Configuring a BRAS to Achieve Different Bandwidth Requirements on ME60

In our network plan, different bandwidths are required by users and at the same time different fees need to charged, for example network 1 the uplink and downlink traffic bandwidths for access are limited to 1 Mbit/s while those of network 2 are limited to 2 Mbit/s.

To meet this bandwidth requirement, in this article we will provide an example for configuring a BRAS on ME60 router to obtain an EDSG service policy including limited bandwidths from local configurations

Networking Requirements

On the network shown in Figure 1, PPPoE users access network 1 at 192.168.100.0/24 and network 2 at 192.168.200.0/24. Different fees need to be charged for traffic over networks 1 and 2. The users have different bandwidth requirements for networks 1 and 2. The uplink and downlink traffic bandwidths for access to network 1 are limited to 1 Mbit/s, and the uplink and downlink traffic bandwidths for access to network 2 are limited to 2 Mbit/s.

Figure 1 EDSG networking

NOTE:

The policy and AAA servers shown in Figure 1 are RADIUS servers.

EDSG Introduction

EDSG identifies various user services based on traffic destination addresses and implements independent rate limit, accounting, and management for each service. Carriers can use EDSG to implement differentiated accounting and rate limit to increase their revenues. Carriers can also provide flexible service and accounting policies for diversified user requirements to improve user satisfaction.

EDSG provides the following functions:

• Accounting based on destination addresses and tariff levels
• Bandwidth limit based on destination addresses
• Scheduling based on destination addresses and priorities

Configuration Roadmap

The configuration roadmap is as follows:

1, Enable the value-added service function.

2, Configure policy servers.

3, Configure an EDSG traffic policy.

4, Configure an AAA authentication scheme and accounting scheme.

5, Configure a mode in which EDSG service policies are obtained.

6, Configure EDSG service policies.

7, Configure a local address pool.

8, Bind the local address pool and RADIUS server group to an AAA domain.

9, Configure interfaces.

10, Configure online users.

Data Preparation

To complete the configuration, you need the following data:

• Policy server parameters, such as the IP address and interface number
• EDSG traffic policy parameters, such as the service group name, ACL rule, traffic classifier, traffic behavior, and traffic policy
• RADIUS server group name, IP address and interface number of a RADIUS authentication server, and IP address and interface number of a RADIUS accounting server used for an EDSG service policy
• Authentication scheme name, authentication mode, accounting scheme name, and accounting mode used for an EDSG service policy
• Name of the local address pool used in the domain, gateway address, and address pool range
• EDSG service policy parameters, such as the mode in which an EDSG service policy is obtained, policy name, bound RADIUS server group, authentication scheme, accounting scheme, and bandwidths for uplink and downlink traffic rate limit for EDSG services

Procedure

1, Enable the value-added service function.

<HUAWEI> system-view

[HUAWEI] value-added-service enable

2, Configure policy servers.

Parameters are configured as follows:

• RADIUS server group name: rad_group1
• RADIUS authentication server’s IP address: 10.10.10.2
• RADIUS authentication server’s interface number: 1812
• RADIUS accounting server’s IP address: 10.10.10.2
• RADIUS accounting server’s interface number: 1813
• Shared key for the RADIUS authentication and accounting servers: huawei@123

[HUAWEI] radius-server group rad_group1

[HUAWEI-radius-rad_group1] radius-server authentication 10.10.10.2 1812

[HUAWEI-radius-rad_group1] radius-server accounting 10.10.10.2 1813

[HUAWEI-radius-rad_group1] radius-server shared-key-cipher huawei@123

[HUAWEI-radius-rad_group1] quit

NOTE:

For details about how to configure a RADIUS server group, see Configuring a RADIUS Server in HUAWEI ME60 Configuration Guide – User Access.

3, Configure an EDSG traffic policy.

a,Create service groups.

# Create a service group named s_1m.

[HUAWEI] service-group s_1m

# Create a service group named s_2m.

[HUAWEI] service-group s_2m

b,Configure an ACL and define ACL rules for each service group.

# Configure ACL 6020 and define ACL rules for the service group named s_1m.

[HUAWEI] acl number 6020

[HUAWEI-acl-ucl-6020] rule 10 permit ip source service-group s_1m destination ip-address 192.168.100.0 0.0.0.255

[HUAWEI-acl-ucl-6020] rule 11 permit ip source ip-address 192.168.100.0 0.0.0.255 destination service-group s_1m

[HUAWEI-acl-ucl-6020] quit

# Configure ACL 6021 and define ACL rules for the service group named s_2m.

[HUAWEI] acl number 6021

[HUAWEI-acl-ucl-6021] rule 15 permit ip source service-group s_2m destination ip-address 192.168.200.0 0.0.0.255

[HUAWEI-acl-ucl-6021] rule 16 permit ip source ip-address 192.168.200.0 0.0.0.255 destination service-group s_2m

[HUAWEI-acl-ucl-6021] quit

c,Define traffic classifiers.

# Define a traffic classifier named c1.

[HUAWEI] traffic classifier c1

[HUAWEI-classifier-c1] if-match acl 6020

[HUAWEI-classifier-c1] quit

# Define a traffic classifier named c2.

[HUAWEI] traffic classifier c2

[HUAWEI-classifier-c2] if-match acl 6021

[HUAWEI-classifier-c2] quit

d,Define traffic behaviors.

# Define a traffic behavior named b1.

[HUAWEI] traffic behavior b1

[HUAWEI-behavior-b1] quit

# Define a traffic behavior b2.

[HUAWEI] traffic behavior b2

[HUAWEI-behavior-b2] quit

e,Configure an EDSG traffic policy.

# Configure an EDSG traffic policy named traffic_policy_edsg, and associate c1 and c2 with b1 and b2, respectively.

[HUAWEI] traffic policy traffic_policy_edsg

[HUAWEI-policy-traffic_policy_edsg] share-mode

[HUAWEI-policy-traffic_policy_edsg] classifier c1 behavior b1

[HUAWEI-policy-traffic_policy_edsg] classifier c2 behavior b2

[HUAWEI-policy-traffic_policy_edsg] quit

f,Apply the EDSG traffic policy globally.

[HUAWEI] traffic-policy traffic_policy_edsg inbound

[HUAWEI] traffic-policy traffic_policy_edsg outbound

4,Configure an AAA authentication scheme and accounting scheme.

# Configure an AAA authentication scheme named auth1 and specify RADIUS authentication as the authentication mode.

[HUAWEI] aaa

[HUAWEI-aaa] authentication-scheme auth1

[HUAWEI-aaa-authen-auth1] authentication-mode radius

[HUAWEI-aaa-authen-auth1] quit

# Configure an AAA accounting scheme named acct1 and specify RADIUS accounting as the accounting mode.

[HUAWEI-aaa] accounting-scheme acct1

[HUAWEI-aaa-accounting-acct1] accounting-mode radius

[HUAWEI-aaa-accounting-acct1] quit

[HUAWEI-aaa] quit

5,Configure a mode in which EDSG service policies are obtained.

# Configure the mode "first from local configurations and then from an RADIUS server." In this mode, the BRAS first attempts to obtain an EDSG service policy from local configurations. If no EDSG service policy is locally configured, the BRAS obtains an EDSG service policy from an RADIUS server.

[HUAWEI] service-policy download local radius rad_group1 password cipher huawei@123

NOTE:

An EDSG service policy can be obtained in four modes: from local configurations, from an RADIUS server, first from local configurations and then from an RADIUS server, and first from an RADIUS server and then from local configurations.

6, Configure EDSG service policies.

a,Configure an EDSG service policy for traffic over network 1.

# Create an EDSG service policy named service_edsg1.

[HUAWEI] service-policy name service_edsg1 edsg

# Bind s_1m to service_edsg1.

[HUAWEI-service-policy-service_edsg1] service-group s_1m

# Bind rad_group1 to service_edsg1.

[HUAWEI-service-policy-service_edsg1] radius-server group rad_group1

# Bind auth1 to service_edsg1.

[HUAWEI-service-policy-service_edsg1] authentication-scheme auth1

# Bind acct1 to service_edsg1.

[HUAWEI-service-policy-service_edsg1] accounting-scheme acct1

# Set the bandwidth for uplink traffic rate limit for service_edsg1 to 1 Mbit/s.

[HUAWEI-service-policy-service_edsg1] rate-limit cir 1000 inbound

# Set the bandwidth for downlink traffic rate limit for service_edsg1 to 1 Mbit/s.

[HUAWEI-service-policy-service_edsg1] rate-limit cir 1000 outbound

[HUAWEI-service-policy-service_edsg1] quit

b,Configure an EDSG service policy for traffic over network 2.

# Create an EDSG service policy named service_edsg2.

[HUAWEI] service-policy name service_edsg2 edsg

# Bind s_2m to service_edsg2.

[HUAWEI-service-policy-service_edsg2] service-group s_2m

# Bind rad_group1 to service_edsg2.

[HUAWEI-service-policy-service_edsg2] radius-server group rad_group1

# Bind auth1 to service_edsg2.

[HUAWEI-service-policy-service_edsg2] authentication-scheme auth1

# Bind acct1 to service_edsg2.

[HUAWEI-service-policy-service_edsg2] accounting-scheme acct1

# Set the bandwidth for uplink traffic rate limit for service_edsg2 to 2 Mbit/s.

[HUAWEI-service-policy-service_edsg2] rate-limit cir 2000 inbound

# Set the bandwidth for downlink traffic rate limit for service_edsg2 to 2 Mbit/s.

[HUAWEI-service-policy-service_edsg2] rate-limit cir 2000 outbound

[HUAWEI-service-policy-service_edsg2] quit

7,Configure a local address pool.

# Configure a local address pool named edsg_pool, set the gateway address to 172.32.0.0/16, and specify the address range as 172.32.0.0 to 172.32.255.255.

[HUAWEI] ip pool edsg_pool bas local

[HUAWEI-ip-pool-edsg_pool] gateway 172.32.0.0 255.255.0.0

[HUAWEI-ip-pool-edsg_pool] section 0 172.32.0.0 172.32.255.255

[HUAWEI-ip-pool-edsg_pool] quit

8,Bind the local address pool and RADIUS server group to an AAA domain.

# Bind edsg_pool and rad_group1 to an AAA domain.

[HUAWEI] aaa

[HUAWEI-aaa] domain domain1

[HUAWEI-aaa-domain-domain1] ip-pool edsg_pool

[HUAWEI-aaa-domain-domain1] radius-server rad_group1

[HUAWEI-aaa-domain-domain1] quit

[HUAWEI-aaa] quit

9,Configure interfaces

a,Configure a BAS interface

[HUAWEI] interface GigabitEthernet1/0/2.1

[HUAWEI-GigabitEthernet1/0/2.1] user-vlan 1000 2000

[HUAWEI-GigabitEthernet1/0/2.1] user-vlan 1 1000 qinq 100

[HUAWEI-GigabitEthernet1/0/2.1] bas

[HUAWEI-GigabitEthernet1/0/2.1-bas] access-type layer2-subscriber default-domain pre-authentication domain1

[HUAWEI-GigabitEthernet1/0/2.1-bas] authentication-method ppp web

[HUAWEI-GigabitEthernet1/0/2.1-bas] quit

[HUAWEI-GigabitEthernet1/0/2.1] quit

b,Configure an uplink interface.

[HUAWEI] interface GigabitEthernet1/0/0.1

[HUAWEI-GigabitEthernet1/0/0.1] vlan-type dot1q 1

[HUAWEI-GigabitEthernet1/0/0.1] ip address 192.168.100.1 255.255.255.0

[HUAWEI-GigabitEthernet1/0/0.1] quit

c, Configure the interface connected to the policy server, AAA server, and portal server.

[HUAWEI] interface GigabitEthernet1/0/1

[HUAWEI-GigabitEthernet1/0/1] ip address 10.10.10.1 255.255.255.0

[HUAWEI-GigabitEthernet1/0/1] quit

10, Configure online users.

# Configure the AAA server to deliver the RADIUS attribute User-Password with a value of huawei@123 for the PPPoE user (user 1).

NOTE:

The shared key configured for a RADIUS server group determines the content of the User-Password attribute.

# Configure the AAA server to deliver the RADIUS attribute HW-Account-Info containing Aservice_edsg1 and Aservice_edsg2 for the PPPoE user (user 1).

NOTE:

The content of the HW-Account-Info attribute starts with “A” followed by a service name. This attribute is used in user authentication response packets to deliver EDSG services that automatically take effect (directly activated after delivery).

After detailed Configuration procedure, you may have a basic knowledge of how to configuring a BRAS to achieve different bandwidth requirements for network users.

If anything unclear, please contact Thunder-link.com support team email: sales@thunder-link.com