Page 1
Cisco 10000 Series Router Access Network Control Protocol Configuration Guide August 2008 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Text Part Number: OL-14660-03...
Page 2
You can determine whether your equipment is causing interference by turning it off. If the interference stops, it was probably caused by the Cisco equipment or one of its peripheral devices. If the equipment causes interference to radio or television reception, try to correct the interference by using one or more of the following measures: •...
Page 5
Modifying the Active Session QoS Policy Using RADIUS 5-16 Configuring QoS Actions on a Traffic Class 5-16 Removing Classes and QoS Actions 5-17 QoS Parameterization in VSA 250/252 5-17 Cisco 10000 Series Router Access Network Control Protocol Configuration Guide OL-14660-03...
Page 6
RADIUS Attributes RADIUS Attributes 250 and 252 Cisco VSA 1 Parameterized QoS Policy as VSA 1—Earlier Releases Parameterized QoS Policy as VSA 1—Release 12.2(31)ZV2 Add-Class Primitive Remove Class Primitive Cisco 10000 Series Router Access Network Control Protocol Configuration Guide OL-14660-03...
Page 7
Configuring Per-Service Accounting 7-12 Enabling Per-Service Accounting on the ISG 7-13 Configuring RADIUS for Service Activation and Deactivation 7-13 Configuration Example of Per-Service Accounting 7-14 QoS Service Accounting 7-14 Cisco 10000 Series Router Access Network Control Protocol Configuration Guide OL-14660-03...
Page 8
7-16 Configuration Examples for Setting the ANCP Corrected Rate 7-17 Verifying Traffic Accounting 7-18 Verification Example for ATM Overhead Accounting 7-19 ANCP Command Reference N D E X Cisco 10000 Series Router Access Network Control Protocol Configuration Guide viii OL-14660-03...
Cisco 10000 series router and describes how to configure them. Cross-platform features that function on the Cisco 10000 series router as they do on other supported platforms, and platform-independent features that are supported on the Cisco 10000 series router are described in the general Cisco IOS documentation.
Braces within square brackets ( [{}] ) indicate a required choice within an optional element. • Note Means take note. Notes contain helpful suggestions or references to material not covered in the guide. Cisco 10000 Series Router Access Network Control Protocol Configuration Guide OL-14660-03...
Page 11
Obtaining Documentation and Submitting a Service Request For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html...
Page 12
About This Guide Obtaining Documentation and Submitting a Service Request Cisco 10000 Series Router Access Network Control Protocol Configuration Guide OL-14660-03...
Use Cisco Feature Navigator to find information about Cisco IOS software image and platform support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions.
To run ANCP over Transmission Control Protocol (TCP), IP must be enabled on broadband remote access servers. Cisco IOS Release 12.2(15)BX supports interactions with the RADIUS server from the broadband remote access server (BRAS) to RADIUS. Interactions from RADIUS to the BRAS are not required for ANCP and are dependent on the RADIUS server.
Chapter 1 Access-Network Control Protocol Access-Network Control Protocol Description Cisco IOS Release 12.2(28)ZV supports shaping for rate adaptive mode on the Cisco 10000 series router Note at the interface level only. The Cisco IOS Release 12.2(34)SB supports both Ethernet and Asynchronous Tranfer Mode (ATM) as the medium for data transfer between the DSLAM and the broadband remote access server.
GSMP detects whether the router and the DSLAM have retained a local information database state in case of a transport failure, or whether both devices require a state update. Cisco 10000 Series Router Access Network Control Protocol Configuration Guide OL-14660-03...
Assigns an IP address and subnet mask to the interface. ip address address mask Example: Router(config-if)# ip address 10.16.1.2 255.255.0.0 Step 5 Creates or modifies a subinterface. Enters subinterface interface type number.subinterface configuration mode. Example: Router(config-if)# interface FastEthernet1/0/0.1 Cisco 10000 Series Router Access Network Control Protocol Configuration Guide OL-14660-03...
Use the following procedure to map DSLAM ports to VLAN interfaces on the BRAS. SUMMARY STEPS enable configure terminal ancp atm shaper percent-factor factor interface interface encapsulation dot1q vlan-id ancp neighbor name dslam-name id dslam-id client-ID "Access-Node-Identifier” Cisco 10000 Series Router Access Network Control Protocol Configuration Guide OL-14660-03...
PVC and a DSLAM port. Use the following procedure to map DSLAM ports to PVC interfaces on the BRAS. SUMMARY STEPS enable configure terminal ancp atm shaper percent-factor factor interface atm slot/subslot/port.subinterface Cisco 10000 Series Router Access Network Control Protocol Configuration Guide OL-14660-03...
Page 22
(PVCs). Use this command in the subinterface configuration mode. range pvc {start-vpi/start-vci} {end-vpi/end-vci} pvc-in-range:configures an individual (PVC) within a • PVC range. Example: Router(config-subif)# range pvc 9/100 9/102 pvc-in-range vpi/vci Example: Router(config-if-atm-range)# pvc-in-range 9/100 Cisco 10000 Series Router Access Network Control Protocol Configuration Guide 1-10 OL-14660-03...
ATM subinterface 2/0/1.1. interface ATM2/0/0.1 point-to-point description ANCP Link to one DSLAM no ip mroute-cache ip address 192.168.0.2 255.255.255.252 pvc 254/32 protocol ip 192.168.0.1 ancp enable Cisco 10000 Series Router Access Network Control Protocol Configuration Guide 1-11 OL-14660-03...
The following is an example of the CLI when the ancp neighbor command is globally configured: interface ATM1/0/0.1 multipoint description TDSL clients - default TDSL 1024 class-int speed:ubr:1184:160:10 range pvc 10/41 10/160 service-policy input SET-PRECEDENCE-0 Cisco 10000 Series Router Access Network Control Protocol Configuration Guide 1-13 OL-14660-03...
IEEE 802.1Q-in-Q VLAN Tag Termination, Release 12.3T Standards Standard Title No new or modified standards are supported by this — feature, and support for existing standards was not modified by this feature. Cisco 10000 Series Router Access Network Control Protocol Configuration Guide 1-14 OL-14660-03...
Registered Cisco.com users can log in from this page to access more content. Cisco 10000 Series Router Access Network Control Protocol Configuration Guide 1-15 OL-14660-03...
Access-Network Control Protocol Command Reference Command Reference This section contains information about the new command: ancp vdsl ethernet shaper • For more commands, see ANCP Command Reference, page A-1. Cisco 10000 Series Router Access Network Control Protocol Configuration Guide 1-16 OL-14660-03...
Page 29
Command History Release Modification 12.2(28)ZV2 This command was introduced and implemented on the Cisco 10000 series router. Usage Guidelines You must define the Access-Loop-Circuit-ID in the dot1q command for the router to adjust the downstream shaping rate. The syntax of the Access-Loop-Circuit-ID is: Aynchronous Transfer Mode/Digital Subscriber Line "Access-Node-Identifier atm slot/port:vpi.vci"...
Page 30
Related Commands Command Description ancp adjacency timer Specifies the interval between ANCP hello messages. ancp enable Enables ANCP. ancp neighbor Specifies the ANCP access node neighbor (DSLAM). Cisco 10000 Series Router Access Network Control Protocol Configuration Guide 1-18 OL-14660-03...
Use Cisco Feature Navigator to find information about Cisco IOS software image and platform support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions.
IEEE 802.1Q-in-Q VLAN Tag Termination, Release 12.3T Standards Standard Title No new or modified standards are supported by this — feature, and support for existing standards was not modified by this feature. Cisco 10000 Series Router Access Network Control Protocol Configuration Guide OL-14660-03...
Command Modes Global configuration. Command History Release Modification 12.2(28)ZV2 This command was introduced and implemented on the Cisco 10000 series router. Cisco 10000 Series Router Access Network Control Protocol Configuration Guide OL-14660-03...
Page 35
Global configuration. Command History Release Modification 12.2(28)ZV2 This command was introduced and implemented on the Cisco 10000 series router. Examples The following example shows sample output that appears when you enter the show ancp neighbor port statistics command: Remote Peer Line Statistics...
Global configuration. Command History Release Modification 12.2(28)ZV2 This command was introduced and implemented on the Cisco 10000 series router. Examples The following example shows sample output that appears when you enter the show ancp port statistics command: ANCP Port Statistics...
Command Modes Global configuration. Command History Release Modification 12.2(28)ZV2 This command was introduced and implemented on the Cisco 10000 series router. Examples The following example shows sample output that appears when you enter the show ancp session command: ANCP Session Statistics...
Global configuration. Command History Release Modification 12.2(28)ZV2 This command was introduced and implemented on the Cisco 10000 series router. Examples The following example shows sample output that appears when you enter the show ancp session adjacency name mac-address command: Remote AddressStateHello IntervalInterface...
Global configuration. Command History Release Modification 12.2(28)ZV2 This command was introduced and implemented on the Cisco 10000 series router. Examples The following example shows sample output that appears when you enter the show ancp event port client-ID "Access-Loop-Circuit-ID" command: Local/Remote...
Command Modes Global configuration. Command History Release Modification 12.2(28)ZV2 This command was introduced and implemented on the Cisco 10000 series router. Examples The following example shows sample output that appears when you enter the show ancp statistics command: Local Port Statistics...
Access-Accept message which have been activated are deactivated. For Cisco IOS Release 12.2(31)ZV only, a specific format has been adopted to nominate QoS policies in a VSA 250 message. Cisco 10000 Series Router Access Network Control Protocol Configuration Guide...
If the target session is an ATM VC, the ISG interprets the VC weight (vc-weight), the minimum VC watermark (vc-watermark-min), and the maximum VC watermark (vc-watermark-max) attributes. The following example shows the concatenated QoS syntax for VSA 250: Cisco 10000 Series Router Access Network Control Protocol Configuration Guide OL-14660-03...
Configuration Example for Enabling Multiservice Activation on the Router The following sample configuration shows how to enable multiservice activation for RADIUS Access-Accept messages: ip dhcp class MY_DHCP ip cef subscriber service multiple-accept Cisco 10000 Series Router Access Network Control Protocol Configuration Guide OL-14660-03...
217.89.29.149 port 80 Configuring RADIUS for Service Activation and Deactivation Configure Cisco VSA 250 in the service profile on RADIUS to dynamically activate and deactivate services using Access-Accept messages. This VSA has the following syntax: 250 "service(parameter1=value,parameter1=value,...)"...
The syntax is used to activate or deactivate ISG service and the QoS policy by parsing the VSA 252 concatenated string. ISG manages multiple QoS services in one Access-Accept or CoA message and applies the message to Note activate static and parameterized QoS. Cisco 10000 Series Router Access Network Control Protocol Configuration Guide OL-14660-03...
Activating and Deactivating QoS Services Using VSA 252, page 3-7 Activating a Session Service Using CoA Configure Cisco VSA 252 in the service profile on RADIUS to dynamically activate a session service with CoA. RADIUS uses VSA 252 in CoA messages with the following syntax:...
Deactivating a Session Service Using CoA and a Default QoS Policy on a Virtual Template To dynamically activate a session service using CoA, configure Cisco VSA 252 in the RADIUS service profile. RADIUS uses VSA 252 in CoA messages with the following syntax:...
Page 48
Chapter 3 Dynamic Multiservice Activation and Deactivation Multiservice Activation or Deactivation in CoA Message Cisco 10000 Series Router Access Network Control Protocol Configuration Guide OL-14660-03...
12.2(31)ZV2 information. Finding Feature Information in This Module Your Cisco IOS software release may not support all features. To find information about feature support and configuration and platform requirements, use the “Feature Information for Redirecting ISG Subscriber Traffic” section on page 4-12.
Redirected packets are sent to an individual redirect server or redirect server group that consists of one or more servers. ISG selects one server from the group in a rotating fashion to receive the redirected packets. Cisco 10000 Series Router Access Network Control Protocol Configuration Guide OL-14660-03...
Configuring Layer 4 Redirection in a Service Policy Map, page 4-6 • Configuring Layer 4 Redirection in a Service or User Profile on the AAA Server, page 4-7 • Verifying ISG Traffic Redirection, page 4-7 • Cisco 10000 Series Router Access Network Control Protocol Configuration Guide OL-14660-03...
Configuring Layer 4 Redirection on an Interface Perform this task to redirect all matching Layer 4 subscriber traffic that arrives on an interface. SUMMARY STEPS enable configure terminal interface type number ip subscriber identifier interface Cisco 10000 Series Router Access Network Control Protocol Configuration Guide OL-14660-03...
Page 53
{group server-group-name | ip Redirects specified traffic to a specified server or server ip-address [port port-number]} [duration group. seconds] [frequency seconds] Example: Router(config-if)# redirect to group advt-server duration 30 frequency 3600 Cisco 10000 Series Router Access Network Control Protocol Configuration Guide OL-14660-03...
Step 5 Redirects traffic to a specified server or server group. redirect to {group server-group-name | ip ip-address [port port-number]} [duration seconds] [frequency seconds] Example: Router(config-service-policymap-class-traffic)# redirect to ip 10.10.10.10 Cisco 10000 Series Router Access Network Control Protocol Configuration Guide OL-14660-03...
Configuring Layer 4 Redirection in a Service or User Profile on the AAA Server The Layer 4 Redirect feature can be configured as a Cisco vendor-specific attribute (VSA) in a user or service profile on an authentication, authorization, and accounting (AAA) server. This attribute can appear more than one time in a profile to define different types of redirections for a session and can be used in both user and service profiles simultaneously.
TCP traffic to the server group called PORTAL. At account log-in, the subscriber is authenticated and the redirection is unapplied. Service-policy type control DEFAULT-IP-POLICY policy-map type control DEFAULT-IP-POLICY Cisco 10000 Series Router Access Network Control Protocol Configuration Guide OL-14660-03...
1 service-policy type service unapply name svc 2 service-policy type service name svc-rdt class-map type control match-all cond-svc-logon match identifier service-name svc redirect server-group PORTAL server ip 10.2.36.253 port 80 Cisco 10000 Series Router Access Network Control Protocol Configuration Guide 4-10 OL-14660-03...
The following example shows how to redirect all subscriber DNS packets to the server group DNS-server. service-policy type control DNS-rdt policy-map type control DNS-rdt class type control event session-start Cisco 10000 Series Router Access Network Control Protocol Configuration Guide 4-11 OL-14660-03...
If you are looking for information on a feature in this technology that is not documented here, see the Intelligent Service Gateway Features Roadmap. Not all commands may be available in your Cisco IOS software release. For details on when support for specific commands was introduced, see the command reference documents.
Page 61
Feature Information for Redirecting ISG Subscriber Traffic Table 4-1 lists only the Cisco IOS software release that introduced support for a feature in a Cisco IOS Note software release train. Unless noted otherwise, later releases of that Cisco IOS software release train also support that feature.
Page 62
Chapter 4 Redirecting Subscriber Traffic Using Intelligent Service Gateway Layer 4 Redirect Feature Information for Redirecting ISG Subscriber Traffic Cisco 10000 Series Router Access Network Control Protocol Configuration Guide 4-14 OL-14660-03...
• Parameterized Services Parameterized services enable the Cisco 10000 series router, acting as the ISG, to create and apply dynamic service policies to subscriber sessions. Dynamic policies make it possible to deploy consistent, tailored, and secure user services in the network that are triggered by the subscriber or the service.
RADIUS server uses Access-Accept and CoA messages to notify the ISG to dynamically configure and activate services, deactivate services, or implement parameterized QoS settings in a service policy. Cisco VSAs 250 and 252, defined in RADIUS profiles, control the following QoS operations related to the ANCP: Adding and removing classes •...
Page 65
RADIUS, a hierarchical policy must exist for the subscriber session or subinterface. The following sections describe a two-level hierarchical policy-map at the session level and shaping at the subinterface level: Session Level Policy, page 5-4 • Subinterface Level Policy, page 5-4 • Cisco 10000 Series Router Access Network Control Protocol Configuration Guide OL-14660-03...
This policy-map shapes traffic on the subinterface to 512000 kbps. Example 5-3 QoS policy-map at the Subinterface Level Router(config)# policy-map physical_ancp_shaper Router(config-pmap)# class class-default Router(config-pmap-c)# shape average 512000 Cisco 10000 Series Router Access Network Control Protocol Configuration Guide OL-14660-03...
The default values for the RADIUS VSA parameters are the same as the default values for the equivalent modular QoS CLI (MQC) commands. Traffic Class Parameterized Actions Table 5-1 lists the QoS actions supported for parameterization of a traffic class and the corresponding RADIUS attribute syntax. Cisco 10000 Series Router Access Network Control Protocol Configuration Guide OL-14660-03...
Page 68
Range is from 1000 to 512000000. If the excess burst is not specified, it is calculated from the normal burst value using the following formula: Excess burst = 2 * normal burst Cisco 10000 Series Router Access Network Control Protocol Configuration Guide OL-14660-03...
The IP address of the interface is automatically configured from the DHCP pool specified in name. ip portbundle ip portbundle Enables the Intelligent Service Gateway (ISG) Port-Bundle Host Key feature for a service. Cisco 10000 Series Router Access Network Control Protocol Configuration Guide OL-14660-03...
Page 70
(Optional) l4freq val is the period of time, in seconds, between activations of redirection. Cisco 10000 Series Router Access Network Control Protocol Configuration Guide OL-14660-03...
Page 71
Provides virtual private dialup network (VPDN) vpdn-group-name service for Intelligent Service Gateway (ISG) subscriber sessions. vpdn-group-name or svc_vpdn provides the VPDN service by obtaining the configuration from the specified predefined VPDN group. Cisco 10000 Series Router Access Network Control Protocol Configuration Guide OL-14660-03...
Valid values are from 1 to 100. Cisco 10000 Series Router Access Network Control Protocol Configuration Guide 5-10 OL-14660-03...
Page 73
1. Level 1 specifies that low latency behavior must be given to the traffic class. The high-level queues are serviced until empty before the next-level queues and nonpriority queues. Cisco 10000 Series Router Access Network Control Protocol Configuration Guide 5-11 OL-14660-03...
Page 74
DSCP value. The following reserved keywords can be specified instead of numeric values: • EF (expedited forwarding) • AF11 (assured forwarding class AF11) AF12 (assured forwarding class AF12) • Cisco 10000 Series Router Access Network Control Protocol Configuration Guide 5-12 OL-14660-03...
• preconfigured on an ISG. A QoS policy must have an active session before using the Cisco VSA to modify the QoS policy. If • there is an active QoS policy in the specified direction, an error message is relayed.
Chapter 5 Dynamic Service Policy Modifications Configuring Parameterized Services Cisco VSAs used for parameterized services do not support all QoS actions and do not support all • variations of the supported actions. For information on the supported actions, see the “Parameterized...
Dynamic Service Policy Modifications Configuring Parameterized Services Redirecting Services To execute Layer 4 redirect actions, Cisco VSA 252 is used in CoA messages. VSA uses the following syntax for parameterized Layer 4 (L4) redirect messages: 252 binary 0b suffix "l4redirect(parameter1=value,parameter2=value,...)"...
= "<policy-type>=<command> 9<parameter1>,...,<parametern>" The Cisco VSA 1 is used to add and remove classes and QoS actions to and from the QoS policy that is currently active on a session, and has the following format:...
To prevent RADIUS server from fragmenting the VSA string, use the AAA recommended string of 252 bytes. To accommodate multiple ISG and QoS services commands in a 252-byte string, described in the following sections: Cisco 10000 Series Router Access Network Control Protocol Configuration Guide 5-17 OL-14660-03...
Use a semicolon to delimit each parameterized QoS command in a single string. q-p-out=((c-d,voip)2(200000,9216,0,1,0,0)3(5));q-p-in=((c-d,voip-control)2(112000,9216,0,1 ,0,0)3(6)) Action Encoding The following table lists the nine actions implemented in DT ANCP Phase3/4, encoded in digits: Action Name Encoding Shape Police set-ip-prec set-cos Cisco 10000 Series Router Access Network Control Protocol Configuration Guide 5-18 OL-14660-03...
VSA(9-1): "ip:sub-qos-policy-in=policy-in” VSA(9-1): "ip:sub-qos-policy-out=policy-out” VSA(9-1): "qos-policy-out=add-class(sub,(class-default),shape(2000000))" VSA(9-1): "qos-policy-in=add-class(sub,(class-default),police(256000))" VSA(9-250): "ARateLimitAccounting" In the service accounting Start-Stop message, the following information is relayed: VSA(9-1): "qos-policy-out=add-class(sub,(class-default),shape(2000000))" VSA(9-1): "qos-policy-in=add-class(sub,(class-default),police(256000))" VSA(9-251): "NRateLimitAccounting" Cisco 10000 Series Router Access Network Control Protocol Configuration Guide 5-19 OL-14660-03...
Parent1 with the modified parameters: policy-map child1 class voip priority level 1 police 100000 class video priority level 2 shape 2000000 policy-map Parent1 class class-default shape average 4000000 service-policy child1 Cisco 10000 Series Router Access Network Control Protocol Configuration Guide 5-20 OL-14660-03...
Parent3, which the ISG modifies by adding the voip class to the Child3 policy-map and setting the VoIP policing rate to 100,000 bps. The ISG then applies the transient Parent3 policy to the session. policy-map child3 class voip police 100000 class video Cisco 10000 Series Router Access Network Control Protocol Configuration Guide 5-21 OL-14660-03...
ISG MQC Command set cos cos-value RADIUS VSA Action Parameter set-cos(cos-val) Example: RADIUS VSA qos-policy-out:add-class(sub,(class-default,voip),set-cos(5)) Modifying the IP DSCP ISG MQC Command set dscp dscp-value RADIUS VSA Action Parameter set-ip-dscp(dscp-val) Cisco 10000 Series Router Access Network Control Protocol Configuration Guide 5-24 OL-14660-03...
If you do not specify a policy-map-name, the command displays the configuration of all policy-maps configured on the router. Cisco 10000 Series Router Access Network Control Protocol Configuration Guide 5-25 OL-14660-03...
For example: aaa connect-info subscriber_specific_info The router copies the specified string to Attribute 77 and includes it in Access-Request and Accounting-Start and Stop messages, as appropriate. Cisco 10000 Series Router Access Network Control Protocol Configuration Guide 5-26 OL-14660-03...
10/42 and 10/43 and the aaa connect-info command is configured on PVC 10/42: interface ATM1/0/0.1 multipoint description TDSL clients - default TDSL 1024 no ip mroute-cache class-int speed:ubr:1184:160:10 range pvc 10/41 10/160 Cisco 10000 Series Router Access Network Control Protocol Configuration Guide 5-27 OL-14660-03...
Page 90
Attribute 77. For PVC 10/43, the router takes the class name (speed:ubr:2303:224:10) specified in the class-vc command and copies it to Attribute 77. Cisco 10000 Series Router Access Network Control Protocol Configuration Guide 5-28 OL-14660-03...
12.2(31)ZV2 information. 12.2(34)SB This feature was integrated into Cisco IOS Release 12.2(34)SB. This chapter describes the RADIUS-based shaping and policing features supported on the Cisco 10000 series router and contains the following topics: RADIUS Attributes, page 6-1 • • Per-Session Shaping Using RADIUS, page 6-5 •...
This VSA has the following format: av-pair = "policy-type=command 9 parameter1 ,...,parametern" Use the following Cisco VSA 1 format to add and remove classes and QoS actions to and from the QoS policy that is currently active on a session:...
• is sub, which indicates the active QoS policy attached to the subscriber session. The Access-Accept or CoA message that includes this attribute must be targeting a subscriber session. Cisco 10000 Series Router Access Network Control Protocol Configuration Guide OL-14660-03...
Remove Class Primitive To remove traffic classes and QoS actions defined in the active QoS policy on a session, use the remove-class primitive. This attribute has the following format: qos-policy-in=remove-class(target,(class-list)) qos-policy-out=remove-class(target,(class-list)) Cisco 10000 Series Router Access Network Control Protocol Configuration Guide OL-14660-03...
Prerequisites for Per-Session Shaping Using RADIUS, page 6-6 • Restrictions for Per-Session Shaping Using RADIUS, page 6-6 • Configuring Per-Session Shaping Using RADIUS, page 6-6 • Configuration Example of Per-Session Shaping, page 6-9 • Cisco 10000 Series Router Access Network Control Protocol Configuration Guide OL-14660-03...
DETAILED STEPS Command Purpose Step 1 Creates or modifies a policy-map. Enters policy-map policy-map policy-map-name configuration mode. policy-map-name is the name of the policy-map. Example: Router(config)# policy-map child Cisco 10000 Series Router Access Network Control Protocol Configuration Guide OL-14660-03...
Page 97
Example: Router(config)# policy-map parent Step 7 Modifies the class-default traffic class. class class-default Example: Router(config-pmap)# class class-default Cisco 10000 Series Router Access Network Control Protocol Configuration Guide OL-14660-03...
Page 98
Step 9 Applies the child policy map to the parent class-default service-policy policy-map-name class. policy-map-name is the name of the child policy map. Example: Router(config-pmap-c)# service-policy child Cisco 10000 Series Router Access Network Control Protocol Configuration Guide OL-14660-03...
RADIUS-Based Shaping and Policing Per-Session Shaping Using RADIUS Configuring Per-Session Shaping on RADIUS To use RADIUS to set the shaping rate for a subscriber session, configure the following Cisco VSA in the user profile on RADIUS: vsa cisco generic 1 string "qos-policy-out=add-class(sub,(class-default), shape(rate))"...
You can configure per-service shaping and policing on class-default classes at the child or grandchild level. Transient policies are not visible in the running-configuration file. Only the original policy configuration is visible. Cisco 10000 Series Router Access Network Control Protocol Configuration Guide 6-10 OL-14660-03...
(CIR) in bits Example: per second. Router(config-pmap-c)# shape average 10000 For information about the shape command options, see the “Configuring a QoS Policy on the ISG” section on page 6-6. Cisco 10000 Series Router Access Network Control Protocol Configuration Guide 6-11 OL-14660-03...
Page 102
Use the following procedure to configure a hierarchical QoS Parent policy with shaping and policing. SUMMARY STEPS policy-map policy-map-name class class-default shape average mean-rate [[burst-size] [excess-burst-size]] [account {qinq | dot1q | user-defined offset} aal5 subscriber-encap] service-policy policy-map-name Cisco 10000 Series Router Access Network Control Protocol Configuration Guide 6-12 OL-14660-03...
Page 103
MPLS label header at the input and/or output interfaces. • set-prec-transmit value—Sets the IP precedence value. • set-qos-transmit value—Sets the qos-group value. • transmit—Transmits the packet. The packet is not altered. Cisco 10000 Series Router Access Network Control Protocol Configuration Guide 6-13 OL-14660-03...
6-1. Configuration Example of Per-Service Shaping The following example configuration shows the Cisco VSA configured on RADIUS and the original hierarchical policy map that is configured on the ISG. When the ISG receives an Access-Accept or CoA message with the following VSA, the ISG first copies the policy map named Parent and then changes the shaping rate of the VoIP class from 5000 bps to 6000 bps.
192.168.6.0 0.0.0.255 permit ip any 192.168.5.7 0.0.0.64 The following Cisco VSA is configured in a user profile on RADIUS. This VSA adds the class-default class to the QoS policy attached to the subscriber session for outbound traffic and shapes the...
192.168.6.0 0.0.0.255 permit ip any 192.168.5.7 0.0.0.64 The following Cisco VSA is configured in a user profile on RADIUS. This VSA adds the class-default class to the QoS policy attached to the subscriber session for outbound traffic and shapes the class-default class to 120,000 bps.
The ISG copies the service policy named Parent currently applied to the session and creates a transient copy named New_Parent to which it makes the appropriate changes. Based on the Cisco VSA included in the CoA message, the ISG changes the shaping rate of the parent class-default class to 120,000 bps.
Page 108
192.168.5.7 0.0.0.64 The following Cisco VSA is configured in a user profile on RADIUS. This VSA changes the policing rate of the Premium class in the Child policy. The Child policy is applied to the class-default class of the Parent policy.
10000 service-policy Child The following Cisco VSA is configured in a user’s profile on RADIUS. This VSA modifies the Premium class of the Child policy, which is applied to the class-default class of the Parent policy. RADIUS Configuration radius subscriber 1048 vsa cisco 250 S192.168.1.10...
The ISG copies the service policy named Parent currently applied to the session and creates a transient copy named New_Parent to which it makes the appropriate changes. Based on the Cisco VSA included in the Access-Accept message, the ISG changes the policing rate of the Premium traffic class from 5000 bps to 200,000 bps.
Page 111
The configuration of the interface you specify that is currently Router# show running-config interface interface configured in the running-config file, including any service policies attached to the interface. Cisco 10000 Series Router Access Network Control Protocol Configuration Guide 6-21 OL-14660-03...
Page 112
Chapter 6 RADIUS-Based Shaping and Policing Verifying RADIUS-Based Shaping and Policing Cisco 10000 Series Router Access Network Control Protocol Configuration Guide 6-22 OL-14660-03...
Verifying Traffic Accounting, page 7-18 Layer 2 Overhead Accounting Layer 2 overhead accounting enables the Cisco 10000 series router, acting as the broadband access system (BRAS), to account for various encapsulation types when applying QoS to packets. This accounting ensures that the actual bandwidth used by packets does not exceed the bandwidth of the subscriber line.
Page 114
For more information about ATM overhead accounting, see the “Traffic Shaping Overhead Accounting for ATM” section in the “Shaping Traffic” chapter of the Cisco 10000 Series Router Quality of Service Configuration Guide http://www.cisco.com/en/US/products/hw/routers/ps133/products_configuration_guide_book09186a00 805b9497.html Cisco 10000 Series Router Access Network Control Protocol Configuration Guide OL-14660-03...
Applying the QoS Policy to a Virtual Template Interface, page 7-7 • Applying the Virtual Template to a PPPoE Profile, page 7-9 Applying the PPPoE Profile to a VLAN Subinterface, page 7-10 • Cisco 10000 Series Router Access Network Control Protocol Configuration Guide OL-14660-03...
Assigns the traffic class you specify to the policy map. class class-map-name Enters policy-map class configuration mode. class-map-name is the name of a previously configured Example: class map. Router(config-pmap)# class data-premium Cisco 10000 Series Router Access Network Control Protocol Configuration Guide OL-14660-03...
Page 117
Valid values are: SNAP-RBE, SNAP-PPPoA, SNAP-PPPoE, and • SNAP-IP MUX-RBE, MUX-PPPoA, MUX-PPPoE, and MUX-IP • Step 6 Exits policy-map class configuration mode. exit Example: Router(config-pmap-c)# exit Cisco 10000 Series Router Access Network Control Protocol Configuration Guide OL-14660-03...
Page 118
Note The router configures the offset size unless you specify the user-defined offset option. aal5 is the ATM Adaptation Layer 5 that supports connection-oriented variable bit rate (VBR) services. Cisco 10000 Series Router Access Network Control Protocol Configuration Guide OL-14660-03...
Page 119
(Optional) ppp authorization [default | list-name] (Optional) ppp accounting [default | list-name] (Optional) ppp authentication {chap | pap | chap pap | pap chap} [if-needed] [list-name | default] [callin] service-policy output policy-map-name exit Cisco 10000 Series Router Access Network Control Protocol Configuration Guide OL-14660-03...
Page 120
(Optional) list-name specifies the name of a list of accounting methods to use. If no list name is specified, the system uses the default. The list is created using the aaa accounting command. Cisco 10000 Series Router Access Network Control Protocol Configuration Guide OL-14660-03...
Use the following procedure to apply the virtual template to a PPPoE profile. SUMMARY STEPS bba-group pppoe {group-name | global} virtual-template number (Optional) sessions per-vlan limit limit (Optional) sessions per-mac limit limit exit Cisco 10000 Series Router Access Network Control Protocol Configuration Guide OL-14660-03...
Applying the PPPoE Profile to a VLAN Subinterface Use the following procedure to apply the PPPoE profile to a VLAN subinterface. SUMMARY STEPS interface type number.subinterface encapsulation dot1q vlan-id [native] pppoe enable group group-name exit Cisco 10000 Series Router Access Network Control Protocol Configuration Guide 7-10 OL-14660-03...
To configure per-service accounting, perform the following configuration tasks: Enabling Per-Service Accounting on the ISG, page 7-13 • Configuring RADIUS for Service Activation and Deactivation, page 7-13 • Cisco 10000 Series Router Access Network Control Protocol Configuration Guide 7-12 OL-14660-03...
Configuring RADIUS for Service Activation and Deactivation Configure Cisco VSA 250 and VSA 252 in the service profile on RADIIUS to dynamically activate and deactivate services. RADIUS uses VSA 250 in Access-Accept and VSA 252 in CoA messages. These VSAs have the following syntax: 252 0b "service(parameter1=value,parameter2=value,...)"...
"ISG-service1" Cisco-AVPair(9,250): "ISG-service2" Cisco-AVPair(9,1): "qos-policy-out=add-class(sub,(class-default),shape(9000000))" If the service accounting is: • Configured for ISG-service1, the router replicates the QoS VSA in the service accounting start record for ISG-service1. Cisco 10000 Series Router Access Network Control Protocol Configuration Guide 7-14 OL-14660-03...
When the BRAS receives a new ANCP-signaled line rate, it checks the Access-Loop-Circuit-ID that the DSLAM sent to determine the subscriber port type. The Access-Loop-Circuit-ID is defined as: ATM/DSL "Access-Node-Identifier atm slot/prt[:vlan-id]" Cisco 10000 Series Router Access Network Control Protocol Configuration Guide 7-15 OL-14660-03...
Also displays the configured fixed correction factor to be applied to the ANCP-signaled ATM line rate for the PRE2. Cisco 10000 Series Router Access Network Control Protocol Configuration Guide 7-18 OL-14660-03...
The BRAS-DSLAM encapsulation is dot1q and the subscriber line encapsulation is snap-rbe based on the AAL3 service. Policy Map unit-test Class class-default Average Rate Traffic Shaping cir 10% account dot1q aal3 snap-rbe Cisco 10000 Series Router Access Network Control Protocol Configuration Guide 7-19 OL-14660-03...
• ancp neighbor • show ancp status • show atm pvc • show caller • subscriber service • test aaa group • clear ancp interface • Cisco 10000 Series Router Access Network Control Protocol Configuration Guide OL-14660-03...
Page 134
• Command History Release Modification 12.2(31)ZV0d This command was introduced on the Cisco IOS 10000 series router. Usage Guidelines Specify characteristics of the subscriber in the command’s string argument to easily recognize policy information for a connection. For example: aaa connect-info subscriber_specific_info The router rejects the command if the string exceeds 64 characters.
Page 135
Attribute 77. show atm class-links vpi/vci Displays the inheritance level at which the aaa connect-info command is configured. show atm pvc vpi/vci Displays the connect-info string, when configured. Cisco 10000 Series Router Access Network Control Protocol Configuration Guide OL-14660-03...
Page 136
Command Modes Subinterface Command History Release Modification 12.2(28)ZV This command was introduced and implemented on the Cisco 10000 series router. 12.2(31)ZV1 This command was modified for Access Network Control Protocol (ANCP), replacing L2CP. Examples The following example shows how to set the interval between ANCP hello messages from the BRAS to the ANCP access node neighbor identified as dslam1.
Page 137
Command Modes Global Command History Release Modification 12.2(28)ZV This command was introduced and implemented on the Cisco 10000 series router. 12.2(31)ZV1 This command was modified for Access Network Control Protocol (ANCP), replacing L2CP. Usage Guidelines The router checks the ancp dsl-type to enable adjustment to the downstream shaping rate.
Page 138
! Related Commands Command Description ancp adjacency timer Specifies the interval between ANCP hello messages. ancp enable Enables ANCP. ancp neighbor Specifies the ANCP access node neighbor (DSLAM). Cisco 10000 Series Router Access Network Control Protocol Configuration Guide OL-14660-03...
Page 139
Interface Subinterface Command History Release Modification 12.2(28)ZV This command was introduced and implemented on the Cisco 10000 series router. 12.2(31)ZV1 This command was modified for Access Network Control Protocol (ANCP), replacing L2CP. Usage Guidelines You must configure the ancp enable command on an interface or subinterface on which IP is configured.
Page 140
Command Modes Global Command History Release Modification 12.2(28)ZV This command was introduced and implemented on the Cisco 10000 series router. 12.2(31)ZV1 This command was modified for Access Network Control Protocol (ANCP), replacing L2CP. Usage Guidelines Use this command when mapping ports between DSL aggregation modems (for example, DSLAMs) and network edge devices in DSL broadband environments.
Page 141
(BRAS). ancp adjacency timer Specifies the interval between ANCP hello messages. ancp enable Enables ANCP. ancp atm shaper Enables ANCP cell tax accounting for ATM U-interface connections. Cisco 10000 Series Router Access Network Control Protocol Configuration Guide OL-14660-03...
Page 142
Command Modes Privileged EXEC Command History Release Modification 12.2(28)ZV This command was introduced and implemented on the Cisco 10000 series router. 12.2(31)ZV1 This command was modified for Access Network Control Protocol (ANCP), replacing L2CP. Examples The following example enables debugging of ANCP errors:...
Page 143
(BRAS), and displays dynamic line conditions. show ancp status Displays ANCP-related information for the ANCP endpoints configured on a broadband remote access server (BRAS) interface. Cisco 10000 Series Router Access Network Control Protocol Configuration Guide A-11 OL-14660-03...
Page 144
ANCP mapping Command History Release Modification 12.2(28)ZV This command was introduced and implemented on the Cisco 10000 series router. 12.2(31)ZV1 This command was modified for Access Network Control Protocol (ANCP), replacing L2CP. Cisco 10000 Series Router Access Network Control Protocol Configuration Guide...
Page 145
GigabitEthernet1/0/1 ip address 10.1.75.123 255.255.255.0 ancp enable interface GigabitEthernet1/0/1.1 encapsulation dot1q 512 second-dot1q 514 ancp neighbor name dslamA id "10.16.3.4" dot1q 512 second-dot1q 514 client-ID "10.16.3.4 ethernet1/0/1.1" Cisco 10000 Series Router Access Network Control Protocol Configuration Guide A-13 OL-14660-03...
Page 146
Specifies the interval between ANCP hello messages. ancp atm shaper Enables ANCP cell tax accounting for ATM U-interface connections. ancp neighbor Specifies the ANCP access node neighbor (DSLAM). Cisco 10000 Series Router Access Network Control Protocol Configuration Guide A-14 OL-14660-03...
Page 147
Usage Guidelines When a user logs into a Cisco router and uses AAA, a unique ID is assigned to the session. Throughout the life of the session, various attributes that are related to the session are collected and stored internally within a AAA database.
Page 148
63CCF138 0 00000001 session-id(293) 4 3(3) 63CCF14C 0 00000001 Framed-Protocol(62) 4 PPP 63CCF160 0 00000001 protocol(241) 4 ip 63CCF174 0 00000001 addr(5) 4 70.0.0.1 No data for type CMD Cisco 10000 Series Router Access Network Control Protocol Configuration Guide A-16 OL-14660-03...
Page 149
Packets that were received before the call was authenticated Pre Paks Out Packets that were transmitted before the call was authenticated Bytes In Bytes that were received after the call was authenticated Cisco 10000 Series Router Access Network Control Protocol Configuration Guide A-17 OL-14660-03...
Page 150
Authen Authentication database General General database PerU Per-User database Related Commands Command Description show aaa sessions Displays information about AAA sessions as seen in the AAA Session MIB. Cisco 10000 Series Router Access Network Control Protocol Configuration Guide A-18 OL-14660-03...
Page 151
Command Modes Global Command History Release Modification 12.2(28)ZV This command was introduced and implemented on the Cisco 10000 series router. 12.2(31)ZV1 This command was modified for Access Network Control Protocol (ANCP), replacing L2CP. Usage Guidelines Use this command when mapping ports between DSL aggregation modems (for example, DSLAMs) and network edge devices in DSL broadband environments.
Page 152
(BRAS). ancp adjacency timer Specifies the interval between ANCP hello messages. ancp enable Enables ANCP. ancp atm shaper Enables ANCP cell tax accounting for ATM U-interface connections. Cisco 10000 Series Router Access Network Control Protocol Configuration Guide A-20 OL-14660-03...
Page 153
Command Modes Privileged EXEC Command History Release Modification 12.2(28)ZV This command was introduced and implemented on the Cisco 10000 series router. 12.2(31)ZV1 This command was modified for Access Network Control Protocol (ANCP), replacing L2CP. Examples The following example shows the status information that appears when you enter the show ancp status...
PVC on the ATM interface. If you include the vpi/vci vaccess detail argument, the command output displays detailed virtual access interface information. The functionality and output of the show atm pvc {interface atm interface-number vpi/vci} command is unchanged. Cisco 10000 Series Router Access Network Control Protocol Configuration Guide A-22 OL-14660-03...
Page 156
AAA Unique ID = 0x00000007, AIE Handle = 0xE7000006 PVC belongs to Multilink PPP Bundle Virtual-Access4 as a PPPoA member link Packets in VC Holdq:0 , Particles in VC Tx Ring:0 Cisco 10000 Series Router Access Network Control Protocol Configuration Guide A-24 OL-14660-03...
Page 158
UBR+—Unspecified bit rate QoS is specified for this PVC. See the ubr+ • command for further information. VBR–NRT—Variable bit rate–non-real-time QoS rates are specified for • this PVC. See the vbr-nrt command for further information. etype Encapsulation type. Cisco 10000 Series Router Access Network Control Protocol Configuration Guide A-26 OL-14660-03...
Page 159
OAM down retry Number of consecutive end-to-end F5 OAM loopback cell responses that if not count received, change a PVC state to down or tear down an SVC. Cisco 10000 Series Router Access Network Control Protocol Configuration Guide A-27 OL-14660-03...
Page 160
Total number of packets sent on this VC. This number includes all fast-switched and process-switched packets. InBytes Total number of bytes received on this VC. This number includes all fast-switched and process-switched bytes. Cisco 10000 Series Router Access Network Control Protocol Configuration Guide A-28 OL-14660-03...
Page 161
• local traffic-shaping parameters do not match the parameters learned from the switch. • LOCAL_ONLY—This PVC is configured locally on the router and not on the remote switch. Cisco 10000 Series Router Access Network Control Protocol Configuration Guide A-29 OL-14660-03...
Page 162
In the output, the vpi/vci vaccess option causes the name of all of the virtual access interfaces (VAIs) to appear. These VAIs are associated with PVC 100/1000 on ATM subinterface ATM 3/0/0.6. Cisco 10000 Series Router Access Network Control Protocol Configuration Guide A-30 OL-14660-03...
Page 163
Displays all ATM switched virtual circuits (SVCs) and traffic information. show atm vc Displays all ATM permanent virtual circuits (PVCs) and switched virtual circuits (SVCs) and traffic information. Cisco 10000 Series Router Access Network Control Protocol Configuration Guide A-31 OL-14660-03...
Page 164
Chapter A ANCP Command Reference Cisco 10000 Series Router Access Network Control Protocol Configuration Guide A-32 OL-14660-03...
Page 165
(Optional) Shows a summary of caller information for the specified username. detailed—(Optional) Provides expanded information about the username. • Command Modes User EXEC Privileged EXEC Cisco 10000 Series Router Access Network Control Protocol Configuration Guide A-33 OL-14660-03...
Page 166
The following sample output from the show caller command shows the virtual access interface and VCD information that displays when you issue the command: Router# show caller user abc@gold.com full Cisco 10000 Series Router Access Network Control Protocol Configuration Guide A-34 OL-14660-03...
Page 168
When a session stops, all currently active services are included in the accounting session stop record. Examples The following example enables per-service accounting: Router(config)# subscriber service session-accounting Cisco 10000 Series Router Access Network Control Protocol Configuration Guide A-36 OL-14660-03...
Page 169
Related Commands Command Description bandwidth account Enables class-based fair queuing and ATM overhead accounting. shape account Shapes traffic to the indicated bit rate and enables ATM overhead accounting. Cisco 10000 Series Router Access Network Control Protocol Configuration Guide A-37 OL-14660-03...
Page 170
(Optional) Specifies how many authentication and accounting requests are to be sent to the server for each port. • Default is 1. • Range for n is 1 to 50000. Cisco 10000 Series Router Access Network Control Protocol Configuration Guide A-38 OL-14660-03...
Page 171
! Attribute not found. aaa attribute clid clidvalue Cisco 10000 Series Router Access Network Control Protocol Configuration Guide A-39 OL-14660-03...
Page 172
Account Requests Replied AAA/SG/TEST: Account Requests Successful : 0 AAA/SG/TEST: Account Requests Failed AAA/SG/TEST: Account Requests Error AAA/SG/TEST: Account Response Received AAA/SG/TEST: Account No Response Recevied: 0 USER ATTRIBUTES Cisco 10000 Series Router Access Network Control Protocol Configuration Guide A-40 OL-14660-03...
Page 173
Enables RADIUS server load-balancing for RADIUS-named server groups. radius-server host Enables RADIUS automated testing for load balancing. radius-server Enables RADIUS server load-balancing for the global RADIUS server load-balance group. Cisco 10000 Series Router Access Network Control Protocol Configuration Guide A-41 OL-14660-03...
Page 174
Privileged EXEC Command History Release Modification 12.2(34)SB This command was introduced and implemented on the Cisco 10000 series router. Examples The following example shows the output information that appears when you enter the clear ancp interface command for a specific interface:...
Page 175
Chapter A ANCP Command Reference Cisco 10000 Series Router Access Network Control Protocol Configuration Guide A-43 OL-14660-03...
Page 176
Chapter A ANCP Command Reference Cisco 10000 Series Router Access Network Control Protocol Configuration Guide A-44 OL-14660-03...
Page 178
ANCP errors 8-10 global configuration default QoS policy rate adaptive configuring multiple QoS Services in an access-accept or CoA 5-19 digital subscriber line digital subscriber line access multiplexers Cisco 10000 Series Router Access Network Control Protocol Configuration Guide IN-2 OL-14660-03...
Page 179
5-16 VSA 250 3-2, 3-3 TCP session VSA 252 test aaa group command 8-38 QoS policy for VSA 252 timeout QoS policy-map traffic class 5-20 queue-in-queue VLANs Cisco 10000 Series Router Access Network Control Protocol Configuration Guide IN-3 OL-14660-03...
Page 180
Index unapplied upstream data rate user-defined offset 7-5, 7-6 violate-action 5-17 VLAN number 8-13 subinterfaces voice and video VRF identifier 5-26 VSA 250 messages Cisco 10000 Series Router Access Network Control Protocol Configuration Guide IN-4 OL-14660-03...