Customer Profile Idle Timer Enhancements for Interesting Traffic
Feature History
|
|
12.2(4)T
|
This feature was introduced.
|
12.2(11)T
|
This feature was implemented on Cisco access server platforms.
|
This document describes the Asynchronous Line Monitoring feature feature. It includes the following sections:
Feature Overview
Before Cisco IOS Release 12.2(4)T, only the dialer idle timer could be reset for
interesting
traffic on a dialer interface. The Asynchronous Line Monitoring feature feature available in Cisco IOS Release 12.2(4)T supports a PPP idle timer based on interesting traffic for dialer interfaces. (Existing PPP idle timer behavior is not changed when traffic is not classified.) New commands and functionality provided with this feature also address idle timer issues for virtual access dialup network (VPDN) sessions, which use virtual access (projected) interfaces and rely on the PPP idle timer mechanism.
The Resource Pool Manager (RPM) per-customer profile dialer idle timer function works with Multilink PPP (MLP) and Multichassis Multilink PPP (MMP), providing that the master bundle interface is not a virtual access (projected) interface. For virtual access interfaces such as those used in a VPDN or with MMP where the dialer idle timer cannot be used, you can now classify the IP traffic that resets the PPP idle timer. A named access list is also supported.
Additionally, because RPM customer profiles are applied on a per-Dialed Number Identification Service (DNIS) basis and allow for configuring a per-customer profile dialer idle timer, the Asynchronous Line Monitoring feature feature associates idle timers based on call type and DNIS.
The idle timer implementation in the Asynchronous Line Monitoring feature feature specifies that for calls terminated on a network access server, a virtual access interface is cloned from the virtual template. This virtual access interface is linked to a physical interface on which is running a dialer timer. If the PPP idle timer is configured on the virtual template or provided by an authentication, authorization, and accounting (AAA) per-user interface configuration, the result is two idle timers, as follows:
-
A PPP idle timer on the virtual access interface.
-
A dialer idle timer on the physical interface.
Neither the dialer idle timer nor the PPP idle timer will run when the idle timer in the per-user configuration is set to 0. When the per-user idle timer is set to some value besides 0, that value overrides all local idle timer configurations.
Benefits
The Asynchronous Line Monitoring feature feature provides the following system idle timer benefits:
-
Resets the PPP idle timer based on interesting inbound or outbound IP traffic for virtual access interfaces on Layer 2 Tunnel Protocol (L2TP) access concentrators (LACs) and L2TP network servers (LNSs).
-
Associates the dialer timer with interesting traffic within RPM customer profiles.
-
Applies the user idle-timer value RADIUS attribute 28 across all interfaces associated with the call.
Restrictions
The PPP idle timer can classify IP traffic only.
Supported Platforms
See the next section for information about Feature Navigator and how to use this tool to determine the platforms and software images in which this feature is available.
Platform Support Through Feature Navigator
Cisco IOS software is packaged in feature sets that support specific platforms. To get updated information regarding platform support for this feature, access Feature Navigator. Feature Navigator dynamically updates the list of supported platforms as new platform support is added for the feature.
Feature Navigator is a web-based tool that enables you to quickly determine which Cisco IOS software images support a specific set of features and which features are supported in a specific Cisco IOS image.
To access Feature Navigator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions at http://www.cisco.com/register.
Feature Navigator is updated when major Cisco IOS software releases and technology releases occur. As of May 2001, Feature Navigator supports M, T, E, S, and ST releases. You can access Feature Navigator at the following URL:
http://www.cisco.com/go/fn
Supported Standards, MIBs, and RFCs
Standards
None
MIBs
None
To obtain lists of supported MIBs by platform and Cisco IOS release, and to download MIB modules, go to the Cisco MIB website on Cisco.com at the following URL:
http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
RFCs
None
Configuration Tasks
See the following sections for configuration tasks for the Asynchronous Line Monitoring feature feature. Each task in the list is identified as either required or optional:
Configuring an RPM Template to Accept Dialer Interface Timers
To configure a template to accept dialer interface timers, use the following commands beginning in global configuration mode:
|
|
|
Step 1
|
Router(config)#
template
name
|
Accesses the template configuration mode for configuring a particular customer profile template.
|
Step 2
|
Router(config-template)#
dialer idle-timeout
seconds
|
Sets the dialer idle timeout period in a virtual template interface.
|
Step 3
|
Router(config-template)#
dialer-group
dialer-list-number
|
Controls access by configuring an interface to belong to a specific dialing group.
|
Configuring a PPP Idle Timer Based on Interesting IP Traffic
To configure a PPP idle timer based on
interesting
IP traffic, use the following commands beginning in global configuration mode:
|
|
|
Step 1
|
Router(config)#
interface virtual-template
number
|
Creates a virtual template interface that can be configured and applied dynamically in creating virtual access interfaces, and enters interface configuration mode.
|
Step 2
|
Router(config-if)#
ppp timeout idle
time
|
Sets PPP idle timeout parameters on the virtual template interface.
|
Step 3
|
Router(config-if)#
ip idle-group
{
access-list-number
|
access-list-name
} {
in
|
out
}
|
Configures interesting inbound traffic (using the
in
keyword) or outbound traffic (using the
out
keyword) on a virtual template interface for the PPP idle timer.
|
See the configurations included in the “Configuration Examples” section for additional commands that you might configure.
Configuring the Idle Timer in a RADIUS Profile
To set the idle timer from AAA, configure the following RADIUS profile:
aaaa-idle Password = "password"
Verifying the Asynchronous Line Monitoring feature
To verify that the Asynchronous Line Monitoring feature is configured correctly, perform the following verification steps:
Step 1 To display the idle time configured, and any remote caller that is connected and its IP address, enter the
show caller timeou
t EXEC command:
Router# show caller timeout Line User Host(s) Idle Location 47 tty 47 st-5300-c3 Async interface 00:00:15 PPP: 11.1.1.2 Interface User Mode Idle Peer Address
Step 2 Enter the
show caller timeou
t EXEC command again. Notice that the
show caller timeout
command displays the idle timeout configured as 20 seconds:
Router# show caller timeout Line User Timeout Timeout User in tty 47 st-5300-c3 - 00:30:00 00:29:43 As47 st-5300-c3 - 00:00:20 now
Step 3 Continue entering the
show caller timeout
command. The displays show the timers counting down and then disconnecting.
Router# show caller timeout Line User Timeout Timeout User in tty 47 st-5300-c3 - 00:30:00 00:29:43 As47 st-5300-c3 - 00:00:20 now Router# show caller timeout Line User Timeout Timeout User in tty 47 - - 00:30:00 00:29:41 Router# show caller timeout Line User Timeout Timeout User in tty 47 - - 00:30:00 00:29:38 Router# show caller timeout Line User Timeout Timeout User in
Troubleshooting Tips
To troubleshoot the Asynchronous Line Monitoring feature feature, use the following debugging commands:
-
debug cca
-
debug aaa authen
-
debug aaa author
-
debug aaa per-user
-
debug ppp authen
-
debug ppp neg
-
debug radius
-
debug isdn q931
-
debug dialer detail
-
debug vaccess
-
debug vprofile
Monitoring and Maintaining the Asynchronous Line Monitoring feature
To monitor and maintain the Asynchronous Line Monitoring feature feature, use the following EXEC commands:
|
|
Router#
show caller
|
Displays caller information.
|
Router#
show ip access-list
|
Displays the contents of all current IP access lists.
|
Router#
show users
|
Displays information about the active lines on the router.
|
Configuration Examples
This section provides the following configuration examples:
Two Templates with Different Dialer Idle Timer Settings Example
The following partial example shows how to configure two customer profiles, each with different templates. Notice that each template sets the dialer idle timer differently:
resource-pool profile customer prf_cust_1 source template template1 resource-pool profile customer prf_cust_2 source template template2 dialer dnis group dnis_g1 dialer dnis group dnis_g2
Resetting the Dialer Idle Timer with Interesting Traffic Example
The following partial example shows how to configure an RPM customer profile that sets the dialer idle timer in a virtual template interface based on either inbound or outbound traffic:
resource-pool profile customer prf_cust_1 source template template1 dialer idle-timeout 45 either dialer dnis group dnis_g1
Network Access Server Extended Configuration Example
The following example shows the configuration for a Cisco AS5300 series access server, which is part of a large-scale dial-out configuration. Notice that on virtual template interface 1 the PPP idle timer is configured to reset only on interesting inbound traffic, and that both dialer interface idle timers are set to 60 seconds:
aaa authentication ppp default local group radius none aaa authorization network default local group radius none username 4500 password 0 cisco username 5300 password 0 cisco username 2500-1 password 0 cisco username 2500-2 password 0 cisco username LAC password 0 cisco username LNS password 0 cisco username SGBP password 0 cisco firmware location system:/ucode/mica_port_firmware resource-pool group resource modem resource-pool group resource data resource-pool profile customer cust dialer dnis group dnis_g7 sgbp member 2500-2 10.0.38.3 isdn switch-type primary-5ess clock source line primary ip address 192.168.14.1 255.255.255.255 ip address 10.0.38.14 255.255.255.0 interface Virtual-Template1 peer default ip address pool local_pool ppp authentication chap callin dialer load-threshold 1 outbound isdn switch-type primary-5ess isdn incoming-voice modem ppp authentication chap callin peer default ip address pool local_pool ppp authentication chap callin ip local pool local_pool 10.1.14.1 10.1.14.254 ip route 172.0.0.0 255.0.0.0 Ethernet0 ip route 192.168.0.0 255.255.255.0 10.0.38.1 access-list 101 deny icmp any any access-list 101 permit ip any any access-list 102 deny tcp any any access-list 102 permit ip any any dialer-list 1 protocol ip list 101 dialer-list 2 protocol ip list 102 dialer-list 3 protocol ip permit access-list 101 permit icmp any any access-list 102 deny ip any any radius-server host 172.69.70.72 auth-port 1645 acct-port 1646 radius-server retransmit 3 modem autoconfigure discovery
Command Reference
The following commands are introduced or modified in the feature or features documented in this module. For information about these commands, see the
Cisco IOS Dial Technologies Command Reference
at
http://www.cisco.com/en/US/docs/ios/dial/command/reference/dia_book.html
.
For information about all Cisco IOS commands, go to the Command Lookup Tool at
http://tools.cisco.com/Support/CLILookup
or
to the
Cisco IOS Master Commands List
.
New Commands
-
ip idle-group
-
dialer-group (template)
-
dialer idle-timeout (template)
-
ppp timeout idle (template)
Modified Command
Glossary
interesting packets
—Dialer access lists are central to the operation of DDR. In general, access lists are used as the screening criteria for determining when to initiate DDR calls.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL:
www.cisco.com/go/trademarks
. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
.Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2008–2009 Cisco Systems, Inc. All rights reserved.