Table of Contents

Related Documents

07-User profile configuration

Title	Size	Download
07-User profile configuration	104.29 KB

Contents

Configuring user profiles· 1

About user profiles· 1

About session group profiles and user group profiles· 1

Concepts· 1

How they work· 1

Restrictions and guidelines: User profile configuration· 2

Prerequisites for user profile· 2

Configuring a user profile· 3

Configuring a session group profile· 6

Configuring a user group profile· 7

Applying a user profile to an interface· 8

Display and maintenance commands for user profiles· 9

Configuring user profiles

About user profiles

A user profile defines a set of parameters, such as a QoS policy, for a single user or interface. A user profile can be reused when a user connected to the network on a different interface.

The user profile application allows flexible traffic policing on a per-user basis. Each time a user passes authentication, the server sends the device the name of the user profile specified for the user. The device applies the parameters in the user profile to the user. You can also apply a user profile to an interface to process specific traffic on the interface.

User profiles are typically used in the following scenarios:

· Resource allocation per user—Interface-based traffic policing limits the total amount of bandwidth available to all users that are connected through one interface. However, user-profile-based traffic policing can limit the amount of bandwidth available to a single user.

· User access control—When a user passes authentication but the account is overdue, only the resources defined by the ACL permit rules in the free rules are accessible for this user.

About session group profiles and user group profiles

Concepts

Session group profiles and user group profiles are a particular type of user profile for a group of users. It implements QoS traffic control on a per-group basis. A user group can include multiple users and multiple services. For example, you can configure a session group profile or user group profile to limit the total bandwidth for the user group in addition to configuring a user profile for each user.

A session group profile and a user group profile implement the same function. However, the ways they associate user profiles differ.

· A session group profile is associated with a user profile when they are authorized to the same online user. The online user is subject to both the user profile and session group profile.

· A user group profile is associated with a user profile by using CLI command. The authentication server authorizes only the user profile to the online user. The online user is subject to both the user profile and the user group profile associated with the user profile.

How they work

A user profile limits traffic of a single online user. A session group profile or user group profile limits the total traffic of multiple online users. The following queue types are available for hierarchical scheduling:

· Traffic queue—Caches packets of different priorities of a user.

· User queue—Schedules packets of traffic queues by using a queue scheduling profile applied to the user profile, and rate limits the packets of the user queue by using QoS policy and traffic policing settings.

· User group queue—Schedules packets of user queues by using a queue scheduling profile applied to the user group profile or session group profile, and rate limits the packets of the user group queue by using QoS policy, traffic policing, traffic shaping settings.

Traffic queues are physical queues and have cache units. User queues and user group queues are virtual queues that participate in hierarchical scheduling and do not have cache units.

Figure 1 Hierarchical scheduling

‌

Restrictions and guidelines: User profile configuration

In standard system operating mode, only the following cards support authorizing user profiles:

CSPEX-1304X, CSPEX-1404X, CSPEX-1502X, CSPEX-1504X, CSPEX-1504XA, CSPEX-1602X, CSPEX-1602XA, CSPEX-1804X, CSPEX-1512X, CSPEX-1612X, CSPEX-1812X, RX-SPE200, CEPC-XP4LX, CEPC-XP24LX, CEPC-XP48RX, CEPC-CP4RX, CEPC-CP4RXA, CEPC-CP4RX-L, CSPEX-1502XA, CSPEX-1802X, CSPEX-1802XA, CSPEX-1812X-E, CSPEX-2304X-G, RX-SPE200-E

In SDN-WAN system operating mode, the system does not support authorizing user profiles.

For more information about system operating modes, see device management in Fundamentals Configuration Guide.

Only the following cards support applying a user profile to an interface:

CSPEX-1304X, CSPEX-1404X, CSPEX-1502X, CSPEX-1504X, CSPEX-1504XA, CSPEX-1602X, CSPEX-1602XA, CSPEX-1804X, CSPEX-1512X, CSPEX-1612X, CSPEX-1812X, RX-SPE200, CEPC-XP4LX, CEPC-XP24LX, CEPC-XP48RX, CEPC-CP4RX, CEPC-CP4RXA, CEPC-CP4RX-L, CSPEX-1802X, CSPEX-1802XA, CSPEX-1812X-E, CSPEX-2304X-G, CEPC-CQ8L, CEPC-CQ8LA, CEPC-CQ16L1, CSPEX-1502XA, RX-SPE200-E, CSPEX-1104-E, CSPC-GE16XP4L-E, CSPC-GE24L-E, CSPC-GP24GE8XP2L-E

Because a session group profile and a user group profile implement the same function, a user profile cannot be associated with both a session group profile and a user group profile.

You can configure traffic regulation, QoS policy, traffic scheduling, queue scheduling profile, connection limits, and auth-free rule for a user profile as required.

Prerequisites for user profile

If a user profile is applied to an interface, no authentication settings are required.

If a user profile works with authentication, you must configure authentication settings for a user profile. For information about supported authentication methods, see the configuration guides for the related authentication modules.

Configuring a user profile

About this task

For information about QoS policies, CAR policies and queue scheduling profiles, see ACL and QoS Configuration Guide.

For information about connection limits, see "Configuring connection limits."

Restrictions and guidelines

The system supports authorizing users profiles to users with the following settings in the user profile:

· Traffic regulation.

· QoS policy.

· Traffic scheduling.

· Queue scheduling profile for user queues.

· Connection limits.

· Auth-free rule.

The system only supports applying user profiles to interfaces and supports only traffic regulation and queue scheduling profile settings in the user profile.

Procedure

1. Enter system view.

system-view

2. Create a user profile and enter user profile view.

user-profile profile-name

3. Configure traffic regulation. Choose the options to configure as needed:

¡ Configure a CAR policy for the user profile.

qos car { inbound | outbound } any cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ]

qos car { inbound | outbound } any cir committed-information-rate [ cbs committed-burst-size ] pir peak-information-rate [ ebs excess-burst-size ]

By default, no CAR policy is configured for a user profile.

Only the following cards support this command:

CSPEX-1304X, CSPEX-1404X, CSPEX-1502X, CSPEX-1504X, CSPEX-1504XA, CSPEX-1602X, CSPEX-1602XA, CSPEX-1804X, CSPEX-1512X, CSPEX-1612X, CSPEX-1812X, RX-SPE200, CEPC-XP4LX, CEPC-XP24LX, CEPC-XP48RX, CEPC-CP4RX, CEPC-CP4RXA, CEPC-CP4RX-L, CSPEX-1802X, CSPEX-1802XA, CSPEX-1812X-E, CSPEX-2304X-G, CEPC-CQ8L, CEPC-CQ8LA, CEPC-CQ16L1, CSPEX-1502XA, RX-SPE200-E

¡ Configure rate limiting for the user profile.

qos user-queue { cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ] [ queue-length queue-length ] } * outbound

qos user-queue { cir committed-information-rate [ cbs committed-burst-size ] pir peak-information-rate [ ebs excess-burst-size ] [ queue-length queue-length ] } * outbound

qos user-queue { cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ] } inbound

qos user-queue { cir committed-information-rate [ cbs committed-burst-size ] pir peak-information-rate [ ebs excess-burst-size ] } inbound

By default, rate limiting is not configured for a user profile.

When AAA authorizes a user profile, this command takes effect only on the following cards:

For a user profile applied to an interface:

- In a user profile applied to the inbound direction of an interface, this command takes effect only on the following cards:

CSPEX-1304X, CSPEX-1404X, CSPEX-1502X, CSPEX-1504X, CSPEX-1504XA, CSPEX-1602X, CSPEX-1602XA, CSPEX-1804X, CSPEX-1512X, CSPEX-1612X, CSPEX-1812X, RX-SPE200, CEPC-XP4LX, CEPC-XP24LX, CEPC-XP48RX, CEPC-CP4RX, CEPC-CP4RXA, CEPC-CP4RX-L, CSPEX-1802X, CSPEX-1802XA, CSPEX-1812X-E, CSPEX-2304X-G, CEPC-CQ8L, CEPC-CQ8LA, CEPC-CQ16L1, CSPEX-1502XA, RX-SPE200-E

- In a user profile applied to the outbound direction of an interface, this command takes effect only on the following cards:

CSPEX-1304X, CSPEX-1404X, CSPEX-1502X, CSPEX-1504X, CSPEX-1504XA, CSPEX-1602X, CSPEX-1602XA, CSPEX-1804X, CSPEX-1512X, CSPEX-1612X, CSPEX-1812X, RX-SPE200, CEPC-XP4LX, CEPC-XP24LX, CEPC-XP48RX, CEPC-CP4RX, CEPC-CP4RXA, CEPC-CP4RX-L, CSPEX-1802X, CSPEX-1802XA, CSPEX-1812X-E, CSPEX-2304X-G, CEPC-CQ8L, CEPC-CQ8LA, CEPC-CQ16L1, CSPEX-1502XA, RX-SPE200-E, CSPEX-1104-E, CSPC-GE16XP4L-E, CSPC-GE24L-E, CSPC-GP24GE8XP2L-E

The queue-length queue-length option is supported only in standard system operating mode.

4. Apply an existing QoS policy to the user profile.

qos apply policy policy-name { inbound | outbound }

By default, no QoS policy is applied to a user profile.

In standard system operating mode, only the following cards support this command:

CSPEX-1502XA, CSPEX-1802X, CSPEX-1802XA, CSPEX-1812X-E, CSPEX-2304X-G, RX-SPE200-E

In SDN-WAN system operating mode, the system does not support this command.

5. Configure queue scheduling for user queues.

¡ Specify a queue for session packets that use the user profile.

qos queue { queue-id | queue-name }

By default, no queue for session packets is specified for a user profile.

Session packets are scheduled based on the scheduling priority of the specified queue, implementing session-based congestion management.

In standard system operating mode, only the following cards support this command:

In SDN-WAN system operating mode, the system does not support this command.

¡ Set the outbound weight value for the user profile.

qos weight weight-value outbound

By default, no outbound weight value is set for a user profile.

Bandwidth resources are allocated based on the weight value.

In standard system operating mode, only the following cards support this command:

In SDN-WAN system operating mode, the system does not support this command.

6. Specify an existing queue scheduling profile for the user profile.

qos user-queue qmprofile qmprofile-name { inbound | outbound }

By default, no queue scheduling profile is specified for a user profile.

When AAA authorizes a user profile, this command takes effect only on the following cards:

For a user profile applied to an interface:

¡ In a user profile applied to the inbound direction of an interface, this command takes effect only on the following cards:

CSPEX-1304X, CSPEX-1404X, CSPEX-1502X, CSPEX-1504X, CSPEX-1504XA, CSPEX-1602X, CSPEX-1602XA, CSPEX-1804X, CSPEX-1512X, CSPEX-1612X, CSPEX-1812X, RX-SPE200, CEPC-XP4LX, CEPC-XP24LX, CEPC-XP48RX, CEPC-CP4RX, CEPC-CP4RXA, CEPC-CP4RX-L, CSPEX-1802X, CSPEX-1802XA, CSPEX-1812X-E, CSPEX-2304X-G, CEPC-CQ8L, CEPC-CQ8LA, CEPC-CQ16L1, CSPEX-1502XA, RX-SPE200-E

¡ In a user profile applied to the outbound direction of an interface, this command takes effect only on the following cards:

CSPEX-1304X, CSPEX-1404X, CSPEX-1502X, CSPEX-1504X, CSPEX-1504XA, CSPEX-1602X, CSPEX-1602XA, CSPEX-1804X, CSPEX-1512X, CSPEX-1612X, CSPEX-1812X, RX-SPE200, CEPC-XP4LX, CEPC-XP24LX, CEPC-XP48RX, CEPC-CP4RX, CEPC-CP4RXA, CEPC-CP4RX-L, CSPEX-1802X, CSPEX-1802XA, CSPEX-1812X-E, CSPEX-2304X-G, CEPC-CQ8L, CEPC-CQ8LA, CEPC-CQ16L1, CSPEX-1502XA, RX-SPE200-E, CSPEX-1104-E, CSPC-GE16XP4L-E, CSPC-GE24L-E, CSPC-GP24GE8XP2L-E

7. Configure connection limits.

¡ Set the maximum number of user connections.

connection-limit amount amount

By default, the number of user connections is not limited for a user profile.

¡ Set the maximum connection establishment rate.

connection-limit rate rate

By default, the connection establishment rate is not limited for a user profile.

In standard system operating mode, only the following cards support the two commands:

In SDN-WAN system operating mode, the system does not support this command.

8. Create a user profile free rule.

free-rule acl [ ipv6 ] { acl-number | name acl-name }

By default, no user profile free rule is configured for a user profile.

This command is supported only in standard system operating mode.

Configuring a session group profile

Restrictions and guidelines

In standard system operating mode, only the following cards support this feature:

In SDN-WAN system operating mode, the system does not support this feature.

Procedure

1. Enter system view.

system-view

2. Enter interface view.

interface interface-type interface-number

3. Identify a session group on the interface.

qos session-group identify { customer-vlan | service-vlan | customer-service-vlan | subscriber-id }

By default, no session group is identified on the interface.

The interface identifies packets according to the specified method and classifies packets with the same characteristics to the same user group.

4. Return to system view.

quit

5. Create a session group profile and enter session group profile view.

user-profile profile-name type session-group

You can use the command to enter the view of an existing session group profile.

6. Configure traffic regulation.

¡ Configure GTS for the session group profile.

qos gts { any | queue queue-id } cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ] [ queue-length queue-length ]

qos gts { any | queue queue-id } cir committed-information-rate [ cbs committed-burst-size ] pir peak-information-rate [ ebs excess-burst-size ] [ queue-length queue-length ]

By default, no GTS is configured for a session group profile.

7. Apply an existing queue scheduling profile to the session group profile.

qos apply qmprofile profile-name

By default, no queue scheduling profile is applied to a session group profile.

For information about GTS and queue scheduling profiles, see ACL and QoS Configuration Guide.

Configuring a user group profile

Restrictions and guidelines

In standard system operating mode, only the following cards support this feature:

In SDN-WAN system operating mode, the system does not support this feature.

Procedure

1. Enter system view.

system-view

2. Create a user group profile and enter user group profile view.

user-group-profile profile-name

3. Configure traffic regulation.

¡ Configure GTS for the user group profile.

qos gts [ inbound ] any cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ] [ queue-length queue-length ]

qos gts [ inbound ] any cir committed-information-rate [ cbs committed-burst-size ] pir peak-information-rate [ ebs excess-burst-size ] [ queue-length queue-length ]

By default, no GTS is configured for a user group profile.

4. Apply an existing queue scheduling profile to the user group profile.

qos apply qmprofile profile-name

By default, no queue scheduling profile is applied to a user group profile.

5. Set the outbound weight value for the user group profile.

qos weight weight-value outbound

By default, no outbound weight value is set for a user group profile.

Bandwidth resources are allocated among user group profiles based on the weight value.

6. Return to system view.

quit

7. Enter user profile view.

user-profile profile-name

8. Associate the user profile with the user group profile.

qos user-queue user-group-profile user-group-profile-name outbound

By default, a user profile is not associated with any user group profile.

For information about GTS and queue scheduling profiles, see ACL and QoS Configuration Guide.

Applying a user profile to an interface

Restrictions and guidelines

The following rules apply if you specify a direction when applying a user profile to an interface:

· The settings in the user profile take effect only if the direction of the settings is the same as the application direction.

· Only one user profile can be applied to the same direction.

The following rules apply if you do not specify a direction when applying a user profile to an interface:

· The settings in the user profile take effect in the direction as they are configured.

· No other user profile can be applied to the interface, regardless of whether it is applied with a direction.

This feature is mutually exclusive with any of the following configurations:

· Bind the interface to a VSI by using the xconnect vsi command.

· Bind the interface to a cross-connect by using the ac interface command.

· (In standard system operating mode.) Enable IPoE on the interface and configure an IPoE access mode for users by using the ip subscriber enable command.

The device supports only CAR policy, rate limiting, and queue scheduling profile settings in a user profile applied to an interface.

· The CAR policy is mutually exclusive with traffic policing configured on an interface by using the qos car command.

· The CAR policy on a main interface does not take effect on its subinterfaces.

· The CAR policy does not take effect on member ports of an aggregation group.

· The CAR policy supports only the single rate two color algorithm. If you configure the pir peak-information-rate option, tokens are put into the token bucket at the PIR.

· The maximum bandwidth in a queue scheduling profile can take effect only on CSPEX-1104-E, CSPC-GE16XP4L-E, CSPC-GE24L-E, and CSPC-GP24GE8XP2L-E cards.

Procedure

1. Enter system view.

system-view

2. Enter interface view.

interface interface-type interface-number

3. Apply a user profile to the interface.

qos apply user-profile profile-name [ inbound | outbound ]

By default, no user profile is applied to an interface.

Display and maintenance commands for user profiles

Execute display commands in any view and reset commands in user view.

Task	Command
Display the configuration and traffic policing statistics for a user profile applied to an interface.	In standalone mode: display user-profile interface [ interface-type interface-number ] [ slot slot-number [ cpu cpu-number ] ] [ inbound \| outbound ] In IRF mode: display user-profile interface [ interface-type interface-number ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ] [ inbound \| outbound ]
Display configuration and online user information for the specified user group profile or all user group profiles.	In standalone mode: display user-group-profile [ name profile-name ] [ slot slot-number [ cpu cpu-number ] ] In IRF mode: display user-group-profile [ name profile-name ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ] This command is supported only in standard system operating mode.
Display configuration and online user information for the specified user profile or all user profiles.	In standalone mode: display user-profile [ session-group ] [ name profile-name ] [ slot slot-number [ cpu cpu-number ] ] In IRF mode: display user-profile [ session-group ] [ name profile-name ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
Clear the traffic policing statistics for a user profile applied to an interface.	reset user-profile interface [ interface-type interface-number ] [ inbound \| outbound ]

‌

17-BRAS Services Configuration Guide

Configuring user profiles

About user profiles

Configuring a user profile

About this task

Restrictions and guidelines

Procedure

Configuring a session group profile

Restrictions and guidelines

Procedure

Restrictions and guidelines

Procedure

Restrictions and guidelines

Procedure

Display and maintenance commands for user profiles

Cloud & AI

InterConnect

Intelligent Terminal Products

Product Support Services

Technical Service Solutions

Resource Center

Policy

Online Help

Become a Partner

Partner Resources

Partner Business Management

Company Information

News & Events

Contact Us