Cisco IOS XE Access Node Control Protocol Configuration Guide, Release 2 - Multiservice Activation in Access-Accept Message [Cisco IOS XE Software]

Table Of Contents

Multiservice Activation in Access-Accept Message

Finding Feature Information

Contents

Restrictions for Multiservice Activation in Access-Accept Message

Information About Multiservice Activation in Access-Accept Message

Multiservice Activation in Access-Accept Message Overview

QoS Policy for VSA 250

How to Configure Multiservice Activation in Access-Accept Message

Activating a Session Service Using Access-Accept

Configuration Examples for Multiservice in Access-Accept Message

Activating QoS Services Using VSA 250: Example

Additional References

Related Documents

RFCs

Technical Assistance

Feature Information for Multiservice Activation in Access-Accept Message

Multiservice Activation in Access-Accept Message

First Published: June 19, 2009

Last Updated: June 25, 2009

The Multiservice Activation in Access-Accept Message feature is part of Access Node Control Protocol (ANCP) and allows multiple services to be included in a single RADIUS Access-Accept message.This feature is similar to the Multiservice Activation and Deactivation in a Change of Authorization (CoA) Message feature, but in this case all requested service activations are processed automatically. This means that if a service activation fails, no further service activations are processed, and any service that has already been activated by the Access-Accept message is deactivated.

Finding Feature Information

For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the "Feature Information for Multiservice Activation in Access-Accept Message" section.

Use Cisco Feature Navigator to find information about platform support and Cisco IOS XE software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.

Contents

•Restrictions for Multiservice Activation in Access-Accept Message

•Information About Multiservice Activation in Access-Accept Message

•How to Configure Multiservice Activation in Access-Accept Message

•Configuration Examples for Multiservice in Access-Accept Message

•Additional References

•Feature Information for Multiservice Activation in Access-Accept Message

Restrictions for Multiservice Activation in Access-Accept Message

•If one of the service activations fails, all unprocessed services from the Access-Accept message will be ignored, and any services from the Access-Accept message that have been activated will be deactivated.

•A two-stage application process exists when applying a quality of service (QoS) policy via a service in an Access-Accept message. The first stage involves parsing the policy and sending the policy value to the dataplane. The second stage involves the application of the QoS policy on the dataplane. In the instance where stage one is completed successfully, but stage two fails, the relevant service can indicate that the activation was successful.

Information About Multiservice Activation in Access-Accept Message

To configure multiservice activation in Access-Accept messages, you must understand the following concepts:

•Multiservice Activation in Access-Accept Message Overview

•QoS Policy for VSA 250

Multiservice Activation in Access-Accept Message Overview

An Access-Request message is sent by a RADIUS client to a RADIUS server to authenticate the user or subscriber profile included in the message. If the user or subscriber profile is:

•Acceptable—The RADIUS server may return an Access-Accept message

•Unacceptable—The RADIUS server may return an access-reject message

To enable multiservice activation, the Access-Accept message may include multiple Cisco generic VSA 250 (SSG_ACCOUNT_INFO) entries, with each VSA specifying a service name to be activated.

RSIM Format
vsa cisco generic 250 string "Aservice-name1"
vsa cisco generic 250 string "Aservice-name2"
vsa cisco generic 250 string "Aservice-name3"
RADIUS Format
07:06:23.234: RADIUS: Received from id 1645/36 11.12.13.2:1645, Access-Accept, len 112
07:06:23.238: RADIUS:  authenticator 92 C5 A2 F2 24 56 37 1E - 74 F4 C6 92 B0 E8 92 4C
07:06:23.238: RADIUS:  Vendor, Cisco       [26]  23  
07:06:23.238: RADIUS:   ssg-account-info   [250] 17  "Aservice-name-1"
07:06:23.238: RADIUS:  Vendor, Cisco       [26]  23  
07:06:23.238: RADIUS:   ssg-account-info   [250] 17  "Aservice-name-2"
07:06:23.238: RADIUS:  Vendor, Cisco       [26]  23  
07:06:23.238: RADIUS:   ssg-account-info   [250] 17  "Aservice-name-3"
Upon receipt of the Access-Accept message, the specified services are extracted and each service is activated serially. If a service activation fails, all unprocessed services from the Access-Accept message are ignored, and any services from the Access-Accept message that have been activated are deactivated.

Note The RSIM format for Access-Accept multiple services requests for QoS services is not applicable for multiple service activation or deactivation requests in a CoA message. The format for CoA messages is VSA 252. For more information see Multiservice Activation and Deactivation in a CoA Message module

QoS Policy for VSA 250

You can use VSA 250 concatenated QoS syntax with the RADIUS Access-Accept message while establishing a session. The syntax parses the VSA concatenated string and activates the QoS and Intelligent Services Gateway (ISG) policy.

Note ISG manages multiple QoS services in one Access-Accept message and applies the message to activate static and parameterized QoS.

How to Configure Multiservice Activation in Access-Accept Message

This section contains the following procedures:

•Activating a Session Service Using Access-Accept (optional)

Activating a Session Service Using Access-Accept

Configure Cisco VSA 250 in the service profile on RADIUS to dynamically activate a session service with Access-Accept. RADIUS uses VSA 250 in Access-Accept messages with the following syntax:

RSIM Format
vsa cisco generic 250 string
"Aservice-name-1"
Configuration Examples for Multiservice in Access-Accept Message

This section provides the following configuration example:

•Activating QoS Services Using VSA 250: Example

Activating QoS Services Using VSA 250: Example

To activate QoS Services, use the qos:vc-qos-policy-out syntax with the RADIUS Access-Accept message. The concatenated string is parsed and the QoS and ISG policy is activated.

The following example defines VSA 250 concatenated string parsing, and the activation of the ISG service and QoS policies:

qos:<qos-attribute-name>=<attribute value>[;qos:<qos-attribute-name>=<attribute value>...]

qos-attribute-name

Displays the QoS attribute name. The accepted attributes for the QoS attribute name in this special concatenated format are:

vc-qos-policy-in

vc-qos-policy-out

vc-weight

vc-watermark-min

vc-watermark-max

attribute value

Displays the value to be assigned to the QoS attribute. The acceptable range of values are determined by the platform.

If the target session is an ATM VC, the vc-weight, vc-watermark-min, and vc-watermark-max attributes are interpreted.

The following example displays the concatenated QoS syntax for VSA 250:

vsa cisco generic 250 string "Aqos:vc-qos-policy-out=IPOne_out;qos:vc-qos-policy-in=IPOne_in"
Additional References

The following sections provide references related to the Multiservice Activation in Access-Accept Message feature.

Related Documents

Related Topic

Document Title

IEEE 802.1Q VLAN

Cisco IOS IEEE 802.1Q Support, Release 12.0(1)T feature module

Access-Node Control Protocol

Metro Ethernet WAN Services and Architectures (white paper), Access Node Control Protocol

Queue-in-Queue VLAN Tags

IEEE 802.1Q-in-Q VLAN Tag Termination, Release 12.3T

ANCP commands

Cisco IOS Access Node Control Protocol Command Reference

RFCs

RFC

Title

ANCP extension draft

GSMP Extensions for Access Node Control Mechanism, Internet draft

RFC 3292

General Switch Management Protocol (GSMP) V3

RFC 3293

General Switch Management Protocol (GSMP), Packet Encapsulations for Asynchronous Transfer Mode (ATM), Ethernet and Transmission Control Protocol (TCP)

Technical Assistance

Description

Link

The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.

To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.

Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.

http://www.cisco.com/techsupport

Feature Information for Multiservice Activation in Access-Accept Message

Table 1 lists the release history for this feature.

Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which Cisco IOS XE software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.

Note Table 1 lists only the Cisco IOS XE software release that introduced support for a given feature in a given Cisco IOS XE software release train. Unless noted otherwise, subsequent releases of that Cisco IOS XE software release train also support that feature.

Table 1 Feature Information for Multiservice Activation in Access-Accept Message

Feature Name

Releases

Feature Information

Multiservice Activation in Access-Accept Message

Cisco IOS XE Release 2.4

The Multiservice Activation in Access-Accept Message feature supports dynamic activation of multiple services using RADIUS Access-Accept messages.

In Cisco IOS XE 2.4, this feature was introduced on the Cisco ASR 1000 Series Routers.

The following command was modified by this feature: subscriber service multiple-accept.

Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R)

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.

© 2009 Cisco Systems, Inc. All rights reserved.