DPX8000 Series Deep Service Switching Gateway User Configuration Guide BRAS Service Board Module v1.0

Similar documents
DPX8000 Series Deep Service Switching Gateway User Configuration Guide Probe Service Board Module v1.0

DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0

DPtech IPS2000 Series Intrusion Prevention System User Configuration Guide v1.0

DPtech ADX3000 Series Application Delivery Gateway User Configuration Guide

User Guide TL-R470T+/TL-R480T REV9.0.2

Configuration Guide TL-ER5120/TL-ER6020/TL-ER REV3.0.0

L2TP Configuration. L2TP Overview. Introduction. Typical L2TP Networking Application

DPtech WCS7000 Series Wireless Access Controller User Configuration Guide

Vigor2910 Dual-WAN Security Router User s Guide

Wireless-G Router User s Guide

VPN2S. Handbook VPN VPN2S. Default Login Details. Firmware V1.12(ABLN.0)b9 Edition 1, 5/ LAN Port IP Address

L2TP Network Server. LNS Service Operation

Release README August 2005

DPtech FW1000 Series Firewall Products User Configuration Guide v1.0

HP VSR1000 Virtual Services Router

SonicWALL Addendum. A Supplement to the SonicWALL Internet Security Appliance User's Guide

Introduction... 3 Features... 3 Minimum Requirements... 3 Package Content... 3 Note... 3 Get to know the Broadband Router... 4 Back Panel...

Manual Overview. This manual contains the following sections:

Connecting the DI-804V Broadband Router to your network

Monitoring Remote Access VPN Services

Secure Access Configuration Guide For Wireless Clients

G806+H3C WSR realize VPN networking

CHAPTER 7 ADVANCED ADMINISTRATION PC

H3C SecPath UTM Series. Configuration Examples. Hangzhou H3C Technologies Co., Ltd. Manual Version: 5W

5.4 Release README January 2005

Wireless a CPE User Manual

DrayTek Vigor Technical Specifications. PPPoE, PPTP, DHCP client, static IP, L2TP*, Ipv6. Redundancy. By WAN interfaces traffic volume

SecBlade Firewall Cards NAT Configuration Examples

Setting up L2TP Over IPSec Server for remote access to LAN

HPE FlexNetwork MSR Router Series

Vigor2900 Series Broadband Security Router Highly integrated broadband security router, combining high-speed routing technology with a comprehensive

Provisioning Broadband Aggregators Topics

Remote Access via Cisco VPN Client

LevelOne. Quick Installation Guide. WHG series Secure WLAN Controller. Introduction. Getting Started. Hardware Installation

Broadband Router. User s Manual

UIP1869V User Interface Guide

Viewing Network Status, page 116. Configuring IPv4 or IPv6 Routing, page 116. Configuring the WAN, page 122. Configuring a VLAN, page 137

High Availability Synchronization PAN-OS 5.0.3

How to Configure Mobile VPN for Forcepoint NGFW TECHNICAL DOCUMENT

Atrie DB108-E ADSL MODEM. User Manual V1.1

PIX/ASA/FWSM Platform User Interface Reference

Configuring the PPPoE Client

Configuring Cisco VPN Concentrator to Support Avaya 96xx Phones Issue 1.0. Issue th October 2009 ABSTRACT

LKR Port Broadband Router. User's Manual. Revision C

Introduction... 3 Features... 3 Minimum Requirements... 3 Package Content... 3 Note... 3 Get to know the Broadband Router... 4 Back Panel...

IP806GA/GB Wireless ADSL Router

ZyWALL 70. Internet Security Appliance. Quick Start Guide Version 3.62 December 2003

RX3041. User's Manual

DSL/CABLE ROUTER with PRINT SERVER

Content 1 OVERVIEW HARDWARE DESCRIPTION HARDWARE INSTALLATION PC CONFIGURATION GUIDE... 5 WEB-BASED MANAGEMENT GUIDE...

Multi-Homing Broadband Router. User Manual

Yamaha Router Configuration Training ~ Web GUI ~

Gigaset Router / en / A31008-E105-B / cover_front_router.fm / s Be inspired

Colubris Networks Configuration Guide

USR-G808 User Manual

Configuring Security on the GGSN

Chapter 10 Configure AnyConnect Remote Access SSL VPN Using ASDM

Wireless LAN Device Series CPE2615. User Manual. v

NBG-416N. Wireless N-lite Home Router. Default Login Details. IMPORTANT! READ CAREFULLY BEFORE USE.

Wireless LAN Device Series CPE2615. User Manual. v

User Manual DIR-615. Wireless N 300 Home Router

300M Wireless-N Broadband Router User Manual

Cisco DSL Router Configuration and Troubleshooting Guide Cisco DSL Router Acting as a PPPoE Client with a Dynamic IP Address

Quick Installation Guide

Moxa Remote Connect Server Software User s Manual

MIMO Wireless Broadband Route r User s Manual 1

Gigabit SSL VPN Security Router

HP MSR Router Series. Layer 2 - WAN Access Configuration Guide(V7)

L2TP over IPsec. About L2TP over IPsec/IKEv1 VPN

VPN Auto Provisioning

Conceptronic C100BRS4H Quick Installation Guide. Congratulations on the purchase of your Conceptronic 4-ports Broadband Router.

VI. Corente Services Client

Smart Machine Smart Decision. R700_User Guide_V1.05 1

Barracuda Link Balancer

Web and MAC Authentication

Configuration of Shrew VPN Client on RV042, RV042G and RV082 VPN Routers through Windows

Version No. Build Date No./ Release Date. Supported OS Apply to Models New Features/Enhancements. Bugs Fixed/Changes

OV504R6. Quick Start Guide

MWA Deployment Guide. VPN Termination from Smartphone to Cisco ISR G2 Router

User Manual DIR-615. Wireless Router with Built-in 4-port Switch

Chapter 8. User Authentication

Introduction to Broadband Access Center Topics

Network Controller 3500 Quick Start Guide

Configuring L2TP over IPsec

Cisco PPPoE Baseline Architecture for the Cisco UAC 6400

Wireless LAN Controller Web Authentication Configuration Example

Configuring High Availability (HA)

XL-PB350CA. EoC bridge slave. User manual

Introduction... 3 Features... 3 Minimum Requirements... 3 Package Content... 3 Get to know the Broadband Router... 4 Back Panel... 4 Front Panel...

Configuration - Security

Wireless Broadband Router

Service Managed Gateway TM. Configuring Dual ADSL PPP with Worker Standby or Load Share Mode

Peplink SD Switch User Manual. Published on October 25th, 2018

D-Link DSR Series Router

The Administration Tab - Diagnostics

User Manual. MP441W High Availability LTE Router

Peplink Balance Multi-WAN Routers

G-4200 SMB PAC with built-in AAA

SonicWALL strongly recommends you follow these steps before installing Global VPN Client (GVC) 4.0.0:

Easy VPN Configuration Guide, Cisco IOS Release 15S

Transcription:

DPX8000 Series Deep Service Switching Gateway User Configuration Guide BRAS Service Board Module v1.0 i

Hangzhou DPtech Technologies Co., Ltd. provides full- range technical support. If you need any help, please contact Hangzhou DPtech Technologies Co., Ltd. and its sale agent, according to where you purchase their products. Hangzhou DPtech Technologies Co., Ltd. Address: 6th floor, zhongcai mansion, 68 tonghelu, Binjiangqu, Hangzhoushi Address code: 310051 ii

Declaration Copyright 2013 Hangzhou DPtech Technologies Co., Ltd. All rights reserved. No Part of the manual can be extracted or copied by any company or individuals without written permission, and cannot be transmitted by any means. Owing to product upgrading or other reasons, information in this manual is subject to change. Hangzhou DPtech Technologies Co., Ltd. has the right to modify the content in this manual, as it is a user guides, Hangzhou DPtech Technologies Co., Ltd. made every effort in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute the warranty of any kind express or implied. iii

Table of Contents CHAPTER 1 PRODUCT OVERVIEW 2 1.1 PRODUCT INTRODUCTION 2 1.2 WEB MANAGEMENT 2 1.2.1 LOGGING TO THE WEB MANAGEMENT INTERFACE 2 CHAPTER 2 ACCESS CONFIGURATION 4 2.1 INTRODUCTION 4 2.2 PPPOE 5 2.2.1 PPPOE CONFIGURATION 5 2.2.2 LOCAL USER CONFIGURATION 8 2.2.3 ONLINE USER 9 2.2.4 INTERFACE SESSION NUMBER LIMIT 10 2.3 IPOE 13 2.3.1 IPOE CONFIGURATION 13 2.3.2 ONLINE USER 15 2.4 PORTAL 16 2.4.1 PORTAL CONFIGURATION 16 2.4.2 LOCAL USER CONFIGURATION 18 2.4.3 ONLINE USER 20 2.5 DOMAIN MANAGEMENT 21 2.5.1 DOMAIN CONFIGURATION 21 2.5.2 AAA CONFIGURATION 23 2.6 COMMON CONFIGURATION 27 2.7 RADIUS INTERFACE CONFIGURATION 27 CHAPTER 3 NAT 28 3.1 INTRODUCTION TO NAT 28 3.2 SOURCE NAT 28 3.3 DESTINATION NAT 29 3.4 ONE TO ONE NAT 30 3.5 ADDRESS POOL 31 CHAPTER 4 VPN 35 4.1.1 INTRODUCTION TO L2TP 35 4.1.2 L2TP 35 4.1.3 L2TP AUTHENTICATION 36 4.1.4 L2TP DOMAIN 36 4.1.5 L2TP INTERFACE 36 4.1.6 L2TP ONLINE STATUS 36 iv

CHAPTER 5 HIGH AVAILABILITY 38 5.1 BACKUP GROUP SETTING 38 v

List of Figures Figure1-1 Web management interface... 3 Figure2-1 Connect config menu... 4 Figure2-2 PPPOE server... 5 Figure2-3 Address allocation as VLAN... 7 Figure2-4 Local user configuration... 8 Figure2-5 Online user... 10 Figure2-6 Physical interface... 11 Figure2-7 VLAN configuration... 11 Figure2-8 Sub interface config... 12 Figure2-9 IPOE configuration... 13 Figure2-10 Option60 configuration... 15 Figure2-11 Online user... 16 Figure2-12 Portal configuration... 17 Figure2-13 Local user configuration... 19 Figure2-14 Online user... 20 Figure2-15 Domain configuration... 22 Figure2-16 Radius server group... 23 Figure2-17 Advanced(Radius server group advanced configuration)... 24 Figure2-18 Radius server... 25 Figure2-19 Type(Radius server type configuration)... 26 Figure2-20 Common configuration... 27 Figure2-21 Radius interface configuration... 27 Figure3-1 Source NAT... 28 Figure3-2 Destination NAT... 29 Figure3-3 One to one NAT... 30 Figure3-4 Address pool... 31 Figure3-5 IPsec sysconfig... 32 Figure4-1 L2TP configuration... 35 Figure4-2 LNS configuration items... 35 Figure4-3 L2TP user authentication... 36 Figure4-4 L2TP IP pool... 36 Figure4-5 L2TP online status... 36 Figure4-6 L2TP online status... 37 Figure5-1 Backup group setting... 38 vi

List of Tables Table2-1 PPPOE server detailed information... 5 Table2-2 IP address allocation as VLAN... 7 Table2-3 Local user configuration.... 8 Table2-4 Comment (local user configuration comment)... 9 Table2-5 Online user description... 10 Table2-6 Physical interface detailed description... 11 Table2-7 VLAN configuration... 11 Table2-8 Sub interface configuration... 12 Table2-9 IPOE detailed description... 13 Table2-10 Option60 detailed description... 15 Table2-11 Online user detailed information... 16 Table2-12 Portal configuration detailed description... 17 Table2-13 Local user detailed configuration... 19 Table2-14 Comment configuration description... 20 Table2-15 Online user detailed description... 21 Table2-16 Domain configuration detailed description... 22 Table2-17 Radius server group detailed description... 23 Table2-18 Advanced configuration... 24 Table2-19 Radius server configuration... 25 Table2-20 Advanced configuration description... 26 Table3-1 Source NAT configuration... 28 Table3-2 Destination NAT configuration... 29 Table3-3 One to one NAT configuration... 30 Table3-4 Address pool configuration... 31 Table3-5 IPsec VPN configuration... 32 Table3-6 IPsec VPN client access mode and gateway-gateway mode... 32 1

Chapter 1 Product Overview 1.1 Product introduction Broadband Access Server (referred to as the BRAS) is a new access gateway for broadband network application, which is located in the edge of the backbone network layer and can help user to access the bandwidth IP / ATM network data access (now the access means is based on xdsl / Cable Modem / Fast Ethernet technology / Wireless broadband data access (WLAN), etc.). It helps commercial buildings and residential user to surf on the Internet through broadband network based on IPsec IP VPN services, which structures the enterprise s inner network and supports ISP to wholesale services for users. Broadband Access Server (BRAS) has two main functions: one is the network load bearing function: it is responsible for PPPoE, IPOE, PORTAL connection and user traffic aggregation for end user. The other is control function: it cooperates with the certification systems, billing systems and customer management systems and services strategic control system to realize user access authentication, billing and management functions. 1.2 WEB Management 1.2.1 Logging to the Web Management Interface This section introduces how to log in to the web management interface: Make sure that the host can communicate with the management port of the DPX8000. Open an IE browser and access the IP address of the management port using HTTP. Type in the username and password in the interface shown in the following figure, and then click Login to access the Web management interface of the DPX8000 device, as shown in Figure1-1. 2

Figure1-1 Web management interface! Caution: It is recommended that you should use IE 6.0 or higher. The resolution should be 1024 x 768 or higher. <Backward>, <Forward> and <Refresh> are not supported on the Web management interface. If you use these buttons, the Web page may not be displayed properly. By default, the name of the management port is meth0_0, and the IP address is 192.168.0.1. Both of the default username and the default password are admin. You can use the default username for the first login, but it is strongly recommended that you should change your password. How to change your password, see the Section xxxx. After you log in, if you don t perform any operations within 5 minutes, the connection will timeout and go back to the login page. Up to 5 administrators are allowed to log in to the Web management interface at the same time. 3

Chapter 2 Access configuration 2.1 Introduction Ethernet host connected to a remote access concentrator through a simple bridge device. By using of PPPoE protocol, the remote access device can deliver access control and billing for each user. DHCP + OPTION extension field authentication, which is also called IPoE authentication. Based on the physical location of Internet users (by a unique VLAN ID / PVC ID), it delivers authentication and billing for users. The user does not require entering username and password when they surf on the Internet. The IPoE system includes basic DHCP feature, meanwhile it expands the capacity of the devices of all levels in the network. Portal authentication is that the online unauthenticated user will be redirected to a special website, which allow user to use resource freely. If a user needs the other information in the Internet, the user must authenticate at the portal website and can use the Internet resources after successful authentication. The PPPOE module has the following features: PPPOE configuration IPOE configuration PORTAL configuration Domain configuration Public configuration Figure2-1 Connect config menu 4

2.2 PPPOE PPPOE has the following features: PPPOE configuration Local user configuration Online user Interface session limit 2.2.1 PPPOE configuration The PPPOE configuration includes local authentication method or Radius authentication method, the address pool allocation method includes DHCP or local. To enter the PPPoE server page, you choose BRAS module > Connect config > PPPoE > PPPoE configuration, as shown in Figure2-2. Figure2-2 PPPOE server Table2-1describes the details of the PPPoE server. Table2-1 PPPOE server detailed information PPPoE server Select whether to enable or disable the PPPoE server. 5

Name of the PPPoE service Authentication mode Server address RADIUS server IP Shared-key Authentication port number Billing port number Authentication packet timeout Retried times Account interval time Domain DHCP authentication Local authentication Server address Address pool DHCP SEVER IP Client DNS Configure the PPPoE server name. Select and configure the authentication mode, select an authentication mode that you want to enable and click the checkbox in front of it. The authentication mode includes free authentication, local authentication, and Radius authentication. If you select the local authentication mode, you should configure the local user. Please refer to chapter 2.2.2.2 to view the detailed information. If you select the Radius authentication mode, you can configure primary Radius servers and backup server respectively. Configure the Radius server address. Configure the interface address that connects BRAS service module with Radius. Configure the authentication port number which must be consisted with the Radius server s. Configure the authentication port number which must be consisted with the Radius server s. Configure the Billing port number which must be consisted with the Radius server s. Configure the authentication packet timeout time. Configure the authentication packet retried times. Configure the time intervals of the charging port packet to the Radius server. Configure the domain name. The domain name must cooperate with Radius server. After you configure the domain name, the domain name will add to the PPPoE dial-up username automatically, domain name and username is separated by @ separator. Configure the authentication method to allocate IP address to users. Configure the local address pool that allocates IP address to users. Configure the PPPoE server address, which is the PPP device s interface address that PPPoE user can ping this address. Set the address pool segment. You should configure the address pool in DHCP mode and local mode. If you select the DHCP mode, the address pool should be consisted with the DHCP server s. If you select the local mode, you should Assigned address when the direct support here in the DHCP address pool segment mode and local mode requires configuration, DHCP server configuration is consistent with the needs of the local mode when DHCP mode. Configure the DHCP mode external DHCP server IP address. Configure the client to obtain the DNS address for the local mode, you can configure two, the first one is the preferred DNS server address, and the second is 6

the alternate DNS server address. MRU User aging time LCP packet retried time intervals LCP packet retried times Set the maximum receiving unit. Set the user aging time. Set the retried time intervals of the LCP packets if it is not receiving response. Set the retried times of the LCP packets if it is not receiving response. Click the Advanced to enter the server address configuration page, which displays the address pool allocating address according to VLAN, as shown in Figure2-3. Figure2-3 Address allocation as VLAN Table2-2 describes the details of the IP address allocation as VLAN. Table2-2 IP address allocation as VLAN Server IP IP Mask To which the VLAN belongs Operation Configure the PPPoE server address. Configure the IP address to be assigned. Set the subnet mask. If a user belongs to the VLAN, the user can obtain IP address from this network segment. VLAN cannot be duplicated. Click the copy icon or the delete icon to do the operations. Address allocation as VLAN can be used for the user of Layer 2 interface, if the connected interface is Layer 3 physical interface, you cannot allocate address as VLAN, and you should use the default configuration. 7

PPPOE configuration detailed operation procedure: Select whether to enable or disable PPPoE service Select the authentication method: including free authentication, local authentication or Radius Authentication If you select the Radius authentication, you should configure the Radius server Select and configure the DHCP server configuration Click the forced portal checkbox and enter the URL, so that address will skip to this URL If you select the Radius Nas-Port-ID format, including broadcasting format or telecommunication format Type in the Radius control port number Click OK button 2.2.2 Local user configuration To enter the local user configuration page, you choose BRAS module > Connect config > PPPoE > Local user configuration, as shown in Figure2-4. Figure2-4 Local user configuration Table2-3 describes the local user configuration. Table2-3 Local user configuration. Import configuration files in batch Username Password Confirm password Status Login times Click the Browse button and select a CSV file, click Import button to import all configuration files. Click Export button to export all local users in batch. Configure the username. Configure the password. Configure the confirm password. Configure the user status: including normal or local. Configure the maximum number of the account that can be used at the same time. 8

Comments Operation Configure the TEL and address (as shown in Figure2-5) Click the copy icon or the delete icon to do the operations. To add a local user in the local user configuration, you should: Click Add icon to add a user Configure the user name, password, confirm the password, user status, login times, comment Click OK button To delete a local user, you should: Click Delete icon Click OK configuration To import and export local users in batch, you should: Click Browse button to select a CSV file, click Import button Click Export button, select a save path to save the configuration CSV file, then click Save button. Table2-4 Comment (local user configuration comment) TEL Address Type in the telephone number Type in the address. Remarks configuration operation process: Type in the phone number in TEL bar Type in the address in address bar Click Ok button in the upper right corner 2.2.3 Online user Displays the online user related information. To enter the online user page, you choose BRAS module > Connect config > PPPoE > BRAS online user, as shown in Figure2-5. 9

Figure2-5 Online user Table2-5 Online user description IP ID Username Authentication method Client IP Server IP Client MAC On-line time Standby status Enter the IP address and click search button, then you can search the online user information. Displays the online user sequence number. Displays the username. Display the user authentication Display the user's IP address Server's IP address is displayed Display the user's MAC address Show time on-line users Display using hot standby state, the state has the primary and backup status for the existence of a single point of network failure, do dual redundancy. Forced offline Click kicked online users 2.2.4 Interface session number limit 2.2.4.1 Physical interface To enter the physical interface page, you choose BRAS module > Connect config > PPPoE > Interface session number limit, as shown in Figure2-5. 10

Figure2-6 Physical interface Table2-6 describes the details of physical interface. Table2-6 Physical interface detailed description Port name Session Operation Configure the physical port name. Configure the limited interface session number. Click copy icon or the delete icon to do the operations. Physical interface to add operation process: Click add icon, add a message Configuration port name, number of the session Click Ok effective configuration Physical interface delete operation process: Click delete icon Click Ok effective configuration 2.2.4.2 VLAN config To enter the VLAN config page, you choose BRAS module > Connect config > PPPoE > Interface session number limit, as shown in Figure2-7. Figure2-7 VLAN configuration Table2-7 describes the details of VLAN configuration. Table2-7 VLAN configuration Port name Session Configure the VLAN interface. Configure the interface session number. Operation Click copy icon or the delete icon to do the operations. 11

VLAN interface to add operation process: Click add icon, add a configuration configuration port name, number of the session Click Ok effective configuration Delete VLAN interface process: Click delete icon 2.2.4.3 Sub interface config To enter the sub interface config page, you choose BRAS module > Connect config > PPPoE > Interface session number limit, as shown in Figure2-8 Figure2-8 Sub interface config Table2-8 describes the details of sub interface configuration. Table2-8 Sub interface configuration Port name session Configure the sub interface Configure the limited interface session number Operation Click the copy icon or the delete icon to do the operations. Add Subinterface operation process: Click Add icon to add a message Configure port name, session number Click OK valid configuration Delete Subinterface operation process: Click Delete icon Click OK button 12

2.3 IPOE The IPOE has the following features: IPOE configuration Online user 2.3.1 IPOE configuration To enter the IPOE configuration page, you choose BRAS module > Connect config > IPOE > IPOE configuration, as shown in Figure2-9. Figure2-9 IPOE configuration Table2-9 describes the details of the IPOE configuration. Table2-9 IPOE detailed description IPOE server Authentication method Server address RADIUS source IP Shared-key Authentication port number Billing port number Authentication packet timeout Retried times Select Enable or disable IPOE certification Configure the required authentication method required for authentication before the check can be. Were free certification, Radius authentication. Radius authentication which two servers can be configured separately standby Configure Radius server address Bras device configuration interface address and Radius server connection Radius server configuration consistent with the shared key Configuration consistent with the Radius server authentication port Radius server configuration and consistent accounting port number Set authentication packets timeout Set authentication packet retransmissions allowed 13

Account interval time Forced portal Username type Default password Radius Nas-Port-Id Radius control port Option60 Set the Radius server to send accounting packets interval If checked mandatory Portal, you can configure user authentication to force push URL Configure the user name field is carried option60. Consistent with the Radius server configuration mode to configure the password, the default password is not configured to use randomly generated passwords When you configure Radius authentication or billing Radius Nas-Port-Id Format: telecommunications broadcasting format or formats. Telecommunications format: slot = slot; subslot = sub slot; port = port number; vlan = number vlan; broadcasting format: slot number _ No _ subslot number port number _vlan Radius on device startup and dynamic change forced offline authorization. After opening this function allows the user to force offline from a Radius server or change the user's authorization. This port number is the port number must be set in line with the Radius server, the default port number for the 3799 general IPOE and Portal configuration option60 distinguish the characteristics of the business field. If the on-line user's DHCP packets Option60 field contains the string configuration is considered IPoE business IPOE configure detailed operating procedures: Select Start or disable IPOE Service Select the authentication method: free certification or Radius Authentication If you choose Radius authentication, configure Radius server related information optional mandatory Portal, the check, enter the URL to jump According Radius configuration, configure user name field with option60 According Radius configuration, configure the default password Select Radius Nas-Port-ID format, broadcasting or telecommunications format format Optional Radius control port number Fill Option60 field to distinguish between different users of different services. Click OK configuration Figure2-10 displays the Option60 filtering configuration. 14

Figure2-10 Option60 configuration Table2-10 describes the details of the Option60. Table2-10 Option60 detailed description SN Option60 Option60 configured number of entries Fill in the fields you want to configure Option60 Operation Click the copy icon or the delete icon to do the operations. Add Option60 filtering process: Click Add icon, you can add new Option60 information In Option60 Click the column configuration, the input field to be configured Option60 Click Ok button in the configuration Delete Option60 filtering process: Select the entry to be deleted Click Delete icon to delete the current Option60 information validating configuration 2.3.2 Online user Displays the online user related information. To enter the online user policy page, you choose BRAS module > Connect config > IPOE > IPOE configuration > Online user, as shown in Figure2-11. 15

Figure2-11 Online user Table2-11 describes the detailed information of online user. Table2-11 Online user detailed information IP ID Username Authentication type Client IP Server IP Client MAC Online time Standby status Enter the IP address of the click, query the online user information. Show number of online users. Show username. Show user authentication. Display the user's IP address. Server's IP address is displayed. Display the user's MAC address. Show time on-line users. Display using hot standby state, the state has the primary and backup status for the existence of a single point of network failure, do dual-redundant. Forced to kick out Click kicked online users. 2.4 Portal The Portal has the following features: Portal-related function modules include: Portal configuration Local User Configuration 2.4.1 Portal configuration Portal configuration: configure the destination IP address of Portal free authentication. Authentication mode: includes local authentication, Radius authentication. Configure the Radius primary and standby server configuration. 16

To enter the portal server page, you choose BRAS module > Connect config > IPOE > Portal configuration > Online user, as shown in Figure2-12. Figure2-12 Portal configuration Table2-12 describes the details of portal configuration. Table2-12 Portal configuration detailed description Portal authentication Free authentication destination IP Authentication method Server address RADIUS source IP Shared-key Authentication port number Billing port authentication Authentication packet timeout Retried times Charging time intervals Domain Select Disable or Enable Portal authentication Enter the IP address, select the drop-down menu mask, click Add, you can configure the IP address displayed in the address list. Select the IP address in the address list, and click Delete to delete the IP Configure the required authentication mode, in the required authentication before you can check. Are local authentication, Radius authentication. Select the local authentication methods need to configure the local user, please see the details in section 2.4.2. Select the authentication method of Radius can be respectively the main two server configuration Configure Radius server address Interface address configuration of Bras device and the Radius server connection Configuration consistent with Radius shared key The configuration is consistent with Radius authentication port number The configuration is consistent with Radius charging port number Set authentication message timeout Set authentication message timeout Set the Radius server to send charging message intervals Set domain. Set domain, in the authentication to the Radius server and the 17

charging time, the domain name will be automatically added to the Portal authentication user name behind, and @ as delimiters. Need to cooperate with the Radius server User aging time User group Portal server Remote Portal Url Local IP Shared key Set user aging time Group settings to enable Portal service Select a local Portal or remote Portal. Configure the remote Portal server address Interface address configuration of Bras and the remote Portal server The configuration and the remote Portal server consistent shared key Configure the Portal service operation process: Select whether to enable or disable the Portal service Configure the destination IP address of free IP configuration selectively Select the authentication mode: including local authentication, Radius authentication and billing. Configure the Radius server related configuration Configure the user aging time Select an user group Select the Portal server mode Click OK configuration 2.4.2 Local user configuration You configure the local user configuration: including username, password, status, and user login times. To enter the local user configuration page, you choose BRAS module > Connect config > Portal > Local user configuration, as shown in Figure2-13. 18

Figure2-13 Local user configuration Table2-13 describes the details of local user configuration. Table2-13 Local user detailed configuration Import file in batch Query Username Password Confirm password Status Login times Click the Browse button, you can choose to import CSV files, click Import into CSV files. Click the export can export all local user Input to query the user click the query, you can view the local user in the user information. Configure the user name. Configure the password. Configure the confirm password. Configure user status: normal or lock The number of a number of on-line at the same time Comment Fill in the TEL and address (as shown in Figure 2-15) Operation Click the copy icon or the delete icon to do the operations. Add a local user operation procedure: By clicking Add icon, add user information 19

Configure the username, password, confirm password, user state, login times, optional remarks Click Ok button Delete a local user operation procedure: Click Delete Icon Click Ok button Local export user batch import, operation procedure: Click Browse to select the CSV file to import, click Import Click export, select where to save, save. Table2-14 describes the details of the comment. Table2-14 Comment configuration description TEL Address Fill in the phone number. Fill in the address. Note the configuration process: TEL bar in the phone Fill in the address is the address bar Click Ok button 2.4.3 Online user Displays the online user related information. To enter the online user page, you choose BRAS module > Connect config > Portal > Online user, as shown in Figure2-14. Figure2-14 Online user Table2-15 describes the details of online user. 20

Table2-15 Online user detailed description IP ID Username Authentication type Client IP Server IP Client MAC Online time Standby status Enter the IP address of the click, query the online user information. Show number of online users. Show username. Show user authentication. Display the user's IP address. Server's IP address is displayed. Display the user's MAC address. Show time on-line users. Display using hot standby state, the state has the primary and backup status for the existence of a single point of network failure, do dual-redundant. Forced to kick out Click kicked online users. 2.5 Domain management The domain management related function modules include: Domain configuration AAA configuration Add the interfaces into different authentication domain. 2.5.1 Domain configuration To enter the domain configuration page, you choose BRAS module > Connect config > Domain management > Domain configuration, as shown in Figure2-15. 21

Figure2-15 Domain configuration Table2-16 describes the details of domain configuration. Table2-16 Domain configuration detailed description No. Domain Inbound interface Type Authentication method Operation Displays the sequence number of the domain. Configure the domain name. The domain name will be added to the Radius authentication username which is separated by @. Domain name should be used cooperating with Radius server configuration. The user interface from the authentication, need to carry the interface corresponding to the domain name Authentication, the default type, the need for certification Authentication scheme, free, local authentication and Radius authentication mode Click the copy icon or the delete icon to do the operations. The domain configuration process: By clicking Add icon, you can add new domain information Please be configured into interface column, select the port Please click on the name column is configuration, configuration of domain name Please be configured authentication scheme column, choose the corresponding authentication scheme Click Ok button 22

2.5.2 AAA configuration 2.5.2.1 Radius server group Configure multiple Radius server group, each group of a primary Radius server, a Radius server can be prepared, in the advanced settings for Nas-Port-Id, Calling-Station, user name format. To enter the Radius server group page, you choose BRAS module > Connect config > Domain management > AAA configuration > Radius server group, as shown in Figure2-14. Figure2-16 Radius server group Table2-17 describes the configuration items of Radius server group. Table2-17 Radius server group detailed description No. Name Master Radius Backup Radius Advanced Referenced count Operation Displays the sequence number of Radius server group. Configure the name of the Radius server group. Configure the master Radius server configuration. Master server only can be one. Configure the backup Radius server. Backup server support 1024 at most. Configure the Nas-Port-Id, Calling-Station, user name format (as shown in figure 2-19) of a group of Radius servers Displays the count number that the Radius server group was referenced. Click copy icon or the delete icon to do the operations. Radius server group operation process: Click Add icon, you can add a new Radius server group. In master Radius configuration bar, select a Radius server In backup Radius configuration bar, Please be prepared "Radius" configuration, configure one or more Radius servers 23

Configuration please be senior column, Nas-Port-Id configuration, Calling-Station, user name format column, configure, describe the information configuration of Radius server corresponding Click confirm the effective configuration Figure2-17 Advanced(Radius server group advanced configuration) Table2-18 describes the advanced configuration. Table2-18 Advanced configuration Nas-Port-Id format Calling-Station format Username method Select the format. Select the format. Configure the username method. Advanced operation process: Select Nas-Port-Id format Select Calling-Station format Select username way Click Ok button 2.5.2.2 Radius server You configure the basic information of the Radius server cooperation. To enter the Radius server group page, you choose BRAS module > Connect config > Domain management > AAA configuration, as shown in Figure2-18. 24

Figure2-18 Radius server Table2-19 describes the details of Radius server configuration. Table2-19 Radius server configuration No. Name Type Detailed description Reference number Operation Displays the sequence number of Radius server. Configure the name of Radius server. Radius server type includes authentication, and authentication+billing. Configure the Radius server address, shared key, authentication and accounting port, timeout retransmission time and billing interval (Figure 2-21) Radius server description. Displays the referenced number. Click the copy icon or the delete icon to do the operations. The Radius server operation procedure: Click Add icon, you can add a new Radius server In the type configuration bar, you select the authentication, the authentication and billing type In the detail configuration bar, you configure the Radius server cooperation 25

In description bar, you select the Radius server information Click Ok button Figure2-19 Type(Radius server type configuration) Table2-20 describes the details of d comment configuration. Table2-20 Advanced configuration description Server address RADIUS source IP Shared key The Radius server address BRAS and Radius server linkage BRAS and Radius server shared key Authentication port number Authentication port number, the default is 1812 Charging port number Charging port number, the default is 1813 The authentication message timeout The authentication message allows the transmission times Charging time interval The authentication message timeout, default is 5 seconds The authentication message allows the transmission times, the default is 3 Charging time interval, the default is 300 seconds 26

2.6 Common configuration Free authentication Vlan To enter the common configuration page, you choose BRAS module > Connect config > Common configuration, as shown in Figure2-20. Figure2-20 Common configuration The common configuration details of the process: Be free to enter the VLAN number, the authentication VLAN column format: enter the 1-4094 range of Vlan according to the size of the order, between different Vlan segments separated by a comma. For example: 1,2-20,30,40-50. The specified VLAN list will not enable authentication. Click OK button 2.7 Radius interface configuration Radius interface To enter the Radius interface configuration page, you choose BRAS module > Connect config > Radius interface configuration, as shown in Figure2-21. Figure2-21 Radius interface configuration Radius configuration details of the process: Select an interface for BRAS and RADIUS server cooperation Click Ok button 27

Chapter 3 NAT 3.1 Introduction to NAT Network Address Translation (NAT) provides a way of translating the IP address in an IP packet header to another IP address. In practice, NAT is primarily used to allow users using private IP addresses to access public networks. With NAT, a smaller number of public IP addresses are used to meet public network access requirements from a larger number of private hosts, and thus NAT effectively alleviating the depletion of IP addresses. 3.2 Source NAT To enter the source NAT page, you choose Basic> Network > Firewall > Source NAT, as shown in the Figure3-1. Figure3-1 Source NAT Table3-1 describes the details of source NAT configuration. Table3-1 Source NAT configuration ID Out interface Source IP Destination IP Service Public IP address pool Operation Displays the serial number of source NAT policy. Select the out interface for source NAT policy. Configure the source IP segment for the source NAT policy. Configure the destination IP segment for the source NAT policy. Configure the service scope of the source NAT policy, including all, service group, user-defined service object and the pre-defined service object. Configure the public address pool of the source NAT policy. Click copy icon and delete icon to do the operations. 28

To configure the source NAT configuration, you can take the following steps: Click the copy button of source NAT configuration, except the first line of the table. Configure the outbound interface of source NAT policy Configure the IP address and mask of source NAT policy Configure the public IP of the source NAT policy After you configured the advanced configuration, click the Ok button in the upper right corner on the webpage. 3.3 Destination NAT To enter the destination NAT interface, you can choose Basic> Network > Firewall > Destination NAT, as shown in Figure3-2. Figure3-2 Destination NAT Table3-2 describes the details of destination NAT configuration. Table3-2 Destination NAT configuration ID In interface Common address Service Expert config Advanced configuration Operation Displays the destination NAT ID. Displays the inbound interface of destination NAT policy. Displays the destination NAT policy. Displays the service type of destination NAT policy. Displays the expert config of the destination policy. Displays the advanced configuration of the destination policy Click copy or delete icon to do the operations. To configure destination NAT configuration, you can take the following steps: 29

Click the copy button of the destination NAT policy Select the outbound interface Configure the service type of the destination NAT policy Configure the public address of the destination NAT server Configure the inner IP address of the destination NAT server After you finished the above steps, you click Ok button in the upper right corner on the webpage. Note: If you configure the server inner port in the advanced configuration, it will connect to the destination port after it switched destination NAT. 3.4 One to one NAT To enter the one to one NAT page, you choose Basic> Network > Firewall > One to one NAT, as shown in Figure3-3. Figure3-3 One to one NAT Table3-3 describes the configuration items of one to one NAT configuration. Table3-3 One to one NAT configuration Destination Serial number Public interface One to one NAT Public address Operation Displays the serial number of one to one NAT policy. Displays the outbound interface of one to one NAT policy. Displays the inner address of one to one NAT policy. Displays the public address of one to one NAT policy. Click copy or delete icon to do the operations. 30

To configure one to one NAT configuration, you can take the following steps: Click the icon of the one to one NAT policy Select public interface Configure the inner address of one to one NAT policy Configure the public address of one to one NAT policy After you finished the above steps, click Ok button in the upper right corner on the webpage. 3.5 Address Pool To enter the address pool interface, you can choose Basic> Network > Firewall > Address pool, as shown in Figure3-4. Figure3-4 Address pool Table3-4 describes the details of address pool. Table3-4 Address pool configuration ID Start IP address End IP address Operation Display the start IP address of address pool. Configure the start IP address of address pool. Configure the end IP address of address pool. Click the copy icon or the delete icon to do the operations. To configure address pool configuration, you can take the following steps: Click the button of the address pool Configure the ID number Configure the start IP of address pool Configure the end IP of address pool After you finished the above steps, click Ok button in the upper right corner on the webpage. 31

Figure3-5 IPsec sysconfig Table3-5 describes the configuration items of the IPsec VPN configuration. Table3-5 IPsec VPN configuration Enable IPsec Advanced configuration Select whether to enable the IPsec function. Select whether to enable the NAT traverse function Select whether to enable the NAT session keepalive mechanism, configuring the intervals for sending NAT session keepalive packets (default is 20 Sec) Select whether to user IPsec acceleration Select whether to enable the layer 2 IPsec Select whether to enable UDP checksum Select a mode for the route add mode ( This configuration takes effect after restart IPsec) Table3-6 describes the configuration items of the IPsec VPN client access mode and gateway-gateway mode. Table3-6 IPsec VPN client access mode and gateway-gateway mode Connection Name Bind Interface Advanced Configuration Displays the name of the IPsec rule. 32

Status Local IP Address Remote IP address Display the status of the IPsec rule. Displays the local IP address for the IPsec rule. Displays the remote IP address for the IPSec rule. Local Device ID Auto:(The system auto-select the local IP address as the local device ID) Host Name:(Required when NAT traverse is configured) IP Address:(Manually input any IP address on the local device as the local ID) Local Certificate ID Alias:(Required when it is required to strictly check the validity of the remote certification ID alias) Remote device ID Auto:(The system auto-select the local IP address as the local device ID) Host Name:(Required when NAT traverse is configured) IP Address:(Manually input any IP address on the local device as the local ID) Local Certificate ID Alias:(Required when it is required to strictly check the validity of the remote certification ID alias) Client ID Subnets Available to the clients Authentication Mode Configure the client ID number List The Encryption Protection Subnets To The Clients There are four kinds of authentication method provided for you, including Pre-shared key: Digital Certificate: usercert.cer(select the local certificate for certificate authentication) Xauth Authentication Assign private IP address for clients Advanced configuration Click the including pencil icon that you can enter the advanced configuration interface, Negotiation mode IPsec Encryption Failed Action IPsec Security Protocol IKE Security Proposal IPsec Security Proposal Operation Click copy icon or delete icon to do the operations. To configure IPsec VPN client access mode, you can take the following steps: Configure a correct name for the IPsec rule Select the Enable status for the rule 33

Configure local IP address example: 10.66.0.11 Configure local device ID and then from the four options you should select the obtaining method as your requirement example: auto Configure client ID and then from the four options you should select the obtaining method as your requirement example: auto Add the encryption protection subnets to the clients. Configure authentication method and then from the four options you should select an authentication as your requirement example: pre-shared key 1234. Configure the advanced configuration. After you finished the above steps, click Ok button up in the upper right corner. Configure the IPsec VPN gateway-gateway mode: Configure a correct name for the IPsec rule Select the Enable status for the rule. Configure local IP address example:10.66.0.11 Configure remote IP address example: 10.66.0.12 Configure local device ID, and then from the four options you should select the obtaining method as your requirement example: auto Configure remote device ID and then from the four options you should select the obtaining method as your requirement example: auto Configure an IP segment for the source IP address packet, example: 1.1.1.0\24, configure an IP segment for the destination IP address packet, example: 2.2.2.0\24 Configure authentication method and then from the two options you should select an authentication as your requirement example: pre-shared key 1234. After you finished the above steps, click Ok button in the upper right corner on the webpage. 34

Chapter 4 VPN 4.1.1 Introduction to L2TP L2TP is a standard Internet tunnel protocol similar to the PPTP protocol, and both of them can encrypt network on the network stream. But the difference is that PPTP required to be IP network and L2TP is the peer-to-peer connection facing to data packet; PPTP is to use a single tunnel whereas L2TP is to use multi tunnel; And the L2TP provides the packet header compressing, tunnel verification, and vice versa, the it cannot supported by PPTP. 4.1.2 L2TP To enter the L2TP configuration page, you can choose Service > VPN > L2TP, as shown in Figure4-1. Figure4-1 L2TP configuration Figure4-2 describes the configuration items of LNS. Figure4-2 LNS configuration items Tunnel name Tunnel interface IP PPP authentication mode Client IP address range Displays the tunnel name of the LNS rule. Configure the IP address of the tunnel interface. Select an option from PPP authentication mode drop-down list, such as CHAP, PAP, MSCHAP, and MSCHAPV2. Configure the client IP address range and from the address pool to allocate local tunnel IP address. Advanced configuration Click the LNS rule, modify icon that you can configure the advanced configuration of the Operation Click the delete icon that you can delete an entry of the LNS rule. 35

4.1.3 L2TP authentication To enter the L2TP configuration interface, you can choose Service > VPN > L2TP, as shown in Figure4-3. Figure4-3 L2TP user authentication 4.1.4 L2TP domain To enter the L2TP IP pool page, you choose Service > VPN > L2TP IP pool, as shown in Figure4-3. Figure4-4 L2TP IP pool 4.1.5 L2TP interface To enter the L2TP interface page, you choose Service > VPN > L2TP online status, as shown in Figure4-5. Figure4-5 L2TP online status 4.1.6 L2TP online status To enter the L2TP online status interface, you can choose Service > VPN > L2TP online status, as shown in Figure4-5. 36

Figure4-6 L2TP online status 37

Chapter 5 High availability 5.1 Backup group setting To enter the backup group setting page, choose BRAS module > High availability > Backup group setting, as shown in Figure5-1. Figure5-1 Backup group setting 38

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback