Configuring ISG VRF Transfer (Cisco IOS Release 12.2(28)SB)

Similar documents
Exclusive Configuration Change Access and Access Session Locking

VPDN LNS Address Checking

Maintenance Checklists for Microsoft Exchange on a Cisco Unity System

Release Notes for Cisco ONS MA Release 9.01

Configuring an Intermediate IP Multicast Helper Between Broadcast-Only Networks

DHCP Lease Limit per ATM/RBE Unnumbered Interface

PPPoE Session Recovery After Reload

PPPoE Agent Remote-ID and DSL Line Characteristics Enhancement

Connecting Cisco DSU/CSU High-Speed WAN Interface Cards

Connecting Cisco 4-Port FXS/DID Voice Interface Cards

Contextual Configuration Diff Utility

Release Notes for Cisco ONS SDH Release 9.01

Troubleshooting ISA with Session Monitoring and Distributed Conditional Debugging

Maintenance Checklists for Active Directory on a Cisco Unity System with Exchange as the Message Store

Cisco Virtual Office End User Instructions for Cisco 1811 Router Set Up at Home or Small Office

BGP Enforce the First Autonomous System Path

Modified LNS Dead-Cache Handling

Suppress BGP Advertisement for Inactive Routes

SSG Service Profile Caching

Generic Routing Encapsulation Tunnel IP Source and Destination VRF Membership

PPPoE Agent Remote-ID and DSL Line Characteristics Enhancement

RADIUS NAS-IP-Address Attribute Configurability

Cisco Software Licensing Information for Cisco Unified Communications 500 Series for Small Business

OSPF Incremental SPF

Release Notes for Catalyst 6500 Series and Cisco 7600 Series Internet Router CEF720 Module ROMMON Software

PPPoE Client DDR Idle Timer

IS-IS Incremental SPF

DHCP ODAP Server Support

Configuring the Cisco IOS DHCP Relay Agent

ISSU and SSO DHCP High Availability Features

Cisco WAAS Mobile User Guide

DHCP Option 82 Support for Routed Bridge Encapsulation

Using Microsoft Outlook to Schedule and Join Cisco Unified MeetingPlace Express Meetings

Cisco Unified Attendant Console Backup and Restore Guide

Per IP Subscriber DHCP Triggered RADIUS Accounting

Protected URL Database

Configuring ISA Accounting

Behavioral Change for Buffer Recarving

Release Notes for Cisco Small Business Pro ESW 500 Series Switches

This feature was introduced. This feature was integrated into Cisco IOS Release 12.2(27)SBA.

PPPoE Session Limits per NAS Port

Configuration Replace and Configuration Rollback

RAID Controller Firmware Upgrade Instructions for the Cisco WAE-7341, 7371, and 674

Logging to Local Nonvolatile Storage (ATA Disk)

Cisco Aironet Very Short 5-GHz Omnidirectional Antenna (AIR-ANT5135SDW-R)

Configuring Route Maps to Control the Distribution of MPLS Labels Between Routers in an MPLS VPN

IP SLAs Proactive Threshold Monitoring

The CVD program consists of systems and solutions designed, tested, and documented to facilitate faster, more reliable, and more predictable customer

RAID Battery Backup Unit Replacement and RAID Firmware Upgrade for Cisco Security MARS

MPLS VPN: VRF Selection Based on Source IP Address

7825-I4, 7828-I4 Hard Disk Firmware Update

VPDN Group Session Limiting

Cisco Unified Web and Interaction Manager Browser Settings Guide

PPP/MLP MRRU Negotiation Configuration

Configuring LDAP. Finding Feature Information. Contents

Configuring MPLS Multi-VRF (VRF-lite)

Configuring Multiple Basic Service Set Identifiers and Microsoft WPS IE SSIDL

Connecting Cisco WLAN Controller Enhanced Network Modules to the Network

MPLS MTU Command Changes

Release Notes for Cisco Broadband Access Center 3.5

Autosense of MUX/SNAP Encapsulation and PPPoA/PPPoE on ATM PVCs

OSPF RFC 3623 Graceful Restart Helper Mode

Cisco Video Surveillance Virtual Matrix Client Configuration Guide

ATM VP Average Traffic Rate

Release Notes for SPA942 and SPA962 IP Phones Firmware Version 6.1.3

Cisco Smart Business Communications System Teleworker Set Up

IMA Dynamic Bandwidth

DHCP Relay MPLS VPN Support

QoS Child Service Policy for Priority Class

1 Obtaining Cisco ANA NSA 1.0 Patch 1

Release Notes for SPA9000 Voice System

Release Notes for Cisco Unified Attendant Console Standard Release

IP SLAs Random Scheduler

Configuring the WIP310 Wireless-G IP Phone with the SPA9000 Voice System

Installing the RJ-45 Bracket and Cable on the Cisco ONS Rack

RADIUS Tunnel Preference for Load Balancing and Fail-Over

Frame Relay Conditional Debug Support

Cisco BTS Softswitch Turkish ISUP Feature Module

Release Notes for Click to Call Release 7.x

MPLS VPN Half-Duplex VRF

RADIUS Logical Line ID

Cisco Service Control Service Security: Outgoing Spam Mitigation

Extended NAS-Port-Type and NAS-Port Support

Cisco Redundant Power System 2300 Compatibility Matrix

Release Notes for Cisco Video Surveillance Manager 4.1/6.1

User Guide for Microsoft Outlook Plug-in for Cisco Unified Videoconferencing Manager Release 7.1

Release Notes for TimeCardView 7.0.x

Wireless-G IP Phone QUICK INSTALLATION GUIDE. Package Contents

PPPoE on ATM. Finding Feature Information. Contents

Cisco Unified Web and Interaction Manager Browser Settings Guide

Cisco Unity Express Voic System User s Guide

Installing IEC Rack Mounting Brackets on the ONS SDH Shelf Assembly

Protocol-Independent MAC ACL Filtering on the Cisco Series Internet Router

Release Notes for Cisco Aironet a/b/g Client Adapters (CB21AG and PI21AG) for Windows Vista 1.0

Release Notes for Cisco Service Control Management Suite Collection Manager (SCMS CM) 3.1.6

Cisco PGW 2200 Softswitch Generic Call Tagging Feature Module

Route Processor Redundancy Plus (RPR+)

IP Event Dampening. Feature History for the IP Event Dampening feature

Cisco BTS Softswitch Site Preparation and Network Communications Requirements, Release 6.0. Safety and Compliance

Configuration Partitioning

Transcription:

Configuring ISG VRF Transfer (Cisco IOS Release 12.2(28)SB) First Published: March 20, 2006 Last Updated: June 25, 2009 Intelligent Services Gateway (ISG) is a Cisco IOS software feature set that provides a structured framework in which edge devices can deliver flexible and scalable services to subscribers. ISG virtual routing and forwarding (VRF) instance transfer enables an ISG subscriber session to move from one VRF to another following selection of a new primary service. Once a session has transferred into the target VRF, all upstream and downstream packets are routed using the new routing table, and all subscriber features operate in the context of the new VRF. Note This document applies to Cisco IOS Release 12.2(28)SB only. For information about configuring VRF transfer in Cisco IOS Release 12.2(31)SB2 or later releases, see the chapter Configuring ISG Access for IP Subscriber Sessions. Finding Feature Information in This Module Your Cisco IOS software release may not support all features. To find information about feature support and configuration and platform requirements, use the Feature Information for ISG VRF Transfer section on page 14. Contents Prerequisites for ISG VRF Transfer, page 2 Restrictions for ISG VRF Transfer, page 2 Information About Configuring ISG VRF Transfer, page 2 How to Configure ISG VRF Transfers, page 4 Configuration Examples for ISG VRF Transfers, page 12 Additional References, page 13 Feature Information for ISG VRF Transfer, page 14 Americas Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA 2007 Cisco Systems, Inc. All rights reserved.

Prerequisites for ISG VRF Transfer Configuring ISG VRF Transfer (Cisco IOS Release 12.2(28)SB) Prerequisites for ISG VRF Transfer For information about release and platform support, see the Feature Information for ISG VRF Transfer section on page 14. Restrictions for ISG VRF Transfer ISG VRF transfer is not supported on the Cisco 10000-PRE2. ISG VRF transfer is supported only for PPP sessions and for IP sessions that use DHCP as the method of IP address assignment. Without PPP renegotiation, a VRF switch is not supported for PPP sessions. ISG does not support VRF transfers for IP interface sessions and IP subnet sessions. The Microsoft Windows XP PPPoE client does not support ISG VRF transfer. ISG VRF transfer for PPP sessions works only with PPP clients that can restart IPCP without disconnecting the PPP/LCP session. Information About Configuring ISG VRF Transfer Before you configure ISG VRF transfer, you should understand the following concepts: ISG VRF Transfer Overview, page 2 Benefits of ISG VRF Transfer, page 3 VRF Transfer for PPP Sessions, page 3 VRF Transfer for IP Sessions, page 3 Service Model for VRF Transfers, page 3 ISG VRF Transfer Overview The ISG model stipulates that there must be a single routing or forwarding domain per subscriber. If the network service is routing, the subscriber must be assigned an address that is routable in the specified VRF. When a subscriber session is transferred from one VRF to another, it is effectively entering a new addressing domain that may or may not overlap the subscriber s previous domain. Consequently, the subscriber s network-facing address must be altered accordingly so that packets can be correctly routed back from within the service domain. ISG VRF transfer is necessary when a subscriber s identity and subscribed services cannot be determined without interaction with a web portal. A local routing context is required, at least initially, so that IP packets may be routed to and from the portal server. Following portal-based service selection, the subscriber would typically need to be transferred into the VRF associated with the selected service domain. Following a VRF transfer, the subscriber must also receive an address that is routable in this new domain. 2

Configuring ISG VRF Transfer (Cisco IOS Release 12.2(28)SB) Information About Configuring ISG VRF Transfer Benefits of ISG VRF Transfer The need for switching of a subscriber session between routing and forwarding domains (also called network services) occurs frequently in markets where so-called equal access networking must be supported. Equal access networking is often mandated by regulatory rules stating that an access provider should allow service providers equal access to a retail subscriber network. The ISG VRF Transfer feature facilitates equal access networking by allowing subscribers to transfer between network services. VRF Transfer for PPP Sessions Once a PPP session comes up with the IP address from the network access point (NAP), the subscriber can access a web portal and choose a service provider. On VRF transfers in PPP sessions, ISG must reassign the IP address from the new domain to the PPP session. In PPP sessions, the IP address is reassigned by IPCP renegotiation. Without PPP renegotiation, VRF transfer is not supported for PPP sessions. VRF Transfer for IP Sessions Note VRF transfer is supported only for IP sessions that use DHCP as the method of IP address assignment. If ISG is adjacent to the subscriber device and serves as a DHCP relay or server, DHCP can be used to assign subscribers domain-specific addresses. In order for VRF transfers to be supported, it is strongly recommended that DHCP be configured with short initial leases. Because there is currently no provision for a forced DHCP renew function, existing subscriber addresses can only be altered once the current lease has expired. Subscribers will not have access to the selected domain before the next DHCP renew request is received. Using short initial lease times minimizes the interval between a VRF change and a DHCP renew. If long lease times are used, an out-of-band method of initiating IP address change should be implemented. When DHCP can be used to assign a new address at the subscriber device, subnet-based VRF selection can be used to bring about the transfer. Subnet-based VRF selection (also known as VRF autoclassify) is a feature that selects the VRF at the ingress port on the basis of the source IP subnet address. Service Model for VRF Transfers A primary service is a service that contains a network-forwarding policy (such as a VRF) in its service definition. Only one primary service at a time can be activated for a session. A secondary service is any service that does not contain a network-forwarding policy. When a subscriber for whom a primary service has already been activated tries to select another primary service, ISG will deactivate all current services (including the current primary service) and activate the new primary service, and hence switch the VRF. When a subscriber for whom a primary service has already been activated tries to select a secondary service, the action taken by ISG depends on whether the secondary service is part of a service group. A service group is a grouping of services that may be simultaneously active for a given session. Typically, a service group includes one primary service and one or more secondary services. Table 26 describes the action that ISG will take when a subscriber selects a secondary service. 3

How to Configure ISG VRF Transfers Configuring ISG VRF Transfer (Cisco IOS Release 12.2(28)SB) Table 26 ISG Activation Policy for Secondary Services Primary Service Characteristics Secondary Service Characteristics Resulting Behavior at ISG Primary service with no service group attribute Primary service with service group attribute Secondary service with service group Secondary service with no service group Secondary service with different service group Secondary service with same service group Secondary service with no service group Do not bring up the secondary service. Bring up the secondary service. Do not bring up the secondary service. Bring up the secondary service. Bring up the secondary service. How to Configure ISG VRF Transfers This section contains the following tasks: Specifying a VRF in a Service Policy Map, page 4 Enabling ISG VRF Transfer for PPP Sessions, page 5 Enabling ISG VRF Transfer for IP Sessions Using DHCP for IP Address Assignment, page 8 Specifying a VRF in a Service Policy Map SUMMARY STEPS VRF transfer occurs when a new primary service is activated for a session, causing the session to transfer from one VRF to another. Services can be configured in service profiles on an external AAA server or they can be configured on the ISG device in service policy maps. Perform this task to configure a VRF in a service policy map on the ISG device. 1. enable 2. configure terminal 3. policy-map type service policy-map-name 4. ip vrf forwarding name-of-vrf 5. sg-service-type primary 6. sg-service-group service-group-name 4

Configuring ISG VRF Transfer (Cisco IOS Release 12.2(28)SB) How to Configure ISG VRF Transfers DETAILED STEPS Step 1 Step 2 enable Router> enable configure terminal Enables privileged EXEC mode. Enter your password if prompted. Enters global configuration mode. Step 3 Step 4 Router# configure terminal policy-map type service policy-map-name Router(config)# policy-map type service service1 ip vrf forwarding name-of-vrf Creates or modifies a service policy map, which is used to define an ISG service. Associates the service with a VRF. Step 5 Step 6 Router(config-service-policymap)# ip vrf forwarding blue sg-service-type primary Router(config-service-policymap)# sg-service-type primary sg-service-group service-group-name Router(config-service-policymap)# sg-service-group group1 Defines the service as a primary service. A primary service is a service that contains a network-forwarding policy. A primary service must be defined as a primary service by using the sg-service-type primary command. Any service that is not a primary service is defined as a secondary service by default. (Optional) Associates an ISG service with a service group. A service group is a grouping of services that may be active simultaneously for a given session. Typically, a service group includes one primary service and one or more secondary services. What to Do Next If you are using DHCP to assign IP addresses to subscribers after switching VRFs, perform the task in the Configuring VRF Autoclassify section on page 8. Enabling ISG VRF Transfer for PPP Sessions To enable VRF transfer for PPP sessions, perform the following procedures: 1. Specify a VRF in a service policy map or service profile. See the Specifying a VRF in a Service Policy Map section on page 4. 5

How to Configure ISG VRF Transfers Configuring ISG VRF Transfer (Cisco IOS Release 12.2(28)SB) 2. Configure support for PPP sessions by configuring a virtual template and method of IP address allocation. Note that the original VRF, loopback interface, and IP address pool must be specified in a virtual template rather than in a user profile in order for VRF transfer to work. For information about how to configure virtual templates and support for PPP sessions, see the Cisco IOS Dial Technologies Configuration Guide. 3. Optionally, verify the configuration. 4. Troubleshoot the configuration as needed. This section contains the following tasks: Verifying VRF Transfer for PPP Sessions, page 6 Troubleshooting VRF Transfer for PPP Sessions, page 7 Verifying VRF Transfer for PPP Sessions SUMMARY STEPS DETAILED STEPS Perform this task to verify VRF transfer for PPP sessions. All of the show steps are optional and may be performed in any order. 1. enable 2. show subscriber session all 3. show idmgr {memory [detailed [component [substring]]] service key session-handle session-handle-string service-key key-value session key {aaa-unique-id aaa-unique-id-string domainip-vrf ip-address ip-address vrf-id vrf-id nativeip-vrf ip-address ip-address vrf-id vrf-id portbundle ip ip-address bundle bundle-number session-guid session-guid session-handle session-handle-string session-id session-id-string} statistics} 4. show ip route [vrf vrf-name] Step 1 Step 2 enable Router> enable show subscriber session all Router# show subscriber session all Enables privileged EXEC mode. Enter your password if prompted. Displays information pertaining to the service chosen by the subscriber. 6

Configuring ISG VRF Transfer (Cisco IOS Release 12.2(28)SB) How to Configure ISG VRF Transfers Step 3 show idmgr {memory [detailed [component [substring]]] service key session-handle session-handle-string service-key key-value session key {aaa-unique-id aaa-unique-id-string domainip-vrf ip-address ip-address vrf-id vrf-id nativeip-vrf ip-address ip-address vrf-id vrf-id portbundle ip ip-address bundle bundle-number session-guid session-guid session-handle session-handle-string session-id session-id-string} statistics} Displays information related to ISG session and service identity. Step 4 Router# show idmgr session key nativeip vrf ip-address 10.0.0.1 show ip route [vrf vrf-name] Displays the current state of the routing table. Router# show ip route Troubleshooting VRF Transfer for PPP Sessions SUMMARY STEPS DETAILED STEPS Use the commands in this procedure when you troubleshoot VRF transfer for PPP sessions. All of the debug commands are optional and may be entered in any order. 1. enable 2. debug subscriber feature name ip_config {event error} 3. debug ppp negotiation 4. debug ip routing Step 1 Step 2 enable Router> enable debug subscriber feature name ip_config {event error} Router# debug subscriber feature name ip_config event Enables privileged EXEC mode. Enter your password if prompted. Displays diagnostic information about the installation and removal of the IP configuration feature on ISG subscriber sessions. 7

How to Configure ISG VRF Transfers Configuring ISG VRF Transfer (Cisco IOS Release 12.2(28)SB) Step 3 Step 4 debug ppp negotiation Router# debug ppp negotiation debug ip routing Router# debug ip routing Displays PPP packets sent during PPP startup, where PPP options are negotiated. Displays information on Routing Information Protocol (RIP) routing table updates and route cache updates. Enabling ISG VRF Transfer for IP Sessions Using DHCP for IP Address Assignment Configuring VRF Autoclassify SUMMARY STEPS To enable VRF transfers for IP sessions in which ISG is adjacent to the subscriber device and DHCP can be used to influence the IP address assignment, perform the following procedures: 1. Specify a VRF in a service policy map or service profile. 2. Configure VRF autoclassify, which associates incoming packets from a subscriber with the appropriate VRF at the ingress interface so that addresses in the service domain are reachable. 3. Configure DHCP to assign subscribers IP addresses when they switch VRFs. For more information about how to configure DHCP to support ISG, see the section Assigning IP Addresses Using DHCP, in the Managing ISG Subscriber IP Addresses (Cisco IOS Release 12.2(28)SB) module. 4. Verify the configuration. This section contains the following tasks: Configuring VRF Autoclassify, page 8 Verifying VRF Transfer for IP Sessions, page 10 Perform this task to enable VRF autoclassify, which associates incoming packets from the subscriber with the appropriate VRF at the ingress interface so that addresses in the service domain are reachable. For more information about VRF autoclassify, see the VRF-Autoclassify release 12.2(27)SB new-feature document. 1. enable 2. configure terminal 3. interface type number 4. ip vrf forwarding vrf-name 5. ip address ip-address mask [secondary[vrf vrf-name]] 6. ip vrf autoclassify source 7. end 8

Configuring ISG VRF Transfer (Cisco IOS Release 12.2(28)SB) How to Configure ISG VRF Transfers DETAILED STEPS Step 1 Step 2 enable Router> enable configure terminal Enables privileged EXEC mode. Enter your password if prompted. Enters global configuration mode. Step 3 Step 4 Step 5 Step 6 Step 7 Router# configure terminal interface type number Router(config)# interface ethernet 0 ip vrf forwarding vrf-name Router(config-if)# ip vrf forwarding blue ip address ip-address mask [secondary] [vrf vrf-name]] Router(config-if)# ip address 10.0.0.1 255.255.255.0 Router(config-if)# ip address 10.1.1.1 255.255.255.0 secondary vrf red ip vrf autoclassify source Router(config-if)# ip vrf autoclassify source end Selects an interface for configuration and begins interface configuration mode. Associates an interface with a VRF. The specified VRF determines the address associated with a primary and secondary IP address. However, it may be overridden per subnet for secondary addresses. Sets a primary and secondary IP address for an interface. secondary Specifies that the configured address is a secondary IP address. If this keyword is omitted, the configured address is the primary IP address. vrf Adds a connected route for the subnet corresponding to the secondary IP address into a service provider s VRF. Note In this configuration, you must set up a primary interface and one or more secondary VRF interfaces for VRF transfer. Causes incoming packets on the interface to be marked with the VRF associated with the subnet specified by the ip address command. (Optional) Returns to privileged EXEC mode. Router(config-if)# end What to Do Next Configure DHCP to assign IP addresses to subscribers when they switch VRFs. For information about how to configure DHCP to support ISG, see the Managing ISG Subscriber IP Addresses (Cisco IOS Release 12.2(28)SB) module. 9

How to Configure ISG VRF Transfers Configuring ISG VRF Transfer (Cisco IOS Release 12.2(28)SB) Verifying VRF Transfer for IP Sessions SUMMARY STEPS DETAILED STEPS Perform the steps in the following task as needed to verify VRF transfer for IP sessions. 1. enable 2. show subscriber session uid session-identifier detail 3. show ip subscriber [vrf vrf_name] 4. show idmgr {memory [detailed [component [substring]]] service key session-handle session-handle-string service-key key-value session key {aaa-unique-id aaa-unique-id-string domainip-vrf ip-address ip-address vrf-id vrf-id nativeip-vrf ip-address ip-address vrf-id vrf-id portbundle ip ip-address bundle bundle-number session-guid session-guid session-handle session-handle-string session-id session-id-string} statistics} 5. show ip route [vrf vrf-name] Step 1 Step 2 enable Router> enable show subscriber session uid session-identifier detail Enables privileged EXEC mode. Enter your password if prompted. Displays information about ISG subscriber sessions with a specific session identifier. Step 3 Router# show subscriber uid 4 detail show ip subscriber [vrf vrf-name] Displays information pertaining to the subscriber s VRF. Router# show ip subscriber red 10

Configuring ISG VRF Transfer (Cisco IOS Release 12.2(28)SB) How to Configure ISG VRF Transfers Step 4 show idmgr {memory [detailed [component [substring]]] service key session-handle session-handle-string service-key key-value session key {aaa-unique-id aaa-unique-id-string domainip-vrf ip-address ip-address vrf-id vrf-id nativeip-vrf ip-address ip-address vrf-id vrf-id portbundle ip ip-address bundle bundle-number session-guid session-guid session-handle session-handle-string session-id session-id-string} statistics} Displays information related to ISG session and service identity. Step 5 Router# show idmgr session key nativeip vrf ip-address 10.0.0.1 show ip route [vrf vrf-name] Displays the current state of the routing table. Router# show ip route Troubleshooting VRF Transfer for IP Sessions SUMMARY STEPS DETAILED STEPS The commands in this procedure can be used to troubleshoot VRF transfer for IP sessions. The debug commands are not required and can be entered in any order. 1. enable 2. debug subscriber {event error packet policy service} 3. debug ip subscriber {event error packet fsm all} 4. debug subscriber policy detailed dpm event 5. debug dhcp [detail] Step 1 enable Router> enable Step 2 debug subscriber {event error packet policy service} Enables privileged EXEC mode. Enter your password if prompted. Displays debugging messages pertaining to subscriber policies, policy server events, and changes to service. Router# debug subscriber service 11

Configuration Examples for ISG VRF Transfers Configuring ISG VRF Transfer (Cisco IOS Release 12.2(28)SB) Step 3 debug ip subscriber {event error packet fsm all} Displays debugging messages pertaining to an IP session created on the service gateway. Step 4 Step 5 Router# debug ip subscriber error debug subscriber policy detail dpm event Router# debug subscriber policy detail dpm event debug dhcp [detail] debug dhcp Displays detailed diagnostic information about policy execution that is related to DHCP events. Displays debugging information about the DHCP client activities and monitors the status of DHCP packets. Configuration Examples for ISG VRF Transfers This section contains the following examples: VRF Transfer for IP Sessions Using DHCP for IP Addressing: Example, page 12 VRF Transfer for PPP Sessions Using IPCP Renegotiation: Example, page 12 VRF Transfer for IP Sessions Using DHCP for IP Addressing: Example The following example shows how to enable VRF autoclassify: interface ethernet0/0 ip vrf forwarding red ip address 10.0.0.1 255.255.255.0 ip address 20.0.0.1 255.255.255.0 secondary vrf blue ip address 30.0.0.1 255.255.255.0 secondary vrf green ip vrf auto-classify source VRF Transfer for PPP Sessions Using IPCP Renegotiation: Example The following examples shows a configuration that uses PPPoE to establish a session, and the RADIUS service profile that is created to associate the VRF. In this example, when a PPP session initially comes up, it belongs to the default routing table, and the IP address is assigned from the default IP address pool DEF-POOL. When the subscriber selects the ISP-RED service, ISG downloads the ISP-RED service profile and applies it to the session. The PPP session is then transferred to VRF RED. IPCP renegotiation occurs between the client device and the ISG device, and the subscriber is assigned a new IP address from the pool POOL-RED. ip vrf RED rd 1:1 interface Loopback0 ip address 10.0.0.1 255.255.255.0 12

Configuring ISG VRF Transfer (Cisco IOS Release 12.2(28)SB) Additional References interface Loopback1 ip address 20.0.0.1 255.255.255.0 ip vrf forwarding RED! interface Ethernet0/0 pppoe enable interface Virtual-Template1 ip unnumbered Loopback0 service-policy control RULE2 peer default ip address pool DEF-POOL ppp authentication chap ip local pool DEF-POOL 172.16.5.1 172.16.5.250 ip local pool POOL-RED 172.20.5.1 172.20.5.250 Service profile for ISP RED: Cisco-AVpair = ip:vrf-id=red Cisco-AVpair = "ip:ip-unnumbered=loopback 1" Cisco-AVpair = ip:addr-pool=pool-red Cisco-AVpair = subscriber:sg-service-type=primary Cisco-AVpair = subscriber:sg-service-group=red-group Cisco-SSG-Service-Info = IPPPOE-RED Cisco-SSG-Service-Info = R10.1.1.0;255.255.255.0 Framed-Protocol = PPP Service-Type = Framed Additional References The following sections provide references related to ISG VRF transfer. 13

Feature Information for ISG VRF Transfer Configuring ISG VRF Transfer (Cisco IOS Release 12.2(28)SB) Related Documents Related Topic ISG commands How to configure support for PPP sessions How to map packets to VRFs other than the VRF assigned to the ingress interface Document Title Cisco IOS Intelligent Services Gateway Command Reference Cisco IOS Dial Technologies Configuration Guide VRF-Autoclassify, 12.2(28)SB new-feature document Technical Assistance Description Technical Assistance Center (TAC) home page, containing 30,000 pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content. Link http://www.cisco.com/public/support/tac/home.shtml Feature Information for ISG VRF Transfer Table 27 lists the features in this module and provides links to specific configuration information. Only features that were introduced or modified in Cisco IOS Release 12.2(28)SB or later releases appear in the table. If you are looking for information on a feature in this technology that is not documented here, see the Intelligent Services Gateway Features Roadmap. Not all commands may be available in your Cisco IOS software release. For details on when support for specific commands was introduced, see the command reference documents. Cisco IOS software images are specific to a Cisco IOS software release, a feature set, and a platform. Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear. Note Table 27 list only the Cisco IOS software release that introduced support for a given feature in a given Cisco IOS software release train. Unless noted otherwise, subsequent releases of that Cisco IOS software release train also support that feature. 14

Configuring ISG VRF Transfer (Cisco IOS Release 12.2(28)SB) Feature Information for ISG VRF Transfer Table 27 Feature Information for ISG VRF Transfer Feature Name Releases Feature Configuration Information ISG: Session: VRF Transfer 12.2(28)SB 12.2(33)SRC The ISG session is the primary component used for associating services and policies with specific data flows. ISG sessions are associated with virtual routing and forwarding instances when routing is required for the network service. ISG VRF transfer provides a means to dynamically switch an active session between virtual routing domains. The following sections provide information about this feature: Information About Configuring ISG VRF Transfer How to Configure ISG VRF Transfers In Cisco IOS Release 12.2(33)SRC, support was added for the Cisco 7600 router. CCDE, CCSI, CCENT, Cisco Eos, Cisco HealthPresence, the Cisco logo, Cisco Lumin, Cisco Nexus, Cisco Nurse Connect, Cisco Stackpower, Cisco StadiumVision, Cisco TelePresence, Cisco WebEx, DCE, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn and Cisco Store are service marks; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iphone, iquick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries. All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0903R) Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental. 2007 2009 Cisco Systems, Inc. All rights reserved. 15

Feature Information for ISG VRF Transfer Configuring ISG VRF Transfer (Cisco IOS Release 12.2(28)SB) 16

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback