image version under running
and confirm whether the upgrading is successful.
END OF STEPS.
Related For more information about System Management Please refer to

Information System Backup and Recovery.
Data Backup and Recovery

Purpose This procedure delivers information about how to make backup
and recovery of image files present in flash.
Make sure TFTP server is up and running as described in TFTP
configuration topic.
Steps 1. To save running configuration into NVRAM and flash, use

write command in Privilege mode as shown in Table 36.
TABLE 36 WRITE COMM AND WINDOW

Format Mode
write Privilege This starts writing function

write flash Privilege This writes to flash memory
write Privilege This writes running system file to
logging M&S BUPC
write Privilege This writes to NVRAM memory
nvram
Note: When a command is used to modify configuration of a

UAS, the information is running in the memory in real time. If
the UAS reboots, all new configurations will lost.
Result: This writes running configuration into memory.

2. To backup configuration files on TFTP server or in FTP server,
use copy command in Privilege mode as shown in Table 37.


Format Mode
copy Privilege This copies image and configuration

files from TFTP server or FTP server
to UAS and Vice versa
copy flash Privilege This copies from flash file system
copy ftp Privilege This copies from ftp: file system

copy tftp Privilege This copies from tftp: file system
Result: This makes configuration backup.

Example: The following command can be used to back up a
configuration file in the FLASH to the backup TFTP Server.
ZXUAS#copy flash: /cfg/db.dat tftp: //168.1.1.1/cfg/db.dat
3. To copy the image file into TFTP server, FTP server or copy
from TFTP server, FTP server into UAS, use copy command
as shown in Table 38.

Format Mode
copy Privilege This copies image and configuration

files from TFTP server or FTP server
to UAS and Vice versa
copy flash Privilege This copies from flash file system
copy ftp Privilege This copies from ftp: file system

copy tftp Privilege This copies from tftp: file system
Result: This copies image file from TFTP server or To TFTP

server from UAS.
Example: The following command can be used to copy an
image file into FLASH from TFTP Server.
ZXUAS#copy flash: /img/zxuas.zar tftp: //168.1.1.1/img/zxuas.zar
END OF STEPS.
Configuring System Parameters

Purpose Refer to below procedure for configuring system parameters of
ZTE ZXUAS 10600 Carrier Class BRAS.


Steps 1. To set a hostname of system, use hostname command in
global configuration mode as shown in Table 39.
TABLE 39 HOSTNAME COMM AND WINDOW

Format Mode
hostname Global Config This sets hostname of system
Result: This configures hostname of system.

Note: By default, the host name of the system is ZXUAS. After
host name is changed, log on to the UAS again, and the new
host name appears on screen.
2. To set Welcome message upon system boot or when login on
telnet, use banner incoming command in global
configuration mode as shown in Table 40.
TABLE 40 BANNER INCOMING COMM AND WINDOW

Format Mode
banner Global Config This sets hostname of system
Result: This configures hostname of system.
Example:
ZXUAS(config)#banner incoming #
Enter TEXT message. End with the character '#'.
***********************************
Welcome to ZXUAS Broadband Remote Access Server of ZTE
Corportioan
***********************************
#
ZXUAS(config)#
3. To prevent an unauthorized user from modifying the

configuration, use enable secret command in global
TABLE 41 ENABLE SECRET COMM AND WINDOW
Command Command
Command Format Mode Function
enable secret {0 Global Config This sets password

<password>|<password>} for privileged mode

Result: This configures privileged password in order to confirm

read/write action.
Note: In the privileged mode, a user can configure operation
parameters and also can enter the configuration mode.
4. To set Telnet username and password, use username
<username> password <password> in global configuration
mode as shown in Table 42.
TABLE 42 TELNET USERNAME COMM AND WINDOW

Format Mode
username Global Config

<username> This sets Telnet user and
password password
<password>
Result: This configures username and password for telnet

session.
5. To set System time, use clock set <current-time> <month>
<day> <year> command in Privilege mode as shown in
Table 43.
TABLE 43 CLOCK SET COMM AND WINDOW

Format Mode
clock set Privilege

<current-
time>
This sets System time
<month>
<day>
<year>
Result: This configures system time.

END OF STEPS.
Related For more information about system management please refer to

Information below procedure.
Viewing System Information

Purpose Refer to below procedure for viewing system information of ZTE
Steps

1. To view hardware and software versions of the System, use

show version command in Privilege mode as shown in
Table 44.

Format Mode
show Global Config This displays the version

version information about the software and
hardware of System
Result: This shows the running software and hardware

information of System.
END OF STEPS.
Example:
The following information is displayed after carried out show
version command.
ZXUAS#show version
ZXR10 Router Operating System Software, ZTE Corporation
ZXUAS ROS Version V4.8.01
ZXUAS 10600 Software, Version V2.8.01.b01, RELEASE
SOFTWARE/*OS version is 2.8.01*/
Copyright (c) 2005-2010 by ZTE Corporation
Compiled Sep 19 2006, 09:38:16
System image files from net <ftp://168.168.168.1/zxuas.zar>
System uptime is 0 days, 16 hours, 56 minutes
[RPU,panel 2,master]
Main processor: PENTIUM II with 512M bytes of memory
ROM: System Bootstrap, Version: ZXUAS 10600 BOOT 1.0,RELEASE
SOFTWARE
[MPU,panel 2,master]
Main processor: PENTIUM II with 512M bytes of memory
8K bytes of non-volatile configuration memory
64M bytes of processor board System flash (Read/Write)
ROM: System Bootstrap, Version:ZXUAS 10600 BOOT 1.0,RELEASE
SOFTWARE
System serial: 10020
[BSFC,panel 2,master]
Main processor: PowerPC 8240 with 64M bytes of memory
ROM: System Bootstrap, Version: ZXUAS T128 BOOT 2.6.02,RELEASE
SOFTWARE
[BNPCT,panel 2]
Main processor: XSCALE with 512M bytes of memory in slot 2
System with multiple processors (2 Network processors)
Every network processor with 512M bytes of memory
ROM(4M): System Bootstrap, Version:ZXUAS 10600 BOOT 1.0,
RELEASE SOFTWARE

FPGA Version(Switch) : V38 /* bnpct exchange system fpga edition

number */
FPGA Version(Interface): V17 /*meets the oral plate fpga edition
number*/
CPLD Version : V21 /*bnpct cpld edition number*/
Related None
Information

Chapter 5
Interface Configuration
Overview
Introduction This chapter describes different types of interfaces on ZXUAS
10600 Carrier Class BRAS and their configuration examples for
further illustration.
Topic Page No
Interfaces Types 61
Interface Naming Rules 62
Physical Interfaces 62
Configuring Network Interface 62
Configuring Ethernet Interfaces 65

Configuring Packet over Sonet 67
71
Configuring ATM
Configuring Smart-Group 75
Interfaces Types
Interfaces are divided into following types.
Physical interfaces
Logical interfaces
Physical These refer to interfaces, which exist actually, such as Ethernet

Interfaces interface POS interfaces, ATM interfaces.

Logical These refer to interfaces, which exist due to configuration; they

Interfaces are also called virtual interfaces, such as VLAN sub-interfaces
and Loopback interfaces.
Interface Naming Rules

Introduction Interfaces of ZXUAS 10600 are named in the following rule
<Interface type>_<Slot ID>/<Port ID>. <Sub-interface or
channel ID> <Interface type><Sub-interface>.
Following are interface types and their descriptions.
Interface Description
Type
fei Fast Ethernet interface

gei Gigabit Ethernet interface
pos48 2.5 POS interface
atm155 155M ATM interface
smartgroup SmartGroup interface
Loopback Loopback interface
<Slot ID> refers to physical slots where line interface module

is installed, ranging from 1 to 8 (ZXUAS 10600).
<Port ID> refers to number allocated to line interface module
connector. The value range and assignment of port IDs
depend upon different types of line interface modules.
Physical Interfaces
Physical interfaces cover the following topics.
Ethernet Interface Configuration
Configuring Network Interface

Purpose Refer to below procedure for the configuration of physical
interface.
Steps For the configuration of physical interface, perform the following
steps:

1. To enter into the interface mode, use command interface

type_slot/port in global configuration mode. This is shown in
Table 45.
TABLE 45 INTERFACE COMMAND

Format Mode
interface global This enters into the interface

type_slot/port mode.
Result: This enters into the interface mode.

2. To enable the interface, use command no shutdown in
interface config mode. This is shown in Table 46.
TABLE 46 NO SHUTDOWN COMM AND

Format Mode
no interface
This enables the interface
shutdown
Result: This enables the interface.

3. To configure the interface associate with the VRF, use
command ip vrf forwarding <vrf-name> in interface
configuration mode. This is shown in Table 47.
TABLE 47 IP VRF FORWARDING COMM AND

Format Mode
ip vrf interface
forwarding This configures the interface
<vrf- associated with the VRF
name>
Result: This configures the interface associated with the VRF.

4. To configure the IP address for interface, use command ip
address ip-address mask in interface configuration mode.
This is shown in Table 48.
TABLE 48 IP ADDRESS COMM AND

Format Mode
ip address interface
This configures the IP address for
ip-address
interface
mask
Result: This confiugures the IP address for the interface.

5. To set the speed for interface, use command speed {10|100}
in interface configuration mode. This is shown in Table 49.

TABLE 49 SPEED COMM AND

Format Mode
speed interface
This sets the speed for the interface
{10|100}
Result: This sets the speed for the interface.

6. To set the duplex mode for interface, use command duplex
{half|full} in interface configuration mode. This is shown in
Table 50.
TABLE 50 DUPLEX COMM AND

Format Mode
duplex interface This sets the duplex mode for

{half|full} interface
Result: This sets the duplex mode for interface.

7. To show the information for the interface, use command
show ip interface in privileged mode. This is shown in
Table 51.
TABLE 51 SHOW IP INTERFACE COMM AND

Format Mode
show ip interface This shows the information for the

interface interface
Result: This shows the informationnn for the interface.

END OF STEPS.
Example:
The example is given below:
ZXUAS(config)#interface fei_1/2
ZXUAS(config-if)#no shutdown
ZXUAS(config-if)#ip address 10.61.86.88 255.0.0.0
ZXUAS(config-if)#speed 100
ZXUAS(config-if)#duplex full
/*show the interface information*/
ZXUAS(config)#show ip interface fei_1/2
fei_1/2 AdminStatus is up, PhyStatus is up, line protocol is up
Internet address is 10.61.86.88/8
Broadcast address is 255.255.255.255
MTU is 1500 bytes
ICMP unreachables are always sent

ICMP redirects replies are always sent

Policy routing is disabled
Inbound access list is not set
Outgoing access list is not set
ARP Timeout: 00:10:00
ZXUAS(config)#
Configuring Ethernet Interfaces

Purpose Refer to below procedure for configuring Ethernet interfaces on
ZTE ZXUAS 10600 Carrier Class BRAS.
for configuration.
Steps 1. Enter into configuration mode by writing config terminal
command in global configuration mode as shown in Table 52.
TABLE 52 CONFIG TERMINAL COMM AND

Format Mode
config Privilege Enters into global configuration

terminal mode
Result: This enables to enter into global configuration mode.

2. Enter into interface configuration mode by writing interface
<interface-number> command in global configuration mode
TABLE 53 INTERFACE CONFIGURATION COMM AND

Format Mode
interface global config

This enters into interface
<interface-
configuration mode
number>
Result: This enables to enter into interface configuration mode.

3. To configure an IP address of an interface, use ip address
<ip-address> <net-mask> [<broadcast-address>] in
interface config mode as shown in Table 54.

Format Mode
ip address This configures an ip address of

<ip-address> interface config
an interface
<net-mask>


Format Mode
[<second ip-
address>]
Result: This configures an ip address of an interface.

4. For configuring duplex mode of an interface, use duplex
full/ duplex half command in interface config mode as
shown in Table 55.
TABLE 55 DUPLEX COMM AND WINDOW

Format Mode
This configures duplex mode of

duplex full interface config fast Ethernet interface to full
duplex
This configures duplex mode of
duplex half interface config fast Ethernet interface to half
duplex
Result: This sets duplex mode for an interface.

5. To configure negotiation mode of an interface, use interface
autoconfig command in interface config mode as shown in
Table 56.
TABLE 56 INTERFACE AUTOCONFIG COMMAND

Format Mode
negotiation This enables auto negotiation of

interface
auto gigabit Ethernet interface
Result: This configures auto negotiation of gigabit Ethernet

interface.
Note: Configuration of duplex mode is only applicable to Fast
Ethernet interfaces, and negotiation is only applicable to Gigabit
Ethernet interfaces.
END OF STEPS.
Example:
As shown in Figure 32, interface of ZXUAS 10600-1 is connected
to the ethernet interface of ZXUAS 10600-2.

FIGURE 32 ETHERNET INTERFACE CONFIGURATION
Configuration of ZXUAS 10600-1:
ZXUAS(config-if)#duplex full
ZXUAS(config)# interface fei_1/3

ZXUAS(config-if)# duplex full
Configuring Packet over Sonet

Introduction Synchronous Optical Network/Synchronous Digital Hierarchy
(SONET/SDH) has emerged as significant technologies for
building large-scale, high-speed, Internet Protocol (IP)-based
networks. Even though SONET/SDH is frequently labeled as “Old
World” because this is a time division-multiplexing (TDM)
technology optimized for voice traffic, its capability to provide
high-bandwidth capacity for transporting data is the primary
reason for ubiquitous use in the Internet and large enterprise
data networks.
Packet over SONET (PoS) technology, which allows efficient
transport of data over SONET/SDH, has certainly been a major
player in accommodating explosive growth on Internet.
PoS provides a flexible solution to well known applications which
includes network backbone infrastructures and data aggregation
or distribution on network edge and in metropolitan area. UAS
PoS interfaces are frequently connected to Add Drop Multiplexers
(ADMs), terminating point-to-point SONET/SDH links. Direct
connections over dark fiber or via dense wave-division
multiplexing (DWDM) systems are becoming increasingly popular.
Sonet/SDH Basic transmission rate of SONET (51.840 Mbps), referred to as
Rates Synchronous Transport Signal level 1 (STS-1), is obtained by
sampling 810-byte frames at 8000 frames per second. SONET
features an octet-synchronous multiplexing scheme with
transmission rates in multiples of 51.840 Mbps.

There are different POS interfaces in ZXUAS 10600depending

upon transmission rates, which are described in Figure 33, also
shown are corresponding transmission rates and terminology for
SDH. SDH is SONET-equivalent specification proposed by
International Telecommunications Union (ITU). SDH supports
only a subset of SONET data rates, starting from 155.520 Mbps.
FIGURE 33 SONET SDH RATES
Pos Framing PoS use PPP in High-Level Data Link Control (HDLC)-like framing
(as specified in RFC 1662) for data encapsulation at Layer 2
(data link) of Open System Interconnection (OSI) stack. This
method provides efficient packet delineation and error control.
The frame format for PPP in HDLC-like framing is shown in
Figure 34.
FIGURE 34 PPP FRAME FORM AT
RFC 2615 specifies use of PPP encapsulation over SONET/SDH

links. PPP was designed for use on point-to-point links and is
suitable for SONET/SDH links, which are provisioned as point-to-
point circuits even in ring topologies. PoS specifies STS-3c/STM-
1 (155 Mbps) as basic data rate and this has a usable data
bandwidth of 149.760 Mbps. PoS frames are mapped into
SONET/SDH frames and they sit in payload envelop as octet
streams aligned on octet boundaries.
Figure 35shows framing process. RFC 2615 recommends
payload scrambling and a safeguard against bit sequences,
which may disrupt timing. PoS payload scrambling is further
discussed in the section “Synchronization.”

FIGURE 35 POS FRAMING SEQUENCE
Purpose Refer to below procedure for PoS configuration on ZTE ZXUAS

Steps In these steps, PoS configuration occurs through Hyper Terminal
emulation software, present in Windows Operating System.
1. To enter into packet over sonnet configuration mode, use
clock source <boardname> {system|free-run|line
<interface-number>}command in global configuration mode
TABLE 57 INTERFACE CONFIGURATION COMM AND

Format Mode
clock board
source
<boardname>
This configures clock source for
{system|free- global config
POS interface
run|line
<interface-
number>}
Result: This sets clock source of PoS interface.


Format Mode
ip address
<ip-address>
This configures an ip address of
<net-mask> interface config
an interface
[<broadcast-
address>]

3. To configure clock source for PoS interface, use clock

source <boardname> {system|free-run|line <interface-
number>} command in packet over sonnet configuration
TABLE 59 CLOCK SOURCE COMM AND

Format Mode
interface global config

This enters into Packet over sonnet
<interface-
configuration mode
number>

END OF STEPS.
Example:
As shown in Figure 36, the pos48_4/4 interface of ZXUAS
10600-1 is connected to pos48_13/1 interface of ZXUAS 10600-
2.
FIGURE 36 PACKET OVER SONET EXAMPLE
ZXUAS(config)#interface pos48_4/4
onfiguration of ZXUAS 10600-2:
ZXUAS (config)#interface pos48_13/1

ZXUAS (config-if)#framing sdh
ZXUAS (config-if)#ip mtu 1500
ZXUAS (config-if)#ip address 192.168.1.2 255.255.255.0
ZXUAS (config-if)#flag s1s0 2
ZXUAS (config-if)#flag c2 22

Configuring ATM
Introduction Asynchronous transfer mode (ATM) is a high-performance, cell-
oriented switching and multiplexing technology that utilizes
fixed-length packets to carry different types of traffic. Networks
that have been primarily focused on providing better voice
services are evolving to meet new multimedia communications
challenges and competitive pressures.
Services based on asynchronous transfer mode (ATM) and
synchronous digital hierarchy (SDH)/synchronous optical
network (SONET) architectures provide flexibility essential for
success in this market. The most basic service building block is
ATM virtual circuit, which is an end-to-end connection that has
defined end points and routes.
In ATM networks, all information is formatted into fixed-length
cells consisting of 48 bytes (8 bits per byte) of payload and 5
bytes of cell header. The fixed cell size ensures that time-critical
information such as voice or video is not adversely affected by
long data frames or packets. The header is organized for
efficient switching in high-speed hardware implementations and
carries payload-type information, virtual-circuit identifiers, and
header error check.
FIGURE 37 ATM FIXED LENGTH CELLS
ATM standards defined two types of ATM connections: virtual

path connections (VPCs), which contain virtual channel
connections (VCCs). A virtual channel connection (or virtual
circuit) is the basic unit, which carries a single stream of cells, in
order, from user to user.
A collection of virtual circuits can be bundled together into a
virtual path connection. A virtual path connection can be created
from end-to-end across an ATM network. In this case, the ATM

network does not route cells belonging to a particular virtual

circuit. All cells belonging to a particular virtual path are routed
the same way through the ATM network, thus resulting in faster
recovery in case of major failures.
Quality of Service Parameters

Service Class
Constant Bit Rate This class is used for emulating circuit

(CBR) switching. The cell rate is constant with
time. CBR applications are quite sensitive to
cell-delay variation. Examples of applications
that can use CBR are telephone traffic (i.e.,
nx64 kbps), videoconferencing, and
television.
Variable bit rate–non- This class allows users to send traffic at a
real time (VBR–NRT) rate that varies with time depending on the
availability of user information. Statistical
multiplexing is provided to make optimum
use of network resources. Multimedia e-mail
is an example of VBR–NRT.
Variable bit rate–real This class is similar to VBR–NRT but is
time designed for applications that are sensitive
(VBR–RT) to cell-delay variation. Examples for real-
time VBR are voice with speech activity
detection (SAD) and interactive compressed
video.
Available bit rate This class of ATM services provides rate-
(ABR) based flow control and is aimed at data
traffic such as file transfer and e-mail.
Although the standard does not require the
cell transfer delay and cell-loss ratio to be
guaranteed or minimized, it is desirable for
switches to minimize delay and loss as much
as possible. Depending upon the state of
congestion in the network, the source is
required to control its rate. The users are
allowed to declare a minimum cell rate,
which is guaranteed to the connection by the
network.
Unspecified bit rate This class is the catch-all, other class and is
(UBR) widely used today for TCP/IP.
ATM Standards ZXUAS 10600 provides ATM 155M and ATM 622M standard
speed interfaces. They can support IP Over ATM, Encapsulation
of IP Over ATM LLC/SNAP, ATM AAL5, IP routing, ATM cell
processing, 256 PVCs and point-to-point connection.
Purpose Refer to below procedure for ATM configuration on ZTE ZXUAS
Steps

1. To enter into ATM interface configuration mode, use

interface <interface-number> command in global
TABLE 60 INTERFACE CONFIG COMM AND

Format Mode
interface
This enters into interface
<interface- Global config
configuration mode
number>

2. To create ATM PVC, use atm pvc <vpi> <vci> command in
ATM configuration mode as shown in Table 61.
TABLE 61 PVC COMM AND

Format Mode
atm pvc
<vpi> Interface config This creates PVC
<vci>
Result: This creates PVC.

3. To configure an IP address of an interface, Use ip address
<ip-address><net-mask> [<broadcast-address>] in

Format Mode
ip address
<ip-address>
<net-mask> Interface config
an interface
[<broadcast-
address>]

4. To enable oam F5 management of PVCs, use oam-pvc
manage [<frequency>] command in interface config mode
TABLE 63 OAM-PVC PVC MANAGEMENT

Format Mode
oam-pvc manage This enables oamF5

interface
[<frequency>] management of PVCs

Result: This creates oamF5 PVCs management.

5. To configure OamF5 management parameters, use oam
retry <up-count> <down-count> <retry-frequency>
command in interface config mode as shown in Table 64.
TABLE 64 OAM-RETRY

Format Mode
oam retry <up-

count> <down- This configures OamF5
Interface
count> <retry- management parameters
frequency>
Result: This configures OamF5 management parameters.

END OF STEPS.
Example:
As shown in Figure 38, atm155_1/1.1 interface of ZXUAS
10600-1 is connected to atm155_5/1 interface of ZXUAS 10600-
2.
FIGURE 38 ATM CONFIGURATION EX AMPLE
ZXUAS(config)#interface atm155_1/1.1
ZXUAS(config-if)#atm pvc 2 40
ZXUAS (config)#interface atm155_5/1

ZXUAS (config-if)#atm pvc 2 40
ZXUAS (config-if)#ip address 10.10.0.1 255.255.255.252
ZXUAS (config-if)#frame sdh
ZXUAS (config-if)#ip mtu 1500

Configuring Smart-Group
Introduction Smart Group refers to aggregation of multiple physical interfaces
into one logical interface to provide higher aggregated
bandwidth, load balancing, and link redundancy. One
SmartGroup interface can contain up to eight Ethernet interfaces
in the same board slot. One Ethernet interface board can
support up to 31 SmartGroup interfaces.
Purpose Refer to below procedure for smart group on ZTE ZXUAS 10600.
for configuration.
Steps 1. To create a smartgroup interface and to enter into it, use
interface smartgroup{1-64} command in interface
TABLE 65 SMART GROUP INTERFACE COMM AND

Format Mode
interface This creates a smartgroup

smartgroup{1- global config interface and enters into
64} interface configuration mode
Result: This enables to create smart-group and to enter into it.


Format Mode
ip address
<ip-address>
<net-mask> Interface config
an interface
[<broadcast-
address>]

3. To add Ethernet interfaces into smartgroup, use
smartgroup <interface-number> in interface configuration

TABLE 67 SMART-GROUP ETHERNET COMM AND

Format Mode
smartgroup
This adds Ethernet interfaces
<interface- Interface config
into smartgroup
number>
Result: This sets Ethernet interfaces into smartgroup.

END OF STEPS.
Example:
As shown in Figure 39, the smtgrp_8/1 interface of ZXUAS
10600-1 is interconnected with the smtgrp_8/1 interface of
ZXUAS 10600-2.
FIGURE 39 SM ART-GROUP EXAMPLE
ZXUAS(config)#interface smartgroup 8/1

ZXUAS(config-if)#smartgroup 8/1
ZXUAS(config)#interface smartgroup 8/1


Chapter 6
BRAS Service
Overview
Introduction This chapter covers the basic concepts and configuration of
BRAS access features which includes subscriber domain, access
interfaces, virtual interfaces, authorization, accounting and
access control.
Contents This chapter covers the following topics:
Topic Page No
BRAS Overview 78
BRAS Interface Configuration 80
Configuring VBUI Interface 84
Service Access List (SAL) Configuration 88
Configuring Domain 91
Domain User Template Configuration 94
Configuring Subscriber (User) 96
Point to Point Protocol 98
PPP Authentication Protocols 100
Password Authentication Protocols (PAP) 100
Challenge Handshake Authentication Protocol 102

(CHAP)
Configuring PPP Quick-redial 103
Configuring PPP Idle Timer 104
Configuring Flow Statistics 105
Access Control 105
Configuring Access Control 105
Configuring PPPoE 106

Topic Page No
Configuring PPPoEoV 108
Configuring PPPoA 109
Configuring PPPoEoA 111
Configuring Static IPoE 113
Configuring Static IPoEoV 116
Configuring Static IPoEoA 118
DHCP Web Access Configuration 121
Configuring QinQ 127
BRAS Overview
Broadband Remote Access Server (B-RAS) is an application
running on your UAS that:
Aggregates the output from digital subscriber line access
multiplexers (DSLAMs)
Provides user Point-to-Point Protocol (PPP) sessions or IP-
over-Asynchronous
Transfer Mode (ATM) sessions
Enforces quality of service (QoS) policies
Routes traffic into an Internet service provider’s (ISP’s)
backbone network
A DSLAM collects data traffic from multiple subscribers into a
centralized point so that it can be uploaded to the UAS over an
ATM connection via a DS3, OC3, E3, or OC12 link.
UAS provides logical termination for PPP sessions, as well as the
interface to authentication and accounting systems.
ZTE ZXUAS 10600 provides unique concepts for RAS which
includes:
Domain Domain is an aggregate of bras service management features,
which has AAA system, legal user group and some services
management policy.
By using domain ZXUAS 10600 is able to manage user groups,
which have their own resources and configurations, such as:

Chapter 6 BRAS Service
Alias: unique identification for sepertate users

Maximum domain Users
Authentication, Accounting handling
Authentication, accounting servers group Releations.
Default user template.
Maximum synchronization users of domain
Associated vrf
Virtual BRAS VBUI is a logical interface for IP protocol, only used for BRAS
User Interface services. Each VBUI need configuration of an IP address,
(VBUI) releated network mask, Arp protocol, the MTU, control list and
other protocols. VBUI can support more than one physical circuit.
User In terms of RAS, User means the one who can access the device
and obtain services or management legally. Every legal user has
their own attributes, own personality service information, which
includes name, password, IP Address, IP Address policy, Qos
parameters and ACL parameters.
Dynamic User Dynamic user is a concept which records the whole process and
information for a user access to the device. The life of Dynamic
user begins when user enters to the device and becomes end
when the user leaves from the device.
Interface Interface means a physical interface which has the max user
number for every special service.
Circuit The circuit refers to a logical circuit which is used to represent
DOT1Q VLAN, ATM PVC, Non-DOT1Q encapsulation, Ethernet
interface etc.
Bind The circuit and PPP link together need to bind with VBUI to let
the user to enter into the device for access feature. Bind is the
core concept for BRAS access service.
Bind has two types:
Static bind
Bind relationship can be designate directly to the user.
Dynamic bind
This depends on the IP address which user gets from the device
(PPP protocol). The system can find the corresponding interface
and get the relationship between the user and the interface.
Object Figure 40represents the object relationships.
Releationships

FIGURE 40 OBJECT RELEATIONSHIPS
D o m a in S u b s c rib e r-
1
D o m a in A lia s -1
S u b s c rib e r- n
D o m a in A lia s -n A u th e n tic a tio n /A c c o u n tin

g
VRF R a d iu s G ro u p
R o s _ In te rfa c e
IP P O O L -1
VRF
VBUI
IP P O O L -n
Sub- Sub-
In te rfa c e In te rfa c e
Q oS ACL
C irc u it C irc u it C irc u it

s u b s c rib e
in te rfa c e
r
BRAS Interface Configuration

Purpose Refer to below procedure for the configuration of user interface.
ZXUAS 10600 is a broadcast access server based on UAS, in
order to make it different from physical interface, configure user
interface and sub interface along with bras mode.
Steps For the configuration of user interface, perform the following
steps:
1. To configure user access to circuit interface, use command
access-type {eth | adsl | xdsl} in sub interface
T AB L E 6 8 AC C E S S TY P E CO M M AN D

Format Mode
access-
type {eth |
This configures user access to
adsl- Sub interface
circuit interface
dmt|adsl-
cap | xdsl}
Result: This configures user access to circuit interface.

2. To creat PVC, use command atm pvc [<vpi> <vci> [through

<vci>] in sub interface configuration mode. This is shown in
Table 69.
T AB L E 6 9 AT M P V C C OM M AN D

Format Mode
atm pvc
[<vpi>
<vci> Sub interface This creats PVC
[through
<vci>]
Result: This creates PVC.

3. To bind the dynamic circuit which encapsulated in PPP to the
particular interface, use command bind authentication
{pap|chap|chap-pap} [maximum sessions] in sub interface
T AB L E 7 0 B IN D AU T H E N T I C AT I O N C O M M AN D

Format Mode
bind
authentication This binds the dynamic circuit
{pap|chap|chap- Sub interface which encapsulated in PPP to the
pap} [maximum particular interface
sessions]
Result: This binds the dynamic circuit which encapsulated in

PPP to the particular interface.
Note: only effective when the circuit is PPPoE encapsulated.
4. To bind a circuit or Ethernet interface as multi type, use
command bind multi vbuivbui_number authentication
{pap | chap | chap-pap} [maximum sessions] in sub
interface configuration mode. This is shown in Table 71.
TABLE 71 BIND MULTI VBUI COMM AND

Format Mode
bind multi vbui

vbui_number
authentication
Sub This binds a circuit or Ethernet
{pap | chap |
interface interface as multi type
chap-pap}
[maximum
sessions]
Result: This binds a circuit or Ethernet interface as multi type.

5. To static bind the circuit to vbui interface, use command

bind vbui vbui-number [maximum sessions] in sub
TABLE 72 BIND VBUI COMM AND

Format Mode
bind vbui
vbui-
This statical binds the circuit to vbui
number Sub interface
interface
[maximum
sessions]
Result: This statical binds the circuit to vbui interface.

6. To set the vlan_id for a Ethernet interface, use command
dot1Q {< vlan-id | none } in sub interface configuration
mode. This is shown in Table 73.
TABLE 73 DOT1Q COMM AND

Format Mode
dot1Q {<
This sets the vlan_id for a Ethernet
vlan-id | Sub interface
interface
none }
Result: This sets the vlan_id for a Ethernet interface.

7. To configure vlan and mac address for the DSLAM for the
interface, use command dslam {name <vlan mac>} in sub
TABLE 74 DSLAM COMM AND

Format Mode
dslam
This configures vlan and mac
{name
Sub interface address for the DSLAM for the
<vlan
interface
mac>}
Result: This configures vlan and mac address for the DSLAM for
the interface.
8. To set the encapsulate mode for the bras service interface,
use command encapsulation {ppp-over-ethernet|multi| ip-
over-ethernet | bridge1483 | route1483| ppp llc|dot1q{ppp-
over-ethernet|ip-over-ethernet|multi}} in sub interface
config mode. This is shown in Table 75.

TABLE 75 ENCAPSULATION COMM AND

Format Mode
encapsulation
{ppp-over-
ethernet|multi|
ip-over-ethernet
| bridge1483 |
This sets encapsulation mode for
route1483| ppp Sub interface
the bras service interface
llc|dot1q{ppp-
over-
ethernet|ip-
over-
ethernet|multi}}
Result: This sets the encapsulation mode for the brass service
interface.
9. To config subscriber location information, use command
subscriber location in sub interface configuration mode.
TABLE 76 SUBSCRIBER LOCATION COMMAND

Format Mode
subscriber This configs subscriber location

Sub interface
location information
Result: This configs subscriber location information.

10. To display sub interface information, use command show
interface <type_slot/port.sub port> in privileged mode. This
is shown in Table 77.
TABLE 77 SHOW INTERFACE COMM AND

Command Format Mode
show interface
This displays sub interface
<type_slot/port.sub privileged
information
port>
Result: This displays sub interface information.

END OF STEPS.
Example:
ZXUAS(config)#interface fei_1/1.1 bras
ZXUAS(config-subif)#encapsulation multi
ZXUAS(config-subif)#bind multi vbui vbui1 authentication chap-pap
ZXUAS(config-subif)#subscriber location dhcp-option82 /*depend on

option82 protocol to locate user*/

ZXUAS(config)#show int fei_1/1.1 /*show the information for sub
interface*/
fei_1/1.1 is up, line protocol is up
Description is none
Keepalive set:0 sec
MAC address is 00d0.d0c0.0c80
The port is electric
Duplex half
access-type ethernet
encapsulation multi
bind multi vbui vbui1 authentication chap-pap maximum 8000
ppp idle interval 5 traffic-limit 0
ppp keepalive timer 1 count 10
ARP Timeout:00:00:00
Internet address is unassigned
MTU 1500 bytes
MRU 1500 bytes BW 10000 Kbits
ZXUAS(config)#
Configuring VBUI Interface

Introduction User VBUI interface configuration includes ip address for vbui
interface, IP pool for access user, and DNS information for the
users.
Packets of DHCP received by ZXUAS 10600 have option60
attributes, such as user name and password, which can be used
by authentication. ZXUAS 10600 use this option60 attributes to
deside to allow the user to connenct or not.
Users connect to device indirectly such as via DSLAM or other
devices. In order to obtain the location of user, both ZXUAS
10600 and connected devices run VBASE or option82, ZXUAS
10600 obtains user location information from the packet it
receives from connected device.
Purpose Refer to below procedure for the configuration of user interface.
Steps For the configuration of VBUI interface, perform the following
steps:
1. To enter into the VBUI interface mode, use command
interface vbui in global configuration mode. This is shown
in Table 78 .

TABLE 78 INTERFACE VBUI COMM AND

Format Mode
interface This enters into the VBUI interface

Global config
vbui mode
Result: This enters into the VBUI interface mode.
2. To set aged time for arp, use command arp timeout in VBUI
interface configuration mode. This is shown in Table 79 .
T AB L E 7 9 AR P TIM E O U T C OM M AN D

Format Mode
arp
VBUI interface This sets time for arp
timeout
Result: This sets time for arp.
3. To identify option60, use command dhcp option60 in VBUI

TABLE 80 DHCP OPTION60 COMM AND

Format Mode
dhcp
VBUI interface This identifies option60
option60
Result: This identifies option60.
4. To configure trust option82, use command dhcp trust-

option82 in VBUI interface configuration mode. This is
shown in Table 81.
TABLE 81 DHCP TRUST OPTION82 COMMAND

Format Mode
dhcp trust-
VBUI interface This configures trust option
option82
Result: This configures trust option.
5. To configure dhcp subscriber idle detect, use command dhcp

idle in VBUI interface configuration mode. This is shown in
Table 82.

TABLE 82 DHCP IDLE COMM AND

Format Mode
dhcp idle This configures dhcp subscriber idle

VBUI interface
detect
Result: This configures dhcp subscriber idle detect.

6. To configure the ip address for vbui interface, use command
ip address in VBUI interface configuration mode. This is
shown in Table 83.

Format Mode
ip address
<ip-
This configures ip address for vbui
address> VBUI interface
interface
<net-
mask>
Result: This configures ip address for vbui interface.

7. To configure DNS, use command dns in VBUI interface
configuration mode. This is shown in Table 84
TABLE 84 DNS COMM AND

Command Format Mode
Dns
VBUI
<primary|secondary> This configures DNS
interface
<ip address>
Result: This configures DNS.

8. To configure user open computer to authentication and
obtain address, use command ip dhcp auth-on-up enable
in VBUI interface configuration mode. This is shown in Table
85.
TABLE 85 IP DHCP AUTHENTICATION COMM AND

Format Mode
ip dhcp This configure user open computer

auth-on- VBUI interface to authentication and obtain
up enable address
Result: This configure user open computer to authentication

and obtain address

9. To configure ip pool for user, use command ip pool <1-

2000> poolname start-ip end-ip in VBUI interface
configuration mode. This is shown in Table 86 .
TABLE 86 IP POOL COMMAND

Format Mode
ip pool <1-
2000>
poolname VBUI interface This configures ip pool for user
start-ip
end-ip
Result: This configures ip pool for user.

10. To monitor DHCP user idle time, use command dhcp user－
detect in VBUI interface configuration mode. This is shown
in Table 87 .
TABLE 87 DHCP USER COMM AND

Format Mode
dhcp user
VBUI interface This monitors DHCP user idle time
－detect
Result: This monitors DHCP user idle time.

11. To configure web force authentication, use command web
authentication subscriber web force in VBUI interface
configuration mode. This is shown in Table 88 .
TABLE 88 WEB AUTHENTICATION COMM AND

Format Mode
web
authentication VBUI This configures web force
subscriber interface authentication
web force
Result: This configures web force authentication.

12. To configure web server address, use command web server
ip-address in VBUI interface configuration mode. This is
shown in Table 89.
TABLE 89 WEB ADDRESS COMM AND

Format Mode
web
server ip- VBUI interface This configures web server address
address

Result: This configures web server address.

END OF STEPS.
Example:
ZXUAS(config)#interface vbui100
ZXUAS(config-if)#arp timeout 5000
ZXUAS(config-if)#dhcp option60
ZXUAS(config-if)#dhcp trust-option82 /*connected device use
option82 to support user location information which need configure in
ZXUAS 10600 */
ZXUAS(config-if)#ip pool abc 100.100.128.1 100.100.128.254
ZXUAS(config-if)#dhcp idle period 180 traffic 50
ZXUAS(config-if)#dns primary 200.101.1.10
ZXUAS(config-if)#web authentication subscriber web force
ZXUAS(config-if)#web server 10.61.96.90
ZXUAS(config-if)#ip dhcp auth-on-up enable
ZXUAS(config-if)#dhcp user－detect /* set the detect times for DHCP
user and the interval, this function is not adapt to the user which
encapsulate IPOA*/
Service Access List (SAL)

Configuration
When SAL associate with a circuit (the encapsulation for this
circuit is PPP or multi), system permit or forbid some domains
supported PPP and IP access service in that circuit.
Purpose Refer to below procedure for the configuration of SAL.
Steps For the configuration of SAL, perform the following steps:
1. To configure the alias for SAL, use command alias <name>
in SAL configuration mode. This is shown in Table 90.
T AB L E 9 0 AL I AS C O M M AN D

Format Mode
alias
SAL config This configures the alias for SAL
<name>
Result: This configures the alias for SAL.

2. To configure Default domain for SAL, use command default

domain <domain-name> in SAL configuration mode. This is
shown in Table 91.
TABLE 91 DEFAUL DOM AIN COMM AND

Format Mode
default
domain This configures Default domain for
SAL config
<domain- SAL
name>
Result: This configures Default somain for SAL.

3. To deny domain to access, use command deny {domain
<domain-name> | any} in SAL configuration mode. This is
shown in Table 92.
TABLE 92 DENY COMM AND

Format Mode
deny
{domain
<domain- SAL config This denies domain to access
name> |
any}
Result: This denies domain to access.
4. When user’s domain do not exist, use the appointed domain

to let user to access by using command none domain
<domain-name> in SAL configuration mode. This is shown in
Table 93.
TABLE 93 NONE DOM AIN COMM AND

Format Mode
none
domain
SAL config This allows the access for the users
<domain-
name>
Result: This allows the access for the users.

5. To configure permit domain access, use command permit
{domain <domain-name> | any} in SAL configuration mode.

TABLE 94 PERMIT COMM AND

Format Mode
permit
{domain
This configures permit domain
<domain- SAL config
access
name> |
any}
Result: This configures permit domain access.

6. To translate the user’s domain name to the appointed
domain name, use command translate {src-domain <src-
domain> | any} <dest-domain> in SAL configuration mode.
TABLE 95 TRANSLATE COMM AND

Format Mode
translate
{src-
domain This translates the user’s domain
<src- SAL config name to the appointed domain
domain> | name
any} <dest-
domain>
Result: This translates the user’s domain name to the appointed

domain name.
END OF STEPS.
Example:
ZXUAS(config)#bras
ZXUAS(config-bras)#sal 1
ZXUAS(config-sal-1)#alias special-sal
ZXUAS(config-sal-1)#default domain zte.com.cn /*zte.com.cn is the
alias for one established domain*/
ZXUAS(config-sal-1)#deny domain 8
ZXUAS(config-sal-1)#permit domain another.com.cn /* zte.com.cn is
the alias for one established domain */
ZXUAS(config-sal-1)#translate src-domain zte.com.cn des-domain
another.com.cn
---------------------------------
ZXUAS(config)#int fei_1/1.1 bras
ZXUAS(config-subif)#sal 1

Configuring Domain
Purpose Refer to below procedure for the configuration of domain.
Steps For the configuration of domain, perform the following steps:
1. To enter into BRAS configuration mode, use command bras
in global configuration mode. This is shown in Table 96 .
TABLE 96 BRAS COMM AND

Format Mode
bras Global config This enters into BRAS configuration

mode
Result: This enters into BRAS configuration mode.

2. To set domain, use command domain <1-2000> in bras
config mode. This is shown in Table 97
TABLE 97 DOM AIN COMM AND

Format Mode
domain Bras config

This sets domain
<1-2000>
Result: This sets domain.

3. To configure the alias for domain, use command alias
<name> [advertise] in domain configuration mode. This is
shown in Table 98 .
T AB L E 9 8 AL I AS C O M M AN D

Format Mode
alias Domain config

<name> This configures domain alias
[advertise]
Result: This configures domain alias.
4. To set accounting group associated with domain, use

command accounting-group < group-number> [second] in
domain configuration mode. This is shown in Table 99.

T AB L E 9 9 AC C O U N T I N G GRO U P C OM M AN D

Format Mode
accounting- Domain config

group <
This sets accounting group
group-
associated with domain
number>
[second]
Result: This sets accounting group associated with domain.

5. To set the mode for user accounting, use command
accounting-type {none|radius} in domain configuration
TABLE 100 ACCOUNTING TYPE COMM AND

Format Mode
accounting- Domain config

This sets the mode for user
type
accounting
{none|radius}
Result: This sets the mode for user accounting.

6. To set the authentication server group associate with the
domain, use command authentication-group <group-
number> in domain configuration mode. This is shown in
Table 101.
TABLE 101 AUTHENTICATION GROUP COMM AND

Format Mode
authentication- Domain This sets the authentication

group <group- config server group associate with the
number> domain
Result: This sets the authentication server group associate with

the domain.
7. To set the mode for user authentication, use command
authentication-type {none|local|radius} in domain
TABLE 102 AUTHENTICATION TYPE COMMAND

Command Format Mode
authentication-type Domain
{none|local|radius|local- config This sets the mode for user
radius|radius- authentication
local|radius-none}
Result: This sets the mode for user authentication.

8. To set web force for user, use command ppp web-force

timer in domain configuration mode. This is shown in Table
103.
TABLE 103 PPP COMM AND

Format Mode
ppp web- Domain config

This sets web force for user
force timer
Result: This sets web force for user.

9. To set L2TP accounting, use command l2tp-accounting in
domin configuration mode. This is shown in Table 104.
TABLE 104 12TP COMM AND

Format Mode
l2tp- Domain config

accounting This sets L2TP accounting
enable
Result: This sets L2TP accounting.

10. To open or close circuit authentication switch, use command
circuit-authentication in domain configuration mode. This
TABLE 105 CIRCUIT AUTHENTICATION COMM AND

Format Mode
circuit- Domain
authentication config This sets circuit authentication
enable
Result: This opens or closes circuit authentication switch.

11. To make a domain associate with a VRF, use command ip
vrf <vrf-name> in domain configuration mode. This is shown
in Table 106.
TABLE 106 IP VRF COMMAND

Format Mode
ip vrf <vrf- Domain config This makes a domain associate with

name> a VRF
Result: This makes a domain associate with a VRF.

12. To set the maximum user number for the domain, use
command max-subscriber <number> in domain
TABLE 107 MAX SUBSCRIBER COMM AND

Format Mode
max- Domain config

This sets the maximum user numbe
subscriber
for the domain
<number>
Result: This sets the maximum user number for the domain.
END OF STEPS.
Example:
ZXUAS(config)#bras
ZXUAS(config-bras)#
ZXUAS(config-bras)#domain 2
ZXUAS(config-domain-2)#alias zte.com
ZXUAS(config-domain-2)#accounting-group 8
ZXUAS(config-domain-2)#accounting-type radius
ZXUAS(config-domain-2)#authentication-group 10
ZXUAS(config-domain-2)#authentication-type radius
ZXUAS(config-domain-2)#l2tp-accounting enable /*open l2tp
accounting, configure depend on needed*/
ZXUAS(config-domain-2)#ppp web-force timer 5 count 2 /*set the web
force to the user in domain, configure depend on needed */
ZXUAS(config-domain-2)#circuit-authentication enable
ZXUAS(config-domain-2)#max-subscriber 1000
Domain User Template

Configuration
Introduction Domain user template configuration is to simplify configuration
of user. Aimed at different type of user, system configure
different template, when need to configure user, just use the
user template to definite, instead of configure user’s attributes
each times.
Purpose Refer to below procedure for the configuration of domain user
template.
Steps For the configuration of domain user template, perform the
following steps:

1. To configure ACL associate with user template, use command

access-list <acl- number> in subscriber template
TABLE 108 ACCESS LIST COMM AND

Format Mode
access-list
Subscriber This configures ACL associate with
<acl-
template user template
number>
access-
list-
Subscriber This configures ACL associate with
outside
template user template
<acl-
number>
Result: This configures ACL associate with user template.

2. To configure ip address for the user, use command ip
address {ip-address|pool pool-name|interface interface-
name|vrf} in subscriber template configuration mode. This is
shown in Table 109.

Format Mode
ip address
{ip-
address|pool
Subscriber This configures ip address for the
pool-
template user
name|interface
interface-
name|vrf}
Result: This configures ip address for the user.

3. When PPPoE user establishes session, appointed the web
browser to a particular URL automaticlly by using command
pppoe url url-name in subscriber template configuration
TABLE 110 PPPPOE URL COMM AND

Command Mode
Format
pppoe url <url- This appoints the web

Subscriber
name> browser to a particular URL
template
automatically
Result: This appoints the web browser to a particular URL

automatically.

4. To configure the timeout for PPP or PPPoE user, use

command timeout absolute minutes in subscriber
template configuration mode. This is shown in Table 111.
TABLE 111 TIMEOUT COMMAND

Format Mode
timeout
Subscriber This configures timeout for PPP or
absolute
template PPoE user
<minutes>
Result: This configures timeout for PPP or PPoE user.

END OF STEPS.
Example:
ZXUAS#config terminal
ZXUAS(config)#bras
ZXUAS(config-domain-10)#subscriber-template
ZXUAS(config-domain-subtmp)#ip address pool my-pool
ZXUAS(config-domain-subtmp)#pppoe url http：//www.zte.com.cn/
ZXUAS(config-domain-subtmp)#timeout absolute 200
Configuring Subscriber (User)

Purpose Refer to below procedure for the configuration of user.
Steps For the configuration of user, perform the following steps:
1. To enter into the bras configure mode, use command bras in
global configuration mode. This is shown in Table 112.
TABLE 112 BRAS COMM AND

Format Mode
bras This enters into bras configuration

global
mode
Result: This enters into bras configuration mode.

2. To enter into user configuration mode, use command
subscriber in bras configuration mode. This is shown in
Table 113.

TABLE 113 SUBSCRIBER COMM AND

Format Mode
Subscriber
<username>
This enters into user configuration
domain- Bras config
mode
name<domain-
name>
Result: This enters into user configuration mode.

3. To configure the method in which the user obtains IP
Address, use command ip address in user configuration

Format Mode
ip address This configures the method in which

User config
the user obtains IP address
Result: This configures the method in which the user optains IP

address.
4. To configure the password for user, use command password
in user configuration mode. This is shown in Table 115.
TABLE 115 PASSWORD COMM AND

Format Mode
This configures the password for

password User config
user
Result: This configures the password for user.

5. To appoint circuit or physical location from which user access
the device, use command cir-bind in user configuration
TABLE 116 CIR BIND COMMAND

Format Mode
This appoints circuit or physical

cir-bind User config location from which use access the
device
Result: This appoints circuit or physical location from which user

access the device.
6. To configure the TCP connection mode and numbers, use
command tcp-limit in user configuration mode. This is
shown in Table 117.

TABLE 117 TCP LIMIT COMM AND

Format Mode
tcp-limit This configures the TCP connection

User config
mode,numbers and rate
Result: This configures the TCP connection mode and numbers.

7. To set the web browser to a special URL when PPPoeE user
establishes the session, use command ppp url <url> in user
TABLE 118 PPPOE COMMAND

Format Mode
ppp url This sets the web browser to a

<url> User config special URL when PPPoeE user
establishes the session
Result: This sets the web browser to a special URL when PPPoeE
user establishes the session.
END OF STEPS.
Example:
ZXUAS(config)#bras
ZXUAS(config-bras)#subscriber loyalty domain-name zte.com.cn /*
zte.com.cn is a domain’s alias */
ZXUAS(config-sub-loyalty)#ip address pool tele-pool
ZXUAS(config-sub-loyalty)#tcp-limit mode mon-sum-rate /*configure
the user’s TCP connect mode */
ZXUAS(config-sub-loyalty)#tcp-limit rate 800 /*user TCP speed */
ZXUAS(config-sub-loyalty)#tcp-limit num 10 /*user TCP connect
number*/
ZXUAS(config-sub-loyalty)#cir-bind bras 1 10 vlan 10 /*appoint the
access location for user*/
ZXUAS(config-sub-loyalty)#password loyal
ZXUAS(config-sub-loyalty)#ppp url http：//www.zte.com.cn/
Point to Point Protocol

Introduction Point-to-Point Protocol (PPP) originally emerged as an
encapsulation protocol for transporting IP traffic over point-to-
point links. PPP also established a standard for assignment and
management of IP addresses asynchronous (start/stop), bit-
oriented synchronous encapsulation, network protocol

multiplexing, link configuration as network layer address

negotiation and data-compression negotiation.
PPP supports these functions by providing an extensible Link
Control Protocol (LCP) and a family of Network Control Protocols
(NCPs) to negotiate optional configuration parameters and
facilities. In addition to IP, PPP supports other protocols,
including Novell's Internetwork Packet Exchange (IPX) and
DECnet.
PPP PPP provides a method for transmitting datagram’s over serial
Components point-to-point links. PPP contains three main components:
A method for encapsulating datagram’s over serial links. PPP
uses High-Level Data Link Control.
(HDLC) protocol as a basis for encapsulating datagram over
point-to-point links.
An extensible LCP to establish, configure, and test the data
link connection.
A family of NCPs for establishing and configuring different
network layer protocols. PPP is designed to allow the
simultaneous use of multiple network layer protocols.
PPP Link Layer PPP uses principles, terminology and frame structure of
International Organization for Standardization (ISO) HDLC
procedures (ISO 3309-1979 Transmission.” ISO 3309-1979
specifies HDLC frame structure for use in synchronous
environments.
ISO 3309:1984/PDAD1 specifies proposed modifications to ISO
3309-1979 to allow its use in asynchronous environments. PPP
control procedures use definitions and control field encodings
standardized in ISO 4335-1979 and ISO 4335-1979/Addendum
1-1979. PPP frame format appears in Figure 41.
FIGURE 41 SIX FIELDS M AKE UP PPP FRAME
Following descriptions summarize PPP frame fields illustrated in

Figure 41.
Flag—A single byte that indicates the beginning or end of a
frame. The flag field consists of binary sequence 01111110.
Address—a single byte that contains binary sequence
1111111, the standard broadcast address. PPP does not
assign individual station addresses.

Control—a single byte that contains binary sequence

00000011, which calls for transmission of user data in an
unsequenced frame. A connectionless link service similar to
that of Logical Link Control (LLC) Type 1 is provided.
Protocol—two bytes that identify protocol encapsulated in
information field of frame. The most up-to-date values of
protocol field are specified in most recent Assigned Numbers
Request for Comments (RFC).
Data—Zero or more bytes that contain datagram for the
protocol specified in the protocol field. The end of the
information field is found by locating the closing flag
sequence and allowing 2 bytes for the FCS field. The default
maximum length of the information field is 1,500 bytes. By
prior agreement, consenting PPP implementations can use
other values for the maximum information field length.
Frame check sequence (FCS)—normally 16 bits (2 bytes). By
prior agreement, consenting PPP implementations can use a
32-bit (4-byte) FCS for improved error detection. The LCP
can negotiate modifications to the standard PPP frame
structure. Modified frames, however, always will be clearly
distinguishable from standard frames.
LCP can negotiate modifications to standard PPP frame structure.
Modified frames, however, always must be clearly
distinguishable from standard frames.
PPP Authentication Protocols

Introduction Point−to−Point Protocol (PPP) currently supports two
authentication protocols: Password Authentication Protocol (PAP)
and Challenge Handshake Authentication Protocol (CHAP). Both
are specified in RFC 1334 and are supported on synchronous and
asynchronous interfaces.
PAP (Password Authentication Protocol)
CHAP (Challenge Handshake Authentication Protocol)
Password Authentication Protocols

(PAP)
Introduction PAP provides a simple method for a remote node to establish its
identity using a two-way handshake. After PPP link
establishment phase is complete, a username and password pair
is repeatedly sent by the remote node across the link (in clear
text) until authentication is acknowledged, or until the
connection is terminated.

Unidirectional As with most types of authentication, PAP supports bi-directional

VS (two ways) and unidirectional (one way) authentication. With
Bidirectional unidirectional authentication, only the side receiving the call
Authentication (NAS) authenticates the remote side (client). The remote client
does not authenticate the server.
With bi-directional authentication, each side independently sends
an Authenticate-Request (AUTH−REQ) and receives either an
Authenticate -Acknowledge (AUTH−ACK) or Authenticate- Not
Acknowledged (AUTH−NAK).
Purpose Refer to below procedure for password authentication protocol
(PAP) on ZTE ZXUAS 10600.
Steps 1. To bind the interface for PPP authentication PAP mode, use
bind authentication pap command in bras interface
TABLE 119 PPP AUTHENTICATION COMMAND

Command Format Mode
bind This binds the interface for

BRAS
authentication PPP authentication (PAP
subinterface
pap mode)
Result: This binds the interface for PPP authentication (PAP

mode).
Example:
As shown in Figure 42, fei_6/1.1 interface of ZXUAS 10600-1 is
connected to fei_6/1.2 of ZXUAS 10600-2.
FIGURE 42 PPP CONFIGURATION EX AMPLE
fei_6/1.2
192.168.1.2/30
fei_6/1.1
192.168.1.1/30
ZXUAS 10600-1 ZXUAS 10600-2

ZXUAS(config-subif)# encapsulation ppp-over-ethernet
ZXUAS(config-subif)#bind authentication pap
ZXUAS(config-subif)#dot1q none

Configuration of ZXUAS10600-2:

Challenge Handshake
Authentication Protocol (CHAP)
Introduction Challenge Handshake Authentication Protocol (CHAP) verifies the
identity of peer by means of a three-way handshake. These are
the general steps performed in CHAP.
LCP (Link Control Protocol) phase is complete, and CHAP is
negotiated between both devices, authenticator sends a
challenge message to peer.
Peer responds with a value calculated through a one-way
hash function (Message Digest 5 (MD5)).
Authenticator checks response against its own calculation of
expected hash value. If values match, authentication is
successful. Otherwise, connection is terminated.
This authentication method depends on a "secret" known only to
authenticator and peer. The secret is not sent over the link.
Although authentication is only one-way, this can negotiate
CHAP in both directions, with the help of the same secret set for
mutual authentication.
Purpose Refer to below procedure for challenge handshake authentication
protocol (CHAP) on ZTE ZXUAS 10600.
Steps In these steps, PPP (CHAP) configuration occurs through Hyper
Terminal emulation software, present in Windows Operating
System.
1. To bind the interface for PPP authentication CHAP mode, use
bind authentication chap command in bras interface
TABLE 120 PPP AUTHENTICATION

Format Mode
bind
BRAS This binds the interface for PPP
authentication
subinterface authentication (CHAP mode)
chap
Result: This sets PPP (CHAP) authentication mode (CHAP mode).

Example:
As shown in Figure 43, fei_6/1.1 interface of ZXUAS 10600-1 is
connected to fei_6/1.2 of ZXUAS 10600-2.
FIGURE 43 PPP CONFIGURATION EX AMPLE
fei_6/1.2
192.168.1.2/30
fei_6/1.1
192.168.1.1/30
ZXUAS 10600-1 ZXUAS 10600-2

ZXUAS(config-subif)#bind authentication chap
Configuration of ZXUAS10600-2:

ZXUAS(config-subif)#bind authentication chap
Configuring PPP Quick-redial

Introduction PPP fast-dialin function refers about receiveing of PPP request
into UAS. This function is used to check that user is already
connected with the UAS or disconnected. If PPP session is
established with the device then it clears the former PPP session,
sends the accounting packets to the accounting server and
response the new access request from the user.
Purpose Refer to below procedure for PPP fastin dial configuration on ZTE
ZXUAS 10600.
Steps 1. To configure PPP-fast dial in function, use quick-redial
<enable|disable> command in domain configuration mode as
shown in Table 121.

TABLE 121 PPP FAST-DIALIN FUNCTION COMM AND

Format Mode
quick-redial Domain This configures the PPP-fast dial

<enable|disable> in function
Result: This configures the PPP quick-redial in function.

Example:
The Example is given below.
ZXUAS(config)#bras
ZXUAS(config-domain-1) quick-redial enable
Configuring PPP Idle Timer

Introduction In PPP idle timer UAS creates an idle time and value of data
traffic for each online PPP user. If the traffic during the idle timer
which is configured in UAS, of PPP user is less than the setting
value, UAS considers that PPP user is offline, and delete that
user.
Purpose Refer to below procedure for PPP idle timer configuration on ZTE
ZXUAS 10600.
Steps 1. To configure PPP idle timer, use ppp idle interval-period
＜ 1-1440 ＞ traffic-limit ＜ 0-65535 ＞ command in BRAS
interface configuration mode as shown in Table 122.
TABLE 122 PPP IDLE INTERVAL COMM AND

Format Mode
ppp idle BRAS

interval- subinterface
period
＜60-86400 This configures the PPP idle timer
function
＞ traffic-
limit ＜0-
65535＞
Result: This configures the PPP idle timer function.

END OF STEPS.
Example:

ZXUAS#config ter
Enter configuration commands, one per line. End with CTRL/Z.
ZXUAS(config-subif)#ppp idle interval-period 60 traffic-limit 50
Configuring Flow Statistics

Introduction For users, flow statistics take count of IP packet; for circuit, flow
statistics take count of MAC packet.
Purpose Refer to below procedure for the configuration of flow statistics.
Steps 1. To configure flow statistics, use command flow-statistics
enable in BRAS mode. This is shown in Table 123.
TABLE 123 FLOW STATISTICS COMM AND

Format Mode
flow- BRAS
statistics This configures flow statistics
enable
Result: This configures flow statistics.

END OF STEPS.
Example:
The examples if given below:
ZXUAS(config)#bras
ZXUAS(config-bras)#flow-statistics enable
Access Control
Configuring Access Control
Introduction ZXUAS 10600 supports many types of access control. These
access control can be configured as BRAS sub-interfaces.
Purpose Refer to below procedure for the configuration of access circuits.

Steps 1. To configure the access control for BRAS, use access-type

＜adsl-cap| adsl-dmt| async| cable| Ethernet| g3fax | hdlc-
clear-channel | idsl |isdn-async-v110 |isdn-async-v120 |
isdn-sync| piafs| sdsl| sync| virtual| wireless| wireless-
ieee802-11|x25|x75 ＞ command in BRAS-subinterface
TABLE 124 ACCESS-TYPE CIRCUIT COMM AND

Format Mode
access-type ＜ BRAS-
adsl-cap| adsl- subinterface
dmt| async|
cable| Ethernet|
g3fax | hdlc-
clear-channel |
idsl |isdn-async-
This configures the access circuits
v110 |isdn-
for BRAS
async-v120 |
isdn-sync| piafs|
sdsl| sync|
virtual| wireless|
wireless-
ieee802-
11|x25|x75＞
Result: This configures the access circuits for BRAS.

END OF STEPS.
Example:
ZXUAS#config ter
ZXUAS(config-subif)#access-type adsl-cap
Configuring PPPoE
Introduction Point-to-Point Protocol over Ethernet (PPPoE) is a specification
for connecting multiple computer users on an Ethernet local area
network to a remote site through common customer premises
equipment.
Purpose Refer to below procedure for the configuration of PPPoE
authentication.
Below steps must be covered in order to configure PPPoE.


Configuring Domain
Steps 1. To enter into the Ethernet sub-interface configuration mode,

use interface <interface-number> <logical interface-
number><bras/vrf> command in global configuration mode
TABLE 125 SUB-INTERFACE COMM AND

Command Format Mode
interface Global
<interface- config This enables to enter into the
number> <logical Ethernet sub-interface
interface- configuration mode
number><bras/vrf>
Result: This enables to enter into the Ethernet sub-interface

configuration mode.
2. To configure PPP over Ethernet encapsulation, use
encapsulation ppp-over-ethernet command in Ethernet
sub-interface configuration mode as shown in Table 126.

Format Mode
encapsulation Ethernet sub-

This configures the PPP over
ppp-over- interface
Ethernet encapuslation
ethernet
Result: This configures the PPP over Ethernet encapsulation.

3. To configure bind authentication type, use bind
<authentication> <type> command in Ethernet sub-
TABLE 127 BIND COMM AND

Format Mode
bind Ethernet
<authentication> sub-interface This configures the bind type
<type>
Result: This configures the bind type.

4. To configure non-dot1q for subinterface, use dot1q none
command in Ethernet sub-interface configuration mode as
shown in Table 128.

TABLE 128 DOT1Q NONE COMM AND

Format Mode
dot1q Ethernet sub- This configures non-dot1q for

none interface subinterface
Result: This configures non-dot1q for subinterface.

END OF STEPS.
Example:

ZXUAS(config-subif)#encapsulation ppp-over-ethernet
Configuring PPPoEoV
Introduction Point-to-Point Protocol over Ethernet over Vlan (PPPoEoV) is a
protocol in which user comes from Ethernet with specific VLAN
ID.
Purpose Refer to below procedure for the configuration of PPPoEoV.
Below steps must be covered in order to configure PPPoEoV.
Configuring Domain
Steps 1. To enter into the Ethernet sub-interface configuration mode,

Command Format Mode
interface Global
number><bras/vrf>

configuration mode.

2. To configure PPP over Ethernet encapsulation, use

encapsulation ppp-over-ethernet command in Ethernet

Format Mode

This configures the PPP over
ppp-over- interface
Ethernet encapsulation
ethernet
Result: This configures the PPP over Ethernet encapsulation.

<authentication> <type> command in Ethernet sub-

Format Mode
bind Ethernet
<authentication> sub-interface This configures the bind type
<type>
Result: This configures the bind type.

4. To configure dot1q for subinterface, use dot1q <vlan-id>
shown in Table 132.
TABLE 132 DOT1Q COMMAND

Format Mode
dot1q Ethernet sub- This configures dot1q for

<vlan-id> interface subinterface
Result: This configures dot1q for subinterface.
Configuring PPPoA
Introduction Point-to-Point Protocol (PPP) over ATM is a network protocol for
encapsulating PPP frames in ATM AAL5. It is used mainly with
cable modem and DSL services. It offers standard PPP features
such as authentication, encryption, and compression.
Purpose Refer to below procedure for the PPPoA configuration.
Below steps must be covered in order to configure PPPoA.


Configuring Domain
Steps 1. To enter into the ATM sub-interface configuration mode, use
interface <interface-number> <logical interface-
TABLE 133 INTERFACE COMM AND

Command Format Mode
interface Global
number> <logical ATM sub-interface configuration
interface- mode
number><bras/vrf>
Result: This enables to enter into the ATM sub-interface

configuration mode.
2. To configure ATM PVC for sub-interface, use atm pvc
<vpi/vci> command in ATM sub-interface configuration
TABLE 134 ATM PVC COMMAND

Format Mode
atm pvc ATM sub- This configures ATM PVC<vpi/vci>

<vpi/vci> interface for sub-interface
Result: This configures ATM PVC<vpi/vci> for sub-interface.

3. To configure IPoA encapsulation type, use encapsulation
route1483 command in ATM sub-interface configuration
TABLE 135 ENCAPSULATION ROUTE COMM AND

Format Mode
encapsulation ATM sub- This configures PPPoA

ppp-llc interface encapsulation type
Result: This configures PPPoA encapsulation type.

<authentication> <type> command in ATM sub-interface


Format Mode
bind ATM sub-

This configures the bind
<authentication> interface
authentication type
<type>
Result: This configures the bind authentication type.

command in ATM sub-interface configuration mode as shown
in Table 137.

Format Mode
dot1q ATM sub- This configures non-dot1q for


END OF STEPS.
Example:
ZXUAS(config)#interface atm155_1/1.1 bras

ZXUAS(config-subif)#atm pvc 8 81
ZXUAS(config-subif)#encapsulation ppp-llc
Configuring PPPoEoA
Introduction Point-to-Point Protocol (PPPoEoA) over Ethernet over atm is a
network protocol for encapsulating PPP frames first into Ethernet
then into ATM cell.
Purpose Refer to below procedure for the PPPoEoA configuration.
Below steps must be covered in order to configure PPPoEoA.
Configuring Domain
Steps 1. To enter into the ATM sub-interface configuration mode, use
interface <interface-number> <logical interface-


TABLE 138 INTERFACE COMM AND

Command Format Mode
interface Global
interface- mode
number><bras/vrf>

configuration mode.
2. To configure ATM PVC for sub-interface, use atm pvc
<vpi/vci> command in ATM sub-interface configuration
TABLE 139 ATM PVC COMMAND

Format Mode
atm pvc ATM sub- This configures ATM PVC<vpi/vci>

<vpi/vci> interface for sub-interface
Result: This configures ATM PVC<vpi/vci> for sub-interface.

3. To configure PPP over Ethernet encapsulation type, use
encapsulation ppp-over-ethernet command in ATM sub-
TABLE 140 ENCAPSULATION ROUTE COMM AND

Format Mode
encapsulation ATM sub-

This configures PPP over Ethernet
ppp-over- interface
encapsulation type
ethernet
Result: This configures PPP over Ethernet encapsulation type.

<authentication> <type> command in ATM sub-interface

Format Mode
bind ATM sub-

This configures the bind
<authentication> interface
authentication type
<type>

Result: This configures the bind authentication type.

in Table 142.

Format Mode


END OF STEPS.
Example:

ZXUAS(config-subif)#encapsulation ppp-over-ethernet
Configuring Static IPoE

Introduction Static IPoE refers to encapsulate the Ethernet frames into IP
packet with static IP address.
Purpose Refer to below procedure for the static IPoE configuration.
Below steps must be covered in order to configure static IPoE.
Configuring VBUI Interface and assigns the static IP address
for the user.
Steps 1. To enter into the VBUI interface mode, use command
interface vbui<vbui number> in global configuration mode
TABLE 143 INTERFACE VBUI COMMAND

Format Mode
interface
This enables to enter into the VBUI
vbui<vbui Global config
interface mode
number>

Result: This enables to enter into the VBUI interface mode.

shown in Table 144.

Format Mode
ip address This configures ip address for vbui

VBUI interface
interface

3. To configure the static ip address for the user and assigns
the static slot and port number to the user, use ip host <ip
address><slot><port number> command in VBUI interface
TABLE 145 IP HOST COMMAND

Command Format Mode
ip host <ip
VBUI This configures the static ip
address><slot><port
interface address for the user
number>
Result: This configures the static ip address for the user.

4. To enter into the Ethernet sub-interface configuration mode,

Command Format Mode
interface Global
number><bras/vrf>

configuration mode.
5. To configure the ip over Ethernet encapsulation, use
encapsulation ip-over-ethernet command in Ethernet


Format Mode

This configures the ip over
ip-over- interface
ethernet
Result: This configures the ip over Ethernet encapsulation.

6. To configure bind vbui, use bind <vbui> <vbui interface
number> command in Ethernet sub-interface configuration

Format Mode
bind Ethernet sub-

<vbui><vbui interface
This configures bind vbui.
interface
number>
Result: This configures the bind vbui.

shown in Table 176.

Format Mode


END OF STEPS.
Example:
ZXUAS(config-if)#ip host 12.1.1.4 slot 7 port 14 /*user connect to
device through slot 7 interface 14 */
ZXUAS(config-if)#exit

ZXUAS(config-subif)#enc ip-over-ethernet
ZXUAS(config-subif)#bind vbui vbui1
ZXUAS(config-subif)#end

Configuring Static IPoEoV

Introduction Static IPoEoA refers to encapsulate the Ethernet frames into IP
packet with static IP address which contains specific VLAN id.
Purpose Refer to below procedure for the static IPoEoA configuration.
Below steps must be covered in order to configure static IPoEoV.
for the user.

Format Mode
interface
vbui<vbui global
interface mode
number>

shown in Table 151.

Format Mode

VBUI interface
interface


Command Format Mode
ip host <ip
address><slot><port
number>



Command Format Mode
interface Global
<interface- This enables to enter into the
number><bras/vrf>

configuration mode.
encapsulation dot1q ip-over-ethernet command in
Ethernet sub-interface configuration mode as shown in Table
154.

Format Mode

dot1q ip- interface
over-ethernet

6. To configure bind vbui, use bind <vbu>i <vbui interface

Format Mode
bind Ethernet sub-

interface
number>

7. To configure dot1q for subinterface, use dot1q<vlan id>
shown in Table 156.


Format Mode
dot1q<vlan- Ethernet sub- This configures non-dot1q for

id> interface subinterface

END OF STEPS.
Example:
ZXUAS(config-if)#ip host 12.1.1.4 slot 7 port 14 vlan 10 /*user come
from slot 7 interface 14 which vlan id 10. */

ZXUAS(config-subif)#enc dot1q ip-over-ethernet
ZXUAS(config-subif)#dot1q 10 /*this circuit can transfer the IPoE
user packet with vlan-id 10*/
ZXUAS(config-subif)#end
Configuring Static IPoEoA

Introduction Static IPoEoA is the staic IP user which encapsulates in Ethernet
frames which is connected by ATM circuit.
Purpose Refer to below procedure for the static IPoEoA configuration.
Below steps must be covered in order to configure static IPoEoA.
for the user.



Format Mode
interface
vbui<vbui global
interface mode
number>

shown in Table 158.

Format Mode

VBUI interface
interface


Command Format Mode
ip host <ip
address><slot><port
number>


Command Format Mode
interface Global
<interface- This enables to enter into the
interface- mode
number><bras/vrf>

configuration mode.


encapsulation ip-over-ethernet command in ATM sub-

Format Mode
encapsulation ATM sub-

ip-over- interface
ethernet

6. To configure bind vbui, use bind <vbu>i <vbui interface
number> command in ATM sub-interface configuration mode

Format Mode
bind ATM sub-

interface
number>

7. To configure dot1q for subinterface, use dot1q none
in Table 163.

Format Mode


END OF STEPS.
Example:
ZXUAS(config-if)#ip host 12.1.1.4 slot 7 port 14


ZXUAS(config-subif)#enc ip-over-ethernet
DHCP Web Access Configuration

Introduction For dynamic IP access, users need application the user address
to BRAS through the DHCP client. When received the application,
BRAS allocate the address for user, create the data transmit
access depend on the configure situation. If use WEB
authentication method, users need fill in the user information at
appointed WEB server, and initiate the authentication process.
WEB server support the user’s information to ZXUAS 10600,
ZXUAS 10600 authenticate the user at local or in the radius
server. If user pass the authentication, ZXUAS 10600
modification the right of through network in user’s record,
permit the user to access to internet.
Purpose Refer to below procedure for the configuration of DHCP web
access.
Below steps must be covered in order to configure DHCP web
access.
Configuring Domain
Configuring DHCP Server

Format Mode
interface
vbui<vbui Global config
interface mode
number>

shown in Table 165.


Format Mode

VBUI interface
interface

3. To configure ip pool for user, use command ip pool <1-
2000> poolname start-ip end-ip in VBUI interface

Format Mode
ip pool <1-
2000>
poolname VBUI interface This configures ip pool for user
start-ip
end-ip
Result: This configures ip pool for user.

4. To configure IP DHCP mode as server, use ip dhcp mode
server command in VBUI interface configuration mode as
shown in Table 167.
TABLE 167 IP DHCP MODE RELAY COMMAND

Format Mode
ip dhcp
This configures IP DHCP mode as a
mode VBUI interface
server
server
Result: This configures IP DHCP mode as a server.

5. To set the gateway of DHCP client, use ip dhcp server
gateway <ip address> command in in VBUI interface
TABLE 168 IP DHCP SERVER GATEW AY COMM AND

Format Mode
ip dhcp
server
This sets the gateway of DHCP
gateway VBUI interface
client
<ip
address>
Result: This sets the gateway of DHCP client.

6. To configure web authentication subscriber, use web

authentication subscriber web command in in VBUI
TABLE 169 WEB- AUTHENTICATION SUBCRIBER WEB COMM AND

Format Mode
web
authentication VBUI This configures web
subscriber interface authentication subscriber
web
Result: This configures web authentication subscriber.

7. To configure web server address, use web server <ip
address> command in in VBUI interface configuration mode
TABLE 170 WEB-SERVER COMM AND

Format Mode
web
server <ip VBUI interface This configures web server address
address>
Result: This configures web server address.

8. To configure parameter for http user, use http-param user
<user> command in web server configuration mode as
shown in Table 171.
TABLE 171 HTTP P AR AM COMM AND

Command Mode
Format
http-param This configures parameter

Web-server
user <user> for http user
Result: This configures parameter for http user.


Command Format Mode
interface Global This enables to enter into the

<interface- config Ethernet sub-interface
number> <logical configuration mode
interface-


Command Format Mode
number><bras/vrf>

configuration mode.

Format Mode

ip-over- interface
ethernet


Format Mode
bind Ethernet sub-

interface
number>

shown in Table 175.

Format Mode


Example:
ZTE WAS authentication server is used to illustrate how to
configure the WEB client.

1. After configuration of ZXUAS 10600, start the WEB client, A

user login dialog box will be displayed as shown in Figure 44.
The user is need to input the user name and password (both
of them are admin).
FIGURE 44 LOGIN DIALOG BOX
2. When login is successful, enter into the client system

management interface as shown in Figure 45.
FIGURE 45 MAIN WINDOW
3. Select the [UAS management ] in [system managment]

menu, a [UAS management] interface is pop up as shown in
Figure 46.

FIGURE 46 UAS MANAGEMENT WINDOW
4. Click <add> button, a pop-up is appeared [click on add UAS

configuration interface as shown in Figure 47.
FIGURE 47 UAS CONFIGURATION WINDOW
5. In [UAS name] text-box, fill in the UAS system’s name which

process the web authentication; In [IP address] text-box, fill
in the ip address of ZXUAS 10600 network interface; In [port]
text-box, fill in 2000.
6. Click <add> button, a pop interface is displayed as shown in
Figure 48, to add a IP pool fill in the text-boxes.

FIGURE 48 IP POOL WINDOW
7. After finishing the ip pool configuration, click <ok> button,

UAS configuration window is displayed as shown in Figure 49.
FIGURE 49 UAS CONFIGURATION WINDOW
After finishing the entire configuration, use a PC and connect to

the user interface of BRAS as a client, configure the ZXUAS
10600 as an auto allocate address mode. Open the IE browser in
PC, input one IP address in URL, PC will enter into WEB
authentication interface automaticly, input the user’s name and
password (in this example, we use test@zte.com as user’s name
and test as password).
If PC is able to ping the ip address of ZXUAS 10600’s network
interface ip address, This is successful DHCP web access
configuration.
Configuring QinQ
Introduction When received Ethernet packet with tag, encapsulate the new
vlan tag. This vlan tag is called outer vlan tag. Whereas in the
send side, take out this outer vlan tag, and send the packet to
relative interface.
Purpose Refer to below procedure for the static QinQ configuration.


Steps For the configuration of QinQ, perform the following steps:
1. To create QinQ, use command qinq <vlan-id> second-
dot1q <vlan-id> in BRAS interface mode. This is shown in
Table 176.
TABLE 176 QINQ COMM AND

Format Mode
qinq <vlan- BRAS

id> subinterface
second- This creates QinQ
dot1q
<vlan-id>
Result: This creates QinQ.

END OF STEPS.
Example:
This example shows that enter into BRAS interface mode.
Encapsulate the circuit as dot1q mode. Create outer vlan tag
and then create QinQ vlan tab. Configure the bind type.
ZXUAS(config-subif)#encapsulation dot1q ip-over-ethernet
ZXUAS(config-subif)#dot1q 12 /*outer vlan tag*/
ZXUAS(config-subif)#qinq 12 second-dot1q 20 /*20 is the inner vlan
tag */

Chapter 7
BRAS Security
Overview
Introduction This chapter introduces configuration of radius and security
measures.
Contents This chapter covers the following contents:
Topic Page No
Radius (AAA) 130
Radius Overview 130
Configuring Radius Authentication 131
Radius Accounting Configuration 136
Configuring Radius Server Group Detection 142
Configuring Local and Radius Authorization 143
BRAS Security Measures 144
Configuring BRAS Security 144
Configuring MAC Address Control Access 146
Configuring PPP Authentication Failed 147

Management
Configuring Service Timer Management 148
Security Log Configuration 150
Configuration IP Verification 151
Configuring Interface Mirror 151

Radius (AAA)
Radius Overview
Intoduction RADIUS (Remote Authentication Dial-In User Service) is a
distributed, client/server protocol. Radius manages dispersive
dialed users. Radius manages authentication, authorization, and
accounting of users by a simple user database and can modify
the service for users depending on service type. Users submit
authentication and accounting request to Radius server through
BRAS.
When users want to establish connection to BRAS and obtain the
right to visit some other networks or use some network resource.
BRAS are responsible to send the user’s authentication and
accounting information to RADIUS server. RADIUS protocol
stipulates how to transmit this information between BRAS and
RADIUS server. RADIUS server is responsible to receive user’s
request from BRAS, authenticate name and password, and then
sends configuration information needed by user to BRAS.
Transactions between BRAS and RADIUS server are
authenticated through use of a shared secret. In addition, any
user passwords are sent encrypted between client and RADIUS
server, to eliminate the possibility that someone snooping on an
unsecured network could determine a user’s password.
RADIUS configuration is only configured in some parameters, it
needs to appoint to use RADIUS method in domain mode to
allow RADIUS protocol work, it also needs to set authentication
and accounting type as RADIUS.
AAA ZXUAS 10600 support user’s authentication, authorization and
description accounting (AAA). The description of AAA is as follows:
Authentication: Act of verifying a claimed identity, in the
form of a pre-existing label from a mutually known as name
space.
Authorization: Act of determining if a particular right, such as
access to some resource, can be granted to the presenter of
a particular credential.
Accounting: Act of collecting information on resource usage
for the purpose of trend analysis, auditing, billing or cost
allocation.

Chapter7 BRAS Security
Configuring Radius Authentication

Introduction ZXUAS 10600 has three types of authentication: none-
authentication, local authentication, RADIUS authentication.
Purpose Refer to below procedure for the configuration of user
authentication.
Steps For the configuration of user authentication, perform the
following steps:
1. To configure authentication server group, use command
radius authentication-group <1-2000> in global
TABLE 177 RADIUS AUTHENTICATION COMM AND

Format Mode
Radius
authentication- This configures authentication
Global config
group <1- server group
2000>
Result: This configures authentication server group.

2. To set the selective algorithm of RADIUS server, use
command algorithm {first|round-robin} in authentication
TABLE 178 ALGORITHM COMM AND

Format Mode
algorithm
This sets the selective algorithm of
{first|round- authentication
RADIUS server
robin}
Result: This sets the selective algorithm of RADIUS server.

3. To configure the alias of RADIUS server, use command alias
<name> in authentication configuration mode. This is shown
in Table 179.
TABLE 179 ALIAS COMM AND

Format Mode
alias This configures the alias of RADIUS

authentication
<name> server
Result: This configures the alias of RADIUS server.

4. To configure the nas-ip of Radius server, use command nas-

ip-address <ip-address> in authentication configuration
TABLE 180 NAS IP ADDRESS COMM AND

Format Mode
nas-ip-
address This configures the nas-ip of Radius
authentication
<ip- server
address>
Result: This configures the nas-ip of Radius server.

5. To configure parameters of Radius server, use command
server <server-num> <ipaddress> key <keystr> [port
<portnum>] in authentication configuration mode. This is
shown in Table 181.
TABLE 181 RADIUS SERVER COMM AND

Format Mode
server
<server-
num>
<ipaddress> This configures parameters of
authentication
key Radius server
<keystr>
[port
<portnum>]
Result: This configures parameters of Radius server.

6. To configure the user name format in the packet through
which it sends to the RADIUS server from BRAS, use
command user-name-format {include-domain|strip-
domain} in authentication configuration mode. This is shown
in Table 182.
TABLE 182 USER NAME FORM AT COMM AND

Format Mode
user-name-
format
This configures the user name
{include- authentication
format in the packet
domain|strip-
domain}
Result: This configures the user name format in the packet

through which it sends to the RADIUS server from BRAS.

7. To define calling-station-id format, use command calling-

station-format <1-2> in authenctication configuration
TABLE 183 CALLING-STATION-FORM AT COMM AND

Format Mode
calling-
station- This defines calling-station-id
authentication
format <1- format
2>
Result: This defines calling-station-id format.

8. To set authentication server deadtime, use command
deadtime <0-65534> in authentication configuration mode.
TABLE 184 DEADTIME COMM AND

Format Mode
deadtime This sets authentication server

authentication
<0-65534> deadtime
Result: This sets authentication server deadtime.

9.To exit to Privilege mode, use command end in authentication
TABLE 185 END COMM AND

Format Mode
end
authentication This exits to Privilege mode
Result: This exits to Privilege mode.

10. To exit from authentication group configuration mode, use
command exit in authentication configuration mode. This is
shown in Table 186.
TABLE 186 EXIT COMM AND

Format Mode
exit This exits from authentication group

authentication
configuration mode
Result: This exits from authentication configuration mode.

11. To relate radius authentication server to a vrf, use command

ip <vrf><word> in authentication configuration mode. This
TABLE 187 IP COMMAND

Format Mode
ip This relates radius authentication

authentication
<vrf><word> server to a vrf
Result: This relates radius authentication server to a vrf.

12. To set overtime re-send parameters, use command max-
retries <1-255> in authentication configuration mode. This
TABLE 188 MAX- RETRIES COMM AND

Format Mode
max-
This sets overtime re-send
retries <1- authentication
parameters
255>
Result: This sets overtime re-send parameters.

13. To config nas-port-id format, use command nas-port-id-
format <china-te1><class1><class2><class3> in
authentication configuration mode. This is shown in Table
189.
TABLE 189 NAS-PORT-ID-FORM AT COMMAND

Command Format Mode
nas-port-id-format
This sets nas-port-id
<china-te1><class1> authentication
format
<class2> <class3>
Result: This sets nas-port-id format.

14. To negate a command or set its default, use command no
<alias><ip><nas-ip-address><server> in authentication
TABLE 190 NO COMM AND

Command Format Mode
no <alias><ip> This negates a

<nas-ip-address> authentication command or set its
<server> default

Result: This negates a command or set its default.

15. To view running system information, use command show in
191.
TABLE 191 SHOW COMM AND
Command Mode Command Function

Command Format
show This shows running

authentication
system information
Result: This shows running system information.

16. To set radius authentication server overtime re-send
parameters, use command timeout <1-255> in
192.

Format Mode
timeout This sets radius authentication

<1-255> authentication server overtime re-send
paratmeters
Result: This sets radius authentication server overtime re-send

parameters.
17. To set vendor, use command vendor <enable/disable> in
193.
TABLE 193 VENDOR COMMAND

Format Mode
vendor
authentication This sets vendor
<enable/disable>
Result: This sets vendor.

END OF STEPS.
Example:
ZXUAS(config)#radius authentication-group 10
ZXUAS(config-auth-group-10)#algorithm round-robin
ZXUAS(config-auth-group-10)#alias zte-auth
ZXUAS(config-auth-group-10)#server 2 10.61.88.88 key zte-auth
ZXUAS(config-auth-group-10)#user-name-format strip-domain

ZXUAS(config-authgrp-1)#nas-ip-address 10.168.0.1
ZXUAS(config-auth-group-10)#exit
ZXUAS(config)#bras
ZXUAS(config-bras)#domain 10 /*configure domain 10 associate
with RADIUS server group */
ZXUAS(config-domain-10)#authentication-type radius /*three types,
none-authentication, local-authenticatio and radius authentication*/
ZXUAS(config-domain-10)#end
ZXUAS#write
Radius Accounting Configuration

Description ZXUAS 10600 has two types of accounting, one is none-
accounting, and the other is RADIUS accounting. If all the
RADIUS servers do not work, accounting information will be
saved in the buffer of BRAS, and resend to the RADIUS server
by TFTP when they work normal.
Purpose Refer to below procedure for the configuration of Radius
accounting.
Steps For the configuration of Radius accounting, perform the following
steps:
1. To configure accounting server group, use command radius
accounting-group <1-2000> in global configuration mode.
TABLE 194 RADIUS ACCOUNTING COMM AND

Format Mode
radius
accounting- This configures accounting server
global
group <1- group
2000>
Result: This configures accounting server group.

2. To set the selective algorithm of RADIUS server, use
command algorithm {first|round-robin} in accounting
TABLE 195 ALGORITHM COMM AND

Format Mode
algorithm This sets the selective algorithm of

accounting
{first|round- RADIUS server


Format Mode
robin}
Result: This sets the selective algorithm of RADIUS server.

3. To configure the alias RADIUS server, use command alias
<name> in accounting configuration mode. This is shown in
Table 196.
TABLE 196 ALIAS COMM AND

Format Mode
alias This configures the alias RADIUS

accounting
<name> server
Result: This configures the alias RADIUS server.

4. To configure the parameters of Radius server, use command
server <server-num> <ipaddress> key <keystr> [port
<portnum>] in accounting configuration mode. This is shown
in Table 197.
TABLE 197 SERVER COMMAND

Format Mode
server
<server-
num>
<ipaddress> This configures the parameters of
accounting
key Radius server
<keystr>
[port
<portnum>]
Result: This configures the parameters of Radius server.

5. To configure saved accounting information in buffer, use
command local-buffer enable {enable|disable} in
accounting configuration mode. This is shown in Table 198.
TABLE 198 LOCAL BUFFER COMMAND

Format Mode
local-buffer
This configures saved accounting
enable accounting
information in buffer
{enable|disable}
Result: This configures saved accounting information in buffer.

6. To configure the user name format in the packet which send
to the RADIUS server from BRAS, use command user-

name-format {include-domain|strip-domain} in accounting

TABLE 199 USER NAME FORM AT COMM AND

Format Mode
user-name-
format This configures user name format
{include- accounting in the packet which sends to the
domain|strip- RADIUS server from BRAS
domain}
Result: This configures user name format in the packet which

send to the RADIUS server from BRAS.
7. To define calling-station-id format, use command calling-
station-format <1-2> in accounting configuration mode.
TABLE 200 CALLING-STATION-FORM AT COMM AND

Format Mode
calling-
station- This defines calling-station-id
accounting
format <1- format
2>
Result: This defines calling-station-id format.

8. To set accounting server deadtime, use command deadtime
<0-65534> in accounting configuration mode. This is shown
in Table 201.
TABLE 201 DEADTIME COMM AND

Format Mode
deadtime This sets accounting server

accounting
<0-65534> deadtime
Result: This sets accounting server deadtime.

9. To exit to Privilegemode, use command end in accounting
TABLE 202 END COMM AND

Format Mode
end
accounting This exits to Privilege mode
Result: This exits to Privilege mode.

10. To exit from accounting group configuration mode, use

command exit in accounting configuration mode. This is
shown in Table 203.
TABLE 203 EXIT COMM AND

Format Mode
exit This exits from accounting group

accounting
configuration mode
Result: This exits from accounting group configuration mode.

11. To relate radius accounting server to vrf, use command ip
<vrf><word> in accounting configuration mode. This is
shown in Table 204.
TABLE 204 IP COMMAND

Format Mode
ip This relates radius accounting

accounting
<vrf><word> server to vrf
Result: This relates radius accounting server to vrf.

12. To set maximum time for accounting required in local buf,
use command life-time <1-1024> in accounting
TABLE 205 LIFE-TIME COMM AND

Format Mode
life-time <1- This sets maximum time for

accounting
1024> accounting required in local buf
Result: This sets maximum time for accounting required in local

buf.
13. To set overtime re-send parameters, use command max-
retries <1-255> in accounting configuration mode. This is
shown in Table 206.
TABLE 206 MAX-RETRIES COMM AND

Format Mode
max-retries This sets overtime re-send

accounting
<1-255> parameters
Result: This sets overtime re-send parameters.

14. To set NAS IP address, use command nas-ip-address

<A.B.C.D> in accounting configuration mode. This is shown
in Table 207.
TABLE 207 NAS IP ADDRESS COMM AND

Format Mode
nas-ip-
address accounting This sets NAS IP address
<A.B.C.D>
Result: This sets NAS IP address.

15. To configure nas port id format, use command nas-port-id-
format <china-te1><class1><class2><class3> in
TABLE 208 NAS PORT ID FORM AT COMMAND

Command Format Mode
nas-port-id-format
<china- This configures nas port id
accounting
te1><class1><class2> format
<class3>
Result: This configures nas port id format.

16. To negate a command or set its default, use command no
<alias><ip><nas-ip-address><server> in accounting
TABLE 209 NO COMM AND

Command Format Mode
no <alias><ip> This negates a

<nas-ip-address> accounting command or set its
<server> default
Result: This negates a command or set its default.

17. To view running system information, use command show in
TABLE 210 SHOW COMM AND
Command Mode Command Function

Command Format
show This shows running

accounting
system information
Result: This shows running system information.

18. To set radius authentication server overtime re-send

parameters, use command timeout <1-255> in accounting

Format Mode
This sets radius authentication

timeout
accounting server overtime re-send
<1-255>
paratmeters
Result: This sets radius authentication server overtime re-send

parameters.
19. To set vendor, use command vendor <enable/disable> in
TABLE 212 VENDOR COMMAND

Format Mode
vendor
accounting This sets vendor
<enable/disable>
Result: This sets vendor.

END OF STEPS.
Example:
ZXUAS(config)#radius accounting-group 8
ZXUAS(config-acct-group-8)#algorithm round-robin
ZXUAS(config-acct-group-8)#alias zte-acct
ZXUAS(config-acct-group-8)#server 2 10.61.88.86 key zte-acct
ZXUAS(config-acct-group-8)#user-name-format strip-domain
ZXUAS(config-acct-group-8)#local-buffer enable
ZXUAS(config-acct-group-8)#exit
ZXUAS(config)#bras
ZXUAS(config-bras)#domain 10 /*configure domain 10 associate
with accounting server group*/
ZXUAS(config-domain-10)#accounting-type radius /*none-accounting,
or radius accounting*/
ZXUAS(config-domain-10)#end
ZXUAS#write

Configuring Radius Server Group

Detection
Introduction RADIUS server group detection is to detect that the RADIUS
servers can be accessed or not, just like the ping command.
Purpose Refer to below procedure for the configuration of radius server
group dectection.
Prerequisite Refer to
Configuration Methods (Chapter 3) to access the UAS CLI for
configuration.
Steps 1. To configure RADIUS authentication server group detection,
use command radius-ping authentication-group in
franchise mode. This is shown in Table 213.
TABLE 213 RADIUS PING AUTHENTICATION COMM AND

Command Format Mode
radius-ping
authentication-
This configures RADIUS
group<1-
privilege authentication server group
2000><sub-
detection
name><domain-
name><password>
Result: This configures RADIUS authentication server group

detection.
2. To configure RADIUS accounting server group detection, use
command radius-ping accounting-group in franchise
TABLE 214 RADIUS PING ACCOUNTING COMM AND

Command Format Mode
radius-ping
accounting-
This configures RADIUS
group<1-
privilege accounting server group
2000><sub-
detection
name><domain-
name><password>
Result: This configures RADIUS accounting server group

detection.
END OF STEPS.
Example:

ZXUAS>en
Password:
ZXUAS#radius-ping authentication-group 10 test-user china-telecomm
test /*the parameters is the serial number of server, user name,
domain name, password */
ZXUAS#radius-ping accounting-group 20 acc-user 30 acc-pass
Configuring Local and Radius

Authorization
Introduction This authorization describes the authorization by two means first
into local system and then on the radius system. If radius
authorization is passed the attributes which are configured on
local accounts are supplied to radius server.
Purpose Refer to below procedure for the configuration of user
authentication.
Steps 1. To configure mix authorization of radius and local, use mix-
authorization command in domain mode as shown in Table
215.
TABLE 215 MIX- AUTHORIZATION COMM AND

Format Mode
mix- This configures mix authorization

Domain config
authorization of radius and local
Result: This configures mix authorization of radius and local.

2. To associate the user with the domain, use subscriber
command in BRAS configuration mode as shown in Table 216.
TABLE 216 SUBSCRIBER COMM AND

Format Mode
subscriber This associates the user with the

BRAS config
domain
Result: This associates the user with the domain.

END OF STEPS.
Example:

ZXUAS(config)#bras
ZXUAS(config-domain-20)#mix-authorization enable
ZXUAS(config-domain-20)#alias zte.com
ZXUAS(config-domain-20)#accounting-type radius
ZXUAS(config-domain-20)#authentication-type radius
ZXUAS(config-domain-20)#exit
ZXUAS(config-bras)#subscriber user2 domain 20 /*create user
associate with the domain 20 */
BRAS Security Measures

Configuring BRAS Security
Introduction BRAS security configuration include arp packet filter, packet
limitation, control access circuit, control mac address access,
and PPP authentication management.
Packet Packet limitation is to implement the function that limits the
limitation speed for some special datagram.
Purpose Refer to below procedure for the configuration of the limitation
of speed of the datagram which is received by BNPC.
Steps 1. To limit the speed of the datagram which is received by
BNPC, use command packet limit <parameters> in security
mode. This is show in Table 217.
TABLE 217 PACKET LIMIT COMM AND

Format Mode
packet limit This limits the speed of the

<parameters> Security datagram which is received by
BNPC
Result: This limits the speed of the datagram which is received

by BNPC.
END OF STEPS.
Note: The packet limit parameter are given in Table 218.

TABLE 218 PACKET LIMIT P AR AMETERS
Packt Limit
Speed limitation (nuit:packet/seconds)
<Parameters>
icmp Set speed of icmp packet
igmp Set speed of igmp packet
ip-fragment Set speed of ip-fragment packet
l2tp-control Set speed of l2tp-control packet
Set speed of arp packet for network

nni-arp
interface
Set the speed of bgp packet for network
nni-bgp
interface
Set the speed of ospf packet for network
nni-ospf
interface
Set speed of radius packet for network
nni-radius
interface
Set the speed of rip packet for network
nni-rip
interface
Set the speed of snmp packet for network
nni-snmp
interface
others Set speed of other packet
Set speed of the packet that resolve the

resolve-next-hop-mac
mac address of next hop
telnet Set speed of telnet packet
uni-arp Set speed of arp packet for user interface
uni-dhcp Set speed of dhcp packet for user interface
Set speed of PPP control packet for user

uni-ppp-control
interface
Set speed of PPP lcp packet for user
uni-ppp-lcp-echo
interface
Set speed of PPP padi packet for user
uni-ppp-padi
interface
vpls-learn-mac Set speed of vpls learn mac addres packet
Example:
The example given below shows the configuration to enter into
BRAS mode and then into security mode by using security
command. The will limit the speed of the special speed.

ZXUAS(config)#bras
ZXUAS(config-bras)#security
ZXUAS(config-security)#packet-limit uni-arp-reply 20 /*set the speed
of arp reply packet received by the user interface in bnpc */
ZXUAS(config-security)#packet-limit icmp 50
ZXUAS(config-security)#packet-limit nni-bgp 50
ZXUAS(config-security)#packet-limit nni-radius 80
ZXUAS(config-security)#packet-limit telnet 30
ZXUAS(config-security)#packet-limit uni-ppp-padi 80
Configuring MAC Address Control

Access
Purpose This section describes the configuration to control the user
access depending on user’s mac address.
Steps 1. To configure MAC address control access, use command
permit mac <mac-address> ctrl-rate <ctrl-rate> in
security mode. This is shown in Table 219.
TABLE 219 PERMIT M AC COMM AND

Format Mode
permit
mac <mac-
This configures MAC address control
address> Security
access
ctrl-rate
<ctrl-rate>
Result: This configures MAC address control access.

END OF STEPS.
Example:
This examples shows that to enter into security mode use
security command and configure the permit MAC address.
ZXUAS(config)#bras
ZXUAS(config-security)#permit mac 1234.5566.7788 ctrl-rate 1000

Configuring PPP Authentication

Failed Management
Introduction When PPP user authentication is failed, system needs to manage
the failed times for this PPP user, in order to avoid the attack by
it.
System keeps a table called captuered table to log some
authentication failed PPP users which have the intention that
attack the system. The system also keeps a table called Attacker
table to log some authentication failed PPP users which already
attack the system. If the authentication failed times of a PPP
user is more than cap-limit*cap-time, system think this user
attacks the Bras and log it in the Attacker table.
Purpose This section describe the configuration of PPP authentication
failed management.
Steps 1. To configure the manage mode after PPP authentication
failed, use command ppp auth-fail
{auto|record|none}[cap-time time][fail-limit limit][cap-limit
limit][cap-item size][rec-item size][rate-limit limit] in
security configuration mode. This is shown in Table 220.
TABLE 220 PPP AUTHENTICATION FAIL COMM AND

Command Format Mode
ppp auth-fail
{auto|record|none}[cap-
time time][fail-limit This configures the manage
limit][cap-limit Security mode after PPP
limit][cap-item size][rec- authentication fails
item size][rate-limit
limit]
Result: This configures the manage mode after PPP

authentication fails.
END OF STEPS.
Note: The parameters of of PPP auth-fial is given in Table 221.
TABLE 221 PAR AMETERS OF PPP AUTHENTICATION FAIL
Parameter of Description
PPP auth-fail
cap-time The period of check the captured table
The max failed times for the PPP user in

fail-limit
attacker table

Parameter of Description
PPP auth-fail
cap-limit The authentication failed times per second
cap-item The size of the captured table
rec-item The size of the attacker table
If the failed times of a PPP user is more than

rate-limit
fail-limit, the speed of this user will be limited
Example:
This example shows that enter into security mode and use
security command. Configure the manage mode after PPPP
authentication fails.
ZXUAS(config)#bras
ZXUAS(config-security)#ppp auth-fail auto rec-item 50
Configuring Service Timer

Management
Introduction Some services need to be controlled in some parcicular period.
System needs to create a timer container and associate it with
the service, and this service will be control at the period which
defined in the timer container.
Purpose This section describe the configuration of service timer
management.
Refer to Configuration Methods (Chapter 3) to access the
Prerequisite
UAS CLI for configuration.
1. To create timer container, use command timer-containers
in BRAS mode. This is shown in Table 222.
TABLE 222 TIMER CONTAINERS COMM AND

Format Mode
timer-
BRAS This creates timer container
containers
Result: This creates timer container.

2. To define time rule, use command time-rule in timer
configuration mode. This is show in Table 223.

TABLE 223 TIME RULE COMM AND

Format Mode
time rule
Timer This defines time rule
Result: This defines time rule.

3. To associate the timer rule with acl, use command rule-
apply in timer configuration mode. This is shown in Table
224.
TABLE 224 RULE APPLY COMM AND

Format Mode
This associates the timer rule with

rule-apply Timer
acl
Result: This associates the timer rule with acl.

4. To associate the domain with timer container, use command
timer-container-apply in domain configuration mode. This
T AB L E 2 2 5 TIM E R C O N T AI N E R AP P L Y C O M M AN D

Format Mode
timer-
This associates the domain with
container- Domain
timer container
apply
Result: This associates the domain with timer container.

END OF STEPS.
Example:
This example shows that to create timer container in the bras
mode and to define the timer rule. Associate the domain with
timer container.
ZXUAS(config)#bras
ZXUAS(config-bras)#
ZXUAS(config-bras)#timer-containers 30000
ZXUAS(config-timer-30000)#timer-rule 10 include start-time 8:30 end-
time 17：30
ZXUAS(config-timer-30000)#timer-rule 10 exclude start-time 11：30
end-time 13：30
ZXUAS(config-timer-30000)#rule-apply 10 acl 100 /*associate the
timer rule with acl 100 */
ZXUAS(config-timer-30000)#exit

ZXUAS(config-domain-100)#timer-container-apply 30000 enable
/*associate the domain 100 with timer container 30000 */
Security Log Configuration

Introduction Sercurity log is used to record the information about users,
including source IP, destination IP, source port, destination port,
protocol.
Purpose Refer to below procedure for Security Log configuration on ZTE
ZXUAS 10600.
Steps 1. To configure security log, use command internet log in
BRAS mode. This is shown in Table 226.
TABLE 226 INTERNET LOG COMM AND

Format Mode
internet log BRAS This configures security log
Result: This configures security log.

2. To degine the rules, use command rule in log configuration
TABLE 227 RULE COMM AND

Format Mode
Rule Log This designs the rules
Result: This designs the rules.

END OF STEPS.
Example:
ZXUAS(config)#bras
ZXUAS(config-bras)#internet-log
ZXUAS(config-net-log)#rule 10 username abc@10

Configuration IP Verification
Introduction Unicast reverse path filters (URPF) is a technology for avoid the
IP address attackers. When this function is enable, the network
circuit check the received datagram in URPF technology, in order
to avoid the IP address cheat.
Purpose Refer to below procedure for unitcst reverse path filters
(URPF)on ZTE ZXUAS 10600.
Steps 1. To configure Ip verify, use command ip verify in interface
TABLE 228 IP VERIFY COMM AND

Format Mode
ip verify interface This configures Ip verify
Result: This configures Ip verification.

END OF STEPS.
Example:
ZXUAS(config-if)#ip verify strict
Configuring Interface Mirror

Introduction Interface mirror is to copy the data which received by the source
interface to a appointed interface called destination interface or
monitor interface. By the function of interface mirror, datagram
can be analyised and diagnose the problems.
A monitor interface only can mirror the interfaces in the same
BNPC; can not mirror the interface of different BNPC. Mirror
function only support to mirror more than one source interfaces
to one destination interface. Mirror interface do not support to
mirror one source interface to many destination interfaces. An
interface can not be source interface and destination interface at
the same time. It is not to enable any services in the mirror
interface.
Purpose This section describe the configuration of Interface mirror.
Prerequisite

Refer to Configuration Methods (Chapter 3) to access the UAS

Steps 1. To configure interface mirror, use command mirror in global
TABLE 229 MIRROR COMMAND

Format Mode
mirror
global This configures interface mirror
Result: This configures interface mirror.

END OF STEPS.
Example:
ZXUAS(config)#mirror slot 8 destination-port 8 source-port 2 direction
both

Chapter 8
DHCP
Overview
Introduction This chapter describes DHCP server and relay on ZXUAS 10600
Carrier Class BRAS and their configuration examples for further
illustration.
Topic Page No
Configuring DHCP Server 153
Configuring DHCP Relay 156
Release Resource Request to DHCP Server 160
Configuring DHCP Server

Purpose Refer to below procedure for the configuration of DHCP server.
Steps For the configuration of DHCP, perform the following steps:
1. To enter into the VBUI interface mode, use command

Format Mode
interface
vbui<vbui global
interface mode
number>


shown in Table 231.

Format Mode

VBUI interface
interface

3. To create ip pool, use command ip pool <1-
2000><words><start-ip><end-ip>dhcp-slot <slot-num> in
VBUI interface mode. This is shown in Table 232.

Command Format Mode
ip pool <1-
2000><words><start- VBUI
This creates ip pool.
ip><end-ip>dhcp-slot interface
<slot-num>
Result: This is for DHCP server mode. IP pool is associate with

BNPCT.
4. To configure DHCP server mode, use command ip dhcp
mode server in VBUI interface mode. This is shown in Table
233.
TABLE 233 IP DHCP MODE SERVER COMM AND

Format Mode
ip dhcp
mode VBUI interface This configures DHCP server mode
server
Result: This configures DHCP server mode.

5. To set gateway of DHCP client, use command ip dhcp
server gateway in VBUI interface mode. This is shown in
Table 234.
TABLE 234 IP DHCP SERVER GATEW AY COMM AND

Format Mode
ip dhcp
VBUI interface This sets gateway of dhcp client
server

Chapter8 DHCP

Format Mode
gateway
Result: This sets gateway of dhcp client.

6. To enable DHCP, use command ip dhcp enable in global
TABLE 235 IP DHCP ENABLE COMM AND

Format Mode
ip dhcp
global This enables DHCP
enable
Result: This enables DHCP.

7. To configure DHCP server, use command ip dhcp server in
TABLE 236 IP DHCP SERVER COMM AND

Format Mode
ip dhcp
global This configures DHCP server
server
Result: This configures DHCP server.

8. To configure DHCP relay, use command ip dhcp relay in
TABLE 237 IP DHCP RELAY COMM AND

Format Mode
ip dhcp
global This configures DHCP relay
relay
Result: This configures DHCP relay.

9. To enable detect private DHCP server, use command dhcp-
server-detect enable in global configuration mode. This is
shown in Table 238.
TABLE 238 DHCP SERVER DETECT COMM AND

Format Mode
dhcp-
server- global This enables detect private DHCP
detect


Format Mode
enable
Result: This enables detect private DHCP.

END OF STEPS.
Example:
/*configure DHCP server*/

ZXUAS(config)#ip dhcp enable
ZXUAS(config)#dhcp-server-detect enable
ZXUAS(config)#ip dhcp server dns 5.5.5.5 5.5.5.6
ZXUAS(config)#ip dhcp server leasetime 2000
ZXUAS(config)#ip dhcp server update arp
ZXUAS(config)#ip local pool my-pool 5.5.5.7 5.5.5.254 255.0.0.0
/* configure DHCP relay*/
ZXUAS(config)#ip dhcp relay information format china-tel
ZXUAS(config)#ip dhcp relay update arp
ZXUAS(config)#show ip dhcp configure
dhcp process state information
dhcp process state :enable(running)
dhcp process logging flag : off
dhcp server configure:
available dns for client.master: 10.61.94.92 slave:
lease time of ip address: 2000 seconds
update arp state : disable
dhcp relay configure:
not insert relay information in BOOTREQUEST.
relay information policy: keep
relay information format: china-tel
update arp state : disable
ZXUAS(config)#
Configuring DHCP Relay

Introduction In DHCP relay configuration, ZXUAS 10600 is used as a proxy,
transfers the DHCP request coming from the user to the
designated DHCP server.
Purpose Refer to below procedure for the DHCP relay configuration.
Below step must be covered in order to configure DHCP relay.

Chapter8 DHCP


Format Mode
interface
vbui<vbui global
interface mode
number>

shown in Table 240.

Format Mode

VBUI interface
interface

3. To configure IP DHCP mode as relay server, use ip dhcp
mode relay command in VBUI interface configuration mode
TABLE 241 IP DHCP MODE RELAY COMMAND

Format Mode
ip dhcp
This configures IP DHCP mode as
mode VBUI interface
relay server
relay
Result: This configures IP DHCP mode as relay server.

4. To configure IP DHCP relay agent ip address, use ip dhcp
relay agent command in VBUI interface configuration mode
TABLE 242 IP DHCP RELAY AGENT COMMAND

Format Mode
ip dhcp
This configures IP DHCP relay agent
relay VBUI interface
ip address
agent
Result: This configures IP DHCP relay agent ip address.

5. To configure IP DHCP relay server ip address, use ip dhcp

relay server command in global configuration mode as
shown in Table 243.
TABLE 243 IP DHCP RELAY AGENT COMMAND

Format Mode
ip dhcp
This configures IP DHCP relay
relay Global
server ip address
server
Result: This configures IP DHCP relay agent ip address.

6. To enable DHCP function, use ip dhcp enable command in
global configuration mode as shown in Table 244.
TABLE 244 IP DHCP ENABLE COMM AND

Format Mode
ip dhcp
Global This enables DHCP function
enable
Result: This enables DHCP function.

7. To configure DHCP relay proxy release packet, use ip dhcp
relay send-release enable command in global
TABLE 245 IP DHCP RELAY SEND COMM AND

Format Mode
ip dhcp
relay
This configures DHCP relay proxy
send- Global
release packet
release
enable
Result: This configures DHCP relay proxy release packet.


Command Format Mode
interface Global This enables to enter into the

<interface- Ethernet sub-interface
number> <logical configuration mode
interface-

Chapter8 DHCP

Command Format Mode
number><bras/vrf>

configuration mode.

Format Mode

ip-over- interface
ethernet


Format Mode
bind Ethernet sub-

interface
number>

shown in Table 249.

Format Mode


END OF STEPS.
Example:
This is dhcp server example:

ZXUAS(config-if)#ip pool my-pool 12.1.1.1 12.1.1.200 dhcp-slot 7
/*for DHCP server method，ip pool is associate with bnpct*/
ZXUAS(config-if)#ip dhcp mode sever
ZXUAS(config-if)#ip dhcp server gateway 12.1.1.3
ZXUAS(config)#ip dhcp server dns 202.0.0.1 202.0.0.2 /**202.0.0.1 is
the primary DNS,
and 202.0.0.2 is the second DNS.*/
This is dhcp relay example:
ZXUAS(config-if)#ip dhcp mode relay
ZXUAS(config-if)#ip dhcp relay agent 12.1.1.3
ZXUAS(config-if)#ip dhcp relay server 200.0.0.1
ZXUAS(config)#ip dhcp relay send-release enable /*when user is down
for a long time, bras send a request to DHCP server to release the
source for that user.*/
Release Resource Request to

DHCP Server
Introduction When ZXUAS 10600 enable the DHCP Relay function, use clear
command to delete the DHCP users, but this command only can
delete the user information in ZXUAS 10600, the DHCP server
do not know about the users that are deleted. In order to avoid
this situation, ZXUAS 10600 send the release resource request
to DHCP server to release the user’s resource.
Purpose Refer to below procedure for the enable function on DHCP
Server.
Steps 1. To enable the function to release requests command to DHCP
Server, use command ip dhcp relay send-release in global

Chapter8 DHCP
TABLE 250 IP DHCP RELAY COMM AND

Format Mode
ip dhcp
relay This enables the function to release
global
send- request command to DHCP Server
release
Result: This enables the function to release request command o

DHCP Server.
END OF STEPS.
Example:
ZXUAS(config)#ip dhcp relay send-release enable

This Page is intentionally blank.

Figures
Figure 1 ZXUAS 10600 Carrier Class BRAS ............................3

Figure 2 ZXUAS 10600 Carrie Class BRAS Software System .....9
Figure 3 Structural relationship of BUPC in system ............... 11
Figure 4 Working principles of BUPC ................................... 12
Figure 5 BUPC Front Panel ................................................ 13
Figure 6 BSFC Structural relationship ................................. 15
Figure 7 BSFC Principles ................................................... 15
Figure 8 Front Panel of BSFC ............................................. 16
Figure 9 Bnpc Structure Relationship of Entire System .......... 17
Figure 10 Bnpct Principles................................................. 18
Figure 11 BNpct Front Panel .............................................. 19
Figure 12 Bic Principles .................................................... 21
Figure 13 Bic Front Panel .................................................. 22
Figure 14 16-Port BT-16FE-E100RJ-T Front Panel ................. 23
Figure 15 BT-16FE-SFP-T Front Panel ................................. 24
Figure 16 4-port BT-04GE-SFP-T Front Panel ....................... 24
Figure 17 1-Port BT-01P48................................................ 25
Figure 18 8-Port Atm3 Front Panel ..................................... 26
Figure 19 ZXUAS 10600 Carrier Class BRAS Configuration
Methods .......................................................................... 30
Figure 20 Connection Window ........................................... 31
Figure 21 Connect to Window ............................................ 31
Figure 22 Com Properties Window...................................... 32
Figure 23 Expression Cli Window ....................................... 33
Figure 24 Tftp Server Selection Window.............................. 44
Figure 25 Windows Firewall Alert ....................................... 45
Figure 26 Main Tftp Window .............................................. 45
Figure 27 Tftp-Root Directory ............................................ 46
Figure 28 Tftp Security Window ......................................... 46
Figure 29 Advanced Security Window ................................. 47

Figure 30 Auto-Close Window............................................ 48

Figure 31 Log Window...................................................... 48
Figure 32 Ethernet Interface Configuration .......................... 67
Figure 33 Sonet Sdh Rates................................................ 68
Figure 34 Ppp Frame Format ............................................. 68
Figure 35 Pos Framing Sequence ....................................... 69
Figure 36 Packet Over Sonet Example ................................ 70
Figure 37 Atm Fixed Length Cells ....................................... 71
Figure 38 Atm Configuration Example................................. 74
Figure 39 Smart-Group Example........................................ 76
Figure 40 Object Releationships......................................... 80
Figure 41 Six Fields Make Up PPP Frame ............................. 99
Figure 42 Ppp Configuration Example ............................... 101
Figure 43 Ppp Configuration Example ............................... 103
Figure 44 Login Dialog Box ............................................. 125
Figure 45 Main Window .................................................. 125
Figure 46 Uas Management Window ................................. 126
Figure 47 Uas Configuration Window ................................ 126
Figure 48 Ip Pool Window ............................................... 127
Figure 49 Uas Configuration Window ................................ 127

Tables
Table 1 Chapter Summary ...................................................i

Table 2 Typographical Conventions ...................................... ii
Table 3 Mouse Operation Conventions .................................. ii
Table 4 Power Supply Requirements of ZXUAS 10600 Carrier
Class BRAS........................................................................4
Table 5 BUPC Front Panel Indicator Functions ...................... 13
Table 6 BSFC Front Panel Indicator And Switches ................. 16
Table 7 BNpcT Front Panel Indicators and Switches .............. 20
Table 8 Bic Front Panel Indicators ...................................... 22
Table 9 Feie Front Panel ................................................... 23
Table 10 BT-16FE-SFP-T front panel Indicators .................... 24
Table 11 Gei Front Panel and Indicator ............................... 25
Table 12 1-port BT-01P48 Features .................................... 26
Table 13 BT-01P48 Front Panel Indicator ............................ 26
Table 14 Atm3 Front Panel Indicators ................................. 27
Table 15 Username Command ........................................... 33
Table 16 Record Buffer Command ...................................... 38
Table 17 Pwd Command ................................................... 40
Table 18 Dir Command Window ......................................... 41
Table 19 Delete Command Window .................................... 41
Table 20 Cd Command Window ......................................... 41
Table 21 Cd.. Command Window ....................................... 41
Table 22 MkDir Command Window ..................................... 42
Table 23 RmDir Command Window .................................... 42
Table 24 RmDir Command Window .................................... 42
Table 25 Boot Window...................................................... 50
Table 26 Version Upgrading Command Window.................... 51
Table 27 Tftp Image System Booting ................................. 51
Table 28 Show Version Command Window .......................... 52


Table 30 Copy Command Window ...................................... 52
Table 36 Write Command Window...................................... 55
Table 39 Hostname Command Window ............................... 57
Table 40 Banner Incoming Command Window ..................... 57
Table 41 Enable Secret Command Window .......................... 57
Table 42 Telnet Username Command Window...................... 58
Table 43 Clock Set Command Window ................................ 58
Table 45 Interface Command ............................................ 63
Table 46 No Shutdown Command ...................................... 63
Table 47 Ip Vrf Forwarding Command................................. 63
Table 48 Ip Address Command .......................................... 63
Table 49 Speed Command ................................................ 64
Table 50 Duplex Command ............................................... 64
Table 51 Show Ip Interface Command ................................ 64
Table 52 Config Terminal Command ................................... 65
Table 53 Interface Configuration Command......................... 65
Table 55 Duplex Command Window ................................... 66
Table 56 Interface Autoconfig Command............................. 66
Table 57 Interface Configuration Command......................... 69
Table 59 Clock Source Command ....................................... 70
Table 60 Interface Config Command................................... 73
Table 61 Pvc Command .................................................... 73
Table 63 Oam-PVC Pvc Management .................................. 73
Table 64 Oam-Retry ........................................................ 74

Tables
Table 65 Smart Group Interface Command.......................... 75

Table 67 Smart-Group Ethernet Command .......................... 76
Table 68 Access Type Command ........................................ 80
Table 69 Atm Pvc Command ............................................. 81
Table 70 Bind Authentication Command.............................. 81
Table 71 Bind Multi Vbui Command .................................... 81
Table 72 Bind Vbui Command............................................ 82
Table 73 Dot1q Command ................................................ 82
Table 74 Dslam Command ................................................ 82
Table 75 Encapsulation Command...................................... 83
Table 76 Subscriber Location Command.............................. 83
Table 77 Show Interface Command .................................... 83
Table 78 Interface Vbui Command ..................................... 85
Table 79 Arp Timeout Command........................................ 85
Table 80 Dhcp Option60 Command .................................... 85
Table 81 Dhcp Trust Option82 command............................. 85
Table 82 Dhcp Idle Command ........................................... 86
Table 84 Dns Command ................................................... 86
Table 85 Ip Dhcp Authentication Command ......................... 86
Table 86 Ip Pool Command ............................................... 87
Table 87 Dhcp user Command........................................... 87
Table 88 Web Authentication Command .............................. 87
Table 89 Web Address Command....................................... 87
Table 90 Alias Command .................................................. 88
Table 91 Defaul Domain Command .................................... 89
Table 92 Deny Command.................................................. 89
Table 93 None Domain Command ...................................... 89
Table 94 Permit Command................................................ 90
Table 95 Translate Command ............................................ 90
Table 96 Bras Command................................................... 91
Table 97 Domain Command .............................................. 91
Table 98 Alias Command .................................................. 91
Table 99 Accounting Group Command ................................ 92
Table 100 Accounting Type Command ................................ 92

Table 101 Authentication Group Command.......................... 92

Table 102 Authentication Type Command ........................... 92
Table 103 PPP Command .................................................. 93
Table 104 12Tp Command ................................................ 93
Table 105 Circuit Authentication Command ......................... 93
Table 106 Ip Vrf Command ............................................... 93
Table 107 Max Subscriber Command.................................. 94
Table 108 Access List Command ........................................ 95
Table 109 Ip address Command ........................................ 95
Table 110 Ppppoe Url Command ........................................ 95
Table 111 Timeout Command............................................ 96
Table 112 Bras Command................................................. 96
Table 113 Subscriber Command ........................................ 97
Table 114 Ip Address Command ........................................ 97
Table 115 Password Command .......................................... 97
Table 116 Cir Bind Command ............................................ 97
Table 117 Tcp Limit Command .......................................... 98
Table 118 PPPoe Command............................................... 98
Table 119 PPP Authentication Command ........................... 101
Table 120 PPP authentication .......................................... 102
Table 121 Ppp Fast-Dialin Function Command.................... 104
Table 122 Ppp Idle Interval Command .............................. 104
Table 123 Flow Statistics Command ................................. 105
Table 124 Access-Type Circuit Command .......................... 106
Table 125 Sub-Interface Command .................................. 107
Table 126 Encapsulation Command .................................. 107
Table 127 Bind Command ............................................... 107
Table 128 Dot1q None Command..................................... 108
Table 132 Dot1q Command............................................. 109
Table 133 Interface Command ........................................ 110
Table 134 Atm Pvc Command.......................................... 110
Table 135 Encapsulation Route Command ......................... 110

Tables

Table 138 Interface Command......................................... 112
Table 139 Atm Pvc Command.......................................... 112
Table 140 Encapsulation Route Command ......................... 112
Table 143 Interface Vbui Command.................................. 113
Table 144 Ip Address Command ...................................... 114
Table 145 Ip Host Command ........................................... 114
Table 166 Ip Pool Command ........................................... 122
Table 167 Ip Dhcp Mode Relay Command ......................... 122
Table 168 Ip Dhcp Server Gateway Command ................... 122
Table 169 Web-Authentication Subcriber Web Command..... 123
Table 170 Web-Server Command..................................... 123
Table 171 Http Param Command ..................................... 123


Table 176 Qinq Command............................................... 128
Table 177 Radius Authentication Command ....................... 131
Table 178 Algorithm Command ....................................... 131
Table 179 Alias Command .............................................. 131
Table 180 Nas Ip Address Command ................................ 132
Table 181 Radius Server Command.................................. 132
Table 182 User Name Format Command ........................... 132
Table 183 Calling-Station-Format Command...................... 133
Table 184 Deadtime Command........................................ 133
Table 185 End Command................................................ 133
Table 186 Exit Command................................................ 133
Table 187 Ip Command .................................................. 134
Table 188 Max- Retries Command.................................... 134
Table 189 Nas-Port-Id-Format Command .......................... 134
Table 190 No Command ................................................. 134
Table 191 Show Command ............................................. 135
Table 192 Timeout Command.......................................... 135
Table 193 Vendor Command ........................................... 135
Table 194 Radius Accounting Command............................ 136
Table 195 Algorithm Command ....................................... 136
Table 196 Alias Command .............................................. 137
Table 197 Server Command............................................ 137
Table 198 Local Buffer Command..................................... 137
Table 199 User Name Format Command ........................... 138
Table 200 Calling-Station-Format command ...................... 138
Table 201 Deadtime Command........................................ 138
Table 202 End Command................................................ 138
Table 203 Exit Command................................................ 139
Table 204 Ip Command .................................................. 139
Table 205 Life-time Command......................................... 139
Table 206 Max-Retries command ..................................... 139
Table 207 Nas Ip Address Command ................................ 140
Table 208 Nas Port Id Format Command........................... 140

Tables
Table 209 No Command ................................................. 140

Table 210 Show Command ............................................. 140
Table 211 Timeout Command.......................................... 141
Table 212 Vendor Command ........................................... 141
Table 213 Radius ping Authentication Command ................ 142
Table 214 Radius Ping Accounting Command ..................... 142
Table 215 Mix-Authorization Command............................. 143
Table 216 Subscriber Command ...................................... 143
Table 217 Packet Limit Command .................................... 144
Table 218 Packet Limit Parameters .................................. 145
Table 219 Permit Mac Command...................................... 146
Table 220 PPP Authentication Fail Command ..................... 147
Table 221 Parameters of PPP Authentication Fail ................ 147
Table 222 Timer Containers Command ............................. 148
Table 223 Time Rule Command ....................................... 149
Table 224 Rule Apply Command ...................................... 149
Table 225 Timer Container Apply Command ...................... 149
Table 226 Internet Log Command .................................... 150
Table 227 Rule Command ............................................... 150
Table 228 Ip Verify Command ......................................... 151
Table 229 Mirror Command............................................. 152
Table 232 Ip Pool Command ........................................... 154
Table 233 Ip Dhcp Mode Server Command ........................ 154
Table 234 Ip Dhcp Server Gateway Command ................... 154
Table 235 Ip Dhcp Enable Command ................................ 155
Table 236 Ip Dhcp Server Command ................................ 155
Table 237 Ip Dhcp Relay Command.................................. 155
Table 238 Dhcp Server Detect Command .......................... 155
Table 241 Ip Dhcp Mode Relay Command ......................... 157
Table 242 Ip Dhcp Relay Agent Command......................... 157
Table 243 Ip Dhcp Relay Agent Command......................... 158
Table 244 Ip Dhcp Enable Command ................................ 158

Table 245 Ip Dhcp Relay Send Command.......................... 158

Table 250 Ip Dhcp Relay Command.................................. 161

Index
ACL..........................4, 79, 95 PoS .................. 67, 68, 69, 70

ATM 61, 62, 71, 72, 73, 78, 79, PPPoE ............. 81, 95, 96, 106
109, 110, 111, 112, 113, PPPoEoA .......................... 111
118, 119, 120 PPPoEoV .......................... 108
Authentication ...77, 79, 81, 86, QoS ....................... 2, 78, 150
87, 92, 93, 100, 101, 102, RADIUS..... 130, 131, 132, 135,
123, 130, 131 136, 137, 138
BNPCF ............................... 17 RIP .......................... 3, 10, 35
BRAS Network Processor Card SAL ...........77, 88, 89, 90, 142
(BNPC) ...................... 7, 17 Switch Fabric Card (SFC) . 7, 14
CFG ....................... 40, 42, 43 TFTP/FTP ........................... 30
DATA .......................... 42, 43 Ultra Protocol processor control
DHCP server129, 153, 155, 156, Card (UPC)................. 7, 10
160 VBUI..... 77, 79, 84, 85, 86, 87,
Domain .77, 78, 89, 91, 92, 93, 107, 108, 110, 111, 113,
94, 108, 121 114, 116, 118, 119, 121,
Dynamic user ..................... 79 122, 123, 153, 154, 157
IMG ............ 40, 42, 43, 52, 54 ZXUAS 10600 Carrier Class
Interfaces ............... 61, 62, 65 BRAS.. 1, 2, 3, 4, 7, 8, 9, 10,
IS-IS.................. 3, 10, 12, 35 11, 12, 14, 16, 22, 29, 30,
MPLS...................................3 39, 40, 56, 58, 61, 65, 69,
OSPF.................... 3, 9, 10, 35 72, 153
Point-to-Point Protocol (PPP) 78,
98, 109

Zxuas 10600 Vol I

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Zxuas 10600 Vol I

Uploaded by

Copyright:

Available Formats

ZXUAS 10600

Universal Access Server

Copyright © 2006 ZTE CORPORATION.

Date Revision No. Serial No. Reason for Revision

Your evaluation Accessibility:

About this Manual ............................................................. i

Structure and Principles .................................................. 7

User Interface Configuration......................................... 29

System Management ..................................................... 39

Interface Configuration ................................................. 61

BRAS Security .............................................................. 129

DHCP ............................................................................ 153

Prerequisite Skill and Knowledge

What is in This Manual

TABLE 1 CHAPTER SUMM ARY

Confidential and Proprietary Information of ZTE CORPORATION i

Mouse TABLE 3 MOUSE OPERATION CONVENTIONS

ii Confidential and Proprietary Information of ZTE CORPORATION

How to Get in Touch

Confidential and Proprietary Information of ZTE CORPORATION iii

Technical Features and Parameters 4

Confidential and Proprietary Information of ZTE CORPORATION 1

wire speed forwarding requirements of current backbone

2 Confidential and Proprietary Information of ZTE CORPORATION

ZXUAS 10600 Carrier Class BRAS has eight interface module

Confidential and Proprietary Information of ZTE CORPORATION 3

 Application layer protocols: Telnet, FTP, TFTP, H.323

Technical Features and Parameters

ZXUAS 10600 Carrier Class BRAS

Power consumption <1200W

DC power supply Nominal voltage: -48V

4 Confidential and Proprietary Information of ZTE CORPORATION

ZXUAS 10600 Carrier Class BRAS

Confidential and Proprietary Information of ZTE CORPORATION 5

6 Confidential and Proprietary Information of ZTE CORPORATION

Structure and Principles

General Structure and Operational Principles 8

Ultra Protocol processor control Card (BUPC) 10

Switch Fabric Card (BSFC) 14

BRAS Network Processor Card (BNPC) 17

Bridge Interface & alarm monitor Card (BIC) 20

Line Interface Card 22

Confidential and Proprietary Information of ZTE CORPORATION 7

General Structure and Operational

High-speed High-speed backplane unit consists of a double-faced backplane.

8 Confidential and Proprietary Information of ZTE CORPORATION

convert –48V power supply into the working voltages required

1. Distributed operating system platform

Confidential and Proprietary Information of ZTE CORPORATION 9

SNMP also knows as bottom layer bearer for network

Ultra Protocol processor control Card

10 Confidential and Proprietary Information of ZTE CORPORATION

FIGURE 3 STRUCTURAL RELATIONSHIP OF BUPC IN SYSTEM

a~f has following meanings respectively.

Confidential and Proprietary Information of ZTE CORPORATION 11

FIGURE 4 WORKING PRINCIPLES OF BUPC

Routing Routing module uses one processor of dual-processor system,

Internal In BUPC of ZXUAS 10600 Carrier Class BRAS, there is an

12 Confidential and Proprietary Information of ZTE CORPORATION

 MPU internal network adaptor: 1

Panel Front panel of the BUPC is shown in Figure 5

TABLE 5 BUPC FRONT P ANEL INDICATOR FUNCTIONS

RUN indicator Run indicator: It flashes with a frequency of

Application layer protocols: Telnet, FTP, TFTP, H.323

MPU internal network adaptor: 1