Intelligent Services Gateway Configuration Guide, Cisco IOS XE Release 3S
Configuring ISG Network Forwarding Policies
Configuring ISG Network Forwarding Policies
Last Updated: January 31, 2013
Intelligent Services Gateway (ISG) is a Cisco IOS XE software feature set that provides a structured framework in which edge devices can deliver flexible and scalable services to subscribers. An ISG network forwarding policy is a type of traffic policy that allows packets to be routed or forwarded to and from an upstream network. This module provides information about how to configure network forwarding policies.
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Restrictions for ISG Network Forwarding Policies
A service can contain only one network forwarding policy.
For each subscriber session, only one instance of a network forwarding policy can be in effect at any one time.
Information About ISG Network Policies
For subscriber packets to reach a network, some form of forwarding must be specified for a subscriber session. A traffic policy that allows packets to be routed or forwarded to and from an upstream network is known as a network forwarding policy .
Where the network forwarding policy type is routing, forwarding decisions are made at Layer 3, and a VRF (Virtual Routing and Forwarding) identifier must be specified to indicate which routing table should be used to make the routing decision (each VRF represents an independent routing context within a single router). Where the network policy type is forwarding, forwarding decisions are made at Layer 2, which means that all subscriber packets are forwarded to and from a single virtual endpoint within the system. This virtual endpoint represents a Layer 2 tunnel, and a tunnel identifier determines which tunnel should be used. If a network forwarding policy is not specified, the global routing table will be used to route traffic.
An ISG service that includes a network forwarding policy is known as a primary service . Primary services are mutually exclusive and may not be active simultaneously. Upon activation of a new primary service, ISG will deactivate the existing primary service and any other services dependent on the existing primary service through association with a service group.
Configuration Sources for Network Policies
Network policies can be configured in user profiles and service profiles on an external authentication, authorization, and accounting (AAA) server or in service policy maps on the ISG-enabled device. A network forwarding policy configured in a user profile takes precedence over a network forwarding policy specified in a service.
If a network forwarding policy is not specified in a user profile or service, the ISG session will inherit the network service from another source. ISG can inherit a network service from the following sources:
These configuration sources are listed in order of precedence. For example, a network forwarding policy that is configured for a virtual template takes precedence over a network forwarding policy that is configured on an interface.
For each subscriber session, only one instance of a network forwarding policy can be in effect at any point in time.
How to Configure ISG Network Policies
Configuring Network Policies for PPP Sessions in Service Policy Maps
Network policies can be configured in user profiles or service profiles on an external AAA server or in a service policy map on the ISG device. Perform this task to configure a network forwarding policy for PPP sessions in a service policy map on the ISG device.
Before You BeginSUMMARY STEPS
This task assumes that virtual private dial up network (VPDN) groups have been configured.
Configuring Network Policies for IP Sessions in Service Policy Maps
Network policies can be configured in user profiles or service profiles on an external AAA server or in a service policy map on the ISG device. Perform this task to configure a network forwarding policy for IP sessions in a service policy map on the device.
Configuration Examples for ISG Network Policies
Network Forwarding Policy for PPP Sessions Example
Feature Information for ISG Network Policies
The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2013 Cisco Systems, Inc. All rights reserved.