Configuring ISG Network Forwarding Policies
Prerequisites for Configuring ISG Network Forwarding Policies
2
Prerequisites for Configuring ISG Network Forwarding Policies
For information about release and platform support, see the “Feature Information for ISG Network
Policies” section on page 7.
Restrictions for Configuring ISG Network Forwarding Policies
A service can contain only one network forwarding policy.
For each subscriber session, only one instance of a network forwarding policy can be in effect at any one
time.
Information About ISG Network Policies
Before you configure network forwarding policies, you should understand the following concepts:
• Network Policies, page 2
• Configuration Sources for Network Policies, page 2
Network Policies
For subscriber packets to reach a network, some form of forwarding must be specified for a subscriber
session. A traffic policy that allows packets to be routed or forwarded to and from an upstream network
is known as a network forwarding policy.
Where the network forwarding policy type is routing, forwarding decisions are made at Layer 3, and a
VRF (Virtual Routing and Forwarding) identifier must be specified to indicate which routing table
should be used to make the routing decision (each VRF represents an independent routing context within
a single router). Where the network policy type is forwarding, forwarding decisions are made at Layer 2,
which means that all subscriber packets are forwarded to and from a single virtual endpoint within the
system. This virtual endpoint represents a Layer 2 tunnel, and a tunnel identifier determines which tunnel
should be used. If a network forwarding policy is not specified, the global routing table will be used to
route traffic.
An ISG service that includes a network forwarding policy is known as a primary service. Primary
services are mutually exclusive and may not be active simultaneously. Upon activation of a new primary
service, ISG will deactivate the existing primary service and any other services dependent on the existing
primary service through association with a service group.
Configuration Sources for Network Policies
Network policies can be configured in user profiles and service profiles on an external authentication,
authorization, and accounting (AAA) server or in service policy maps on the ISG-enabled device. A
network forwarding policy configured in a user profile takes precedence over a network forwarding
policy specified in a service.
To Next Page
Loading...
Need help?
General