Login
- Table of Contents
-
- H3C S9500 Operation Manual-Release1648[v1.24]-07 Security Volume
- 00-1Cover
- 01-Protocol Port Security Configuration
- 02-802.1x Configuration
- 03-AAA RADIUS HWTACACS Configuration
- 04-Password Control Configuration
- 05-SSH Configuration
- 06-IDS Linkage Configuration
- 07-Portal Configuration
- 08-VBAS Configuration
- 09-Traffic Accounting Configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 08-VBAS Configuration | 60.19 KB |
Chapter 1 VBAS Configuration
When performing VBAS configuration, go to these sections for information you are interested in:
1.1 VBAS Overview
Working flow chart of the VBAS protocol is shown in Figure 1-1.
l The user requests authentication from the Band Access Server (BAS).
l BAS sends VBAS query packet (carrying the VLAN ID and MAC address of the user) to the Digital Subscriber Line Access Multiplexer (DSLAM) to query the relevant information of the access type and access port of the user.
l DSLAM sends VBAS response packet to BAS to return the user’s relevant information.
l BAS sends authentication request to the Daemon authentication system (like RADIUS Server) after receiving the VBAS response message.
l Daemon authentication system returns the BAS authentication response.
l BAS returns this response to the user.
Figure 1-1 Flow chart for VBAS information interaction
1.2 Configuring VBAS
1.2.1 VBAS Configuration Procedure
Follow these steps to configure VBAS:
|
To do… |
Use the command… |
Remarks |
|
|
Enter system view |
system-view |
— |
|
|
Configure Layer 3 interface of the VLAN where BAS access port resides |
vlan vlanid |
Optional You can specify the destination MAC on BAS as the interface MAC of the switch or as the bridge MAC of the switch (here it is not necessary to configure the Layer 3 interface). |
|
|
interface vlan vlanid |
|||
|
ip address ip_address mask |
|||
|
Back to system view |
quit |
— |
|
|
Enable VBAS function |
Enable VBAS function on the VLAN where BAS access port resides |
vlan vlanid |
Required This configuration activates VBAS function of the VLAN or the port. |
|
vbas enable |
|||
|
Enable VBAS function on the BAS access port |
interface interface-type interface-number |
||
|
vbas enable |
|||
|
Back to system view |
quit |
— |
|
|
Set the type of AccessNodeIdentifier |
vbas deviceId_type [ sysname | bridge_mac ] |
Optional The default type is Bridge_mac. |
|
1.3 VBAS Configuration Example
I. Network requirements
l Enable VBAS function on VLAN 2 of the S9500 switch.
l The switch uses RADIUS server to complete authentication and accounting.
l VBAS packet passes between the S9500 switch and the BAS server.
l BAS acquires the S9500 port number connected with the Client, and accesses to the broadband after passing the authentication.
II. Network diagram
Figure 1-2 Network diagram for VBAS configuration
III. Configuration Procedure.
1) Enable VBAS function on the VLAN.
# Enable VBAS function
<H3C> system-view
[H3C] interface vlan 2
[H3C-Vlan-interface2] ip address 2.2.2.2 24
[H3C-Vlan-interface2] quit
[H3C] vlan 2
[H3C-vlan2] vbas enable
2) Set the AccessNodeIdentifier in system view.
<H3C> system-view
[H3C] vbas deviceid_type sysname
