电信M6000(BRAS)开局配置模版及常见业务配置指导(3)

[ZBoot]:1

步骤5 网络启动时BOOT设置菜单内容如下：

Config As SC? (Yy/Nn) : y /*设置SC*/

Boot Mode(1: Local Flash; 2: Net): 1 /*当前BOOT启动方式1为本地启动*/ Base MAC Addr : 0:1:22:33:44:55 /*设置设备的基准MAC*/ Mac Total : 32 /*设置设备MAC最大偏移量，最大值为63*/

Local IP : 169.1.11.27 /*设置设备网管口IP地址*/ Net Mask : 255.255.0.0 /*设置设备网管口子网掩码*/ Gateway IP : 169.1.106.3 /*设置设备启动的FTP网关*/ Server IP : 169.1.106.3 /*设置设备启动的FTP IP*/ File Name : M6000_1.10.0.B12.set /*设置设备启动的版本文件名*/ FTP Path : /*设置设备下载版本文件的FTP路径*/ FTP Username : M6000 /*设置FTP用户名*/ FTP Password : ***** /*设置FTP密码*/ Serial Authenticate (Yy/Nn) : n /*串口认证*/

Enable Password : ****** /*设置enable密码*/

Manual boot now? (Yy/Nn) y /*输入y回车即可启动单板*/

6.2.2. 定义设备名称

命名规则：详细规范，请参考《云南电信IP骨干城域网路由组网和配置规范》，以云南临沧(LC)临翔区新局(LXQXJ)总第3台BAS，第一台M6000为例， 命令：

hostname LC-LXQXJ-BAS-3.MAN.M6000-1

6.2.3. 配置本地登录帐号（复制粘贴）

aaa-authentication-template 2001 aaa-authentication-type local !

aaa-authorization-template 2001 aaa-authorization-type none !

system-user

authentication-template 1

bind-authentication-template 2001 $

authorization-template 1

bind-authorization-template 2001 local-privilege-level 1 $

username zxr10 password zxr10 authentication-template 1 authorization-template 1

!

6.2.4. 修改初始enable密码

enable secret level 15 zte@admin !

6.2.5. 设置管理会话闲置超时时间10分钟

line console idle-timeout 10 line telnet idle-timeout 10

6.2.6. Loopback接口配置

interface loopback1

description For-GlobalRouting

ip address 116.55.61.52 255.255.255.255 !

interface loopback2

description For-Multicast

ip address 116.55.61.54 255.255.255.255 !

6.2.7. 物理接口配置：

interface gei-0/0/0/1

negotiation negotiation-force //这里与30版本不同，不需要到pm模式下配置 description uT: CX-339Ju-CR-1.MAN.NE40x16-1:GE0/3/0/2::PROCESSING ip address 112.114.191.86 255.255.255.252 no shutdown //设备端口缺省是关闭的 !

interface gei-0/1/0/1

negotiation negotiation-force

description uT: CX-339Ju-CR-2.MAN.NE40x16-2:GE0/3/0/2::PROCESSING ip address 112.114.191.94 255.255.255.252 no shutdown !

6.2.8. 配置缺省路由

ip route 0.0.0.0 0.0.0.0 112.114.191.85 254//配置静态默认路由，优先级254 ip route 0.0.0.0 0.0.0.0 112.114.191.93 254

6.2.9. NTP时间同步配置

目前各地州以两台CR作为时间服务器

clock timezone Beijing 8

ntp server 218.62.159.69 priority 1 //服务器地址就是本地市CR的loopback ntp server 218.62.159.70 priority 2 ntp enable

6.2.10. 保存开局基本配置

Write

完成以上基本配置后，查看OSPF协议邻居建立情况，如能正常建立，并能学习到缺省路由，则可以通过远程登录方式登录设备了。

6.3. M6000网络协议及基本应用配置

6.3.1.

OSPF协议配置

router ospf 1

router-id 116.55.61.52

auto-cost reference-bandwidth 100000 //100G带宽作为cost值计算基准 maximum-paths 8

redistribute connected

passive-interface loopback1 passive-interface loopback2

network 112.114.191.84 0.0.0.3 area 0 network 112.114.191.92 0.0.0.3 area 0 network 116.55.61.52 0.0.0.0 area 0 network 116.55.61.54 0.0.0.0 area 0 interface gei-0/0/0/1 network point-to-point $

interface gei-0/1/0/1 network point-to-point $ !

配置验证： CX-339Ju-BAS-4.MAN.M6000-1#show ip ospf neighbor OSPF Router with ID (116.55.61.52) (Process ID 878) Neighbor ID Pri State DeadTime Address Interface 218.62.159.70 1 FULL/-- 00:00:40 112.114.191.93 gei-0/1/0/1 6.3.2. ISIS路由协议配置

router isis

area 86.4948.0878 //ISIS区域ID，格式为“国家代码+AS号后四位+固话区号” system-id 1160.5506.1052 //ISIS系统ID，由设备loopback地址进行转换 is-type level-2-only distance 160

metric-style wide

set-overload-bit on-start-up wait-for-bgp fast-flood i-spf

maximum-paths 8

passive-interface loopback1 passive-interface loopback2

interface loopback1 ip router isis $

interface loopback2 ip router isis $

interface gei-0/0/0/1 ip router isis

circuit-type level-2-only metric 3000

network point-to-point $

interface gei-0/1/0/1 ip router isis

circuit-type level-2-only metric 3000

network point-to-point $ !

说明：电信城域网改为ISIS+BGP后，ISIS仅用于通告设备的loopback、互联地址等，业务接口或网段不通过ISIS通告。

配置验证： DQ-DeQin-XJ-BAS-1.MAN.M6000-1#show isis adjacency Process ID: 0 Interface System id State Lev Holds SNPA(802.2) Pri MT gei-0/1/0/1 DQ-XGLL-ZXJ-CR UP L2 26 PPP 0 -2.MAN.NE40X16 gei-0/0/0/1 DQ-XGLL-ZXJ-CR UP L2 28 PPP 0 -1.MAN.NE40X16 6.3.3. MPLS协议配置

mpls ldp instance 1 router-id loopback1

access-fec host-route-only //只接受32位掩码主机路由的标签分发 interface gei-0/0/0/1 $

interface gei-0/1/0/1 $ !

配置验证： DQ-DeQin-XJ-BAS-1.MAN.M6000-1#show mpls ldp neighbor instance 1 Peer LDP Ident: 218.62.159.135:0; Local LDP Ident: 116.248.191.246:0 TCP connection: 218.62.159.135.49282 - 116.248.191.246.646 State: Oper; Msgs sent/rcvd: 4071/4070; Downstream Up Time: 16:52:50 LDP discovery sources: gei-0/0/0/1; Src IP addr: 116.248.191.181 Addresses bound to peer LDP Ident: 116.248.191.1 116.248.191.149 116.248.191.153 116.248.191.161 116.248.191.181 116.248.191.197 218.62.157.109 218.62.159.135 222.221.29.101 222.221.29.105 Peer LDP Ident: 218.62.159.136:0; Local LDP Ident: 116.248.191.246:0 TCP connection: 218.62.159.136.55395 - 116.248.191.246.646 State: Oper; Msgs sent/rcvd: 4071/4081; Downstream Up Time: 16:52:50 LDP discovery sources: gei-0/1/0/1; Src IP addr: 116.248.191.185 Addresses bound to peer LDP Ident: 116.248.191.5 116.248.191.145 116.248.191.157 116.248.191.165 116.248.191.185 116.248.191.193 116.248.191.201 218.62.157.105 218.62.159.136 222.221.29.102 222.221.29.106 6.3.4. BGP协议配置

云南电信BGP协议目前有两个作用，

1. 通告城域网业务网段地址； 2. 通告VPN路由及私网标签。 BGP进程创建了两个Peer-group，pgGRR和pgVRR。pgGRR用于通告城域网业务网段（全局），pgVRR用于VPN路由。

设备向pgGRR邻居通告路由时需要携带no-export属性，但个别网段如果通告不出去的话，可能是和CR上的network产生冲突，需要去除no-export属性，这样的网段要在ip prefix-list pl_NoExport163中deny掉。

具体配置如下： //创建前缀列表，以后需要特殊处理的列表加到此prefix-list中，并把seq设置在10000以前即可。

ip prefix-list pl_NoExport163 seq 10000 permit 0.0.0.0 0 le 32 !

//创建route-map

route-map rm_NoExport163 permit 10

match ip address prefix-list pl_NoExport163 set community no-export !

route-map rm_NoExport163 permit 20 !

//配置bgp协议 router bgp 64948

distance bgp internal 200 distance bgp external 70 no synchronization maximum-paths 8

bgp router-id 116.55.61.52 neighbor pgVRR peer-group

neighbor pgVRR remote-as 64948 no neighbor pgVRR activate

neighbor pgVRR update-source loopback1 neighbor pgGRR peer-group

neighbor pgGRR remote-as 65232 neighbor pgGRR activate

neighbor pgGRR route-map rm_NoExport163 out neighbor pgGRR send-community

neighbor pgGRR update-source loopback2 neighbor 218.62.159.69 peer-group pgVRR neighbor 218.62.159.70 peer-group pgVRR neighbor 218.62.159.69 peer-group pgGRR neighbor 218.62.159.70 peer-group pgGRR