HPE FlexNetwork HSR6800 Configuration Manual page 184
Comware 7 layer 3, ip services
Hide thumbs
Also See for FlexNetwork HSR6800:
- Security command reference (538 pages) ,
- Configuration manual (482 pages) ,
- Command reference manual (153 pages)
Table of Contents
Advertisement
# Create ISP domain cgn.
[Router] domain cgn
# Specify RADIUS scheme rad for PPP user authentication, authorization, and accounting.
[Router-isp-cgn] authentication ppp radius-scheme rad
[Router-isp-cgn] authorization ppp radius-scheme rad
[Router-isp-cgn] accounting ppp radius-scheme rad
# Specify the user address type as private IPv4 address.
[Router-isp-cgn] user-address-type private-ipv4
[Router-isp-cgn] quit
# Create a PPP address pool and add IP addresses 10.210.0.2 to 10.210.0.255 to the pool.
[Router] ip pool 1 10.210.0.2 10.210.0.255
# Configure interface Virtual-Template 1 to use CHAP for authentication and use PPP address
pool 1 for IP address assignment.
[Router] interface virtual-template 1
[Router-Virtual-Template1] ppp authentication-mode chap domain cgn
[Router-Virtual-Template1] remote address pool 1
[Router-Virtual-Template1] ip address 10.210.0.1 24
# Enable PPPoE server on GigabitEthernet 2/1/1 and bind the interface to Virtual-Template 1.
[Router] interface gigabitethernet 2/1/1
[Router-GigabitEthernet2/1/1] pppoe-server bind virtual-template 1
[Router-GigabitEthernet2/1/1] quit
# Configure ACL 2000 to identify packets from subnet 10.210.0.0/24.
[Router] acl basic 2000
[Router-acl-ipv4-basic-2000] rule 0 permit source 10.210.0.0 0.0.0.255
[Router-acl-ipv4-basic-2000] quit
# Create address group 1. Add public address 111.8.0.200, specify the port range as 1024 to
65535, and set the port block size to 10.
[Router] nat address-group 1
[Router-address-group-1] port-block block-size 10
[Router-address-group-1] port-range 1024 65535
[Router-address-group-1] address 111.8.0.200 111.8.0.200
# Configure outbound dynamic NAT444 on GigabitEthernet 2/1/2 to use address group 1 to
translate packets permitted by ACL 2000.
[Router] interface gigabitethernet 2/1/2
[Router-GigabitEthernet2/1/2] ip address 111.8.0.101 255.255.255.0
[Router-GigabitEthernet2/1/2] nat outbound 2000 address-group 1
[Router-GigabitEthernet2/1/2] quit
Verifying the configuration
# Initiate a connection from the PPPoE client by entering the username and password.
# Execute the display ppp access-user command to display PPP user information, including the
private IP address, translated public IP address, and port block. (Details not shown.)
# Verify that a dynamic NAT444 entry has been created for the user.
[Router] display nat port-block dynamic
Local VPN
---
Total entries found: 1
Local IP
Global IP
10.210.0.4
111.8.0.200
Port block
1024-1323
171
Connections
0
Advertisement
Table of Contents
Troubleshooting
