Configuring ISG Port-Bundle Host Key
How to Configure ISG Port-Bundle Host Key
3
to a configured ISG IP address and changes the source TCP port to a port allocated by the ISG. The ISG
assigns a bundle of ports to each subscriber because one subscriber can have several simultaneous TCP
sessions when accessing a web page. The assigned port-bundle host key, or combination of port bundle
and ISG source IP address, uniquely identifies each subscriber. The host key is carried in RADIUS
packets sent between the portal server and the ISG in the Subscriber IP vendor-specific attribute (VSA).
Table 1 describes the Subscriber IP VSA. When the portal server sends a reply to the subscriber, the ISG
uses the translation tables to identify the destination IP address and destination TCP port.
For each TCP session between a subscriber and the portal, the ISG uses one port from the port bundle
as the port map. Individual port mappings are flagged as eligible for reuse on the basis of inactivity
timers, but are not explicitly removed once assigned. The number of port bundles is limited per ISG
address, but there is no limit to the number of ISG IP addresses that can be configured for port bundle
usage.
Benefits of ISG Port-Bundle Host Key
Support for Overlapped Subscriber IP Addresses Extended to Include External Portal Usage
The ISG Port-Bundle Host Key feature enables external portal access regardless of subscriber IP address
or VRF membership. Without the use of port-bundle host keys, all subscribers accessing a single external
portal must have unique IP addresses. Furthermore, since port-bundle host keys isolate VRF-specific
addresses from the domain in which the portal resides, routing considerations are simplified.
Portal Provisioning for Subscriber and ISG IP Addresses No Longer Required
Without the ISG Port-Bundle Host Key feature, a portal must be provisioned for subscriber and ISG IP
addresses before the portal is able to send RADIUS packets to the ISG or send HTTP packets to
subscribers. The ISG Port-Bundle Host Key feature eliminates the need to provision a portal in order to
allow one portal server to serve multiple ISGs and to allow one ISG to be served by multiple portal
servers.
How to Configure ISG Port-Bundle Host Key
Perform the following tasks to configure the ISG Port-Bundle Host Key feature:
• Enabling the ISG Port-Bundle Host Key Feature in a Service Policy Map, page 4
• Enabling the ISG Port-Bundle Host Key Feature in a User Profile or Service Profile on the AAA
Server, page 5
Table 1 Subscriber IP VSA Description
Attribute
ID Vendor ID Subattribute ID and Type Attribute Name Attribute Data
26 9 250 Account-Info Subscriber IP S subscriber-ip-address [:port-bundle-number]
• S—Account-Info code for subscriber IP.
• subscriber IP address: port-bundle number
—The port-bundle number is used only if the
ISG Port-Bundle Host Key feature is
configured.
To Next Page
Loading...
Need help?
General