|
|
Feature History
12.2(4)T This feature was introduced.
Release
Modification
This document describes the Customer Profile Idle Timer Enhancements for Interesting Traffic feature in Cisco IOS Release 12.2(4)T. It includes the following sections:
Before Cisco IOS Release 12.2(4)T, only the dialer idle timer could be reset for interesting traffic on a dialer interface. The Customer Profile Idle Timer Enhancements for Interesting Traffic feature available in Cisco IOS Release 12.2(4)T supports a PPP idle timer based on interesting traffic for dialer interfaces. (Existing PPP idle timer behavior is not changed when traffic is not classified.) New commands and functionality provided with this feature also address idle timer issues for virtual access dialup network (VPDN) sessions, which use virtual access (projected) interfaces and rely on the PPP idle timer mechanism.
The Resource Pool Manager (RPM) per-customer profile dialer idle timer function works with Multilink PPP (MLP) and Multichassis Multilink PPP (MMP), providing that the master bundle interface is not a virtual access (projected) interface. For virtual access interfaces such as those used in a VPDN or with MMP where the dialer idle timer cannot be used, you can now classify the IP traffic that resets the PPP idle timer. A named access list is also supported.
Additionally, because RPM customer profiles are applied on a per-Dialed Number Identification Service (DNIS) basis and allow for configuring a per-customer profile dialer idle timer, the Customer Profile Idle Timer Enhancements for Interesting Traffic feature associates idle timers based on call type and DNIS.
The idle timer implementation in the Customer Profile Idle Timer Enhancements for Interesting Traffic feature specifies that for calls terminated on a network access server, a virtual access interface is cloned from the virtual template. This virtual access interface is linked to a physical interface on which is running a dialer timer. If the PPP idle timer is configured on the virtual template or provided by an authentication, authorization, and accounting (AAA) per-user interface configuration, the result is two idle timers, as follows:
Neither the dialer idle timer nor the PPP idle timer will run when the idle timer in the per-user configuration is set to 0. When the per-user idle timer is set to some value besides 0, that value overrides all local idle timer configurations.
The Customer Profile Idle Timer Enhancements for Interesting Traffic feature provides the following system idle timer benefits:
The PPP idle timer can classify IP traffic only in Cisco IOS Release 12.2(4)T.
The Customer Profile Idle Timer Enhancements for Interesting Traffic feature was developed for or tested on the following platforms:
See the next section for information about Feature Navigator and how to use this tool to determine the platforms and software images in which this feature is available.
Platform Support Through Feature Navigator
Cisco IOS software is packaged in feature sets that support specific platforms. To get updated information regarding platform support for this feature, access Feature Navigator. Feature Navigator dynamically updates the list of supported platforms as new platform support is added for the feature.
Feature Navigator is a web-based tool that enables you to quickly determine which Cisco IOS software images support a specific set of features and which features are supported in a specific Cisco IOS image.
To access Feature Navigator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions at http://www.cisco.com/register.
Feature Navigator is updated when major Cisco IOS software releases and technology releases occur. As of May 2001, Feature Navigator supports M, T, E, S, and ST releases. You can access Feature Navigator at the following URL:
Standards
None
MIBs
None
To obtain lists of supported MIBs by platform and Cisco IOS release, and to download MIB modules, go to the Cisco MIB website on Cisco.com at the following URL:
http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
RFCs
None
See the following sections for configuration tasks for the Customer Profile Idle Timer Enhancements for Interesting Traffic feature. Each task in the list is identified as either required or optional:
To configure a template to accept dialer interface timers, use the following commands beginning in global configuration mode:
| Command | Purpose | |
|---|---|---|
Step 1 | Router(config)# template name | Accesses the template configuration mode for configuring a particular customer profile template. |
Step 2 | Router(config-template)# dialer idle-timeout seconds | Sets the dialer idle timeout period in a virtual template interface. |
Step 3 | Router(config-template)# dialer-group dialer-list-number | Controls access by configuring an interface to belong to a specific dialing group. |
To configure a PPP idle timer based on interesting IP traffic, use the following commands beginning in global configuration mode:
| Command | Purpose | |
|---|---|---|
Step 1 | Router(config)# interface virtual-template number | Creates a virtual template interface that can be configured and applied dynamically in creating virtual access interfaces, and enters interface configuration mode. |
Step 2 | Router(config-if)# ppp timeout idle time | Sets PPP idle timeout parameters on the virtual template interface. |
Step 3 | Router(config-if)# ip idle-group {access-list-number |
access-list-name} {in | out}
| Configures interesting inbound traffic (using the in keyword) or outbound traffic (using the out keyword) on a virtual template interface for the PPP idle timer. |
See the configurations included in the "Configuration Examples" section for additional commands that you might configure.
To set the idle timer from AAA, configure the following RADIUS profile:
aaaa-idle Password = "password" Service-Type = Framed, Framed-Protocol = PPP, Idle-timeout = 60
To verify that the Customer Profile Idle Timer Enhancements for Interesting Traffic is configured correctly, perform the following verification steps:
Router# show caller timeout
Line User Host(s) Idle Location
* 0 con 0 idle 00:00:00
47 tty 47 st-5300-c3 Async interface 00:00:15 PPP: 11.1.1.2
Interface User Mode Idle Peer Address
Step 2 Enter the show caller timeout EXEC command again. Notice that the show caller timeout command displays the idle timeout configured as 20 seconds:
Router# show caller timeout
Session Idle Disconnect
Line User Timeout Timeout User in
con 0 - - - -
tty 47 st-5300-c3 - 00:30:00 00:29:43
As47 st-5300-c3 - 00:00:20 now
Step 3 Continue entering the show caller timeout command. The displays show the timers counting down and then disconnecting.
Router# show caller timeout
Session Idle Disconnect
Line User Timeout Timeout User in
con 0 - - - -
tty 47 st-5300-c3 - 00:30:00 00:29:43
As47 st-5300-c3 - 00:00:20 now
Router#
Router# show caller timeout
Session Idle Disconnect
Line User Timeout Timeout User in
con 0 - - - -
tty 47 - - 00:30:00 00:29:41
Router# show caller timeout
Session Idle Disconnect
Line User Timeout Timeout User in
con 0 - - - -
tty 47 - - 00:30:00 00:29:38
Router# show caller timeout
Session Idle Disconnect
Line User Timeout Timeout User in
con 0 - - - -
To troubleshoot the Customer Profile Idle Timer Enhancements for Interesting Traffic feature, use the following debugging commands:
To monitor and maintain the Customer Profile Idle Timer Enhancements for Interesting Traffic feature, use the following EXEC commands:
| Command | Purpose |
|---|---|
Router# show caller | Displays caller information. |
Router# show ip access-list | Displays the contents of all current IP access lists. |
Router# show users | Displays information about the active lines on the router. |
This section provides the following configuration examples:
The following partial example shows how to configure two customer profiles, each with different templates. Notice that each template sets the dialer idle timer differently:
resource-pool enable ! resource-pool profile customer prf_cust_1 limit base-size all limit overflow-size 0 dnis group dnis_g1 source template template1 ! resource-pool profile customer prf_cust_2 limit base-size all limit overflow-size 0 dnis group dnis_g2 source template template2 ! template template1 dialer idle-timeout 45 dialer-group 1 ! template template2 dialer idle-timeout 90 dialer-group 2 ! dialer dnis group dnis_g1 number 11111111 ! dialer dnis group dnis_g2 number 22222222
The following partial example shows how to configure an RPM customer profile that sets the dialer idle timer in a virtual template interface based on either inbound or outbound traffic:
resource-pool enable ! resource-pool profile customer prf_cust_1 limit base-size all limit overflow-size 0 dnis group dnis_g1 source template template1 ! template template1 dialer idle-timeout 45 either dialer-group 1 ! dialer dnis group dnis_g1 number 1231231234
The following example shows the configuration for a Cisco AS5300 series access server, which is part of a large-scale dial-out configuration. Notice that on virtual template interface 1 the PPP idle timer is configured to reset only on interesting inbound traffic, and that both dialer interface idle timers are set to 60 seconds:
hostname 5300 ! aaa new-model aaa authentication ppp default local group radius none aaa authorization network default local group radius none ! username 4500 password 0 cisco username 5300 password 0 cisco username 2500-1 password 0 cisco username 2500-2 password 0 cisco username LAC password 0 cisco username LNS password 0 cisco username SGBP password 0 cisco spe 1/0 2/9 firmware location system:/ucode/mica_port_firmware ! resource-pool enable ! resource-pool group resource modem range port 1/0 1/48 ! resource-pool group resource data range limit 20 ! resource-pool profile customer cust limit base-size all limit overflow-size 0 resource modem speech resource data digital dnis group dnis_g7 source template1 ! dialer dnis group dnis_g7 number 11111112 ip subnet-zero ! sgbp group MMP sgbp member 2500-2 10.0.38.3 sgbp ppp-forward ! vpdn enable no vpdn logging ! isdn switch-type primary-5ess ! template template1 dialer idle-timeout 27 dialer-group 1 ! controller T1 0 framing esf clock source line primary linecode b8zs pri-group timeslots 1-24 ! interface Loopback1 ip address 192.168.14.1 255.255.255.255 no ip route-cache no ip mroute-cache ! interface Ethernet0 ip address 10.0.38.14 255.255.255.0 no ip route-cache no ip mroute-cache ! interface Virtual-Template1 ip unnumbered Loopback1 peer default ip address pool local_pool ppp authentication chap callin ppp chap hostname name ppp timeout idle 60 ip idle-group 101 in ip idle-group 102 in ppp multilink ! interface Serial0:23 ip unnumbered Loopback1 encapsulation ppp ip mroute-cache load-interval 30 dialer load-threshold 1 outbound dialer-group 2 isdn switch-type primary-5ess isdn incoming-voice modem ppp authentication chap callin ppp multilink ! interface Async1 ip unnumbered Loopback1 encapsulation ppp dialer in-band dialer rotary-group 1 dialer-group 1 async mode dedicated ! interface Dialer1 ip unnumbered Loopback1 encapsulation ppp dialer in-band dialer idle-timeout 60 dialer-group 1 peer default ip address pool local_pool ppp authentication chap callin ppp chap hostname name ! ip local pool local_pool 10.1.14.1 10.1.14.254 ip classless ip route 172.0.0.0 255.0.0.0 Ethernet0 ip route 192.168.0.0 255.255.255.0 10.0.38.1 no ip http server ! access-list 101 deny icmp any any access-list 101 permit ip any any ! access-list 102 deny tcp any any access-list 102 permit ip any any ! dialer-list 1 protocol ip list 101 dialer-list 2 protocol ip list 102 dialer-list 3 protocol ip permit ! access-list 101 permit icmp any any access-list 102 deny ip any any radius-server host 172.69.70.72 auth-port 1645 acct-port 1646 radius-server retransmit 3 radius-server key cisco ! line con 0 exec-timeout 0 0 transport input none line 1 2 no exec exec-timeout 0 0 autoselect ppp script dialer dial script reset reset modem InOut modem autoconfigure discovery transport input all line 2 240 no exec exec-timeout 0 0 transport input all line aux 0 line vty 0 4 ! end
This section documents new and modified commands. All other commands used with this feature are documented in the Cisco IOS Release 12.2 command reference publications.
New Commands
Modified Command
To control access by configuring a virtual access interface to belong to a specific dialing group, use the dialer-group command in template configuration mode. To remove an interface from the specified dialer access group, use the no form of this command.
dialer-group dialer-list-number
Syntax Description
dialer-list-number Number of the dialer access group to which the specific interface belongs. This access group is defined with the dialer-list command. Acceptable values are positive numbers from 1 to 128.
Defaults
No access is predefined.
Command Modes
Template configuration
Command History
12.2(4)T This command was introduced for Resource Pool Manager (RPM) template configuration.
Release
Modification
Usage Guidelines
An interface can be associated with only a single dialer access group; multiple dialer-group assignment is not allowed. A second dialer access group assignment will override the first. A dialer access group is defined with the dialer-group template configuration command. The dialer-list command associates an access list with a dialer access group. For Cisco IOS Release 12.2(4)T, the number of dialer groups that can be configured was increased from 10 to 128.
Packets that match the dialer group specified trigger a connection request.
Examples
The following example specifies dialer access group number 1. The destination address of the packet is evaluated against the access list specified in the associated dialer-list command. If it passes, either a call is initiated (if no connection has already been established) or the idle timer is reset (if a call is currently connected).
template template1 dialer-group 1
Related Commands
Defines a dialer list to control dialing by protocol or by a combination of protocol and an access list.
Command
Description
To set the dialer idle timeout period in a virtual template interface, use the dialer idle-timeout command in template configuration mode. To change the dialer idle timeout, use the no form of this command.
dialer idle-timeout seconds [inbound | either]
Syntax Description
seconds Resets the idle timer after the period specified, in seconds. inbound (Optional) Resets the idle timer after the period specified based only on inbound traffic. either (Optional) Resets the idle timer after the period specified based on either inbound or outbound traffic.
Defaults
No default behavior or values.
Command Modes
Template configuration
Command History
12.2(4)T This command was introduced for Resource Pool Manager (RPM) template configuration.
Release
Modification
Usage Guidelines
The dialer idle-timeout command allows the dialer idle timeout period to be specified in an RPM customer profile and applied on a per-dialed number identification service (DNIS) basis. The dialer idle timer configuration set in this command will override dialer idle timer configurations for dialer, group asynchronous, and virtual template interfaces, unless a per-user configuration is received from an authentication, authorization, and accounting (AAA) per-user interface configuration. In this case, the settings from the AAA per-user interface configuration take precedence over the local interface configuration.
The dialer idle-timeout command also works well with Multilink PPP (MLP) and Multichassis Multilink PPP (MMP) when the master bundle interface is not a virtual access (projected) interface. For virtual access interfaces where the dialer idle timer cannot be used, you can classify traffic that resets the PPP idle timer using the ip idle-group commands.
Examples
The following example sets the idle timeout period in an RPM customer profile template to 45 seconds:
template template 1 dialer idle-timeout 45
The following example sets the idle timeout period in an RPM customer profile template to 60 seconds and resets the idle timer based on either inbound or outbound traffic:
template template 1 dialer idle-timeout 60 either
The following example sets the idle timeout period in an RPM customer profile template to 100 seconds and resets the idle timer based only on inbound traffic:
template template 1 dialer idle-timeout 100 inbound
Related Commands
Controls access by configuring a virtual template interface to belong to a specific dialing group. Configures interesting traffic on an interface for the PPP idle timer. template Accesses the template configuration mode for configuring a particular customer profile template.
Command
Description
To define a dial-on-demand routing (DDR) dialer list for dialing by protocol or by a combination of a protocol and a previously defined access list, use the dialer-list protocol command in global configuration mode. To delete a dialer list, use the no form of this command.
dialer-list dialer-group protocol protocol-name {permit | deny | list access-list-number | access-group}
Syntax Description
dialer-group Number of a dialer access group identified in any dialer-group interface or template configuration command. Up to 128 dialer groups can be configured. protocol-name One of the following protocol keywords: appletalk, bridge, clns, clns_es, clns_is, decnet, decnet_router-L1, decnet_router-L2, decnet_node, ip, ipx, vines, or xns. permit Permits access to an entire protocol. deny Denies access to an entire protocol. list Specifies that an access list will be used for defining a granularity finer than an entire protocol. access-list-number Access list numbers specified in any Banyan VINES, DECnet, IP, Novell IPX, or XNS standard or extended access lists, including Novell IPX extended service access point (SAP) access lists and bridging types. See Table 1 for the supported access list types and numbers. access-group Filter list name used in the clns filter-set and clns access-group commands.
Defaults
No dialer lists are defined.
Command Modes
Global configuration
Command History
10.0 This command was introduced. 10.3 The list keyword, and the access-list-number and access-group arguments were added. 12.2(4)T The number of dialer groups that can be configured was increased to 128.
Release
Modification
Usage Guidelines
The various no forms of this command have the following effects:
The dialer-list protocol command permits or denies access to an entire protocol.
The dialer-list protocol command with the optional list keyword provides finer permission granularity and also supports protocols that were not previously supported. This command also applies protocol access lists to dialer access groups to control dialing using DDR. The dialer access groups are defined with the dialer-group command.
Table 1 lists the access list types and numbers that the dialer-list protocol command supports. The table does not include International Organization for Standardization Connectionless Network Service (ISO CLNS) because that protocol uses filter names instead of predefined access list numbers.
| Access List Type | Access List Number Range (Decimal) |
|---|---|
AppleTalk | 600-699 |
Banyan VINES (standard) | 1-100 |
Banyan VINES (extended) | 101-200 |
DECnet | 300-399 |
IP (standard) | 1-99 |
IP (extended) | 100-199 |
Novell IPX (standard) | 800-899 |
Novell IPX (extended) | 900-999 |
Transparent Bridging | 200-299 |
XNS | 500-599 |
Examples
Dialing occurs when an interesting packet (one that matches access list specifications) needs to be output on an interface. Using the standard access list method, packets can be classified as interesting or uninteresting. In the following example, Interior Gateway Routing Protocol (IGRP) TCP/IP routing protocol updates are not classified as interesting and do not initiate calls:
access-list 101 deny igrp 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.0
The following example classifies all other IP packets as interesting and permits them to initiate calls:
access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
Then the following command places list 101 into dialer access group 1:
dialer-list 1 protocol ip list 101
In the following example, DECnet access lists allow any DECnet packets with source area 10 and destination area 20 to trigger calls:
access-list 301 permit 10.0 0.1023 10.0 0.1023 access-list 301 permit 10.0 0.1023 20.0 0.1023
Then the following command places access list 301 into dialer access group 1:
dialer-list 1 protocol decnet list 301
In the following example, both IP and VINES access lists are defined. The IP access lists define IGRP packets as uninteresting, but permits all other IP packets to trigger calls. The VINES access lists do not allow Routing Table Protocol (RTP) routing updates to trigger calls, but allow any other data packets to trigger calls.
access-list 101 deny igrp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 ! vines access-list 107 deny RTP 00000000:0000 FFFFFFFF:FFFF 00000000:0000 FFFFFFFF:FFFF vines access-list 107 permit IP 00000000:0000 FFFFFFFF:FFFF 00000000:0000 FFFFFFFF:FFFF
Then the following two commands place the IP and VINES access lists into dialer access group 1:
dialer-list 1 protocol ip list 101 dialer-list 1 protocol vines list 107
In the following example, a CLNS filter is defined and then the filter is placed in dialer access group 1:
clns filter-set ddrline permit 47.0004.0001.... ! dialer-list 1 protocol clns list ddrline
Related Commands
access-list Configures the access list mechanism for filtering frames by protocol type or vendor code. clns filter-set Builds a list of CLNS address templates with associated permit and deny conditions for use in CLNS filter expressions. Controls access by configuring a virtual template interface to belong to a specific dialing group. vines access-list Creates a VINES access list.
Command
Description
To configure interesting traffic on a virtual template interface for the PPP idle timer, use the ip idle-group command in interface configuration mode. To remove the configuration, use the no form of this command.
ip idle-group {access-list-number | access-list-name} {in | out}
Syntax Description
access-list-number Specifies an IP access list number. access-list-name Specifies an IP access list name. in Classifies IP inbound traffic for the PPP idle timer. out Classifies IP outbound traffic for the PPP idle timer.
Defaults
No default behavior or values.
Command Modes
Interface configuration
Command History
12.2(4)T This command was introduced.
Release
Modification
Usage Guidelines
The ip idle-group commands are applied to a virtual template interface and configure interesting traffic on either inbound or outbound traffic.
Examples
The following example specifies access list 101 as interesting for inbound IP traffic and access list 102 as interesting for outbound IP traffic:
interface virtual-template 1 ppp timeout idle 60 ip idle-group 101 in ip idle-group 102 out
Related Commands
Sets the PPP idle timeout parameters on a virtual template interface.
Command
Description
To set PPP idle timeout parameters on a virtual template interface, use the ppp timeout idle command in interface configuration mode. To reset the time value, use the no form of this command.
ppp timeout idle time
Syntax Description
time Line idle time, in seconds, allowed before disconnecting the line.
Defaults
No default behavior or values.
Command Modes
Interface configuration
Command History
12.2(4)T This command was introduced for virtual template interfaces.
Release
Modification
Usage Guidelines
This version of the ppp timeout idle command is used on virtual template interfaces to control how long the connection can be idle before it is terminated.
Examples
The following example sets the PPP idle timeout to 45 seconds in virtual template interface 1:
interface Virtual-Template1 ip unnumbered Loopback1 peer default ip address pool local_pool ppp authentication chap callin ppp chap hostname name ppp timeout idle 45 ip idle-group 101 in ip idle-group 102 in ppp multilink
Related Commands
absolute-timeout Sets the interval for closing user connections on a specific line or port. dialer fast-idle (interface configuration) Specifies the amount of time that a line for which there is contention will stay idle before it is disconnected and the competing call is placed. dialer hold-queue Allows interesting outgoing packets to be queued until a modem connection is established. Specifies the idle time on a virtual template interface before the line is disconnected.
Command
Description
interesting packets—Dialer access lists are central to the operation of DDR. In general, access lists are used as the screening criteria for determining when to initiate DDR calls. All packets are tested against the dialer access list. Packets that match a permit entry are deemed interesting.
Posted: Wed May 22 10:20:45 PDT 2002
All contents are Copyright © 1992--2002 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.