-
Cisco IOS Broadband Access Aggregation and DSL Configuration Guide, Release 12.4T
- Part 1: Broadband Access Aggregation Overview
-
Part 2: PPPoA, PPPoE, PPPoX
-
Providing Protocol Support for Broadband Access Aggregation of PPP over ATM Sessions
-
Providing Protocol Support for Broadband Access Aggregation of PPPoE Sessions
-
PPP over Ethernet Client
-
PPPoE Client DDR Idle-Timer
-
Offering PPPoE Clients a Selection of Services During Call Setup
-
Enabling PPPoE Relay Discovery and Service Selection Functionality
-
Establishing PPPoE Session Limits per NAS Port
-
Providing Session Limit Support
-
Monitoring PPPoE Sessions with SNMP
-
Configuring Upstream Connection Speed Transfer
-
PPPoE over VLAN Enhancements: Configuration Limit Removal and ATM Support
-
- Part 3: ATM RBE
- Part 4: Subscriber Service Switch
- Part 5: Dynamic Subscriber Bandwidth Selection
- Part 6: RADIUS NAS Port Attributes
-
Part 7: DSL
-
Virtual Auxilliary Port Feature and Configuration of DSL Settings
-
Monitoring and Retraining on Reception of Loss of Margin Messages
-
1-Port ADSL WAN Interface Card
-
1-Port ADSL WAN Interface Card for Cisco 2600 Series and Cisco 3600 Series Routers
-
1-Port ADSL WAN Interface for the Cisco IAD2420 Series
-
ATM Mode for Two-Wire or Four-Wire SHDSL
-
G.SHDSL Symmetric DSL Support for Cisco IAD2420 Series IAD
-
1-Port G.SHDSL WAN Interface Card for Cisco 2600 Series and Cisco 3600 Series Routers
-
TR-069 Agent
-
Table Of Contents
Prerequisites for Configuring Subscriber Profile Support
Information About Subscriber Profile Support
New Call Management Support for Subscriber Service Switch Architecture
How to Configure Subscriber Profile Support
Configuring VPDN Service for the Subscriber Service Switch Policy
Configuring Local Termination Service for the Subscriber Service Switch Policy
Configuring Denial of Service for the Subscriber Service Switch Policy
RADIUS Subscriber Service Switch Services Configuration
Configuration Examples for Subscriber Profile Support
VPDN Service for the Subscriber Service Switch Policy: Examples
Local Termination for the Subscriber Service Switch Policy: Example
Denial of Service for the Subscriber Service Switch Policy: Example
RADIUS Subscriber Service Support Profiles: Examples
Subscriber Profile Support
The Subscriber Profile Support feature introduces new functionality for the Subscriber Service Switch architecture, a Cisco IOS subsystem that connects subscribers to network access services at Layer 2. This new functionality affects how the Subscriber Service Switch Manager determines a service for each subscriber with a combination of a policy and a service lookup model.
Feature Specifications for the Subscriber Profile Support Feature
Finding Support Information for Platforms and Cisco IOS Software Images
Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.
Contents
•
Prerequisites for Configuring Subscriber Profile Support
•
•
•
Prerequisites for Configuring Subscriber Profile Support
Before configuring the Subscriber Profile Support feature, you need to be familiar with concepts introduced in the Cisco Release 12.2(13)T feature module Subscriber Service Switch, and with the authentication, authorization, and accounting (AAA) and PPP access processes.
Information About Subscriber Profile Support
To configure subscriber profile support, you need to understand the following concept:
•
New Call Management Support for Subscriber Service Switch Architecture
The Subscriber Service Switch architecture in Cisco IOS Release 12.3(4)T offers a significant improvement in scalability by providing the ability to bypass PPP when forwarding a call. Instead, call service selection is decided entirely by a Subscriber Service Switch Manager. Client call processes that terminate subscriber lines or receive subscriber calls send their requests for service direction to the Subscriber Service Switch Manager, which determines service based on service keys collected by the Subscriber Service Switch client and a preestablished call service policy. Examples of service keys are a NAS Port ID (network access server port identifier) and an unauthenticated PPP name. Refer to the Subscriber Service Switch feature module for more information about service keys.
The Subscriber Profile Support feature introduces the subscriber profile command and its service subcommands, which support the Subscriber Service Switch policy for searching a subscriber profile database for authorization data and determining the services that will be granted to the requesting customer.
How to Configure Subscriber Profile Support
This section contains the following tasks that may be performed to configure a Subscriber Service Switch policy:
•
•
•
The tasks described in this section assume that an operational network running the Subscriber Service Switch architecture has been configured.
Configuring VPDN Service for the Subscriber Service Switch Policy
In this task, you configure virtual private dial-up network (VPDN) service by directing the software to obtain the configuration from a predefined VPDN group.
SUMMARY STEPS
1.
2.
3.
4.
5.
DETAILED STEPS
What to Do Next
See the "RADIUS Subscriber Service Switch Services Configuration" section for information about creating the script for the corresponding RADIUS AV pair Subscriber Service Switch attribute.
Configuring Local Termination Service for the Subscriber Service Switch Policy
In this task, you define local termination service for the Subscriber Service Switch policy.
SUMMARY STEPS
1.
2.
3.
4.
5.
DETAILED STEPS
What to Do Next
See the "RADIUS Subscriber Service Switch Services Configuration" section for information about creating the script for the corresponding RADIUS AV pair Subscriber Service Switch attribute.
Configuring Denial of Service for the Subscriber Service Switch Policy
In this task, you configure a Subscriber Service Switch policy that denies service to a subscriber.
SUMMARY STEPS
1.
2.
3.
4.
5.
DETAILED STEPS
What to Do Next
See the "RADIUS Subscriber Service Switch Services Configuration" section for information about creating the script for the corresponding RADIUS AV pair Subscriber Service Switch attribute.
RADIUS Subscriber Service Switch Services Configuration
The Cisco AV pairs have been extended to include Subscriber Service Switch service configuration. Subscriber Service Switch values are prefixed with "sss:", as follows:
cisco-avpair = "sss:sss-service=vpdn"
cisco-avpair = "sss:sss-service=local"
cisco-avpair = "sss:sss-service=deny"Configuration Examples for Subscriber Profile Support
This section contains the following configuration examples:
•
•
•
•
VPDN Service for the Subscriber Service Switch Policy: Examples
The following example provides VPDN service to users in the domain cisco.com, and uses VPDN group 1 to obtain VPDN configuration information:
!subscriber profile cisco.comservice vpdn group 1The following example provides VPDN service to DNIS 1234567, and uses VPDN group 1 to obtain VPDN configuration information:
!subscriber profile dnis:1234567service vpdn group 1The following example provides VPDN service using a remote tunnel (used on the multihop node), and uses VPDN group 1 to obtain VPDN configuration information:
!subscriber profile host:lacservice vpdn group 1Local Termination for the Subscriber Service Switch Policy: Example
The following example provides local termination service to users in the domain cisco.com:
!subscriber profile cisco.comservice localDenial of Service for the Subscriber Service Switch Policy: Example
The following example denies service to users in the domain cisco.com:
!subscriber profile cisco.comservice denyRADIUS Subscriber Service Support Profiles: Examples
The following examples show typical RADIUS AV pair scripts to enable VPDN service and to define the service keys that are collected:
## Domain "cisco.com" users get VPDN service with the enclosed configuration.#cisco.com Password = "cisco"User-Service-Type = Outbound-User,cisco-avpair = "sss:sss-service=vpdn",cisco-avpair = "vpdn:tunnel-id=nas-provider",cisco-avpair = "vpdn:ip-addresses=10.0.3.96",cisco-avpair = "vpdn:nas-password=secret1",cisco-avpair = "vpdn:gw-password=secret2"## Users with DNIS 1234567 get VPDN service with the enclosed configuration.#dnis:1234567 Password = "cisco"User-Service-Type = Outbound-User,cisco-avpair = "sss:sss-service=vpdn",cisco-avpair = "vpdn:tunnel-id=nas-provider",cisco-avpair = "vpdn:ip-addresses=10.0.3.96",cisco-avpair = "vpdn:nas-password=secret1",cisco-avpair = "vpdn:gw-password=secret2"## Users on the remote tunnel (LAC) get VPDN service with the enclosed configuration.#host:lac Password = "cisco"User-Service-Type = Outbound-User,cisco-avpair = "sss:sss-service=vpdn",cisco-avpair = "vpdn:tunnel-id=nas-provider",cisco-avpair = "vpdn:ip-addresses=10.0.3.96",cisco-avpair = "vpdn:nas-password=secret1",cisco-avpair = "vpdn:gw-password=secret2"Additional References
The following sections provide references related to the Subscriber Service Support feature.
Related Documents
AAA
Cisco IOS Security Configuration Guide; refer to "Part 1: Authentication, Authorization, and Accounting (AAA)"
AAA commands: complete command syntax, command mode, defaults, usage guidelines, and examples
Broadband access, PPPoE
Cisco IOS Wide-Area Networking Configuration Guide; refer to "Part 2: Broadband Access"
Broadband access, PPPoE, commands: complete command syntax, command mode, defaults, usage guidelines, and examples
PPP
Cisco IOS Dial Technologies Configuration Guide; refer to "Part 9: PPP Configuration"
VPDN
Cisco IOS Dial Technologies Configuration Guide; refer to "Part 8: Virtual Templates, Profiles, and Networks"
PPP and VPDN commands: complete command syntax, command mode, defaults, usage guidelines, and examples
Subscriber Service Switch
Subscriber Service Switch feature module
Standards
MIBs
None
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:
RFCs
Technical Assistance
Command Reference
The following commands are introduced or modified in the feature or features documented in this module. For information about these commands, see the Cisco IOS Broadband Access Aggregation and DSL Command Reference at http://www.cisco.com/en/US/docs/ios/bbdsl/command/reference/bba_book.html. For information about all Cisco IOS commands, go to the Command Lookup Tool at http://tools.cisco.com/Support/CLILookup or to the Cisco IOS Master Commands List.
•
•
•
•
CCDE, CCENT, Cisco Eos, Cisco Lumin, Cisco Nexus, Cisco StadiumVision, Cisco TelePresence, Cisco WebEx, the Cisco logo, DCE, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn and Cisco Store are service marks; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0809R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
© 2008 Cisco Systems, Inc. All rights reserved.