Table Of Contents
RADIUS Accounting for QoS
First Published: February 28, 2006
The RADIUS Accounting for QoS feature is one of two features bundled with the QoS: Broadband Aggregation Enhancements—Phase 1 feature. With the RADIUS Accounting for QoS feature, the policy map name, the class-map name, and the number of packets are collected and reported to the RADIUS server. This information is collected and reported on a per-session basis.
History for the RADIUS Accounting for QoS Feature
This feature was introduced as part of the QoS: Broadband Aggregation Enhancements—Phase 1 feature.
Finding Support Information for Platforms and Cisco IOS Software Images
Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.
Prerequisites for RADIUS Accounting for QoS
•The PPPoE (or PPPoA) sessions are enabled.
•The RADIUS server must be configured.
•Authentication, authorization, and accounting (AAA) must be enabled.
•The subscriber's user profile on the RADIUS server must be created.
•A policy map is configured, and traffic classes have been created.
Note The RADIUS Accounting for QoS feature supports hierarchical policy maps.
Information About RADIUS Accounting for QoS
To configure the RADIUS Accounting for QoS feature, you should understand the following concepts:
Benefits of RADIUS Accounting for QoS
In addition to the other information collected by RADIUS accounting and used for billing purposes, the RADIUS Accounting for QoS feature collects and reports the policy map name and the class name for traffic on a per-session basis. Including the policy map name and class name provides a finer level of reporting detail.
RADIUS Accounting Functionality and QoS Information
RADIUS accounting provides the method for collecting and sending information used for billing, auditing, and reporting, such as user identities, start and stop times, executed commands (such as PPP), number of packets, and number of bytes.
Accounting enables you to track the services users are accessing as well as the amount of network resources they are consuming. When AAA accounting is activated, the network access server reports user activity to the RADIUS server in the form of accounting records. Each accounting record is comprised of accounting AV pairs and is stored on the access control server. This data can then be analyzed for network management, client billing, and/or auditing. All accounting methods must be defined through AAA. As with authentication and authorization, you configure AAA accounting by defining a named list of accounting methods, and then applying that list to various interfaces.
With the RADIUS Accounting for QoS feature, the information collected and reported to the RADIUIS server includes the policy map name, the class-map name, and the number of packets (also shown in bytes) for the traffic classes on a per-session basis.
How to Configure RADIUS Accounting for QoS
This section contains the following tasks:
Adding the Cisco AV Pairs to the User Profile on the RADIUS Server
To configure RADIUS Accounting for QoS, you must add Cisco AV pairs to the subscriber's user profile on the RADIUS server. To add the Cisco AV pairs to the subscriber's user profile, complete the following steps on the RADIUS server.
Cisco AV Pairs and VSAs
Cisco AV pairs are part of vendor-specific attributes (VSAs) that allow a policy map to be applied to the router. Cisco AV pairs are a combination of an attribute and a value. The purpose of Cisco VSA (attribute 26) is to communicate vendor-specific information between the router and the RADIUS server. The Cisco VSA encapsulates vendor-specific attributes that allow vendors such as Cisco to support their own extended attributes.
For this configuration, one of two Cisco AV pairs can be used (formatted as shown below):
•lcp:interface-config=service-policy output/input <policy name>
This Cisco AV pair is considered a "legacy" AV pair. It is of earlier origin but is still an available choice.
This Cisco AV pair takes advantage of more recent technology and is the recommended choice. This Cisco AV pair is the one shown in the configuration tasks and examples.
The Cisco AV pair is added to the subscriber's user file on the RADIUS server. A subscriber's user file contains an entry for each user that the RADIUS server will authenticate. Each entry establishes an attribute the user can access.
When looking at a user file, the data to the left of the equal sign (=) is an attribute defined in the dictionary file, and the data to the right of the equal sign is the configuration data.
The Cisco AV pair identifies the policy map that was used to configure the specific QoS features. When the router requests the policy map name (specified in the Cisco AV pair), the policy map is pulled to the router from the RADIUS server when the session is established. The Cisco AV pair applies the appropriate policy map (and, therefore, the QoS feature) directly to the router from the RADIUS server.
1. sub-qos-policy-in/out=<policy name>
Verifying the RADIUS Accounting for QoS Configuration
After adding the Cisco QoS AV pair to the subscriber's user profile, you may want to verify the configuration. The verification tasks allow you to see whether the accounting statistics are being reported the way you intended.
To verify the configuration, complete the follows steps.
2. show policy-map session [uid uid-number] [input | output [class class-name]]
Configuration Examples for RADIUS Accounting for QoS
This section contains the following examples:
Adding the Cisco AV Pair to the User Profile on the RADIUS Server: Example
The following is an example of a subscriber's user profile in which the Cisco AV pair has been added.
The first four lines contain the passwords, the service type, and the protocol type. This information is entered into the subscriber's user profile when the user profile is first created.
The last line is an example of the Cisco AV pair added to the user firstname.lastname@example.org Password = "cisco"CHAP-Password = "cisco"Service-Type = FramedFramed-Protocol = PPPCisco:Cisco-avpair = "sub-qos-policy-in=p23"
Verifying the RADIUS Accounting for QoS Configuration: Example
Use the show policy-map session command to verify that the reporting statistics now include the policy map and the class name for the traffic on a per-session basis.
In the sample below, the statistics for subscriber service switch (SSS) session 7 (and policy map p23) are displayed. In policy map p23, the QoS feature traffic policing is configured and traffic policing statistics are displayed.
Note Only the policy map name, the class-map name, and the number of packets (also shown in bytes) per-class are reported to the RADIUS server.
Router# show policy-map sessionSSS session identifier 7 -Service-policy output:p23Class-map: customer3 (match-any)2232 packets, 124992 bytes5 minute offered rate 8000 bps, drop rate 0 bpsMatch: ip dscp cs5 cs62232 packets, 124992 bytes5 minute rate 8000 bpspolice:cir 20000 bps, bc 10000 bytespir 40000 bps, be 10000 bytesconformed 2232 packets, 124992 bytes; actions:set-dscp-transmit af21exceeded 0 packets, 0 bytes; actions:set-dscp-transmit af22violated 0 packets, 0 bytes; actions:set-dscp-transmit af23conformed 8000 bps, exceed 0 bps, violate 0 bpsClass-map:customer2 (match-any)14840 packets, 1855000 bytes30 second offered rate 0 bpsMatch:ip dscp cs214840 packets, 1855000 bytes30 second rate 0 bpsClass-map:class-default (match-any)95922 packets, 11990250 bytes30 second offered rate 0 bps, drop rate 0 bpsMatch:any95922 packets, 11990250 bytes30 second rate 0 bps
The following sections provide references related to the RADIUS Accounting for QoS feature.
Related Topic Document Title
QoS commands: complete command syntax, command modes, command history, defaults, usage guidelines, and examples
Cisco IOS Quality of Service Solutions Command Reference
Class maps, policy maps, hierarchical policy maps, and MQC
Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.4
"Broadband Access" section of the Cisco IOS Wide-Area Networking Configuration Guide, Release 12.4
Broadband aggregation for the Cisco 1000 series router
Configuring accounting using AAA
Cisco IOS Security Configuration Guide, Release 12.4
RADIUS servers and AAA
Cisco IOS Security Configuration Guide, Release 12.4
MIB MIBs Link
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:
This feature uses no new or modified commands.
PPP— Point-to-Point Protocol. A protocol that provides router-to-router and host-to-network connections over synchronous and asynchronous circuits. PPP is designed to work with several network layer protocols, such as IP, Internetwork Packet Exchange (IPX), and AppleTalk Remote Access (ARA).
PPPoA—Point-to-Point Protocol over ATM. A feature that allows a PPP session to be initiated on a simple bridging ATM connected client. PPPoA provides the ability to connect a network of hosts over a simple bridging access device to a remote access concentrator or aggregation concentrator.
PPPoE—Point-to-Point Protocol over Ethernet. A feature that allows a PPP session to be initiated on a simple bridging Ethernet connected client. PPPoE provides the ability to connect a network of hosts over a simple bridging access device to a remote access concentrator or aggregation concentrator.
RADIUS—Remote Authentication Dial-In User Service. A database for authenticating modem and ISDN connections and for tracking connection time.
SSS—Subscriber Service Switch. A switch that provides flexibility on where and how many subscribers are connected to available services and how those services are defined. The primary focus of SSS is to direct PPP from one point to another using a Layer 2 subscriber policy. The policy will manage tunneling of PPP in a policy-based bridging fashion.
Note See Internetworking Terms and Acronyms for terms not included in this glossary.
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
© 2006 Cisco Systems, Inc. All rights reserved.