Guest

Cisco IOS Software Releases 12.2 SB

RADIUS Accounting for QoS

  • Viewing Options

  • PDF (240.6 KB)
  • Feedback
RADIUS Accounting for QoS

Table Of Contents

RADIUS Accounting for QoS

Contents

Prerequisites for RADIUS Accounting for QoS

Information About RADIUS Accounting for QoS

Benefits of RADIUS Accounting for QoS

RADIUS Accounting Functionality and QoS Information

How to Configure RADIUS Accounting for QoS

Adding the Cisco AV Pairs to the User Profile on the RADIUS Server

Cisco AV Pairs and VSAs

Verifying the RADIUS Accounting for QoS Configuration

Configuration Examples for RADIUS Accounting for QoS

Adding the Cisco AV Pair to the User Profile on the RADIUS Server: Example

Verifying the RADIUS Accounting for QoS Configuration: Example

Additional References

Related Documents

Standards

MIBs

RFCs

Technical Assistance

Command Reference

Glossary


RADIUS Accounting for QoS


First Published: February 28, 2006

The RADIUS Accounting for QoS feature is one of two features bundled with the QoS: Broadband Aggregation Enhancements—Phase 1 feature. With the RADIUS Accounting for QoS feature, the policy map name, the class-map name, and the number of packets are collected and reported to the RADIUS server. This information is collected and reported on a per-session basis.

History for the RADIUS Accounting for QoS Feature

Release
Modification

12.2(28)SB

This feature was introduced as part of the QoS: Broadband Aggregation Enhancements—Phase 1 feature.


Finding Support Information for Platforms and Cisco IOS Software Images

Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.

Contents

Prerequisites for RADIUS Accounting for QoS

Information About RADIUS Accounting for QoS

How to Configure RADIUS Accounting for QoS

Configuration Examples for RADIUS Accounting for QoS

Additional References

Command Reference

Glossary

Prerequisites for RADIUS Accounting for QoS

The PPPoE (or PPPoA) sessions are enabled.

The RADIUS server must be configured.

Authentication, authorization, and accounting (AAA) must be enabled.

The subscriber's user profile on the RADIUS server must be created.

A policy map is configured, and traffic classes have been created.


Note The RADIUS Accounting for QoS feature supports hierarchical policy maps.


Information About RADIUS Accounting for QoS

To configure the RADIUS Accounting for QoS feature, you should understand the following concepts:

Benefits of RADIUS Accounting for QoS

RADIUS Accounting Functionality and QoS Information

Benefits of RADIUS Accounting for QoS

In addition to the other information collected by RADIUS accounting and used for billing purposes, the RADIUS Accounting for QoS feature collects and reports the policy map name and the class name for traffic on a per-session basis. Including the policy map name and class name provides a finer level of reporting detail.

RADIUS Accounting Functionality and QoS Information

RADIUS accounting provides the method for collecting and sending information used for billing, auditing, and reporting, such as user identities, start and stop times, executed commands (such as PPP), number of packets, and number of bytes.

Accounting enables you to track the services users are accessing as well as the amount of network resources they are consuming. When AAA accounting is activated, the network access server reports user activity to the RADIUS server in the form of accounting records. Each accounting record is comprised of accounting AV pairs and is stored on the access control server. This data can then be analyzed for network management, client billing, and/or auditing. All accounting methods must be defined through AAA. As with authentication and authorization, you configure AAA accounting by defining a named list of accounting methods, and then applying that list to various interfaces.

With the RADIUS Accounting for QoS feature, the information collected and reported to the RADIUIS server includes the policy map name, the class-map name, and the number of packets (also shown in bytes) for the traffic classes on a per-session basis.

How to Configure RADIUS Accounting for QoS

This section contains the following tasks:

Adding the Cisco AV Pairs to the User Profile on the RADIUS Server

Verifying the RADIUS Accounting for QoS Configuration

Adding the Cisco AV Pairs to the User Profile on the RADIUS Server

To configure RADIUS Accounting for QoS, you must add Cisco AV pairs to the subscriber's user profile on the RADIUS server. To add the Cisco AV pairs to the subscriber's user profile, complete the following steps on the RADIUS server.

Cisco AV Pairs and VSAs

Cisco AV pairs are part of vendor-specific attributes (VSAs) that allow a policy map to be applied to the router. Cisco AV pairs are a combination of an attribute and a value. The purpose of Cisco VSA (attribute 26) is to communicate vendor-specific information between the router and the RADIUS server. The Cisco VSA encapsulates vendor-specific attributes that allow vendors such as Cisco to support their own extended attributes.

For this configuration, one of two Cisco AV pairs can be used (formatted as shown below):

lcp:interface-config=service-policy output/input <policy name>

This Cisco AV pair is considered a "legacy" AV pair. It is of earlier origin but is still an available choice.

sub-qos-policy-in/out=<policy name>

This Cisco AV pair takes advantage of more recent technology and is the recommended choice. This Cisco AV pair is the one shown in the configuration tasks and examples.

The Cisco AV pair is added to the subscriber's user file on the RADIUS server. A subscriber's user file contains an entry for each user that the RADIUS server will authenticate. Each entry establishes an attribute the user can access.

When looking at a user file, the data to the left of the equal sign (=) is an attribute defined in the dictionary file, and the data to the right of the equal sign is the configuration data.

The Cisco AV pair identifies the policy map that was used to configure the specific QoS features. When the router requests the policy map name (specified in the Cisco AV pair), the policy map is pulled to the router from the RADIUS server when the session is established. The Cisco AV pair applies the appropriate policy map (and, therefore, the QoS feature) directly to the router from the RADIUS server.

SUMMARY STEPS

1. sub-qos-policy-in/out=<policy name>

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

sub-qos-policy-in/out=<policy name>

Example:

userid    Password ="cisco"

   Service-Type = Framed,

   Framed-Protocol = PPP,

   Cisco:Cisco-avpair = "sub-qos-policy-out=p23"

Enters the Cisco AV pair for policy maps on the RADIUS server in the subscriber's user file. When the router requests the policy name, the information in the subscriber's user file is used.

Add the Cisco AV pair to the subscriber's user file.

Note The first three lines of the subscriber's user profile contain the user password, the service type, and the protocol type. This information is entered into the subscriber's user profile when the profile is first created.

Verifying the RADIUS Accounting for QoS Configuration

After adding the Cisco QoS AV pair to the subscriber's user profile, you may want to verify the configuration. The verification tasks allow you to see whether the accounting statistics are being reported the way you intended.

To verify the configuration, complete the follows steps.

SUMMARY STEPS

1. enable

2. show policy-map session [uid uid-number] [input | output [class class-name]]

3. exit

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

show policy-map session [uid uid-number] [input | output [class class-name]]

Example:
Router# show policy-map session uid 401 output

Displays the information about the session identified by the unique ID.

Step 3 

exit

Example:

Router# exit

(Optional) Returns from privileged EXEC mode.

Configuration Examples for RADIUS Accounting for QoS

This section contains the following examples:

Adding the Cisco AV Pair to the User Profile on the RADIUS Server: Example

Verifying the RADIUS Accounting for QoS Configuration: Example

Adding the Cisco AV Pair to the User Profile on the RADIUS Server: Example

The following is an example of a subscriber's user profile in which the Cisco AV pair has been added.

The first four lines contain the passwords, the service type, and the protocol type. This information is entered into the subscriber's user profile when the user profile is first created.

The last line is an example of the Cisco AV pair added to the user profile.


xyz@cisco.com Password = "cisco"
    CHAP-Password = "cisco"
    Service-Type = Framed
    Framed-Protocol = PPP
    Cisco:Cisco-avpair = "sub-qos-policy-in=p23"

Verifying the RADIUS Accounting for QoS Configuration: Example

Use the show policy-map session command to verify that the reporting statistics now include the policy map and the class name for the traffic on a per-session basis.

In the sample below, the statistics for subscriber service switch (SSS) session 7 (and policy map p23) are displayed. In policy map p23, the QoS feature traffic policing is configured and traffic policing statistics are displayed.


Note Only the policy map name, the class-map name, and the number of packets (also shown in bytes) per-class are reported to the RADIUS server.


Router# show policy-map session

 SSS session identifier 7 -

  Service-policy output:p23

    Class-map: customer3 (match-any)
      2232 packets, 124992 bytes
      5 minute offered rate 8000 bps, drop rate 0 bps
      Match: ip dscp cs5  cs6 
        2232 packets, 124992 bytes
        5 minute rate 8000 bps
      police:
          cir 20000 bps, bc 10000 bytes
          pir 40000 bps, be 10000 bytes
        conformed 2232 packets, 124992 bytes; actions:
          set-dscp-transmit af21
        exceeded 0 packets, 0 bytes; actions:
          set-dscp-transmit af22
        violated 0 packets, 0 bytes; actions:
          set-dscp-transmit af23
        conformed 8000 bps, exceed 0 bps, violate 0 bps

    Class-map:customer2 (match-any)
      14840 packets, 1855000 bytes
      30 second offered rate 0 bps
      Match:ip dscp cs2
        14840 packets, 1855000 bytes
        30 second rate 0 bps

    Class-map:class-default (match-any)
      95922 packets, 11990250 bytes
      30 second offered rate 0 bps, drop rate 0 bps
      Match:any
        95922 packets, 11990250 bytes
        30 second rate 0 bps

Additional References

The following sections provide references related to the RADIUS Accounting for QoS feature.

Related Documents

Related Topic
Document Title

QoS commands: complete command syntax, command modes, command history, defaults, usage guidelines, and examples

Cisco IOS Quality of Service Solutions Command Reference

Class maps, policy maps, hierarchical policy maps, and MQC

Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.4

Broadband access

"Broadband Access" section of the Cisco IOS Wide-Area Networking Configuration Guide, Release 12.4

Broadband aggregation for the Cisco 1000 series router

Cisco 10000 Series Broadband Aggregation and Leased-Line Configuration Guide, Release 12.3XI

Configuring accounting using AAA

Cisco IOS Security Configuration Guide, Release 12.4

RADIUS servers and AAA

Cisco IOS Security Configuration Guide, Release 12.4


Standards

Standard
Title

None


MIBs

MIB
MIBs Link

None

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs


RFCs

RFC
Title

None


Technical Assistance

Description
Link

The Cisco Technical Support & Documentation website contains thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.

http://www.cisco.com/techsupport


Command Reference

This feature uses no new or modified commands.

Glossary

PPP— Point-to-Point Protocol. A protocol that provides router-to-router and host-to-network connections over synchronous and asynchronous circuits. PPP is designed to work with several network layer protocols, such as IP, Internetwork Packet Exchange (IPX), and AppleTalk Remote Access (ARA).

PPPoA—Point-to-Point Protocol over ATM. A feature that allows a PPP session to be initiated on a simple bridging ATM connected client. PPPoA provides the ability to connect a network of hosts over a simple bridging access device to a remote access concentrator or aggregation concentrator.

PPPoE—Point-to-Point Protocol over Ethernet. A feature that allows a PPP session to be initiated on a simple bridging Ethernet connected client. PPPoE provides the ability to connect a network of hosts over a simple bridging access device to a remote access concentrator or aggregation concentrator.

RADIUS—Remote Authentication Dial-In User Service. A database for authenticating modem and ISDN connections and for tracking connection time.

SSS—Subscriber Service Switch. A switch that provides flexibility on where and how many subscribers are connected to available services and how those services are defined. The primary focus of SSS is to direct PPP from one point to another using a Layer 2 subscriber policy. The policy will manage tunneling of PPP in a policy-based bridging fashion.


Note See Internetworking Terms and Acronyms for terms not included in this glossary.