Page 1 Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Text Part Number: OL-28375-03...
Page 3: Table Of Contents
Configuring RADIUS Server Group Specifying Method List Configuring Method Lists for AAA Defining AAA Attributes Creating Attributes of Specific Format Configuring RADIUS Attribute List Configuring RADIUS Attribute Format Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 4 Enabling a Service-Policy on a Subscriber Interface Defining Dynamic Templates Additional References Establishing Subscriber Sessions C H A P T E R 5 Subscriber Session Overview Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 5 PPPoE Session Throttle Configuring PPPoE Session Throttle Making DHCP Settings Enabling DHCP Proxy Configuring DHCP IPv4 Profile Proxy Class Configuring a Circuit-ID for an Interface Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 6 Packet Handling on Subscriber Interfaces IPv6 Neighbor Discovery Additional References Deploying the Quality of Service (QoS) C H A P T E R 6 Quality of Service Overview Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 7 Enabling the Mediation Device to Intercept VoIP and Data Sessions Radius-based Lawful Intercept Enabling RADIUS-based Lawful Intercept TCP MSS Adjustment Configuring the TCP MSS Value of TCP Packets Subscriber Session on Ambiguous VLANs Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 8 XML Support for BNG Features A P P E N D I X A AAA XML Support DHCP XML Support Control Policy XML Support Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x viii OL-28375-03...
Page 9 Action Handlers A P P E N D I X C BNG Use Cases and Sample Configurations A P P E N D I X D Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 10 Contents Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 11: Changes To This Document
Subscribe to What's New in Cisco Product Documentation, which lists all new and revised Cisco technical documentation, as an RSS feed and deliver content directly to your desktop using a reader application. The RSS feeds are a free service.
Page 12 Preface Obtaining Documentation and Submitting a Service Request Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 13: New And Changed Bng Features
This table summarizes the new and changed feature information for the Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, and tells you where they are documented. For a complete list of new and changed features in Cisco IOS XR Software, Release 4.3.x, see the New and Changed Features in Cisco IOS XR Software, Release 4.3.x for Cisco ASR 9000 Series Aggregation Services...
Page 14: Chapter:
Series Aggregation Services Router Broadband Network Gateway Command Reference for information on the commands used for configuring PADO delay for PPPoE Smart Server Selection feature. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 15: Chapter:
The tag support was added Release 4.3.1 RADIUS Attributes Appendix Attributes on for IETF Attributes on B chapter: LAC. • IETF Tagged Attributes on LAC, on page 295 Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 16: Chapter:
BNG support is added on Release 4.3.1 Broadband Network Gateway Support Cisco ASR 9922 Series Overview chapter: Aggregation Services • Hardware Routers. Requirements for BNG, on page 21 Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 17: Cisco Asr 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide
Commands chapter in Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Command Reference for information on the commands used for configuring LAC SSO. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 18: Cisco Asr 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide
Refer QOS Commands chapter in Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Command Reference for information on the commands used for Merging QoS Policy-maps. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 19: Cisco Asr 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide
Commands chapter in Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Command Reference for information on the commands used for Option 82 Relay Information Encapsulation. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 20: Cisco Asr 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide
Release 4.3.0 Establishing Subscriber introduced. Sessions chapter: • DHCPv6 Dual-Stack Lite Support, on page • Configuring AFTR Fully Qualified Domain Name for DS-Lite, on page 167 Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 21: Cisco Asr 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide
Maps for HTTP Redirection, on page • Configuring Policy Map for HTTP Redirect, on page 265 • Configuring Dynamic Template for Applying HTTPR Policy, on page 268 Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 22: Cisco Asr 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide
IPv6 over IPoE and PPPoE. BNG Satellite This feature was Release 4.3.0 Broadband Network Gateway Enhancements introduced. Overview chapter: • BNG Interoperability, on page 22 Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 23: Cisco Asr 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide
This feature was supported Release 4.3.0 Establishing Subscriber on Subscriber with enhancements. Sessions chapter: Interfaces • Packet Handling on Enhancements Subscriber Interfaces, on page 170 Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 24: Cisco Asr 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide
Refer ACL and ABF Commands chapter in Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Command Reference for information on the commands used for configuring QoS. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 25: Cisco Asr 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide
This feature was Release 4.3.0 Configuring Subscriber Lawful Intercept introduced. Features chapter: • Radius-based Lawful Intercept, on page 226 • Enabling RADIUS-based Lawful Intercept, on page 226 Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 26: Cisco Asr 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide
New and Changed BNG Features New and Changed Information Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 27: Broadband Network Gateway Overview
BNG is deployed by the service provider and is present at the first aggregation point in the network, such as the edge router. An edge router, like the Cisco ASR 9000 Series Router, needs to be configured to act as the BNG.
Page 28: Bng Architecture
BNG connects to the CPE through a multiplexer and Home Gateway (HG). The CPE represents the triple play service in telecommunications, namely, voice (phone), video (set top box), and data (PC). The individual Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x...
Page 29: Cisco Asr 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide
As the DHCP proxy, BNG itself maintains the address pool by acquiring it from DHCP server, and also manages the IP address lease. BNG communicates on Layer 2 with the client Home Gateway, and on Layer 3 with the DHCP server. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 30: Bng Role In Isp Network Models
As shown in the above figure, BNG is at the edge router, and its role is to connect to the core network through uplinks. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x...
Page 31: Bng Packaging
• L2TP Network Server (LNS)—The LNS is provided by the ISP. BNG Packaging The BNG pie, asr9k-bng-px.pie can be installed and activated on the Cisco ASR 9000 Series Router to access the BNG features. The install, uninstall, activate and deactivate operations can be performed without rebooting the router.
Page 32: Cisco Asr 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide
RP/0/RSP0/CPU0:router(admin)# install activate asr9k-bng-px.pie What to Do Next During upgrade from Release 4.2.1 to Release 4.3.0, it is recommended that the Cisco ASR 9000 base Note image pie (asr9k-mini-px.pie) is installed prior to installing the BNG pie (asr9k-bng-px.pie). After BNG pie is installed, you must copy BNG related configurations from the flash or tftp location to the router.
Page 33: Bng Configuration Process
• BNG is supported on Cisco ASR 9922 Series Aggregation Services Routers. • BNG is supported on Cisco ASR 9000 Series Aggregation Services Routers only with RSP-440 route switch processors. The RSP 2 route switch processor does not support BNG.
Page 34: Bng Interoperability
Two different topologies that nV Satellite supports are: • Bundled Ethernet ports on the CPE side of the Satellite node connected to the ASR9K through non-bundle configuration (static-pinning). Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 35: Cisco Asr 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide
• This topology is not supported on nV Satellite: ◦ Bundled Ethernet ports on the CPE side of the Satellite node, connected to the ASR9K through bundle Ethernet connections. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 36: Cisco Asr 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide
Broadband Network Gateway Overview BNG Interoperability Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 37: Configuring Authentication, Authorization, And Accounting Functions
The RADIUS server runs the Remote Authentication Dial-In User Service (RADIUS) protocol. (For details about RADIUS protocol, refer to RFC Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x...
Page 38: Cisco Asr 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide
The RADIUS protocol runs on a distributed client-server system. The RADIUS client runs on BNG (Cisco ASR 9000 Series Router) that sends authentication requests to a central RADIUS server. The RADIUS server contains all user authentication and network service access information.
Page 39: Using Radius Server Group
6. load-balance method least-outstanding batch-size size ignore-preferred-server 7. server host_name acct-port accounting_port_number auth-port authentication_port_number 8. source-interface name value 9. vrf name 10. Use the commit or end command. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 40: Cisco Asr 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide
0 to 65535. Example: If no value is specified, then the default is 1645 for RP/0/RSP0/CPU0:router(config-sg-radius)# server 1.2.3.4 auth-port, and 1646 for acct-port. acct-port 455 auth-port 567 Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 41: Specifying Method List
On BNG, you have to specify the method list and the server group that will be used for AAA services. For specifying method lists, see Configuring Method Lists for AAA, on page Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 42: Configuring Method Lists For Aaa
... Step 5 Use the commit or end command. commit—Saves the configuration changes and remains within the configuration session. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 43: Defining Aaa Attributes
CLI or RADIUS through configured "activate" actions on the Policy Rule Engine, or through CoA "activate-service" requests. Services can also be deactivated directly (removing all the involved features within Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x...
Page 44: Cisco Asr 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide
"@" as the username. Then, "text" is dropped from the input, and the new username is "abc.com". To apply username truncation function to a named-attribute format, see Configuring AAA Attribute Format Function, on page Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 45: Creating Attributes Of Specific Format
An example of constructing the NAS-Port-ID from just the BNG port information, and with "0/0/0/0/0/0" appended at the end for circuit-ID, is: aaa attribute format NAS-PORT-ID-FORMAT2 format-string “eth %s/%s/%s:%s.%s 0/0/0/0/0/0” physical-slot physical-subslot physical-port outer-vlan-Id inner-vlan-id Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 46: Cisco Asr 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide
The called-station-ID is a RADIUS attribute that uses Dialed Number Identification (DNIS), or similar technology. It allows the NAS to send to the Access-Request packet, the phone number that the user called from. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 47: Cisco Asr 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide
(RADIUS attribute 61). The permissible nas-port type values are: Nas-port-types Values Whether value can be Whether value can be derived from configured on the associated interface interface configuration mode ASYNC Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 48: Cisco Asr 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide
SYNC ISDN ISDN_V120 ISDN_V110 VIRTUAL ISDN_PIAFS ETHERNET PPPATM PPPOEOA PPPOEOE PPPOEOVLAN PPPOEOQINQ VIRTUAL_PPPOEOE VIRTUAL_PPPOEOVLAN VIRTUAL_PPPOEOQINQ IPSEC IPOEOE IPOEOVLAN IPOEOQINQ VIRTUAL_IPOEOE VIRTUAL_IPOEOVLAN VIRTUAL_IPOEOQINQ Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 49: Configuring Radius Attribute List
NAS-Port-Type, the NAS-Port attribute is not sent to the RADIUS server. Configuring RADIUS Attribute List Perform this task to create a RADIUS attribute list that is used for filtering authorization and accounting attributes. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 50: Cisco Asr 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide
Step 6 Use the commit or end command. commit—Saves the configuration changes and remains within the configuration session. end—Prompts user to take one of these actions: Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 51: Configuring Radius Attribute Format
4. nas-port-id format format name 5. Use the commit or end command. DETAILED STEPS Command or Action Purpose Step 1 configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 52: Configuring Radius Attribute Nas-Port-Type
40 nas-port-id format ADEF Configuring RADIUS Attribute Nas-port-type Perform this task to configure RADIUS Attribute nas-port-type on a physical interface or VLAN sub-interface: Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 53 • Cancel—Remains in the configuration mode, without committing the configuration changes. Configuring RADIUS Attribute Nas-port-type: An example configure interface gigabitEthernet 0/0/0/0 aaa radius attribute nas-port-type Ethernet Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 54: Configuring Aaa Attribute Format Function
• Yes— Saves configuration changes and exits the configuration session. • No—Exits the configuration session without committing the configuration changes. • Cancel—Remains in the configuration mode, without committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 55: Making Radius Server Settings
Configuring RADIUS Server Settings Perform this task to make RADIUS server specific settings on the BNG router. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 56 Specifies the per-server encryption key that overrides the default, and takes the value 0 or 7, which indicates that the unencrypted key will follow. Example: RP/0/RSP0/CPU0:router(config-radius-host)# radius-server key 7 rngiry Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 57 Configures BNG to use a total of 200 ports as the source ports for sending out RADIUS requests. Example: RP/0/RSP0/CPU0:router(config)# radius-server source-port extended Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 58 500 radius-server vsa attribute ignore unknown \\Configuring RADIUS Attribute List radius-server attribute list list_! attribute B C attribute vendor-id vendor-type 10 Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 59: Configuring Automated Testing
43 radius-server ipv4 dscp default Configuring Automated Testing Perform this task to test if the external RADIUS server is UP or not. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 60 • Cancel—Remains in the configuration mode, without committing the configuration changes. Configuring Automated Testing: An example configure radius-server idle-time 60 radius-server test username user_1 Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 61: Setting Ip Dscp For Radius Server
• Yes— Saves configuration changes and exits the configuration session. • No—Exits the configuration session without committing the configuration changes. • Cancel—Remains in the configuration mode, without committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 62: Balancing Transaction Load On The Radius Server
3. radius-server load-balance method least-outstanding ignore-preferred-server batch-size size 4. Use the commit or end command. DETAILED STEPS Command or Action Purpose Step 1 Enters global configuration mode. configure Example: RP/0/RSP0/CPU0:router# configure Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 63: Configuring Load Balancing For A Named Radius Server Group
Perform this task to activate the load balancing function for a named RADIUS server group. As an example, in this configuration the preferred server is set to be ignored. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x...
Page 64 • Yes— Saves configuration changes and exits the configuration session. • No—Exits the configuration session without committing the configuration changes. • Cancel—Remains in the configuration mode, without committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 65: Throttling Of Radius Records
For activating throttling on a server group, see Configuring RADIUS Throttling on a Server Group, on page Configuring RADIUS Throttling Globally Perform this task to activate RADIUS throttling globally. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 66 Step 6 Use the commit or end command. commit—Saves the configuration changes and remains within the configuration session. end—Prompts user to take one of these actions: Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 67: Configuring Radius Throttling On A Server Group
Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 2 aaa group server radius server_group_name Configures the AAA (RADIUS) server-group definition. Example: RP/0/RSP0/CPU0:router(config)# aaa group server radius Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 68: Radius Change Of Authorization (Coa) Overview
CoA is an extension to the RADIUS standard that allows sending asynchronous messages from RADIUS servers to a RADIUS client, like BNG. A CoA server can be a different from the RADIUS server. Note Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 69 • When a duplicate request with identical parameters comes from the CoA to apply a parameterized service. BNG sends a CoA NACK message to the CoA server with an error code as an invalid attribute under these scenarios: Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 70: Service Accounting
Accounting records for each service enabled on a subscriber can be sent to the configured RADIUS server. These records can include service-start, service-stop, and service-interim records containing the current state Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x...
Page 71 0. Pre-requisites • Subscriber accounting, the parent accounting record for service accounting, must be configured to enable the service accounting feature to work. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 72: Configuring Service Accounting
{list_name | default} {broadcast group Creates an accounting list for service accounting {group_name | radius} |group {group_name | radius} } Example: RP/0/RSP0/CPU0:router(config)# aaa accounting service l1 group srGroup1 Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 73 • Yes— Saves configuration changes and exits the configuration session. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 74: Statistics Infrastructure
The statsD is configured to poll feature statistics by default every 900 seconds (that is, every 15 minutes). Perform this task to change the default figure to either increase or decrease the polling interval. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x...
Page 75: Understanding Per-Vrf Aaa Function
The Per VRF AAA function allows authentication, authorization, and accounting (AAA) on the basis of virtual routing and forwarding (VRF) instances. This feature permits the Provider Edge (PE) or Virtual Home Gateway Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x...
Page 76: Radius Double-Dip Feature
RADIUS Attributes for Tunnel Protocol Support RFC-2869 RADIUS Extensions RFC-3575 IANA Considerations for RADIUS RFC-4679 DSL Forum Vendor-Specific RADIUS Attributes RFC-5176 Dynamic Authorization Extensions to RADIUS Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 77 Registered Cisco.com users can log in from this page to access even more content. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 78 Configuring Authentication, Authorization, and Accounting Functions Additional References Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 79: Activating Control Policy
The policy-map also defines the actions that will be performed during these events. However, these actions are performed only when certain conditions Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x...
Page 80: Creating Class-Map
The class-map is used to define traffic class. The traffic is classified based on match criteria defined in the class-map. The parameter for match criteria can be protocol, MAC address, input interface, access group, and so on. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 81: Configuring A Class-Map
Defines the match-criteria to be PPP protocol. More than one match statement can be applied per Note Example: class-map. RP/0/RSP0/CPU0:router(config-cmap)# match protocol Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 82: Creating Policy-Map
Like with a class-map, each policy-map is assigned a name for identification. The policy-map name is specified when activating the policy-map on the router interface. For creating a policy-map, see Configuring a Policy-Map, on page Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 83: Control Policy Events
Instead of disconnecting the subscriber, the service provider can perform a re-authentication. The re-authentication is done through a new account-logon by enabling HTTP Redirect feature on the subscriber. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 84: Configuring A Policy-Map
Associates a class-map with the event. The class-map name has to be specified. Example: Instructs that the actions will be performed until a failure occurs. RP/0/RSP0/CPU0:router(config-pmap-e)# class type control subscriber CL1 do-until-failure Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 85 • Cancel—Remains in the configuration mode, without committing the configuration changes. Configuring a Policy-Map: An example policy-map type control subscriber PL1 Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 86: Activating Policy-Map
Bundle-Ether100.10 Step 3 service-policy type control subscriber policy_name Applies a pre-defined policy-map named 'plmap1' to an access interface. Example: RP/0/RSP0/CPU0:router(config-if)# service-policy type control subscriber plmap1 Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 87: Defining Dynamic Templates
In the following sample configuration, the policy map downloads a service template from the AAA server. Radius Config: service1 Password="xxxxxx" Cisco-avpair = "ipv4:ipv4-unnumbered=Loopback400" Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 88: Additional References
MIBs Link To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: http://www.cisco.com/go/mibs Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 89 Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds. Access to most tools on the Cisco Support website requires a Cisco.com user ID and password. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 90 Activating Control Policy Additional References Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 91: Establishing Subscriber Sessions
To enable a subscriber access the network resources, the network has to establish a session with the subscriber. Each session establishment comprises of these phases: Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x...
Page 92 A port can contain multiple VLANs, each of which can support multiple subscribers. BNG creates subscriber interfaces for each kind of session. These interfaces Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x...
Page 93: Establishing Ipoe Session
IPoE relies on DHCP to assign IP address. A typical IPoE session is depicted in the following figure. Figure 5: IPoE Session Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 94: Enabling Ipv4 Or Ipv6 On An Access Interface
1. configure 2. interface type interface-path-id 3. arp learning disable 4. ipv4 unnumbered interface-type interface-instance 5. ipv6 enable 6. Use the commit or end command. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 95 • Yes— Saves configuration changes and exits the configuration session. • No—Exits the configuration session without committing the configuration changes. • Cancel—Remains in the configuration mode, without committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 96: Creating Dynamic Template For Ipv4 Or Ipv6 Subscriber Session
7. {ipv4 | ipv6}verify unicast source reachable-via rx 8. Use the commit or end command. DETAILED STEPS Command or Action Purpose Step 1 configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 97 (MTU). The range is from 68 to 65535 bytes. The MTU value defines the largest packet size that Example: can be transmitted during the subscriber session. RP/0/RSP0/CPU0:router(config-dynamic-template-type)# ipv4 mtu 678 RP/0/RSP0/CPU0:router(config-dynamic-template-type)# ipv6 mtu 548 Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 98 600 accounting aaa list default type session periodic-interval 60 dual-stack-delay 1 ipv6 mtu 678 ipv6 verify unicast source reachable-via rx Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 99: Creating A Policy-Map To Run During Ipoe Session
Configures the class to which the subscriber has to be matched. do-until-failure When there is a match, executes all actions until a failure is encountered. Example: RP/0/RSP0/CPU0:router(config-pmap-e)# class type control subscriber class-default do-until-failure Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 100: Enabling Ipoe Subscribers On An Access Interface
1 authorize aaa list default format RM_User password Cisco Enabling IPoE Subscribers on an Access Interface Perform this task to enable IPoE subscriber creation on an access interface. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 101 Disables arp learning for the access-interface. Example: RP/0/RSP0/CPU0:router(config-if)# arp learning disable Step 4 {ipv4 |ipv6} address {ipv4_address |ipv6_address} Sets the IPv4 address or an IPv6 address for an interface. ipsubnet_mask Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 102 Enables DHCP sourced IPoE subscriber creation on the access-interface that can also be combined with unclassified-source initiator. Example: RP/0/RSP0/CPU0:router(config-subif-ipsub-ipv4-l2conn)# initiator dhcp Example: RP/0/RSP0/CPU0:router(config-subif-ipsub-ipv6-l2conn)# initiator dhcp Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 103 Bundler-Ether400.12 arp learning disable ipv6 address 4444:34 service-policy type control subscriber PL4 encapsulation dot1q 40 ipsubscriber ipv6 l2-connected initiator dhcp initiator unclassified-source Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 104: Establishing Pppoe Session
BNG. The PPP PTA and PPP LAC sessions are explained in the sections, Provisioning PPP PTA Session, on page 93 Provisioning PPP LAC Session, on page 100. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 105: Provisioning Ppp Pta Session
As a result, the packets get forwarded based on the incoming interface mode. Creating PPPoE Profiles Perform this task to create PPPoE profiles. The PPPoE profile will later be applied to an access interface. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 106 • Cancel—Remains in the configuration mode, without committing the configuration changes. Creating PPPoE Profiles: An example configure pppoe bba-group bba_1 service name service_1 Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 107: Creating A Ppp Dynamic-Template
• Yes— Saves configuration changes and exits the configuration session. • No—Exits the configuration session without committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 108: Creating A Policy-Map To Run During Pppoe Session
8. sequence_number authenticate aaa list default 9. Use the commit or end command. DETAILED STEPS Command or Action Purpose Step 1 configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 109 Step 9 Use the commit or end command. commit—Saves the configuration changes and remains within the configuration session. end—Prompts user to take one of these actions: Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 110: Applying The Pppoe Configurations To An Access Interface
SUMMARY STEPS 1. configure 2. interface type interface-path-id 3. service-policy type control subscriber policy_name 4. pppoe enable bba-group bbagroup_name 5. Use the commit or end command. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 111 Applying the PPPoE Configurations to an Access Interface: An example configure interface Bundle-Ether100.10 service-policy type control subscriber PL1 pppoe enable bba-group bba_1 Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 112: Provisioning Ppp Lac Session
• Specifying the session-ID. See, Configuring L2TP Session-ID Commands, on page 112. • Defining specific settings for the L2TP class. See, Configuring L2TP Class Options, on page 114. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 113: L2Tp Reassembly On Lac
• Only IPv4 fragmented packets are reassembled • Only packets with two fragments are reassembled • The fragments must not overlap • The fragmented IP headers must not contain options Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 114: Enabling L2Tp Reassembly On Lac
• Yes— Saves configuration changes and exits the configuration session. • No—Exits the configuration session without committing the configuration changes. • Cancel—Remains in the configuration mode, without committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 115: L2Tp Access Concentrator Stateful Switchover
The L2TP Access Concentrator Stateful Switchover (LAC SSO) feature establishes one of the RPs as the active processor, designates the other RP as the standby processor, and then synchronizes critical state information between them. In specific Cisco networking devices that support dual RPs, LAC SSO takes advantage of RP redundancy to increase network availability.
Page 116 Displays L2TP redundancy related information. Example: RP/0/RSP0/CPU0:router# show l2tpv2 redundancy Step 8 Displays L2TP related mirroring statistics. show l2tpv2 redundancy mirroring Example: RP/0/RSP0/CPU0:router# show l2tpv2 redundancy mirroring Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 117: Enabling Rpfo On Process-Failures
RP/0/RSP0/CPU0:router(config)# l2tp nsr process-failures switchover Step 3 vpdn Enters vpdn configuration mode. Example: RP/0/RSP0/CPU0:router(config)# vpdn Step 4 redundancy Enters vpdn redundancy configuration mode. Example: RP/0/RSP0/CPU0:router(config-vpdn)# redundancy Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 118: Configuring The Vpdn Template
5. caller-id mask-method remove match match_substring 6. dsl-line-info-forwarding 7. ip tos type_of_service_value 8. vpn id value 9. vpn vrf vrf_name 10. Use the commit or end command. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 119 Specifies tunnel for a vpn and configures the vpn id with the value 3333:33. The value ranges from Example: 0-ffffff in hexadecimal. RP/0/RSP0/CPU0:router(config-vpdn-temp)# vpn id 3333:33 Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 120: Configuring Maximum Simultaneous Vpdn Sessions
Configuring Maximum Simultaneous VPDN Sessions Perform this task to configure the maximum simultaneous vpdn sessions for session limiting per tunnel: Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 121 • Cancel—Remains in the configuration mode, without committing the configuration changes. Configuring Maximum Simultaneous VPDN Sessions: An example configure vpdn session-limit 200 Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 122: Activating Vpdn Logging
RP/0/RSP0/CPU0:router(config-vpdn)# logging cause RP/0/RSP0/CPU0:router(config-vpdn)# logging tunnel-drop Step 4 Enables logging of VPDN failure events to the history failure history failure table. Example: RP/0/RSP0/CPU0:router(config-vpdn)# history failure Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 123: Configuring Options To Apply On Calling Station Id
ID (LLID) used to make the connection on the LAC, or the MAC address of the PC connecting to the network. SUMMARY STEPS 1. configure 2. vpdn 3. caller-id mask-method remove match match_name 4. Use the commit or end command. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 124: Configuring L2Tp Session-Id Commands
Configuring Options to Apply on Calling Station ID: An example configure vpdn //or vpdn template caller-id mask-method remove match match_call Configuring L2TP Session-ID Commands Perform this task to configure L2TP session-id commands. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 125 • Cancel—Remains in the configuration mode, without committing the configuration changes. Configuring L2TP Session-ID Commands: An example configure vpdn l2tp session-id space hierarchical Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 126: Configuring L2Tp Class Options
Disable options enables or disables the L2TP tunnel authentication. Example: RP/0/RSP0/CPU0:router(config-l2tp-class)# authentication disable Step 4 congestion control Enables L2TP congestion control. Example: RP/0/RSP0/CPU0:router(config-l2tp-class)# congestion control Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 127 Example: RP/0/RSP0/CPU0:router(config-l2tp-class)# timeout no-user RP/0/RSP0/CPU0:router(config-l2tp-class)# retransmit setup 60 Step 11 tunnel accounting accounting_method_list_name Configures the AAA accounting method list name. Example: RP/0/RSP0/CPU0:router(config-l2tp-class)# tunnel accounting acc_tunn Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 128: Configuring Softshut For Vpdn
Configuring Softshut for VPDN Perform this task to configure softshut for vpdn. SUMMARY STEPS 1. configure 2. vpdn 3. softshut 4. Use the commit or end command. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 129: Pppoe Smart Server Selection
When establishing a PPPoE session in a multi-BNG setup, the clients broadcast their PADI messages to all BNGs. When the BNGs reply with a PADO message, the subscriber selects a BNG, and sends a PADR Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x...
Page 130: Configuring Pado Delay
• pado delay remote-id {delay | {string | contains} string delay} • pado delay service-name {string | contains} string delay 4. Use the commit or end command. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 131 • Yes— Saves configuration changes and exits the configuration session. • No—Exits the configuration session without committing the configuration changes. • Cancel—Remains in the configuration mode, without committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 132: Pppoe Session Limit And Throttle
3. sessions {access-interface | circuit-id | circuit-id-and-remote-id | inner-vlan | {{mac | mac-iwf} [access-interface] }} | max | outer-vlan | remote-id | vlan} limit limit-count [threshold threshold-count] 4. Use the commit or end command. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 133 Configuring PPPoE Session Limit: An example configure pppoe bba-group bba1 sessions circuit-id limit 8000 threshold 7500 sessions access-interface limit 1000 sessions mac access-interface limit 5000 threshold 900 Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 134: Pppoe Session Throttle
{access-interface}} | outer-vlan | remote-id | vlan} throttle request-count request-period blocking-period 4. Use the commit or end command. DETAILED STEPS Command or Action Purpose Step 1 configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 135 Configuring PPPoE Session Throttle: An example configure pppoe bba-group bba1 sessions circuit-id throttle 1000 50 25 sessions mac-iwf access-interface throttle 5000 100 50 Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 136: Making Dhcp Settings
Aggregation Services Router IP Addresses and Services Configuration Guide. For a complete list of DHCP commands supported on ASR9K router, refer to the DHCP Commands chapter in the Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Command Reference.
Page 137: Enabling Dhcp Proxy
◦ Specifying remote-ID. The remote-ID is used by the proxy to identify the host that had sent the DHCP request. To define a remote-id within a proxy profile, see Configuring a Remote-ID, on page 128. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 138: Configuring Dhcp Ipv4 Profile Proxy Class
Step 5 Use the commit or end command. commit—Saves the configuration changes and remains within the configuration session. end—Prompts user to take one of these actions: Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 139: Configuring A Circuit-Id For An Interface
Command or Action Purpose Step 1 configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 2 Enters DHCP IPv4 configuration submode. dhcp ipv4 Example: RP/0/RSP0/CPU0:router(config)# dhcp ipv4 Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 140: Configuring A Remote-Id
Perform this task to configure a remote-ID. SUMMARY STEPS 1. configure 2. dhcp ipv4 3. profile profile-name proxy 4. relay information option remote-id value 5. Use the commit or end command. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 141 • Cancel—Remains in the configuration mode, without committing the configuration changes. Configuring a Remote-ID: An example configure dhcp ipv4 profile profile1 proxy relay information option remote-id 9 Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 142: Configuring The Client Lease Time
• Yes— Saves configuration changes and exits the configuration session. • No—Exits the configuration session without committing the configuration changes. • Cancel—Remains in the configuration mode, without committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 143: Attaching A Proxy Profile To An Interface
RP/0/RSP0/CPU0:router(config-dhcpv4)# interface Bundle-Ether 344 proxy profile profile1 Step 4 Use the commit or end command. commit—Saves the configuration changes and remains within the configuration session. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 144: Specifying Dhcp Lease Limit
Circuit-ID for which the lease limit is applied. To specify the lease limit, see these procedures: • Specifying the Lease Limit for a Circuit-ID, on page 133 Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 145: Specifying The Lease Limit For A Circuit-Id
• Yes— Saves configuration changes and exits the configuration session. • No—Exits the configuration session without committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 146: Specifying The Lease Limit For A Remote-Id
Enters the IPv4 DHCP configuration mode. Example: RP/0/RSP0/CPU0:router(config)# dhcp ipv4 Step 3 profile profile-name proxy Creates a DHCP profile. Example: RP/0/RSP0/CPU0:router(config-dhcpv4)# profile profile1 proxy Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 147: Specifying The Lease Limit For An Interface
Perform this task to specify the lease limit for each interface. SUMMARY STEPS 1. configure 2. dhcp ipv4 3. profile profile-name proxy 4. limit lease per-interface value 5. Use the commit or end command. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 148 • Cancel—Remains in the configuration mode, without committing the configuration changes. Specifying the Lease Limit for an Interface: An example configure dhcp ipv4 profile profile1 proxy limit lease per-interface 2400 Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 149: Understanding Dhcp Option-82
82 information in a received message from the first relay agent, if it is also configured to add its own option 82 information. This configuration allows the DHCP server to use option 82 information from both the relay agents. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 150: Configuring Dhcpv4 Class Of Service (Cos)
Neighbor Discovery (ND). For more information about Neighbor Discovery (ND), refer to the "Implementing Network Stack IPv4 and IPv6" section in the Cisco IOS XR IP Addresses and Services Configuration Guide. Restrictions • DHCPv6 Proxy supports to a maximum of eight external DHCPv6 servers per proxy profile.
Page 151: Dhcpv6 Server And Dhcpv6 Proxy
Perform this task to enable DHCPv6 for different configuration modes such as global, server profile, proxy profile configuration modes, and server profile class and proxy profile class sub-configuration modes. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x...
Page 152 RP/0/RSP0/CPU0:router(config-dhcpv6)# profile my-server-profile server Step 4 class class-name Defines a class in a server profile and enters the server profile class sub-mode. Example: RP/0/RSP0/CPU0:router(config-dhcpv6-server-profile)# class server-green Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 153 Step 12 link-address ipv6_address Specifies the IPv6 address to be filled in the link-address field of the Relay Forward message. Example: RP/0/RSP0/CPU0:router(config-dhcpv6)# link-address 5:6::78 Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 154 • Cancel—Remains in the configuration mode, without committing the configuration changes. Enabling DHCPv6 for Different Configuration Modes: An example configure dhcp ipv6 profile my-server-profile server Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 155: Setting Up Dhcpv6 Parameters
9. address-pool address-pool-name 10. Use the commit or end command. DETAILED STEPS Command or Action Purpose Step 1 configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 156 Example: RP/0/RSP0/CPU0:router(config-dhcpv6-server-profile-class)# address-pool my-server-address-pool Step 10 Use the commit or end command. commit—Saves the configuration changes and remains within the configuration session. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 157: Dhcpv6 Features
When a card is inserted, power is available on the card, and it initializes itself to start being operational. DHCPv6 bindings are not affected by Linecard OIR. Note Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 158: Dhcpv6 Prefix Delegation
Configuring IPv6 IPoE Subscriber Interface Perform this task to configure IPoE subscriber interface. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 159: 11. Prefix-Pool Pool_Name
33. interface type interface-path-id 34. ipv4 address ipv4_address 35. ipv6 address ipv6_address 36. ipv6 enable 37. service-policy type control subscriber name 38. ipsubscriber ipv6 l2-connected 39. initiator dhcp Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 160: Example
• Yes— Saves configuration changes and exits the configuration session. • No—Exits the configuration session without committing the configuration changes. • Cancel—Remains in the configuration mode, without committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 161 Step 15 interface type interface-path-id proxy profile profile_name Associates a DHCPv6 proxy configuration profile to an IPv6 interface. Example: RP/0/RSP0/CPU0:router(config-dhcpv6)# interface Bundle-Ether1.1 proxy profile foo Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 162 Step 23 Use the commit or end command. commit—Saves the configuration changes and remains within the configuration session. end—Prompts user to take one of these actions: Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 163 Activates actions related to dynamic template. dynamic-template_name Example: RP/0/RSP0/CPU0:router(config-pmap-c)# 20 activate dynamic-template dhcpv6_temp Step 31 Configures the end policy map. end-policy-map Example: RP/0/RSP0/CPU0:router(config-pmap-c)# end-policy-map Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 164 Step 38 Enables l2-connected IPv6 subscriber. ipsubscriber ipv6 l2-connected Example: RP/0/RSP0/CPU0:router(config-if)# ipsubscriber ipv6 l2-connected Step 39 initiator dhcp Configures IPv6 subscriber initiator. Example: RP/0/RSP0/CPU0:router(config-if-ipsub-ipv6-l2conn)# initiator dhcp Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 165 20 activate dynamic-template dhcpv6_temp configure Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 166: Ipv6 Pppoe Subscriber Support
For more information, see Configuring IPv6 PPPoE Subscriber Interfaces, on page 154. Configuring IPv6 PPPoE Subscriber Interfaces Perform this task to configure PPPoE subscriber interfaces. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 167 29. ipv6 enable 30. service-policy type control subscriber name 31. encapsulation dot1q 801 32. ipsubscriber ipv6 l2-connected 33. initiator dhcp 34. Use the commit or end command. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 168 • Yes— Saves configuration changes and exits the configuration session. • No—Exits the configuration session without committing the configuration changes. • Cancel—Remains in the configuration mode, without committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 169 • Yes— Saves configuration changes and exits the configuration session. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 170 Step 23 class type control subscriber name do-all Configures the policy event with the match-first criteria. Example: RP/0/RSP0/CPU0:router(config-pmap)# class type control subscriber pta_class do-all Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 171 Associates a subscriber control service policy to the interface. Example: RP/0/RSP0/CPU0:router(config-if)# service-policy type control subscriber ipoe1 Step 31 encapsulation dot1q 801 Enables encapsulated 802.1Q VLAN configuration. Example: RP/0/RSP0/CPU0:router(config-if)# encapsulation dot1q Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 172 24 activate dynamic-template v6_test1 end-policy-map policy-map type control subscriber POLICY1 Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 173: Ambiguous Vlan Support
Configuring Ambiguous VLANs, on page 161. Configuring Ambiguous VLANs Perform this task to configure ambiguous vlans. There is no DHCP-specific configuration required for ambiguous VLANs. Note Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 174: Command Or Action
{ any | vlan-range } deployments. • encapsulation ambiguous dot1q any second-dot1q { any | vlan-id } • encapsulation ambiguous dot1ad vlan-id dot1q { any | vlan-range } Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 175 • Yes— Saves configuration changes and exits the configuration session. • No—Exits the configuration session without committing the configuration changes. • Cancel—Remains in the configuration mode, without committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 176: Dhcpv6 Address Or Prefix Pool
9. type ipsubscriber dynamic-template_name 10. dhcpv6 address-pool pool-name 11. Use the commit or end command. 12. ipv6 nd framed-prefix-pool pool-name 13. Use the commit or end command. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 177 Step 8 Use the commit or end command. commit—Saves the configuration changes and remains within the configuration session. end—Prompts user to take one of these actions: Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 178 • Yes— Saves configuration changes and exits the configuration session. • No—Exits the configuration session without committing the configuration changes. • Cancel—Remains in the configuration mode, without committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 179: Dhcpv6 Dual-Stack Lite Support
Perform this task to configure AFTR fully qualified domain name for DS-Lite. SUMMARY STEPS 1. configure 2. dhcp ipv6 3. profile server_profile_name server 4. aftr-name aftr_name 5. Use the commit or end command. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 180: Commit-Saves The Configuration Changes And Remains
• Cancel—Remains in the configuration mode, without committing the configuration changes. Configuring AFTR Fully Qualified Domain Name for DS-Lite: An example configure dhcp ipv6 profile my-server-profile server aftr-name aftr-server.example.com Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 181: Vrf Awareness In Dhcpv6
Step 5 Use the commit or end command. commit—Saves the configuration changes and remains within the configuration session. end—Prompts user to take one of these actions: Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 182: Packet Handling On Subscriber Interfaces
• various ping options such as type of service, DF set, and verbose BNG also supports receiving a ping request from both IPv4 and IPv6 subscribers. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x...
Page 183 BNG does not support fragmentation of packets destined to the PPPoE or IP subscriber interfaces. Caution In Cisco IOS XR, fragmentation is handled by linecard (LC) CPU or route processor (RP) CPU. All packets requiring fragmentation are policed by local packet transport service (LPTS), to a maximum of 2500 packets per second (pps) for each network processing unit (NPU).
Page 184: Ipv6 Neighbor Discovery
Title RFC-1332 The PPP Internet Protocol Control Protocol (IPCP) RFC-1570 PPP LCP Extensions RFC-1661 The Point-to-Point Protocol (PPP) RFC-1994 PPP Challenge Handshake Authentication Protocol (CHAP) Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 185 Registered Cisco.com users can log in from this page to access even more content. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 186 Establishing Subscriber Sessions Additional References Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 187: Deploying The Quality Of Service (Qos)
As a result, priority applications get the resources they require, while other applications access the network, simultaneously. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 188: Configuring Service-Policy And Applying Subscriber Settings Through Radius
Configuring Service-policy and Applying Subscriber Settings Through RADIUS Perform this task to deploy the QoS policy using CLI commands. In this task, subscriber settings are applied from the RADIUS server. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 189 Configures the policy-map for the type qos. Example: RP/0/RSP0/CPU0:router(config)# policy-map type qos q_out Step 6 class class-default Configures or modifies the parent class-default class. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 190: Configuring Service-Policy And Applying Subscriber Settings Through Dynamic Template
Configuring Service-policy and Applying Subscriber Settings Through Dynamic Template Perform this task to deploy the QoS policy using CLI commands. In this task, subscriber settings are applied using a dynamic template. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 191 The q_in and q_out policy maps are parent Note Example: policy maps. RP/0/RSP0/CPU0:router(config)# policy-map type qos q_out Step 6 class class-default Configures or modifies the parent class-default class. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 192 Configuring Subscriber Policy through CLI and Applying to Subscriber through Dynamic-Template: Examples configure policy-map type qos q_in // policy-map input direction class class-default Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 193: Parameterized Qos
VSAs downloaded for that subscriber from the RADIUS server automatically modifies the already applied policy. For deploying a Parameterized QoS policy from the RADIUS server, see Configuring Parameterized QoS Policy Through RADIUS, on page 187. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 194: Parameterized Qos Syntax
<conform-burst-in-kBytes>, <exceed-rate-in-kbps>, <exceed-burst-in-kbytes>, <conform-action>, <exceed-action>, <violate-action>) CLI Equivalent police rate <conform-rate> <kbps> burst <conform-burst> <kbps> peak-rate <exceed-rate> exceed-burst <exceed-burst> conform-action <action> exceed-action <action> violate-action <action> Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 195 QoS Action Police-rpct(<conform-rate-in-pct> percentage (Variant 2) CLI Equivalent police rate percentage <pct> RADIUS qos-policy-in:add-class(sub,(class-default, voip), police-rpct(20) ) Equivalent - Example Set IP QoS Action set-ip-prec(<precedence>) Precedence Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 196 <pct> RADIUS qos-policy-out:add-class(sub,(class-default,voip),bw-rpct(33)) Equivalent - Example Set IP DSCP QoS Action set-ip-dscp(<dscp-val>) CLI Equivalent Set dscp <dscp-val> RADIUS qos-policy-out:add-class(sub,(class-default,voip), set-ip-dscp(46)) Equivalent - Example Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 197 25000, 35000)) Example Set qos group QoS Action set-qos-grp(<group-val>) CLI Equivalent set qos-group <qos-group-val> RADIUS qos-policy-out:add-class(sub,(class-default,voip), set-qos-grp (24)) Equivalent - Example Priority Level QoS Action pri-level(<priority-level>) Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 198 RADIUS qos-policy-out:add-class(sub,(class-default,voip), set-tunnel-prec(4)) Equivalent - Example Set Tunnel QoS Action set-tunnel-dscp (<dscp-val>) DSCP CLI Equivalent set dscp tunnel <dscp-val> RADIUS qos-policy-out:add-class(sub,(class-default,voip), set-tunnel-dscp(4)) Equivalent - Example Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 199: Configuring Parameterized Qos Policy Through Radius
Command or Action Purpose Step 1 Cisco-AVPair = "ip:qos-policy-in=add-class(sub, Configures the cisco-avpair class-map in input (class-default),police(2000))" direction for police action parameter. Example: Cisco-AVPair = "ip:qos-policy-in=add-class(sub, (class-default),police(2000))" Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 200 Cisco-AVPair+= "ip:qos-policy-out=add-class(sub, Configures the cisco-avpair class-map in output (class-default,video_out),queue-limit-us(30000), shape(2000))" direction for the queue-limit-us and the shape action parameters. Example: Cisco-AVPair = "ip:qos-policy-out=add-class(sub, (class-default,video_out),queue-limit-us(30000), shape(2000))" Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 201: Modifying Service Policy Through Coa
The Web Portal or Radius server that supports CoA should be configured to generate a CoA request with Note Cisco VSA corresponding to the steps in this task. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 202 1 police rate 10000 kbps burst 16 kbytes class data shape average 80000 kbps class class-default end-policy-map policy-map __sub_5e311c4f class class-default service-policy __sub_5e311c4f_child1 Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 203: Qos Accounting
Encapsulation2 snap-pppoa AAL5 PPPoA LLC (1) mux-pppoa AAL5 PPPoA Null (2) snap-1483routed AAL5 Untagged Ethernet IPoA LLC (3) mux-1483routed AAL5 Untagged Ethernet IPoA NULL (4) Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 204: Configuring Qos Accounting
5. exit 6. Use the commit or end command. DETAILED STEPS Command or Action Purpose Step 1 configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 205 • No—Exits the configuration session without committing the configuration changes. • Cancel—Remains in the configuration mode, without committing the configuration changes. Configuring QoS Accounting: An example configure Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 206: Support For Shared Policy Instance
• SPI is not supported for Parameterized QoS (PQoS). In a PQoS configuration, if there exists a SPI name, then it is ignored. • SPI modified through CoA is not supported on subscribers. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 207: Configuring A Policy With Spi In The Input Or Output Direction Using Dynamic Template
This example configures a traffic policy for the default Example: class of the traffic policy policy1. The default class is named RP/0/RSP0/CPU0:router(config-pmap)# class class-default. class-default Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 208 • Yes— Saves configuration changes and exits the configuration session. • No—Exits the configuration session without committing the configuration changes. • Cancel—Remains in the configuration mode, without committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 209 1024 kbps dynamic-template type ppp PTA_TEMPLATE_1 service-policy input policy1 shared-policy-instance spi_1 service-policy output policy1 shared-policy-instance spi_2 Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 210: Configuring A Policy With Spi In The Input Or Output Direction Using Radius
Attaches a policy map to an input or output interface. Example: RP/0/RSP0/CPU0:router(config-pmap-c)# service-policy policy1_child Step 5 Use the commit or end command. commit—Saves the configuration changes and remains within the configuration session. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 211 Configuring a Policy with SPI in the Input or Output Direction Using RADIUS: Example configure policy-map policy1 class class-default service-policy policy1_child Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 212: Merging Qos Policy-Maps
(as it is) as the child policy under the default class of the merged policy. Child policies under classes other than the default class are never merged together. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x...
Page 213: Enabling Policy-Maps Merge
QoS1 merge 10 RP/0/RSP0/CPU0:router(config-dynamic-template-type)# service-policy output QoS2 merge 20 Step 5 Use the commit or end command. commit—Saves the configuration changes and remains within the configuration session. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 214 100 ms 200 ms set cos 5 class class-default shape average percent 20 set cos 7 end-policy-map policy-map type qos voip-policy-out class class-default service-policy voip-policy-child-out Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 215 2 random-detect 100 ms 200 ms class critical-data bandwidth percent 90 set cos 3 queue-limit 500 ms class best-effort-data shape average percent 50 Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 216: Qos Features Supported On Bng
100 ms 200 ms set cos 5 class class-default shape average percent 20 set cos 7 end-policy-map QoS Features Supported on BNG BNG supports these QoS features: Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 217 The classification of an incoming L2TP packet on the ingress core side interface is always based on the outer IP fields even if the packet arrives with an MPLS tag stack. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x...
Page 218 COS value, then a PPP command is provided to impose the core-side header based on the set trusted-COS. Thus, this ensures the priority treatment of these control packets in the network. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x...
Page 219 Flat – class-default only. 2 level, with parent class-default only and child any classification. Subscriber CLI/XML Dynamic-Template 2 level, with parent class-default only and child any classification. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 220: Vlan Policy On Access Interface
BNG supports ingress and egress VLAN policies on an access-interface. Unlike as in the case of S-VLAN (subscriber-parent) policy, the access-interface VLAN policy is not inherited by the session policy. The VLAN Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x...
Page 221: Configuring Policy On S-Vlan
• Removal of S-VLAN policy is rejected, if subscriber policies are present under that S-VLAN. SUMMARY STEPS 1. configure 2. interface type 3. service-policy output name subscriber-parent 4. Use the commit or end command. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 222: Configuring Vlan Policy On An Access Interface
Configuring VLAN Policy on an Access Interface Perform this task to apply an ingress and egress QoS VLAN policy on an access interface. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 223 • Yes— Saves configuration changes and exits the configuration session. • No—Exits the configuration session without committing the configuration changes. • Cancel—Remains in the configuration mode, without committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 224: Additional References
Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds. Access to most tools on the Cisco Support website requires a Cisco.com user ID and password. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 225: Configuring Subscriber Features
"bad actor" device greatly exceeds that of other devices, most of the other devices do not get any of their control packets through to the router. The Excessive Punt Flow Trap feature addresses this situation. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x...
Page 226 CPU. If one remote device sends an excessive rate of ICMP traffic and is trapped, then ICMP traffic from that bad actor is policed at 10 pps. The remaining (non-bad) remote devices continue to use the static 1500 pps queue for ICMP. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 227: Enabling Excessive Punt Flow Trap Processing
3. lpts punt excessive-flow-trap non-subscriber-interfaces 4. lpts punt excessive-flow-trap penalty-rate protocol penalty_policer_rate 5. lpts punt excessive-flow-trap penalty-timeout protocol time 6. Use the commit or end command. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 228 • Yes— Saves configuration changes and exits the configuration session. • No—Exits the configuration session without committing the configuration changes. • Cancel—Remains in the configuration mode, without committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 229: Access Control List And Access Control List-Based Forwarding
2. {ipv4 | ipv6} access-list access-list-name 3. sequence-number permit tcp any any 4. sequence-number permit {ipv4 | ipv6} host source_address nexthop source_address destination_address 5. Use the commit or end command. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 230 • Yes— Saves configuration changes and exits the configuration session. • No—Exits the configuration session without committing the configuration changes. • Cancel—Remains in the configuration mode, without committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 231: Activating Acl
Enters the dynamic-template configuration mode. Example: RP/0/RSP0/CPU0:router(config)# dynamic-template Step 3 type{ipsubscriber |ppp |service} dynamic-template-name Creates a service dynamic-template type. Example: RP/0/RSP0/CPU0:router(config-dynamic-template)# type service foo Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 232: Support For Lawful Intercept
(SPs) and Internet service providers (ISPs) to implement their networks to explicitly support authorized electronic surveillance. The types of SPs or ISPs that are subject to Lawful Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x...
Page 233: Per-Session Lawful Intercept
It is recommended that legal advice be sought to determine obligations. By default, Lawful Intercept is not a part of the Cisco IOS XR software. To enable Lawful Intercept, you Note must install and activate the asr9k-li-px.pie.
Page 234: Disabling Snmp-Based Lawful Intercept
• CISCO-TAP2-MIB—Used for lawful intercept processing. It contains SNMP management objects that control lawful intercepts on a Cisco ASR 9000 Series Router. The mediation device uses the MIB to configure and run lawful intercepts on targets sending traffic through the Cisco ASR 9000 Series Router.
Page 235: Configuring The Inband Management Plane Protection Feature
MPP must be configured specifically as an inband interface to allow SNMP commands to be accepted by the router, using a specified interface or all interfaces. Ensure this task is performed, even if you have recently migrated to Cisco IOS XR Software from Cisco Note IOS, and you had MPP configured for a given protocol.
Page 236: Command Or Action
• Passwords must be eight characters or longer to comply with SNMPv3 security minimums. • Minimum Lawful Intercept security level is auth; The noauth option will not work, as it indicates noAuthnoPriv security level. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 237: Step 5 Use The Commit Or End Command
TapGroup v3 auth read TapView write TapView notify TapView snmp-server host 223.255.254.224 traps version 3 auth bgreen udp-port 2555 snmp-server mduser-id TapGroup v3 auth md5 mdpassword Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 238: Radius-Based Lawful Intercept
6. client hostname{ vrf vrf_name | server-key [0|7] word } 7. Use the commit or end command. DETAILED STEPS Command or Action Purpose Step 1 configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 239 • Cancel—Remains in the configuration mode, without committing the configuration changes. Enabling RADIUS-based Lawful Intercept: An example configure aaa intercept aaa server radius dynamic-author port 1600 Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 240: Tcp Mss Adjustment
When the HTTP server picks up a large file, it segments it into 1460 byte chunks (assuming that there are no http headers for now). When the HTTP server sends the packet, the first Cisco ASR 9000 Series Router (on the right) detects that the MTU is 576 downstream to the client and requires a 1300 byte packet to be fragmented.
Page 241: Configuring The Tcp Mss Value Of Tcp Packets
Configuring the TCP MSS Value of TCP Packets Perform this task to configure the TCP MSS value of TCP packets in order to prevent TCP sessions from being dropped. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 242: Yes- Saves Configuration Changes And Exits
• Yes— Saves configuration changes and exits the configuration session. • No—Exits the configuration session without committing the configuration changes. • Cancel—Remains in the configuration mode, without committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 243 1280 // Example for configuring the TCP MSS value of TCP packets for a PPPoE LAC subscriber session: configure vpdn l2tp tcp-mss-adjust 1460 Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 244: Subscriber Session On Ambiguous Vlans
4. ipv4 | ipv6address source-ip-address destination-ip-address 5. service-policy type control subscriber policy_name 6. ipsubscriber ipv4 l2-connected 7. initiator dhcp 8. Use the commit or end command. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 245 Applies a policy-map to an access interface where the policy-map was previously defined with the specified PL1 policy_name. Example: RP/0/RSP0/CPU0:router(config-if)# service-policy type control subscriber PL1 Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 246: Urpf
MAC address. The uRPF check ensures that the source IP address is the one allocated by DHCP to the source MAC address. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x...
Page 247: Multicast Services
On BNG, the multicast services coexist with regular unicast services. The multicast feature on BNG is the same as the existing L3 multicast feature already supported on the Cisco ASR 9000 Series Routers. On BNG, multicast is enabled on the trunk interfaces, and the VLANs created over physical interfaces and bundles.
Page 248: Multicast Replication
This feature is configured on BNG that forwards the unicast traffic to the subscriber. Based on the IGMP reports received, BNG informs the unicast QoS shaper Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x...
Page 249: Configuring Minimum Unicast Bandwidth
Specifies the type of dynamic template that needs Example: to be applied. Three available types are: RP/0/RSP0/CPU0:router(config-dynamic-template)# type ppp • PPP • IP-subscriber • Service Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 250: Configuring Multicast Hqos Correlation Mode Or Passive Mode
PPPoE interfaces. SUMMARY STEPS 1. configure 2. dynamic-template 3. type ppp dynamic-template name 4. multicast ipv4 <qos-correlation | passive> 5. Use the commit or end command. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 251: Igmp To Unicast Qos Shaper Correlation
The Unicast QoS Shaper correlation feature configures the bandwidth profiles for the multicast flows and allows the IGMP messages to derive the multicast bandwidth usage for each subscriber. On the PPPoE Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x...
Page 252: Configuring The Igmp To Hqos Correlation Feature In A Vrf
Configures the time before downloading a batch of interfaces to IGMP QoS shaper for subscriber unicast traffic. The download interval time ranges from 10 to 500 milliseconds. Example: RP/0/RSP0/CPU0:router(config-igmp)# unicast-qos-adjust download-interval 10 Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 253: Configuring Route-Policy For Unicast Qos Shaper
10 unicast-qos-adjust holdoff 5 vrf vrf1 traffic profile routepolicy1 Configuring route-policy for Unicast QoS Shaper Perform this task to configure route-policy for unicast QoS shaper. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 254 • Yes— Saves configuration changes and exits the configuration session. • No—Exits the configuration session without committing the configuration changes. • Cancel—Remains in the configuration mode, without committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 255: Configuring Igmp Parameters For Subscriber Interfaces
2. dynamic-template 3. type ppp dynamic-template name 4. igmp explicit-tracking 5. igmp query-interval value 6. igmp query-max-response-time query-response-value 7. Use the commit or end command. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 256 • Yes— Saves configuration changes and exits the configuration session. • No—Exits the configuration session without committing the configuration changes. • Cancel—Remains in the configuration mode, without committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 257: Igmp Accounting
Perform this task to configure the IGMP accounting. SUMMARY STEPS 1. configure 2. router igmp 3. accounting [ max-history ] days 4. Use the commit or end command. 5. show igmp interface Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 258 Step 5 (Optional) Displays IGMP interface information. show igmp interface Example: RP/0/RSP0/CPU0:router# show igmp interface Configuring IGMP Accounting: An example configure router igmp accounting max-history 45 Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 259: Daps Support
4. pool vrf vrf-name ipv4 ipv4-pool-name{address-range address-range} 5. Use the commit or end command. DETAILED STEPS Command or Action Purpose Step 1 configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 260: Creating A Configuration Pool Submode
Creating a Configuration Pool Submode Perform this task to create and enable an IPv6 configuration pool submode for a default VRF and for a specific VRF. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 261 Creates the IPv6 pool name for a specific VRF and enters the pool IPv6 configuration submode. Example: RP/0/RSP0/CPU0:router(config)# pool vrf vrf1 ipv6 pool1 Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 262: Configuring The Subnet Number And Mask For An Address Pool
2. pool vrf vrf_name ipv6 ipv6-pool-name 3. prefix-length value 4. network subnet 5. utilization-mark high value low value 6. exclude low_ip_address high_ip_address 7. Use the commit or end command. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 263 • Yes— Saves configuration changes and exits the configuration session. • No—Exits the configuration session without committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 264: Specifying A Range Of Ipv6 Addresses
Creates the IPv6 pool name for a specific VRF and enters the pool IPv6 configuration submode. Example: RP/0/RSP0/CPU0:router(config)# pool vrf vrf1 ipv6 addr_vrf Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 265: Specifying A Utilization Threshold
2. pool vrf vrf_name ipv6 ipv6-pool-name 3. prefix-length value 4. network subnet 5. utilization-mark high value low value 6. Use the commit or end command. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 266 • No—Exits the configuration session without committing the configuration changes. • Cancel—Remains in the configuration mode, without committing the configuration changes. Specifying a Utilization Threshold: An example configure Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 267: Specifying The Length Of The Prefix
Step 5 Use the commit or end command. commit—Saves the configuration changes and remains within the configuration session. end—Prompts user to take one of these actions: Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 268: Specifying A Set Of Addresses Or Prefixes Inside A Subnet
6. exclude low_ip_address high_ip_address 7. Use the commit or end command. DETAILED STEPS Command or Action Purpose Step 1 configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 269 • Yes— Saves configuration changes and exits the configuration session. • No—Exits the configuration session without committing the configuration changes. • Cancel—Remains in the configuration mode, without committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 270: Http Redirect Using Pbr
• HTTPS is not supported. • Destination URL-based classification is not supported. The process of configuring HTTPR involves these stages: Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 271: Identifying Http Destinations For Redirection
Identifying HTTP Destinations for Redirection Perform this task to define access lists that identify http destinations that require redirection or are part of an open garden: Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 272 Step 2 {ipv4 | ipv6}access-list redirect_acl_name Enters either IPv4 or IPv6 access list configuration mode and configures the named access list. Example: RP/0/RSP0/CPU0:router(config)# ipv4 access-lists redirect_acl Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 273 Do one of the following: Specifies one or more conditions allowed or denied in IPv4 access list open_garden_acl. • [ sequence-number]{permit | deny} source source-wildcard destination destination-wildcard Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 274 10 permit tcp any any syn eq www 20 permit tcp any any ack eq www 30 permit tcp any any eq www ipv4 access-group <allow-acl> Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 275: Configuring Class Maps For Http Redirection
7. end-class-map 8. Use the commit or end command. DETAILED STEPS Command or Action Purpose Step 1 configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 276 • Yes— Saves configuration changes and exits the configuration session. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 277: Configuring Policy Map For Http Redirect
Identifying HTTP Destinations for Redirection, on page 259 Configuring Class Maps for HTTP Redirection, on page 263 have to be completed before performing the configuration of the policy-map for HTTPR. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 278 The open garden acl name provided in this step Note is the one configured in the configuration step RP/0/RSP0/CPU0:router(config-pmap)# class type mentioned in the prerequisites. traffic RCL1 Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 279 Configuring Policy Map for HTTP Redirect: An example configure policy-map type pbr <http-redirect-policy> class type traffic <open-garden-class> transmit class type traffic <http-redirect-class> http-redirect <redirect-url> class class-default drop end-policy-map Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 280: Configuring Dynamic Template For Applying Httpr Policy
Step 4 Use the commit or end command. commit—Saves the configuration changes and remains within the configuration session. end—Prompts user to take one of these actions: Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 281: Configuring Web Logon
<http-redirect-policy> Configuring Web Logon Perform this task to configure Web Logon. As an example, a timer defines the maximum time permitted for authentication. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 282 IP_UNAUTH_COND Step 3 match timer name Configures a match criteria for the class along with timer details. Example: RP/0/RSP0/CPU0:router(config-cmap)# match timer AUTH_TIMER Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 283 Configures the class to which the subscriber is to be matched. When there is a match, execute all actions that follow, until a failure is encountered. Example: RP/0/RSP0/CPU0:router(config-pmap-e)# class type control subscriber class-default do-until-failure Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 284 • Yes— Saves configuration changes and exits the configuration session. • No—Exits the configuration session without committing the configuration changes. • Cancel—Remains in the configuration mode, without committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 285: Additional References
MIBs Link To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: http://www.cisco.com/go/mibs Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 286 Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds. Access to most tools on the Cisco Support website requires a Cisco.com user ID and password. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 287: Xml Support For Bng Features
Most BNG features, such as AAA, DHCP, Policy Plane, PPPoE, DAPS, and Subscriber Database support XML based router configuration. The Cisco XML API can be used to configure routers or request information about configuration, management, and operation of the routers. For details about using the Cisco XML API, see the latest release of Cisco IOS XR XML API Guide listed at http://www.cisco.com/en/US/products/ps9853/...
Page 288 AAA.RADIUS.DynamicAuthorization.ClientTable.Client.ServerKey dynamic-author client <ip-address> vrf <vrf-name> server-key {0 | 7 | LINE} aaa server radius AAA.RADIUS.DynamicAuthorization.Ignore dynamic-author ignore {server key | session key } Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 289 AAA.ServerGroups.RADIUSServerGroupTable.RADIUSServerGroup.Accounting.Request radius <group-name> { accounting } { accept | request} <name> aaa group server AAA.ServerGroups.RADIUSServerGroupTable.RADIUSServerGroup.Accounting.Reply radius <group-name> { accounting } { reply | reject} <name> Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 290: Dhcp Xml Support
It allows the management clients to perform client bindings based on Circuit-ID, Remote-ID, Mac-Address, user profile information, and DHCPv4 proxy statistics. The mapping between CLI and XML entries for the DHCP commands are as follows: Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 291 HelperAddressTable.HelperAddress helper-address [vrf <name>] DHCPv4.ProfileTable.Profile.Proxy.ClassTable.Class.Match.VRF <server-ip-addr> DHCPv4.ProfileTable.Profile.Proxy.ClassTable.Class.Match.Option [ giaddr <ip-addr> match vrf <name> match option [ 124 | 125 | 60 | 77 ] hex Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 292 <addr> location <locationSpecifier> show dhcp ipv4 DHCPv4.NodeTable.Node.Proxy.Binding.ClientTable[DHCPv4ProxyBriefFilter] proxy binding location <locationSpecifier> show dhcp ipv4 DHCPv4.NodeTable.Node.Proxy.Binding.ClientTable.Client proxy binding detail location <locationSpecifier> show dhcp ipv4 DHCPv4.NodeTable.Node.Proxy.Binding.Summary proxy binding Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 293: Control Policy Xml Support
<policy-name> sh sub sess all Subscriber.Session.NodeTable.Node.SessionTable loc <loc> sh sub sess all Subscriber.Session.NodeTable.Node.SessionTable(SubscriberDetailAllSessionFilter) detail loc <loc> sh sub sess all Subscriber.Session.NodeTable.Node.Summary summary loc <loc> Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 294 <loc> sh sub sess Subscriber.Session.NodeTable.Node.SessionTable(SubscriberStateBriefFilter) {Naming filter state State} <state> loc <loc> sh sub sess Subscriber.Session.NodeTable.Node.SessionTable(SubscriberStateDetailFilter) {Naming filter state State} <state> detail loc <loc> Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 295 Subscriber.Session.NodeTable.Node.SessionTable.Session{Naming SessionID} sub-label <0-ffffffff> loc <loc> sh sub man Subscriber.Manager.NodeTable.Node.Statistics.AAA.Accounting stat AAA accounting loc <loc> sh sub man Subscriber.Manager.NodeTable.Node.Statistics.AAA.AggregateAccounting stat AAA accounting total loc <loc> Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 296: Daps Xml Support
VRF and pool name. The mapping between CLI and XML entries for the DAPS commands are as follows: Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 297 <vrf-name> PoolService.NodeTable.Node.VRFTable.VRF.IPv4 ipv4 show pool ipv4 name PoolService.NodeTable.Node.PoolTable.Pool.IPv4.Detail <poolname> show pool ipv4 name PoolService.NodeTable.Node.PoolTable.Pool.IPv4.Verbose <poolname> verbose show pool ipv4show pool PoolService.NodeTable.Node.VRFTable vrf all ipv4 Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 298: Pppoe Xml Support
{limit} threshold set Sessions.MaxLimit {<limit>,<threshold>} {<threshold>} sessions access-interface limit {<count>} set Sessions.AccessInterfaceLimit [threshold {<threshold>}] {<count>,<threshold>} sessions mac limit {<count>} [threshold set Sessions.MacLimit {<count>,<threshold>} {<threshold>}] Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 299 Sessions.InnerVLANThrottle {<request-count> <request-period> {<request-count>,<request-period>,<blocking-period>} <blocking-period>} control-packets priority {<cos>} set ControlPackets.Priority {<cos>} invalid-session-id drop set InvalidSessionID {DROP} invalid-session-id log set InvalidSessionID {LOG} Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 300: Subscriber Database Xml Support
Subscriber.Database.NodeTable.Node.Session(SubscriberDatabaseSessionStateFilter){Naming session state <all| cfgapply Session-State} |cfgdone |cfggen |cfgunapply |destroying |error |fatgen |init |sync> show subscriber database Subscriber.Database.NodeTable.Node.Session.LabelTable.Label{Naming session subscriber-label <> SubscriberLabel} location <> Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 301 Subscriber.Database.NodeTable.Node.Association[SubscriberTemplateType(Naming ipsubscriber brief location TemplateType] R/S/M association type Subscriber.Database.NodeTable.Node.Association[SubscriberTemplateType(Naming ipsubscriber brief TemplateType] association type Subscriber.Database.NodeTable.Node.Association[SubscriberTemplateType(Naming ipsubscriber location TemplateType] R/S/M association type Subscriber.Database.NodeTable.Node.Association[SubscriberTemplateType(Naming ipsubscriber TemplateType] Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 302 Subscriber.Database.NodeTable.Node.Association[SubscriberTemplateType(Naming user-profile TemplateType] association brief location Subscriber.Database.NodeTable.Node.Association.LabelTable.Label R/S/M association brief Subscriber.Database.NodeTable.Node.Association.LabelTable.Label association location R/S/M Subscriber.Database.NodeTable.Node.Association.LabelTable.Label association Subscriber.Database.NodeTable.Node.Association.LabelTable.Label session subscriber-label Subscriber.Database.NodeTable.Node.Session.LabelTable.Label <0x0-0xffffffff> location R/S/M Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 303 State] session state cfgunapply Subscriber.Database.NodeTable.Node.Session[SubscriberSessionStateFilter(Naming State] session state cfgerror Subscriber.Database.NodeTable.Node.Session[SubscriberSessionStateFilter(Naming location R/S/M State] session state cfgerror Subscriber.Database.NodeTable.Node.Session[SubscriberSessionStateFilter(Naming State] session state error location Subscriber.Database.NodeTable.Node.Session[SubscriberSessionStateFilter(Naming R/S/M State] Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 304 State] session state sync location Subscriber.Database.NodeTable.Node.Session[SubscriberSessionStateFilter(Naming R/S/M State] session state sync Subscriber.Database.NodeTable.Node.Session[SubscriberSessionStateFilter(Naming State] session state all location Subscriber.Database.NodeTable.Node.Session[SubscriberSessionStateFilter(Naming R/S/M State] session state all Subscriber.Database.NodeTable.Node.Session[SubscriberSessionStateFilter(Naming State] Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 305: Radius Attributes
IETF attribute and encapsulate it behind attribute 26; thus, the newly created attribute is accepted if the user accepts attribute 26. Table 7: Supported RADIUS IETF Attributes Name Value Type Acct-Authentic integer Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 306 Framed-Route "string" login-ip-addr-host ipv4addr Multilink-Session-ID string Nas-Identifier string NAS-IP-Address ipv4addr NAS-Port integer Reply-Message binary Service-Type integer Tunnel-Assignment-Id string Tunnel-Packets-Lost integer X-Ascend-Client-Primary-DNS ipv4addr X-Ascend-Client-Secondary-DNS ipv4addr Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 307: Ietf Tagged Attributes On Lac
Tunnel-Assignment-Id = :4:"1", Tunnel-Preference = :4:3, Tunnel-Password = :4:"hello" Tunnel-Type = :5:L2TP, Tunnel-Medium-Type = :5:IP, Tunnel-Server-Endpoint = :5:"6.6.6.6", Tunnel-Assignment-Id = :5:"1", Tunnel-Preference = :5:3, Tunnel-Password = :5:"hello" Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 308: Radius Vendor-Specific Attributes
"cisco-avpair." The value is a string of this format: protocol : attribute sep value * "Protocol" is a value of the Cisco "protocol" attribute for a particular type of authorization; protocols that can be used include IP, IPX, VPDN, VOIP, SHELL, RSVP, SIP, AIRNET, OUTBOUND. "Attribute" and "value"...
Page 309 Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 310 Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 311 Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 312: Vendor-Specific Attributes For Account Operations
Actual-Data-Rate-Downstream integer Actual-Data-Rate-Upstream integer Attainable-Data-Rate-Downstream integer Attainable-Data-Rate-Upstream integer Agent-Circuit-Id string IWF-Session boolean social Maximum-Interleaving-Delay-Downstream integer Maximum-Interleaving-Delay-Upstream integer Maximum-Data-Rate-Downstream integer Maximum-Data-Rate-Upstream integer Minimum-Data-Rate-Downstream integer Minimum-Data-Rate-Downstream-Low-Power integer Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 313: Radius Ascend Attributes
Disconnect-cause attribute values specify the reason a connection was taken offline. The attribute values are sent in Accounting request packets. These values are sent at the end of a session, even if the session fails to Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x...
Page 314 Timeout waiting for user input. Note Codes 21, 100, 101, 102, and 120 apply to all session types. Exit-Telnet-Session Disconnect due to exiting Telnet session. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 315 PPP session closed because of an MP error. PPP-Maximum-Channels PPP session closed because maximum channels were reached. Tables-Full Disconnect due to full terminal server tables. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 316 Allowed V.110 retries have been exceeded. PPP-Authentication-Timeout PPP authentication timed out. Local-Hangup Disconnected by local hangup. Remote-Hangup Disconnected by remote end hangup. T1-Quiesced Disconnected because T1 line was quiesced. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 317 Code is sent when a tunnel is brought down by issuing the clear vpdn tunnel command. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 318 Code is sent when a call has been refused due to any of the soft shutdown restrictions previously mentioned. VPN-Call-Redirect VPN call redirect is enabled. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 319: Appendix C Action Handlers
PRE action handler to complete the event processing. The configuration example is as follows: 1 authenticate aaa list <list-name> Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 320 There are two methods to stop an active timer: • Allow the timer to expire. • Stop the active running timer using the stop-timer action command. Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 321: Bng Use Cases And Sample Configurations
A P P E N D I X BNG Use Cases and Sample Configurations This appendix describes the various BNG use cases and sample configurations: Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 322 BNG Use Cases and Sample Configurations Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03...
Page 323 Authorization Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03 IN-1...
Page 324 DHCPv6 overview enabling a service-policy on an access interface Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x IN-2 OL-28375-03...
Page 325 Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03 IN-3...
Page 326 IPv6 addresses radius specifying a set of addresses or prefixes inside a subnet load balancing Specifying a Utilization Threshold Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x IN-4 OL-28375-03...
Page 327 TCP MSS Adjustment vrf awareness template l2tp-class class_name command template tunnel busy timeout timeout_value command throttle command throttling timed-policy expiry weighted queue limit tunnel accounting command Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x OL-28375-03 IN-5...
Page 328 Index Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 4.3.x IN-6 OL-28375-03...

Cisco ASR 9000 Series Configuration Manual

Table of Contents

CHAPTER 1 New and Changed BNG Features

CHAPTER 2 Broadband Network Gateway Overview

Appendix D

CHAPTER 3 Configuring Authentication, Authorization, and Accounting Functions

CHAPTER 4 Activating Control Policy

CHAPTER 5 Establishing Subscriber Sessions

Table of Contents

Table of Contents

CHAPTER 6 Deploying the Quality of Service (Qos)

CHAPTER 7 Configuring Subscriber Features

Support for Lawful Intercept

Appendix A

APPENDIX B RADIUS IETF Attributes

Appendix C Action Handlers

Quick Links

Chapters

Related Manuals for Cisco ASR 9000 Series

Summary of Contents for Cisco ASR 9000 Series