1. basic Configuration: sys * Go To System View * sysnamexxx_xxx_5200G * change the system display name of 5200G * superpasswordlevel3cipherxxxxxx * Set Superuser password * user-interfacevty04 * enter virtual terminal interface configuration mode * authaaa * Here I am using aaa authentication mode,
1. basic Configuration: sys/* Go To The System View */sysname xxx_xxx_5200G/* change the system display name of 5200G */super password level 3 cipher xxxxxx/* set the super user password */user-interface vty 0 4 /* enter the virtual terminal interface configuration mode */auth aaa/* Here I am using the aaa Authentication mode,
1. BasicsConfiguration:
Sys
/* Go To The System View */
Sysname xxx_xxx_5200G
/* Change the system display name of 5200G */
Super password level 3 cipher xxxxxx
/* Set the superuser password */
User-interface vty 0 4
/* Enter the virtual terminal interfaceConfigurationMode */
Auth aaa
/* Here I use the aaa Authentication mode, which can be none or not, and passowrd password authentication. We recommend that you select aaa and password */
/* Set auth pass cipher xxxxx if you select the password authentication method, you need to set a password */
/* User privilege level 3: Set the telnet logon level to 3. * // * you only need to use the password in the two steps */
Local-aaa-server
/* View the local 3a server */
User maple password cipher xxxxxxx level 3
/* Set your login username and password, and set the level to 3, so that you do not need to enter the system view again when entering the system view from the common view, but it does not seem safe */
2. PPPoEoVLANConfiguration
ConfigurationThe process is as follows:
ConfigurationVirtual template interface --ConfigurationAuthentication solution --ConfigurationBilling solution --ConfigurationRADIUS --ConfigurationAddress pool --ConfigurationDomain --ConfigurationBind a sub-interface and specify a virtual template sub-interface for the sub-interface --ConfigurationBas interface --ConfigurationUpstream interface and Ethernet port --ConfigurationDefault route
#1.ConfigurationVirtual template interface
Interface virtual-template 1
/* Create virtual template interface 1 */
/* The default authentication method of virtual template interface 1 is auto, including pap and chap, so no additionalConfigurationAuthentication Method */
#2.ConfigurationAuthentication Scheme
Aaa
/* Enter the aaa view */
Authentication-scheme maple
/* Create the authentication scheme maple, and @ _ @ charges are collected. You can open multiple invoices @_@*/
/* InHuaweiIn 5200G, the default authentication mode is radius, so no additionalConfigurationAuthentication mode;ConfigurationThe Authentication Mode Command is authen radius */
#3.ConfigurationBilling Method
Aaa
/* Enter the AAA view */
Accounting-scheme maple
/* Create a billing method of maple */
/* You do not need to set the billing mode here. The default value is radius. The command for setting the billing mode is accounting-mode radius */
#4.ConfigurationRadius server
Radius-server group maple
/* Create a radius server group maple */
Radius-server authentication 1.1.1.1 1812
/*ConfigurationFor the address and port number of the radius Authentication Server, remember to change the address. For the port number, RFC 1812 is recommended. The port number used by our radius server is also 1812 */
Radius-server accounting 1.1.1.1 1813
/*ConfigurationThe address and port number of the radius billing server. If the address is not changed, dial 999999999 if any problem occurs */
Radius-server type plus11
/*ConfigurationThe Protocol version of the radius server. The potal server of the newer version uses plus11, followed by the number 11. The standard radius server is used by default */
Radius-server shared-key maple
/*ConfigurationThe Communication Key of the radius server. I wrote maple here. Remember to change it !!! */
#5.ConfigurationAddress pool
Ip pool maple local
/*ConfigurationLocal address pool named maple */
Gateway 1.1.1.1 255.255.255.0
/*ConfigurationThe gateway of the address pool. Do not fill in the error here ..... */
Section 0 1.1.1.2 1.1.2.254
/*ConfigurationThe address range 0 is 1.1.1.2 -- 1.1.2.254.
Dns-server 210.53.31.2
/*ConfigurationDNS server address */
Dns-server 210.52.149.2 secondary
/*ConfigurationSlave DNS server address */
#6.ConfigurationDomain
Aaa
/* Enter the AAA view */
Domain maple
/* Create a maple domain */
Authentication-scheme maple
/*ConfigurationThe domain authentication scheme is maple. Note thatConfigurationCorresponding to the authentication solution */
Accounting-scheme maple
/*ConfigurationThe billing scheme of the domain is maple. Note that it corresponds to the preceding billing scheme */
Radius-server group maple
/* Specify the radius server of the domain as maple. Note that it corresponds to the preceding server group */
Ip-pool maple
/* Specify the address pool of the domain as maple. Note that it corresponds to the address pool above */
#7. Specify a virtual template for the sub-interface
Interface ethernet 1/0/2
/* Go To The Ethernet interface view */
Un sh
/* This is the default value.ConfigurationBut it is best to develop this habit, because on some devices, the default Interface is shutdown */
Int ethernet 1/0/2.1
/* Create A 1/0/2.1 Sub-interface */
Pppoe-server bind virtral-template 1
/* Bind virtual TEMPLATE 1 */
User-vlan 101-111
/* Bind vlan101 to 111 */
#8.ConfigurationBAS Interface
Bas
/* Note: Here is the bas command in the subinterface view. In fact, the steps 8th and 7 should be uninterrupted */
Access-type layer2-subscriber default-domain authentication maple
/* Set the user under the BAS interface to a layer-2 user. The default authentication domain is maple */
/* By default, the authentication method used by users under the bas interface is pppoe, so no additionalConfiguration*/
#9.ConfigurationUpstream interface and Ethernet port
Interface GigabitEthernet2/0/0.1
/* Create a sub-interface. I cannot explain why,HuaweiSo far, we cannot give a reasonable explanation, but the current explanation is that there is noConfigurationEncapsulation type * & ^ & % ^ $ # $ % #% @##@! # ^ &*/
Vlan-type dot1q vid 2
/* When creating a subinterface number, you may not be able to see the vlan-type command !!!, Then you can manually enter it. No error will be reported. Will it be used later? You can see this command.HuaweiThe vlan id here is based on the original ESR50ConfigurationModified .*/
Mtu 1514
/* Because my peer 7750 isConfiguration1514, so it is changed here to prevent packet loss caused by MTU mismatch.ConfigurationIf MTU does not match during OSPF, it will stay in the exchange status. Modify it as needed,ConfigurationThe default 1500 does not seem to have a major impact .*/
Ip address xxx. xxx 255.255.255.252
/* Things that people on earth know do not need to be explained */
Un sh
/* Enable the interface */
#9.1ConfigurationEthernet port
Interface Ethernet1/0/0.3
/* Create a subinterface */
Pppoe-server bind virtual-template 1
/* Bind to virtual TEMPLATE 1 */
Undo shutdown
/* Enable the interface. This is the default value.Configuration*/
User-vlan 300 310
/* Associate vlan numbers */
Bas
/*ConfigurationBas interface */
Access-type layer2-subscriber default-domain authentication maple
/*ConfigurationThe user type accessed under the interface is L2 user and associated with maple domain authentication */
#10.ConfigurationStatic Routing
Ip route-static 0.0.0.0 0.0.0.0 x. x
/*ConfigurationDefault route to peer */