Interface-leased user configuration example

As shown in Figure 46, three hosts access the BRAS as one interface-leased user. The BRAS performs AAA for the hosts through the RADIUS server.

Configuration procedure

1. Configure the RADIUS server: (This section uses the Linux Free RADIUS server as an example.)

   # Add BRAS IP address 4.4.4.2 and secret radius to the clients.conf file.

   client 4.4.4.2/32 {
   ipaddr = 4.4.4.2
   netmask=32
   secret=radius
   }
   

   # Add host username and password to the users user information file. The username is us1 and the password is pw1.

   us1  Cleartext-Password :="pw1"
   

2. Configure the BRAS:

   1. Configure IP addresses for interfaces. (Details not shown.)

   2. Configure a RADIUS scheme:

      # Create a RADIUS scheme named rs1 and enter its view.

      <Device> system-view
      [Device] radius scheme rs1
      

      # Configure primary servers and keys for authentication and accounting.

      [Device-radius-rs1] primary authentication 4.4.4.1
      [Device-radius-rs1] primary accounting 4.4.4.1
      [Device-radius-rs1] key authentication simple radius
      [Device-radius-rs1] key accounting simple radius
      

      # Exclude the ISP name from the username sent to the RADIUS server.

      [Device-radius-rs1] user-name-format without-domain
      [Device-radius-rs1] quit
      

   3. Configure the ISP domain:

      # Create an ISP domain named dm1 and enter its view.

      [Device] domain dm1
      

      # Configure dm1 to use RADIUS scheme rs1.

      [Device-isp-dm1] authentication ipoe radius-scheme rs1
      [Device-isp-dm1] authorization ipoe radius-scheme rs1
      [Device-isp-dm1] accounting ipoe radius-scheme rs1
      [Device-isp-dm1] quit
      

   4. Configure IPoE:

      # Enable IPoE and configure Layer 3 access mode on GigabitEthernet 2/1/2.

      [Device] interface gigabitethernet 2/1/2
      [Device–GigabitEthernet2/1/2] ip subscriber routed enable
      

      # Configure the interface-leased user and specify its username, password, and ISP domain.

      [Device–GigabitEthernet2/1/2] ip subscriber interface-leased username us1 password plaintext pw1 domain dm1
      [Device–GigabitEthernet2/1/2] quit
      

# Display IPoE session information to verify that the host has come online.

[Device] display ip subscriber interface-leased
Basic:
  Access interface           : GE2/1/2
  VPN instance               : N/A
  Username                   : us1
  User ID                    : 0x30000000
  State                      : Online
  Service node               : Slot 1 CPU 0
  Domain                     : dm1
  Login time                 : May 14 20:04:42 2014
  Online time (hh:mm:ss)     : 00:16:37

AAA:
  IP pool                    : N/A
  Session idle time          : N/A
  Session duration           : N/A, remaining: N/A
  Remaining traffic          : N/A
  Max multicast addresses    : 4
  Multicast address list     : N/A

QoS:
  User profile               : N/A
  Session group profile      : N/A
  Inbound CAR                : N/A
  Outbound CAR               : N/A

Flow statistic:
  Uplink   packets/bytes     : 16734145/2141970560
  DownLink packets/bytes     : 22314327/2856233728