Login
- Table of Contents
-
- 16-BRAS Services Configuration Guide
- 00-Preface
- 01-BRAS services overview
- 02-AAA configuration
- 03-ANCP configuration
- 04-PPP configuration
- 05-ITA configuration
- 06-EDSG configuration
- 07-DHCP configuration
- 08-DHCPv6 configuration
- 09-User profile configuration
- 10-Connection limit configuration
- 11-L2TP configuration
- 12-PPPoE configuration
- 13-Portal configuration
- 14-IPoE configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 01-BRAS services overview | 75.48 KB |
BRAS services overview
A broadband remote access server (BRAS) is an access gateway for broadband network applications. It provides a basic access approach to the backbone network and management features for the broadband access network.
BRAS network
Figure 1 describes the location of the BRAS device in a campus network.
Figure 1 BRAS device in a campus network
BRAS components
Figure 2 BRAS components
Figure 3 Introduction to BRAS components
BRAS services
User access
This component provides the following services:
· Portal—Portal authentication, also referred to as Web authentication, controls user access to networks. Portal authenticates a user by the username and password the user enters on a portal authentication page. Portal authentication provides a flexible access control method without the installation of client software. It is deployed on the access layer and vital data entries.
An unauthenticated user is required to visit a specific authentication website with free access to services on that page. To access other network resources, the user has to perform authentication on the authentication website. Users that pass portal authentication are allowed to access authorized network resources. For more information, see portal configuration in BRAS Services Configuration Guide.
· IPoE—IP over Ethernet (IPoE) is a IPoX access method. In IPoE, a BRAS receives IP packets from Ethernet users and authenticates users based on their access location or packet characteristics. The AAA server authorizes users that pass authentication with corresponding access rights. For more information, see IPoE configuration in BRAS Services Configuration Guide.
· PPPoE—Point-to-Point Protocol over Ethernet (PPPoE) extends PPP by transporting PPP frames encapsulated in Ethernet over point-to-point links. PPPoE provides Internet access for the hosts in an Ethernet through a remote access device and implements access control, authentication, and accounting on a per-host basis. Integrating the low cost of Ethernet and scalability and management functions of PPP, PPPoE gained popularity in various application environments, such as residential access networks. For more information, see PPPoE configuration in BRAS Services Configuration Guide.
· L2TP—The Layer 2 Tunneling Protocol (L2TP) is a Virtual Private Dialup Network (VPDN) tunneling protocol. L2TP sets up point-to-point tunnels across a public network (for example, the Internet) and transmits encapsulated PPP frames (L2TP packets) over the tunnels. With L2TP, remote users can access the private networks through L2TP tunnels after connecting to a public network by using PPP. For more information, see L2TP configuration in BRAS Services Configuration Guide.
AAA management
Authentication, Authorization, and Accounting (AAA) provides a uniform framework for implementing network access management. This feature specifies the following security functions:
· Authentication—Identifies users and verifies their validity.
· Authorization—Grants different users different rights, and controls the users' access to resources and services. For example, you can permit office users to read and print files and prevent guests from accessing files on the device.
· Accounting—Records network usage details of users, including the service type, start time, and traffic. This function enables time-based and traffic-based charging and user behavior auditing.
AAA has various implementations, including RADIUS, HWTACACS, and LDAP. RADIUS is most often used. For more information, see AAA configuration in BRAS Services Configuration Guide.
Address assignment
This component provides the following address assignment methods:
· Static address—For more information about configuring a static IPv4 address and a static IPv6 address, see IP addressing configuration and IPv6 basics configuration in Layer 3—IP Services Configuration Guide.
· DHCP—The Dynamic Host Configuration Protocol (DHCP) provides a framework to assign configuration information to network devices. For more information, see DHCP configuration in BRAS Services Configuration Guide.
· DHCPv6—DHCPv6 provides a framework to assign IPv6 prefixes, IPv6 addresses, and other configuration parameters to hosts. For more information, see DHCPv6 configuration in BRAS Services Configuration Guide.
· Stateless address autoconfiguration—A node automatically generate an IPv6 global unicast address based on the address prefix information contained in the RA message. For more information, see IPv6 basics configuration in Layer 3—IP Services Configuration Guide.
Service management
The device provides various service management functions and service support for users.
Table 1 Managing access services
|
Service name |
Introduction |
Reference |
|
Authorization ACL |
You can configure this attribute for the ISP domain to restrict authenticated users to access only the network resources permitted by the ACL. |
"Configuring AAA" |
|
Authorization CAR action |
You can configure this attribute for the ISP domain to control the traffic flow of authenticated users. |
"Configuring AAA" |
|
Authorization user group |
You can specify the user group for authenticated users when you configure authorization attributes for the ISP domain. |
"Configuring AAA" |
|
Traffic permission |
Traffic permission allows matching traffic to pass through without performing rate limiting and accounting on the traffic. |
Traffic policing, GTS, and rate limit configuration in ACL and QoS Configuration Guide |
|
Online detection |
Online detection enables the BRAS to periodically send detection packets to determine whether a user is online. Online detection for PPPoE users is enabled by default. |
"Configuring IPoE" "Configuring portal authentication" |
|
Multicast access control |
When the user requests to join a multicast group, you can use this feature to control user access by refusing illegal or unauthorized requests. |
IGMP configuration and MLD configuration in IP Multicast Configuration Guide |
|
ANCP |
Access Node Control Protocol (ANCP) exchanges control messages between a Broadband Remote Access Server (BRAS) and an Access Node (AN). |
"Configuring ANCP" |
|
User profile |
A user profile is a configuration template that defines a set of parameters. The user can configure different parameters according to different scenarios. |
"Configuring user profiles" |
|
Connection limit |
This feature enables the device to control the number of established connections, the establishment rate, and the bandwidth consumption. It protects network resources and facilitates accurate allocation of system resources. |
"Configuring connection limits" |
Table 2 Managing value-added services
|
Service name |
Introduction |
Reference |
|
ITA |
Intelligent Target Accounting (ITA) provides a flexible accounting solution for users who request services of different charge rates. By defining different traffic levels based on the destination addresses of users' traffic, you can use ITA to separate the traffic accounting statistics of different levels for each user. |
"Configuring ITA" |
|
EDSG |
Enhanced Dynamic Service Gateway (EDSG) identifies the traffic of different services for a user and provides independent authentication, accounting, and rate limit for the traffic of each service. After a user passes RADIUS authentication, the RADIUS server assigns EDSG service policies to the user. Then, the device uses the matching local EDSG service policies to provide service-based differentiated functions for the user. |
"Configuring EDSG service policies" |
