PPPoE Session Limit Local Override
First Published: June 28, 2007
Last Updated: March 2, 2009
The PPPoE Session Limit Local Override feature enables the session limit configured locally on the broadband remote access server (BRAS) or L2TP access concentrator (LAC) to override the per-NAS-port session limit downloaded from the RADIUS server when Subscriber Service Switch (SSS) preauthorization is enabled.
Finding Feature Information
For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the "Feature Information for PPPoE Session Limit Local Override" section.
Use Cisco Feature Navigator to find information about platform support and Cisco IOS XE software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Contents
•Information About PPPoE Session Limit Local Override
•How to Configure PPPoE Session Limit Local Override
•Configuration Examples for PPPoE Session Limit Local Override
•Additional References
•Feature Information for PPPoE Session Limit Local Override
Information About PPPoE Session Limit Local Override
To configure the PPPoE Session Limit Local Override feature, you should understand the following
concept:
•How PPPoE Session Limit Local Override Works
How PPPoE Session Limit Local Override Works
PPP over Ethernet (PPPoE) session limits are downloaded from the RADIUS server when you enable SSS preauthorization on the LAC using the subscriber access pppoe pre-authorize nas-port-id command. By enabling preauthorization, you limit the number of PPPoE sessions on a specific VLAN; that is, the PPPoE per-NAS-port session limit downloaded from the RADIUS server takes precedence over locally configured (port-based) session limits, such as per-VLAN session limits. The following is a sample user profile to configure a session limit through RADIUS:
Username=nas_port:10.10.10.10:4/0/0/1.100
cisco-avpair= "pppoe:session-limit=session limit per NAS-port"
The PPPoE Session Limit Local Override feature enables the local session limit configured at the BRAS to override the per-NAS-port session limit configured at the RADIUS server when SSS preauthorization is configured.
Note The PPPoE Session Limit Local Override feature is useful only when you have configured SSS preauthorization on the BRAS or LAC.
To enable the PPPoE Session Limit Local Override feature, configure the sessions pre-auth limit ignore command under the broadband access (BBA) group associated with the interface. When the PPPoE Session Limit Local Override feature is enabled, the locally configured session limit is applied before PPP is started; that is before the BRAS sends out a PPPoE Active Discovery Offer (PADO) packet to the client, advertising a list of available services.
When preauthorization is configured without the PPPoE Session Limit Local Override feature enabled, the client receives an authentication failure response from the BRAS when there is no session limit downloaded from the RADIUS server and the locally configured session limit is exceeded. The BRAS waits to apply locally configured limits until PPP negotiation is completed. When a call is finally rejected, the client receives the authentication failure response, resulting in session failure, with no ability to distinguish whether the session failure results from a Challenge Handshake Authentication Protocol (CHAP) authentication failure or a PPPoE session limit having been exceeded. The PPPoE Session Limit Local Override feature allows for differentiation between the handling of per-NAS-port failures and session limiting failures.
If you enable the PPPoE Session Limit Local Override feature, but there are no locally configured per-port session limits, then per-NAS-port session limits downloaded from the RADIUS server are applied.
How to Configure PPPoE Session Limit Local Override
This section contains the following procedures:
•Enabling PPPoE Session Limit Local Override
Enabling PPPoE Session Limit Local Override
Enable the PPPoE Session Limit Local Override feature to allow the local session limit configured on the BRAS to override the per-NAS-port session limit downloaded from the RADIUS server.
Restrictions
If there are no locally configured per-port session limits, then per-NAS port session limits downloaded from the RADIUS server are applied.
SUMMARY STEPS
1. enable
2. configure terminal
3. bba-group pppoe {group-name | global}
4. sessions per-vlan limit per-vlan-limit
5. sessions pre-auth limit ignore
6. end
DETAILED STEPS
|
|
|
Step 1 |
enable
Router> enable |
Enables privileged EXEC mode. •Enter your password if prompted. |
Step 2 |
configure terminal
Router# configure terminal |
Enters global configuration mode. |
Step 3 |
bba-group pppoe {group-name | global}
Router(config)# bba-group pppoe test |
Creates a PPPoE profile and enters BBA group configuration mode. •group-name—Name of the PPPoE profile. |
Step 4 |
sessions per-vlan limit per-vlan-limit
Router(config-bba-group)# sessions per-vlan limit 3 |
Limits the number of PPPoE sessions per VLAN in a PPPoE profile. •per-vlan-limit—Maximum number of PPPoE sessions that can be established over an Ethernet VLAN. The default is 100. |
Step 5 |
sessions pre-auth limit ignore
Router(config-bba-group)# sessions pre-auth limit ignore |
Enables the PPPoE Session Limit Local Override feature. The locally configured limit overrides the per-NAS-port session limit configured at the RADIUS server. |
Step 6 |
end
Router(config-bba-group)# end |
Exits BBA group configuration mode and returns to privileged EXEC mode. |
Configuration Examples for PPPoE Session Limit Local Override
This section contains the following examples:
•Enabling PPPoE Session Limit Local Override: Example
Enabling PPPoE Session Limit Local Override: Example
The following example creates a PPPoE group named test, configures a limit of three sessions per VLAN, and enables the PPPoE Session Limit Local Override feature in bba-group configuration mode. The running configuration shows that the sessions pre-auth limit ignore command was used to enable this feature.
Router(config)# bba-group pppoe test
Router(config-bba-group)# sessions per-vlan limit 3
Router(config-bba-group)# sessions pre-auth limit ignore
sessions per-vlan limit 3
sessions pre-auth limit ignore
Additional References
The following sections provide references related to the PPPoE Session Limit Local Override feature.
Related Documents
Standards
|
|
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature. |
— |
MIBs
|
|
No new or modified MIBs are supported by this feature, and support for existing MIBs has not been modified by this feature. |
To locate and download MIBs for selected platforms, Cisco IOS XE releases, and feature sets, use Cisco MIB Locator found at the following URL: http://www.cisco.com/go/mibs |
RFCs
|
|
No new or modified RFCs are supported by this feature, and support for existing RFCs has not been modified by this feature. |
— |
Technical Assistance
|
|
The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies. To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds. Access to most tools on the Cisco Support website requires a Cisco.com user ID and password. |
http://www.cisco.com/techsupport |
Feature Information for PPPoE Session Limit Local Override
Table 1 lists the features in this module and provides links to specific configuration information.
Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which Cisco IOS XE software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Note Table 1 lists only the Cisco IOS XE software release that introduced support for a given feature in a given Cisco IOS XE software release train. Unless noted otherwise, subsequent releases of that Cisco IOS XE software release train also support that feature.
Table 1 Feature Information for PPPoE Session Limit Local Override
|
|
|
PPPoE—Session Limit Local Override |
Cisco IOS XE Release 2.1 |
This feature was introduced on Cisco ASR 1000 Series Routers. This feature enables the session limit configured locally on the broadband remote access server (BRAS) or L2TP access concentrator (LAC) to override the per-NAS-port session limit downloaded from the RADIUS server when Subscriber Service Switch (SSS) preauthorization is enabled. The following commands were introduced or modified: sessions pre-auth limit ignore. |
Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
© 2007-2009 Cisco Systems, Inc. All rights reserved.