1、 admin_acl的配置
ip access-list admin_acl
seq 10 permit ip 221.2.128.0 0.0.7.255 any seq 20 permit ip 221.2.141.0 0.0.0.255 any seq 30 permit ip 218.56.9.192 0.0.0.15 any seq 31 permit ip 221.2.138.48 0.0.0.15 any seq 32 permit ip host 210.52.3.12 any seq 40 deny tcp any any eq telnet seq 50 deny tcp any any eq ssh seq 60 deny tcp any any eq ftp seq 70 deny tcp any any eq ftp-data seq 80 deny tcp any any eq 161 seq 90 deny udp any any eq tftp seq 91 deny udp any any eq snmp seq 100 permit ip any any !
admin-access-group admin_acl in count log
2、 用户绑定
interface one multibind ip address 100.1.1.1/24
subscriber name dslam password dslam ip address 100.1.1.2 ip address 100.1.1.3 ip address 100.1.1.4 ip address 100.1.1.5 ip address 100.1.1.6
port ethernet 1/7 no shutdown
encapsulation dot1q
dot1q pvc 100
bind subscriber dslam@local password dslam 3、 L2TP配置
context tunnel_mi domain libellotest1 domain libellotest2 !
no ip domain-lookup !
interface To_MI_LNS1
ip address 192.168.18.113/28 no logging console
aaa authentication subscriber none
!
subscriber default tunnel domain
service telnet client !
l2tp-peer name MI_LNS1 media udp-ip remote ip 192.168.18.114 local 192.168.18.1 13
function lac-only local-name MT_LAC1
tunnel-auth key mi_access1 !
l2tp-peer name MI_LNS2 media udp-ip remote ip 192.168.18.114 local 192.168.18.1 13
local-name MT_LAC2 function lac-only
tunnel-auth key mi_access2 !
l2tp-group name grp_routeur1 algorithm priority deadtime 5
domain libellotest1 domain libellotest2
peer name MI_LNS1 preference 10 peer name MI_LNS2 preference 20
4、The network topology as shown below:
the SE800 configuration is attached in the file config.txt
SE800 function as LTS box, using unnamed peer accept l2tp tunnel from LAC, and switch the tunnel to LNS. LNS terminate PPPoE session and assign IP address. In the SE800, the tunnel between LAC and LTS is created on loopback ipaddress, 1.1.1.1 and 10.10.10.10, the slot 11 and slot 11 are GE module and used for route traffic between 1.1.1.1 and 10.10.10.10, card 11 and card 12 configed slot redundant, with same priority.
When slot 11 and slot 12 are both online, 1000 pppoe session from LAC (from tester) was load balanced on slot 11 and slot 12, as shown below [local]SE3#show l2tp global ipc …
PPA Name Registration Time Chg# Ccts Tun-Cr Tun-Del
------------ -------------------- ----- ----- -------- -------- Slot 2 IPPA Mon Sep 27 15:32:40 2 6 3 0 Slot 2 EPPA Mon Sep 27 15:32:41 4 6 3 0 Slot 11 IPPA Mon Sep 27 15:32:41 6 502 3 0 Slot 11 EPPA Mon Sep 27 15:32:42 10 502 3 0 Slot 12 IPPA Mon Sep 27 15:32:41 8 502 3 0 Slot 12 EPPA Mon Sep 27 15:32:42 12 502 3 0 [local]SE3#
the I remove card 11, at begin, all session was switch over to slot 12. as shown below
4、 对于PPP用户,QOS策略要施加到帐号上,在pvc上施加策略对ppp用户不起作用。dscp 40
(101)对应4队列的队列1。
5、用户从一个PVC,建立两个PPPOE连接,一个到context pppoe(普通上网),一个到context iptv(IPTV视频)。
按不同的用户和应用,数据流被分为四个级别,分别打上DSCP标记:
普通上网――df,固定IP用户――cs3,iptv――cs4 在上联的GE10/1,下联DSLAM的ATM3/1,eth5/1上应用队列策略。 在ATM PVC上为保证有IPTV需求的用户的带宽,将相应PVC上应用vbr。 各种配置如下: context pppoe
subscriber default
qos policy policing internet 进入VR的数据包打DSCP标记
qos policy internet policing 定义ingress的qos policy rate 1000 burst 100
conform mark dscp df
************************************************************ port ethernet 10/1 在上联口应用优化级队列test-pq qos policy queuing test-pq
atm profile vbr-rt 定义vbr-rt的atm profile shaping vbr-rt pcr 2000 cdvt 1000 scr 1500 bt 1000
port atm 3/1
qos policy queuing test-atmwfq 在下联ATM口应用atm wfq队列 atm pvc explicit 107:101 through 107:932 profile vbr-rt encapsulation pppoe 在相应pvc上应用profile vbr-rt
port eth 5/1
qos policy queuing test-edrr 在下联100M的端口上应用edrr队列
context iptv
subscriber default
qos policy policing iptv 进入VR的数据包打DSCP标记
qos policy iptv policing 定义ingress的qos policy rate 1000 burst 100 conform mark dscp cs4
******************************************************************** port ethernet 10/1 在上联口应用优化级队列test-pq qos policy queuing test-pq
atm profile vbr-rt 定义vbr-rt的atm profile shaping vbr-rt pcr 2000 cdvt 1000 scr 1500 bt 1000
port atm 3/1
qos policy queuing test-atmwfq 在下联ATM口应用atm wfq队列 atm pvc explicit 107:101 through 107:932 profile vbr-rt encapsulation pppoe
port eth 5/1
qos policy queuing test-edrr 在下联100M的端口上应用edrr队列
context b1483
qos policy fixip policing 定义固定IP用户的DSCP值
mark dscp cs3
************************************************************** atm profile vbr-nrt 定义vbr-nrt的atm profile shaping vbr-rt pcr 2000 cdvt 1000 scr 1500 bt 1000
port atm 3/1
qos policy queuing test-atmwfq 在下联ATM口应用atm wfq队列(egress) atm pvc 0 410 profile vbr-nrt encapsulation route1483
qos policy policing fixip 在pvc上应用策略给该pvc数据打DSCP标记(ingress)
port eth 5/1
qos policy queuing test-edrr 在下联100M的端口上应用edrr队列(egress) dot1q pvc 2158
qos policy policing fixip 在pvc上应用策略给该pvc数据打DSCP标记(ingress)
port ethernet 10/1
qos policy queuing test-pq 在上联口应用优化级队列test-pq(egress)
******************************************************************************* qos queue-map default default queue-map num-queues 2
queue 0 priority 0
相关推荐:
loading