RADIUS-Based Policing
How to Configure RADIUS-Based Policing
5
• class-list field—A list of class names enclosed in parentheses that identifies the class or classes to
be removed. The class names you specify must be either user-configured class maps or the
system-generated class-default class. The order in which you specify the class names indicates the
hierarchical level of the class within the QoS policy.
For example, the following VSA1 attribute removes the Bronze class and all associated QoS policy
actions from the nested child policy that is applied to the parent class-default class:
qos-policy-out=remove-class(sub,(class-default,Bronze))
When you remove a traffic class from a QoS policy, all of the attributes for the class are also removed.
To re-add the class with the same attributes, you must reissue the add-class RADIUS attribute and
provide the required parameters and values.
Parameterized QoS Policy as VSA 1
In the current release, multiple complex strings in a CoA message are not supported because they do not
display correct behavior of VSA 1, as shown in the next example:
vsa cisco 250 S152.1.1.2
vsa cisco generic 252 binary 0b suffix "q-p-out=IPOne1-isg-acct1(1)((c-d,tv)1(10000))"
vsa cisco generic 252 binary 0b suffix "q-p-out=IPOne1-isg-acct(1)((c-d,voip)1(10000))"
In the above example:
• All services are enabled on target.
• Parameterized QoS policy in the second command syntax is not echoed in the ISG service.
• Parameterized QoS policy in the first command syntax is echoed.
Parameterization of QoS ACLs
The Parameterization of QoS Access Control Lists (ACLs) feature supports multiple ISG and QoS
parameterized services in a single Access-Accept or CoA message. This feature allows the
authentication, authorization, and accounting (AAA) device to change parameters dynamically.
How to Configure RADIUS-Based Policing
The RADIUS server determines the new policing rate based on vendor specific attributes (VSAs)
configured in a subscriber’s user profile on RADIUS and on the ANCP-signaled rate received from the
ISG. RADIUS sends the new rate to the ISG in an Access-Accept or CoA message.
After receiving the Access-Accept or CoA message, the ISG copies the original policy map applied to
the session and changes the policing rate of the copied, transient policy as indicated by RADIUS. The
ISG does not change the shaping rate of the original policy. After changing the transient policy, the ISG
applies the transient policy to the subscriber service.
The following sections provide more information about per-service policing using RADIUS:
• Prerequisites for Per-Service Policing Using RADIUS, page 6
• Restrictions for Per-Service Policing Using RADIUS, page 6
• Configuring Per-Service Policing Using RADIUS, page 6
To Next Page
Loading...
Need help?
General