This configuration example has five parts that show that PPPoA sessions are established between a broadband remote access server (BRAS) and a routing gateway (RG), the change of authorization (CoA push request) that passes between a policy server and the BRAS, and how the pulled policy maps are replaced by pushed policy maps after the CoA request.
The five parts are: BRAS PPPoA configuration, RG PPPoA configuration, session information on BRAS prior to a push, debug on BRAS after receiving the CoA request, and session information on BRAS after a CoA push request has taken place.
The following example shows the current PPPoA configuration on BRAS:
aaa new-model
!
aaa authentication ppp default group radius
aaa authorization network default group radius
!
aaa server radius dynamic-author
client <address> server-key <key>
!
aaa session-id common
!
ip routing
!
policy-map DefaultIn
class class-default
set ip precedence 0
policy-map DefaultOut
class class-default
set ip precedence 0
!
policy-map PullMapIn
class class-default
set ip precedence 0
policy-map PullMapOut
class class-default
set ip precedence 0
!
policy-map 7up
class class-default
fair-queue
policy-map Sprite
class class-default
bandwidth 1000
!
policy-map PushMapIn
class class-default
set ip precedence 0
policy-map PushMapOut
class class-default
set ip precedence 0
!
!
vc-class atm xyz
protocol ppp Virtual-Template1
encapsulation aal5snap
!
interface Loopback0
ip address 12.1.1.2 255.255.255.0
!
interface ATM4/0
no ip address
no atm ilmi-keepalive
no atm enable-ilmi-trap
no clns route-cache
no shutdown
!
interface ATM4/0.1 point-to-point
no atm enable-ilmi-trap
pvc 0/101
class-vc xyz
vbr-nrt 400 300 50
dbs enable
service-policy in DefaultIn
service-policy out DefaultOut
!
!
interface Virtual-Template1
ip unnumbered Loopback0
ppp authentication chap
!
radius-server host <address> auth-port <port> acct-port <port>
radius-server key <key>
radius-server vsa send authentication
The following example shows the PPPoA configuration set up on the RG:
aaa new-model
!
aaa session-id common
!
ip routing
!
interface Loopback0
ip address 12.1.1.1 255.255.255.0
!
interface ATM2/0/0
no ip address
no atm ilmi-keepalive
no atm enable-ilmi-trap
no clns route-cache
no shutdown
!
interface ATM2/0/0.1 point-to-point
pvc 0/101
protocol ppp Virtual-Template1
!
!
interface Virtual-Template1
ip unnumbered Loopback0
no peer default ip address
ppp chap hostname InOut
ppp chap password 0 <password>
The following example uses the show subscriber session all command to display session information on BRAS prior to policy maps being pushed. PullMapIn and PullMapOut are the profiles pulled from the AAA server. The CoA request pushes the BRAS to change its input policy map (PullMapIn) and output policy map (PullMapOut) to PushMapIn and PushMapOut respectively.
Router# show subscriber session all
Current Subscriber Information:Total sessions 1
--------------------------------------------------
Unique Session ID:54
Identifier:InOut
SIP subscriber access type(s):PPPoA/PPP
Current SIP options:Req Fwding/Req Fwded
Session Up-time:00:00:32, Last Changed:00:00:12
AAA unique ID:55
Interface:Virtual-Access1.1
Policy information:
Context 6531F6AC:Handle C700008A
Authentication status:authen
User profile, excluding services:
Framed-Protocol 1 [PPP]
service-type 2 [Framed]
ssg-account-info "S12.1.1.1"
vc-qos-policy-in "PullMapIn"
vc-qos-policy-out "PullMapOut"
Prepaid context:not present
Configuration sources associated with this session:
Interface:Virtual-Template1, Active Time = 00:00:32
The following example displays the output of the debug aaa coa and debug pppatm eventcommands to show that the input policy map, PushMapIn, and output policy map, PushMapOut, have been applied or pushed on the BRAS after the BRAS received the CoA push request from the policy server:
2d20h:RADIUS:COA received from id 41 10.0.56.145:1700, CoA Request, len 122
2d20h:COA:10.0.56.145 request queued
2d20h: ++++++ CoA Attribute List ++++++
2d20h:6523AE20 0 00000001 service-type(276) 4 Framed
2d20h:6523AF4C 0 00000009 ssg-account-info(392) 9 S12.1.1.1
2d20h:6523AF5C 0 00000009 ssg-command-code(394) 1 17
2d20h:6523AF6C 0 00000009 vc-qos-policy-in(342) 7 PushMapIn
2d20h:6523AF7C 0 00000009 vc-qos-policy-out(343) 4 PushMapOut
2d20h:
2d20h: PPPATM:Received VALID vc policy PushMapIn
2d20h: PPPATM:Received VALID vc policy PushMapOut
2d20h:PPPATM:ATM4/0.1 0/101 [54], Event = SSS Msg Received = 5
2d20h:Service policy input PushMapIn policy output PushMapOut applied on 0/101
2d20h: PPPATM:Applied VALID vc policy PushMapIn and PushMapOut
2d20h:RADIUS(00000000):sending
2d20h:RADIUS(00000000):Send CoA Ack Response to 10.0.56.145:1700 id 41, len 20
2d20h:RADIUS: authenticator 04 D5 05 E2 FE A3 A6 E5 - B2 07 C0 A1 53 89 E0 FF
The following example uses the show subscriber session all command to display session information on the BRAS after the BRAS received the CoA push request from the policy server. The policy information shows that PushMapIn and PushMapOut are the current policy maps on the BRAS that were pushed by the CoA request:
Router# show subscriber session all
Current Subscriber Information:Total sessions 1
--------------------------------------------------
Unique Session ID:54
Identifier:InOut
SIP subscriber access type(s):PPPoA/PPP
Current SIP options:Req Fwding/Req Fwded
Session Up-time:00:00:44, Last Changed:00:00:22
AAA unique ID:55
Interface:Virtual-Access1.1
Policy information:
Context 6531F6AC:Handle C700008A
Authentication status:authen
User profile, excluding services:
Framed-Protocol 1 [PPP]
service-type 2 [Framed]
ssg-account-info "S12.1.1.1"
vc-qos-policy-in "PushMapIn"
vc-qos-policy-out "PushMapOut"
Prepaid context:not present
Configuration sources associated with this session:
Interface:Virtual-Template1, Active Time = 00:00:44