• No results found

FE Service Configuration

In document s100 (Page 47-56)

1. Equipment Introduction

1.2 Board Description

1.3.8 FE Service Configuration

1.3.8.1 PPPOE configuration example

• Setp1: Create a VLAN and add an upstream port to the VLAN  MA5616(config)#vlan 600 smart

 MA5616(config)#port vlan 600 0/0 0 • Setp2: Create the service port to the VLAN (30M up/down)

 MA5616(config)#service-port 128 vlan 600 eth 0/3/0 multi-service user-vlan 35 rx-cttr 30 tx-cttr 30

Range Service-Slot1 Service-Slot2 Service-Slot3 Service-Slot4

PPPOE 0-255 0-63 64-127 128-171 172-255

IPTV 256-511 256-319 320-383 384-447 448-511

VOIP 512-767 512-577 578-639 640-703 704-767

IPOE 768~999

PPPOE IPTV VOIP IPOE

ADSL (pvc) 8/35 8/36 8/37 8/38 VDSL (uservlan) 35 36 37 38 FE (uservlan) 35 36 37 38

Setp3: Configure the security for PPPOE service.

MA5616(config)#vlan bind service-profile 600 profile-name PPPOE

1.3.8.2 IPTV configuration example

• Setp1: Create a VLAN and add an upstream port to the VLAN  MA5616(config)#vlan 1100 smart

 MA5616(config)#port vlan 1100 0/0 0  MA5616(config)#vlan 99 smart  MA5616(config)#port vlan 99 0/0 0 • Setp3: Create the service port to the VLAN

 MA5616(config)#service-port 384 vlan 1100 eth 0/3/0 multi-service user-vlan 36 rx-cttr 101 tx-cttr 111

 Note: Here the ID of “service-port” is “384”, every service-port have

Range Service-Slot1 Service-Slot2 Service-Slot3 Service-Slot4

PPPOE 0-255 0-63 64-127 128-171 172-255

IPTV 256-511 256-319 320-383 384-447 448-511

VOIP 512-767 512-577 578-639 640-703 704-767

IPOE 768~999

User Vlan: 36 should be set at VDSL CPE, on the IPTV bridge channel, for all of the CPE can be set to be the same mode, for example, every CPE set the IPTV Bridge channel to be uservlan 36.

PPPOE IPTV VOIP IPOE

ADSL (pvc) 8/35 8/36 8/37 8/38 VDSL (uservlan) 35 36 37 38 FE (uservlan) 35 36 37 38

• Setp4: Configure the “Security” for IPTV service

• MA5616(config)#vlan bind service-profile 1100 profile-name IPTV •

• Setp5: Configure the “BTV” at DSLAM • MA5616(config)#multicast-vlan 99

• MA5616(config-mvlan99)# igmp mode proxy • MA5616(config-mvlan99)# igmp uplink-port 0/0/0

• MA5616(config-mvlan99)# igmp program add batch ip 232.84.1.1 to-ip 232.84.1.253 priority 4

• MA5616(config-mvlan99)#btv

• MA5616(config-btv)#igmp proxy router gen-query-interval 30 • MA5616(config-btv)#igmp proxy router robustness 1

• MA5616(config-btv)#igmp user add service-port 384 no-auth • MA5616(config-btv)#multicast-vlan 99

• MA5616(config-mvlan99)#igmp multicast-vlan member service-port 384

• Note: The BTV user under “BTV” mode can join the channel at differnet MVLAN.

1.3.8.3 VOIP configuration example

Note: Here is the VOIP is based on the CPE, DSLAM just provide the channel to

transparent the packets.

• Setp1: Create a VLAN and add an upstream port to the VLAN  MA5616(config)#vlan 88 smart

 MA5616(config)#port vlan 88 0/0 0 • Setp2: Create the service port to the VLAN

 MA5616(config)#service-port 640 vlan 88 eth 0/3/0 multi-service user-vlan 37 rx-cttr 120 tx-cttr 120

 Note: Here the ID of “service-port” is “640”, every service-port have

one id, later it will be used add the IPTV user.

Range Service-Slot1 Service-Slot2 Service-Slot3 Service-Slot4

PPPOE 0-255 0-63 64-127 128-171 172-255

IPTV 256-511 256-319 320-383 384-447 448-511

VOIP 512-767 512-577 578-639 640-703 704-767

IPOE 768~999

User Vlan: 37 should be set at FE CPE, on the IPTV bridge channel, for all of the CPE can be set to be the same mode, for example, every CPE set the IPTV Bridge channel to be uservlan 37.

PPPOE IPTV VOIP IPOE

ADSL (pvc) 8/35 8/36 8/37 8/38 VDSL (uservlan) 35 36 37 38 FE (uservlan) 35 36 37 38 Traffic-Table: 120

• Setp3: Configure the “Security” for VOIP service MA5616(config)#vlan bind service-profile 88 profile-name VOIP

1.3.8.4 IPOE configuration example

• Setp1: Create a VLAN and add an upstream port to the VLAN  MA5616(config)#vlan 666 smart

 MA5616(config)#port vlan 666 0/0 0 • Setp2: Create the service port to the VLAN (30M up/down)

 MA5616(config)#service-port 768 vlan 660 eth 0/3/0 multi-service user-vlan 38 rx-cttr 80 tx-cttr 80

Range Service-Slot1 Service-Slot2 Service-Slot3 Service-Slot4

PPPOE 0-255 0-63 64-127 128-171 172-255

IPTV 256-511 256-319 320-383 384-447 448-511

VOIP 512-767 512-577 578-639 640-703 704-767

IPOE 768~999

PPPOE IPTV VOIP IPOE

ADSL (pvc) 8/35 8/36 8/37 8/38 VDSL (uservlan) 35 36 37 38 FE (uservlan) 35 36 37 38

Setp3: Configure the security for IPOE service.

MA5616(config)#vlan bind service-profile 660 profile-name IPOE

1.4 Feature Description

1.4.1 Anti-Macspofing

MAC spoofing means that the malicious users forge the MAC addresses and attack the network by transmitting packets. Malicious users can forge the MAC addresses of common users to damage the services of these users. Malicious users can also transmit a large number of forged packets that contain different MAC addresses to the system, which affects the normal operation of the system or even causes the system to be down.

The anti MAC spoofing feature refers to the feature that the system prevents users from attacking the system by forging MAC addresses.

 PC1 and PC2 use the PPPoE service.

 PC1 uses the MAC address of the BRAS server as its source MAC address to send packets.

 The forwarding entries on the access device are changed. As a result, the PPPoE service packets of PC2 are sent to PC1 instead of to the BRAS server.

 Normal services of PC2 fail. Note:

1. This feature is just for PPPOE and DHCP service, can not be used for IPOE service, otherwise the IPOE service will be down.

2. After use the feature at PPPOE and DHCP vlan, please use another command to check the MAC address for this 2 Vlan: display security bind mac

1.4.2 Ring Check

• If there is one user port have too much protocol packet, system can detect and discard

all of the protocol packets of that port but the common data packet can be transfer still.

• And if this port recovers, system will release this port and begin to deal with the

protocol packet of that port again.

• MA5616(config)#ring check { enable | disable } • By default, the ring check function is disabled.

• When the Ring Check feature is enabled in the device, the device sends 16 Ring Check

packets (proprietary BPDU packets) to the subscriber port per second. The device sends the Ring Check packets to only the traffic stream that is in the Up state.

• Ring check mechanism:

• If the MA5616 receives the private ring check packet from a user port, it blocks the user

port and sends the matched alarm.

• If the device receives Ring Check packet from a user port, it determines whether the

root bridge in the packet is the same as that in the device. If they are the same, the device blocks the user port and sends the matched alarm.

• If the device received the private Ring Check packet from the upstream port, it

determines whether the packet is sent from the root bridge. If the packet is sent from the root bridge, the device blocks the user port and sends the matched alarm.

1.4.3 Security Anti-dos

• MA5616(config)#security anti-dos { enable | disable }

• Prevent the end-user attack the Server/BRAS with the same MAC address of Server,

otherwise the whole Internet service of that VLAN will be affected.

1.4.5 Security Mac-filter

• huawei(config)#security mac-filter

• { mac_addr<P><XXXX-XXXX-XXXX> }:1010-1010-3020 • Command:

• security mac-filter 1010-1010-3020

• Note: System can configure 4 different “Security MAC-Filter” in total.

Note: In this way, DSLAM can check the port status, it can work or not, before deploy the real service.

The callee can hear the test tone from the phone, and can feedback the quality by press button “*” to report to DSLAM good quality and other button not good.

Note: In this way, DSLAM can check the port status, it can work or not, before deploy the real service.

In document s100 (Page 47-56)
Download now "s100"

Outline

Related documents