- Read Me First
- Overview of ISG
- Configuring ISG Control Policies
- Configuring ISG Access for PPP Sessions
- Configuring ISG Access for IP Subscriber Sessions
- Configuring ISG IPv6 Support
- Configuring MQC Support for IP Sessions
- Configuring ISG Port-Bundle Host Key
- Configuring ISG as a RADIUS Proxy
- Configuring ISG as a RADIUS Proxy in Passthrough Mode
- ISG RADIUS Proxy Support for Mobile Users—Hotspot Roaming and Accounting Start Filtering
- Walk-By User Support in ISG
- ISG L2 Subscriber Roaming
- Configuring RADIUS-Based Policing
- Overview for Framed Route
- ISG Dynamic VLAN Interface Provisioning
- Ambiguous VLAN Support for IP sessions over ISG
- Configuring ISG Policies for Automatic Subscriber Logon
- Configuring DHCP Option 60 and Option 82 with VPN-ID Support for Transparent Automatic Logon
- Enabling ISG to Interact with External Policy Servers
- Configuring ISG Subscriber Services
- Configuring ISG Network Forwarding Policies
- Configuring ISG Accounting
- Configuring ISG Support for Prepaid Billing
- Configuring ISG Policies for Session Maintenance
- Redirecting Subscriber Traffic Using ISG Layer 4 Redirect
- Configuring Layer 4 Redirect Logging
- Configuring ISG Policies for Regulating Network Access
- Configuring ISG Integration with SCE
- Service Gateway Interface
- ISG MIB
- ISG SSO and ISSU
- ISG Debuggability
- Troubleshooting ISG with Session Monitoring and Distributed Conditional Debugging
- Configuring ISG Troubleshooting Enhancements
- Gx Diameter Support for ISG sessions
- DHCPv6 Support for ISG
- Finding Feature Information
- Restrictions for Gx Diameter Support for ISG Sessions
- Information About Gx Diameter Support for ISG Sessions
- How to Configure Gx Diameter Support on ISG Sessions
- Examples: Configuring Gx Diameter Support for ISG Sessions
- Additional References
- Finding Feature Information for Gx Diameter Support for ISG Sessions
Gx Diameter Support for ISG sessions
This chapter describes the Gx Diameter Support for Intelligent Services Gateway (ISG) sessions. This feature supports the Gx Diameter interface and the Diameter 3GPP Application Gx interface. The component that initiates the Gx communication is through the Intelligent Services Gateway (ISG). Diameter provides a base protocol that can be extended in order to provide authentication, authorization, and accounting (AAA) services to new access technologies.
- Finding Feature Information
- Restrictions for Gx Diameter Support for ISG Sessions
- Information About Gx Diameter Support for ISG Sessions
- How to Configure Gx Diameter Support on ISG Sessions
- Examples: Configuring Gx Diameter Support for ISG Sessions
- Additional References
- Finding Feature Information for Gx Diameter Support for ISG Sessions
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Restrictions for Gx Diameter Support for ISG Sessions
-
GX Interface is supported only for IPoE Sessions
-
Dynamic policy construction is restricted only for Dynamic Rate Limiting (DRL) and Differentiated Services Code Point (DSCP).
-
ISG policies with the same name and different definitions are not supported.
-
Gx Diameter in combination with radius is not supported.
-
Subscription-ID Grouped AVP is shared only in credit-control messages.
Information About Gx Diameter Support for ISG Sessions
- Overview of the Diameter Protocol
- Gx Diameter Interface in ISG
- Diameter Credit Control Application Application
- ISG Diameter Call Flow
- Supported AVPs for Gx Diameter on ISG
Overview of the Diameter Protocol
Diameter is a peer-to-peer protocol that consists of a base protocol and a set of applications that allows it to extend its services to provide authentication, authorization, and accounting (AAA) services to new access technologies. The base protocol provides basic mechanisms for reliable transport, message delivery, and error handling and the base protocol must be used in conjunction with a Diameter application. Each application relies on the services of the base protocol to support a specific type of network access. Each application is defined by an application identifier and associated with commands. Each command is defined with mandatory Attribute Value Pairs (AVPs) and non-mandatory AVPs including vendor-specific AVPs.
Diameter allows peers to exchange a variety of messages. The Diameter client generates Diameter messages to the Diameter server to perform the AAA actions for the user. This protocol also supports server-initiated messages, such as a request to abort service to a particular user.
Gx Diameter Interface in ISG
The Gx Interface is located between the Policy and Charging Enforcement function (PCEF) and the Policy and Charging Rules Function (PCRF). Gx reference point is used to provision, modify and remove rules for policy and charging control from the PCRF to the PCEF. The policies downloaded are installed on the ISG session and any monitoring events installed is detected and notified to PCRF.
ISG Supports the download of policy information from radius server and the same is extended to integrate with GX interface for the PCEF functionality.
The following table lists Internet Assigned Numbers Authority (IANA)-assigned application IDs for Diameter applications:
|
Diameter Application |
Diameter Application ID |
|---|---|
|
Diameter common message |
0x00000000 |
|
Diameter policy interface(Gx) |
0x01000016 (16777238) |
Features supported for ISG with Diameter
Diameter Credit Control Application Application
Diameter Credit-Control Application (DCCA) interface implementation is based on the RFC 4006. The Diameter Gx application handles Gx messages and AVPs specific to Gx and DCCA application to provide support for the PCEF functionality. The DCCA messages supported on the Intelligent Services Gateway(ISG) are:
ISG supports these DCCA messages:
Every single CCR must be responded with a separate CCA.
DCCA Session and Services
Each ISG subscriber session is associated with a Diameter IPCAN-session when Gx is enabled. The device implements the state machine for an IPCAN-session as per RFC-4006.
A Diameter session-id uniquely identifies an IPCAN-session.
ISG Diameter Call Flow
The following figure shows a call flow sequence of Gx Diameter:
Supported AVPs for Gx Diameter on ISG
The following table lists the AVPs supported for Gx Diamter on ISG.
RADIUS Server Configuration
Following AVPs for Cisco IOS XE Release 16.7.1 are enabled through RADIUS server configuration. Use radius-server command for the configuration.
How to Configure Gx Diameter Support on ISG Sessions
- Configuring Diameter peer in ISG
- Configuring AAA for Diameter Peer in ISG
- Configuring Diameter Interaction for ISG
- Verifying the Gx Diameter Support for ISG Sessions
Configuring Diameter peer in ISG
Perform this task to configure the Diameter connection on a ISG router.
The selection of Diameter server is mostly based on the AAA method list configuration.
diameter timer watchdog 300
diameter origin realm cisco.com
diameter origin host 10.0.0.1
diameter source interface gigabitethernet 0/0/0
diameter vendor supported 3gpp
diameter vendor app gx
diameter peer PCRF
address ipv4 10.0.0.2
transport tcp port port1
source interface Ethernet0/0
Configuring AAA for Diameter Peer in ISG
Perform this task to configure AAA for diameter server group. Prior to this task, you must set up the Diameter peer in ISG device.
aaa group server diameter GX_SG server name PCRF aaa authorization policy-if policy_meth group GX_SG aaa authorization subscriber-service default local
Configuring Diameter Interaction for ISG
 Note | The method-list used aaa configuration and diameter interation configuration must be the same. The control policy should trigger gx session in both session-start and session-restart. In case of session-start, it is recommended to configure collect identifier source-ip-address before authorization |
Peform the following task to configure Diameter interaction for ISG:
policy-map type control GX_TEST
class type control always event session-start
5 collect identifier source-ip-address
10 authorize aaa list policy_meth identifier nas-port
class type control always event session-restart
10 authorize aaa list policy_meth identifier nas-port
Verifying the Gx Diameter Support for ISG Sessions
The following sample output is from the show diameter gx session all command.
Device#show diameter gx session all Current Gx Sessions ClientID Session State Subscription Data IPCAN Sess ID 115425 OPEN nas-port:0.0.0.0:0/3/3 device1;0;115425;1488824608 115430 OPEN nas-port:0.0.0.0:0/3/3 device1;0;115430;1488824608 115432 OPEN nas-port:0.0.0.0:0/3/3 device1;0;115432;1488824608 115434 OPEN nas-port:0.0.0.0:0/3/3 device1;0;115434;1488824608 115436 OPEN nas-port:0.0.0.0:0/3/3 device1;0;115436;1488824608 115442 OPEN nas-port:0.0.0.0:0/3/3 device1;0;115442;1488824608 115444 OPEN nas-port:0.0.0.0:0/3/3 device1;0;115444;1488824608 115447 OPEN nas-port:0.0.0.0:0/3/3 device1;0;115447;1488824608 115449 OPEN nas-port:0.0.0.0:0/3/3 device1;0;115449;1488824608 115451 OPEN nas-port:0.0.0.0:0/3/3 device1;0;115451;1488824608 115453 OPEN nas-port:0.0.0.0:0/3/3 device1;0;115453;1488824608 115455 OPEN nas-port:0.0.0.0:0/3/3 device1;0;115455;1488824608 115457 OPEN nas-port:0.0.0.0:0/3/3 device1;0;115457;1488824608 115459 OPEN nas-port:0.0.0.0:0/3/3 device1;0;115459;1488824608 115461 OPEN nas-port:0.0.0.0:0/3/3 device1;0;115461;1488824608 115463 OPEN nas-port:0.0.0.0:0/3/3 device1;0;115463;1488824608 115465 OPEN nas-port:0.0.0.0:0/3/3 device1;0;115465;1488824608 115467 OPEN nas-port:0.0.0.0:0/3/3 device1;0;115467;1488824608 115469 OPEN nas-port:0.0.0.0:0/3/3 device1;0;115469;1488824608 115471 OPEN nas-port:0.0.0.0:0/3/3 device1;0;115471;1488824608 115473 OPEN nas-port:0.0.0.0:0/3/3 device1;0;115473;1488824608 115475 OPEN nas-port:0.0.0.0:0/3/3 device1;0;115475;1488824608
The following sample output is from the show diameter gx session id command.
Device# show diameter gx session id device1;0;4120;1488910407 Current Gx Sessions ClientID Session State Subscription Data IPCAN Sess ID 4120 OPEN nas-port:0.0.0.0:255/0/8/10 device1;0;4120;1488910407
The following sample output is from the show diameter gx statistics command.
Device#show diameter gx statistics CCR Initial messages : 295110 CCR Initial messages sent failed : 21567 CCR Initial messages timed out : 184526 CCR Initial messages retry : 165003 CCR Update messages : 117667 CCR Update messag sent Failed : 0 CCR Update messages timed Out : 20828 CCR Update messages retry : 20418 CCR Terminate messages : 150241 CCR Terminate messages sent failed : 149331 CCA Initial messages : 159270 CCA Initial messages error : 0 CCA Initial messages protocol error : 0 CCA Update messages : 109513 CCA Update messages error : 2 CCA Update messages protocol error : 0 CCA Terminate messages : 67679 CCA Terminate messages error : 0 CCA Terminate messages protocol error : 0 RAR received messages : 0 RAR received messages error : 0 RAA sent messages : 0 RAA sent messages Error : 0 DIAMETER End User Service Denied : 0 DIAMETER Credit Control Not Applicable : 0 DIAMETER Credit Limit Reached : 0 DIAMETER Unknown Session Id : 0 DIAMETER Authorization Rejected : 0 DIAMETER Invalid AVP Value : 0 DIAMETER User Unknown : 0 Number of sessions currently up : 9308 Number of sessions closed : 141268 Highest number of sessions ever up at one time : 159270 Number of sessions failed to come up : 157407 Number of Unknown request messages : 0
Examples: Configuring Gx Diameter Support for ISG Sessions
The following example shows the AVP representation of pre-defined policy.
Policy-Install
Charging-Rule-Install
Charging-Rule-Name = TC_SERVICE1
Charging-Rule-Name = ISG_L4R_SRV
Policy-Remove
Charging-Rule-Remove
Charging-Rule-Name = TC_SERVICE2
Charging-Rule-Name = TC_SERVICE1
Install and Remove
Charging-Rule-Insall
Charging-Rule-Name = TC_SERVICE2
Charging-Rule-Remove
Charging-Rule-Name = ISG_L4R_SRV
The following example shows the ISG-TC service representation of pre-defined policy.
policy-map type service TC_SERVICE1
class type traffic VLAN_EFv4
accounting aaa list EF_acct
police input 300000
police output 300000
!
policy-map type service TC_SERVICE2
class type traffic VLAN_EF
accounting aaa list EF_acct
police input 300000
police output 300000
!
Policy-map type service ISG_L4R_SRV
Class type traffic class1
Redirect to ip 10.10.10.10
The following example shows the AVP representation of static and dynamic policy.
Charging-Rule-Install
Charging-Rule-Name = TC_SERVICE1
Charging-Rule-Definition
Charging-Rule-Name = TC_SERVICE2
Flow-Information
Flow-Direction = UPLINK
Packet-Filter-Identifier = CS1_V6
Qos-Information
Max-Requested-Bandwidth-UL = 50000
The following example shows ISG-TC service for static and dynamic policy.
policy-map type service TC_SERVICE1
class type traffic VLAN_EFv4
police input 300000
police output 300000
!
policy-map type service TC_SERVICE2
class type traffic VLAN_CS1_V6
police input 50000
!
class-type traffic match-any VLAN_CS1_V6
match access-group input name CS1_V6
!
ipv6 access-list CS1_V6
permit ipv6 any any dscp cs1
Additional References
Related Documents
|
Related Topic |
Document Title |
|---|---|
|
ISG commands |
Technical Assistance
|
Description |
Link |
|---|---|
|
The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies. To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds. Access to most tools on the Cisco Support website requires a Cisco.com user ID and password. |
Finding Feature Information for Gx Diameter Support for ISG Sessions
The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.|
Feature Name |
Releases |
Feature Configuration Information |
|---|---|---|
|
Gx Diameter Support for ISG Sessions |
Cisco IOS XE Everest 16.5.1b |
Diameter provides a base protocol that can be extended in order to provide authentication, authorization, and accounting (AAA) services to new access technologies. This chapter provides information about Diameter protocol and its support in ISG. The following command was introduced by this feature: diameter timer watchdog , diameter origin realm , diameter origin host , diameter source interface , diameter vendor supported , diameter peer,show diameter gx session all, show diameter gx session id, show diameter gx statistics |
Feedback