Configuring ISG Policies for Automatic Subscriber Logon
Prerequisites for ISG Automatic Subscriber Logon
2
• Additional References, page 9
• Feature Information for ISG Automatic Subscriber Logon, page 10
Prerequisites for ISG Automatic Subscriber Logon
For information about release and platform support, see the “Feature Information for ISG Automatic
Subscriber Logon” section on page 10.
Depending on your AAA implementation, you may need to configure one of the following identifiers in
the password field of the user profile: source IP address, MAC address, remote ID, circuit ID. You may
also need to configure a global address in the password field.
To use circuit ID and remote ID for authorization for IP sessions, the DSLAM must insert the circuit ID
and remote ID in the DHCP Option 82 information.
To use remote ID for authorization of PPPoE sessions, the PPPoE client must provide the remote ID
information in the PPPoE Tag ID or line ID.
Restrictions for ISG Automatic Subscriber Logon
The username field in an authorization request has a limit of 253 characters.
Information About ISG Automatic Subscriber Logon
Before you configure ISG automatic subscriber logon, you should understand the following concepts:
• Overview of ISG Automatic Subscriber Logon, page 2
• Supported Identifiers for ISG Automatic Subscriber Logon, page 3
• Authorization Based on Circuit ID and Remote ID, page 3
• Accounting Behavior When ISG Automatic Subscriber Logon Is Configured, page 3
Overview of ISG Automatic Subscriber Logon
Service providers commonly implement a policy at the start of IP sessions that redirects all subscriber
packets to a logon portal for authentication. Following successful authentication, per-subscriber
authorization data is typically returned from a AAA server. For some deployments, usually in subscriber
networks that are well protected against spoofing and denial-of-service (DoS) attacks, service providers
are willing to forgo authentication and trust subscriber identity. ISG automatic subscriber logon allows
service providers to grant certain subscribers access to services without requiring the subscribers to log
on.
ISG automatic subscriber logon enables a specified identifier to be used in place of the username in
authorization requests. Enabling the AAA server to authorize subscribers on the basis of a specified
identifier allows subscriber profiles to be downloaded from the AAA server as soon as packets are
received from subscribers.
To Next Page
Loading...
Need help?
General