Online detection configuration example

As shown in Figure 48, three hosts access the BRAS as unclassified-IP users. The BRAS performs AAA for the host through the RADIUS server.

Configuration procedure

1. Configure the RADIUS server: (This section uses the Linux Free RADIUS server as an example.)

   # Add BRAS IP address 4.4.4.2 and secret radius to the clients.conf file.

   client 4.4.4.2/32 {
   ipaddr = 4.4.4.2
   netmask=32
   secret=radius
   }
   

   # Add the usernames and passwords to the users user information file. The usernames are the host IP addresses and the plaintext password is radius.

   2.2.2.2  Cleartext-Password :="radius"
   2.2.2.3  Cleartext-Password :="radius"
   2.2.2.4  Cleartext-Password :="radius"
   

2. Configure the BRAS:

   1. Configure IP addresses for interfaces. (Details not shown.)

   2. Configure a RADIUS scheme:

      # Create a RADIUS scheme named rs1 and enter its view.

      <Device> system-view
      [Device] radius scheme rs1
      

      # Configure primary servers and keys for authentication and accounting.

      [Device-radius-rs1] primary authentication 4.4.4.1
      [Device-radius-rs1] primary accounting 4.4.4.1
      [Device-radius-rs1] key authentication simple radius
      [Device-radius-rs1] key accounting simple radius
      

      # Exclude the ISP name from the username sent to the RADIUS server.

      [Device-radius-rs1] user-name-format without-domain
      [Device-radius-rs1] quit
      

   3. Configure the ISP domain:

      # Create an ISP domain named dm1 and enter its view.

      [Device] domain dm1
      

      # Configure dm1 to use RADIUS scheme rs1.

      [Device-isp-dm1] authentication ipoe radius-scheme rs1
      [Device-isp-dm1] authorization ipoe radius-scheme rs1
      [Device-isp-dm1] accounting ipoe radius-scheme rs1
      [Device-isp-dm1] quit
      

   4. Configure IPoE:

      # Enable IPoE and configure Layer 3 access mode on GigabitEthernet 2/1/2.

      [Device] interface gigabitethernet 2/1/2
      [Device–GigabitEthernet2/1/2] ip subscriber routed enable
      

      # Enable the unclassified-IP user.

      [Device–GigabitEthernet2/1/2] ip subscriber initiator unclassified-ip enable
      

      # Specify dm1 as the ISP domain.

      [Device–GigabitEthernet2/1/2] ip subscriber unclassified-ip domain dm1
      

      # Configure plaintext password radius for authentication.

      [Device–GigabitEthernet2/1/2] ip subscriber password plaintext radius
      

      # Configure online detection:

      • Use ICMP detection mode.

      • Set the maximum number of detection attempts to 2.

      • Set the detection interval to 30 seconds.

      [Device–GigabitEthernet2/1/2] ip subscriber user-detect icmp retry 2 interval 30
      [Device–GigabitEthernet2/1/2] quit
      

Use the display ip subscriber session command to verify that the BRAS deletes the IPoE session after the user goes offline.