2024年2月19日发(作者：戈璧)

1． 需求：北湖OLT原来通过北湖华为9303到bras进行认证上网，如今由于业务扩展，bras接口不够用需腾出北湖交换机直连bras的接口用作他用。

2． 拓扑图：

3． 方案：

① 计划把北湖9303与bras 5200G的链路做二层透传割接到中盟9312，再由中盟9312透传至bras 5200G认证上网。

具体实施如下：

1、 配置中盟9312的g11/0/46、g11/0/47做链路汇聚Eth-10对接原北湖Eth-1，放通下带用户原网管vlan

8 800和业务外层vlan 3006 3007 3008 3010

在中盟9312上：

[GXNN-HW9312]interface Eth-Trunk10

[GXNN-HW9312-Eth-Trunk10]description TO-BeiHu-S9303-Eth-Trunk1

[GXNN-HW9312-Eth-Trunk10]port link-type trunk

[GXNN-HW9312-Eth-Trunk10]port trunk allow-pass vlan 8 800 3006 to 3008 3010

[GXNN-HW9312-Eth-Trunk10]quit

[GXNN-HW9312]int g11/0/46

[GXNN-HW9312-GigabitEthernet11/0/46]eth-trunk10

[GXNN-HW9312]quit

[GXNN-HW9312] int g11/0/47

[GXNN-HW9312-GigabitEthernet11/0/47]eth-trunk10

[GXNN-HW9312]quit

[GXNN-HW9312]int GigabitEthernet 11/0/32

[GXNN-HW9312-GigabitEthernet11/0/32]port trunk allow-pass vlan 800 //上联口允许网管vlan800通过

[GXNN-HW9312-GigabitEthernet11/0/32]quit

2、 配置北湖交换机，修改上行ETH-1允许通过的vlan 8 401 800 3006 to 3008 3010 (401是临时管理OLT的vlan)

interface Eth-Trunk1

description TO-ZhongMeng-S9312-Eth-Trunk10

undo port trunk allow-pass vlan 8 50 60 to 600 800

port trunk allow-pass vlan 8 401 800 3006 to 3008 3010

quit

int eth-2

undo port trunk allow-pass vlan 100 to 1000

port trunk allow-pass vlan 800 3006

quit

int g2/0/3

port link-type hybrid

port hybrid untag vlan 3007

port vlan-stacking vlan 101 to 116 stack-vlan 3007

port vlan-stacking vlan 300 stack-vlan 3007

quit

int g2/0/11

port link-type hybrid

port hybrid tag vlan 800

port hybrid untag vlan 3008

port vlan-stacking vlan 101 to 116 stack-vlan 3008

quit

int g2/0/12

port link-type hybrid

port hybrid tag vlan 800 3010

port hybrid untag vlan 3010

port vlan-stacking vlan 101 to 117 stack-vlan 3010

port vlan-stacking vlan 300 stack-vlan 3010

quit

3、 对北湖C300进行qinq配置，并对上行口gei_1/19/1和gei_1/20/1进行链路聚合，强制全双工千兆(修改全双工模式要注意不要中断设备，需起另一个管理vlan在另一个口上，通过上层设备telnet到c300)

在C300上

interface gei_1/20/1

no negotiation auto

speed 1000

duplex full

description BeiHu-9303-g2/0/17 //描述上联到哪里

switchport mode hybrid

switchport vlan 401 800 3006 tag //800是网管VLAN 401是临时vlan ip192.168.200.2/24 为防止改19/1口中断临时用，完成后删除

ex

interface gei_1/19/1

no negotiation auto //如果这里改断了用另一个IP登陆192.168.200.2/24 需在北湖9303起IP

speed 1000

duplex full

description BeiHu-9303-g2/0/16 //描述上联到哪里

switchport mode hybrid

switchport vlan 401 800 3006 tag

ex

no smartgroup1

int smartgroup1

switchport mode hybrid

switchport vlan 401 800 3006 tag

ex

interface gei_1/19/1

smartgroup 1 mode on //把19槽第一口加入链路聚合组1中

ex

interface gei_1/20/1

smartgroup 1 mode on //把20槽第一口加入链路聚合组1中

ex

一、修改认证模式为hybrid认证

con t

epon

onu-authentication-mode service 1/2 hybrid unknown-onu-reject disable

ex

/配置vlan-smart-qinq规则/

vlan-smart-qinq enable //全局qinq打开

vlan-smart-qinq ingress-port epon-olt_1/2/1 cvlan 100 to 1000 svlan 3006（PPPOE业务, 100 to

1000是内层VLAN 3006是外层VLAN）

vlan-smart-qinq ingress-port epon-olt_1/2/2 cvlan 100 to 1000 svlan 3006

vlan-smart-qinq ingress-port epon-olt_1/2/3 cvlan 100 to 1000 svlan 3006

vlan-smart-qinq ingress-port epon-olt_1/2/4 cvlan 100 to 1000 svlan 3006

vlan-smart-qinq ingress-port epon-olt_1/2/5 cvlan 100 to 1000 svlan 3006

vlan-smart-qinq ingress-port epon-olt_1/2/6 cvlan 100 to 1000 svlan 3006

vlan-smart-qinq ingress-port epon-olt_1/2/7 cvlan 100 to 1000 svlan 3006

vlan-smart-qinq ingress-port epon-olt_1/2/8 cvlan 100 to 1000 svlan 3006

int epon-olt_1/2/1

vlan-smart-qinq enable //进入接口打开QinQ规则

ex

ex

save //保存

最后需在5200G上起用户认证

interface GigabitEthernet2/0/1.3006

pppoe-server bind Virtual-Template 1

description TO-BH-9303_2/0/3-TO-BH-C300

user-vlan 101 1000 qinq-vlan 3006

bas

access-type layer2-subscriber default-domain authentication seehu

#

interface GigabitEthernet2/0/1.3007

pppoe-server bind Virtual-Template 1

description TO-BH-9303_2/0/3-USER

user-vlan 101 1000 qinq-vlan 3007

bas

access-type layer2-subscriber default-domain authentication seehu

#

interface GigabitEthernet2/0/1.3008

pppoe-server bind Virtual-Template 1

description TO-BH-9303_2/0/12-TO-BH-SW1

user-vlan 101 1000 qinq-vlan 3008

bas

access-type layer2-subscriber default-domain authentication seehu

#

interface GigabitEthernet2/0/1.3010

pppoe-server bind Virtual-Template 1

description TO-BH-9303_2/0/12-TO-BH-SW2

user-vlan 101 1000 qinq-vlan 3010

bas

access-type layer2-subscriber default-domain authentication seehu

#

interface GigabitEthernet2/0/1.800

vlan-type dot1q 800

description to-BEIHU-admin

ip address 10.137.2.1 255.255.255.128

#

2024年2月19日发(作者：戈璧)

1． 需求：北湖OLT原来通过北湖华为9303到bras进行认证上网，如今由于业务扩展，bras接口不够用需腾出北湖交换机直连bras的接口用作他用。

2． 拓扑图：

3． 方案：

① 计划把北湖9303与bras 5200G的链路做二层透传割接到中盟9312，再由中盟9312透传至bras 5200G认证上网。

具体实施如下：

1、 配置中盟9312的g11/0/46、g11/0/47做链路汇聚Eth-10对接原北湖Eth-1，放通下带用户原网管vlan

8 800和业务外层vlan 3006 3007 3008 3010

在中盟9312上：

[GXNN-HW9312]interface Eth-Trunk10

[GXNN-HW9312-Eth-Trunk10]description TO-BeiHu-S9303-Eth-Trunk1

[GXNN-HW9312-Eth-Trunk10]port link-type trunk

[GXNN-HW9312-Eth-Trunk10]port trunk allow-pass vlan 8 800 3006 to 3008 3010

[GXNN-HW9312-Eth-Trunk10]quit

[GXNN-HW9312]int g11/0/46

[GXNN-HW9312-GigabitEthernet11/0/46]eth-trunk10

[GXNN-HW9312]quit

[GXNN-HW9312] int g11/0/47

[GXNN-HW9312-GigabitEthernet11/0/47]eth-trunk10

[GXNN-HW9312]quit

[GXNN-HW9312]int GigabitEthernet 11/0/32

[GXNN-HW9312-GigabitEthernet11/0/32]port trunk allow-pass vlan 800 //上联口允许网管vlan800通过

[GXNN-HW9312-GigabitEthernet11/0/32]quit

2、 配置北湖交换机，修改上行ETH-1允许通过的vlan 8 401 800 3006 to 3008 3010 (401是临时管理OLT的vlan)

interface Eth-Trunk1

description TO-ZhongMeng-S9312-Eth-Trunk10

undo port trunk allow-pass vlan 8 50 60 to 600 800

port trunk allow-pass vlan 8 401 800 3006 to 3008 3010

quit

int eth-2

undo port trunk allow-pass vlan 100 to 1000

port trunk allow-pass vlan 800 3006

quit

int g2/0/3

port link-type hybrid

port hybrid untag vlan 3007

port vlan-stacking vlan 101 to 116 stack-vlan 3007

port vlan-stacking vlan 300 stack-vlan 3007

quit

int g2/0/11

port link-type hybrid

port hybrid tag vlan 800

port hybrid untag vlan 3008

port vlan-stacking vlan 101 to 116 stack-vlan 3008

quit

int g2/0/12

port link-type hybrid

port hybrid tag vlan 800 3010

port hybrid untag vlan 3010

port vlan-stacking vlan 101 to 117 stack-vlan 3010

port vlan-stacking vlan 300 stack-vlan 3010

quit

3、 对北湖C300进行qinq配置，并对上行口gei_1/19/1和gei_1/20/1进行链路聚合，强制全双工千兆(修改全双工模式要注意不要中断设备，需起另一个管理vlan在另一个口上，通过上层设备telnet到c300)

在C300上

interface gei_1/20/1

no negotiation auto

speed 1000

duplex full

description BeiHu-9303-g2/0/17 //描述上联到哪里

switchport mode hybrid

switchport vlan 401 800 3006 tag //800是网管VLAN 401是临时vlan ip192.168.200.2/24 为防止改19/1口中断临时用，完成后删除

ex

interface gei_1/19/1

no negotiation auto //如果这里改断了用另一个IP登陆192.168.200.2/24 需在北湖9303起IP

speed 1000

duplex full

description BeiHu-9303-g2/0/16 //描述上联到哪里

switchport mode hybrid

switchport vlan 401 800 3006 tag

ex

no smartgroup1

int smartgroup1

switchport mode hybrid

switchport vlan 401 800 3006 tag

ex

interface gei_1/19/1

smartgroup 1 mode on //把19槽第一口加入链路聚合组1中

ex

interface gei_1/20/1

smartgroup 1 mode on //把20槽第一口加入链路聚合组1中

ex

一、修改认证模式为hybrid认证

con t

epon

onu-authentication-mode service 1/2 hybrid unknown-onu-reject disable

ex

/配置vlan-smart-qinq规则/

vlan-smart-qinq enable //全局qinq打开

vlan-smart-qinq ingress-port epon-olt_1/2/1 cvlan 100 to 1000 svlan 3006（PPPOE业务, 100 to

1000是内层VLAN 3006是外层VLAN）

vlan-smart-qinq ingress-port epon-olt_1/2/2 cvlan 100 to 1000 svlan 3006

vlan-smart-qinq ingress-port epon-olt_1/2/3 cvlan 100 to 1000 svlan 3006

vlan-smart-qinq ingress-port epon-olt_1/2/4 cvlan 100 to 1000 svlan 3006

vlan-smart-qinq ingress-port epon-olt_1/2/5 cvlan 100 to 1000 svlan 3006

vlan-smart-qinq ingress-port epon-olt_1/2/6 cvlan 100 to 1000 svlan 3006

vlan-smart-qinq ingress-port epon-olt_1/2/7 cvlan 100 to 1000 svlan 3006

vlan-smart-qinq ingress-port epon-olt_1/2/8 cvlan 100 to 1000 svlan 3006

int epon-olt_1/2/1

vlan-smart-qinq enable //进入接口打开QinQ规则

ex

ex

save //保存

最后需在5200G上起用户认证

interface GigabitEthernet2/0/1.3006

pppoe-server bind Virtual-Template 1

description TO-BH-9303_2/0/3-TO-BH-C300

user-vlan 101 1000 qinq-vlan 3006

bas

access-type layer2-subscriber default-domain authentication seehu

#

interface GigabitEthernet2/0/1.3007

pppoe-server bind Virtual-Template 1

description TO-BH-9303_2/0/3-USER

user-vlan 101 1000 qinq-vlan 3007

bas

access-type layer2-subscriber default-domain authentication seehu

#

interface GigabitEthernet2/0/1.3008

pppoe-server bind Virtual-Template 1

description TO-BH-9303_2/0/12-TO-BH-SW1

user-vlan 101 1000 qinq-vlan 3008

bas

access-type layer2-subscriber default-domain authentication seehu

#

interface GigabitEthernet2/0/1.3010

pppoe-server bind Virtual-Template 1

description TO-BH-9303_2/0/12-TO-BH-SW2

user-vlan 101 1000 qinq-vlan 3010

bas

access-type layer2-subscriber default-domain authentication seehu

#

interface GigabitEthernet2/0/1.800

vlan-type dot1q 800

description to-BEIHU-admin

ip address 10.137.2.1 255.255.255.128

#