Configuring ISG Subscriber Services
Configuration Examples for ISG Services
15
Configuration Examples for ISG Services
This section contains the following examples:
• Service for Per-Flow Accounting: Examples, page 15
• Service for Absolute Timeout and Idle Timeout: Examples, page 15
• Service for ISG Policing: Examples, page 16
• Service for Per-Subscriber Firewall: Examples, page 17
• Service for Redirecting Layer 4 Subscriber Traffic: Example, page 17
• Deactivating a Layer 4 Redirection Service Following Authorization: Example, page 17
Service for Per-Flow Accounting: Examples
In the following examples, the service “SERVICE1” is configured with per-flow accounting. The access
lists “SERVICE1_ACL_IN” and “SERVICE1_ACL_OUT” are used to define the traffic class. These
examples are equivalent and show the two alternative methods of service configuration: in a service
policy map that is configured directly on the ISG, and in a service profile that is configured on a AAA
server.
ISG Configuration
class-map type traffic match-any SERVICE1_TC
match access-group input name SERVICE1_ACL_IN
match access-group output name SERVICE1_ACL_OUT
!
policy-map type service SERVICE1
10 class type traffic SERVICE1_TC
accounting aaa list CAR_ACCNT_LIST
class type traffic default in-out
drop
AAA Server Configuration
Attributes/
Cisco-AVPair = "ip:traffic-class=in access-group name SERVICE1_ACL_IN priority 10"
Cisco-AVPair = "ip:traffic-class=in default drop"
Cisco-AVPair = "ip:traffic-class=out access-group name SERVICE1_ACL_OUT priority 10"
Cisco-AVPair = "ip:traffic-class=out default drop"
Cisco-AVPair = subscriber:accounting-list=CAR_ACCNT_LIST
Cisco-SSG-Service-Info = ISERVICE1
Service for Absolute Timeout and Idle Timeout: Examples
In the following examples, the service “SERVICE1” is configured with per-flow accounting, an absolute
timeout, and an idle timeout. The access lists “SERVICE1_ACL_IN” and “SERVICE1_ACL_OUT” are
used to define the traffic class. These examples are equivalent and show the two methods of service
configuration: in a service policy map that is configured directly on the ISG, and in a service profile that
is configured on a AAA server.
ISG Configuration
class-map type traffic match-any SERVICE1_TC
match access-group input name SERVICE1_ACL_IN
To Next Page
Loading...
Need help?
General