-
Cisco IOS Intelligent Service Gateway Configuration Guide, Release 12.2 SB
-
ISG Features Roadmap
-
Configuring ISG Control Policies
-
Configuring ISG Access for PPP Sessions
-
Configuring ISG Access for IP Subscriber Sessions
-
Configuring ISG Port-Bundle Host Key
-
Configuring ISG as a RADIUS Proxy
-
Configuring ISG Policies for Automatic Subscriber Logon
-
Enabling ISG to Interact with External Policy Servers
-
Configuring ISG Subscriber Services
-
Configuring ISG Network Forwarding Policies
-
Configuring ISG Accounting
-
Configuring ISG Support for Prepaid Billing
-
Configuring ISG Policies for Session Maintenance
-
Redirecting Subscriber Traffic with ISG Layer 4 Redirect
-
Configuring ISG Policies for Regulating Network Access
-
Troubleshooting ISG with Session Monitoring and Distributed Conditional Debugging
-
Configuring ISG Layer 3 Access (Cisco IOS Release 12.2(28)SB)
-
Managing ISG Subscriber IP Addresses (Cisco IOS Release 12.2(28)SB)
-
Configuring ISG VRF Transfer (Cisco IOS Release 12.2(28)SB)
-
Table Of Contents
Configuring ISG Network Forwarding Policies
Prerequisites for Configuring ISG Network Forwarding Policies
Restrictions for Configuring ISG Network Forwarding Policies
Information About ISG Network Policies
Configuration Sources for Network Policies
How to Configure ISG Network Policies
Configuring Network Policies for PPP Sessions in Service Policy Maps
Configuring Network Policies for IP Sessions in Service Policy Maps
Configuration Examples for ISG Network Policies
Network Forwarding Policy for PPP Sessions: Example
Network Forwarding Policy for IP Sessions: Example
Feature Information for ISG Network Policies
Configuring ISG Network Forwarding Policies
First Published: March 20, 2006Last Updated: March 20, 2006Intelligent Service Gateway (ISG) is a Cisco IOS software feature set that provides a structured framework in which edge devices can deliver flexible and scalable services to subscribers. An ISG network forwarding policy is a type of traffic policy that allows packets to be routed or forwarded to and from an upstream network. This module provides information about how to configure network forwarding policies.
Finding Feature Information in This Module
Your Cisco IOS software release may not support all features. To find information about feature support and configuration and platform requirements, use the "Feature Information for ISG Network Policies" section.
Contents
•
Prerequisites for Configuring ISG Network Forwarding Policies
•
•
•
•
•
Prerequisites for Configuring ISG Network Forwarding Policies
For information about release and platform support, see the "Feature Information for ISG Network Policies" section.
Restrictions for Configuring ISG Network Forwarding Policies
A service can contain only one network forwarding policy.
For each subscriber session, only one instance of a network forwarding policy can be in effect at any one time.
Information About ISG Network Policies
Before you configure network forwarding policies, you should understand the following concepts:
•
Network Policies
For subscriber packets to reach a network, some form of forwarding must be specified for a subscriber session. A traffic policy that allows packets to be routed or forwarded to and from an upstream network is known as a network forwarding policy.
Where the network forwarding policy type is routing, forwarding decisions are made at Layer 3, and a VRF (Virtual Routing and Forwarding) identifier must be specified to indicate which routing table should be used to make the routing decision (each VRF represents an independent routing context within a single router). Where the network policy type is forwarding, forwarding decisions are made at Layer 2, which means that all subscriber packets are forwarded to and from a single virtual endpoint within the system. This virtual endpoint represents a Layer 2 tunnel, and a tunnel identifier determines which tunnel should be used. If a network forwarding policy is not specified, the global routing table will be used to route traffic.
An ISG service that includes a network forwarding policy is known as a primary service. Primary services are mutually exclusive and may not be active simultaneously. Upon activation of a new primary service, ISG will deactivate the existing primary service and any other services dependent on the existing primary service through association with a service group.
Configuration Sources for Network Policies
Network policies can be configured in user profiles and service profiles on an external authentication, authorization, and accounting (AAA) server or in service policy maps on the ISG-enabled device. A network forwarding policy configured in a user profile takes precedence over a network forwarding policy specified in a service. If a network forwarding policy is not specified in a user profile or service, the ISG session will inherit the network service from another source. ISG can inherit a network service from the following sources:
•
•
•
•
•
•
These configuration sources are listed in order of precedence. For example, a network forwarding policy that is configured for a virtual template takes precedence over a network forwarding policy that is configured on an interface.
For each subscriber session, only one instance of a network forwarding policy can be in effect at any point in time.
How to Configure ISG Network Policies
This section contains the following tasks:
•
•
Configuring Network Policies for PPP Sessions in Service Policy Maps
Network policies can be configured in user profiles or service profiles on an external AAA server or in a service policy map on the ISG device. Perform this task to configure a network forwarding policy for PPP session in a service policy map on the ISG device.
Note
Prerequisites
This task assumes that virtual private dial-up network (VPDN) groups have been configured.
SUMMARY STEPS
1.
2.
3.
4.
or
service local
or
service relay pppoe vpdn group vpdn-group-name
5.
DETAILED STEPS
What to Do Next
You may want to configure a method of activating the service policy map; for example, control policies can be used to activate services. For more information about methods of service activation, see the module "Configuring ISG Subscriber Services."
Configuring Network Policies for IP Sessions in Service Policy Maps
Network policies can be configured in user profiles or service profiles on an external AAA server or in a service policy map on the ISG device. Perform this task to configure a network forwarding policy for IP sessions in a service policy map on the device.
Note
SUMMARY STEPS
1.
2.
3.
4.
5.
DETAILED STEPS
What to Do Next
You may want to configure a method of activating the service policy map; for example, control policies can be used to activate services. For more information about methods of service activation, see the module "Configuring ISG Subscriber Services."
Configuration Examples for ISG Network Policies
This section contains the following examples:
•
•
Network Forwarding Policy for PPP Sessions: Example
The following example shows a service policy map configured with a network forwarding policy for PPP sessions:
policy-map type service my_serviceservice vpdn group vpdn1Network Forwarding Policy for IP Sessions: Example
The following example shows a service policy map configured with a network forwarding policy for IP sessions:
policy-map type service my_serviceip vrf forwarding vrf1Additional References
The following sections provide references related to ISG network forwarding policies.
Related Documents
Technical Assistance
Feature Information for ISG Network Policies
Table 14 lists the features in this module and provides links to specific configuration information. Only features that were introduced or modified in Cisco IOS Release 12.2(28)SB or later releases appear in the table. If you are looking for information on a feature in this technology that is not documented here, see the "Intelligent Service Gateway Features Roadmap."
Not all commands may be available in your Cisco IOS software release. For details on when support for specific commands was introduced, see the command reference documents.
Cisco IOS software images are specific to a Cisco IOS software release, a feature set, and a platform. Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.
Note
Table 14 Feature Information for ISG Network Forwarding Policies
ISG: Network Interface: IP Routed, VRF-Aware MPLS
12.2(28)SB
ISG supports multiple forwarding types to connect sessions to networks. These connections can be to Internet, corporate Intranets, ISPs, or walled gardens for content delivery. ISG supports both routed and MPLS-enabled interfaces for network access.
The following sections provide information about this feature:
•
ISG: Network Interface: Tunneled (L2TP)
12.2(28)SB
ISG is flexible to support multiple interface types to connect sessions to networks. These connections can be to Internet, corporate Intranets, ISPs or walled gardens for content delivery. ISG supports tunneled interfaces to networks.
The following sections provide information about this feature:
•
Copyright © 2006 Cisco Systems, Inc. All rights reserved.
