Table Of Contents
Resource Pool Management with Direct Remote Services
Standalone Network Access Server (NAS)
Components of Incoming and Outgoing Call Management
Processes of Incoming and Outgoing Call Management
Base Session and Overflow Session Limits
VPDN Session and Overflow Session Limits
VPDN MLP Bundles and Links-Per-Bundle Limits
Call Management Functional Descriptions
Data over Voice Bearer Services
Related Features and Technologies
Enabling Resource Pool Management
Configuring Discriminator Profiles
Configuring Customer Profile Templates
Sample Configuration for Resource Pool Management
Sample Direct Remote Services Configuration
Sample Customer Profile Configuration for Data Over Voice Bearer Service
Sample VPDN Load Sharing and Backup Configuration
Verifying Call-Counter and Call-Detail Output
show resource-pool discriminator
Troubleshooting Resource Pool Management
Checking the Resource Pool Connection
Troubleshooting DNIS Group Problems
Troubleshooting Call Discriminator Problems
Troubleshooting Customer Profile Counts
Troubleshooting Resource Group Counts
Checking the RPM/VPDN Connection
Troubleshooting Customer/VPDN Profile
Troubleshooting VPDN Profile Limits
Troubleshooting VPDN Group Limits
Troubleshooting VPDN Endpoint Problems
Using the debug aaa authorization Command
resource-pool aaa accounting ppp
resource-pool profile customer
resource-pool profile discriminator
show resource-pool discriminator
Resource Pool Management with Direct Remote Services
This document contains the following sections:
•
Related Features and Technologies
Feature Overview
Cisco Resource Pool Manager (RPM) enables telephone companies and Internet service providers (ISPs) to share dial resources for wholesale and retail dial network services in a single network access server (NAS) or across multiple NAS stacks. With Cisco RPM, service providers can count, control, and manage dial resources and provide accounting for shared resources when implementing different service-level agreements.
This document presents the single, standalone NAS version of Cisco RPM. For information on the Cisco Resource Pool Manager Server (RPMS) solution, see the Cisco Connection Online location at http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/rpms/rpms_1-0/index.htm.
Cisco RPM is ideal for combining retail and wholesale dial services using Cisco AS5200, AS5300, and AS5800 network access servers. The Cisco RPM can be configured in one or more standalone Cisco NASs, or, optionally, across multiple NAS stacks by using one or more external Cisco Resource Pool Manager Servers (RPMSs). Call management and call discrimination can be configured to occur before the call is answered.
For call management, dial customers are differentiated by the use of configurable customer profiles. Each profile is based on the Dialed Number Information Service (DNIS) and the call type determined at the time of an incoming call.
When using call discrimination, the DNIS and call type are matched against a table of disallowed calls. When a call arrives at the NAS, if the DNIS and call type match an entry in this table, the call is rejected. Call discrimination can be used to manage the billing of calls to different types of resources.
When management by virtual private dialup network (VPDN) is configured, a VPDN group includes the information needed to set up or reject a VPDN session. VPDN setup can be based on the DNIS received during call setup, or on the domain name after the call is answered. Load balancing is used to achieve full usage of VPDN tunnels. The VPDN group can also serve as the "customer profile" when all calls are answered and sessions are identified and limited by domain name instead of DNIS.
To support data over voice bearer service (DoVBS), service providers use DNIS to direct calls to the appropriate resource. When a digital call arrives at the NAS through the voice network, it terminates on a High-Level Data Link Control (HDLC) controller rather than on a modem. In this application, the customer profile that the DNIS group is assigned has the associated call type of speech and the resource group directs the call to the HDLC controller.
Standalone Network Access Server (NAS)
A single NAS using Cisco RPM can provide:
•
wholesale virtual private dialup network (VPDN) dial service to corporate customers
•
direct remote services
•
retail dial service to end users
and show multiple connections to a Cisco AS5300 NAS. Incoming calls to the NAS can use ISDN Private Rate Interface (PRI) signaling, channel associated signaling (CAS), or SS7 signaling protocol. shows incoming calls that are authenticated locally for retail dial services, or forwarded through VPDN tunnels for wholesale dial services.
Note
This implementation does not use Cisco RPMS. If you are not using Cisco RPMS and you have more than one Cisco NAS, you must manually configure each NAS by using Cisco IOS commands. Resource usage information is not shared between NASs.
Figure 1 Retail Dial Service Using Resource Pool Management
shows a method of implementing wholesale dial services without using VPDN tunnels. This is done by creating individual customer profiles consisting of authentication, authorization, and accounting (AAA) groups and Point-to-Point Protocol (PPP) configurations. The AAA groups provide IP addresses of AAA servers for authentication and accounting. The PPP configurations enable you to set different PPP parameter values on each customer profile. A customer profile typically includes the following PPP parameters:
•
Applicable IP address pools or a default local list of IP addresses
•
Primary and secondary domain name server (DNS) or Windows internet naming service (WINS)
•
Authentication method (PAP, CHAP, MSCHAP)
•
Number of links allowed for each call using Multilink PPP
Note
The AAA and PPP integration applies to a single NAS environment; the external RPMS solution is not supported.
Figure 2 Resource Pool Management with Direct Remote Services
Components of Incoming and Outgoing Call Management
Cisco RPM manages both incoming calls and outgoing sessions. Cisco RPM differentiates dial customers through configured customer profiles based on the Dialed Number Information Service (DNIS) and call type determined when an incoming call comes in.
The components of incoming call management in the Cisco RPM are:
•
Customer profiles
•
DNIS groups
•
Call types
•
Resource groups
•
Resource services
The components of outgoing session management in the Cisco RPM are:
•
VPDN groups
•
VPDN profiles
•
Direct remote services
Customer Profiles
A customer profile defines how and when a call is answered. Customer profiles include the following components (see ):
•
Customer profile name
•
Session limits—Maximum number of standard sessions
•
Overflow limits—Maximum number of overflow sessions
•
DNIS groups
•
Resource groups
•
Resource services
•
VPDN profiles or groups
•
Direct remote services source template
Figure 3 Components of a Customer Profile
The following types of customer profiles can be used on a NAS:
•
DNIS-based customer profile—Associated with a specific DNIS group and used for a single NAS solution.
•
Default customer profile—Associated with the default DNIS group and also used for a single NAS solution. This is most useful with domain-based VPDN services and for combining retail dial services with VPDN services. You can use up to four default customer profiles, each differentiated by the call type (speech, digital, V.110, V.120).
•
Backup customer profile—Functionally the same as the two profiles above, except that the backup customer profile is applicable with an RPMS solution and is used only when connectivity between a NAS and the RPMS is lost. When the connection is restored, the call counters may not be synchronized.
See the RPMS documentation for a review of the RPMS fault tolerance and recovery mechanisms.
DNIS Groups
A DNIS group is a configured list of DNIS numbers that correspond to the numbers dialed to access particular customers, service offerings, or both. The Cisco RPM checks the DNIS number of inbound calls against the configured DNIS groups and selects a customer profile based on the following criteria:
•
If Cisco RPM finds a match, it uses the configured information in the customer profile to which the DNIS group is assigned.
•
If Cisco RPM does not find a match, it uses the configured information in the customer profile to which the default DNIS group is assigned.
The DNIS/call type sequence can only be associated with one customer profile.
Call Types
The following call types are supported in the Cisco RPM:
•
Speech
•
Digital
•
V.110
•
V.120
Note
Voice over IP, Fax over IP, and dial-out calls are not currently supported.
Call types are used within a customer profile to assign calls to the appropriate resource based on:
•
Q.931 bearer capability for ISDN PRI and SS7 calls
•
Static DNIS group configuration for CAS (CT1, CT3, and CE1) calls
Note
For information on SS7 implementation for RPM, see Cisco Resource Pool Manager Server 1.0 SS7 Implementation on Cisco Connection Online (CCO) at http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/rpms/rpms_1-0/rpmsnote.htm.
Resource Groups
Resource groups represent groupings of similar hardware and/or firmware that are static and do not change on a per-call basis. Resource groups can be used to define resources that are port-based or non-port-based.
•
Port-based resources are identified by physical location, such as a range of port/slot numbers (for example, modems or terminal adapters).
•
Non-port-based resources are identified by a single size parameter (for example, HDLC framers or V.120 terminal adapters). Note that V.120 terminal adapters are currently implemented as part of the Cisco IOS software.
The Cisco RPM:
•
Enables you to configure resource groups on a Cisco NAS and apply them to a customer profile to maximize the use of available shared resources and thus support service-level agreements for various resource allocation schemes.
•
Allows you to combine your Cisco NAS resource groups with call types (speech, digital, V.110, and V.120) and optional resource modem services. Resource groups and services are assigned to incoming calls through DNIS groups and call types.
Note
Resources not configured in the NAS as part of a resource group and not assigned to a customer profile cannot be used by Cisco RPM or Cisco RPMS.
Note
To support ISDN Data over Voice Bearer Service (DoVBS), use a DNIS group and a configured customer profile to direct the speech call to the appropriate digital resource. The resource group assigned to this customer profile is digital resources with a call type of speech, so the call will terminate on an HDLC controller rather than on a modem.
Resource Services
A resource service contains a finite series of resource command strings that can be used to dynamically configure an incoming connection.
Services supported by a resource group are determined by the combination of hardware and firmware installed. Currently, resource services:
•
Can be configured and applied to resource groups containing only MICA modems.
•
Can be configured to affect minimum and maximum speed, modulation, error correction, and compression as shown in .
Table 1 Resource Services for Resource Groups Containing MICA Modems
VPDN Groups
A VPDN group contains the data required to build a VPDN tunnel from the Cisco RPM NAS L2TP Access Concentrator (LAC) to the L2TP Network Server (LNS). In the context of RPM, VPDN is authorized by first associating a customer profile with a VPDN group, and second by associating the VPDN group to the DNIS group used for that customer profile. VPDN groups are assigned to customer profiles as follows:
•
For DNIS-based VPDN dial services, VPDN groups are assigned to customer profiles based on the configured DNIS groups.
•
For domain-based VPDN dial services, VPDN groups are assigned to customer profiles with the default DNIS group and matching call-type assignment.
VPDN group data includes the endpoint IP addressses. Cisco RPM enables you to specify multiple IP endpoints for a VPDN group. If two or more IP endpoints are specified, Cisco RPM uses a load-balancing method to ensure traffic is distributed across the IP endpoints.
The VPDN group provides call management by allowing limits to be applied to both the number of multilink PPP bundles per tunnel and the number of links per multilink PPP bundle. Limits can also restrict the number of sessions per IP endpoint. If you require more granular control of VPDN counters, use VPDN profiles.
VPDN Profiles
VPDN profiles allow for session and overflow limits to be imposed for a particular customer profile. These limits are unrelated to the limits imposed by the customer profile. A customer profile is associated with a VPDN profile. A VPDN profile is associated with a VPDN group. VPDN profiles are required only when these additional counters are required for VPDN usage per customer profile.
Direct Remote Services
Direct remote services is an enhancement to Cisco resource pool management (RPM) implemented in Cisco IOS Release 12.0(7)T that enables service providers to implement wholesale dial services without using VPDN tunnels. A customer profile that has been preconfigured with a PPP template to define the unique PPP services for the wholesale dial customer is selected by the incoming DNIS and call type. At the same time, the DNIS is used to select AAA server groups for authentication/authorization and for accounting for the customer.
PPP Common Configuration Architecture (CCA) is the new component of the RPM customer profile that enables direct remote services. The full PPP command set available in Cisco IOS software is configurable per customer profile for wholesale dial applications. A customer profile typically includes the following PPP parameters:
•
Local or named IP address pools
•
Primary and secondary domain name server (DNS) or Windows internet naming service (WINS) addresses
•
Authentication method (PAP, CHAP, MS-CHAP)
•
Multilink PPP links per bundle limits
The AAA session information is selected by the incoming DNIS. AAA server lists provide the IP addresses of AAA servers for authentication, authorization, and accounting in the wholesale customer's local network. The server lists for both authentication and authorization and for accounting contain the server addresses, AAA server type, timeout, retransmission, and keys per server.
When direct remote services is implemented on a Cisco NAS, the following events occur:
1
The NAS sends an authorization request packet to the AAA server by using the authentication method (PAP, CHAP, MSCHAP) that has been configured through PPP.
2
The AAA server accepts the authorization request and returns one of the following items to the NAS:
(a)
a specific IP address
(b)
an IP address pool name
(c)
nothing
3
Depending on the response from the AAA server, the NAS assigns one of the following items to the user through the DNS/WINS:
(a)
the IP address returned by the AAA server
(b)
an IP address randomly assigned from the named IP address pool
(c)
an IP address from a pool specified in the customer profile template
Note
If the AAA server sends back to the NAS a named IP address pool and that name does not exist on the NAS, the request for service is denied. If the AAA server does not send anything back to the NAS and there is an IP address pool name configured in the customer profile template, an address from that pool is used for the session.
Processes of Incoming and Outgoing Call Management
This section describes the following topics:
•
Base Session and Overflow Session Limits
•
VPDN Session and Overflow Session Limits
•
VPDN MLP Bundles and Links-Per-Bundle Limits
•
Call Management Functional Descriptions
Call Treatment
Call treatment determines how calls are handled when certain events require the call to be rejected. For example, if the session and overflow limits for one of your customers has been exceeded, any additional calls receive a busy signal. summarizes the various call treatment options.
Call Discrimination
Resource pool management offers a call discrimination feature that rejects calls based on a DNIS group and a call type filter. When a call arrives at the NAS, the DNIS and the call type are matched against a table of disallowed calls. If the DNIS and call type match entries in this table, the call is rejected before it is assigned Cisco NAS resources, or before any other Cisco RPM processing occurs.
and show the sequence of call discrimination/call processing events which take place when an incoming call arrives at the Cisco NAS. shows the sequence for a Cisco NAS that is not using direct remote services. shows the sequence that occurs when direct remote services is being used.
Figure 4 RPM Call-Processing Flowchart for a Standalone NAS
Figure 5
RPM Call-Processing Flowchart for a Standalone NAS with Direct Remote Services
You can use call discrimination to manage billing of calls to different types of resources. If you have a different billing structure for modem calls and for digital calls, each call type is assigned a different DNIS. When a user calls the DNIS, the call type must be of the allowed call type or the call is rejected.
For example, to restrict a specific DNIS group to modem calls only, create call discrimination settings for the DNIS group and the other call types (digital, V.110, and V.120) as shown in .
Note
Supported call types are speech, digital, V.110, and V.120.
Figure 6 Call Discrimination
Base Session and Overflow Session Limits
The Cisco RPM enables you to set base and overflow session limits in each customer profile.
The base session limit determines the maximum number of non-overflow sessions supported for a customer profile. When the base session limit is reached, any new calls are rejected unless overflow sessions are enabled. If overflow sessions are enabled, new sessions up to the session overflow limit are processed and marked as overflow for call handling and accounting. The RPM call counters and AAA accounting records indicate whether a call is considered overflow for tracking and billing.
The overflow session limit determines the allowable number of sessions above the session limit. If the overflow session limit is greater than zero, overflow sessions are enabled. The maximum number of allowed sessions is the base session limit plus the overflow session limit. When the overflow session limit is reached, any new calls are rejected.
Enabling overflow sessions is useful for allocating extra sessions for preferred customers at premium rates. Overflow sessions can also be useful for encouraging customers to adequately forecast bandwidth usage or for special events when normal session usage is exceeded. For example, if a customer has a corporate-wide program and many people are expected to request remote access, you can enable many overflow sessions and charge a premium rate for the extra bandwidth used.
Note
An overflow call is a call received when the base session limit is exceeded and is in an overflow state. When a call is identified as an overflow call, the call maintains the overflow status throughout its duration—even if the number of current sessions returns below the base session limit.
.
VPDN Session and Overflow Session Limits
The Cisco RPM enables you to configure base and overflow session limits per VPDN profile for managing VPDN sessions.
Note
The VDPN session and overflow session limits are independent of the limits set in the customer profiles.
The base VPDN session limit determines the maximum number of non-overflow sessions supported for a VPDN profile. When the base VPDN session limit is reached, any new VPDN calls using the VPDN profile sessions are disconnected unless overflow sessions are enabled. If overflow sessions are enabled, new sessions up to the overflow session limit are processed and marked as overflow for VPDN accounting.
The VPDN overflow session limit determines the number of sessions above the base session limit allowed in the VPDN group. If the overflow session limit is greater than zero, overflow sessions are enabled. The maximum number of allowed sessions is the base session limit plus the overflow session limit. When the overflow session limit is reached, any new calls are disconnected.
VPDN MLP Bundles and Links-Per-Bundle Limits
To ensure resources are not consumed by a few users with multilink PPP (MLP) connections, the Cisco RPM also enables you to specify the maximum number of MLP bundles that can be opened in a VPDN group. In addition, you can specify the maximum number of links for each MLP bundle.
For example, if standard ISDN users access the VPDN profile, limit this setting to two links per bundle. If video conferencing is used, increase this setting to accommodate the necessary bandwidth (usually six links). These limits have no overflow options and are configured under the VPDN group component.
VPDN Tunnel Limits
For increased VPDN tunnel management, the Cisco RPM enables you to set an IP endpoint session limit for each IP endpoint. IP endpoints are configured for VPDN groups.
Call Management Functional Descriptions
and depict the processes of incoming and outgoing call management that have been described in the previous sections.
Figure 7 RPM Functional Description for Incoming Call Management
When a DNIS call comes in, the Cicco NAS chooses an authentication/authorization server and an accounting server.
For information on RADIUS multiple UDP ports support for RPM, see Configuring RADIUS for Multiple UDP Ports Support. For information on AAA server groups based on DNIS implementation for RPM, see Selecting AAA Server Groups Based on DNIS.
Incoming call management includes the following processes:
•
The incoming DNIS is mapped to a DNIS group; if there is no incoming DNIS number, or the DNIS number provided does not match any configured DNIS group, the DNIS group default is used.
•
The mapped DNIS group is checked against configured call discriminator profiles to confirm if this DNIS group/call type combination is disallowed. If there is a match, the call is immediately rejected.
•
Once a DNIS group or a default DNIS group is identified, the customer profile associated with that DNIS group and call type (from the bearer capability for ISDN calls; statically configured for CAS calls) is selected. If there is no corresponding customer profile, the call is rejected.
•
The customer profile includes a base session limit value and an overflow session limit value. If these thresholds have not already been met, the call is assigned the appropriate resource defined in the customer profile. If the thresholds have been met, the call is rejected.
•
If resources are available from the resource group defined in the customer profile, the call is answered. Otherwise, the call is rejected.
•
As sessions start and end, the session counters increase and decrease, so the customer profile call counters are kept current.
Outgoing call management is depicted in .
Figure 8 RPM Functional Description for Outgoing Call Management
Outgoing call management includes the following processes:
•
After the call is answered and if VPDN is enabled, the Cisco RPM checks the customer profile for an assigned VPDN group or profile.
•
If a VPDN profile is found, the limits for number of multilink bundles and number of links per bundle are checked:
•
If the limits have not been exceeded, the VPDN group data associated with that VPDN profile is used to build a VPDN tunnel.
•
If the VPDN limits have been exceeded, the call is disconnected.
•
If a VPDN group is found within the customer profile, the VPDN group data is used to build a VPDN tunnel:
•
If the VPDN group limits for number of multilink bundles and number of links per bundle have not been exceeded, a VPDN tunnel is built.
•
If the limits have been reached, the call is disconnected.
•
The outgoing session management of the customer profile directs the answered call to the appropriate destination:
•
To a PPP command set/feature set and AAA server group for direct remote services.
•
To a tunnel that is established between the NAS or L2TP Access Concentrator (LAC) and a wholesale (VPDN) dial customer's home gateway (HGW) or L2TP Network Server (LNS) using L2F or L2TP tunneling technology.
•
To a local AAA server of retail dial applications and Internet and intranet access.
•
If no VPDN profile is assigned to the customer profile and VPDN is enabled, non-RPM VPDN service is attempted. If this non-RPM VPDN service fails, the call is processed as a retail dial service call if local AAA service is available.
Accounting Data
You can generate accounting data for network dial service usage in NAS AAA attribute format. You can configure the Cisco NAS to generate AAA accounting records for access to an external AAA server. The accounting start and stop records in AAA attribute format are sent to the external AAA server by using either RADIUS or TACACS+ protocols for accounting data storage. lists the new fields in the AAA accounting packets.
Data over Voice Bearer Services
Data over Voice Bearer Services (DoVBS) is a dial service that uses a customer profile and an associated resource group of digital resources to direct data calls with a speech call type to HDLC controllers.
To support ISDN DoVBS, use a DNIS group and a configured customer profile to direct the speech call to the appropriate digital resource.
The resource group assigned to this customer profile is digital resources; the call type is speech. The call terminates on an HDLC controller rather than on a modem.
Benefits
Cisco Resource Pool Manager with direct remote services gives data network service providers the capability to:
•
Manage customer use of shared resources, such as modems or HDLC controllers for data calls.
•
Offer advanced wholesale dial-up services directly to customers. Because the PPP and AAA feature sets are selected by the incoming DNIS, the service provider no longer needs tunneling technology to provide unique service-level agreements to wholesale dial customers.
•
Efficiently use resource groups, such as modems to offer differing over-subscription rates and dial service-level agreements.
•
Deploy Data over Voice Bearer Service (DoVBS).
•
Accept or reject a call based on the incoming DNIS number before answering the call.
•
Include local retail dial services in the same NAS with the wholesale dial customers.
The Cisco RPM customer profile template provides a strong, single NAS solution with the following benefits for providers of wholesale dial services:
•
Call acceptance is determined by the Cisco RPM before call answering by using the configured size limits and resource availability.
•
The answered call uses the PPP configuration defined in the template to initiate authentication, obtain an IP address, and select a DNS or WINS that is located at the customer's site.
•
The same DNIS that was used to choose the customer profile selects the servers for authentication/authorization and accounting that are located at the wholesale customer's site.
Restrictions
•
Ear and Mouth Feature Group B (E&M-FGB) is the only signaling type supported for channel associated signaling (CAS) on T1 and T3 facilities; R2 is supported for E1 facilities. Feature Group (FG) D is not currently supported.
•
The Cisco IOS software collects DNIS digits for E&M-FGB CAS signaling. For all other CAS signaling types, use the default DNIS group customer profiles.
•
The Resource Pool Manager application requires the NPE 300 processor when implemented on the Cisco AS5800.
•
Use resource pool management services with MICA modems only.
•
Modem pooling and resource pool management are not compatible.
Related Features and Technologies
•
Authentication, Authorization, and Accounting (AAA)
•
Point-to-Point Protocol (PPP)
•
Virtual Private Dial-up Network (VPDN)
•
SS7 Signaling
Related Documents
•
Cisco AS5200 Universal Access Server Software Configuration Guide
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_serv/as5200/52swcfg2/index.htm•
Cisco AS5300 Software Configuration Guide
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_serv/5300/53swcf2/index.htm•
Cisco AS5800 Access Server Software ICG
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_serv/as5800/58sw_icg/index.htm•
Cisco Access VPN Solutions Using Tunneling Technology
http://www.cisco.com/univercd/cc/td/doc/cisintwk/intsolns/vpn_soln/index.htm•
Cisco Resource Pool Manager Server Configuration Guide
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/rpms/rpms_1-0/rpmsconf/index.htm•
Cisco Resource Pool Manager Server Installation Guide
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/rpms/rpms_1-0/rpms_ins/index.htm•
Cisco Resource Pool Manager Server Solutions Guide
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/rpms/rpms_1-0/rpms_sol/index.htm•
Dial Solutions Quick Configuration Guide (Cisco IOS Release 12.0)
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12supdoc/dsqcg3/index.htm•
Redundant Link Manager
http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113aa/113aa_7/rlm_rel2.htm•
Release Notes for Cisco Resource Pool Manager Server Release 1.0
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/rpms/rpms_1-0/rpmsnote.htm•
SS7 Continuity Testing for Network Access Servers
http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113aa/113aa_5/cot.htm•
SS7 Dial Solution System Integration
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_serv/5300/iosinfo/ios_mods/5420.htm•
Configuring RADIUS for Multiple User Datagram Protocol Ports
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120t/120t7/rad_udp6.htm•
Selecting AAA Server Groups Based on DNIS
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120t/120t7/serdnis6.htmSupported Platforms
The following platforms support resource pool management in NAS standalone and external server scenarios for this Cisco IOS release:
•
Cisco AS5200
•
Cisco AS5300
•
Cisco AS5800
Supported MIBs and RFCs
MIBs
•
CALL-RESOURCE-POOL-MIB
•
CISCO-VPDN-MANAGEMENT-MIB
For descriptions of supported MIBs and how to use MIBs, see Cisco's MIB web site on CCO at http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml.
RFCs
None
Prerequisites
•
For the Cisco AS5200 and Cisco AS5300, Cisco IOS Release 12.0(4)XI1 or later releases must be running on the NAS.
•
For the Cisco AS5800, Cisco IOS Release 12.0(5)T or later releases must be running on the NAS.
•
A minimum of 64 MB must be available on the DMM cards.
•
Before configuring resource pool management, verify the operation of the following features as described in the appropriate documentation listed in "Related Documents":
•
Ensure AAA operation (if enabled)
•
Ensure PPP operation
•
Ensure VPDN operation (if enabled)
See Configuring the NAS for Basic Dial Access for more information: http://www.cisco.com/univercd/cc/td/doc/cisintwk/intsolns/vpn_soln/l2fcase/l2ftask1.htm
Configuration Tasks
The following configuration tasks are used to configure a Cisco NAS for resource pool management:
•
Enabling Resource Pool Management
•
Configuring Discriminator Profiles
•
Configuring Customer Profiles
•
Configuring Customer Profile Templates
•
Configuring AAA Server Groups
These tasks are described in the following sections:
Enabling Resource Pool Management
To enable resource pool management on a Cisco NAS, perform the following steps, beginning from global configuration mode.
Example
The following example shows the commands used to enable resource pool management and establish the call treatments for incoming calls when resource allocation fails to connect (channel-not-available) and when profile authorization fails (no-answer). It also shows that local AAA has been chosen for the RPM configuration:
Router(config)# resource-pool enableRouter(config)# resource-pool call treatment resource channel-not-availableRouter(config)# resource-pool call treatment profile no-answerRouter(config)# resource-pool aaa protocol localNote that with RPM disabled, the resource groups will still take effect (that is, modem pooling will not be possible).
Note
If you have an RPMS, you do not need to define VPDN groups and profiles, customer profiles, or DNIS groups on the NAS—you only need to define resource groups. Configure the remaining items by using the RPMS system.
Configuring DNIS Groups
This configuration task is optional. For default DNIS service, no DNIS group configuration is required. The following characteristics and restrictions apply to DNIS group configuration:
•
Each DNIS group/call type combination can apply to only one customer profile.
•
You can use up to four default DNIS groups (one for each call type).
•
You must statically configure CAS call types.
•
You can use x, X or . as wildcards within each DNIS number.
To configure DNIS groups for RPM implementations, perform the following steps, beginning from global configuration mode.
Step Command Purpose1
![]()
Router(config)# dialer dnis group {dnis-group-name}
Create a DNIS group with a name of your choice. The name you specify in this step must be used when configuring the customer profile (see "Configuring Customer Profiles" on page 23).
2
![]()
Router(config-dnis-group)# call-type cas {digital | speech}
Statically set the call-type override for incoming CAS calls to either digital or speech.
3
![]()
Router(config-dnis-group)# number number
Add a DNIS number to the dialer DNIS group to be used in the customer profile. The DNIS number may have up to 65 characters; wildcards may be used.
Example
The following example shows the commands used to configure a DNIS group named cisco with a call type override for incoming CAS calls of speech and the DNIS numbers of 5552221210 through 5552221219:
Router(config)# dialer dnis group ciscoRouter(config-dnis-group)# call-type cas speechRouter(config-dnis-group)# number 555222121xConfiguring Discriminator Profiles
Discriminator profiles enable you to process calls differently based on the call type and DNIS combination. To configure discriminator profiles for RPM implementation, perform the following steps, beginning from global configuration mode.
Note
To create a call discriminator profile, you must specify both a call-type and a DNIS group. Once a DNIS group is associated with a call type in a discriminator, it cannot be used in any other discriminator.
Example
The following example shows a call discriminator named blocked1 being created and configured to block speech calls from the DNIS group named remotephone:
Router(config)# resource-pool profile discriminator blocked1Router(config-call-discrimin)# call-type speechRouter(config-call-discrimin)# dnis group remotephoneConfiguring Resource Groups
Note
For external Cisco RPMS environments, configure resource groups on the NAS before defining them on external RPMS servers. For standalone NAS environments, first configure resource groups before using them in customer profiles.
•
Resource groups can apply to multiple customer profiles.
•
You can separate the physical resources into different resource groups.
Note
Do not put heterogenous resources in the same group. Do not put MICA modems in the same group as Microcom modems. Do not put modems and HDLC controllers in the same resource group. Do not configure "port" and "limit" parameters in the same resource group.
To configure resource groups for RPM implementations, perform the following steps, beginning from global configuration mode.
Example
The following example shows the creation of a resource group modem1 with ports set ranging from 0 to 47:
Router(config)# resource-pool group resource modems1Router(config-resource-group)# range port 1/0 1/47The following example shows the creation of a resource group named hdlc1 supporting a range limit set for 48 simultaneous connections:
Router(config)# resource-pool group resource hdlc1Router(config-resource-group)# range limit 48Configuring Service Profiles
Service profiles are used to configure modem service parameters for MICA modems. Note the following characteristics of service profiles:
•
Service profiles apply only to MICA modems (speech or V.110).
•
Error-correction and compression are hidden parameters that may be included in a service profile. For more information, see "modem min-speed max-speed" on page 70.
To configure service profiles for RPM implementations, perform the following steps, beginning from global configuration mode.
Example
The following example shows the creation of a service profile named mica1. The minimum modem speed is set for 28800 bps; maximum speed is 56000 bps; the modulation is set to v32bis; error correction is not configured; compression is set to v42bis.
Router(config)# resource-pool profile service mica1Router(config-service-profil)# modem min-speed 28800 max-speed 56000 modulation v32bis compression v42bisConfiguring Customer Profiles
Customer profiles are used so that service providers can assign different service characteristics to different customers. Note the following characteristics of customer profiles:
•
Multiple resources of the same call type are used sequentially.
•
The limits imposed are per customer (DNIS)—not per resource.
•
A digital resource with a call type of speech allows for data over speech bearer service (DoSBS).
To configure customer profiles for RPM implementations, perform the following steps, beginning from global configuration mode.
Step Command Purpose1
![]()
Router(config)# resource-pool profile customer name
Create a customer profile and assign it a name of up to 23 characters.
2
![]()
Router(config-customer-profi)# dnis group dnis-group-name
Assign a previously-created DNIS group to this customer profile (see "Configuring DNIS Groups" on page 20).
3
![]()
Router(config-customer-profi)# limit base-size {number | all}
Specify the maximum number of simultaneous base sessions to be allowed for this customer under the terms of the service-level agreement (SLA). The range is from 0 to 1000 sessions. If all sessions are to be designated as base sessions, specify all.
4
![]()
Router(config-customer-profi)# limit overflow-size {number | all}
Specify the maximum number of overflow sessions to be allowed for this customer under the terms of the service-level agreement (SLA). The range is from 0 to 1000. If all sessions are to be designated as overflow sessions, specify all.
5
![]()
Router(config-customer-profi)# resource WORD {digital | speech | v110 | v120} [service WORD]
Assign a name to a group of physical resources inside the customer profile. Select which type of calls this group of resources will accept. Specify the name of a service profile if you have configured a service profile for MICA modems.
Example
The following example shows a customer profile called corporate1 being created and configured. It is using the DNIS group named cisco with no limits on the base size or on the overflow size (accepting all sessions). The customer profile is set to use the configured resource modems1 for digital calls using the configured service named mica1:
Router(config)# resource-pool profile customer corporate1Router(config-customer-profi)# dnis group ciscoRouter(config-customer-profi)# limit base-size allRouter(config-customer-profi)# limit overflow-size allRouter(config-customer-profi)# resource modems1 digital service mica1Configuring Customer Profile Templates
Customer profile templates provide a way to keep each customer's unique PPP configuration values separate for both security and accountability. This is an optional configuration.
Note
To configure a template and place it in a customer profile, ensure that all basic configurations including the resource pool management configurations have been completed and verified.
To configure a customer profile template for RPM implementations, perform the following steps, beginning from global configuration mode.
.
When you create a customer profile template and enter template configuration mode, the following commands are available:
Router(config)# template acme_directTemplate Configuration Commands:default Set a command to its defaultsexit Exit from resource-manager configuration modemultilink Configure multilink parametersno Negate a command or set its defaultspeer Peer parameters for point to point interfacesppp Point-to-Point ProtocolFor more information about the PPP command set, refer to Release 12.0, Cisco IOS Dial Solutions Command Reference and Dial Solutions Configuration Guide.
Example
The following example shows the creation and configuration of a customer profile template named acme-direct and its subsequent assignment to the customer profile acme1:
Router(config)# template acme-directRouter(config-template)# multilink max-fragments 10Router(config-template)# peer match aaa-poolsRouter(config-template)# peer default ip address pool acme-numbersRouter(config-template)# ppp ipcp dns 10.1.1.1 10.2.2.2Router(config-template)# ppp multilinkRouter(config-template)# exitRouter(config)# resource-pool profile customer acme1Router(config-customer-profi)# source template acme-directConfiguring AAA Server Groups
AAA server groups are lists of AAA server hosts of a particular type. The Cisco RPM currently supports Remote Authentication Dial In User Service (RADIUS) server hosts and Terminal Access Controller Access Control System Plus (TACACS+) server hosts. A AAA server group lists the IP addresses of the selected server hosts.
You can use a AAA server group to define a distinct list of AAA server hosts and apply this list to the Cisco RPM application. Note that the AAA server group feature works only when the server hosts in a group are of the same type.
To configure AAA server groups for RPM implementations, perform the following steps, beginning from global configuration mode.
For more information about the AAA command set, refer to AAA Server Group, a Cisco IOS Release 12.0(5)T feature, and Release 12.0, Cisco IOS Dial Solutions Command Reference and Dial Solutions Configuration Guide.
Example
The following example shows a RADIUS AAA server group configured with a hostname of serverhostname for the customer profile named acmeprofile in the AAA group configuration of acme1:
Router(config)# aaa new-modelRouter(config)# radius-server key keyRouter(config)# radius-server host serverhostnameRouter(config)# aaa group server radius acme1Router(config-sg radius)# server ip-addressRouter(config-sg radius)# exitRouter(config)# resource-pool profile customer acmeprofile1Router(config-customer-profi)# aaa group-configuration acme1Configuring VPDN Profiles
VPDN profiles are used to combine session counting for VPDN groups with session counting for DNIS groups. A VPDN profile is required only if you want to impose VPDN tunnel limits that are different from the base session and overflow session limits that are configured for the customer profile containing the VPDN sessions.
To configure VPDN profiles for RPM implementations, perform the following steps, beginning from global configuration mode.
Step Command Purpose1
![]()
Router(config)# resource-pool profile vpdn profile-name
Create a VPDN profile and assign it a profile name.
2
![]()
Router(config-vpdn-profile)# limit base-size {number | all}
Specify the maximum number of simultaneous base VPDN sessions to be allowed for this VPDN group under the terms of the service-level agreement (SLA). The range is from 0 to 1000 sessions. If all sessions are to be designated as base VPDN sessions, specify all.
3
![]()
Router(config-vpdn-profile)# limit overflow-size {number | all}
Specify the maximum number of simultaneous overflow VPDN sessions to be allowed for this VPDN group under the terms of the service-level agreement (SLA). The range is from 0 to 1000 sessions. If all sessions are to be designated as overflow VPDN sessions, specify all.
4
![]()
Router(config-vpdn-profile)# exit
Return to global configuration mode.
5
![]()
Router(config)# resource-pool profile customer name
Enter customer profile configuration mode for the customer to which you wish to assign this VPDN group.
6
![]()
Router(config-customer-profi)# vpdn profile profile-name
or
Router(config-customer-profi)# vpdn group group-name
Attach the VPDN profile you have just configured to the customer profile to which it belongs, or, if the limits imposed by the VPDN profile are not required, attach VPDN group instead (see"Configuring VPDN Groups" on page 27).
Example
The following example shows the commands used to configure the VPDN profile cust1profile for the customer named cust1. The base-size limit has been set to 25, the overflow size limit has been set to 20. After the VPDN profile cust1profile has been configured, it is then assigned to the customer cust1:
Router(config)# resource-pool profile vpdn cust1profileRouter(config-vpdn-profile)# limit base-size 25Router(config-vpdn-profile)# limit overflow-size 20Router(config-vpdn-profile)# exitRouter(config)# resource-pool profile customer cust1Router(config-customer-profi)# vpdn profile cust1profileConfiguring VPDN Groups
A VPDN group consists of VPDN sessions that are combined together and placed into a customer profile or a VPDN profile. Note the following characteristics of VPDN groups:
•
The dnis-group-name is required to authorize the VPDN group with RPM.
•
A VPDN group placed in a customer profile allows VPDN connections for the customer using that profile.
•
A VPDN group placed in a VPDN profile allows the session limits configured for that profile to apply to all of the VPDN sessions within that VPDN group.
•
VPDN data includes an associated domain name or DNIS, an endpoint IP address, the maximum number of MLP bundles, and the maximum number of links per MLP bundle; this data can optionally be on a AAA server.
To configure VPDN groups for RPM implementations, perform the following steps, beginning from global configuration mode.
Example
The following example shows the configuration of a VPDN group named vpdn4commerce and how it was associated with the customer profile johndoe1:
Router(config)# vpdn enableRouter(config)# vpdn-group vpdn4commerceRouter(config-vpdn)# request dialin l2f ip 10.10.1.1 domain 5552221212Router(config-vpdn)# multilink bundle number 10Router(config-vpdn)# loadsharing ip 10.10.1.1 25Router(config-vpdn)# backup ip 10.10.1.2 20Router(config-vpdn)# exitRouter(config)# resource-pool profile customer johndoe1Router(config-customer-profi)# vpdn group vpdn4commerceConfiguration Examples
This section provides the following configuration examples:
•
Sample Configuration for Resource Pool Management
•
Sample Direct Remote Services Configuration
•
Sample Customer Profile Configuration for Data Over Voice Bearer Service
•
Sample VPDN Load Sharing and Backup Configuration
Sample Configuration for Resource Pool Management
The following example configuration illustrates the general use of RPM:
resource-pool enableresource-pool call treatment resource busyresource-pool call treatment profile no-answer!resource-pool group resource isdn-portsrange limit 46resource-pool group resource MICA-modemsrange port 1/0 2/23!resource-pool profile customer ACMElimit base-size 30limit overflow-size 10resource isdn-ports digitalresource MICA-modems speech service golddnis group ACME_dnis_numbers
Note
Replace resource isdn-ports digital above with resource isdn-ports speech to set up DoVBS. See the section, "Sample Direct Remote Services Configuration" for more information.
!resource-pool profile customer DEFAULTlimit base-size 10resource MICA-modems speech service silverdnis group defaultresource-pool profile discriminator deny_DNIScall-type digitaldnis group bye-bye!resource-pool profile service goldmodem min-speed 33200 max-speed 56000 modulation v90resource-pool profile service silvermodem min-speed 19200 max-speed 33200 modulation v34!resource-pool aaa protocol local!dialer dnis group ACME_dnis_numbersnumber 301001dialer dnis group bye-byenumber 301005Note the following characteristics of the sample configuration:
•
Digital calls to 301001 are associated with the customer ACME by using the resource group "isdn-ports".
•
Speech calls to 301001 are associated with the customer ACME by using the resource group "MICA-modems." In the ACME customer profile, this resource group uses service profile "gold," which allows V.90 connections (anything less than a V.90 connection is also allowed).
•
Digital calls to 301005 are denied.
•
All other speech calls to any other DNIS number are associated with the customer profile "DEFAULT" by using the resource group "MICA-modems." In the DEFAULT customer profile, this resource group uses service profile "silver," which allows V.34 connections (anything more than V.34 is not allowed; anything less than V.34 is allowed).
•
All other digital calls to any other DNIS number are not associated with a customer profile and are therefore not allowed.
•
In this case, the customer profile named "DEFAULT" serves as the default customer profile for speech calls only. If the solution uses an external RPMS server, this same configuration can be used for backup resource pooling if communication is lost between the NAS and the RPMS.
Sample Direct Remote Services Configuration
The following example configuration illustrates the use of direct remote services with RPM:
resource-pool profile customer ACMElimit base-size 30limit overflow-size 10resource isdn-ports digitalresource MICA-modems speech service golddnis group ACME_dnis_numbersaaa group-configuration tahoesource template acme_direct!resource-pool profile customer DEFAULTlimit base-size 10resource MICA-modems speech service silverdnis group defaultresource-pool profile discriminator deny_DNIScall-type digitaldnis group bye-bye!resource-pool profile service goldmodem min-speed 33200 max-speed 56000 modulation v90resource-pool profile service silvermodem min-speed 19200 max-speed 33200 modulation v34!resource-pool aaa protocol local!template acme_directpeer default ip address pool tahoeppp authentication chap isdn-usersppp multilink!dialer dnis group ACME_dnis_numbersnumber 301001dialer dnis group bye-byenumber 301005Sample Customer Profile Configuration for Data Over Voice Bearer Service
To allow ISDN calls with a speech bearer capability to be directed to digital resources, make the following change (highlighted in bold) to the configuration shown in the section "Sample Configuration for Resource Pool Management":
resource-pool profile customer ACMElimit base-size 30limit overflow-size 10resource isdn-ports speechdnis group ACME_dnis_numbersThis change causes ISDN speech calls (in addition to ISDN digital calls) to be directed to the resource "isdn-ports"; thus, ISDN speech calls provide Data Over Voice Bearer Service.
Sample VPDN Configuration
Adding the following commands to the "Sample Configuration for Resource Pool Management" section allows you to use VPDN by setting up a VPDN profile and a VPDN group.
Note
If the limits imposed by the VPDN profile are not required, do not configure the VPDN profile. Replace the command vpdn profile ACME_VPDN under the customer profile ACME with the command vpdn group outgoing-2.
resource-pool profile vpdn ACME_VPDNlimit base-size 6limit overflow-size 0vpdn group outgoing-2!resource-pool profile customer ACMElimit base-size 30limit overflow-size 10resource isdn-ports digitalresource MICA-modems speech service golddnis group ACME_dnis_numbersvpdn profile ACME_VPDNvpdn enable!vpdn-group outgoing-2request dialin 12f ip 172.16.1.9 dnis ACME_dnis_numberslocal name HQ-NASmultilink bundle 1multilink link 2dnis ACME_dnis_numbers!dialer dnis group ACME_dnis_numbersnumber 301001Sample VPDN Load Sharing and Backup Configuration
The Cisco IOS software enables you to balance and back up VPDN sessions across multiple tunnel endpoints (HGW/LNS). When a user or session comes into the NAS/LAC, a VPDN load-balancing algorithm is triggered and applied to the call, which is then passed to an available HGW/LNS. You can modify this function by limiting the number of sessions supported on an HGW/LNS router and limiting the number of MLP bundles and links.
shows an example of one NAS/LAC directing calls to two HGW/LNS routers by using the L2TP tunneling protocol. Each router has a different number of supported sessions and works at a different speed. The NAS/LAC is counting the number of active simultaneous sessions sent to each HGW/LNS.
Figure 9
Home Gateway Load Sharing and Backup
In a standalone NAS environment (no RPMS server is used), the NAS has complete knowledge of the status of tunnel endpoints. Load balancing across endpoints is done by a "least-filled tunnel" or a "next-available round robin" approach. In an RPMS-controlled environment, RPMS has the complete knowledge of tunnel endpoints. However, the NAS still controls those tunnel endpoints selected by RPMS.
When load-balancing traffic across multiple endpoints (HGW/LNS), a standalone NAS uses the following search criteria:
1
Selects any idle endpoint—an HGW/LNS with no active sessions.
2
Selects an active endpoint that currently has a tunnel established with the NAS.
3
If all specified load-sharing routers are busy, the NAS selects the backup HGW.
If all endpoints are busy, the NAS reports that it cannot find an IP address to establish the call.
Note
This default search order criteria is independent of the Cisco Resource Pool Manager Server application scenario. A standalone NAS uses a different load-sharing algorithm than the Cisco Resource Pool Manager Server. This search criteria will change as future enhancements become available.
The following example configuration shows the use of VPDN load-sharing and backup with RPM:
vpdn enable!vpdn-group outgoing-2request dialin l2tp ip 172.16.1.9 dnis ACME_dnis_numberslocal name HQ-NASloadsharing ip 172.16.1.9 limit 200loadsharing ip 172.16.2.17 limit 50backup ip 172.16.3.22Verifying Call-Counter and Call-Detail Output
The following commands provide call-counter and call-detail output for the different RPM components. An example for each command follows.
•
show resource-pool call
•
show resource-pool customer
•
show resource-pool discriminator
•
show resource-pool resource
•
show dialer dnis {group | number}WORD
•
show resource-pool vpdn {group | profile} WORD
•
clear resource-pool {customer | discriminator | resource} {WORD | all}
show resource-pool call
The following output of the show resource-pool call command shows the details for all current calls, including the customer profile and resource group, and the matched DNIS group:
Router# show resource-pool callShelf 0, slot 0, port 0, channel 15, state RM_RPM_RES_ALLOCATEDCustomer profile ACME, resource group isdn-portsDNIS number 301001Shelf 0, slot 0, port 0, channel 14, state RM_RPM_RES_ALLOCATEDCustomer profile ACME, resource group isdn-portsDNIS number 301001Shelf 0, slot 0, port 0, channel 11, state RM_RPM_RES_ALLOCATEDCustomer profile ACME, resource group MICA-modemsDNIS number 301001show resource-pool customer
If you enter the show resource-pool customer command without including a customer profile name, a list of the current customer profile names appears. If you enter a customer profile name with the show resource-pool customer command, as in the example below, the call counters for the selected customer profile appear. These counters include historical data and can be cleared:
Router# show resource-pool customer ACME3 active connections41 calls accepted3 max number of simultaneous connections11 calls rejected due to profile limits2 calls rejected due to resource unavailable0 minutes spent with max connections5 overflow connections1 overflow states entered11 overflow connections rejected10 minutes spent in overflow214 minutes since last clear commandshow resource-pool discriminator
If you enter the show resource-pool discriminator command without including a call discriminator name, a list of the current call discriminator profiles appears. If you enter a call discriminator profile name with the show resource-pool discriminator command, the number of calls rejected by the selected call discriminator appears:
Router# show resource-pool discriminatorList of Call Discriminator Profiles:deny_DNISRouter# show resource-pool discriminator deny_DNIS1 calls rejectedshow resource-pool resource
If you enter the show resource-pool resource command without including a resource name, a list of the current resource names appears. If you enter a resource name is entered with the show resource-pool resource command, the call counters for the selected resource appear. These counters include historical data and can be cleared:
Router# show resource-pool resourceList of Resources:isdn-portsMICA-modemsRouter# show resource-pool resource isdn-ports46 resources in the resource group2 resources currently active8 calls accepted in the resource group2 calls rejected due to resource unavailable0 calls rejected due to resource allocation errorsshow dialer dnis
The following sample output of the show dialer dnis command shows the call counters for a given DNIS group. These counters include historical data and can be cleared:
Router# show dialer dnis group ACME_dnis_numbersDNIS Number:30100111 total connections5 peak connections0 calltype mismatchesshow resource-pool vpdn
The following sample output of the show resource-pool vpdn profile command shows the call counters for a given VPDN profile. These counters include historical data and can be cleared:
Router# show resource-pool vpdn profile ACME_VPDN2 active connections2 max number of simultaneous connections0 calls rejected due to profile limits0 calls rejected due to resource unavailable0 overflow connections0 overflow states entered0 overflow connections rejected215 minutes since last clear commandThe following sample output of the show resource-pool vpdn group command shows tunnel information for a given VPDN group:
Router# show resource-pool vpdn group outgoing-2VPDN Group outgoing-2 found under VPDN Profiles: ACME_VPDNTunnel (L2F)------dnis:301001dnis:ACME_dnis_numbersEndpoint Session Limit Priority Active Sessions Status Reserved Sessions-------- ------------- -------- --------------- ------ -----------------172.16.1.9 * 1 2 OK --------- ------------- --------------- -----------------Total * 2 0clear resource-pool
This command clears the call counters in the access server. Depending on what keywords you use, you can clear all resource pool counter statistics, or you can limit the clearing to specific parameters within different customer profiles, discriminators, or physical resources:
Router# clear resource-pool customer customer1Router# clear resource-pool discriminator customer3Router# clear resource-pool resource allTroubleshooting Resource Pool Management
Test and verify that ISDN, CAS, SS7, PPP, AAA, and VPDN are working properly before implementing RPM. Once RPM is implemented, the only commands needed for troubleshooting RPM are:
•
debug resource-pool
•
debug aaa authorization
Use the debug resource-pool command as the first step to ensure proper operation. It is usually sufficient in most cases. Use the debug aaa authorization command for troubleshooting VPDN and modem service problems.
When using the direct remote services implementation, first make sure the RPM is working. Then check the dial-in caller and users.
The following problems may occur:
•
No DNIS group found, or no customer profile uses a default DNIS
•
Call discriminator blocks the DNIS
•
Customer profile limits have been exceeded
•
Resource group limits have been exceeded
Note
Always enable the debug and log timestamps when troubleshooting RPM.
Checking the Resource Pool Connection
The following sample output of debug resource-pool shows a successful RPM connection. The entries in bold are of particular importance:
*Mar 1 02:14:57.439: RM state:RM_IDLE event:DIALER_INCALL DS0:0:0:0:21*Mar 1 02:14:57.439: RM: event incoming call*Mar 1 02:14:57.443: RM state:RM_DNIS_AUTHOR event:RM_DNIS_RPM_REQUEST DS0:0:0:0:21*Mar 1 02:14:57.447: RM:RPM event incoming call*Mar 1 02:14:57.459: RPM profile ACME found*Mar 1 02:14:57.487: RM state:RM_RPM_RES_AUTHOR event:RM_RPM_RES_AUTHOR_SUCCESSDS0:0:0:0:21*Mar 1 02:14:57.487: Allocated resource from res_group isdn-ports*Mar 1 02:14:57.491: RM:RPM profile "ACME", allocated resource "isdn-ports" successfully*Mar 1 02:14:57.495: RM state:RM_RPM_RES_ALLOCATING event:RM_RPM_RES_ALLOC_SUCCESS DS0:0:0:0:21*Mar 1 02:14:57.603: %LINK-3-UPDOWN: Interface Serial0:21, changed state to up*Mar 1 02:15:00.879: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0:21, changed state to upTroubleshooting DNIS Group Problems
The following output of the debug resource-pool command shows a customer profile that is not found for a particular DNIS group:
*Mar 1 00:38:21.011: RM state:RM_IDLE event:DIALER_INCALL DS0:0:0:0:3*Mar 1 00:38:21.011: RM: event incoming call*Mar 1 00:38:21.015: RM state:RM_DNIS_AUTHOR event:RM_DNIS_RPM_REQUEST DS0:0:0:0:3*Mar 1 00:38:21.019: RM:RPM event incoming call*Mar 1 00:38:21.103: RPM no profile found for call-type digital in default DNIS number*Mar 1 00:38:21.155: RM:RPM profile rejected do not allocate resource*Mar 1 00:38:21.155: RM state:RM_RPM_RES_AUTHOR event:RM_RPM_RES_AUTHOR_FAIL DS0:0:0:0:3*Mar 1 00:38:21.163: RM state:RM_RPM_DISCONNECTING event:RM_RPM_DISC_ACK DS0:0:0:0:3Troubleshooting Call Discriminator Problems
The following output of the debug resource-pool command shows an incoming call that is matched against a call discriminator profile:
*Mar 1 00:35:25.995: RM state:RM_IDLE event:DIALER_INCALL DS0:0:0:0:4*Mar 1 00:35:25.999: RM: event incoming call*Mar 1 00:35:25.999: RM state:RM_DNIS_AUTHOR event:RM_DNIS_RPM_REQUEST DS0:0:0:0:4*Mar 1 00:35:26.003: RM:RPM event incoming call*Mar 1 00:35:26.135: RM:RPM profile rejected do not allocate resource*Mar 1 00:35:26.139: RM state:RM_RPM_RES_AUTHOR event:RM_RPM_RES_AUTHOR_FAIL DS0:0:0:0:4*Mar 1 00:35:26.143: RM state:RM_RPM_DISCONNECTING event:RM_RPM_DISC_ACK DS0:0:0:0:4Troubleshooting Customer Profile Counts
The following output of the debug resource-pool command shows what happens once a customer profile's limits have been reached:
*Mar 1 00:43:33.275: RM state:RM_IDLE event:DIALER_INCALL DS0:0:0:0:9*Mar 1 00:43:33.279: RM: event incoming call*Mar 1 00:43:33.279: RM state:RM_DNIS_AUTHOR event:RM_DNIS_RPM_REQUEST DS0:0:0:0:9*Mar 1 00:43:33.283: RM:RPM event incoming call*Mar 1 00:43:33.295: RPM count exceeded in profile ACME*Mar 1 00:43:33.315: RM:RPM profile rejected do not allocate resource*Mar 1 00:43:33.315: RM state:RM_RPM_RES_AUTHOR event:RM_RPM_RES_AUTHOR_FAIL DS0:0:0:0:9*Mar 1 00:43:33.323: RM state:RM_RPM_DISCONNECTING event:RM_RPM_DISC_ACK DS0:0:0:0:9Troubleshooting Resource Group Counts
The following output of the debug resource-pool command shows the resources all in use within a resource group:
*Mar 1 00:52:34.411: RM state:RM_IDLE event:DIALER_INCALL DS0:0:0:0:19*Mar 1 00:52:34.411: RM: event incoming call*Mar 1 00:52:34.415: RM state:RM_DNIS_AUTHOR event:RM_DNIS_RPM_REQUEST DS0:0:0:0:19*Mar 1 00:52:34.419: RM:RPM event incoming call*Mar 1 00:52:34.431: RPM profile ACME found*Mar 1 00:52:34.455: RM state:RM_RPM_RES_AUTHOR event:RM_RPM_RES_AUTHOR_SUCCESS DS0:0:0:0:19*Mar 1 00:52:34.459: All resources in res_group isdn-ports are in use*Mar 1 00:52:34.463: RM state:RM_RPM_RES_ALLOCATING event:RM_RPM_RES_ALLOC_FAIL DS0:0:0:0:19*Mar 1 00:52:34.467: RM:RPM failed to allocate resources for "ACME"Checking the RPM/VPDN Connection
The following sample output of debug resource-pool shows a successful RPM/VPDN connection. The entries in bold are of particular importance:
*Mar 1 00:15:53.639: Se0:10 RM/VPDN/rm-session-request: Allocated vpdn info for domain NULL MLP Bundle SOHO*Mar 1 00:15:53.655: RM/VPDN/ACME_VPDN: VP LIMIT/ACTIVE/RESERVED/OVERFLOW are now 6/0/0/0*Mar 1 00:15:53.659: RM/VPDN/ACME_VPDN: Session reserved for outgoing-2*Mar 1 00:15:53.695: Se0:10 RM/VPDN: Session has been authorized using dnis:ACME_dnis_numbers*Mar 1 00:15:53.695: Se0:10 RM/VPDN/session-reply: NAS name HQ-NAS*Mar 1 00:15:53.699: Se0:10 RM/VPDN/session-reply: Endpoint addresses 172.16.1.9*Mar 1 00:15:53.703: Se0:10 RM/VPDN/session-reply: VPDN tunnel protocol l2f*Mar 1 00:15:53.703: Se0:10 RM/VPDN/session-reply: VPDN Group outgoing-2*Mar 1 00:15:53.707: Se0:10 RM/VPDN/session-reply: VPDN domain dnis:ACME_dnis_numbers*Mar 1 00:15:53.767: RM/VPDN: MLP Bundle SOHO Session Connect with 1 Endpoints:*Mar 1 00:15:53.771: IP 172.16.1.9 OK*Mar 1 00:15:53.771: RM/VPDN/rm-session-connect/ACME_VPDN: VP LIMIT/ACTIVE/RESERVED/OVERFLOW are now 6/1/0/0*Mar 1 00:15:54.815: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0:10, changed state to up*Mar 1 00:15:57.399: %ISDN-6-CONNECT: Interface Serial0:10 is now connected to SOHOFollowing are some VPDN problems that typically might occur:
•
Customer profile is not associated with a VPDN profile or VPDN group (the call will be locally terminated in this case. Regular VPDN can still succeed even if RPM/VPDN fails).
•
VPDN profile limits have been reached (call answered but disconnected).
•
VPDN group limits have been reached (call answered but disconnected).
•
VPDN end point is not reachable (call answered but disconnected).
Troubleshooting Customer/VPDN Profile
The following sample output of debug resource-pool indicates that there is no VPDN group associated with an incoming DNIS group. However, the output of debug resource-pool, as shown here, does not effectively reflect the problem:
*Mar 1 03:40:16.483: Se0:15 RM/VPDN/rm-session-request: Allocated vpdn info for domain NULL MLP Bundle SOHO*Mar 1 03:40:16.515: Se0:15 RM/VPDN/rm-session-request: Authorization failed*Mar 1 03:40:16.527: %VPDN-6-AUTHORERR: L2F NAS HQ-NAS cannot locate a AAA server for Se0:15 user SOHO*Mar 1 03:40:16.579: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up*Mar 1 03:40:17.539: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0:15, changed state to up*Mar 1 03:40:17.615: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to up*Mar 1 03:40:19.483: %ISDN-6-CONNECT: Interface Serial0:15 is now connected to SOHO
Note
Whenever the debug resource-pool command offers no further assistance besides the indication that authorization has failed, enter the debug aaa authorization command to further troubleshoot the problem.
The following sample shows output for the debug aaa authorization command:
*Mar 1 04:03:49.846: Se0:19 RM/VPDN/rm-session-request: Allocated vpdn info for domain NULL MLP Bundle SOHO*Mar 1 04:03:49.854: Se0:19 AAA/AUTHOR/RM vpdn-session (3912941997): Port='DS0:0:0:0:19' list='default' service=RM*Mar 1 04:03:49.858: AAA/AUTHOR/RM vpdn-session: Se0:19 (3912941997) user='301001'*Mar 1 04:03:49.862: Se0:19 AAA/AUTHOR/RM vpdn-session (3912941997): send AV service=resource-management*Mar 1 04:03:49.866: Se0:19 AAA/AUTHOR/RM vpdn-session (3912941997): send AV protocol=vpdn-session*Mar 1 04:03:49.866: Se0:19 AAA/AUTHOR/RM vpdn-session (3912941997): send AV rm-protocol-version=1.0*Mar 1 04:03:49.870: Se0:19 AAA/AUTHOR/RM vpdn-session (3912941997): send AV rm-nas-state=3278356*Mar 1 04:03:49.874: Se0:19 AAA/AUTHOR/RM vpdn-session (3912941997): send AV rm-call-handle=27*Mar 1 04:03:49.878: Se0:19 AAA/AUTHOR/RM vpdn-session (3912941997): send AV multilink-id=SOHO*Mar 1 04:03:49.878: Se0:19 AAA/AUTHOR/RM vpdn-session (3912941997): found list "default"*Mar 1 04:03:49.882: Se0:19 AAA/AUTHOR/RM vpdn-session (3912941997): Method=LOCAL*Mar 1 04:03:49.886: Se0:19 AAA/AUTHOR/RM/local (3912941997): Received AV service=resource-management*Mar 1 04:03:49.890: Se0:19 AAA/AUTHOR/RM/local (3912941997): Received AV protocol=vpdn-session*Mar 1 04:03:49.890: Se0:19 AAA/AUTHOR/RM/local (3912941997): Received AV rm-protocol-version=1.0*Mar 1 04:03:49.894: Se0:19 AAA/AUTHOR/RM/local (3912941997): Received AV rm-nas-state=3278356*Mar 1 04:03:49.898: Se0:19 AAA/AUTHOR/RM/local (3912941997): Received AV rm-call-handle=27*Mar 1 04:03:49.902: Se0:19 AAA/AUTHOR/RM/local (3912941997): Received AV multilink-id=SOHO*Mar 1 04:03:49.906: Se0:19 AAA/AUTHOR/VPDN/RM/LOCAL: Customer ACME has no VPDN group for session dnis:ACME_dnis_numbers*Mar 1 04:03:49.922: Se0:19 AAA/AUTHOR (3912941997): Post authorization status = FAILTroubleshooting VPDN Profile Limits
The following output of the debug resource-pool command shows that VPDN profile limits have been reached:
*Mar 1 04:57:53.762: Se0:13 RM/VPDN/rm-session-request: Allocated vpdn info for domain NULL MLP Bundle SOHO*Mar 1 04:57:53.774: RM/VPDN/ACME_VPDN: VP LIMIT/ACTIVE/RESERVED/OVERFLOW are now 0/0/0/0*Mar 1 04:57:53.778: RM/VPDN/ACME_VPDN: Session outgoing-2 rejected due to Session Limit*Mar 1 04:57:53.798: Se0:13 RM/VPDN/rm-session-request: Authorization failed*Mar 1 04:57:53.802: %VPDN-6-AUTHORFAIL: L2F NAS HQ-NAS, AAA authorization failure for Se0:13 user SOHO; At Session Max*Mar 1 04:57:53.866: %ISDN-6-DISCONNECT: Interface Serial0:13 disconnected from SOHO, call lasted 2 seconds*Mar 1 04:57:54.014: %LINK-3-UPDOWN: Interface Serial0:13, changed state to down*Mar 1 04:57:54.050: RM state:RM_RPM_RES_ALLOCATED event:DIALER_DISCON DS0:0:0:0:13*Mar 1 04:57:54.054: RM:RPM event call drop*Mar 1 04:57:54.054: Deallocated resource from res_group isdn-portsTroubleshooting VPDN Group Limits
The following output of the debug resource-pool command shows that VPDN group limits have been reached. From this output, it is not readily obvious what the problem is. Enable the debug aaa authorization command to troubleshoot further (see "Using the debug aaa authorization Command" on page 40 for more information):
*Mar 1 05:02:22.314: Se0:17 RM/VPDN/rm-session-request: Allocated vpdn info for domain NULL MLP Bundle SOHO*Mar 1 05:02:22.334: RM/VPDN/ACME_VPDN: VP LIMIT/ACTIVE/RESERVED/OVERFLOW are now 5/0/0/0*Mar 1 05:02:22.334: RM/VPDN/ACME_VPDN: Session reserved for outgoing-2*Mar 1 05:02:22.358: Se0:17 RM/VPDN/rm-session-request: Authorization failed*Mar 1 05:02:22.362: %VPDN-6-AUTHORFAIL: L2F NAS HQ-NAS, AAA authorization failure for Se0:17 user SOHO; At Multilink Bundle Limit*Mar 1 05:02:22.374: %ISDN-6-DISCONNECT: Interface Serial0:17 disconnected from SOHO, call lasted 2 seconds*Mar 1 05:02:22.534: %LINK-3-UPDOWN: Interface Serial0:17, changed state to down*Mar 1 05:02:22.570: RM state:RM_RPM_RES_ALLOCATED event:DIALER_DISCON DS0:0:0:0:17*Mar 1 05:02:22.574: RM:RPM event call drop*Mar 1 05:02:22.574: Deallocated resource from res_group isdn-portsTroubleshooting VPDN Endpoint Problems
The following output of the debug resource-pool command shows that the IP endpoint for the VPDN group is not reachable:
*Mar 1 05:12:22.330: Se0:21 RM/VPDN/rm-session-request: Allocated vpdn info for domain NULL MLP Bundle SOHO*Mar 1 05:12:22.346: RM/VPDN/ACME_VPDN: VP LIMIT/ACTIVE/RESERVED/OVERFLOW are now 5/0/0/0*Mar 1 05:12:22.350: RM/VPDN/ACME_VPDN: Session reserved for outgoing-2*Mar 1 05:12:22.382: Se0:21 RM/VPDN: Session has been authorized using dnis:ACME_dnis_numbers*Mar 1 05:12:22.386: Se0:21 RM/VPDN/session-reply: NAS name HQ-NAS*Mar 1 05:12:22.386: Se0:21 RM/VPDN/session-reply: Endpoint addresses 172.16.1.99*Mar 1 05:12:22.390: Se0:21 RM/VPDN/session-reply: VPDN tunnel protocol l2f*Mar 1 05:12:22.390: Se0:21 RM/VPDN/session-reply: VPDN Group outgoing-2*Mar 1 05:12:22.394: Se0:21 RM/VPDN/session-reply: VPDN domain dnis:ACME_dnis_numbers*Mar 1 05:12:25.762: %ISDN-6-CONNECT: Interface Serial0:21 is now connected to SOHO*Mar 1 05:12:27.562: %VPDN-5-UNREACH: L2F HGW 172.16.1.99 is unreachable*Mar 1 05:12:27.578: RM/VPDN: MLP Bundle SOHO Session Connect with 1 Endpoints:*Mar 1 05:12:27.582: IP 172.16.1.99 Destination unreachableUsing the debug aaa authorization Command
In general, the debug aaa authorization command is not required for RPM troubleshooting—unless debug resource-pool is too vague.
Typically, debug aaa authorization is more useful for troubleshooting with RPMS:
Router# debug aaa authorizationAAA Authorization debugging is onRouter# show debugGeneral OS:AAA Authorization debugging is onResource Pool:resource-pool general debugging is onThe following output of the debug resource-pool and debug aaa authorization commands shows a successful RPM connection:
*Mar 1 06:10:35.450: AAA/MEMORY: create_user (0x723D24) user='301001' ruser=''port='DS0:0:0:0:12' rem_addr='102' authen_type=NONE service=NONE priv=0*Mar 1 06:10:35.462: DS0:0:0:0:12 AAA/AUTHOR/RM call-accept (2784758907): Port='DS0:0:0:0:12' list='default' service=RM*Mar 1 06:10:35.466: AAA/AUTHOR/RM call-accept: DS0:0:0:0:12 (2784758907) user= '301001'*Mar 1 06:10:35.470: DS0:0:0:0:12 AAA/AUTHOR/RM call-accept (2784758907): send AV service=resource-management*Mar 1 06:10:35.470: DS0:0:0:0:12 AAA/AUTHOR/RM call-accept (2784758907): send AV protocol=call-accept*Mar 1 06:10:35.474: DS0:0:0:0:12 AAA/AUTHOR/RM call-accept (2784758907): send AV rm-protocol-version=1.0*Mar 1 06:10:35.478: DS0:0:0:0:12 AAA/AUTHOR/RM call-accept (2784758907): send AV rm-nas-state=7513368*Mar 1 06:10:35.482: DS0:0:0:0:12 AAA/AUTHOR/RM call-accept (2784758907): send AV rm-call-type=speech*Mar 1 06:10:35.486: DS0:0:0:0:12 AAA/AUTHOR/RM call-accept (2784758907): send AV rm-request-type=dial-in*Mar 1 06:10:35.486: DS0:0:0:0:12 AAA/AUTHOR/RM call-accept (2784758907): send AV rm-link-type=isdn*Mar 1 06:10:35.490: DS0:0:0:0:12 AAA/AUTHOR/RM call-accept (2784758907): found list "default"*Mar 1 06:10:35.494: DS0:0:0:0:12 AAA/AUTHOR/RM call-accept (2784758907): Method=LOCAL*Mar 1 06:10:35.498: DS0:0:0:0:12 AAA/AUTHOR/RM/local (2784758907): Received DNIS=301001*Mar 1 06:10:35.498: DS0:0:0:0:12 AAA/AUTHOR/RM/local (2784758907): Received CLID=102*Mar 1 06:10:35.502: DS0:0:0:0:12 AAA/AUTHOR/RM/local (2784758907): Received Port=DS0:0:0:0:12*Mar 1 06:10:35.506: DS0:0:0:0:12 AAA/AUTHOR/RM/local (2784758907): Received AV service=resource-management*Mar 1 06:10:35.510: DS0:0:0:0:12 AAA/AUTHOR/RM/local (2784758907): Received AV protocol=call-accept*Mar 1 06:10:35.510: DS0:0:0:0:12 AAA/AUTHOR/RM/local (2784758907): Received AV rm-protocol-version=1.0*Mar 1 06:10:35.514: DS0:0:0:0:12 AAA/AUTHOR/RM/local (2784758907): Received AV rm-nas-state=7513368*Mar 1 06:10:35.518: DS0:0:0:0:12 AAA/AUTHOR/RM/local (2784758907): Received AV rm-call-type=speech*Mar 1 06:10:35.522: DS0:0:0:0:12 AAA/AUTHOR/RM/local (2784758907): Received AV rm-request-type=dial-in*Mar 1 06:10:35.526: DS0:0:0:0:12 AAA/AUTHOR/RM/local (2784758907): Received AV rm-link-type=isdn*Mar 1 06:10:35.542: AAA/AUTHOR (2784758907): Post authorization status = PASS_REPL*Mar 1 06:10:35.546: DS0:0:0:0:12 AAA/AUTHOR/RM/call-accept (2784758907): Processing AV service=resource-management*Mar 1 06:10:35.550: DS0:0:0:0:12 AAA/AUTHOR/RM/call-accept (2784758907): Processing AV protocol=call-accept*Mar 1 06:10:35.554: DS0:0:0:0:12 AAA/AUTHOR/RM/call-accept (2784758907): Processing AV rm-protocol-version=1.0*Mar 1 06:10:35.558: DS0:0:0:0:12 AAA/AUTHOR/RM/call-accept (2784758907): Processing AV rm-response-code=overflow*Mar 1 06:10:35.558: DS0:0:0:0:12 AAA/AUTHOR/RM/call-accept (2784758907): Processing AV rm-call-handle=47*Mar 1 06:10:35.562: DS0:0:0:0:12 AAA/AUTHOR/RM/call-accept (2784758907): Processing AV rm-call-count=2*Mar 1 06:10:35.566: DS0:0:0:0:12 AAA/AUTHOR/RM/call-accept (2784758907): Processing AV rm-cp-name=ACME*Mar 1 06:10:35.570: DS0:0:0:0:12 AAA/AUTHOR/RM/call-accept (2784758907): Processing AV rm-rg-name#0=MICA-modems*Mar 1 06:10:35.574: DS0:0:0:0:12 AAA/AUTHOR/RM/call-accept (2784758907): Processing AV rm-rg-service-name#0=gold*Mar 1 06:10:35.578: DS0:0:0:0:12 AAA/AUTHOR/RM/call-accept (2784758907): Processing AV rm-call-treatment=busy*Mar 1 06:10:35.582: DS0:0:0:0:12 AAA/AUTHOR/RM/call-accept (2784758907): Processing AV rm-call-type=speechCommand Reference
This section documents the new or modified commands for the resource pool management feature. All other commands are documented in the Cisco IOS Release 12.0 Command Reference.
•
dnis
•
resource-pool aaa accounting ppp
•
resource-pool profile customer
•
resource-pool profile discriminator
•
resource-pool profile service
•
show resource-pool discriminator
aaa group-configuration
To associate a AAA server group with an interface or customer profile, enter the aaa group-configuration interface or customer profile sub-command. To disable the configuration, enter the no form of this command.
aaa group-configuration aaa-group-name
no aaa group-configuration aaa-group-name
Syntax Description
Defaults
No default behavior or values.
Command Modes
Interface
Customer profile subcommand
Command History
Usage Guidelines
The AAA server group feature introduces a way to group existing server hosts. The feature enables you to select a subset of the configured server hosts and use them for a particular service.
A server group is a list of server hosts of a particular type. Currently supported server host types are RADIUS server hosts and TACACS+ server hosts. A server group is used with a global server host list. The server group lists the IP addresses of the selected server hosts.
Example
The following example shows a AAA server group by the name of radius-3 being associated with a customer profile by the name of acme.
Router(config)# resource-pool profile customer acmeRouter(config-customer-profi)# aaa group-configuration radius-3Related Commands
backup
To configure an IP backup endpoint address, enter the backup VPDN group configuration command. To remove this function, enter the no form of this command.
backup ip ip-address [limit number [priority number]]
no backup ip ip-address [limit number [priority number]]
Syntax Description
Defaults
No default behavior or values. This function is used only if it is configured.
Command Modes
VPDN group configuration
Command History
Release Modification12.0(4)XI
This command was introduced in Cisco IOS Release 12.0(4)XI1 and applies to Cisco AS5200s and Cisco AS5300s only.
Usage Guidelines
Use the backup VPDN group configuration command to configure an IP backup endpoint address.
Examples
The following example shows that the backup command is not available in the command line interface until you enter the request dialin command:
Router(config)# vpdn-group customer1-vpdngroupRouter(config-vpdn)# ?VPDN group configuration commands:accept Accept a tunnel open requestdefault Set a command to its defaultsexit Exit from VPDN group configuration modeno Negate a command or set its defaultsrequest Request to open a tunnelRouter(config-vpdn)# request dialin l2tp ip 10.2.2.2 domain customerxRouter(config-vpdn)# ?VPDN group configuration commands:backup Add backup addressdefault Set a command to its defaultsdnis Accept a DNIS tunneldomain Accept a domain tunnelexit Exit from VPDN group configuration modeforce-local-chap Force a CHAP challenge to be instigated locallyl2tp L2TP specific commandslcp LCP specific commandsloadsharing Add loadsharing addresslocal local information, like namemultilink Configure limits for Multilinkno Negate a command or set its defaultsrequest Request to open a tunnelThe following example shows an IP backup endpoint address of 10.1.1.1 configured with a backup session limit of 5:
Router(config-vpdn)# backup ip 10.1.1.1 limit 5Related Commands
Command Descriptionrequest dialin
Specifies a dial-in L2F or L2TP tunnel to a remote peer if a dial-in request is received for a specified domain or Dialed Number Information Service (DNIS).
call progress tone
To specify the country code for retrieving the call progress tone parameters from the call progress tone database, enter the call progress tone configuration mode command. To cancel the previous setting and to generate the call progress tones according to modem settings, enter the no version of this command.
call progress tone country country-name
no call progress tone country country-name
Syntax Description
Defaults
Modem default settings. (Generally northamerica for Cisco IOS Release versions earlier than release 12.0(3)XG; us for 12.0(3)XG and later releases.)
Command Modes
Configuration mode
Command History
Usage Guidelines
Use the call progress tone configuration command to specify the country for call progress tone generation. While in many cases the country is chosen automatically based on the modem setting, automatic selection won't work for all users because many modems do not support all countries and many users choose the "us" or "default-t1" or "default-e1" setting on their modem.
This command affects the tones generated at the local interface and does not affect any information passed to the remote end of a connection or any tones generated at the remote end of a connection.
For dial platforms (AS5200, AS5300, and AS5800), call progress tones are used only for the resource pool management application. Resource pool management assumes that the call progress tone selection is global. Select only one call progress tone set for the whole box, and it will globally override country settings on all ports.
Examples
The following example shows the call progress tone set for Japan tone parameters:
Router(config)# call progress tone country japanRouter(config)# exitRelated Commands
Command Descriptionshow call progress
Displays the contents of the internal call progress tone database.
call-type
To reject particular types of calls, enter the call-type call discriminator command. Enter the no form of this command to disable this feature.
call-type {all | digital | speech | v110 | v120}
no call-type {all | digital | speech | v110 | v120}
Syntax Description
all
Rejects all calls.
digital
Rejects digital calls.
speech
Rejects speech calls.
v110
Rejects V.110 calls.
v120
Rejects V.120 calls.
Defaults
All calls are accepted by the network access server.
Command Modes
Call discriminator profile configuration
Command History
Usage Guidelines
Use the call-type call discriminator command to reject particular types of calls. Call type "all" is mutually exclusive for all other call types. If call type "all" is set in the discriminator, no other call types are allowed. Also, once a DNIS is associated with a call type in a discriminator, it cannot be used in any other discriminator.
Examples
The following example shows the call discriminator being configured to reject speech calls for the call discriminator profile named userd3:
Router(config)# resource-pool profile discriminator userd3Router(config-call-discrim)# call-type speechRouter(config-call-discrim)#Related Commands
None
call-type cas
To statically set the call-type override for incoming channel-associated signalling (CAS) calls, enter the call-type cas DNIS group configuration command. Enter the no form of this command to disable this service.
call-type cas {digital | speech}
no call-type cas {digital | speech}
Syntax Description
Default
None.
Command Mode
DNIS group configuration
Command History
Usage Guidelines
Use the call-type cas DNIS group configuration command to set the call-type override. From the resource pooling call-type perspective, use CT1 (CAS) to support either analog calls (speech) or digital calls (switched 56K).
Switched 56K calls are digital calls that connect to HDLC framers. Unlike ISDN, it is impossible to communicate the call type in CT1. Therefore, switched 56K services in CT1 can be differentiated by the DNIS numbers. This command identifies that the call arriving with the DNIS in the DNIS group is assigned to the call type specified in the command.
Examples
The following example shows the DNIS group configuration mode being accessed to use the call-type cas command to set the call type override for CAS to speech:
Router(config)# dialer dnis group modem-group1Router(config-called-group)# call-type cas speechRelated Commands
None
clear dialer dnis
To reset the counter statistics associated with a specific DNIS group or number, enter the clear dialer dnis EXEC command. There is no no form of this command.
clear dialer dnis {group name | number number}
Syntax Description
Defaults
None.
Command Modes
Privileged EXEC
Command History
Usage Guidelines
Use the clear dialer dnis EXEC command to reset the counter statistics associated with a specific DNIS group or number. This command clears the counters for a DNIS group to reset the counter statistics associated with a specific DNIS group or number. If an ISP is charging a customer for the number of calls to a DNIS, it can clear the number after a week or month by using this command.
Examples
The following example shows the result of using the clear dialer dnis command for the DNIS group named dg1. Note that the counters have been cleared after the clear dialer dnis command has been entered:
Router# show dialer dnis group dg1DNIS Number:710284 total connections3 peak connections1 calltype mismatchesDNIS Number:41562665418 total connections5 peak connections0 calltype mismatchesDNIS Number:40855416283 total connections2 peak connections0 calltype mismatchesDNIS Number:710172 total connections1 peak connections0 calltype mismatchesRouter# clear dialer dnis group dg1Router# show dialer dnis group dg1DNIS Number:710280 total connections0 peak connections0 calltype mismatchesDNIS Number:41562665410 total connections0 peak connections0 calltype mismatchesDNIS Number:40855416280 total connections0 peak connections0 calltype mismatchesDNIS Number:710170 total connections0 peak connections0 calltype mismatchesRelated Commands
clear resource-pool
To reset the counter statistics associated with a specific customer profile, call discriminator, or physical resource, enter the clear resource-pool privileged EXEC command. There is no no version of this command.
clear resource-pool {customer | discriminator | resource} {name | all}
Syntax Description
Defaults
None.
Command Modes
Privileged EXEC
Command History
Usage Guidelines
Enter the clear resource-pool privileged EXEC command to reset the counter statistics associated with a specific customer profile, call discriminator, or physical resource.
Examples
The following example shows the use of the clear resource-pool command for the specific customer named customer-isp:
Router# clear resource-pool customer ?WORD Customer profile nameall Clear all customer profilesRouter# clear resource-pool customer customer_ispRouter#Related Commands
dialer dnis group
To create a DNIS group, enter the dialer dnis group global configuration command. Enter the no form of this command to remove a specific DNIS group from the running configuration.
dialer dnis group name
no dialer dnis group name
Syntax Description
Defaults
A dialer DNIS group named default.
Command Modes
Global configuration
Command History
Usage Guidelines
Use the dialer dnis group global configuration command to create a DNIS group. This command enables you to create and populate a DNIS group, which is then added to a profile (customer or discriminator) by using the dnis group command within that profile's configuration mode.
Examples
The following example shows a specific DNIS group named modem-group1 being created with the options available for further configuration:
Router(config)# dialer dnis group modem-group1Router(config-dnis-group)# ?Dialer Called Configuration Commands:call-type set call-type overridedefault Set a command to its defaultsexit Exit from dialer configuration modehelp Description of the interactive help systemno Negate a command or set its defaultsnumber Enter number in dnis groupIn the following example, a customer profile called isp_1 is created, a DNIS group called dnis_isp_1 is associated with the customer profile, and DNIS numbers 1234 and 5678 are assigned to the DNIS group. Only DNIS numbers 1234 and 5678 are allocated physical resources by the isp_1 customer profile, which counts and manages the resources for these two DNIS numbers and ignores all other DNIS numbers:
Router(config)# resource-pool profile customer isp_1Router(config-customer-pro)# dnis group dnis_isp_1 Router(config-customer-pro)# exitRouter(config)# dialer dnis group dnis_isp_1Router(config-called-group)# number 1234Router(config-called-group)# number 5678Related Commands
Command Descriptionresource-pool profile
Creates a customer profile.
dnis group
Includes a group of DNIS numbers in a customer profile.
dnis
To support additional DNIS for a specific VPDN tunnel, enter the dnis VPDN group configuration command. To remove a DNIS from a VPDN group, enter the no form of this command.
Note
When resource pool management is enabled, this command uses the keyword designator dnis-group-name. When resource pool management is disabled, this command uses the keyword designator dnis-number.
dnis dnis-group-name
no dnis dnis-group-name
Syntax Description
Default
Disabled.
Command Mode
VPDN group configuration
Command History
Usage Guidelines
Use the dnis VPDN group configuration command to support additional DNIS for a specific VPDN tunnel. The dnis command is available in the command line interface after you enter the request dialin command for the first time. DNIS allows a VPDN tunnel to be authorized by using the DNIS number or DNIS group name.
Note
Configure the vpdn group command with the request dialin command to enable VPDN. The requestor initiates a dial-in tunnel. The acceptor accepts a request for a dial-in tunnel.
Examples
The following example shows multiple DNISs tunneling to one HGW/LNS router at 10.1.1.1. Note that the dnis command does not appear in the command line interface until you enter the request dialin command:
Router(config)# vpdn-group california_usersRouter(config-vpdn)# ?VPDN group configuration commands:accept Accept a tunnel open requestdefault Set a command to its defaultsexit Exit from VPDN group configuration modeno Negate a command or set its defaultsrequest Request to open a tunnelRouter(config-vpdn)# request dialin l2tp ip 10.1.1.1 dnis 1234Router(config-vpdn)# ?VPDN group configuration commands:backup Add backup addressdefault Set a command to its defaultsdnis Accept a DNIS tunneldomain Accept a domain tunnelexit Exit from VPDN group configuration modeforce-local-chap Force a CHAP challenge to be instigated locallyl2tp L2TP specific commandslcp LCP specific commandsloadsharing Add loadsharing addresslocal local information, like namemultilink Configure limits for Multilinkno Negate a command or set its defaultsrequest Request to open a tunnelRouter(config-vpdn)# dnis 5678Router(config-vpdn)# dnis 9101Router(config-vpdn)# dnis 1121Router(config-vpdn)# ^ZRelated Commands
Command Descriptionrequest dialin
Specifies a dial-in L2F or L2TP tunnel to a remote peer if a dial-in request is received for a specified domain or Dialed Number Information Service (DNIS).
dnis group
To include a group of DNIS numbers in a customer profile, enter the dnis group customer profile configuration command. Enter the no form of this command to remove a DNIS group from a customer profile.
dnis group {default | name name}
no dnis group {default | name name}
Syntax Description
Defaults
No DNIS groups are associated with a customer profile.
Command Modes
Customer profile configuration
Command History
Usage Guidelines
Use the dnis group customer profile configuration command to include a group of DNIS numbers in a customer profile or discriminator:
Examples
The following example includes the DNIS group called "customer1dnis" in the "customer1" customer profile:
router(config)# resource-pool profile customer customer1router(config-customer-profile)# dnis group customer1dnisRelated Commands
Command Descriptiondialer dnis group
Creates a DNIS group.
resource-pool profile
Creates a customer profile.
domain
To support additional domain names for a specific VPDN group, enter the domain VPDN group configuration command. To remove a domain name from a VPDN group, enter the no form of this command.
domain name
no domain name
Syntax Description
Defaults
This function will be used if it is configured. Otherwise, it is disabled.
Command Modes
VPDN group configuration
Command History
Usage Guidelines
Use the domain VPDN group configuration command to support additional domain names for a specific VPDN group. The domain command becomes available in the command line interface after you enter the request dialin command for the first time. The domain command allows a VPDN tunnel to be authorized by using the domain name.
Note
Configure the vpdn group command with the request dialin command to enable VPDN. The requestor initiates a dial-in tunnel.
Examples
The following example shows multiple domains tunneling to one HGW/LNS router at 10.1.1.1. Note that the domain command does not appear in the command line interface until you enter the request dialin command:
Router(config)# vpdn-group california_usersRouter(config-vpdn)# ?VPDN group configuration commands:accept Accept a tunnel open requestdefault Set a command to its defaultsexit Exit from VPDN group configuration modeno Negate a command or set its defaultsrequest Request to open a tunnelRouter(config-vpdn)# request dialin l2tp ip 10.1.1.1 domain la.comRouter(config-vpdn)# ?VPDN group configuration commands:backup Add backup addressdefault Set a command to its defaultsdnis Accept a DNIS tunneldomain Accept a domain tunnelexit Exit from VPDN group configuration modeforce-local-chap Force a CHAP challenge to be instigated locallyl2tp L2TP specific commandslcp LCP specific commandsloadsharing Add loadsharing addresslocal local information, like namemultilink Configure limits for Multilinkno Negate a command or set its defaultsrequest Request to open a tunnelRouter(config-vpdn)# domain sandiego.comRouter(config-vpdn)# domain sanjose.comRouter(config-vpdn)# domain sf.comRelated Commands
Command Descriptionrequest dialin
Specifies a dial-in L2F or L2TP tunnel to a remote peer if a dial-in request is received for a specified domain or Dialed Number Information Service (DNIS).
limit base-size
To define the base number of simultaneous connections that can be done in a single customer or VPDN profile, enter the limit base-size customer profile configuration command. Enter the no form of this command to remove the limitation.
limit base-size {number | all}
no limit base-size {number | all}
Syntax Description
Defaults
No limits are set for a customer profile. The base size is set to all.
Command Modes
Customer profile configuration/VPDN profile configuration
Command History
Usage Guidelines
Use the limit base-size customer or VPDN profile configuration command to define the base number of simultaneous connections in a single customer or VPDN profile. The session limit applies to all the physical resource groups and pools configured in a single customer profile. If you want to define the number of overflow calls granted to a customer profile by using the command limit overflow-size, do not set the command limit base-size to "all." Instead, specify a number for limit base-size.
Examples
The following example shows the limits of the total number of simultaneous connections to a base size of 48:
router(config)# resource-pool profile customer customer1_isprouter(config-customer-profile)# limit base-size 48Related Commands
Command Descriptionresource-pool profile
Creates a customer profile.
limit overflow-size
Defines the number of overflow sessions allowed by a single customer profile.
limit overflow-size
To define the number of overflow calls granted to one customer or VPDN profile, enter the limit overflow-size customer profile configuration command. Enter the no form of this command to remove the overflow configuration.
limit overflow-size {number | all}
no limit overflow-size {number | all}
Syntax Description
Defaults
The overflow size is set to 0.
Command Modes
Customer profile configuration/VPDN profile configuration
Command History
Usage Guidelines
Use the limit overflow-size customer or VPDN profile configuration command to define the number of overflow calls granted to one customer or VPDN profile. The overflow is not applied if the limit base-size command is set to "all".
Examples
The following example shows 20 overflow calls granted to the customer profile called customer1_isp:
router(config)# resource-pool profile customer customer1_isprouter(config-customer-profile)# limit overflow-size 20Related Commands
Command Descriptionresource-pool profile
Creates a customer profile.
limit base-size
Defines the base number of simultaneous standard sessions allowed by a single customer profile.
loadsharing
To configure endpoints for loadsharing, enter the loadsharing VPDN group configuration command. To remove this function, enter the no form of this command.
loadsharing ip ip-address [limit number]
no loadsharing ip ip-address [limit number]
Syntax Description
Defaults
This function is not used when not configured.
Command Modes
VPDN group configuration
Command History
Usage Guidelines
Use the loadsharing VPDN group configuration command to configure endpoints for loadsharing.
Examples
In the following example, one VPDN group called customer1-vpdng is created. L2TP IP traffic is loadshared between two HGW/LNSs. The IP addresses for the HGW/LNS's WAN ports are 172.21.9.67 and 172.21.9.68. The characteristics for 172.21.9.67 are defined by using the request dialin command. The characteristics for 172.21.9.68 are defined by using the loadsharing command.
A backup home-gateway router is specified at 172.21.9.69 by using the backup command. This router serves as a backup device for two load-sharing HGW/LNS:
!vpdn-group customer1-vpdngrequest dialin l2tp ip 172.21.9.67 domain cisco.comloadsharing ip 172.21.9.68 limit 100backup ip 172.21.9.69 priority 5domain cisco2.com!Related Commands
Command Descriptionrequest dialin
Specifies a dial-in L2F or L2TP tunnel to a remote peer if a dial-in request is received for a specified domain or Dialed Number Information Service (DNIS).
modem min-speed max-speed
To configure various modem-service parameters, enter the modem min-speed max-speed service profile configuration command. Enter the no form of this command to remove modem parameters.
modem min-speed {speed | any} max-speed {speed | any [modulation value]}
no modem min-speed {speed | any} max-speed {speed | any [modulation value]}
Syntax Description
Defaults
No modem service parameters are defined by default. Any default services provided by the modems will be available.
Command Modes
Service profile configuration
Command History
Usage Guidelines
Use the modem min-speed max-speed service profile configuration command to configure various modem-service parameters:
Examples
The following example shows the modem service parameters for the service profile named user1sample configured for a minimum speed of any, a maximum speed of any, and a modulation of k56flex.
Router(config)# resource-pool profile service user1sampleRouter(config-service-prof)# modem min-speed any max-speed any modulation k56flexRelated Commands
None
multilink
To limit sessions authorized for all multilink users, enter the multilink VPDN group configuration command. To remove this function, enter the no form of this command.
multilink {bundle number | link number}
no multilink {bundle number | link number}
Syntax Description
Defaults
No limit is set.
Command Modes
VPDN group configuration
Command History
Usage Guidelines
Use the multilink VPDN group configuration command to limit sessions authorized for all multilink users. Each user requires one bundle—regardless if the user is a remote modem client or an ISDN client.
One modem client using one B channel requires one link. One ISDN BRI node may require up to two links for one BRI line connection. The second B channel of an ISDN BRI node comes up when the maximum threshold is exceeded.
Examples
The following example shows a VPDN group called joe_eastcoast. An L2TP tunnel is set up to the home gateway router at IP address 10.2.2.2. You can authorize ten MLPPP bundles for ten users. Each user dials in to the domain called bostonjoe.com. Each bundle is authorized to support a maximum of 5 links. This means that all 10 users can consume a maximum of 50 simultaneous sessions dialing in to bostonjoe.com:
Router(config)# vpdn-group joe_eastcoastRouter(config-vpdn)# request dialin l2tp ip 10.2.2.2 domain bostonjoe.comRouter(config-vpdn)# multilink bundle 10Router(config-vpdn)# multilink link 5Related Commands
Command Descriptionrequest dialin
Specifies a dial-in L2F or L2TP tunnel to a remote peer if a dial-in request is received for a specified domain or Dialed Number Information Service (DNIS).
number
To add a DNIS number to a dialer DNIS group, enter the number DNIS group configuration command followed by the specifying number. Enter the no form of this command to remove a DNIS number from a DNIS group.
number number
no number number
Syntax Description
Defaults
None.
Command Modes
DNIS group configuration
Command History
Usage Guidelines
Use the number DNIS group configuration command to enter a DNIS number to a dialer DNIS group. The Cisco IOS software also includes a feature that streamlines the DNIS configuration process. By replacing any digit with an X (for example, issuing the number 555222121x command), clients dialing different numbers, such as 5552221214 or 5552221215, are automatically mapped to the same customer profile. The X variable is a place holder for the digits 1 through 9.
Examples
The following example shows a DNIS group called dnis_isp_1 and DNIS numbers 1234 and 5678 assigned to the DNIS group.
Router(config)# dialer dnis group dnis_isp_1Router(config-called-group)# number 1234Router(config-called-group)# number 5678Related Commands
ppp ipcp
To configure the primary and secondary domain name server (DNS) addresses, or the primary and secondary WINS server addresses to be supplied to the peer during IPCP negotiation, enter the ppp ipcp template configuration command. To delete a ppp ipcp configuration, enter the no form of this command.
ppp ipcp {accept-address}|{dns [(primary dns ip address | secondary dns ip address)] }| {ignore-map}|{(wins [primary wins ip address> | secondary wins ip address)]}
no ppp ipcp {accept-address}|{dns [(primary dns ip address | secondary dns ip address)] }| {ignore-map}|{(wins [primary wins ip address> | secondary wins ip address)]}
Syntax Description
Defaults
No servers are configured.
Command Modes
Template configuration
Command History
Usage Guidelines
All PPP and peer-default commands are allowed under this grouping.
Examples
Router(config-template)# ppp ipcp accept-addressRouter(config-template)# ppp ipcp dns 10.1.1.1 10.1.1.2Router(config-template)# ppp ipcp ignore-mapRouter(config-template)# ppp ipcp wins 10.1.1.1 10.1.1.2Router(config-template)# no ppp ipcp wins 10.1.1.1 10.1.1.2Related Commands
None
range
To associate a range of modems or other physical resources with a resource group, enter the range resource configuration command. To remove a range of modems or other physical resources, enter the no form of this command.
range {limit number | port range}
no range {limit number | port range}
Syntax Description
Defaults
No range is configured.
Command Modes
Resource group configuration
Command History
Usage Guidelines
Use the range resource configuration command to associate a range of modems or other physical resources with a resource group.
Specify the range for port-based resources by using the resource's physical location. Do not identify non-port-based resource ranges by using a location. Rather, specify the size of the resource group with a single integer limit.
Specify non-contiguous ranges by using multiple range port commands within the same resource group. Do not configure the same ports in more than one resource group and do not overlap multiple port ranges.
For resources that are not pooled and have a 1-to-1 correspondence between DS0s, B channels, and HDLC framers, use the range limit number command. Circuit-switched data calls and V.120 calls use these kinds of resources.
Note
Do not put heterogenous resources in the same group. Do not put MICA modems in the same group as Microcom modems. Do not put modems and HDLC controllers in the same resource group.
Do not configure "port" and "limit" parameters in the same resource group.
Examples
The following example shows the range limit set for 48 simultaneous connections being supported by the resource group:
router# configure terminalEnter configuration commands, one per line. End with CNTL/Z.router(config)# resource-pool group resource hdlc1 router(config-resource-group)# range limit 48The following example shows the ports set for modem 1 ranging from port 0 to port 47:
router(config)# resource-pool group modem1 router(config-resource-group)# range port 1/0 1/47Related Commands
None
request dialin
To specify a dial-in L2F or L2TP tunnel to a remote peer if a dial-in request is received for a specified domain or Dialed Number Information Service (DNIS), enter the request dialin VPDN group configuration command. To remove this function, enter the no form of this command.
request dialin {l2f | l2tp} {ip ip-address} {domain domain-name | dnis dnis-number | dnis-group-name}
no request dialin {l2f | l2tp} {ip ip-address} {domain domain-name | dnis dnis-number | dnis-group-name}
Syntax Description
Defaults
None. request dialin must be explicitly configured.
Command Modes
VPDN group configuration
Command History
Release Modification11.3(5)AA
This command appeared in Cisco IOS Release 11.3(5)AA.
12.0(4)XI
The command request dialin modified for 12.0.
Usage Guidelines
Use the request dialin VPDN group configuration command to specify a dial-in L2F or L2TP tunnel to a remote peer if a dial-in request is received for a specified domain or Dialed Number Information Service (DNIS).
This command starts a tunnel to a remote peer defined by a specific IP address if a dial-in tunnel is received for users under a specific domain name, or if a specific DNIS is called. Configure the VPDN group command to use request dialin, which indicates a dial-in tunnel is requested.
Note
Configure the vpdn group command with the request dialin command to enable VPDN. The requestor initiates a dial-in tunnel. The acceptor accepts a request for a dial-in tunnel.
To add additional domain names or DNIS to a VPDN group, enter the domain and dnis commands, which are available in the CLI after you enter the request dialin command for the first time.
Examples
The following example shows a request for an L2TP dial-in tunnel to a remote peer at IP address 172.17.33.125 for a user in domain partner.com:
request dialin l2tp ip 172.17.33.125 partner.comThe following example shows multiple domains tunneling to one LNS (for L2TP) router at 10.1.1.1. Note that the domain and dnis commands do not appear in the command line interface until you enter the request dialin command:
Router(config)# vpdn-group california_usersRouter(config-vpdn)# ?VPDN group configuration commands:accept Accept a tunnel open requestdefault Set a command to its defaultsexit Exit from VPDN group configuration modeno Negate a command or set its defaultsrequest Request to open a tunnelRouter(config-vpdn)# request dialin l2tp ip 10.1.1.1 domain la.comRouter(config-vpdn)# ?VPDN group configuration commands:backup Add backup addressdefault Set a command to its defaultsdnis Accept a DNIS tunneldomain Accept a domain tunnelexit Exit from VPDN group configuration modeforce-local-chap Force a CHAP challenge to be instigated locallyl2tp L2TP specific commandslcp LCP specific commandsloadsharing Add loadsharing addresslocal local information, like namemultilink Configure limits for Multilinkno Negate a command or set its defaultsrequest Request to open a tunnelRouter(config-vpdn)# domain sandiego.comRouter(config-vpdn)# domain sanjose.comRouter(config-vpdn)# domain sf.comRouter(config-vpdn)# ^ZRouter# show runningBuilding configuration...Current configuration:!---- cut ----!vpdn-group california_usersrequest dialin l2tp ip 10.1.1.1 domain la.comdomain sandiego.comdomain sanjose.comdomain sf.com!---- cut ----Related Commands
resource
To assign resources and supported call-types to a customer profile, enter the resource customer profile configuration command. Enter the no form of this command to disable this function.
resource name {digital | speech | v110 | v120} [service name]
no resource name {digital | speech | v110 | v120} [service name]
Syntax Description
Defaults
No resources are assigned to the customer profile by default.
Command Modes
Customer profile configuration
Command History
Usage Guidelines
Use the resource customer profile configuration command to assign resources and supported call-types to a customer profile. This command specifies a group of physical resources to be used in answering an incoming call of a particular type for a particular customer profile. For example, calls started by analog modems are reciprocated with the speech keyword.
Examples
The following example shows a physical resource group called "modem1". Forty-eight integrated modems are then assigned to modem1, which is linked to the customer profile called "customer1_isp":
Router(config)# resource group resource modem1Router(config-resource-gro)# range port 1/0 1/47Router(config-resource-gro)# exitRouter(config)# resource-pool profile customer customer1_ispRouter(config-customer-pro)# resource modem1 ?digital Accept digital callsspeech Accept speech callsv110 Accept V.110 callsv120 Accept V.120 callsRouter(config-customer-pro)# resource modem1 speechRelated Commands
resource-pool
To enable or disable resource pool management, enter the resource-pool global configuration command. There is no no form of this command.
resource-pool {enable | disable}
Syntax Description
Defaults
Resource management is disabled.
Command Modes
Global configuration
Command History
Usage Guidelines
Use the resource-pool global configuration command to enable and disable the resource pool management feature.
Examples
Router(config)# resource-pool enableRouter(config)# resource-pool disableRelated Commands
None
resource-pool aaa accounting ppp
To include enhanced start/stop resource manager records to AAA accounting, enter the resource-pool aaa accounting ppp global configuration command. Enter the no form of this command to disable this feature.
resource-pool aaa accounting ppp
no resource-pool aaa accounting ppp
Syntax Description
This command has no additional keyword options.
Defaults
Disabled. The default of the resource-pool enable command is to not enable these new accounting records.
Command Modes
Global configuration
Command History
Usage Guidelines
Use the resource-pool aaa accounting ppp global configuration command to include enhanced start/stop resource manager records to AAA accounting. The resource-pool aaa accounting ppp command adds new resource pool management fields to the AAA accounting start/stop records. The new attributes in the start records are also in the stop records—in addition to those new attributes added exclusively for the stop records.
If you have configured your regular AAA accounting, this command directs additional information from the resource manager into your accounting records.
Note
If you configure only this command and do not configure AAA accounting, nothing happens. The default functionality for the resource-pool enable command does not include this functionality.
The following new fields are added to the start and stop records:
CautionThis list of newly supported start and stop fields is not exhaustive. Cisco reserves the right to enhance this list of records at any time. Use the show accounting command to see the contents of each active session.
Note
Cisco recommends that you thoroughly understand how these new start/stop records affect your current accounting structure before you enter this command.
Examples
The following example shows the new AAA accounting start/stop records inserted into an existing AAA accounting infrastructure:
Router(config)# resource-pool aaa accounting pppRelated Commands
Command Descriptionshow accounting
Steps through all active sessions and displays all accounting records for actively accounted functions.
resource-pool aaa protocol
To specify which protocol to use for resource management, enter the resource-pool aaa protocol global configuration command. Enter the no form of this command to disable this feature and go to local.
resource-pool aaa protocol {local | group name}
no resource-pool aaa protocol
Syntax Description
Defaults
Defaults to local.
Command Modes
Global configuration
Command History
Usage Guidelines
Use the resource-pool aaa protocol global configuration command to specify which protocol to use for resource management. The AAA server group is most useful when you want to have multiple RPMSs configured as a fall-back mechanism.
Examples
Router(config)# resource-pool aaa protocol localRelated Commands
None
resource-pool call treatment
To set up the signal sent back to the telco switch in response to incoming calls, enter the resource-pool call treatment global configuration command. Enter the no form of this command to disable this function.
resource-pool call treatment {profile {busy | no-answer} | resource {busy | channel-not-available}}
no resource-pool call treatment {profile {busy | no-answer} | resource {busy | channel-not-available}}
Syntax Description
Defaults
No answer for a customer profile; CNA for a resource.
Command Modes
Global configuration
Command History
Usage Guidelines
Use the resource-pool call treatment global configuration command to set up the signal sent back to the telco switch in response to incoming calls.
Examples
res_pool(config)# resource-pool call treatment profile ?busy Send busy code when profile authorization failsno-answer Don't answer when profile authorization failsRelated Commands
None
resource-pool group resource
To create a resource group for resource management, enter the resource-pool group resource global configuration command. Enter the no form of this command to remove a resource group from the running configuration.
resource-pool group resource name
no resource-pool group resource name
Syntax Description
resource name
Assigns a name to a group of physical resources inside the access server. This name can have up to 23 characters.
Defaults
No resource groups are set up.
Command Modes
Global configuration
Command History
Usage Guidelines
Use the resource-pool group resource global configuration command to create a resource group for resource management. When calls come into the access server, they are allocated physical resources as specified within resource groups and customer profiles.
See the range command for more information.
If some physical resources are not included in any resource groups, then these remaining resources are not used and are considered to be part of the default resource group. These resources can be used in certain cases to answer calls before profile allocation occurs, but the resources are not used other than in the connection phase.
Note
For standalone NAS environments, configure resource groups before using them in customer profiles. For external RPMS environments, configure resource groups on the NAS before defining them on external RPMS servers.
When enabling RPM for SS7 signaling, like resources in the NAS must be in a single group:
•
All modems must be in one group.
•
All HDLC controllers must be in a different group.
•
All V.110 ASICs must be put into another group.
•
All V.120 resources must be in a separate group.
All resource group types must have the same number of resources and that number must equal the number of interface channels available from the public network switch. This grouping scheme prevents the signal "Channel Not Available" (CNA) from being sent to the signaling point. For SS7 signaling, Microcom and MICA modems must be in the same group. If SS7 signaling is not used, Cisco recommends assigning Microcom and MICA modems to separate groups to avoid introducing errors in RPM statistics.
Examples
The following example shows the configuration options within a resource group:
Router(config)# resource-pool group resource modem1Router(config-resource-group)# ?Resource Group Configuration Commands:default Set a command to its defaultsexit Exit from resource-manager configuration modehelp Description of the interactive help systemno Negate a command or set its defaultsrange Configure range for resourceRouter(config-resource-group)# range ?limit Configure the maximum limitport Configure the resource portsRouter(config-resource-group)# range limit ?<1-192> Maximum number of connections allowedRouter(config-resource-group)# range port ?<0-246> First Modem TTY Numberx/y Slot/Port for Internal ModemsRelated Commands
None
resource-pool profile customer
To create a customer profile, enter the resource-pool profile customer global configuration command. Enter the no form of this command to delete a customer profile from the running configuration.
resource-pool profile customer name
no resource-pool profile customer name
Syntax Description
Defaults
No customer profiles are set up.
Command Modes
Global configuration
Command History
Usage Guidelines
Use the resource-pool profile customer global configuration command to create a customer profile.
Examples
The following example shows the creation of a customer profile called "isp-abc". By entering the ? command, you can see the options you can set within the customer profile:
Router(config)# resource-pool profile customer isp-abcRouter(config-customer-pro)# ?Customer Profile Configuration Commands:dnis Assign dnis group with this profiledefault Set a command to its defaultsexit Exit from resource-manager configuration modehelp Description of the interactive help systemlimit Configure limits for the profileno Negate a command or set its defaultsresource Assign resource and supported call-typevpdn Assign VPDN group/profile with this profileRelated Commands
resource-pool profile discriminator
To create a call discrimination profile, enter the resource-pool profile discriminator global configuration command. Enter the no form of this command to remove a profile from the running configuration.
resource-pool profile discriminator name
no resource-pool profile discriminator name
Syntax Description
Defaults
No discrimination of calls.
Command Modes
Global configuration
Command History
Usage Guidelines
Use the resource-pool profile discriminator global configuration command to create a call discrimination profile.
Examples
The following example shows how to create a discrimination profile called "user1":
res_pool(config)# resource-pool profile discriminator user1Related Commands
Command Descriptiondnis group
Includes a group of DNIS numbers in a discriminator profile.
call-type
Rejects particular types of calls.
resource-pool profile service
To set up the service profile configuration, enter the resource-pool profile service global configuration command. Enter the no form of this command to disable this function.
resource-pool profile service name
no resource-pool profile service name
Syntax Description
Defaults
No service profiles are set up.
Command Modes
Global configuration
Command History
Usage Guidelines
Use the resource-pool profile service global configuration command to set up the service profile configuration.
Examples
The following example shows the creation of a service profile called "user1":
Router(config)# resource-pool profile service user1Related Commands
None
resource-pool profile vpdn
To set up for VPDN session counting for one or more VPDN groups and to limit sessions that can be authorized for VPDN groups, enter the resource-pool profile vpdn global configuration command. Enter the no form of this command to disable this function.
resource-pool profile vpdn name
no resource-pool profile vpdn name
Syntax Description
Defaults
No VPDN profiles are set up.
Command Modes
Global configuration
Command History
Usage Guidelines
Use the resource-pool profile vpdn global configuration command to set up VPDN session counting for one or more VPDN groups and to limit sessions that can be authorized for VPDN groups.
Examples
The following example shows the creation of a VPDN session counter at the VPDN group named "lg-hmgate":
Router(config)# resource-pool profile vpdn lg-hmgateRelated Commands
show call progress tone
To display the contents of the internal call progress (CP) tone database for a specific country, enter the show call progress tone EXEC mode command. There is no no version of this command.
show call progress tone country [tone-type]
Syntax Description
Defaults
The default provided by the modem.
Command Modes
Configuration mode.
Command History
Usage Guidelines
Using this command enables you to see the exact settings as they are programmed in the call-progress-tone database.
Examples
When you enter the show call progress tone command, the contents of the internal call progress tone database for a specific country appears as in the following example:
Router>show call progress tone japanCall progress tone: JapanDial tone:0 Forever 425Hz -15.0/-15.0/-15.0 dBm0PBX Dial tone:0 Forever 425Hz -15.0/-15.0/-15.0 dBm0Busy tone:0 250ms 425Hz -20.0/-20.0/-20.0 dBm01 250ms SilenceCongestion tone:0 250ms 425Hz -20.0/-20.0/-20.0 dBm01 250ms SilenceError tone:0 330ms 950Hz -15.0/-15.0/-15.0 dBm01 330ms 1400Hz -15.0/-15.0/-15.0 dBm02 330ms 1800Hz -15.0/-15.0/-15.0 dBm03 5000ms SilenceRouting tone:0 125ms 600Hz -24.0/-24.0/-24.0 dBm01 125ms Silence2 125ms 600Hz -24.0/-24.0/-24.0 dBm03 Forever SilenceDisconnect tone:0 330ms 600Hz -15.0/-15.0/-15.0 dBm01 330ms Silence2 330ms 600Hz -15.0/-15.0/-15.0 dBm03 Forever SilenceRingback tone:0 1000ms 425Hz -19.0/-19.0/-19.0 dBm01 4000ms SilenceOff-hook Notice tone:0 100ms 1400x2040Hz -24.0/-24.0/-24.0 dBm0 -24.0/-24.0/-24.0 dBm01 100ms SilenceOff-hook Alert tone:0 100ms 1400x2040Hz -15.0/-15.0/-15.0 dBm0 -15.0/-15.0/-15.0 dBm01 100ms Silence
The following example shows a specific call progress tone (Japan, busy):
Router# show call progress tone japan busyBusy tone for Japan:0 2000ms 440x480 Hz -17.0/-17.0/-19.0 dBm0 -17.0/-17.0/-19.0 dBm01 4000ms SilenceRelated Commands
Command Descriptioncall progress tone
Specifies the country code for retrieving call progress tone parameters from the call progress tone database.
show dialer dnis
To see how many calls DNIS groups have had, enter the show dialer dnis privileged EXEC command. There is no no form of this command.
show dialer dnis {group [name] | number [number]}
Syntax Description
group
Displays DNIS group statistics.
name
(Optional) DNIS group name.
number
Displays DNIS group number statistics.
number
(Optional) DNIS group number.
Defaults
None. If no DNIS groups are configured and resource pooling is enabled, then no calls are accepted. All calls are identified by calltype/DNIS combinations.
Command Modes
Privileged EXEC
Command History
Usage Guidelines
Use the show dialer dnis EXEC command to see how many calls DNIS groups have had or how many calls a specific DNIS group has had. You can configure each DNIS group with multiple numbers. Using this command shows tables of statistics for each DNIS number received at the NAS.
Examples
The following example shows the show dialer dnis command being used to display DNIS group and DNIS number statistics:
Router# show dialer dnis ?group DNIS group statisticsnumber DNIS number statisticsRouter# show dialer dnis groupList of DNIS Groups:defaultmdm_grp1Router# show dialer dnis group mdm_grp1DNIS Number:20010 total connections0 peak connections0 calltype mismatchesDNIS Number:20020 total connections0 peak connections0 calltype mismatchesDNIS Number:20030 total connections0 peak connections0 calltype mismatchesDNIS Number:20040 total connections0 peak connections0 calltype mismatchesRouter# show dialer dnis numberList of Numbers:default2001200220032004Router# show dialer dnis number 2001DNIS Number:20010 connections total0 peak connections0 call-type mismatchesTable 6 show dialer dnis Field Descriptions
Related Commands
Command Descriptionclear dialer dnis
Resets the counter for statistics associated with DNIS groups or numbers.
show resource-pool call
To display all active call information for all customer profiles and resource groups, enter the show resource-pool call EXEC command. There is no no form of this command.
show resource-pool call
Syntax Description
There are no keywords or arguments for this command.
Defaults
If no calls are up, there is no output. Enter the command to see valid information for all current calls.
Command Modes
User and privileged EXEC
Command History
Usage Guidelines
Use the show resource-pool call EXEC command to see all active call information for all customer profiles and resource groups. Use this command to see output when one call is up.
Examples
The following example shows output for the show resource-pool call command:
Router# show resource-pool callShelf 0, slot 0, port 0, channel 2, state RM_RPM_RES_ALLOCATEDCustomer profile cp1, resource group isdn1DNIS number 71017Table 7 show resource-pool call Field Descriptions
Related Commands
None
show resource-pool customer
To display the contents of one or more customer profiles, enter the show resource-pool customer EXEC command. There is no no form of this command.
show resource-pool customer [name]
Syntax Description
name
(Optional) Specifies the name of a specific customer profile. The name can have up to 23 characters.
Defaults
None.
Command Modes
User and privileged EXEC
Command History
Usage Guidelines
Use the show resource-pool customer EXEC command to see the contents of one or more customer profiles.
Examples
Router# show resource-pool customer customer1_isp5 active connections3 calls accepted8 max number of simultaneous connections0 calls rejected due to profile limits0 calls rejected due to resource unavailable0 overflow connections0 overflow states entered0 minutes spent in overflow28 minutes since last clear commandTable 8 show resource-pool customer Field Descriptions
Related Commands
None
show resource-pool discriminator
To see how many times an incoming call has been rejected due to a specific DNIS/call-type combination, enter the show resource-pool discriminator EXEC command. There is no no form of this command.
show resource-pool discriminator [name]
Syntax Description
name
(Optional) Specifies the name of the specific DNIS/call-type that will be rejected. The name can have up to 23 characters.
Defaults
None. You must configure a call discriminator for it to work or appear.
Command Modes
User and privileged EXEC
Command History
Usage Guidelines
Use the show resource-pool discriminator EXEC command to see how many times an incoming call has been rejected due to a specific DNIS/call-type combination.
Examples
Example 1
Router# show resource-pool discriminatorList of Call Discriminator Profiles:cd1cd2cd3cd4Router# show resource-pool discriminator cd10 calls rejectedTable 9 show resource-pool discriminator Command Field Descriptions
Related Commands
None
show resource-pool resource
To see the resource groups configured in the network access server (NAS), enter the show resource-pool resource EXEC command. There is no no form of this command.
show resource-pool resource [name]
Syntax Description
name
(Optional) Displays the contents of a specifically named resource group, which was set up by using the resource-pool group resource name command. The name can have up to 23 characters.
Defaults
None.
Command Modes
User and privileged EXEC
Command History
Usage Guidelines
Use the show resource-pool resource EXEC command to see the resource groups configured in the network access server (NAS). To see the contents of a specific resource group, use the show resource-pool resource name command.
Examples
The following example shows the output for the show resource-pool resource EXEC command:
Router# show resource-pool resourceList of Resources:modem1rg1hiRouter# show resource-pool resource modem-group-12 resources in the resource group0 resources currently active0 calls accepted in the resource group0 calls rejected due to resource unavailable0 calls rejected due to resource allocation errorsTable 10 show resource-pool resource name Command Field Descriptions
Related Commands
None
show resource-pool vpdn
To see the contents of a specific VPDN group or specific VPDN profile, enter the show resource-pool vpdn EXEC command. There is no no form of this command.
show resource-pool vpdn {group | profile} [name]
Syntax Description
group
Displays all the VPDN groups configured inside the NAS.
profile
Displays all the VPDN profiles configured inside the NAS.
name
(Optional) Specifies the name of a specific VPDN group or profile.
Defaults
None.
Command Modes
User and privileged EXEC
Command History
Usage Guidelines
Enter the show resource-pool vpdn EXEC command to see the contents of a specific VPDN group or specific VPDN profile.
Examples
Enter the show resource-pool vpdn group name command to see the contents of a specific VPDN group. This example contains one domain name, one DNIS group, and one end point:
Example 1
Router# show resource-pool vpdn group customer2-vpdngVPDN Group customer2-vpdng found under Customer Profiles: customer2Tunnel (LTP)--------dnis:customer2-calledghp.comEndpoint Session Limit Priority Active Sessions Status Reserved Sessions-------- ------------- -------- --------------- ------ -----------------172.21.9.97 * 1 0 OK------------- --------------- -----------------Total * 0 0Example 2
Router# show resource-pool vpdn groupList of VPDN Groups under Customer ProfilesCustomer Profile user1: bigCustomer Profile user2: greenList of VPDN Groups under VPDN ProfilesVPDN Profile lggate: vpdnlgateVPDN Profile yellow: hiTable 11 show resource-pool vpdn group Command Field Descriptions











