-
Cisco IOS Intelligent Service Gateway Configuration Guide, Release 12.2 SB
-
ISG Features Roadmap
-
Configuring ISG Control Policies
-
Configuring ISG Access for PPP Sessions
-
Configuring ISG Access for IP Subscriber Sessions
-
Configuring ISG Port-Bundle Host Key
-
Configuring ISG as a RADIUS Proxy
-
Configuring ISG Policies for Automatic Subscriber Logon
-
Enabling ISG to Interact with External Policy Servers
-
Configuring ISG Subscriber Services
-
Configuring ISG Network Forwarding Policies
-
Configuring ISG Accounting
-
Configuring ISG Support for Prepaid Billing
-
Configuring ISG Policies for Session Maintenance
-
Redirecting Subscriber Traffic with ISG Layer 4 Redirect
-
Configuring ISG Policies for Regulating Network Access
-
Troubleshooting ISG with Session Monitoring and Distributed Conditional Debugging
-
Configuring ISG Layer 3 Access (Cisco IOS Release 12.2(28)SB)
-
Managing ISG Subscriber IP Addresses (Cisco IOS Release 12.2(28)SB)
-
Configuring ISG VRF Transfer (Cisco IOS Release 12.2(28)SB)
-
Table Of Contents
Managing ISG Subscriber IP Addresses (Cisco IOS Release 12.2(28)SB)
Prerequisites for ISG Subscriber IP Address Management
Restrictions for ISG Subscriber IP Address Management
Information About ISG Subscriber IP Address Management
Methods of ISG Subscriber IP Address Management
How to Manage ISG Subscriber IP Addresses Using DHCP
ISG Subscriber IP Address Assignment Using DHCP
Configuring an ISG Interface for Dynamic DHCP Class Association
Configuring a DHCP Class in a Service Policy Map
Configuring a DHCP Class in a Service Profile or User Profile on the AAA Server
Configuration Examples for Managing ISG Subscriber IP Addresses
ISG Subscriber IP Address Assignment Using DHCP: Example
DHCP Address Pool Classes and Relay Actions for ISG: Examples
Feature Information for ISG Subscriber IP Address Management
Managing ISG Subscriber IP Addresses (Cisco IOS Release 12.2(28)SB)
First Published: March 20, 2006Last Updated: March 20, 2006Intelligent Service Gateway (ISG) is a Cisco IOS software feature set that provides a structured framework in which edge devices can deliver flexible and scalable services to subscribers. For an ISG subscriber to be routable within a given service domain, the subscriber must present a domain-specific IP address to the network. This document describes how to manage the assignment of domain-specific IP addresses to ISG subscribers.
Note
This document applies to Cisco IOS Release 12.2(28)SB only. For information about managing IP addresses in Cisco IOS Release 12.2(31)SB2 or later releases, see the chapter "Configuring ISG Access for IP Subscriber Sessions."
Finding Feature Information in This Module
Your Cisco IOS software release may not support all features. To find information about feature support and configuration and platform requirements, use the "Feature Information for ISG Subscriber IP Address Management" section.
Contents
•
•
•
•
•
•
Prerequisites for ISG Subscriber IP Address Management
For information about release and platform support, see the "Feature Information for ISG Subscriber IP Address Management" section.
Restrictions for ISG Subscriber IP Address Management
ISG IP sessions and interface IP sessions are not supported on the Cisco 10000-PRE2.
Information About ISG Subscriber IP Address Management
Before you configure ISG subscriber IP address management, you should understand the following concept:
•
Methods of ISG Subscriber IP Address Management
ISG subscriber IP address management applies to IP sessions or Layer 2 (PPP) sessions that are terminated locally. For a subscriber to be routable within a given IP service domain, the subscriber must present a domain-specific IP address to the network. If a subscriber transfers between IP service domains (which includes any private domain managed by the access provider), the IP address presented to the network must change to reflect the new domain.
Locally Terminated PPP Sessions
For locally terminated PPP sessions, ISG supports the following methods of IP address assignment:
•
•
•
•
•
When a locally terminated PPP session is transferred from one VRF to another VRF, the peer IP address is renegotiated using IPCP.
IP Subnet Sessions
For IP subnet sessions, the IP subnet is specified in the user profile.
IP Interface Sessions
For IP interface sessions, ISG is not involved in (or aware of) the assignment of subscriber IP addresses.
IP Sessions
For IP sessions, ISG supports the following methods of IP address assignment:
•
If a subscriber's static IP address is configured correctly for the service domain, ISG does not need to be involved in the assignment of an IP address for the subscriber.
•
If DHCP is being used to assign IP addresses, and the IP address that is assigned by DHCP is correct for the service domain, ISG does not need to be involved in the assignment of an IP address for the subscriber.
If the IP address that is assigned by DHCP is not correct for the service domain, or if the domain changes because of a VRF transfer, ISG can be configured to influence the DHCP IP address assignment.
The following conditions must be met in order for ISG to influence DHCP IP address assignment:
–
–
–
For deployments that support it, DHCP is the recommended method of IP address assignment.
How to Manage ISG Subscriber IP Addresses Using DHCP
Before you perform this task, you should understand the following concepts:
•
To assign ISG subscriber IP addresses using DHCP, perform the following tasks:
•
•
•
ISG Subscriber IP Address Assignment Using DHCP
When ISG is in the path of DHCP requests (as either a DHCP server or a DHCP relay), ISG can influence the IP address pool and DHCP server that are used to assign subscriber IP addresses. To enable ISG to influence the IP addresses assigned to subscribers, you associate a DHCP address pool class with an address domain. The DHCP address pool class must also be configured in a service policy map, service profile, or user profile, which is associated with a subscriber. When a DHCP request is received from a subscriber, DHCP uses the address pool class that is associated with the subscriber to determine which DHCP address pool should be used to service the request. As a result, on a per-request basis, an IP address is provided by the local DHCP server or relayed to a remote DHCP server that is defined in the selected pool.
ISG also uses DHCP events to determine the start and end of subscriber sessions. For information about the events that DHCP communicates to ISG and how to use DHCP to trigger subscriber IP sessions, see the module "Configuring ISG Layer 3 Access (Cisco IOS Release 12.2(28)SB)."
Prerequisites
For ISG to use DHCP to assign IP addresses, the following prerequisites must be met:
•
•
•
The tasks in this section assume that you have configured DHCP support in your network.
Configuring an ISG Interface for Dynamic DHCP Class Association
Perform this task to enable ISG to influence the assignment of IP addresses to subscribers on the interface by providing the local DHCP component with a class name. The class name refers to a class configured using the ip dhcp pool command and can reference a pool of addresses or a relay destination.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
DETAILED STEPS
Configuring a DHCP Class in a Service Policy Map
Perform this task to assign a DHCP class to a service policy map. Subscribers for which this service policy map is activated will be assigned IP addresses from the DHCP pool or the remote server that is associated with the class.
Prerequisites
A DHCP pool must be configured. Classes configured within the DHCP pool must match the DHCP classes configured in the service policy map.
SUMMARY STEPS
1.
2.
3.
4.
5.
DETAILED STEPS
What to Do Next
Once you have configured the DHCP address pool class in a service policy map, you may want to configure a method of activating the service policy map; for example, control policies can be used to activate services. For more information about methods of service activation, see the module "Configuring ISG Subscriber Services."
Configuring a DHCP Class in a Service Profile or User Profile on the AAA Server
Perform this task to add the vendor-specific attribute (VSA) for a DHCP class to a user profile or service profile. Subscribers for whom the user or service profile is activated will be assigned IP addresses from the DHCP pool or the remote server that is associated with the class.
Note
Prerequisites
A DHCP address pool must be configured. Classes configured within the DHCP address pool must match the DHCP address pool classes configured in the service or user profile.
SUMMARY STEPS
1.
DETAILED STEPS
What to Do Next
You may want to configure a method of activating the service policy map or service profile; for example, control policies can be used to activate services. For more information about methods of service activation, see the module "Configuring ISG Subscriber Services."
Configuration Examples for Managing ISG Subscriber IP Addresses
This section contains the following examples:
•
•
ISG Subscriber IP Address Assignment Using DHCP: Example
In the following example, if a DHCP DISCOVER packet arrives on interface Ethernet0/0 and is associated with the DHCP address pool class "green" (through a service activation), the local DHCP component uses the DHCP address pool "green-pool" because (a) the DHCP address pool classes match and (b) the subnet defined under the "network" statement corresponds to one of the subnets defined at the interface. Therefore the local DHCP component will provide the subscriber with an address from 10.1.0.0 255.255.0.0.
Following a change in the subscriber's primary service, ISG returns the DHCP address pool class called "blue". This address domain change causes the local DHCP component to provide a new IP address from the pool "blue-pool" because (a) the classes match and (b) the subnet defined in "relay source" corresponds to one of the subnets defined at the interface. Hence the DHCP DISCOVER is relayed to the server at address 10.10.2.1, and the local DHCP component acts as a relay.
Ethernet0/0ip address 10.1.0.1 255.255.0.0 vrf greenip address 20.1.0.1 255.255.0.0 vrf blueip subscriberinitiator dhcp class-aware!ip dhcp pool green-poolnetwork 10.1.0.0 255.255.0.0class greenip dhcp pool blue-poolrelay source 20.1.0.0 255.255.0.0class bluerelay destination 10.10.2.1 vrf bluepolicy-map type service my_serviceclassname blueDHCP Address Pool Classes and Relay Actions for ISG: Examples
DHCP Server Co-Resident with ISG Configuration: Example
In the following configuration example, the ISPs are ABC and DEF companies. The ABC company has its addresses assigned from an address pool that is dynamically allocated using On-demand address pools (ODAP). The DEF company has its customer addresses assigned from the address pool 10.100.0.0/16. Customers not associated with any ISP will have an address allocated from the address pool 10.1.0.0/16, and the lease time is set to 10 minutes.
!Address pool for ABC customersip dhcp pool abc-poolorigin dhcpclass abc!!Address pool for DEF customers!ip dhcp pool def-poolnetwork 10.100.0.0 255.255.0.0class def!!Address pool for customers without an ISP!ip dhcp pool tempnetwork 10.1.0.0 255.255.0.0lease 0 0 10class defaultDHCP Relay Agent Co-Resident with ISG Configuration: Example
In the following configuration example, there are two ISPs, "abcpool and defpool". The "abcpool" ISP and its customers are allowed to have addresses in the ranges 10.1.0.0/16 and 30.1.0.0/16, and are relayed to the DHCP server at 10.55.10.1. The "defpool" ISP and its customers are allowed to have addresses in the range 20.1.0.0/16 and 40.4.0.0/16, and are relayed to the DHCP server at 12.10.2.1.
!Address ranges:interface ethernet1ip address 10.1.0.0 255.255.0.0ip address 20.1.0.0 255.255.0.0 secondaryinterface ethernet2ip address 30.1.0.0 255.255.0.0ip address 40.4.0.0 255.255.0.0!Address pools for abcpool1 and abcpool2:ip dhcp pool abcpool1relay source 10.1.0.0 255.255.0.0class abcpool1relay target 10.55.10.1!Address pool for abcpool2:ip dhcp pool abcpool2relay source 30.1.0.0 255.255.0.0class abcpool2relay target 10.55.10.1!Address pools for defpool1 and defpool2:ip dhcp pool defpool1relay source 20.1.0.0 255.255.0.0class defpool1relay target 12.10.2.1ip dhcp pool defpool2relay source 40.4.0.0 255.255.0.0class defpool2relay target 12.10.2.1Configuration of secure Address Resolution Protocol (ARP) for the relay will use the same configuration command as secure ARP already uses on a DHCP server by using the update arp command in address-pool configuration mode. If the system is allocating an address from this address pool, it will add secure ARP. If the system is relaying a packet using this address pool, it will also add secure ARP.
ISG-Supplied Class Name Configuration: Example
In the following configuration example, an ISG-supplied class name is to be used in selecting the remote DHCP server to which packets should be relayed.
ip dhcp pool abc-pool-1relay source 30.1.0.0 255.255.0.0relay destination 20.1.0.0class classname1relay target 10.20.10.1class classname2relay target 10.0.10.1class classname3In the configuration above, an ISG-supplied class name, "classname1", would relay the DHCP DISCOVER packet to the server at the relay target IP address, and ISG "classname2" would relay the DHCP DISCOVER packet to the server at the relay target IP address.
If the ISG returns "classname3", then the default pool is the default address specified as the relay destination. If the ISG returns any class name other than "classname1", "classname2", or "classname3", no relay action is taken.
Additional References
The following sections provide references related to ISG subscriber IP address management.
Related Documents
Technical Assistance
Feature Information for ISG Subscriber IP Address Management
Table 25 lists the features in this module and provides links to specific configuration information. Only features that were introduced or modified in Cisco IOS Release 12.2(28)SB or later releases appear in the table. If you are looking for information on a feature in this technology that is not documented here, see the "Intelligent Service Gateway Features Roadmap."
Not all commands may be available in your Cisco IOS software release. For details on when support for specific commands was introduced, see the command reference documents.
Cisco IOS software images are specific to a Cisco IOS software release, a feature set, and a platform. Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.
Note
Table 25 Feature Information for ISG Subscriber IP Address Management
ISG:Policy Control:DHCP Proxy
12.2(28)SB
This feature enables ISG to dynamically interact with DHCP and apply policies that influence the IP addresses that DHCP assigns subscribers.
The following sections provide information about this feature:
•
Copyright © 2006 Cisco Systems, Inc. All rights reserved.
