Cisco IOS Dial Technologies Configuration Guide, Release 12.4T
Peer Pool Backup
Downloads: This chapterpdf (PDF - 168.0KB) | Feedback

Peer Pool Backup

Table Of Contents

Peer Pool Backup

Contents

Prerequisites for Peer Pool Backup

Information About Peer Pool Backup

Alternate Sources for IP Address Pools

Backup Pools to Prevent Local Pool Exhaustion

Limit Loading of Dynamic Pools

Peer Pool Backup Feature Interface Compatibility

How to Configure Peer Pool Backup

Configuring IP Pools

Suppressing Dynamic Pool Load Attempts

Verifying Asynchronous Line Monitoring feature

Monitoring and Maintaining Asynchronous Line Monitoring feature

Configuration Examples for Peer Pool Backup

ISDN Pool Backup Configuration: Example

DSL Static Pool Backup Configuration: Example

Pool Backup with Local Restrictions Configuration: Example

Additional References

Related Documents

Standards

MIBs

RFCs

Technical Assistance

Command Reference


Peer Pool Backup


The Asynchronous Line Monitoring feature feature provides control over selection of IP address pools in large-scale dial-out networks where authentication, authorization, and accounting (AAA) servers and network access servers (NASs) are controlled by different groups. This feature allows you to define alternate sources for IP address pools in the event the original address pool is not present or is exhausted.

Release
Modification

12.2(8)B

This feature was introduced.

12.3(4)T

This feature was integrated into Cisco IOS Release 12.3(4)T.


Feature History for the Asynchronous Line Monitoring feature Feature

Finding Support Information for Platforms and Cisco IOS Software Images

Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.

Contents

Prerequisites for Peer Pool Backup

Information About Peer Pool Backup

How to Configure Peer Pool Backup

Configuration Examples for Peer Pool Backup

Additional References

Command Reference

Prerequisites for Peer Pool Backup

The peer pool backup and peer pool static interface configuration commands introduced with the Asynchronous Line Monitoring feature feature work with IP address pools. Before beginning the configuration tasks, see the "Related Documents" section for information about IP address pooling configuration tasks.

Information About Peer Pool Backup

To configure Peer Pool Backup, you need to understand the following concepts:

Alternate Sources for IP Address Pools

Backup Pools to Prevent Local Pool Exhaustion

Limit Loading of Dynamic Pools

Peer Pool Backup Feature Interface Compatibility

Alternate Sources for IP Address Pools

The Asynchronous Line Monitoring feature feature is useful in large-scale dial-out environments with large numbers of independently controlled AAA servers that can make it difficult for the NAS to provide proper IP address pool resolution in the following cases:

A new pool name is introduced by one of the AAA servers before that pool is set up on the NAS.

An existing local pool becomes exhausted, but the owner of that AAA server has other pools that would be acceptable as an IP address source.

The Asynchronous Line Monitoring feature feature introduces two new interface configuration commands, peer pool backup and peer pool static, which allow you to define alternate sources for IP address pools in the event the original address pool is not present or is exhausted.

Backup Pools to Prevent Local Pool Exhaustion

The problems of pool name resolution and specific local pool exhaustion can be solved by configuring backup pool names on a per-interface basis using the peer default ip address pool and peer pool backup interface configuration commands. The peer pool backup command uses the local pool names configured with the peer default ip address pool interface configuration command to supplement the pool names supplied by AAA.

Limit Loading of Dynamic Pools

The peer pool static command controls attempts by the pool software to load dynamic pools in response to a pool request from a specific interface. These dynamic pools are loaded at system startup and refreshed whenever a pool name not configured on the NAS is specified for IP address allocation. Because the behavior of the NAS in response to a missing pool name can be changed using the peer pool backup interface configuration command, you can use the peer pool static command to control attempts to load all dynamic pools when the AAA-supplied pool name is not an existing local pool name.

Peer Pool Backup Feature Interface Compatibility

The Asynchronous Line Monitoring feature feature has been successfully tested at Cisco Systems in networks using ISDN, asynchronous, and digital subscriber line (DSL) interfaces.

How to Configure Peer Pool Backup

The following sections describe how to configure the Asynchronous Line Monitoring feature feature. Each task is identified as required or optional.

Configuring IP Pools (required)

Suppressing Dynamic Pool Load Attempts (required)

Verifying Asynchronous Line Monitoring feature (optional)

Configuring IP Pools

Perform the following task to create one or more local IP address pools and directs the pool software to use the local pool name that is configured with the peer default ip address pool interface configuration command, to supplement the pool names supplied by AAA.

SUMMARY STEPS

1. enable

2. configure terminal

3. interface type number

4. peer pool backup

5. peer default ip address pool pool-name-list

6. exit

7. ip local pool {named-address-pool | default} {first-IP-address [last-IP-address]} [group group-name] [cache-size size]

8. exit

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

interface type number

Example:

Router(config)# interface serial 1:23

Specifies the interface and enters interface configuration mode.

Step 4 

peer pool backup

Example:

Router(config-if)# peer pool backup

Directs the pool software to use the local pool name configured with the peer default ip address pool interface configuration command to supplement the pool names supplied by AAA.

Step 5 

peer default ip address pool pool-name-list

Example:

Router(config-if)# peer default ip address pool pool3 pool4 pool5

Specifies a list of pools for the interface to use, in search order.

Step 6 

exit

Example:

Router(config-if)# exit

Exits interface configuration mode and returns to global configuration mode.

Step 7 

ip local pool {named-address-pool | default} {first-IP-address [last-IP-address]} [group group-name] [cache-size size]

Example:

Router(config)# ip local pool pool3 10.4.4.2

Creates one or more local IP address pools.

Step 8 

exit

Example:

Router(config)# exit

Exits configuration mode.

This task configures basic IP address pooling and pool backup. See the "Configuration Examples for Peer Pool Backup" section for additional configuration information.

Suppressing Dynamic Pool Load Attempts

Perform the following task to suppress an attempt to load all dynamic pools from the AAA server.

SUMMARY STEPS

1. enable

2. configure terminal

3. interface type number

4. peer pool static

5. exit

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

Router(config)# interface type number

Example:

Router(config)# interface Virtual-Template 1

Specifies the interface and enters interface configuration mode.

Step 4 

Router(config-if)# peer pool static

Example:

Router(config-if)# peer pool static

Suppresses an attempt to load all dynamic pools from the AAA server.

Step 5 

Router(config-if)# exit

Example:

Router(config-if)# exit

Exits interface configuration mode.

See the "Configuration Examples for Peer Pool Backup" section for additional configuration information.

Verifying Asynchronous Line Monitoring feature

Perform this task to verify that the peer pool backup command has been configured correctly. The report from the debug ip peer command indicates the order in which the pool software searches for IP address pools. The report should also indicate that only the backup IP address pools are searched; any attempt to load a dynamic IP address pool will be suppressed when the peer pool static command is configured, or if the pools were refreshed within the last two minutes.

SUMMARY STEPS

1. enable

2. debug ip peer

DETAILED STEPS


Step 1 enable

Use this command to enter privileged EXEC mode. Enter your password if prompted.

Router> enable

Step 2 debug ip peer

Use this command to display a report about backup pool activity. Comments are enclosed within <angle brackets> and commands involved in the reports are in bold text.

Router# debug ip peer

 *Jan1 02:11:10.455: Se0:22 AAA/AUTHOR/IPCP: Start.Her address 0.0.0.0, we want 0.0.0.0
 *Jan1 02:11:10.455: Se0:22 AAA/AUTHOR/IPCP: Says use pool poolA
 *Jan1 02:11:10.459: Se0:22: IPPOOL: using pool poolA
 *Jan1 02:11:10.459: Se0:22: Use AAA pools: poolA
 < AAA-supplied pool name. >
 *Jan1 02:11:10.459: Se0:22: Backup pools : back1 back2
 < Determines pool names to use if address is not obtained from AAA pool name. >
 < Only seen when the peer pool backup command is configured. >
 < Pool name from peer default ip address pool back1 back2 command. >
 *Jan1 02:11:10.459: Se0:22: Pools to search : poolA back1 back2
 < Pools searched in the above order, AAA-supplied name first. >
 *Jan1 02:11:10.459: Se0:22 AAA/AUTHOR/CONFIG: Pools refreshed for pool poolA
 < Since pool poolA is missing, an attempt is made to load it as a >
 < dynamic pool from AAA >
 *Jan1 02:11:10.459: AAA/AUTHOR (0x5): Pick method list 'default'
.
.
.
 *Jan1 02:11:10.475: Se0:22 AAA/AUTHOR/CONFIG: Set pool timeout to 2 mins
 *Jan1 02:11:10.475: Se0:22 AAA/AUTHOR/CONFIG: Pool back1 refresh skipped
 < Another dynamic pool load attempt was suppressed for pool "back1," which
 < is also missing since software just loaded all dynamic pools when
 < looking for pool poolA. >
 *Jan1 02:11:10.475: Se0:22 AAA/AUTHOR/CONFIG: Pools refreshed 0 seconds ago
 < Software tries to refresh the dynamic pools from AAA if 2 minutes have elapsed. >
 *Jan1 02:11:10.475: Se0:22 AAA/AUTHOR/CONFIG: Pools will timeout in 2 mins
 < The above message is due to the presence of some dynamic pools on AAA where
 < these dynamic pools have a life time of 2 minutes; unrelated to the
 < pools we are focusing on, but loaded in response to the dynamic load. >
 *Jan1 02:11:10.475: Se0:22: Pool back2 returned address = 10.2.2.2
.
.
.
 *Jan1 02:18:19.063: Se0:22 AAA/AUTHOR/IPCP: Says use pool poolA
 *Jan1 02:18:19.063: Se0:22: IPPOOL: using pool poolA
 *Jan1 02:18:19.067: Se0:22: AAA pools to match: poolA
 *Jan1 02:18:19.067: Se0:22: Configured pools: back1 back2 poolA
 *Jan1 02:18:19.067: Se0:22: Matched AAA pools : poolA
 *Jan1 02:18:19.067: Se0:22: Use AAA pools: poolA
 *Jan1 02:18:19.067: Se0:22: Backup pools : back1 back2 poolA
 *Jan1 02:18:19.067: Se0:22: Pools to search : poolA back1 back2
 *Jan1 02:18:19.067: Se0:22: Dynamic IP pool loading suppressed: poolA
 < No attempt is made to dynamically load pools, even if the pool >
 < being processed ("poolA") is not present. This is due to the >
 < peer pool static command; otherwise software would try to load >
 < dynamic pools if they have not been load in the last 2 minutes. >
 *Jan1 02:18:19.067: Se0:22: Dynamic IP pool loading suppressed: back1
 *Jan1 02:18:19.067: Se0:22: Dynamic IP pool loading suppressed: back2
 *Jan1 02:18:19.067: Se0:22: Pool back2 returned address = 10.2.2.2


Verifying That a Pool Was Not Skipped

When the IP pool backup configuration is verified, there may be a situation where the dynamic pools were recently refreshed and messages will indicate that pool refresh was not done. The following partial output from the debug ip peer command shows how this situation would be reported; comments are enclosed within <angle brackets> and commands involved in the reports are in bold text.

 *Jan1 02:40:44.507: Se0:22 AAA/AUTHOR/IPCP: Says use pool poolA
 *Jan1 02:40:44.507: Se0:22: IPPOOL: using pool poolA
 *Jan1 02:40:44.507: Se0:22: Use AAA pools: poolA
 *Jan1 02:40:44.507: Se0:22: Backup pools : back1 back2
 *Jan1 02:40:44.511: Se0:22: Pools to search : poolA back1 back2
 *Jan1 02:40:44.511: Se0:22 AAA/AUTHOR/CONFIG: Pool poolA refresh skipped
 *Jan1 02:40:44.511: Se0:22 AAA/AUTHOR/CONFIG: Pools refreshed 84 seconds ago
 < The peer pool static command was not configured, but software has already > 
 < refreshed dynamic pools from AAA in the last 2 minutes. >
 *Jan1 02:40:44.511: Se0:22 AAA/AUTHOR/CONFIG: Pool back1 refresh skipped
 *Jan1 02:40:44.511: Se0:22 AAA/AUTHOR/CONFIG: Pools refreshed 84 seconds ago
 *Jan1 02:40:44.511: Se0:22 AAA/AUTHOR/CONFIG: Pools will timeout in 0 mins
 *Jan1 02:40:44.511: Se0:22: Pool back2 returned address = 10.2.2.2

Monitoring and Maintaining Asynchronous Line Monitoring feature

To display statistics for any defined IP address pool, use the show ip local pool EXEC command.

Configuration Examples for Peer Pool Backup

This section provides the following configuration examples:

ISDN Pool Backup Configuration: Example

DSL Static Pool Backup Configuration: Example

Pool Backup with Local Restrictions Configuration: Example

ISDN Pool Backup Configuration: Example

In the following partial example, the IP address pools configured with the peer default ip address pool command are searched by the pool software in the event the original address pool is not present:

aaa new-model
aaa authentication ppp default group radius
aaa authorization exec default group radius 
aaa authorization network default group radius
!
ip routing
isdn switch-type primary-5ess
!
controller t1 1
 framing esf
 clock source line primary
 linecode b8zs
 pri-group timeslots 1-24
!
interface serial 1:23
 ip address 10.4.4.1 255.255.255.0
 encapsulation ppp
 ppp authentication chap
 dialer-group 1
 peer pool backup
 peer default ip address pool pool3 pool4 pool5
 isdn switch-type primary-5ess
.
.
.
dialer-list 1 protocol ip permit
ip local pool pool2 10.4.4.2
ip local pool pool3 10.4.4.3
ip local pool pool4 10.4.4.4
ip local pool pool5 10.4.4.5

DSL Static Pool Backup Configuration: Example

In the following partial example of a DSL network configuration, the peer pool static command prevents any attempt by the AAA server to load a dynamic IP address pool:

aaa new-model
aaa authentication ppp default group radius
aaa authorization exec default group radius 
aaa authorization network default group radius
!
interface ATM0/0/0 
 no ip address 
 no ip directed-broadcast 
 no ip route-cache 
 no atm ilmi-keepalive
!
interface ATM0/0/0.2 point-to-point
 pvc 8/36 
 encapsulation aal5snap
 protocol pppoe
!
interface Ethernet0/0/1 
 ip address 10.1.1.8 255.255.255.0
 no ip directed-broadcast
!
interface Virtual-Template 1
 ip address 10.4.4.1 255.255.255.0
 encapsulation ppp
 ppp authentication chap
 no ip directed-broadcast
 peer pool static
 peer default ip address pool pool3 pool4 pool5
!
ip classless
radius-server host 172.30.166.121
radius-server key lab
radius-server vsa send accounting
radius-server vsa send authentication
!
ip local pool pool2 10.4.4.2
ip local pool pool3 10.4.4.3
ip local pool pool4 10.4.4.4
ip local pool pool5 10.4.4.5

Pool Backup with Local Restrictions Configuration: Example

You can apply local restrictions on the use of a AAA-supplied pool name by using the peer match aaa-pools interface configuration command in the pool backup configuration. The peer match aaa-pools command allows you to specify that any AAA-supplied pool name must match one of the pool names supplied with the peer default ip address pool command.

In the following example, assume that there is a AAA-supplied IP address pool named poolA. When the peer match aaa-pools command is added to the configuration, the pool named poolA will not be used because it does not appear in the peer default ip address pool command; only the pools named pool1 and pool2 will be searched.

interface serial 1:23
 ip address 10.4.4.1 255.255.255.0
 encapsulation ppp
 ppp authentication chap
 dialer-group 1
 peer pool backup
 peer match aaa-pools
 peer default ip address pool pool1 pool2
 isdn switch-type primary-5ess

In the following example, a pool named poolA is added to the peer default ip address pool command list, so that now poolA will be used by the pool software and the search order will be poolA, pool1, and then pool2. The pool named poolA is used first because AAA-supplied data is always given precedence over local data.

interface serial 1:23
 ip address 10.4.4.1 255.255.255.0
 encapsulation ppp
 ppp authentication chap
 dialer-group 1
 peer pool backup
 peer match aaa-pools
 peer default ip address pool poolA pool1 pool2
 isdn switch-type primary-5ess

The debug ip peer command would show the following messages for these configurations (comments are in <angle brackets> and use bold text to indicate commands involved in the reports.):

 *Jan1 02:08:23.919: Se0:22 AAA/AUTHOR/IPCP: Says use pool poolA
 *Jan1 02:08:23.919: Se0:22: IPPOOL: using pool poolA
 *Jan1 02:08:23.919: Se0:22: AAA pools to match: poolA
 *Jan1 02:08:23.919: Se0:22: Configured pools: pool1 pool2
 *Jan1 02:08:23.919: Se0:22: Matched AAA pools :
 < The peer match aaa-pools command was specified, but pool named poolA was>
 < not in the configured pool list, so the pool name provided by AAA is discarded >
 *Jan1 02:08:23.919: Se0:22: Use AAA pools:
 *Jan1 02:08:23.919: Se0:22: Backup pools : pool1 pool2
 *Jan1 02:08:23.919: Se0:22: Pools to search : pool1 pool2
 *Jan1 02:08:23.919: Se0:22 AAA/AUTHOR/CONFIG: Pools refreshed for pool pool1
 *Jan1 02:08:23.919: Se0:22 AAA/AUTHOR/CONFIG: Pools refreshed for pool pool1
 *Jan1 02:08:23.919: AAA/AUTHOR (0x3): Pick method list 'default'
.
.
.
 *Jan1 02:08:23.967: Se0:22 AAA/AUTHOR/CONFIG: Set pool timeout to 2 mins
 *Jan1 02:08:23.967: Se0:22 AAA/AUTHOR/CONFIG: Pools will timeout in 2 mins
 *Jan1 02:08:23.967: Se0:22: Pool pool2 returned address = 10.2.2.2
 *Jan1 02:08:23.967: Se0:22 AAA/AUTHOR/IPCP: Pool returned 10.2.2.2

Additional References

The following sections provide references related to the Asynchronous Line Monitoring feature feature.

Related Documents

Related Topics
Document Title

IP address pooling

Cisco IOS Dial Technologies Configuration Guide; refer to the section "Configuring IP Address Pooling" in the chapter "Configuring Media-Independent PPP and Multilink PPP"


Standards

Standards
Title

None


MIBs

MIBs
MIBs Link

None

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs


RFCs

RFCs
Title

None


Technical Assistance

Description
Link

The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.

To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.

Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.

http://www.cisco.com/techsupport


Command Reference

The following commands are introduced or modified in the feature or features documented in this module. For information about these commands, see the Cisco IOS Dial Technologies Command Reference at http://www.cisco.com/en/US/docs/ios/dial/command/reference/dia_book.html. For information about all Cisco IOS commands, go to the Command Lookup Tool at http://tools.cisco.com/Support/CLILookup or to the Cisco IOS Master Commands List.

peer pool backup

peer pool static