Table of Contents
Advertisement
Configuring ISG Control Policies
3.
Note
Traffic policies are another type of policy used by ISG. Traffic policies define the handling of data
packets and are configured in service policy maps or service profiles. For more information about traffic
policies, see the
Differentiated Initial Policy Control
Authentication failure for a subscriber may happen for an access-reject (which means a RADIUS server
responded with a Reject) or due to an access request timeout (RADIUS server is unreachable).
Using ISG control policies, and actions configured for the 'radius-timeout' and 'access-reject' events, the
system can distinguish between the different reasons for an authentication failure. Different events are
thrown by the system (for example, a received authentication reject or an unavailable RADIUS server
event). This allows the control policy to specify different actions for each type of authentication failure.
For example, if the RADIUS server is down or unreachable, temporary access can be given to
subscribers.
This feature is available only for IP-based sessions for subscriber authentication. This feature does not
support the Point-to-Point Protocol over Ethernet (PPPoE) sessions.
Uses of Control Policies
Use control policies to configure an ISG to perform specific actions in response to specific events and
conditions. For example, control policies could be used for the following purposes:
•
•
•
•
•
•
Apply the control policy map.
A control policy map is activated by applying it to a context. A control policy map can be applied
to one or more of the following types of contexts. In the following list, the context types are listed
in order of precedence. For example, a control policy map that is applied to a PVC takes precedence
over a control policy map that is applied to an interface.
–
Virtual template
–
Subinterface
–
Interface
–
Global
In general, control policy maps that are applied to more specific contexts take precedence over
policy maps applied to more general contexts.
"Configuring ISG Subscriber
To activate a default service when a subscriber session is first detected
To sequence the gathering of subscriber identity, where a control protocol exists on the access side
To determine how the system responds to an idle timeout or to a subscriber who has run out of credit
To enable transparent auto logon, which enables authorization on the basis of an IP address or MAC
address
To configure the maximum amount of time a session can remain unauthenticated
To send periodic session state information to other devices
Information About ISG Control Policies
Services" module.
3
Hide quick links:
Advertisement
Chapters
Table of Contents
