电信M6000BRAS开局模版及常用业务配置指导培训资料

《电信M6000BRAS开局模版及常用业务配置指导培训资料》由会员分享，可在线阅读，更多相关《电信M6000BRAS开局模版及常用业务配置指导培训资料（47页珍藏版）》请在装配图网上搜索。

1、云南电信M6000(BRAS)开局模版及常用业务配置指导V1.62012年7月目录1.设备资源命名规范51.1.网元命名规范51.2.环回接口描述规范61.3.网络接口描述规范61.4.空闲端口要求72.M6000设备相关资源规划73.参数准备84.流程准备95.开局版本96.数据配置96.1.连接设备96.2.M6000开局基本配置106.2.1.校准设备MAC106.2.2.定义设备名称116.2.3.配置本地登录帐号116.2.4.修改初始enable密码126.2.5.设置管理会话闲置超时时间10分钟126.2.6.Loopback接口配置126.2.7.物理接口配置：126.2.8.

2、配置缺省路由126.2.9.NTP时间同步配置126.2.10.保存开局基本配置136.3.M6000网络协议及基本应用配置136.3.1.OSPF协议配置136.3.2.ISIS路由协议配置136.3.3.MPLS协议配置146.3.4.BGP协议配置156.3.5.新增路由网段的通告166.3.6.组播协议配置166.3.7.Radius基本数据配置176.3.8.AAA全局认证、授权、计费基本模版创建196.3.9.QoS基本配置196.3.10.网管配置226.3.11.安全加固配置236.3.12.配置保存246.4.BRAS业务配置指导246.4.1.Pppoe宽带拨号业务246.

3、4.2.VPDN业务（含绿网业务）266.4.3.IPTV业务286.4.4.静态IP专线业务306.4.4.1.BRAS方式开通静态IP专线306.4.4.2.SR方式开通静态IP专线业务326.4.5.Web+Portal认证业务346.4.6.ITMS VPN业务（MPLS L3 VPN）366.4.7.FTTH语音业务386.4.8.VPLS业务（MPLS L2 VPN）406.5.用户侧链路捆绑配置426.6.其他特殊需求配置436.6.1.PPPoE宽带业务叠加IPTV业务436.6.2.PPPoE宽带业务叠加静态IP专线业务441. 设备资源命名规范1.1. 网元命名规范城市缩写

4、-县缩写-节点缩写-设备属性-设备编号.网络(业务)类型.别称符号符号字符字符字符字符字符字符字符数字字符字符字符字母字符数8181enablepassword:zxr10#conf tzxr10(conf)#此后进入配置模式，可以进行数据配置。6.2. M6000开局基本配置这部分配置确保M6000能正常上线，并能远程登录6.2.1. 校准设备MAC设备MAC由主控板决定，但设备到现场可能机框和主控板分开发货，这样可能导致设备MAC标签和实际MAC不相符，需要进行验证和必要的更改。具体如下：l 获取设备的基准MAC地址 设备发货时，会在设备正面铭牌的上方贴一个小纸条，上面有设备的基准MAC地

5、址。l 如发现MAC不一致，重启机架，在boot模式中修改设备的基准MAC地址。步骤1 通过MPUF单板的串口登陆至MPUF步骤2 重启设备，在串口界面出现如下信息时按任意键打断启动： Press any key to stop autoboot: 3 步骤3 串口界面出现如下提示信息时输入“y”，进入boot设置模式： P Do you want to manual config ? (Yy/Nn)y 步骤4 串口界面出现如下，在ZBoot:提示符后输入“1”： BootMenu Selection as follow: 0 - Auto boot /*按照当前设置自动启动*/ 1 - Ma

6、nual BOOT Config /*设置单板启动配置项*/ 2 - Show BOOT Config /*打印当前单板启动各项配置信息*/ ? - Print this help list /*打印该帮助菜单*/ ZBoot:1步骤5 网络启动时BOOT设置菜单内容如下： Config As SC? (Yy/Nn) : y /*设置SC*/ Boot Mode(1: Local Flash; 2: Net): 1 /*当前BOOT启动方式1为本地启动*/ Base MAC Addr : 0:1:22:33:44:55 /*设置设备的基准MAC*/ Mac Total : 32 /*设置设备M

7、AC最大偏移量，最大值为63*/ Local IP : 169.1.11.27 /*设置设备网管口IP地址*/ Net Mask : 255.255.0.0 /*设置设备网管口子网掩码*/ Gateway IP : 169.1.106.3 /*设置设备启动的FTP网关*/ Server IP : 169.1.106.3 /*设置设备启动的FTP IP*/ File Name : M6000_1.10.0.B12.set /*设置设备启动的版本文件名*/ FTP Path : /*设置设备下载版本文件的FTP路径*/ FTP Username : M6000 /*设置FTP用户名*/ FTP P

8、assword : * /*设置FTP密码*/ Serial Authenticate (Yy/Nn) : n /*串口认证*/ Enable Password : * /*设置enable密码*/ Manual boot now? (Yy/Nn) y /*输入y回车即可启动单板*/ 6.2.2. 定义设备名称命名规则：详细规范，请参考云南电信IP骨干城域网路由组网和配置规范，以云南临沧(LC)临翔区新局(LXQXJ)总第3台BAS，第一台M6000为例， 命令：hostname LC-LXQXJ-BAS-3.MAN.M6000-16.2.3. 配置本地登录帐号（复制粘贴）aaa-authen

9、tication-template 2001 aaa-authentication-type local!aaa-authorization-template 2001 aaa-authorization-type none!system-user authentication-template 1 bind-authentication-template 2001 $ authorization-template 1 bind-authorization-template 2001 local-privilege-level 1 $ username zxr10 password zxr10

10、 authentication-template 1 authorization-template 1!6.2.4. 修改初始enable密码enable secret level 15 zteadmin!6.2.5. 设置管理会话闲置超时时间10分钟line console idle-timeout 10 line telnet idle-timeout 106.2.6. Loopback接口配置interface loopback1 description For-GlobalRouting ip address 116.55.61.52 255.255.255.255 !interfac

11、e loopback2 description For-Multicast ip address 116.55.61.54 255.255.255.255 !6.2.7. 物理接口配置：interface gei-0/0/0/1 negotiation negotiation-force /这里与30版本不同，不需要到pm模式下配置 description uT: CX-339Ju-CR-1.MAN.NE40x16-1:GE0/3/0/2:PROCESSING ip address 112.114.191.86 255.255.255.252 no shutdown/设备端口缺省是关闭的! i

12、nterface gei-0/1/0/1 negotiation negotiation-force description uT: CX-339Ju-CR-2.MAN.NE40x16-2:GE0/3/0/2:PROCESSING ip address 112.114.191.94 255.255.255.252 no shutdown!6.2.8. 配置缺省路由ip route 0.0.0.0 0.0.0.0 112.114.191.85 254/配置静态默认路由，优先级254ip route 0.0.0.0 0.0.0.0 112.114.191.93 2546.2.9. NTP时间同步配

13、置目前各地州以两台CR作为时间服务器clock timezone Beijing 8ntp server 218.62.159.69 priority 1 /服务器地址就是本地市CR的loopbackntp server 218.62.159.70 priority 2ntp enable6.2.10. 保存开局基本配置Write完成以上基本配置后，查看OSPF协议邻居建立情况，如能正常建立，并能学习到缺省路由，则可以通过远程登录方式登录设备了。6.3. M6000网络协议及基本应用配置6.3.1. OSPF协议配置router ospf 1router-id 116.55.61.52 aut

14、o-cost reference-bandwidth 100000 /100G带宽作为cost值计算基准 maximum-paths 8 redistribute connected passive-interface loopback1 passive-interface loopback2 network 112.114.191.84 0.0.0.3 area 0 network 112.114.191.92 0.0.0.3 area 0 network 116.55.61.52 0.0.0.0 area 0 network 116.55.61.54 0.0.0.0 area 0 inte

15、rface gei-0/0/0/1 network point-to-point $ interface gei-0/1/0/1network point-to-point $!配置验证：CX-339Ju-BAS-4.MAN.M6000-1#show ip ospf neighbor OSPF Router with ID (116.55.61.52) (Process ID 878)Neighbor ID Pri State DeadTime Address Interface218.62.159.70 1 FULL/- 00:00:40 112.114.191.93 gei-0/1/0/1

16、6.3.2. ISIS路由协议配置router isis area 86.4948.0878/ISIS区域ID，格式为“国家代码+AS号后四位+固话区号” system-id 1160.5506.1052 /ISIS系统ID，由设备loopback地址进行转换 is-type level-2-only distance 160 metric-style wide set-overload-bit on-start-up wait-for-bgp fast-flood i-spf maximum-paths 8 passive-interface loopback1 passive-interf

17、ace loopback2 interface loopback1 ip router isis $interface loopback2 ip router isis $ interface gei-0/0/0/1 ip router isis circuit-type level-2-only metric 3000 network point-to-point $ interface gei-0/1/0/1 ip router isis circuit-type level-2-only metric 3000 network point-to-point $!说明：电信城域网改为ISI

18、S+BGP后，ISIS仅用于通告设备的loopback、互联地址等，业务接口或网段不通过ISIS通告。配置验证：DQ-DeQin-XJ-BAS-1.MAN.M6000-1#show isis adjacency Process ID: 0Interface System id State Lev Holds SNPA(802.2) Pri MTgei-0/1/0/1 DQ-XGLL-ZXJ-CR UP L2 26 PPP 0 -2.MAN.NE40X16 gei-0/0/0/1 DQ-XGLL-ZXJ-CR UP L2 28 PPP 0 -1.MAN.NE40X16 6.3.3. MPLS协议

19、配置mpls ldp instance 1 router-id loopback1 access-fec host-route-only/只接受32位掩码主机路由的标签分发 interface gei-0/0/0/1 $ interface gei-0/1/0/1 $!配置验证：DQ-DeQin-XJ-BAS-1.MAN.M6000-1#show mpls ldp neighbor instance 1Peer LDP Ident: 218.62.159.135:0; Local LDP Ident: 116.248.191.246:0 TCP connection: 218.62.159.1

20、35.49282 - 116.248.191.246.646 State: Oper; Msgs sent/rcvd: 4071/4070; Downstream Up Time: 16:52:50 LDP discovery sources: gei-0/0/0/1; Src IP addr: 116.248.191.181 Addresses bound to peer LDP Ident: 116.248.191.1 116.248.191.149 116.248.191.153 116.248.191.161 116.248.191.181 116.248.191.197 218.62

21、.157.109 218.62.159.135 222.221.29.101 222.221.29.105Peer LDP Ident: 218.62.159.136:0; Local LDP Ident: 116.248.191.246:0 TCP connection: 218.62.159.136.55395 - 116.248.191.246.646 State: Oper; Msgs sent/rcvd: 4071/4081; Downstream Up Time: 16:52:50 LDP discovery sources: gei-0/1/0/1; Src IP addr: 1

22、16.248.191.185 Addresses bound to peer LDP Ident: 116.248.191.5 116.248.191.145 116.248.191.157 116.248.191.165 116.248.191.185 116.248.191.193 116.248.191.201 218.62.157.105 218.62.159.136 222.221.29.102 222.221.29.1066.3.4. BGP协议配置云南电信BGP协议目前有两个作用，1. 通告城域网业务网段地址；2. 通告VPN路由及私网标签。BGP进程创建了两个Peer-grou

23、p，pgGRR和pgVRR。pgGRR用于通告城域网业务网段（全局），pgVRR用于VPN路由。设备向pgGRR邻居通告路由时需要携带no-export属性，但个别网段如果通告不出去的话，可能是和CR上的network产生冲突，需要去除no-export属性，这样的网段要在ip prefix-list pl_NoExport163中deny掉。具体配置如下：/创建前缀列表，以后需要特殊处理的列表加到此prefix-list中，并把seq设置在10000以前即可。ip prefix-list pl_NoExport163 seq 10000 permit 0.0.0.0 0 le 32!/创建r

24、oute-maproute-map rm_NoExport163 permit 10 match ip address prefix-list pl_NoExport163 set community no-export!route-map rm_NoExport163 permit 20!/配置bgp协议router bgp 64948 distance bgp internal 200 distance bgp external 70 no synchronization maximum-paths 8 bgp router-id 116.55.61.52 neighbor pgVRR p

25、eer-group neighbor pgVRR remote-as 64948 no neighbor pgVRR activate neighbor pgVRR update-source loopback1 neighbor pgGRR peer-group neighbor pgGRR remote-as 65232 neighbor pgGRR activate neighbor pgGRR route-map rm_NoExport163 out neighbor pgGRR send-community neighbor pgGRR update-source loopback2

26、 neighbor 218.62.159.69 peer-group pgVRR neighbor 218.62.159.70 peer-group pgVRR neighbor 218.62.159.69 peer-group pgGRR neighbor 218.62.159.70 peer-group pgGRR address-family vpnv4 neighbor pgVRR activate $配置验证：IPv4邻居关系DQ-DeQin-XJ-BAS-1.MAN.M6000-1#show ip bgp summary Neighbor Ver As MsgRcvd MsgSen

27、d Up/Down State/PfxRcd116.248.191.230 4 65232 2295 1993 16:33:41 0 116.248.191.231 4 65232 2293 1991 16:32:32 0 VPNv4邻居关系DQ-DeQin-XJ-BAS-1.MAN.M6000-1#show bgp vpnv4 unicast summary Neighbor Ver As MsgRcvd MsgSend Up/Down State/PfxRcd218.62.159.135 4 65232 2224 2013 16:41:42 19 218.62.159.136 4 6523

28、2 2685 2013 16:41:42 19 6.3.5. 新增路由网段的通告新增地址段的通告分两种情况：1) VPN业务地址：VPN中通过重分布方式发布了直连路由，只要完成三层接口的配置就会自动通告出去了，不需要额外配置；2) 公网业务地址：需要通过bgp进行发布，完成三层接口的配置后，通过以下命令进行发布router bgp 64948 network !配置验证：DQ-DeQin-XJ-BAS-1.MAN.M6000-1#show ip bgp neighbor out 116.248.191.230Routes Sent to This neighbor:Dest NextHop M

29、etric LocPrf Path182.246.244.0/24 116.248.191.245 100 i172.1.204.0/24 116.248.191.245 100 i6.3.6. 组播协议配置ip multicast-routing router pimsm static-rp 116.55.62.254 interface gei-0/0/0/1 pimsm$interface gei-0/1/0/1 pimsm$ interface loopback2 pimsm/需要开启此接口的PIMSM，以激活接口的IGMP功能 $ router igmp interface loop

30、back2/把loopback2静态加入组播频道实现拉流 static-group 239.254.180.1 static-group 239.254.180.2 略 static-group 239.254.180.254 !配置验证：查看PIMSM邻居DQ-DeQin-XJ-BAS-1.MAN.M6000-1#show ip pimsm neighbor Neighbor Address Interface DR Priority Uptime Expires Ver116.248.191.185 gei-0/1/0/1 1 17:05:27 00:01:16 V2 116.248.19

31、1.181 gei-0/0/0/1 1 17:05:28 00:01:39 V2查看组播路由DQ-DeQin-XJ-BAS-1.MAN.M6000-1#show ip mroute summary IP multicast routing table summary (*,G): 255 routes (S,G): 59 routes Total: 314 routesDQ-DeQin-XJ-BAS-1.MAN.M6000-1#show ip mroute IP Multicast Routing Table(*, 239.254.208.1), RP: 116.248.191.252, TY

32、PE: DYNAMIC, FLAGS: NS Incoming interface: gei-0/1/0/1, flags: NS Outgoing interface list: loopback2, flags: F(182.240.223.23, 239.254.208.1), TYPE: DYNAMIC, FLAGS: Incoming interface: gei-0/1/0/1, flags: Outgoing interface list: loopback2, flags: F(*, 239.254.208.2), RP: 116.248.191.252, TYPE: DYNA

33、MIC, FLAGS: NS Incoming interface: gei-0/1/0/1, flags: NS Outgoing interface list: loopback2, flags: F(182.240.223.22, 239.254.208.2), TYPE: DYNAMIC, FLAGS: Incoming interface: gei-0/1/0/1, flags: Outgoing interface list: loopback2, flags: F.6.3.7. Radius基本数据配置Radius group 1/2/3都是为了满足现网业务需求必须配置的，不能遗

34、漏。3) Group1用于不带域名的业务应用，如普通pppoe上网；4) Group2用于带域名的业务应用，如VPDN、Web+portal；5) Group3是为了配合DM功能配置的 Radius下发DM消息将用户踢下线，一般用于欠费或其他特殊需求，为保证DM消息的合法性，M6000会检测DM消息源地址是否是Radius组中的地址，如不匹配将丢弃。云南省电信Radius发送DM信息使用了另外地址61.166.150.103来发送，所以需要配置group 3来配合DM功能，实际不会引用，但必须配置。radius authentication-group 1 server 1 61.166.15

35、0.99 master key 88-89 port 1645 server 2 61.166.150.100 key 88-89 port 1645 deadtime 0 nas-ip-address 116.55.61.52 !radius authentication-group 2 server 1 61.166.150.99 master key 88-89 port 1645 server 2 61.166.150.100 key 88-89 port 1645 deadtime 0 user-name-format include-domain nas-ip-address 11

36、6.55.61.52 !radius authentication-group 3 server 1 61.166.150.103 key 88-89 port 1645 nas-ip-address 116.55.61.52 !radius accounting-group 1 server 1 61.166.150.99 master key 88-89 port 1646 server 2 61.166.150.100 key 88-89 port 1646 deadtime 0 nas-ip-address 116.55.61.52 local-buffer enable!radius

37、 accounting-group 2 server 1 61.166.150.99 master key 88-89 port 1646 server 2 61.166.150.100 key 88-89 port 1646 deadtime 0 user-name-format include-domain nas-ip-address 116.55.61.52 local-buffer enable!radius accounting-group 3 server 1 61.166.150.103 key 88-89 port 1646 nas-ip-address 116.55.61.

38、52 local-buffer enable!Radius可用性验证：如果设备的loopback加入了Radius中，采用下面错误的帐号能返回“reject”信息，如提示“unreachable”loopback还未加入Radius，或未生效。Radius通信异常DQ-DeQin-XJ-BAS-1.MAN.M6000-1#radius-ping authentication-group 1 test test chap Ping radius authentication-group 1 with test at 17:58:27!Ping server 1 61.166.150.99 at

39、17:58:27!Ping server 2 61.166.150.100 at 17:58:27!.Request timed out. Server 1 unreachable!Request timed out. Server 2 unreachable!Radius可用CX-339Ju-BAS-4.MAN.M6000-1#radius-ping authentication-group 1 tes test chap Ping radius authentication-group 1 with tes at 17:59:46!Ping server 1 61.166.150.99 a

40、t 17:59:46!Ping server 2 61.166.150.100 at 17:59:46!Reply from server 2 reject at 17:59:46!Reply from server 1 reject at 17:59:46!6.3.8. AAA全局认证、授权、计费基本模版创建aaa-authentication-template 1/Radius认证，不带域名 aaa-authentication-type radius authentication-radius-group 1!aaa-authentication-template 2/本地认证 aaa-

41、authentication-type local!aaa-authentication-template 3/Radius认证，带域名 aaa-authentication-type radius authentication-radius-group 2!aaa-authentication-template 4/不认证 aaa-authentication-type none!aaa-authorization-template 1 aaa-authorization-type radius!aaa-authorization-template 2 aaa-authorization-t

42、ype mix-radius /IPTV组播业务要配置为此方式，否则用户无法加入组播组。 !aaa-authorization-template 3 aaa-authorization-type mix-radius!aaa-accounting-template 1 aaa-accounting-type radius accounting-radius-group first 1!aaa-accounting-template 2 aaa-accounting-type none!aaa-accounting-template 3 aaa-accounting-type radius accounting-radius-group first 2!6.3.9. QoS基本配置class-map cmCopper_NNI match-any match precedence 1 match mpls-exp 1!class-map cmSilver_NNI match-any match precedence 2 match mpls-exp 2!class-map cmGold_NNI match-any match precedence 3 match mpls-exp 3!class