VPDN Group Session Limiting

Similar documents
RADIUS Tunnel Preference for Load Balancing and Fail-Over

BGP Enforce the First Autonomous System Path

OSPF Incremental SPF

Generic Routing Encapsulation Tunnel IP Source and Destination VRF Membership

Suppress BGP Advertisement for Inactive Routes

IS-IS Incremental SPF

RADIUS NAS-IP-Address Attribute Configurability

PPPoE Session Recovery After Reload

DHCP Option 82 Support for Routed Bridge Encapsulation

PPPoE Client DDR Idle Timer

DHCP Lease Limit per ATM/RBE Unnumbered Interface

SSG Service Profile Caching

Modified LNS Dead-Cache Handling

VPDN LNS Address Checking

RADIUS Logical Line ID

This feature was introduced. This feature was integrated into Cisco IOS Release 12.2(27)SBA.

PPP/MLP MRRU Negotiation Configuration

Logging to Local Nonvolatile Storage (ATA Disk)

Cisco Unity Express Voic System User s Guide

Autosense of MUX/SNAP Encapsulation and PPPoA/PPPoE on ATM PVCs

IMA Dynamic Bandwidth

Configuring Multiple Basic Service Set Identifiers and Microsoft WPS IE SSIDL

PPPoE Session Limits per NAS Port

Installing IEC Rack Mounting Brackets on the ONS SDH Shelf Assembly

QoS Child Service Policy for Priority Class

OSPF RFC 3623 Graceful Restart Helper Mode

MPLS MTU Command Changes

DHCP Relay MPLS VPN Support

Configuring an Intermediate IP Multicast Helper Between Broadcast-Only Networks

Protocol-Independent MAC ACL Filtering on the Cisco Series Internet Router

Per IP Subscriber DHCP Triggered RADIUS Accounting

Cisco Smart Business Communications System Teleworker Set Up

Cisco Voice Applications OID MIB

IP SLAs Random Scheduler

DHCP ODAP Server Support

Configuring Route Maps to Control the Distribution of MPLS Labels Between Routers in an MPLS VPN

Troubleshooting ISA with Session Monitoring and Distributed Conditional Debugging

Contextual Configuration Diff Utility

Using Application Level Gateways with NAT

Extended NAS-Port-Type and NAS-Port Support

ISSU and SSO DHCP High Availability Features

PPPoE Service Selection

Frame Relay Conditional Debug Support

Cisco Aironet Directional Antenna (AIR-ANT-SE-WiFi-D)

BECN and FECN Marking for Frame Relay over MPLS

Configuring Token Ring LAN Emulation for Multiprotocol over ATM

Route Processor Redundancy Plus (RPR+)

This feature was introduced. This feature was integrated into Cisco IOS Release 12.2(27)SBA.

Cisco Software Licensing Information for Cisco Unified Communications 500 Series for Small Business

Configuring the Cisco IOS DHCP Relay Agent

Wireless LAN Error Messages

Connecting Cisco DSU/CSU High-Speed WAN Interface Cards

Cisco Unified MeetingPlace for Microsoft Office Communicator

Cisco Report Server Readme

LAN Emulation Overview

IP Event Dampening. Feature History for the IP Event Dampening feature

Installing the Cisco ONS Deep Door Kit

Cisco 806, Cisco 820 Series, Cisco 830 Series, SOHO 70 Series and SOHO 90 Series Routers ROM Monitor Download Procedures

Packet Classification Using the Frame Relay DLCI Number

Application Firewall Instant Message Traffic Enforcement

Exclusive Configuration Change Access and Access Session Locking

Configuring MPLS Multi-VRF (VRF-lite)

Configuring Virtual Interfaces

Maintenance Checklists for Cisco Unity VPIM Networking (with Microsoft Exchange)

MPLS VPN: VRF Selection Based on Source IP Address

Wireless LAN Overview

Cisco Unified Mobile Communicator 3.0 User Portal Guide

White Paper: Using Microsoft Windows Server 2003 with Cisco Unity 4.0(4)

Cisco Aironet 1500 Series Access Point Large Pole Mounting Kit Instructions

Low Latency Queueing with Priority Percentage Support

ATM VP Average Traffic Rate

RSVP Message Authentication

MPLS VPN OSPF and Sham-Link Support

IP SLAs Proactive Threshold Monitoring

Configuring ISA Accounting

Maintenance Checklists for Microsoft Exchange on a Cisco Unity System

Chunk Validation During Scheduler Heapcheck

Connecting Cisco 4-Port FXS/DID Voice Interface Cards

PPPoE Agent Remote-ID and DSL Line Characteristics Enhancement

Release Notes for Cisco Aironet Client Utility and Driver, Version 3.0 for Mac OS

Release Notes for Cisco Security Agent for Cisco Unified MeetingPlace Release 6.0(7)

Using Microsoft Outlook to Schedule and Join Cisco Unified MeetingPlace Express Meetings

Site Preparation and Network Communications Requirements

Connecting Cisco WLAN Controller Enhanced Network Modules to the Network

Support of Provisionable QoS for Signaling Traffic

MIB Quick Reference for the Cisco ONS Series

Cisco Video Surveillance Virtual Matrix Client Configuration Guide

Configuration Replace and Configuration Rollback

Cisco Unified Web and Interaction Manager Supervision Console User s Guide

QoS: Color-Aware Policer

Installation Notes for Catalyst 3750-E and Catalyst 3560-E Switch Fan Modules

Cisco Virtual Office End User Instructions for Cisco 1811 Router Set Up at Home or Small Office

Maintenance Checklists for Active Directory on a Cisco Unity System with Exchange as the Message Store

Cisco BTS Softswitch Site Preparation and Network Communications Requirements, Release 6.0. Safety and Compliance

Applying the Tunnel Template on the Home Agent

Cisco Registered Envelope Recipient Guide

Cisco Unified CallConnector for Microsoft Windows 1.4 Mobility Service Quick Reference Guide

Configuring ISG VRF Transfer (Cisco IOS Release 12.2(28)SB)

Simple Network-Enabled Auto-Provisioning for Cisco IAD2420 Series IADs

Release Notes for Cisco Spectrum Expert

Transcription:

VPDN Group Session Limiting Feature History Release 12.2(1)DX 12.2(2)DD 12.2(4)B 12.2(27)SB Modification This feature was introduced. This feature was integrated into Cisco IOS Release 12.2(2)DD. This feature was integrated into Cisco IOS Release 12.2(4)B. This feature was integrated into Cisco IOS Release 12.2(27)SB. Finding Support Information for Platforms and Cisco IOS Software Images Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear. Contents Feature Overview, page 2 Supported Platforms, page 3 Supported Standards, MIBs, and RFCs, page 3 Prerequisites, page 3 Configuration Tasks, page 3 Monitoring and Maintaining VPDN Group Session Limiting, page 5 Configuration Examples, page 6 Command Reference, page 6 Corporate Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA Copyright 2001 2005 Cisco Systems, Inc. All rights reserved.

Feature Overview VPDN Group Session Limiting Feature Overview Before the introduction of the Virtual Private Dial Network (VPDN) Group Session Limiting feature, you could only globally limit the number of VPDN sessions on a router with limits applied equally to all VPDN groups. Using the VPDN Group Session Limiting feature, you can limit the number of VPDN sessions allowed per VPDN group. This feature is implemented with the introduction of the session-limit number command in VPDN configuration mode. VPDN group session limiting is applied after the global VPDN session limiting (which is configured via the vpdn session-limit session command in configuration mode) is enforced. Benefits The VPDN group session limiting feature offers the following benefits: Limits Number of Sessions VPDN Group Can Terminate The VPDN Group Session Limiting feature gives more control to network administrators by enabling them to limit how many sessions a VPDN group can terminate. Enables Finer Configuration Granularity This feature enables service providers to cater to all types of organizations, large or small, by enabling finer configuration granularity. Restrictions The VPDN Session Limiting feature does not support the following: VPDN group session limiting cannot be configured on an L2TP Access Concentrator (LAC) or L2F Network Access Server (NAS). The range of legal values for number is from 0 to 32767. VPDN group session limiting applies only to L2F and L2TP sessions. Related Features and Technologies Shell-Based Authentication of VPDN Users Accounting of VPDN Disconnect Cause Resource Pool Management Related Documents Resource Pool Management Shell-Based Authentication of VPDN Users Configuring Virtual Private Networks section of the Cisco IOS Dial Services Configuration Guide: Network Services Cisco IOS Dial Services Command Reference 2

VPDN Group Session Limiting Supported Platforms Supported Platforms Cisco 7200 series Cisco 7401 ASR router Supported Standards, MIBs, and RFCs Standards No new or modified standards are supported by this feature. MIBs No new or modified MIBs are supported by this feature. To obtain lists of supported MIBs by platform and Cisco IOS release, and to download MIB modules, go to the Cisco MIB website on Cisco.com at the following URL: http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml RFCs No new or modified RFCs are supported by this feature. Prerequisites A VPDN session group must be created before the session-limit VPDN configuration group can be configured. You must configure the accept-dialin command or request-dialout command before VPDN session group limiting can be configured. Configuration Tasks See the following section for the configuration task necessary to configure the VPDN Group Session Limiting feature: Configuring VPDN Group Session Limiting, page 3 (required) Configuring VPDN Group Session Limiting To configure VPDN group session limiting, follow the steps in the table below, beginning in global configuration mode: 3

Configuration Tasks VPDN Group Session Limiting Command Purpose Step 1 Router(config)# vpdn-group name Select the VPDN group to configure. name Name of the VPDN group. Step 2 Router(config-vpdn)# accept-dialin or Router(config-vpdn)# request-dialout Enables the router to accept dial-in requests. Enables the router to send L2TP dial-out requests. Step 3 Router(config-vpdn-acc-in)# protocol [l2f l2tp] Specifies which tunneling protocol is to be used. Step 4 Router(config-vpdn-acc-in)# virtual-template template-number Specifies the number of the virtual template that will be used to clone the virtual access interface. template-number Number of the virtual template that will be used to clone virtual-access interfaces. Valid range is 1 to 200. Step 5 Router(config-vpdn-acc-in)# exit Exits VPDN accept-dialin interface mode. Step 6 Router(config-vpdn)# terminate-from hostname host-name Accepts tunnels that have this host name configured as a local name. host-name The host name that this VPDN group will accept connections from. Step 7 Router(config-vpdn)# session-limit session-number Limits the number of sessions allowed on the specified VPDN group. session-number The maximum number of sessions allowed on the specified VPDN group in the range of 0 to 32767. If session-limit is configured to 0, no sessions are allowed on the VPDN group. Verifying VPDN Group Session Limiting Follow the steps below to verify the successful configuration of VPDN group session limiting: Step 1 Step 2 Step 3 Step 4 Step 5 Enter the session-limit 1 command in VPDN configuration mode. Establish a VPDN session by dialing in to the network access server (NAS) using an allowed username and password. Attempt to establish another VPDN session by dialing in to the NAS using another allowed username and password. A Syslog message similar to the following should appear on the console of the router: 00:11:17: %VPDN-6-MAZ_sESS_EXCD:L2F HGW great_went has exceeded configured local session-limit and rejected user user@anywhere.com Enter the show vpdn history failure command on the router. If you see output similar to the following, the group session limit was successful: User: user@anywhere.com 4

VPDN Group Session Limiting Monitoring and Maintaining VPDN Group Session Limiting NAS: cliford_ball, IP address = 172.25.52.8, CLID = 2 Gateway: great_went, IP address = 172.25.52.7, CLID = 13 Log time: 00:04:21, Error repeat count:1 Failure type: Exceeded configured VPDN mazimum session limit Failure reason: Monitoring and Maintaining VPDN Group Session Limiting Use the following commands to monitor and maintain VPDN group session limiting: Command Router# show vpdn group name Router# show vpdn Router# show vpdn history failure Router# show vpdn session [all [interface tunnel username] packets sequence state timers window] Purpose Displays the session-limit set, and the number of active sessions and tunnels on the specified VPDN group. name VPDN group name summarizes the configuration of the specified group. Displays a summary of all active VPDN tunnels. Displays information about VPDN user failures. Displays VPDN session information including interface, tunnel, username, packets, status, and window statistics. all All session information for active sessions. interface Interface associated to a specific session. tunnel Tunnel attribute filter. username Username filter. packets Packet/byte count. sequence Sequence numbers. state State of each session. timers Timer information. window Window information. 5

Configuration Examples VPDN Group Session Limiting Command Router# show vpdn tunnel [all [id local-name remote-name] packets state summary transport] Purpose Displays VPDN tunnel information including tunnel protocol, ID, local and remote tunnel names, packets sent and received, tunnel, and transport status. all All information for active tunnels. Options are: id Local tunnel ID. local-name Name of local end of tunnel. remote-name Name of remote end of tunnel. packets Packet/byte count. state Tunnel state information. summary Tunnel information summary. transport Tunnel transport information. Configuration Examples This section provides the following configuration examples: Configuring VPDN Group Session Limiting:Example, page 6 Configuring VPDN Group Session Limiting:Example In the example below, VPDN group abc is created and restricted to three sessions: Router# configure terminal Router(config)# vpdn-group abc Router(config-vpdn)# accept dialin Router(config-vpdn-acc-in)# protocol l2tp Router(config-vpdn-acc-in)# virtual-template 5 Router(config-vpdn-acc-in)# exit Router(config-vpdn)# terminate hostname host1 Router(config-vpdn)# session-limit 3 Router(config-vpdn)# end Router# show vpdn-group abc Command Reference This section documents the modified command session-limit (VPDN) 6

VPDN Group Session Limiting session-limit (VPDN) session-limit (VPDN) To limit the number of sessions that are allowed through a specified virtual private dialup network (VPDN) group, use the session-limit command in VPDN group configuration mode. To remove a configured session limit restriction, use the no form of this command. session-limit number no session-limit number Syntax Description number Specifies the number of sessions allowed through a specified VPDN group. The number of sessions can range from 0 to 32767. Defaults No default behavior or values. Command Modes VPDN group configuration Command History Release 12.2(1)DX 12.2(2)DD 12.2(4)T 12.2(11)T 12.2(27)SB Modification This command was introduced. This command was integrated into Cisco IOS Release 12.2(2)DD. This command was integrated into Cisco IOS Release 12.2(4)T. This command was integrated into Cisco IOS Release 12.2(11)T and support was added for the Cisco 1760, Cisco AS5300, Cisco AS5350, Cisco AS5400, Cisco AS5800, and Cisco AS5850 platforms. This command was integrated into Cisco IOS Release 12.2(27)SB. Usage Guidelines Use this command to limit the number of allowed sessions for a specified VPDN group. If the session-limit command is configured to 0, no sessions are allowed on the VPDN group. This command works independently from the session-limit command used in global configuration mode. Using the session-limit command in global configuration mode, you can restrict the total number of sessions allowed on all VPDN groups. VPDN group session limiting is configured in VPDN group configuration mode. Global VPDN session limiting and VPDN group session limiting work independently, but global VPDN session limiting is enforced before individual VPDN group limiting. For example, if you apply the vpdn session-limit 2 command in global configuration mode and the session-limit 3 command in VPDN group configuration mode to the VPDN group named group1, no more than two calls are allowed in the VPDN group group1. 7

session-limit (VPDN) VPDN Group Session Limiting Examples The following example creates a VPDN group named scoot, creates virtual template 5, and restricts the VPDN group group1 to three sessions: Router(config)# vpdn-group group1 Router(config-vpdn)# accept dialin Router(config-vpdn-acc-in)# protocol l2tp Router(config-vpdn-acc-in)# virtual-template 5 Router(config-vpdn-acc-in)# exit Router(config-vpdn)# terminate-from hostname host1 Router(config-vpdn)# session-limit 3 Related Commands Command session-limit Description Limits the number of VPDN sessions. CCVP, the Cisco logo, and Welcome to the Human Network are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is a service mark of Cisco Systems, Inc.; and Access Registrar, Aironet, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iphone, IP/TV, iq Expertise, the iq logo, iq Net Readiness Scorecard, iquick Study, LightStream, Linksys, MeetingPlace, MGX, Networkers, Networking Academy, Network Registrar, PIX, ProConnect, ScriptShare, SMARTnet, StackWise, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries. All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0711R) Copyright 2005 Cisco Systems, Inc. All rights reserved. 8

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback