EasyManuals Logo
Home>Cisco>Gateway>IOS XE Intelligent Services

Cisco IOS XE Intelligent Services User Manual

Cisco IOS XE Intelligent Services
358 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #221 background imageLoading...
Page #221 background image
Configuring ISG Subscriber Services
Configuration Examples for ISG Services
17
Service for Per-Subscriber Firewall: Examples
In the following examples, the service “SERVICE2” is configured with a per-subscriber firewall. The
service does not include a traffic class, so it will apply to the entire session. These examples are
equivalent and show the two methods of service configuration: in a service policy map that is configured
directly on the ISG, and in a service profile that is configured on a AAA server.
ISG Configuration
policy-map type service SERVICE2
ip access-group INTERNET_IN_ACL in
ip access-group INTERNET_OUT_ACL out
AAA Server Configuration
Attributes/
Cisco-AVPair = ip:inacl=INTERNET_IN_ACL
Cisco-AVPair = ip:outacl=INTERNET_OUT_ACL
Service for Redirecting Layer 4 Subscriber Traffic: Example
The following example shows the configuration of a service called
“UNAUTHORIZED_REDIRECT_SVC”. The control policy “UNAUTHEN_REDIRECT” is configured
to apply the service upon session start.
class-map type traffic match-any UNAUTHORIZED_TRAFFIC
match access-group input 100
policy-map type service UNAUTHORIZED_REDIRECT_SVC
class type traffic UNAUTHORIZED_TRAFFIC
redirect to ip 10.0.0.148 port 8080
policy-map type control UNAUTHEN_REDIRECT
class type control always event session-start
1 service-policy type service name UNAUTHORIZED_REDIRECT_SVC
Deactivating a Layer 4 Redirection Service Following Authorization: Example
In the following example, a service configured with Layer 4 redirection is deactivated when traffic
becomes authorized; that is, following activation of the appropriate service.
class-map traffic UNAUTHORIZED_TRAFFIC
match access-group input 100
policy-map type service UNAUTHORIZED_REDIRECT_SVC
class traffic UNAUTHORIZED_TRAFFIC
redirect to ip 10.0.0.148 port 8080
class-map control match-all CHECK_ISP1
match service ISP1
policy-map control UNAUTHEN_REDIRECT
class control always event session-start
1 service-policy type service name UNAUTHORIZED_REDIRECT_SVC
class control CHECK_ISP1 event service-start
1 service-policy type service unapply UNAUTHORIZED_REDIRECT_SVC
1 service-policy type service name ISP1

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco IOS XE Intelligent Services and is the answer not in the manual?

Cisco IOS XE Intelligent Services Specifications

General IconGeneral
BrandCisco
ModelIOS XE Intelligent Services
CategoryGateway
LanguageEnglish

Related product manuals