Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Command Reference, Release 4.2.x
Control Policy Commands
Downloads: This chapterpdf (PDF - 1.37MB) The complete bookPDF (PDF - 3.6MB) | Feedback

Control Policy Commands

Control Policy Commands

This module describes the Cisco IOS XR software commands used to configure the Control Policy commands for Broadband Network Gateway (BNG) on the Cisco ASR 9000 Series Router. For details regarding the related configurations, refer to the Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide.

activate

To activate the dynamic template mode in the class map sub-configuration mode, use the activate command in the global configuration mode. To disable this feature, use the no form of this command.

activate dynamic-template name aaa list { list_name | default }

no activate

Syntax Description

dynamic-template

Specifies the actions related to dynamic templates.

name

Specifies the name of the dynamic template.

aaa

Specifies the AAA parameters.

list

Specifies the AAA method list that identifies the radius server from which to acquire the service definition.

default

Specifies the default AAA method list.

list_name

(Optional) Specifies the name of the AAA method list. If provided, the template is downloaded from radius. If not provided, then the template is expected to be locally configured.

Command Default

None

Command Modes

Global configuration mode

Command History

Release Modification

Release 4.2.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation

qos

read, write

Examples

This is an example of configuring the activate command in the global configuration mode:

RP/0/RSP0/CPU0:router# configure
RP/0/RSP0/CPU0:router(config)# policy-map type control subscriber PL1
RP/0/RSP0/CPU0:router(config-pmap)# event session-activate match-first
RP/0/RSP0/CPU0:router(config-pmap-e)# class type control subscriber CL2
RP/0/RSP0/CPU0:router(config-pmap-c)# 1 activate dynamic-template DL1 aaa list default

Related Commands

Command

Description

deactivate

Deactivates the dynamic template mode in the class map sub-configuration mode.

authenticate (BNG)

To authenticate and specify the AAA method list that authentication should be made with in the class map sub-configuration mode, use the authenticate command in the global configuration mode. To disable the AAA method list authentication, use the no form of this command.

authenticate aaa list { list_name | default }

no authenticate

Syntax Description

aaa

Specifies the AAA parameters.

list

Specifies AAA method list that authentication should be made with.

default

Specifies the default AAA method list.

list_name

Specifies the name of the AAA method list.

Command Default

None

Command Modes

Global configuration mode

Command History

Release Modification

Release 4.2.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation

qos

read, write

Examples

This is an example of configuring the authenticate command in the global configuration mode:

RP/0/RSP0/CPU0:router# configure
RP/0/RSP0/CPU0:router(config)# policy-map type control subscriber PL1
RP/0/RSP0/CPU0:router(config-pmap)# event session-start match-first
RP/0/RSP0/CPU0:router(config-pmap-e)# class type control subscriber CL2
RP/0/RSP0/CPU0:router(config-pmap-c)# 1 authenticate aaa list default

authorize

To authenticate and specify the AAA method list that authorization should be made with in the class map sub-configuration mode, use the authorize command in the global configuration mode. To disable the AAA method list authorization, use the no form of this command.

authorize aaa list { list_name | default } { format format_name } | identifier { circuit-id | remote-id | source-address-ipv4 | source-address-mac | username } { password | { use-from-line | password } }

no authorize

Syntax Description

aaa

Specifies the AAA parameters.

list

Specifies AAA method list that authorization should be made with.

default

Specifies the default AAA method list.

list_name

Specifies the name of the AAA method list.

format

Specifies an authorize format name.

format_name

Specifies to use format_name, which was defined using CLI 'aaa attribute format'. The result of format is used as user name in authorization request.

password

Specifies a password to be used for AAA request.

use-from-line

Specifies the line from which the password needs to be used.

password

Specifies a clear text password.

identifier

Specifies an authorize identifier.

circuit-id

Specifies to use circuit-id as the username in authorize request.

remote-id

Specifies to use remote-id as the username in authorize request. .

source-address-ipv4

Specifies to use source-address-ipv4 as the username in authorize request.

source-address-mac

Specifies to use source-address-mac as the username in authorize request.

username

Specifies an authorize username.

Command Default

None

Command Modes

Global configuration mode

Command History

Release Modification

Release 4.2.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation

qos

read, write

Examples

This is an example of configuring the authorize command in the global configuration mode:

RP/0/RSP0/CPU0:router# configure
RP/0/RSP0/CPU0:router(config)# policy-map type control subscriber PL1
RP/0/RSP0/CPU0:router(config-pmap)# event session-start match-first
RP/0/RSP0/CPU0:router(config-pmap-e)# class type control subscriber CL2
RP/0/RSP0/CPU0:router(config-pmap-c)# 1 authorize aaa list default password DdjkkWE 

class-map type control subscriber

To determine the list of actions to be executed for the class and to enter the class-map configuration mode, use the class-map type control subscriber command in global configuration mode. To disable the class map type control subscriber and exit the class-map configuration mode, use the no form of this command.

class-map type control subscriber{ match-all| match-any } class-map name

no class-map type control subscriber{ match-all| match-any } class-map name

Syntax Description

class-map name

Specifies the class map name.

match-all

Configures the match all criteria for this class.

match-any

Configures the match any criteria for this class.

Command Default

None

Command Modes

Global configuration mode

Command History

Release Modification

Release 4.2.0

This command was introduced.

Usage Guidelines

Use the class-map type control subscriber command to enter class-map configuration mode.

Task ID

Task ID Operation

qos

read, write

Examples

This is an example of configuring the class-map type control subscriber command in global configuration mode:

RP/0/RSP0/CPU0:router(config)# class-map type control subscriber match-any class1
RP/0/RSP0/CPU0:router(config-cmap)# match protocol ppp
RP/0/RSP0/CPU0:router(config-cmap)# end-class-map

Related Commands

Command

Description

policy-map type control subscriber

Enables the policy-map.

event

Enables the event in a policy-map.

deactivate

To deactivate the dynamic template mode, use the deactivate command in the class map sub-configuration mode. To disable this feature, use the no form of this command.

deactivate dynamic-template name aaa list { list_name | default }

no deactivate

Syntax Description

dynamic-template

Specifies the actions related to dynamic templates.

name

Specifies the name of the dynamic template.

aaa

Specifies the AAA parameters.

list

Specifies AAA method list that authentication should be made with.

default

Specifies the default AAA method list.

list_name

Specifies the name of the AAA method list.

Command Default

None

Command Modes

Global configuration mode

Command History

Release Modification

Release 4.2.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation

qos

read, write

Examples

This is an example of configuring the deactivate command in the class map sub-configuration mode:

RP/0/RSP0/CPU0:router# configure
RP/0/RSP0/CPU0:router(config)# policy-map type control subscriber PL1
RP/0/RSP0/CPU0:router(config-pmap)# event session-start match-first
RP/0/RSP0/CPU0:router(config-pmap-e)# class type control subscriber CL2
RP/0/RSP0/CPU0:router(config-pmap-c)# 1 deactivate dynamic-template DL1 aaa list default

Related Commands

Command

Description

activate

Activates the dynamic template mode in the class map sub-configuration mode.

event

To configure a policy event, use the event command in policy-map configuration mode. To disable an event and exit the policy-map configuration mode, use the no form of this command.

event{ account-logoff | account-logon | authentication-failure | authentication-no-response | authorization-failure | authorization-no-response | service-start | service-stop | session-activate | session-start | session-stop | timer-expiry }

no event{ account-logoff | account-logon | authentication-failure | authentication-no-response | authorization-failure | authorization-no-response | service-start | service-stop | session-activate | session-start | session-stop | timer-expiry }

Syntax Description

account-logoff

Specifies an account logoff event.

account-logon

Specifies an account logon event.

authentication-failure

Specifies an authentication failure event.

authentication-no-response

Specifies an authentication no response event.

authorization-failure

Specifies an authorization failure event.

authorization-no-response

Specifies an authorization no response event.

service-start

Specifies a service start event.

service-stop

Specifies a service stop event.

session-activate

Specifies session activate event.

session-start

Specifies session start event.

session-stop

Specifies session start event.

timer-expiry

Specifies the timer expiry event.

Command Default

None

Command Modes

Policy-map configuration mode

Command History

Release Modification

Release 4.2.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Use the policy-map type control subscriber command to enter policy-map configuration mode.

Task ID

Task ID Operation

qos

read, write

Examples

This example shows how to configure the event command in policy configuration mode:

RP/0/RSP0/CPU0:router(config)# policy-map type control subscriber pol1
RP/0/RSP0/CPU0:router(config-pmap)# event session-start match-first
RP/0/RSP0/CPU0:router(config-pmap-e)# class type control subscriber ip_dhcp do-until-failure
RP/0/RSP0/CPU0:router(config-cmap-c)# 1 activate dynamic-template ip_temp
RP/0/RSP0/CPU0:router(config-cmap-c)# 10 authorize aaa list default identifier format dhcp_id_format password xya
RP/0/RSP0/CPU0:router(config-cmap-c)# end-policy-map

Related Commands

Command

Description

class-map type control subscriber

Enables the class-map.

policy-map type control subscriber

Enables the policy-map.

match (class-map)

To configure match criteria for the corresponding class, use the match command in class-map configuration mode. To disable the match feature and exit the policy-map configuration mode, use the no form of this command.

match { authen-status | { authenticated | unauthenticated } | domain | | domain_name | { format | format_name } | regexp | string | not | protocol | { ppp | dhcpv4 } | source-address | { ipv4 | mac } | timer | string | regexp | string | username }

no match { authen-status | { authenticated | unauthenticated } | domain | | domain_name | { format | format_name } | regexp | string | not | protocol | { ppp | dhcpv4 } | source-address | { ipv4 | mac } | timer | string | regexp | string | username }

Syntax Description

authen-status

Specified the authentication status.

authenticated

Specified the authenticated status.

unauthenticated

Specified the unauthenticated status.

domain

Specifies the domain type.

domain_name

Specifies the name of the domain.

format

Specifies the format type.

format_name

Specifies the name of the format.

regexp

Specifies the regular expression.

string

Specifies the regular expression of a string.

not

Negates the match criteria.

protocol

Specifies the protocol type.

source-address

Specifies the source address.

timer

Specifies the timer.

username

Specifies the name of the user.

Command Default

None

Command Modes

Class-map configuration mode

Command History

Release Modification

Release 4.2.0

This command was introduced.

Usage Guidelines

Use the class-map type control subscriber command to enter class-map configuration mode.

Task ID

Task ID Operation

qos

read, write

Examples

This is an example of configuring the class-map type control subscriber command in the class-map configuration mode:

RP/0/RSP0/CPU0:router(config)# class-map type control subscriber CL1
RP/0/RSP0/CPU0:router(config-pmap)# match authen-status authenticated
RP/0/RSP0/CPU0:router(config-pmap-e)# match domain d1 format f1
RP/0/RSP0/CPU0:router(config-cmap-c)# match protocol ppp
RP/0/RSP0/CPU0:router(config-cmap-c)# match source-address ipv4 1.3.4.5 12.334.55.2
RP/0/RSP0/CPU0:router(config-cmap-c)# match timer time1

policy-map type control subscriber

To determine the list of events that are applicable to the subscriber lifecycle and to enter the policy-map configuration mode, use the policy-map type control subscriber command in global configuration mode. To disable the policy map type control subscriber and exit the policy-map configuration mode, use the no form of this command.

policy-map type control subscriber policy-map name

no policy-map type control subscriber policy-map name

Syntax Description

policy-map name

Represents the policy map name.

Command Default

None

Command Modes

Global configuration mode

Command History

Release Modification

Release 4.2.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation

qos

read, write

Examples

This is an example of configuring the policy-map type control subscriber command in the global configuration mode:

RP/0/RSP0/CPU0:router(config)# policy-map type control subscriber pol1
RP/0/RSP0/CPU0:router(config-cmap-c)# end-policy-map

Related Commands

Command

Description

class-map type control subscriber

Enables the class-map.

event

Enables the event in the policy-map.

service-policy type control subscriber

To associate a subscriber control service policy to the interface, use the service-policy type control subscriber command in interface configuration mode. To disable the service-policy type control subscriber, use the no form of this command.

service-policy type control subscriber name

no service-policy type control subscriber name

Syntax Description

name

Represents the policy map name.

Command Default

None

Command Modes

Interface configuration mode

Command History

Release Modification

Release 4.2.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation

config-services

read, write

Examples

This is an example of configuring the service-policy type control subscriber command in interface configuration mode:

RP/0/RSP0/CPU0:router(config)# interface Bundle-Ether 344
RP/0/RSP0/CPU0:router(config-if)# service-policy type control subscriber sub1

Related Commands

Command

Description

class-map type control subscriber

Enables the class-map.

event

Enables the event in the policy-map.

show class-map

To show the class-map related information, use the show class-map command in the EXEC mode.

show class-map type control subscriber name

Syntax Description

type

Displays the type of classmap.

control

Displays all the control class maps.

subscriber

Displays all the subscriber control class maps.

name

Displays the class map name.

Command Default

None

Command Modes

EXEC

Command History

Release Modification

Release 4.2.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation

qos

read

Examples

This is a sample output of the show class-map command in the EXEC mode:

RP/0/RSP0/CPU0:router# show class-map type control subscriber PTA_CLASS

The show class-map output is as follows:

Wed Jan 23 08:55:15.027 GMT
1) ClassMap: PTA_CLASS    Type: subscriber_control
    Referenced by 1 Policymaps

This table describes the significant fields shown in the display.

Table 1 show class-map Field Descriptions

Field

Description

ClassMap

Specifies the class map name.

Type

Specifies the type of the class map.

Related Commands

Command

Description

class-map type control subscriber

Determines the list of actions to be executed for the class and enters the class-map configuration mode.

show policy-map

To show the policy-map related information, use the show policy-map command in the EXEC mode.

show policy-map type control subscriber pmap-name name

Syntax Description

type

Displays the type of policy-map.

control

Displays the control type policy-map.

subscriber

Displays the subscriber control type policy-map.

pmap_name

Specifies the policy-map name.

name

Displays the policy map name.

Command Default

None

Command Modes

EXEC

Command History

Release Modification

Release 4.2.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation

qos

read

Examples

This is a sample output of the show policy-map command in the EXEC mode:

RP/0/RSP0/CPU0:router# show policy-map control subscriber pmap-name POLICY1

The show policy-map output is as follows:

Wed Jan 23 08:56:13.794 GMT
policy-map type control subscriber POLICY1
 event session-start match-all
  class type control subscriber PTA_CLASS do-all
   1 activate dynamic-template PPP_PTA_TEMPLATE
  !
 !
 end-policy-map
!

This table describes the significant fields shown in the display.

Table 2 show policy-map Field Descriptions

Field

Description

policy-map

Specifies the policy map name.

Type

Specifies the type of the class type control subscriber.

Related Commands

Command

Description

policy-map type control subscriber

Determines the list of events that are applicable to the subscriber lifecycle and to enter the policy-map configuration mode.