The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This feature allows multiple services to be activated or deactivated by a single Change of Authorization (CoA) message sent from the policy server. This feature is similar to the Multiservice Activation in Access-Accept Message feature, but in this case it is assumed that the user session is already active.
All service names included in the multiservice activation or deactivation message must be Intelligent Services Gateway (ISG) aware. For example, they must be of type class-map type service "service1."
If one of the services activation or deactivation messages fails, the broadband remote access server (BRAS) rolls back only the previous successfully activated or deactivated services and those that were included in the same multiservice activation or deactivation CoA message.
However, the current ISG implementation has limitations in the process of reestablishing the state of previously activated or deactivated services. For example, if a feature that can overlap is enabled in the same session, the new, successfully activated or deactivated feature parameters delete the old parameters of the same feature, which was already activated in that session. Attempts to reestablish old parameters of that feature fail.
The CoA multiservice activation or deactivation message contains a list of services. Multiple services are listed in the form of multiple lines in a VSA 252.
For the case of multiservice deactivation within one CoA message, the RADIUS server sends the request to deactivate multiple services within one CoA multiservice deactivation message. For each service listed in the multiservice deactivation message, the BRAS deactivates the service. Successful deactivation of the service is followed by an accounting-stop message.
If a service cannot be successfully deactivated, the BRAS aborts the deactivation of all subsequent services contained in the multiservice activation message. The BRAS activates all the services within the same multiservice activation message that were successfully deactivated before the failed service activated.
An existing VSA 252 is used to form one multiservice activation or deactivation CoA message. To form one multiservice activate or deactivate CoA message, multiple lines of VSA 252 are included in the message. The following example shows mixed multiservice activation or deactivation in one CoA message:
ISG# 00:41:15: RADIUS: CoA received from id 76 10.168.1.6:1700, CoA Request, len 67 00:41:15: CoA: 10.168.1.6 request queued 00:41:15: RADIUS: authenticator C4 AC 5D 50 6A BE D7 00 - F9 1D FA 38 15 32 25 3A 00:41:15: RADIUS: Vendor, Cisco [26] 18 00:41:15: RADIUS: ssg-account-info [250] 12 "S151.1.1.2" 00:41:15: RADIUS: Vendor, Cisco [26] 17 00:41:15: RADIUS: ssg-command-code [252] 11 00:41:15: RADIUS: 0B 70 6F 6C 69 63 65 31 [Service-Log-On service1] 00:41:15: RADIUS: Vendor, Cisco [26] 17 00:41:15: RADIUS: ssg-command-code [252] 11 00:41:15: RADIUS: 0B 70 6F 6C 69 63 65 32 [Service-Log-On service2] 00:41:15: RADIUS: Vendor, Cisco [26] 17 00:41:15: RADIUS: ssg-command-code [252] 11 00:41:15: RADIUS: 0C 73 65 72 76 69 63 65 33 [Service-Log-Off service3] 00:41:15: RADIUS: Vendor, Cisco [26] 17 00:41:15: RADIUS: ssg-command-code [252] 11 00:41:15: RADIUS: 0B 70 6F 6C 69 63 65 34 [Service-Log-On service4]
You can use VSA 252 concatenated quality of service (QoS) syntax in a RADIUS CoA message. The syntax is used to activate or deactivate ISG service and the QoS policy by parsing the VSA 252 concatenated string.
Note | ISG manages multiple QoS services in one CoA message and applies the message to activate static and parameterized QoS. |
Configure Cisco VSA 252 in the service profile on RADIUS to dynamically activate a session service with CoA. RADIUS uses VSA 252 in CoA messages with the following syntax:
vsa cisco generic 252 binary 0b suffix "qos:vc-qos-policy-out=IPOne_out;qos:vc-qos-policy-in=IPOne_in;;"
The CoA command in this example performs the following actions:
Initiates an ISG service "qos:vc-qos-policy-out=IPOne_out;qos:vc-qos-policy-in=IPOne_in;;".
Replaces the default QoS output child policy on virtual template IPOne_out and installs the IPOne_out policy if there is no default output child policy on the virtual template.
Replaces the default QoS input child policy on virtual template IPOne_in and installs the IPOne_in policy if there is no default input child policy configured on the virtual template.
To dynamically activate a session service using CoA and default QoS policy on a virtual template, configure Cisco VSA 252 in the RADIUS service profile. RADIUS uses VSA 252 in CoA messages with the following syntax:
vsa cisco generic 252 binary 0c suffix "qos:vc-qos-policy-out=IPOne_out;qos:vc-qos-policy-in=IPOne_in;;"
The CoA command in this example performs the following actions:
Terminates an ISG service "qos:vc-qos-policy-out=IPOne_out;qos:vc-qos-policy-in=IPOne_in".
Replaces the QoS output child policy IPOne_out with the default child policy configured on the appropriate virtual template interface.
Replaces the QoS input child policy IPOne_in with the default child policy configured on the appropriate virtual template interface.
To activate QoS services, RADIUS adds one or more multiple QoS classes to the parent and child policy in one VSA 252 string and relays the following syntax:
CoA VSA 252 0b <new service>
In addition to the existing services, the new service should be installed and should not have overlapping classes with the current services.
The following example defines QoS activation and adds the QoS classes in the parameterized QoS service RADIUS form:
VSA252 0b q-p-out=IPOne1-isg-acct_service(1)((c-d,voip)1(200000,9216,0,1,0,0)10(9));q-p-in= ((c-d,voip)1(200000,9216,0,1,0,0)10(9))
To deactivate the second service, RADIUS relays the same VSA 252 string that was used for service activation, replacing "0b" with "0c".
The following example defines QoS deactivation and deletes the QoS classes in the parameterized QoS service RADIUS form:
VSA252 0c q-p-out=IPOne1-isg-acct_service(1)((c-d,voip)1(200000,9216,0,1,0,0)10(9));q-p-in= ((c-d,voip)1(200000,9216,0,1,0,0)10(9))
Related Topic |
Document Title |
---|---|
Cisco IOS commands |
|
ANCP Commands |
Cisco IOS Access Node Control Protocol Command Reference |
IEEE 802.1Q VLAN |
Configuring Routing Between VLANs with IEEE 802.1Q Encapsulation |
Queue-in-Queue VLAN Tags |
IEEE 802.1Q-in-Q VLAN Tag Termination |
RFC |
Title |
---|---|
ANCP extension draft |
GSMP Extensions for Access Node Control Mechanism, Internet draft |
RFC 3292 |
General Switch Management Protocol (GSMP) V3 |
RFC 3293 |
General Switch Management Protocol (GSMP), Packet Encapsulations for Asynchronous Transfer Mode (ATM), Ethernet and Transmission Control Protocol (TCP) |
The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Feature Name |
Releases |
Feature Information |
---|---|---|
Multiservice Activation and Deactivation in a CoA Message |
Cisco IOS XE Release 2.4 |
The Multiservice Activation and Deactivation in a CoA Message feature supports dynamic activation and deactivation of multiple services using RADIUS CoA messages. In Cisco IOS XE 2.4, this feature was introduced on the Cisco ASR 1000 Series Routers. |