Peer Pool Backup
The Asynchronous Line Monitoring feature feature provides control over selection of IP address pools in large-scale dial-out networks where authentication, authorization, and accounting (AAA) servers and network access servers (NASs) are controlled by different groups. This feature allows you to define alternate sources for IP address pools in the event the original address pool is not present or is exhausted.
Feature History for the Asynchronous Line Monitoring feature Feature
|
|
12.2(8)B |
This feature was introduced. |
12.3(4)T |
This feature was integrated into Cisco IOS Release 12.3(4)T. |
Finding Support Information for Platforms and Cisco IOS Software Images
Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.
Prerequisites for Peer Pool Backup
The peer pool backup and peer pool static interface configuration commands introduced with the Asynchronous Line Monitoring feature feature work with IP address pools. Before beginning the configuration tasks, see the “Related Documents” section for information about IP address pooling configuration tasks.
Information About Peer Pool Backup
To configure Peer Pool Backup, you need to understand the following concepts:
Alternate Sources for IP Address Pools
The Asynchronous Line Monitoring feature feature is useful in large-scale dial-out environments with large numbers of independently controlled AAA servers that can make it difficult for the NAS to provide proper IP address pool resolution in the following cases:
- A new pool name is introduced by one of the AAA servers before that pool is set up on the NAS.
- An existing local pool becomes exhausted, but the owner of that AAA server has other pools that would be acceptable as an IP address source.
The Asynchronous Line Monitoring feature feature introduces two new interface configuration commands, peer pool backup and peer pool static, which allow you to define alternate sources for IP address pools in the event the original address pool is not present or is exhausted.
Backup Pools to Prevent Local Pool Exhaustion
The problems of pool name resolution and specific local pool exhaustion can be solved by configuring backup pool names on a per-interface basis using the peer default ip address pool and peer pool backup interface configuration commands. The peer pool backup command uses the local pool names configured with the peer default ip address pool interface configuration command to supplement the pool names supplied by AAA.
Limit Loading of Dynamic Pools
The peer pool static command controls attempts by the pool software to load dynamic pools in response to a pool request from a specific interface. These dynamic pools are loaded at system startup and refreshed whenever a pool name not configured on the NAS is specified for IP address allocation. Because the behavior of the NAS in response to a missing pool name can be changed using the peer pool backup interface configuration command, you can use the peer pool static command to control attempts to load all dynamic pools when the AAA-supplied pool name is not an existing local pool name.
Peer Pool Backup Feature Interface Compatibility
The Asynchronous Line Monitoring feature feature has been successfully tested at Cisco Systems in networks using ISDN, asynchronous, and digital subscriber line (DSL) interfaces.
How to Configure Peer Pool Backup
The following sections describe how to configure the Asynchronous Line Monitoring feature feature. Each task is identified as required or optional.
Configuring IP Pools
Perform the following task to create one or more local IP address pools and directs the pool software to use the local pool name that is configured with the peer default ip address pool interface configuration command, to supplement the pool names supplied by AAA.
SUMMARY STEPS
1. enable
2. configure terminal
3. interface type number
4. peer pool backup
5. peer default ip address pool pool-name-list
6. exit
7. ip local pool { named-address-pool | default } { first-IP-address [ last-IP-address ]} [ group group-name ] [ cache-size size ]
8. exit
DETAILED STEPS
|
|
|
Step 1 |
enable
Router> enable |
Enables privileged EXEC mode.
- Enter your password if prompted.
|
Step 2 |
configure terminal
Router# configure terminal |
Enters global configuration mode. |
Step 3 |
interface type number
Router(config)# interface serial 1:23 |
Specifies the interface and enters interface configuration mode. |
Step 4 |
peer pool backup
Router(config-if)# peer pool backup |
Directs the pool software to use the local pool name configured with the peer default ip address pool interface configuration command to supplement the pool names supplied by AAA. |
Step 5 |
peer default ip address pool pool-name-list
Router(config-if)# peer default ip address pool pool3 pool4 pool5 |
Specifies a list of pools for the interface to use, in search order. |
Step 6 |
exit
Router(config-if)# exit |
Exits interface configuration mode and returns to global configuration mode. |
Step 7 |
ip local pool { named-address-pool | default } { first-IP-address [ last-IP-address ]} [ group group-name ] [ cache-size size ]
Router(config)# ip local pool pool3 10.4.4.2 |
Creates one or more local IP address pools. |
Step 8 |
exit
Router(config)# exit |
Exits configuration mode. |
This task configures basic IP address pooling and pool backup. See the “Configuration Examples for Peer Pool Backup” section for additional configuration information.
Suppressing Dynamic Pool Load Attempts
Perform the following task to suppress an attempt to load all dynamic pools from the AAA server.
SUMMARY STEPS
1. enable
2. configure terminal
3. interface type number
4. peer pool static
5. exit
DETAILED STEPS
|
|
|
Step 1 |
enable
Router> enable |
Enables privileged EXEC mode.
- Enter your password if prompted.
|
Step 2 |
configure terminal
Router# configure terminal |
Enters global configuration mode. |
Step 3 |
Router(config)# interface type number
Router(config)# interface Virtual-Template 1 |
Specifies the interface and enters interface configuration mode. |
Step 4 |
Router(config-if)# peer pool static
Router(config-if)# peer pool static |
Suppresses an attempt to load all dynamic pools from the AAA server. |
Step 5 |
Router(config-if)# exit
Router(config-if)# exit |
Exits interface configuration mode. |
See the “Configuration Examples for Peer Pool Backup” section for additional configuration information.
Verifying Asynchronous Line Monitoring feature
Perform this task to verify that the peer pool backup command has been configured correctly. The report from the debug ip peer command indicates the order in which the pool software searches for IP address pools. The report should also indicate that only the backup IP address pools are searched; any attempt to load a dynamic IP address pool will be suppressed when the peer pool static command is configured, or if the pools were refreshed within the last two minutes.
SUMMARY STEPS
1. enable
2. debug ip peer
DETAILED STEPS
Step 1 enable
Use this command to enter privileged EXEC mode. Enter your password if prompted.
Router> enable
Step 2 debug ip peer
Use this command to display a report about backup pool activity. Comments are enclosed within <angle brackets> and commands involved in the reports are in bold text.
*Jan1 02:11:10.455: Se0:22 AAA/AUTHOR/IPCP: Start.Her address 0.0.0.0, we want 0.0.0.0
*Jan1 02:11:10.455: Se0:22 AAA/AUTHOR/IPCP: Says use pool poolA
*Jan1 02:11:10.459: Se0:22: IPPOOL: using pool poolA
*Jan1 02:11:10.459: Se0:22: Use AAA pools: poolA
< AAA-supplied pool name. >
*Jan1 02:11:10.459: Se0:22: Backup pools : back1 back2
< Determines pool names to use if address is not obtained from AAA pool name. >
< Only seen when the peer pool backup command is configured. >
< Pool name from peer default ip address pool back1 back2 command. >
*Jan1 02:11:10.459: Se0:22: Pools to search : poolA back1 back2
< Pools searched in the above order, AAA-supplied name first. >
*Jan1 02:11:10.459: Se0:22 AAA/AUTHOR/CONFIG: Pools refreshed for pool poolA
< Since pool poolA is missing, an attempt is made to load it as a >
< dynamic pool from AAA >
*Jan1 02:11:10.459: AAA/AUTHOR (0x5): Pick method list 'default'
*Jan1 02:11:10.475: Se0:22 AAA/AUTHOR/CONFIG: Set pool timeout to 2 mins
*Jan1 02:11:10.475: Se0:22 AAA/AUTHOR/CONFIG: Pool back1 refresh skipped
< Another dynamic pool load attempt was suppressed for pool "back1," which
< is also missing since software just loaded all dynamic pools when
< looking for pool poolA. >
*Jan1 02:11:10.475: Se0:22 AAA/AUTHOR/CONFIG: Pools refreshed 0 seconds ago
< Software tries to refresh the dynamic pools from AAA if 2 minutes have elapsed. >
*Jan1 02:11:10.475: Se0:22 AAA/AUTHOR/CONFIG: Pools will timeout in 2 mins
< The above message is due to the presence of some dynamic pools on AAA where
< these dynamic pools have a life time of 2 minutes; unrelated to the
< pools we are focusing on, but loaded in response to the dynamic load. >
*Jan1 02:11:10.475: Se0:22: Pool back2 returned address = 10.2.2.2
*Jan1 02:18:19.063: Se0:22 AAA/AUTHOR/IPCP: Says use pool poolA
*Jan1 02:18:19.063: Se0:22: IPPOOL: using pool poolA
*Jan1 02:18:19.067: Se0:22: AAA pools to match: poolA
*Jan1 02:18:19.067: Se0:22: Configured pools: back1 back2 poolA
*Jan1 02:18:19.067: Se0:22: Matched AAA pools : poolA
*Jan1 02:18:19.067: Se0:22: Use AAA pools: poolA
*Jan1 02:18:19.067: Se0:22: Backup pools : back1 back2 poolA
*Jan1 02:18:19.067: Se0:22: Pools to search : poolA back1 back2
*Jan1 02:18:19.067: Se0:22: Dynamic IP pool loading suppressed: poolA
< No attempt is made to dynamically load pools, even if the pool >
< being processed ("poolA") is not present. This is due to the >
< peer pool static command; otherwise software would try to load >
< dynamic pools if they have not been load in the last 2 minutes. >
*Jan1 02:18:19.067: Se0:22: Dynamic IP pool loading suppressed: back1
*Jan1 02:18:19.067: Se0:22: Dynamic IP pool loading suppressed: back2
*Jan1 02:18:19.067: Se0:22: Pool back2 returned address = 10.2.2.2
Verifying That a Pool Was Not Skipped
When the IP pool backup configuration is verified, there may be a situation where the dynamic pools were recently refreshed and messages will indicate that pool refresh was not done. The following partial output from the debug ip peer command shows how this situation would be reported; comments are enclosed within <angle brackets> and commands involved in the reports are in bold text.
*Jan1 02:40:44.507: Se0:22 AAA/AUTHOR/IPCP: Says use pool poolA
*Jan1 02:40:44.507: Se0:22: IPPOOL: using pool poolA
*Jan1 02:40:44.507: Se0:22: Use AAA pools: poolA
*Jan1 02:40:44.507: Se0:22: Backup pools : back1 back2
*Jan1 02:40:44.511: Se0:22: Pools to search : poolA back1 back2
*Jan1 02:40:44.511: Se0:22 AAA/AUTHOR/CONFIG: Pool poolA refresh skipped
*Jan1 02:40:44.511: Se0:22 AAA/AUTHOR/CONFIG: Pools refreshed 84 seconds ago
< The peer pool static command was not configured, but software has already >
< refreshed dynamic pools from AAA in the last 2 minutes. >
*Jan1 02:40:44.511: Se0:22 AAA/AUTHOR/CONFIG: Pool back1 refresh skipped
*Jan1 02:40:44.511: Se0:22 AAA/AUTHOR/CONFIG: Pools refreshed 84 seconds ago
*Jan1 02:40:44.511: Se0:22 AAA/AUTHOR/CONFIG: Pools will timeout in 0 mins
*Jan1 02:40:44.511: Se0:22: Pool back2 returned address = 10.2.2.2
Monitoring and Maintaining Asynchronous Line Monitoring feature
To display statistics for any defined IP address pool, use the show ip local pool EXEC command.
Configuration Examples for Peer Pool Backup
This section provides the following configuration examples:
ISDN Pool Backup Configuration: Example
In the following partial example, the IP address pools configured with the peer default ip address pool command are searched by the pool software in the event the original address pool is not present:
aaa authentication ppp default group radius
aaa authorization exec default group radius
aaa authorization network default group radius
isdn switch-type primary-5ess
clock source line primary
ip address 10.4.4.1 255.255.255.0
peer default ip address pool pool3 pool4 pool5
isdn switch-type primary-5ess
dialer-list 1 protocol ip permit
ip local pool pool2 10.4.4.2
ip local pool pool3 10.4.4.3
ip local pool pool4 10.4.4.4
ip local pool pool5 10.4.4.5
DSL Static Pool Backup Configuration: Example
In the following partial example of a DSL network configuration, the peer pool static command prevents any attempt by the AAA server to load a dynamic IP address pool:
aaa authentication ppp default group radius
aaa authorization exec default group radius
aaa authorization network default group radius
interface ATM0/0/0.2 point-to-point
ip address 10.1.1.8 255.255.255.0
interface Virtual-Template 1
ip address 10.4.4.1 255.255.255.0
peer default ip address pool pool3 pool4 pool5
radius-server host 172.30.166.121
radius-server vsa send accounting
radius-server vsa send authentication
ip local pool pool2 10.4.4.2
ip local pool pool3 10.4.4.3
ip local pool pool4 10.4.4.4
ip local pool pool5 10.4.4.5
Pool Backup with Local Restrictions Configuration: Example
You can apply local restrictions on the use of a AAA-supplied pool name by using the peer match aaa-pools interface configuration command in the pool backup configuration. The peer match aaa-pools command allows you to specify that any AAA-supplied pool name must match one of the pool names supplied with the peer default ip address pool command.
In the following example, assume that there is a AAA-supplied IP address pool named poolA. When the peer match aaa-pools command is added to the configuration, the pool named poolA will not be used because it does not appear in the peer default ip address pool command; only the pools named pool1 and pool2 will be searched.
ip address 10.4.4.1 255.255.255.0
peer default ip address pool pool1 pool2
isdn switch-type primary-5ess
In the following example, a pool named poolA is added to the peer default ip address pool command list, so that now poolA will be used by the pool software and the search order will be poolA, pool1, and then pool2. The pool named poolA is used first because AAA-supplied data is always given precedence over local data.
ip address 10.4.4.1 255.255.255.0
peer default ip address pool poolA pool1 pool2
isdn switch-type primary-5ess
The debug ip peer command would show the following messages for these configurations (comments are in <angle brackets> and use bold text to indicate commands involved in the reports.):
*Jan1 02:08:23.919: Se0:22 AAA/AUTHOR/IPCP: Says use pool poolA
*Jan1 02:08:23.919: Se0:22: IPPOOL: using pool poolA
*Jan1 02:08:23.919: Se0:22: AAA pools to match: poolA
*Jan1 02:08:23.919: Se0:22: Configured pools: pool1 pool2
*Jan1 02:08:23.919: Se0:22: Matched AAA pools :
< The peer match aaa-pools command was specified, but pool named poolA was>
< not in the configured pool list, so the pool name provided by AAA is discarded >
*Jan1 02:08:23.919: Se0:22: Use AAA pools:
*Jan1 02:08:23.919: Se0:22: Backup pools : pool1 pool2
*Jan1 02:08:23.919: Se0:22: Pools to search : pool1 pool2
*Jan1 02:08:23.919: Se0:22 AAA/AUTHOR/CONFIG: Pools refreshed for pool pool1
*Jan1 02:08:23.919: Se0:22 AAA/AUTHOR/CONFIG: Pools refreshed for pool pool1
*Jan1 02:08:23.919: AAA/AUTHOR (0x3): Pick method list 'default'
*Jan1 02:08:23.967: Se0:22 AAA/AUTHOR/CONFIG: Set pool timeout to 2 mins
*Jan1 02:08:23.967: Se0:22 AAA/AUTHOR/CONFIG: Pools will timeout in 2 mins
*Jan1 02:08:23.967: Se0:22: Pool pool2 returned address = 10.2.2.2
*Jan1 02:08:23.967: Se0:22 AAA/AUTHOR/IPCP: Pool returned 10.2.2.2
Additional References
The following sections provide references related to the Asynchronous Line Monitoring feature feature.
MIBs
|
|
None |
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: http://www.cisco.com/go/mibs |
Technical Assistance
|
|
The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies. To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds. Access to most tools on the Cisco Support website requires a Cisco.com user ID and password. |
http://www.cisco.com/techsupport |
Command Reference
The following commands are introduced or modified in the feature or features documented in this module. For information about these commands, see the Cisco IOS Dial Technologies Command Reference at http://www.cisco.com/en/US/docs/ios/dial/command/reference/dia_book.html. For information about all Cisco IOS commands, go to the Command Lookup Tool at http://tools.cisco.com/Support/CLILookup or to the Cisco IOS Master Commands List.
- peer pool backup
- peer pool static
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2007–2009 Cisco Systems, Inc. All rights reserved.