Configuring ISG Control Policies
Additional References
20
Control Policies for Automatic Subscriber Login: Example
In the following example, if the client is from the a subnet, automatic subscriber login is applied and an
authorization request is sent to the list TALLIST with the subscriberās source IP address as the username.
If the authorization request is successful, any automatic activation services specified in the returned user
profile are activated for the session and the execution of rules within the control policy stops. If the
authorization is not successful, the rule execution proceeds, and the subscriber is redirected to the policy
server to log in. If the subscriber does not log in within five minutes, the session is disconnected.
interface GigabitEthernet0/0/0
service-policy type control RULEA
aaa authentication login TALLIST group radius
aaa authentication login LOCAL local
access-list 100 permit ip any any
class-map type traffic match-any all-traffic
match access-group input 100
match access-group output 100
policy-map type service redirectprofile
class type traffic all-traffic
redirect to ip 10.0.0.148 port 8080
class-map type control match-all CONDA
match source-ip-address 209.165.201.1 255.255.255.0
!
class-map type control match-all CONDF
match timer TIMERB
match authen-status unauthenticated
policy-map type control RULEA
class type control CONDA event session-start
1 authorize aaa list TAL_LIST password cisco identifier source-ip-address
2 apply aaa list LOCAL service redirectprofile
3 set-timer TIMERB 5 minutes
class type control CONDF event timed-policy-expiry
1 service disconnect
Additional References
The following sections provide references related to ISG control policies.
Related Documents
Related Topic Document Title
ISG commands Cisco IOS Intelligent Services Gateway Command Reference
Traffic Policies The āConfiguring ISG Subscriber Servicesā module.
To Next Page
Loading...
Need help?
General