技術(shù)-貝爾7750bras nat配置

1、7750 BRAS NAT 數(shù)據(jù)及日志配置規(guī)范總述：移動(dòng)城域網(wǎng)由于地址資源的，家寬用戶將使用私網(wǎng)地址，7750BRAS 實(shí)現(xiàn)有兩種 NAT 方式，一種是 Large-scale，一種是 L2-aware方式；一、Large-scale 方式的配置-1.1、NAT 板卡的配置card 2card-type iom3-xp mda 1mda-type isa-bb no shutdownexitNAT-group 的配置Configure isanat-group 1 createactive-mda-limit 1/如果現(xiàn)場(chǎng)配置兩片MDA，這里配置 1 為主備方式，配置為 2 則為負(fù)荷分擔(dān)方式m

2、da 2/1no shutdown1.2、/需要，也可以配置兩個(gè)或多個(gè) groupnat-group 2createactive-mda-limit 2 mda 2/1mda 3/1no shutdown公網(wǎng)地址池配置-large 方式# configure router natoutside1.3、pool TT-GLOBAL nat-group 1 type large-scale createport-reservation ports 252/每個(gè) block 有多少端口port-reservationblock 128/把一個(gè)公網(wǎng)IP分成多少個(gè)block（二選一）num-blocks

3、 Specifies the number of port-blocks per IP address. Setting num-blocks to one (1) forlargescale NAT will enable 1:1 NAT for IP addressesValues 1 64512num-ports Specifies the number of ports per block.Values 1 32256his pool./每個(gè)公網(wǎng)地址，最大分配subscriber-limit 200給用戶使用address-range 120.235.96.0 120.235.96.1

4、27 createexitno shutdownexitexit/nat 地址的配置，要從網(wǎng)段的第一個(gè)地址配置到最后一個(gè)地址，否則產(chǎn)生的 NAT網(wǎng)段不是聚合的網(wǎng)段，導(dǎo)致路由發(fā)布不成功show router route-table protocol nat=Route Table (Router: Base)=Dest PrefixFlagsTypeProtoAgeNext Hoperface NameMetric120.235.96.0/25RemoteNAT40d00h07m0NAT outside: group 1 member 10No. of Routes: 1Flags: L = L

5、FA nexthop availableB = BGP backup route availablen = Number of times nexthop is repeated1、4 策略配置configureservicenatnat-policy guandian create block-limit 1pool bras router Baseport-limits/最大分配給用戶 block 數(shù)，默認(rèn) 1watermarks high 98 low 90/Thisd configures the port usage watermarks for the NAT policy.Par

6、ameters percentage-high Specifies the high percentage.Values 1 100percentage-low Specifies the low percentage.Values 0 99/exit timeoutstcp-established min 30/ Thisd configuressesidle timeouts for this policy.exitexitexit1.5、PPPOE 業(yè)務(wù)配置vpls 30000000 customer 3000 createstpshutdownexitsap 2/2/9:*.* cap

7、ture-sap createdescription To-T-sw01triggacket pppoepppoe-policy pppoemsap-defaultsgroup-erface port- 2/2/9 policy hsi-msapservice 20000003exitauthentication-policy auth-gmcc-radiusexit:GDZHS-MS-IPMAN-BRAS02-DEJL-AL# configure service vprn 20000003*A:GDZHS-MS-IPMAN-BRAS02-DEJL-ALconfigservicevprn# i

8、nfodhcplocal-dhcp-server pppoe_server create use-gi-addresspool pppoe-server-01 create max-lease-time min 45 optionsdns-server 211.136.192.6 120.196.165.24exitsubnet 10.10.10.0/24 create optionsdefault-router 10.10.10.1exitaddress-range 10.10.10.1 10.10.10.254exitexitno shutdownexitexitroute-disting

9、uisher 100:100 auto-bind ldpvrf-:100:100erface dhcp_pppoe createaddress 172.16.1.1/32local-dhcp-server pppoe_serverloackexitsubscriber-erface test createaddress 10.10.10.1/24group-erface port- 2/2/9 create arp-populatedhcpserver 172.16.1.1 trustedlease-populate 30000 cnt-applications ppp gi-address

10、10.10.10.1 no shutdownexitauthentication-policy auth-gmcc-radius oper-up-while-emptypppoepolicy pppoeses-limit 10000sap-ses-limit 10000no shutdownexitexitnatinsidenat-policy TT-POLICY-NAT destination-prefix 0.0.0.0/0exitexitno shutdown二、 L2-aware 方式-提供上送 Radius 公網(wǎng) IP 和端口范圍2.1、同 1.1,1.2,1.32.47750con

11、figservicenat# infonat-policy pppoe createpool l2aware-pool-vprn10000101 router Base timeoutstcp-established min 10exitexit2.5、configure router natA: 7750configrouternat# infooutsidepool l2aware-pool-vprn10000101 nat-group 2 type l2-aware createport-reservation ports 252address-range 120.198.15.168

12、120.198.15.171 create exitno shutdownexitexit2.6、關(guān)聯(lián)策略 sub-profile acc-gmcc7750configsubsgmtsub-prof# infonat-policy pppoeradius-accounting-policy acc-gmcc-radius2.7 、 在 計(jì) 費(fèi) 信 息 上 報(bào)acc-gmcc-radius公 網(wǎng) 地 址 和 端 口 范 圍 radius-accounting-policy*A:GDZH-MS-IPMAN-HQ-BRAS01-7750configsubsgmtacct-plcy# infohost

13、-accountingupdate-erval 15erim-updateinclude-radius-attributecalling-sion-id sap-string circuit-idframed-ip-addr framed-ip-netmask nas-identifiernas-port-id/公網(wǎng)地址和端口范圍nat-port-rangeremote-id sla-profile sub-profile subscriber-id user-nameexitses-id-format numberuse-std-acctributesradius-accounting-se

14、rverretry 10timeout 10source-address 120.196.31.244server1address221.179.9.19secret3MmsVqbmMjuYDexit 2.8、業(yè)務(wù)配置qhE6.NmJjOzWfNAV hash2*A:configure service vprn 10000101*A: configservicevprn# infodhcplocal-dhcp-server nat-server create use-gi-address scope poolpool private-pool create optionsdns-server

15、211.136.192.6 120.196.165.24exitsubnet 192.168.1.0/24 create optionsdefault-router 192.168.1.1exitaddress-range 192.168.1.2 192.168.1.254exitexitno shutdownexitexitroute-distinguisher 100:100 auto-bind ldp:100:100erface nat-test create address 10.0.0.8/32local-dhcp-server nat-servervrf-loackexitsubs

16、criber-erface pppoe create address 192.168.1.1/24group-erface port- 1/2/18 create arp-populatedhcpserver 10.0.0.8 trustedlease-populate 30000 c nt-applications pppgi-address 192.168.1.254 no shutdownexitauthentication-policy auth-gmcc-radius oper-up-while-emptypppoepolicy pppoeses-limit 10000sap-ses

17、-limit 10000no shutdownexitexitexitnatinsidel2-awareaddress 192.168.1.1/24網(wǎng)關(guān)地址exitexitexitno shutdown三、 使用 filter 方式實(shí)現(xiàn) NAT對(duì)特殊需求可以使用，比如客戶有些網(wǎng)段要做 NAT 轉(zhuǎn)換，有些不轉(zhuǎn)換3.1、 vprn 50 customer 1 create natinsidenat-policy lsn-policy-vprn50exit outsidepool lsn-pool-vprn50 nat-group 1 type large-scale create address-

18、range 50.50.0.0 50.50.0.100 createexitno shutdownexitexitexiterface host1 create address 192.168.1.1/24 sap 1/1/3:1150 createingress/使用 filter 關(guān)聯(lián) natfilter ip 50exitexitexitexit32、service natnat-policy lsn-policy-vprn50 create pool lsn-pool-vprn50 router 50exitexitexit3.3、configure filter ip-filter

19、50 createdescription NAT-Filter for VPRN 50 entry 10 creatematchdst-ip 80.80.80.0/24exitaction forwardexitentry 20 create matchsrc-ip 192.168.0.0/16exit action natexitexit/目標(biāo)地址 80.80.80.0/24 forward/源地址，做 NAT 轉(zhuǎn)換四、NAT 日志配置4.2 使用 netflow 提供 ses級(jí) nat 日志4.1 使用 syslog 提供用戶級(jí) NAT 日志1、Configure log filter 10