Table Of Contents

Managing Subscribers

Introduction

Information About Subscribers

What is a Subscriber?

Subscriber Modes in Service Control Solutions

Subscriber Database: Capacity and Limits

Working with Large Numbers of Subscribers

Actual Maximum Number of Subscribers

Subscriber Mapping Limits

Rate of Creating Anonymous Subscribers

Aging Subscribers

VPN-Based Subscribers

Automatic VLAN VPNs

Synchronizing Subscriber Information in a Cascade System

Anonymous Groups and Subscriber Templates

Subscriber Files

Subscriber default csv file format

Subscriber anonymous groups csv file format

Importing and Exporting Subscriber Information

Options

How to Import Subscriber Information

How to Export Subscriber Information

How to Import a Subscriber Template

How to Export a Subscriber Template

Removing Subscribers and Templates

How to Remove a Specific Subscriber

Options

How to Remove All Introduced Subscribers

How to Remove a Specific Anonymous Subscriber Group

Options

How to Remove All Anonymous Subscriber Groups

How to Remove All Anonymous Subscribers

How to Remove All Subscriber Templates

Removing VPN-based Subscribers

How to Remove Subscribers by Device

How to Remove Subscribers from the SM

How to Remove Subscribers from a Specified SCMP Peer Device

Creating Anonymous Groups

Defining Anonymous Groups

How to Define an Anonymous Group

Importing and Exporting Anonymous Groups

How to Import Anonymous Groups

How to Export Anonymous Groups

Monitoring Subscribers

How to Monitor the Subscriber Database

How to Display the Subscriber Database Counters

Clearing the Subscriber Database Counters

Displaying Subscribers

Displaying Subscribers: All Current Subscriber Names

Displaying Subscribers: By Subscriber Property or Prefix

How to Display Subscribers: By Mapping (IP Address, VPN, or VLAN ID)

How to Display Subscriber Information

How to Display a Listing of Subscriber Properties

How to Display Complete Information for a Specified Subscriber

How to Display Values of Subscriber Properties for a Specified Subscriber

How to Display Mappings for a Specified Subscriber

How to Display OS Counters for a Specified Subscriber

Displaying Anonymous Subscriber Information

How to Display Currently Configured Anonymous Groups

How to Display Currently Configured Templates for Anonymous Groups

How to Display Current Configuration for a Specified Anonymous Group

How to Display Subscribers in a Specified Anonymous Group

How to Display All Subscribers Currently in Anonymous Groups

How to Display the Number of Subscribers in a Specified Anonymous Group

How to Display the Total Number of Subscribers in All Anonymous Groups

Configuring the Actual Maximum Number of Subscribers

How to Override the Configured Capacity Option

How to Override the Configured Capacity Option in a Cascade Setup

How to Restore the Configured Capacity Option

How to Monitor the Maximum Number of Subscribers

Configuring Subscriber Aging

How to Enable Aging for Anonymous Group Subscribers

How to Enable Aging for Introduced Subscribers

How to Disable Aging for Anonymous Group Subscribers

How to Disable Aging for Introduced Subscribers

How to Set the Aging Timeout Period for Anonymous Group Subscribers

Options

How to Set the Aging Timeout Period for Introduced Subscribers

Options

How to Display Aging for Anonymous Group Subscribers

How to Display Aging for Introduced Subscribers

Managing VPNs and VPN Subscriber Mappings

How to Display VPN-Related Mappings

How to Clear Automatic VPNs

Configuring the Cisco SCE Platform/SM Connection

Configuring the Behavior of the Cisco SCE Platform in Case of Failure of the SM

Options

Configuring the SM-SCE Platform Connection Timeout

Options

Managing Subscribers

---

Revised: January 30, 2013, OL-24150-06

Introduction

The SCE platform is subscriber aware, that is, it can relate traffic and usage to specific customers. This ability to map between IP flows and a specific subscriber allows the system to do the following:

•Maintain the state of each subscriber transmitting traffic through the platform

•Provide usage information for specific subscribers

•Enforce the appropriate policy on subscriber traffic (each subscriber can have a different policy)

•Information About Subscribers

•Importing and Exporting Subscriber Information

•Removing Subscribers and Templates

•Importing and Exporting Anonymous Groups

•Monitoring Subscribers

•Configuring Subscriber Aging

•Managing VPNs and VPN Subscriber Mappings

•Configuring the Cisco SCE Platform/SM Connection

---

Note Subscriber-aware features are not available for IPv6 traffic. IPv6 traffic is handled in the subscriber-less mode. All traffic is classified to the default subscriber, with a default package.

---

Information About Subscribers

•What is a Subscriber?

•Subscriber Modes in Service Control Solutions

•Subscriber Mapping Limits

•Aging Subscribers

•Anonymous Groups and Subscriber Templates

•Subscriber Files

What is a Subscriber?

In the Service Control solution, a subscriber is defined as a managed entity on the subscriber side of the SCE Platform to which accounting and policy are applied individually.

Table 10-1 lists several examples of subscribers in Service Control solutions.

Table 10-1 Subscriber Examples 

The Subscriber	Subscriber Characteristics
	Managed Entity	Subscriber (Entity) Identified By
DSL residential subscriber	DSL residential user IP address	The list of IP addresses is allocated by a Radius server
Cable residential subscriber	Cable residential user	IP address The list of IP addresses of the CPEs is allocated dynamically by a DHCP server
Owner of a 3G-phone that is subscribed to data services	3G-phone owner	The MS-ISDN, which is dynamically allocated by a Radius server.
A corporate/enterprise customer of the service provider	The corporate/enterprise and the traffic it produces	The set of NAT-ed IP addresses, which are allocated statically
A CMTS	The CMTS and the broadband traffic of the Cable Modem users that connect to the Internet through the CMTS	•A range of IP addresses •A group of VLAN tags
VPN-based subscriber (all or part of a VPN)	VLAN-based subscriber	•A set of IP addresses or ranges in a certain VPN •A VLAN tag or range of VLAN tags
SCMP subscriber	SCMP subscriber	A combination of the following three items: •IP address or range •Manager-Id of the SCMP peer device •Subscriber ID including the GUID Each subscriber is assigned a Manager-Id based on the management entity that created the subscriber. The possible managers are the SM, CLI and an SCMP peer device.

Subscriber Modes in Service Control Solutions

Service Control solutions support several modes of handling subscribers:

•Subscriber-less mode

•Anonymous subscriber mode

•Static subscriber aware mode

•Dynamic subscriber aware mode

Note that not all the Service Control solutions support all modes.

The most basic mode is Subscriber-less mode. In this mode, there is no notion of subscriber in the system, and the entire link where the SCE platform is deployed is treated as a single subscriber. Global Application level analysis (such as total p2p, browsing) can be conducted, as well as global control (such as limiting total p2p to a specified percentage). From a configuration stand point, this is a turnkey system and there is no need to integrate or configure the system from a subscriber perspective.

In Anonymous subscriber mode, analysis is performed on an incoming network ID (IP address, VLAN, or VPN ID), as the SCE platform creates an 'anonymous/on-the-fly' record for each subscriber. This permits analyzing traffic at an individual network ID level (for example, to identify/monitor what a particular 'subscriber' IP is currently doing) as well as control at this level (for example, to limit each subscriber's bandwidth to a specified amount, or block, or redirect). Anonymous-subscriber allows quick visibility into application and protocol usage without OSS integration, and permits the application of a uniform control scheme using predefined templates.

There are two possible Subscriber Aware modes. In these modes, subscriber IDs and currently used network IDs are provisioned into the SCE platform. The SCE platform can then bind usage to a particular subscriber, and enforce per-subscriber policies on the traffic. Named reports are supported (such as top subscribers with the OSS IDs), quota-tracking (such as tracking a subscriber-quota over time even when network IDs change) as well as dynamic binding of packages to subscribers. The two Subscriber Aware modes are:

•Static subscriber aware — The network IDs are static. The system supports the definition of static-subscribers directly to the SCE platform. This is achieved by using the SCE platform CLI, and defining the list of subscribers, their network IDs and policy information using interactive configuration or import/export operations.

•Dynamic subscriber aware — The network IDs change dynamically for each subscriber login into the Service Provider's network. In this case, subscriber awareness is achieved by integrating with external provisioning systems (either directly or through the SM) to dynamically learn network-ID to subscriber mappings, and distribute them to the SCE platforms.

Subscriber Database: Capacity and Limits

The capacity of the subscriber database depends on three variables:

•Subscriber context size: Determined by the specific SML application loaded to the SCE platform. This size is multiplied by the number of subscribers.

•Available memory per traffic processor: The main memory consumers in a traffic processor are flows and subscribers. The total number of subscribers that can be supported is the number of subscribers per traffic processor multiplied by the number of traffic processors.

•Available memory in the control processor: The control processor holds one entry per subscriber. However, the control database is usually not the limiting factor regarding the number of subscribers, since the control processor entry (context size) is much smaller than the traffic processor entry.

Table 10-2 contains the maximum subscribers capacities for the SCE platform. Note the following:

•These capacities are the maximum limits imposed by the SCOS. Usually actual numbers would be lower due to large subscriber context size.

•There is a difference between the maximum number of network ID entries and the numbers of specific types of network IDs due to hardware limitations.

Table 10-2 Maximum Number of Subscribers and Network IDs 

Subscribers	Network IDs	IP addresses	IP ranges	VLAN tags	Static Subscribers	Virtual Gi with VPN1
1,000,000	1,000,000	1,000,000	250,000	4096	250,000	250,000

1 Virtual Gi is applicable only for Cisco SCE Release 3.7.1 and later.

Working with Large Numbers of Subscribers

A very large number of subscribers, approaching the upper limit of the SCOS capacity, is more typical in mobile installations. As the actual number of subscriber increases, the impact is expected to be approximately four flows per subscriber.

Actual Maximum Number of Subscribers

As shown in Table 10-2, there is an absolute maximum numbers of subscribers based on SCOS capacity. However, the actual maximum number of subscribers supported is based on the limit specified while loading the SCA BB application.

There are two ways to specify the actual maximum number of subscribers:

•The capacity options mechanism: This mechanism is based on various capacity options supplied by the application. The actual capacity option used is either specified while loading the application or a previously-configured default capacity option is used.

•Specific capacity CLI command (see Configuring the Actual Maximum Number of Subscribers): This specific command overrides the capacity option configured when loading the application. It provides the following options:

100K, 250K, 500K, 1M

Subscriber Mapping Limits

Refer to Table 10-3 for the maximum number of IP mappings permitted per single subscriber. An IP mapping may be either a single IP address or a range of addresses.

Table 10-3 Maximum Number of IP Mappings per Single Subscriber 

Mode	Pure IP	Private IP
Standalone	1024	200
Cascade	200	50

Rate of Creating Anonymous Subscribers

The maximum rate for creation of anonymous subscribers is 360 per second.

Aging Subscribers

Subscribers can be aged automatically by the SCE platform. `Aging' is the automatic removal of a subscriber, performed when no traffic sessions assigned to it have been detected for a certain amount of time. The most common usage for aging is for anonymous subscribers, since this is the easiest way to ensure that anonymous subscribers that have logged-out of the network are removed from the SCE platform and are no longer occupying resources. Aging time can be configured individually for introduced subscribers and for anonymous subscribers.

VPN-Based Subscribers

A VPN-based subscriber contains a set of mappings of the form: IP@VpnName, where IP can be either a single IP address or a range of addresses. A VPN-based subscriber is VLAN-based.

Most VPN-based subscriber functionality is managed via the SM, with the role of the SCE platform CLI being more limited.

The SCE platform CLI can be used to do the following:

•Display VPN-related mappings

•View all automatic VLAN VPNs

•Clear all automatic VLAN VPNs (only VPNs that have no active subscriber mappings).

Automatic VLAN VPNs

The SCE platform will automatically create a new VPN under the following conditions

•The VPN name does not currently exist

and

•The VPN name is a number in the range [0 to 4095]

The number is used as the VLAN mapping of the newly created VPN. VLAN mappings cannot be added to automatic VPNs.

Synchronizing Subscriber Information in a Cascade System

In a hot standby, cascade setup with full redundancy, the external provisioning server updates only the active SCE platform. However, the standby SCE platform must always be updated with the latest subscriber-related information (login, logout). This is required to minimize information loss in case of fail-over. In general, the only entity that is allowed to change subscriber information in the standby SCE platform is the active SCE platform. The standby SCE platform does not accept any subscriber operations (it returns a STANDBY_VIOLATION error instead), and it also does not generate any asynchronous subscriber notifications (such as pull-response or logout-notification).

There are only two exceptions to this rule:

•Standby SCE platform can change subscriber information of the default subscriber.

•Standby SCE platform can perform subscriber aging

Therefore, when working as a pair, the active SCE platform constantly updates the standby SCE platform with external data information. In addition, the standby SCE platform constantly requests external data information from the active SCE platform. The synchronization is bi-directional to ensure that the subscriber databases in both SCE platforms are identical.

Note that external data is only relevant for introduced subscribers (both static and dynamic). It has no meaning for anonymous subscribers or the default subscriber. No more than two minutes of external data information will be lost by the standby SCE platform if a fail-over occurs.

The following subscriber information is considered as external data:

•subscriber name

•IP mappings

•tunables

•manager name

•aging time

•lease time

•is-static flag

Only the active SCE platform communicates with the SM. The SM is aware of the active/standby state of each SCE platform, and is also aware of a fail-over.

Specifically, this means the following:

•In push mode, the SM pushes events to the active SCE platform, which updates the standby SCE platform.

•In pull mode, only the active SCE platform pulls subscribers from the SM.

•The standby SCE platform can create anonymous subscribers based on the updates received from the active SCE platform, but does not generate pull-response for them.

•If SCE-SM connection failure, the SM handles the SCE recovery of the active SCE platform only. The active SCE platform propagates the information to the standby SCE platform.

Anonymous Groups and Subscriber Templates

An anonymous group is a specified IP range, possibly assigned a subscriber template. When an anonymous group is configured, the SCE platform generates anonymous subscribers for that group when it detects traffic with an IP address that is in the specified IP range. If a subscriber template has been assigned to the group, the anonymous subscribers generated have properties as defined by that template. If no subscriber template has been assigned, the default template is used.

Anonymous groups can have overlapping IP ranges. When the SCE detects traffic for an IP address which is contained in more than one anonymous group, the group with the longest prefix is used to create the anonymous subscriber for that IP address.

Subscriber templates are identified by a number from 0-199. Subscriber templates 1-199 are defined in csv formatted subscriber template files. However, template #0 cannot change; it always contains the default values.

If an anonymous group is not explicitly assigned a template, the group uses template #0.

Important Information

•Maximum number of anonymous groups—5000

•Maximum rate of creating anonymous subscribers—360 per second

•Maximum number of subscriber templates—200 (numbered 0-199)

Subscriber Files

•Subscriber default csv file format

•Subscriber anonymous groups csv file format

Individual subscribers, anonymous groups, and subscriber templates may all be defined in csv files. A csv file is a text file in a comma-separated-values format. Microsoft Excel™ can be used to view and create such files. The subscriber data is imported into the system using the appropriate CLI command. The SCE platform can also export the currently configured subscribers, subscriber templates and anonymous groups to csv-formatted files.

Subscriber csv files and subscriber template csv files are application-specific. Refer to the relevant application documentation for the definition of the file format.

Each line in a csv file should contain either a comment (beginning with the character `#'), or a list of comma-separated fields.

Subscriber csv files are application-specific, but a default format is defined by the SCE, which is used when the application does not choose to over-ride it. The application might over-ride the format when additional data is desired for each subscriber or subscriber template. Refer to the relevant Service Control Application documentation to see if the application defines a different format.

Subscriber template csv files are application-specific. Refer to the relevant Service Control Application documentation of the file format.

Anonymous groups csv files are not application specific. Their format is described below.

Subscriber default csv file format

Each line has the following structure:

name, mappings, packageId

•Name — is the subscriber name

•Mappings — contains one or more mappings, specifying the Tunnel IDs or IP addresses mapped to this subscriber. Multiple mappings are separated by semi-colon. Tunnel IDs and IP address/range cannot be specified for the same subscriber. The following mapping formats are supported:

–IP address — in dotted decimal notation. Example: 10.3.4.5

–IP address range — dotted decimal, followed by the amount of significant bits. Note that the non-significant bits (as determined by the mask) must be set to zero. Example: 10.3.0.0/16. Example for a bad range: 10.1.1.1/24 (Should be 10.1.1.0/24).

•packageId — the ID of the package to which the subscriber is assigned

Here is an example of a subscriber csv file in the default format:

# A comment line 
sub7, 10.1.7.0/24, 1 
sub8, 10.1.11.32, 1 
sub9, 10.2.22.10, 2 
sub10, 10.3.33.10, 2 
sub11, 10.4.44.10, 1 
sub12, 10.1.11.90; 10.3.0.0/16, 2

Subscriber anonymous groups csv file format

Each line has the following structure:

name, IP-range, template-index, manager-name (optional)

•name — is the anonymous group name

•IP-range — dotted decimal, followed by the amount of significant bits. Example: 10.3.0.0/16

•template-index — is the index of the subscriber template to be used by subscribers belonging to this anonymous group.

•manager-name (optional) — is either SM or the name of the SCMP peer. Use "SM" to pull subscribers from the SM (if it exists). If not specified, "SM" is assumed.

Here is an example of an anonymous groups csv file:

# Yet another comment line 
anon1, 10.1.1.0/24, 1, 1 
anon2, 10.1.2.0/24, 2, 2 
anon3, 10.1.3.0/32, 3, 3 
anon4, 10.1.4.0/24, 3, 3 
anon5, 10.1.5.0/31, 2 
anon6, 10.1.6.0/30, 1 
anon7, 0.0.0.0/0, 1

Importing and Exporting Subscriber Information

•Options

•How to Import Subscriber Information

•How to Export Subscriber Information

•How to Export a Subscriber Template

Use the following commands to import subscriber data from csv files and to export subscriber data to these files:

•subscriber import csv-file

•subscriber export csv-file [all]

•subscriber anonymous-group import csv-file

•subscriber anonymous-group export csv-file

•subscriber template import csv-file

•subscriber template export csv-file

These subscriber management commands are LineCard interface commands. Make sure that you are in LineCard Interface command mode.

Options

The following option is available:

filename — the name of the csv file.

How to Import Subscriber Information

From the SCE(config if)# prompt, type:

Command	Purpose
subscriber import csv-file filename	Imports the subscriber information from the specified file. Imported subscriber information is added to the existing subscriber information. It does not overwrite the existing data. If the information in the imported file is not valid, the command will fail during the verification process before it is actually applied.

How to Export Subscriber Information

---

Note To export subscribers managed by the SM, use the SM GUI or CLU (see the Cisco Service Control Management Suite Subscriber Manager User Guide.)

---

Command	Purpose
subscriber export csv-file filename [all]	Exports all the static and dynamic subscribers information to the specified file.
subscriber export csv-file filename	Exports only the static subscribers information to the specified file.

From the SCE(config if)# prompt, type:

How to Import a Subscriber Template

From the SCE(config if)# prompt, type:

Command	Purpose
subscriber template import csv-file filename	Imports the subscriber template from the specified file.

How to Export a Subscriber Template

From the SCE(config if)# prompt, type:

Command	Purpose
subscriber template export csv-file filename	Exports the subscriber template to the specified file.

Removing Subscribers and Templates

•How to Remove a Specific Subscriber

•How to Remove All Introduced Subscribers

•How to Remove a Specific Anonymous Subscriber Group

•How to Remove All Anonymous Subscriber Groups

•How to Remove All Anonymous Subscribers

•How to Remove All Subscriber Templates

•How to Remove Subscribers by Device

Use the following commands to remove all subscribers, anonymous groups, or subscriber templates from the system.

•no subscriber all

•no subscriber anonymous-group all

•clear interface linecard subscriber anonymous

•default subscriber template all

Use the following commands to remove a specific subscriber or anonymous group from the system.

•no subscriber name

•no subscriber anonymous-group name

These subscriber management commands are LineCard interface commands (with the exception of the clear interface linecard subscriber anonymous command, which is a Privileged Exec command). Make sure that you are in LineCard Interface command mode, and that the SCE(config if)# prompt appears in the command line.

How to Remove a Specific Subscriber

Options

The following option is available:

subscriber-name — the name of the subscriber to be removed

From the SCE(config if)# prompt, type:

Command	Purpose
no subscriber name subscriber-name	Removes the specified subscriber.

How to Remove All Introduced Subscribers

From the SCE(config if)# prompt, type:

Command	Purpose
no subscriber all	Removes all introduced subscribers. •subscriber-name specifies the name of the subscriber to be removed.

How to Remove a Specific Anonymous Subscriber Group

Options

The following option is available:

group-name — the name of the anonymous subscriber group to be removed

From the SCE(config if)# prompt, type:

Command	Purpose
no subscriber anonymous-group name group-name	Removes the specified anonymous subscriber group.

How to Remove All Anonymous Subscriber Groups

From the SCE(config if)# prompt, type:

Command	Purpose
no subscriber anonymous-group all	Removes all anonymous subscriber groups.

How to Remove All Anonymous Subscribers

From the SCE# prompt, type:

Command	Purpose
clear interface linecard 0 subscriber anonymous all	Removes all anonymous subscribers. Note The clear subscriber anonymous command is a Privileged Exec command.

---

Caution Because the clear interface linecard subscriber anonymous all command clears all the anonymous subscribers in the Cisco SCE, do not use the command in a production environment. Using this command in a production environment impacts anonymous subscribers' accountability. Use the command only when the linecard interface is shut down.

---

How to Remove All Subscriber Templates

From the SCE(config if)# prompt, type:

Command	Purpose
default subscriber template all	Removes all subscriber templates. All anonymous subscribers will be assigned to the default subscriber template.

Removing VPN-based Subscribers

All VPN-based subscribers must be cleared to change the tunneling mode. If there are VPN-based subscribers that the SM cannot remove for some reason (for example, if there is no communication between the SM and the SCE platform), use this command.

---

Note Use this command ONLY when the SCE platform is disconnected from the SM.

---

From the SCE(config if)# prompt, type:

Command	Purpose
no subscriber all with-vpn-mappings	Clears all VPN-based subscribers.

How to Remove Subscribers by Device

•How to Remove Subscribers from the SM

•How to Remove Subscribers from a Specified SCMP Peer Device

You can remove all subscribers managed by a specified device. The device can be either of the following:

•The SM

•A specified SCMP peer device

How to Remove Subscribers from the SM

From the SCE(config if)# prompt, type:

Command	Purpose
no subscriber sm all	Clears all subscribers from the SM.

How to Remove Subscribers from a Specified SCMP Peer Device

From the SCE(config if)# prompt, type:

Command	Purpose
no subscriber scmp name peer-device-name all	Clears all subscribers from the specified SCMP peer device. •peer-device-name specifies the name of the SCMP peer device from which to clear the subscribers.

Creating Anonymous Groups

You can create anonymous groups in two ways:

•Define the group, along with the related IP address range, using the subscriber anonymous-group command. The SCE platform then generates anonymous subscribers for that group when it detects traffic with an IP address that is in the specified IP range.

•Create the group by importing anonymous groups from a csv file.

Groups can also be exported to a csv file.

•Maximum creation rate of anonymous subscribers is 360 per second on the SCE8000 and 180 per second on the SCE2020.

For information on deleting anonymous groups, see How to Remove a Specific Anonymous Subscriber Group and How to Remove All Anonymous Subscriber Groups

Defining Anonymous Groups

Use this command to define an anonymous group, assigning the following to the group created:

•group name

•range of IP addresses

•subscriber template to be assigned to all subscribers within that IP range (optional)

How to Define an Anonymous Group

Options

The following options are available:

•group-name — name to be assigned to the anonymous group.

•range — range of IP addresses that defines this group.

•template — number of the subscriber template to assign to all subscribers in this group.

Default = 0

From the SCE(config if)# prompt, type:

Command	Purpose
subscriber anonymous-group name group-name ip-range range [template template]	Defines an anonymous group. If no template is specified, the default template is applied to all subscribers in this group.

Importing and Exporting Anonymous Groups

•How to Import Anonymous Groups

•How to Export Anonymous Groups

How to Import Anonymous Groups

Options

The following option is available:

•filename — name of the csv file.

From the SCE(config if)# prompt, type:

Command	Purpose
subscriber anonymous-group import csv-file filename	Creates anonymous groups by importing anonymous groups from the specified csv file. Imported anonymous groups information is added to the existing anonymous groups information. It does not overwrite the existing data. The SCE platform can support a maximum of 5000 anonymous groups.

How to Export Anonymous Groups

Options

The following option is available:

•filename — name of the csv file.

From the SCE(config if)# prompt, type:

Command	Purpose
subscriber anonymous-group export csv-file filename	Exports all existing anonymous groups to the specified csv file.

Monitoring Subscribers

•How to Monitor the Subscriber Database

•Displaying Subscribers

•How to Display Subscriber Information

•Displaying Anonymous Subscriber Information

The CLI provides several commands that allow you to monitor subscribers. These commands can be used to display information regarding the following:

•Subscriber Database

•All subscribers meeting various criteria

•Individual subscriber information, such as properties and mappings

•Anonymous subscribers

Subscribers may be introduced to the SCE platform via the SCE platform CLI or via the Subscriber Manager. The monitoring commands may be used to monitor all subscribers and subscriber information, regardless of how the subscribers were introduced to the system.

Note that these commands are all in Viewer mode. Make sure that you are in the proper mode and that the SCE> prompt appears in the command line. Note also that you must specify `linecard 0' in these commands.

How to Monitor the Subscriber Database

•How to Display the Subscriber Database Counters

•Clearing the Subscriber Database Counters

Use the following commands to display statistics about the subscriber database, and to clear the "total" and "maximum" counters.

•show interface linecard 0 subscriber db counters

The following counters are displayed:

–Current number of subscribers

–Current number of introduced subscribers

–Current number of anonymous subscribers

–Current number of active subscribers (with active traffic sessions)

–Current number of subscribers with mappings

–Current number of IP mappings

–Current number of vlan mappings

–Max number of subscribers that can be introduced

–Max number of subscribers with mappings

–Max number of subscribers with mappings date / time

–Total aggregated number introduced

–Total number of aged subscribers

–Total number of pull events

–Number of traffic sessions currently assigned to the default subscriber

•clear interface linecard 0 subscriber db counters

How to Display the Subscriber Database Counters

From the SCE# prompt, type:

Command	Purpose
show interface linecard 0 subscriber db counters	Displays the subscriber database counters.

Monitoring the Subscriber Database: Example

The following example shows the output from this command.

SCE#show interface linecard 0 subscriber db counters 
Current values:

===============

Subscribers: 249999 used out of 999999 max.

Introduced/Pulled subscribers: 999999.

Anonymous subscribers: 0.

Subscribers with mappings: 0 used out of 249999 max.

Single non-VPN IP mappings: 0.

Non-VPN IP Range mappings: 0.

IP Range over VPN mappings: 0.

Single IP over VPN mappings: 0.

VLAN based VPNs with subscribers: 0 used out of 4095.

Subscribers with open sessions: 243562.

Subscribers with TIR mappings: 0.

Sessions mapped to the default subscriber: 2.

Peak values:

============

Peak number of subscribers with mappings: 249999

Peak number occurred at: 15:54:06 UTC TUE May 13 2008

Peak number cleared at: 07:47:49 UTC SUN May 11 2008

Event counters:

===============

Subscriber introduced: 249999.

Subscriber pulled: 0.

Subscriber aged: 0.

Pull-request notifications sent: 0.

Pull-request by ID notifications sent: 0.

Subscriber pulled by ID: 0.

State notifications sent: 0.

Logout notifications sent: 0.

Subscriber mapping TIR contradictions: 0.

Clearing the Subscriber Database Counters

From the SCE# prompt, type:

Command	Purpose
clear interface linecard 0 subscriber db counters	Clears the "total" and "maximum" counters.

Displaying Subscribers

•Displaying Subscribers: All Current Subscriber Names

•Displaying Subscribers: By Subscriber Property or Prefix

•How to Display Subscribers: By Mapping (IP Address, VPN, or VLAN ID)

You can display the names of all subscribers.

You can also display specific subscriber name(s) that meet various criteria:

•A subscriber property is equal to, larger than, or smaller than a specified value.

•Subscriber name matches a specific prefix or suffix.

•Mapped to a specified IP address range.

•Mapped to a specified VLAN ID.

Use the following commands to display subscribers:

•show interface linecard 0 subscriber all-names

•show interface linecard 0 subscriber [amount] [prefix `prefix'] [property `propertyname' equals|greater-than|less-than `property-val']

•show interface linecard 0 subscriber [amount] prefix `prefix'

•show interface linecard 0 subscriber [amount] suffix `suffix'

•show interface linecard 0 subscriber mapping IP `iprange' [VPN 'vpn-name']

•show interface linecard 0 subscriber [amount] mapping intersecting IP `iprange [VPN 'vpn-name']

•show interface linecard 0 subscriber mapping VLAN-id `VLAN-id'

Displaying Subscribers: All Current Subscriber Names

You can display the names of all subscribers currently in the SCE subscriber database.

From the SCE> prompt, type:

Command	Purpose
show interface linecard 0 subscriber all-names	Displays the names of all subscribers currently in the SCE subscriber database.

Displaying Subscribers: By Subscriber Property or Prefix

You can search for all subscribers that match a specified value of one of the subscriber properties, or are greater than or less than the specified value. You can also search for all subscribers that match a specified prefix. You can also find out how many subscribers match any one of these criteria, rather than displaying all the actual subscriber names.

•How to display subscribers that match a specified value of a subscriber property

•How to display subscribers that are greater than or less than a specified value of a subscriber property

•How to display subscribers that match a specified prefix

•How to display subscribers that match a specified suffix

•How to display the number of subscribers that match a specified value of a subscriber property

•How to display the number of subscribers that are greater than or less than a specified value of a subscriber property

•How to display the number of subscribers that match a specified prefix

How to display subscribers that match a specified value of a subscriber property

Options

The following options are available:

•propertyname — name of the subscriber property to match

•property-val — value of that subscriber property to match

From the SCE> prompt, type:

Command	Purpose
show interface linecard 0 subscriber property propertyname equals property-val	Displays subscribers that match a specified value of a subscriber property.

How to display subscribers that are greater than or less than a specified value of a subscriber property

Options

The following options are available:

•propertyname — name of the subscriber property to match

•property-val — value of that subscriber property to match

From the SCE> prompt, type:

Command	Purpose
show interface linecard 0 subscriber property propertyname greater-than|less-than property-val	Displays subscribers that are greater than or less than a specified value of a subscriber property.

How to display subscribers that match a specified prefix

Options

The following options are available:

•prefix — subscriber prefix to match

From the SCE> prompt, type:

Command	Purpose
show interface linecard 0 subscriber prefix prefix	Displays subscribers that match a specified prefix.

How to display subscribers that match a specified suffix

Options

The following options are available:

•suffix — subscriber suffix to match

From the SCE> prompt, type:

Command	Purpose
show interface linecard 0 subscriber suffix suffix	Displays subscribers that match a specified suffix.

How to display the number of subscribers that match a specified value of a subscriber property

Options

The following options are available:

•propertyname — name of the subscriber property to match

•property-val — value of that subscriber property to match

From the SCE> prompt, type:

Command	Purpose
show interface linecard 0 subscriber amount property propertyname equals property-val	Displays the number of subscribers that match a specified value of a subscriber property.

How to display the number of subscribers that are greater than or less than a specified value of a subscriber property

Options

The following options are available:

•propertyname — name of the subscriber property to match

•property-val — value of that subscriber property to match

From the SCE> prompt, type:

Command	Purpose
show interface linecard 0 subscriber amount property propertyname greater-than|less-than property-val	Displays the number of subscribers that are greater than or less than a specified value of a subscriber property.

How to display the number of subscribers that match a specified prefix

Options

The following options are available:

•prefix — subscriber prefix to match

From the SCE> prompt, type:

Command	Purpose
show interface linecard 0 subscriber amount prefix prefix	Displays the number of subscribers that match a specified prefix.

How to Display Subscribers: By Mapping (IP Address, VPN, or VLAN ID)

•How to display subscribers that are mapped to a specified IP address, or range of IP addresses

•How to display subscribers that are mapped to IP addresses that are included in a given IP address or IP range

•How to display subscribers that are mapped to a specified VLAN ID

•How to display subscribers with no mapping

•How to display the number of subscribers that are mapped to a specified VLAN ID

•How to display the number of subscribers with no mapping

You can display the subscribers who are mapped to any of the following:

•A specified IP address, or range of IP addresses

•IP addresses intersecting a given IP address or IP range

•A specified VLAN ID

•A specified VPN

•no mapping

You can also display just the number of subscribers with a specified mapping, rather than listing the actual subscribers.

How to display subscribers that are mapped to a specified IP address, or range of IP addresses

Options

The following options are available:

•ip-range — IP address (x.x.x.x) or range of IP addresses (x.x.x.x/y) to match

•vpn-name (optional) — The name of the VPN in which to search for the IP address

From the SCE> prompt, type:

Command	Purpose
show interface linecard 0 subscriber mapping IP ip-range [VPN vpn-name]	Displays subscribers that are mapped to a specified IP address, or range of IP addresses.

How to display subscribers that are mapped to IP addresses that are included in a given IP address or IP range

Options

The following options are available:

•ip-range — IP address (x.x.x.x) or range of IP addresses (x.x.x.x/y) to match

•vpn-name (optional) — The name of the VPN in which to search for the IP address

From the SCE> prompt, type:

Command	Purpose
show interface linecard 0 subscriber mapping included-in IP ip-range [VPN vpn-name]	Displays subscribers that are mapped to IP addresses that are included in a given IP address or IP range.

How to display subscribers that are mapped to a specified VLAN ID

Options

The following options are available:

•VLAN-id — VLAN ID to match

From the SCE> prompt, type:

Command	Purpose
show interface linecard 0 subscriber mapping VLAN-id VLAN-id	Displays subscribers that are mapped to a specified VLAN ID.

How to display subscribers with no mapping

From the SCE> prompt, type:

Command	Purpose
show interface linecard 0 subscriber mapping none	Displays subscribers with no mapping.

How to display the number of subscribers that are mapped to a specified VLAN ID

Options

The following options are available:

•VLAN-id — VLAN ID to match

From the SCE> prompt, type:

Command	Purpose
show interface linecard 0 subscriber amount mapping VLAN-id VLAN-id	Displays the number of subscribers that are mapped to a specified VLAN ID.

How to display the number of subscribers with no mapping

From the SCE> prompt, type:

Command	Purpose
show interface linecard 0 subscriber amount mapping none	Displays the number of subscribers with no mapping.

How to Display Subscriber Information

•How to Display a Listing of Subscriber Properties

•How to Display Complete Information for a Specified Subscriber

•How to Display Values of Subscriber Properties for a Specified Subscriber

•How to Display Mappings for a Specified Subscriber

•How to Display OS Counters for a Specified Subscriber

You can display the following information about a specified subscriber:

•values of the various subscriber properties

•mappings (IP address or VLAN-ID)

•OS counters:

–current number of flows

–bandwidth

Use the following commands to display subscriber information:

•show interface linecard 0 subscriber properties

•show interface linecard 0 subscriber name `name'

•show interface linecard 0 subscriber name `name' mappings

•show interface linecard 0 subscriber name `name' counters

•show interface linecard 0 subscriber name `name' properties

How to Display a Listing of Subscriber Properties

From the SCE> prompt, type:

Command	Purpose
show interface linecard 0 subscriber properties	Displays a listing of subscriber properties.

How to Display Complete Information for a Specified Subscriber

Options

The following options are available:

•name — subscriber name

From the SCE> prompt, type:

Command	Purpose
show interface linecard 0 subscriber name name	Displays complete information for a specified subscriber, including all values of subscriber properties and mappings.

How to Display Values of Subscriber Properties for a Specified Subscriber

Options

The following options are available:

•name — subscriber name

From the SCE> prompt, type:

Command	Purpose
show interface linecard 0 subscriber name name properties	Displays values of subscriber properties for a specified subscriber.

How to Display Mappings for a Specified Subscriber

Options

The following options are available:

•name — subscriber name

From the SCE> prompt, type:

Command	Purpose
show interface linecard 0 subscriber name name mappings	Displays mappings for a specified subscriber.

How to Display OS Counters for a Specified Subscriber

Options

The following options are available:

•name — subscriber name

From the SCE> prompt, type:

Command	Purpose
show interface linecard 0 subscriber name name counters	Display OS counters for a specified subscriber.

Displaying Anonymous Subscriber Information

•How to Display Currently Configured Anonymous Groups

•How to Display Currently Configured Templates for Anonymous Groups

•How to Display Current Configuration for a Specified Anonymous Group

•How to Display Subscribers in a Specified Anonymous Group

•How to Display All Subscribers Currently in Anonymous Groups

•How to Display the Number of Subscribers in a Specified Anonymous Group

•How to Display the Total Number of Subscribers in All Anonymous Groups

You can display the following information regarding the anonymous subscriber groups:

•aging (see How to Display Aging for Anonymous Group Subscribers)

•currently configured anonymous groups

•currently configured subscriber templates

•configuration of a specified anonymous group

•number of subscribers in a specified anonymous group, or in all anonymous groups

Use the following commands to display anonymous subscriber information:

•show interface linecard 0 subscriber templates [index]

•show interface linecard 0 subscriber anonymous-group [all] [name `groupname']

•show interface linecard 0 subscriber amount anonymous [name `groupname']

•show interface linecard 0 subscriber anonymous [name `groupname']

How to Display Currently Configured Anonymous Groups

From the SCE> prompt, type:

Command	Purpose
show interface linecard 0 subscriber anonymous-group all	Displays currently configured anonymous groups.

How to Display Currently Configured Templates for Anonymous Groups

From the SCE> prompt, type:

Command	Purpose
show interface linecard 0 subscriber templates	Display currently configured templates for anonymous groups.

How to Display Current Configuration for a Specified Anonymous Group

Options

The following options are available:

•group-name — name of the anonymous subscriber group

From the SCE> prompt, type:

Command	Purpose
show interface linecard 0 subscriber anonymous-group name group-name	Displays current configuration for a specified anonymous group.

How to Display Subscribers in a Specified Anonymous Group

Options

The following options are available:

•group-name — name of the anonymous subscriber group

From the SCE> prompt, type:

Command	Purpose
show interface linecard 0 subscriber anonymous name group-name	Displays subscribers in a specified anonymous group.

How to Display All Subscribers Currently in Anonymous Groups

From the SCE> prompt, type:

Command	Purpose
show interface linecard 0 subscriber anonymous	Displays all subscribers currently in anonymous groups.

How to Display the Number of Subscribers in a Specified Anonymous Group

Options

The following options are available:

•group-name — name of the anonymous subscriber group

From the SCE> prompt, type:

Command	Purpose
show interface linecard 0 subscriber amount anonymous name group-name	Displays the number of subscribers in a specified anonymous group.

How to Display the Total Number of Subscribers in All Anonymous Groups

From the SCE> prompt, type:

Command	Purpose
show interface linecard 0 subscriber amount anonymous	Displays the total number of subscribers in all anonymous groups.

Configuring the Actual Maximum Number of Subscribers

The actual maximum number of subscribers supported is based on the capacity option specified when loading the SCA BB application. If no capacity option is specified, the user-configured default capacity is used. However, you can override this capacity option using the following commands.

Note the following:

•You must configure the override before you load the application (PQI file). The configured maximum number of subscribers takes effect when the next load command is executed.

•If you have disabled the capacity option and then the next time you load a new application you want to use the capacity option, you must re-enable the capacity option before loading the application file (see How to Restore the Configured Capacity Option).

•Use the show subscriber max-subscribers command to see what the current maximum number of subscribers is and whether the capacity option is enabled or disabled (see How to Monitor the Maximum Number of Subscribers.)

How to Override the Configured Capacity Option

The default maximum number of subscribers is 250K.

---

Step 1 If a policy configuration (PQB file) has been applied on SCE platform, use the SCA BB console to retrieve it and save it before proceeding.

Step 2 Select the maximum number of subscribers:

From the SCE(config if)# prompt, type subscriber max-subscribers (40K | 80K | 120K | 200K) and press Enter.

Step 3 Disable the application capacity option:

From the SCE(config if)# prompt, type subscriber capacity-options disable and press Enter.

Step 4 Install the new application (PQI) file. (The configured subscriber maximum takes effect only after a new application file has been loaded.)

Step 5 If you saved the policy configuration (PQB file), apply it to the SCE platform using the SCA BB console.

---

How to Override the Configured Capacity Option in a Cascade Setup

The default maximum number of subscribers is 250K. To change the maximum actual number of subscribers in cascade topology, you need to configure both the standby and active SCE devices. To change this value in cascade topology, follow these steps:

---

Step 1 If a policy configuration (PQB file) has been applied on the standby SCE platform, use the SCA BB console to retrieve it and save it before proceeding.

Step 2 Select the maximum number of subscribers:

SCE(config if)# subscriber max-subscribers {40K | 80K | 120K | 200K}

Step 3 Disable the application capacity option:

SCE(config if)# subscriber capacity-options disable

Step 4 Install the new application (PQI) file. (The configured subscriber maximum takes effect only after a new application file has been loaded.)

Step 5 If you saved the policy configuration (PQB file), apply it to the SCE platform using the SCA BB console.

If a policy configuration (PQB file) has been applied on the active SCE platform, use the SCA BB console to retrieve it and save it before proceeding. Repeat from Step 1 to Step 5 on the active SCE platform.

---

---

Note when you install the PQI file, the Package ID parameter of all existing subscribers become 0. The subscribers are automatically deleted when the aging period of each subscriber elapses.

---

How to Restore the Configured Capacity Option

---

Step 1 If a policy configuration (PQB file) has been applied on SCE platform, use the SCA BB console to retrieve it and save it before proceeding.

Step 2 From the SCE(config if)# prompt, type subscriber capacity-options enable and press Enter.

Step 3 Install the new application (PQI) file. (The configured subscriber maximum takes effect only after a new application file has been loaded.)

Step 4 If you saved the policy configuration (PQB file), apply it to the SCE platform using the SCA BB console.

---

How to Monitor the Maximum Number of Subscribers

From the SCE> prompt, type:

Command	Purpose
show interface linecard 0 subscriber max-subscribers	Shows the configured maximum number of subscribers and whether the capacity options are in effect or have been overridden

Configuring Subscriber Aging

•How to Enable Aging for Anonymous Group Subscribers

•How to Enable Aging for Introduced Subscribers

•How to Disable Aging for Anonymous Group Subscribers

•How to Disable Aging for Introduced Subscribers

•How to Set the Aging Timeout Period for Anonymous Group Subscribers

•How to Set the Aging Timeout Period for Introduced Subscribers

•How to Display Aging for Anonymous Group Subscribers

•How to Display Aging for Introduced Subscribers

As explained previously (Aging Subscribers, aging is the automatic removal of a subscriber when no traffic sessions assigned to it have been detected for a certain amount of time. Aging may be enabled or disabled, and the aging timeout period (in minutes) can be specified.

Aging can be configured separately for introduced subscribers and for anonymous subscribers.

Use the following commands to configure and monitor aging.

•[no] subscriber aging

•subscriber aging timeout

•show interface linecard 0 subscriber aging

How to Enable Aging for Anonymous Group Subscribers

From the SCE(config if)# prompt, type:

Command	Purpose
subscriber aging anonymous	Enables aging for anonymous group subscribers.

How to Enable Aging for Introduced Subscribers

From the SCE(config if)# prompt, type:

Command	Purpose
subscriber aging introduced	Enables aging for introduced subscribers.

How to Disable Aging for Anonymous Group Subscribers

From the SCE(config if)# prompt, type:

Command	Purpose
no subscriber aging anonymous	Disables aging for anonymous group subscribers.

How to Disable Aging for Introduced Subscribers

From the SCE(config if)# prompt, type:

Command	Purpose
no subscriber aging introduced	Disables aging for introduced subscribers.

How to Set the Aging Timeout Period for Anonymous Group Subscribers

Options

The following option is available:

•aging-time — the time interval, in minutes, after which an inactive subscriber will be aged (2-14400).

From the SCE(config if)# prompt, type:

Command	Purpose
no subscriber aging anonymous timeout aging-time	Sets the aging timeout period for anonymous group subscribers.

How to Set the Aging Timeout Period for Introduced Subscribers

Options

The following option is available:

•aging-time — the time interval, in minutes, after which an inactive subscriber will be aged (2-14400).

From the SCE(config if)# prompt, type:

Command	Purpose
no subscriber aging introduced timeout aging-time	Sets the aging timeout period for introduced subscribers.

How to Display Aging for Anonymous Group Subscribers

From the SCE> prompt, type:

Command	Purpose
show interface linecard 0 subscriber aging anonymous	Displays aging of anonymous group subscribers.

How to Display Aging for Introduced Subscribers

From the SCE> prompt, type:

Command	Purpose
show interface linecard 0 subscriber aging introduced	Displays aging for introduced subscribers.

Managing VPNs and VPN Subscriber Mappings

•How to Display VPN-Related Mappings

•How to Clear Automatic VPNs

How to Display VPN-Related Mappings

•How to Display Mappings for a Specified VPN

•How to Display a Listing of All VPNs

Use the following Viewer commands to display VPNs and VPN subscriber mappings. These commands display the following information:

•All the mappings for a specified VPN

•A listing of all currently logged-in VPNs

•A listing of all currently logged-in VPNs that were created automatically

How to Display Mappings for a Specified VPN

Options

The following option is available:

•vpn name — The name of the VPN for which to display mappings.

From the SCE> prompt, type:

Command	Purpose
show interface linecard 0 VPN name vpn-name	Displays mapping for a specified VPN.

How to Display a Listing of All VPNs

From the SCE> prompt, type:

Command	Purpose
show interface linecard 0 VPN all-names	Displays a listing of all currently logged-in VPNs.

Displaying a Listing of All VPNs: Example

SCE>show interface linecard 0 VPN all-names

How to Clear Automatic VPNs

From the SCE# prompt, type:

Command	Purpose
clear interface linecard 0 VPN automatic	Removes all VLAN VPNs that were created automatically by the SCE platform. (Only removes VPNs that have no active subscriber mappings).

Configuring the Cisco SCE Platform/SM Connection

•Configuring the Behavior of the Cisco SCE Platform in Case of Failure of the SM

•Configuring the SM-SCE Platform Connection Timeout

The user can configure the behavior of the Cisco SCE platform in case of failure of the Subscriber Manager (SM):

•If SM functionality is critical to the operation of the system — configure the desired behavior of the SCE platform if any loss of connection with the SM (may be due either to failure of the SM or failure of the connection itself).

•If SM functionality is not critical to the operation of the system — no action needs to be configured In this case you can specify that the system operational-status of the SCE platform should be 'warning' when the link is down.

Configuring the Behavior of the Cisco SCE Platform in Case of Failure of the SM

Options

The following options are available:

•action—The specified action will be performed in case of loss of connection between the SCE platform and the SM.

Possible actions are:

–force-failure — Force failure of SCE platform. The SCE platform then acts according to the behavior configured for the failure state.

–remove-mappings — Remove all current subscriber mappings.

–shut — The SCE platform shuts down and quits providing service.

–none (default) — Take no action.

•warning—The system operational-status of the SCE platform should be 'warning' in case of loss of connection between the SCE platform and the SM. No action is taken.

To specify the action that the SCE platform will perform if the SCE-SM connection fails, use this command.

From the SCE(config if)# prompt, type:

Command	Purpose
subscriber sm-connection-failure action [force-failure|none|remove-mappings|shut]	Specifies the action that the SCE platform will perform if the SCE-SM connection fails.
subscriber sm-connection-failure warning	Specifies that the system operational-status of the SCE platform should be 'warning' if the SCE-SM connection fails.

Configuring the SM-SCE Platform Connection Timeout

You can also configure the timeout interval; the length of time that the SM-SCE platform connection is disrupted before a failed connection is recognized and the configured behavior is applied.

Options

The following option is available:

•interval — the timeout interval in seconds

From the SCE(config if)# prompt, type:

Command	Purpose
subscriber sm-connection-failure timeout interval	Configures the connection timeout.