RADIUS-Based Policing
Restrictions for RADIUS-Based Policing
2
Restrictions for RADIUS-Based Policing
• The RADIUS-Based Policing feature enables the ISG to construct and apply a dynamic service
policy with a new policing rate. The new rate can be applied to traffic classes that are defined at the
parent, child, or grand-child levels. However, the new rate cannot be applied to the class-default
class of a parent policy.
• Parameterized QoS is not supported for IP sessions.
• The parameterized Access Control List (pACL) name is limited to 80 characters. The pACL name
is formed by concatenating the ACL entries in the RADIUS CoA or Access-Accept message to the
ACL name configured on the ISG. If the pACL name exceeds 80 characters the parameterization
operation fails and an error message displays. For a CoA message, the ISG also sends a negative Ack
(Nack) response to the RADIUS server.
Information About RADIUS-Based Policing
To configure the RADIUS-based policing features supported on the Cisco ASR 1000 Series Aggregation
Services Router, you should understand the following topics:
• RADIUS Attributes, page 2
• Parameterized QoS Policy as VSA 1, page 5
• Parameterization of QoS ACLs, page 5
RADIUS Attributes
RADIUS communicates with the ISG device by embedding specific attributes in Access-Accept and
change of authentication (CoA) messages. RADIUS-based policing employs this exchange of attributes
to activate and deactivate services and to modify the active quality of service (QoS) policy applied to a
session.
The following sections describe the RADIUS attributes used in RADIUS-based policing:
• RADIUS Attributes 250 and 252, page 2
• Cisco VSA 1, page 3
RADIUS Attributes 250 and 252
RADIUS uses attribute 250 in Access-Accept messages and attribute 252 in CoA messages to activate
and deactivate parameterized services. ISG services are configured locally on the ISG device; RADIUS
sends only the service name.
Attributes 250 and 252 have the following syntax for service activation:
Access-Accept Messages
250 "Aservice(parameter1=value,parameter2=value,...)"
CoA Messages
252 0b "service(parameter1=value,parameter2=value,...)"
To Next Page
Loading...
Need help?
General