Multiservice Activation and Deactivation in a CoA Message

This feature allows multiple services to be activated or deactivated by a single Change of Authorization (CoA) message sent from the policy server. This feature is similar to the Multiservice Activation in Access-Accept Message feature, but in this case it is assumed that the user session is already active.

Restrictions for Multiservice Activation and Deactivation in a CoA Message

  • All service names included in the multiservice activation or deactivation message must be Intelligent Services Gateway (ISG) aware. For example, they must be of type class-map type service "service1."

  • If one of the services activation or deactivation messages fails, the broadband remote access server (BRAS) rolls back only the previous successfully activated or deactivated services and those that were included in the same multiservice activation or deactivation CoA message.

  • However, the current ISG implementation has limitations in the process of reestablishing the state of previously activated or deactivated services. For example, if a feature that can overlap is enabled in the same session, the new, successfully activated or deactivated feature parameters delete the old parameters of the same feature, which was already activated in that session. Attempts to reestablish old parameters of that feature fail.

  • If a valid CLI-configured ISG service is forwarded through CoA to a new session and fails (ISG service is unable to find an accounting list):
    • BRAS does not wait for the hardware to be provisioned.
    • An ACK message is relayed.
    • ISG services are not applied.
    • Tracebacks are observed.

Information About Multiservice Activation and Deactivation in a CoA Message

Multiservice Activation and Deactivation in a CoA Message Overview

The CoA multiservice activation or deactivation message contains a list of services. Multiple services are listed in the form of multiple lines in a VSA 252.

For the case of multiservice deactivation within one CoA message, the RADIUS server sends the request to deactivate multiple services within one CoA multiservice deactivation message. For each service listed in the multiservice deactivation message, the BRAS deactivates the service. Successful deactivation of the service is followed by an accounting-stop message.

If a service cannot be successfully deactivated, the BRAS aborts the deactivation of all subsequent services contained in the multiservice activation message. The BRAS activates all the services within the same multiservice activation message that were successfully deactivated before the failed service activated.

An existing VSA 252 is used to form one multiservice activation or deactivation CoA message. To form one multiservice activate or deactivate CoA message, multiple lines of VSA 252 are included in the message. The following example shows mixed multiservice activation or deactivation in one CoA message:

RADIUS Format

ISG#
00:41:15: RADIUS: CoA  received from id 76 10.168.1.6:1700, CoA Request, len 67
00:41:15: CoA: 10.168.1.6 request queued
00:41:15: RADIUS:  authenticator C4 AC 5D 50 6A BE D7 00 - F9 1D FA 38 15 32 25 3A
00:41:15: RADIUS:  Vendor, Cisco       [26]  18  
00:41:15: RADIUS:   ssg-account-info   [250] 12  "S151.1.1.2"
00:41:15: RADIUS:  Vendor, Cisco       [26]  17 
00:41:15: RADIUS:   ssg-command-code   [252] 11  
00:41:15: RADIUS:   0B 70 6F 6C 69 63 65 31           [Service-Log-On service1]
00:41:15: RADIUS:  Vendor, Cisco       [26]  17 
00:41:15: RADIUS:   ssg-command-code   [252] 11  
00:41:15: RADIUS:   0B 70 6F 6C 69 63 65 32           [Service-Log-On service2]
00:41:15: RADIUS:  Vendor, Cisco       [26]  17  
00:41:15: RADIUS:   ssg-command-code   [252] 11   
00:41:15: RADIUS:   0C 73 65 72 76 69 63 65 33        [Service-Log-Off service3]
00:41:15: RADIUS:  Vendor, Cisco       [26]  17 
00:41:15: RADIUS:   ssg-command-code   [252] 11  
00:41:15: RADIUS:   0B 70 6F 6C 69 63 65 34           [Service-Log-On service4]

QoS Policy for VSA 252

You can use VSA 252 concatenated quality of service (QoS) syntax in a RADIUS CoA message. The syntax is used to activate or deactivate ISG service and the QoS policy by parsing the VSA 252 concatenated string.


Note


ISG manages multiple QoS services in one CoA message and applies the message to activate static and parameterized QoS.


How to Configure Multiservice Activation and Deactivation in a CoA Message

Activating a Session Service Using CoA

Configure Cisco VSA 252 in the service profile on RADIUS to dynamically activate a session service with CoA. RADIUS uses VSA 252 in CoA messages with the following syntax:

vsa cisco generic 252 binary 0b suffix "qos:vc-qos-policy-out=IPOne_out;qos:vc-qos-policy-in=IPOne_in;;"

The CoA command in this example performs the following actions:

  • Initiates an ISG service "qos:vc-qos-policy-out=IPOne_out;qos:vc-qos-policy-in=IPOne_in;;".

  • Replaces the default QoS output child policy on virtual template IPOne_out and installs the IPOne_out policy if there is no default output child policy on the virtual template.

  • Replaces the default QoS input child policy on virtual template IPOne_in and installs the IPOne_in policy if there is no default input child policy configured on the virtual template.

Deactivating a Session Service Using CoA

To dynamically activate a session service using CoA and default QoS policy on a virtual template, configure Cisco VSA 252 in the RADIUS service profile. RADIUS uses VSA 252 in CoA messages with the following syntax:

vsa cisco generic 252 binary 0c suffix "qos:vc-qos-policy-out=IPOne_out;qos:vc-qos-policy-in=IPOne_in;;" 

The CoA command in this example performs the following actions:

  • Terminates an ISG service "qos:vc-qos-policy-out=IPOne_out;qos:vc-qos-policy-in=IPOne_in".

  • Replaces the QoS output child policy IPOne_out with the default child policy configured on the appropriate virtual template interface.

  • Replaces the QoS input child policy IPOne_in with the default child policy configured on the appropriate virtual template interface.

Configuration Examples for Multiservice Activation and Deactivation in a CoA Message

Activating and Deactivating QoS Services Using VSA 252 Example

To activate QoS services, RADIUS adds one or more multiple QoS classes to the parent and child policy in one VSA 252 string and relays the following syntax:

CoA VSA 252 0b <new service>

In addition to the existing services, the new service should be installed and should not have overlapping classes with the current services.

The following example defines QoS activation and adds the QoS classes in the parameterized QoS service RADIUS form:

VSA252 0b q-p-out=IPOne1-isg-acct_service(1)((c-d,voip)1(200000,9216,0,1,0,0)10(9));q-p-in= ((c-d,voip)1(200000,9216,0,1,0,0)10(9))

To deactivate the second service, RADIUS relays the same VSA 252 string that was used for service activation, replacing "0b" with "0c".

The following example defines QoS deactivation and deletes the QoS classes in the parameterized QoS service RADIUS form:

VSA252 0c q-p-out=IPOne1-isg-acct_service(1)((c-d,voip)1(200000,9216,0,1,0,0)10(9));q-p-in= ((c-d,voip)1(200000,9216,0,1,0,0)10(9))

Additional References for Multiservice Activation and Deactivation in a CoA Message

Related Documents

Related Topic

Document Title

Cisco IOS commands

Cisco IOS Master Command List, All Releases

ANCP Commands

Cisco IOS Access Node Control Protocol Command Reference

IEEE 802.1Q VLAN

Configuring Routing Between VLANs with IEEE 802.1Q Encapsulation

Queue-in-Queue VLAN Tags

IEEE 802.1Q-in-Q VLAN Tag Termination

RFCs

RFC

Title

ANCP extension draft

GSMP Extensions for Access Node Control Mechanism, Internet draft

RFC 3292

General Switch Management Protocol (GSMP) V3

RFC 3293

General Switch Management Protocol (GSMP), Packet Encapsulations for Asynchronous Transfer Mode (ATM), Ethernet and Transmission Control Protocol (TCP)

Feature Information for Multiservice Activation and Deactivation in a CoA Message

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.
Table 1 Feature Information for Multiservice Activation and Deactivation in a CoA Message

Feature Name

Releases

Feature Information

Multiservice Activation and Deactivation in a CoA Message

Cisco IOS XE Release 2.4

The Multiservice Activation and Deactivation in a CoA Message feature supports dynamic activation and deactivation of multiple services using RADIUS CoA messages.

In Cisco IOS XE 2.4, this feature was introduced on the Cisco ASR 1000 Series Routers.