- Preparing for Broadband Access Aggregation
- Understanding Broadband Access Aggregation
- Providing Protocol Support for Broadband Access Aggregation of PPP over ATM Sessions
- Upstream PPPoX Connection Speed Transfer at LAC
- Providing Session Limit Support
- Monitoring PPPoE Sessions with SNMP
- PPP over Ethernet Client
- PPPoE over VLAN Enhancements Configuration Limit Removal and ATM Support
- Providing Protocol Support for Broadband Access Aggregation of PPPoE Sessions
- PPPoE Client DDR Idle-Timer
- Enabling PPPoE Relay Discovery and Service Selection Functionality
- Establishing PPPoE Session Limits per NAS Port
- Offering PPPoE Clients a Selection of Services During Call Setup
- Providing Connectivity Using ATM Routed Bridge Encapsulation over PVCs
- RBE Client Side Encapsulation with QoS
- Routed Bridge Encapsulation with ATM Virtual Circuit Bundles
- Configuring Cisco Subscriber Service Switch Policies
- Subscriber Profile Support
- Controlling Subscriber Bandwidth
- Configuring the Physical Subscriber Line for RADIUS Access and Accounting
- 1-Port ADSL WAN Interface Card
- 1-Port ADSL WAN Interface for the Cisco IAD2420 Series
- 1-Port ADSL WAN Interface Card for Cisco 2600 Series and Cisco 3600 Series Routers
- ADSL Support in IPv6
- ATM Mode for Two-Wire or Four-Wire SHDSL
- 1-Port G.SHDSL WAN Interface Card for Cisco 2600 Series and Cisco 3600 Series Routers
- G.SHDSL Symmetric DSL Support for Cisco IAD2420 Series IAD
- Monitoring and Retraining on Reception of Loss of Margin Messages
- Virtual Auxiliary Port Feature and Configuration of DSL Settings
- TR-069 Agent
- Finding Feature Information
- Prerequisites for Configuring Subscriber Profile Support
- Information About Subscriber Profile Support
- How to Configure Subscriber Profile Support
- Configuration Examples for Subscriber Profile Support
- Additional References
- Feature Information for Subscriber Profile Support
Subscriber Profile Support
The Subscriber Profile Support feature introduces new functionality for the Subscriber Service Switch architecture, a Cisco IOS subsystem that connects subscribers to network access services at Layer 2. This new functionality affects how the Subscriber Service Switch Manager determines a service for each subscriber with a combination of a policy and a service lookup model.
- Finding Feature Information
- Prerequisites for Configuring Subscriber Profile Support
- Information About Subscriber Profile Support
- How to Configure Subscriber Profile Support
- Configuration Examples for Subscriber Profile Support
- Additional References
- Feature Information for Subscriber Profile Support
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Prerequisites for Configuring Subscriber Profile Support
Before configuring the Subscriber Profile Support feature, you need to be familiar with concepts introduced in the Cisco Release 12.2(13)T feature module Subscriber Service Switch , and with the authentication, authorization, and accounting (AAA) and PPP access processes.
Information About Subscriber Profile Support
New Call Management Support for Subscriber Service Switch Architecture
The Subscriber Service Switch architecture in Cisco IOS Release 12.3(4)T offers a significant improvement in scalability by providing the ability to bypass PPP when forwarding a call. Instead, call service selection is decided entirely by a Subscriber Service Switch Manager. Client call processes that terminate subscriber lines or receive subscriber calls send their requests for service direction to the Subscriber Service Switch Manager, which determines service based on service keys collected by the Subscriber Service Switch client and a preestablished call service policy. Examples of service keys are a NAS Port ID (network access server port identifier) and an unauthenticated PPP name. Refer to the Subscriber Service Switch feature module for more information about service keys.
The Subscriber Profile Support feature introduces the subscriber profile command and its service subcommands, which support the Subscriber Service Switch policy for searching a subscriber profile database for authorization data and determining the services that will be granted to the requesting customer.
How to Configure Subscriber Profile Support
The tasks described in this section assume that an operational network running the Subscriber Service Switch architecture has been configured.
- Configuring VPDN Service for the Subscriber Service Switch Policy
- Configuring Local Termination Service for the Subscriber Service Switch Policy
- Configuring Denial of Service for the Subscriber Service Switch Policy
- RADIUS Subscriber Service Switch Services Configuration
Configuring VPDN Service for the Subscriber Service Switch Policy
In this task, you configure virtual private dial-up network (VPDN) service by directing the software to obtain the configuration from a predefined VPDN group.
1.
enable
2.
configure
terminal
3.
subscriber
profile
profile-name
4.
service
vpdn
group
vpdn-group-name
5.
exit
DETAILED STEPS
What to Do Next
See the RADIUS Subscriber Service Switch Services Configuration section for information about creating the script for the corresponding RADIUS AV pair Subscriber Service Switch attribute.
Configuring Local Termination Service for the Subscriber Service Switch Policy
In this task, you define local termination service for the Subscriber Service Switch policy.
1.
enable
2.
configure
terminal
3.
subscriber
profile
profile-name
4.
service
local
5.
exit
DETAILED STEPS
| Command or Action | Purpose | |||
|---|---|---|---|---|
| Step 1 |
enable
Example: Router> enable |
Enables privileged EXEC mode.
| ||
| Step 2 |
configure
terminal
Example: Router# configure terminal |
Enters global configuration mode. | ||
| Step 3 |
subscriber
profile
profile-name
Example: Router(config)# subscriber profile Domain1 |
Names a Subscriber Service Switch policy for local searches of a subscriber profile database for authorization data when a AAA network authorization method list is configured, and enters subscriber profile configuration mode.
| ||
| Step 4 |
service
local
Example: Router(config-sss-profile)# service local |
Configures local termination, and is the default Subscriber Service Switch policy. | ||
| Step 5 |
exit
Example: Router(config-sss-profile)# exit |
Exits subscriber profile configuration mode. |
What to Do Next
See the RADIUS Subscriber Service Switch Services Configuration section for information about creating the script for the corresponding RADIUS AV pair Subscriber Service Switch attribute.
Configuring Denial of Service for the Subscriber Service Switch Policy
In this task, you configure a Subscriber Service Switch policy that denies service to a subscriber.
1.
enable
2.
configure
terminal
3.
subscriber
profile
profile-name
4.
service
deny
5.
exit
DETAILED STEPS
| Command or Action | Purpose | |||
|---|---|---|---|---|
| Step 1 |
enable
Example: Router> enable |
Enables privileged EXEC mode.
| ||
| Step 2 |
configure
terminal
Example: Router# configure terminal |
Enters global configuration mode. | ||
| Step 3 |
subscriber
profile
profile-name
Example: Router(config)# subscriber profile Domain1 |
Names a Subscriber Service Switch policy for local searches of a subscriber profile database for authorization data when a AAA network authorization method list is configured, and enters subscriber profile configuration mode.
| ||
| Step 4 |
service
deny
Example: Router(config-sss-profile)# service deny |
Denies service to the subscriber. | ||
| Step 5 |
exit
Example: Router(config-sss-profile)# exit |
Exits subscriber profile configuration mode. |
What to Do Next
See the RADIUS Subscriber Service Switch Services Configuration section for information about creating the script for the corresponding RADIUS AV pair Subscriber Service Switch attribute.
RADIUS Subscriber Service Switch Services Configuration
The Cisco AV pairs have been extended to include Subscriber Service Switch service configuration. Subscriber Service Switch values are prefixed with "sss:", as follows:
cisco-avpair = "sss:sss-service=vpdn" cisco-avpair = "sss:sss-service=local" cisco-avpair = "sss:sss-service=deny"
Configuration Examples for Subscriber Profile Support
- VPDN Service for the Subscriber Service Switch Policy Examples
- Local Termination for the Subscriber Service Switch Policy Example
- Denial of Service for the Subscriber Service Switch Policy Example
- RADIUS Subscriber Service Support Profiles Examples
VPDN Service for the Subscriber Service Switch Policy Examples
The following example provides VPDN service to users in the domain cisco.com, and uses VPDN group 1 to obtain VPDN configuration information:
! subscriber profile cisco.com service vpdn group 1
The following example provides VPDN service to DNIS 1234567, and uses VPDN group 1 to obtain VPDN configuration information:
! subscriber profile dnis:1234567 service vpdn group 1
The following example provides VPDN service using a remote tunnel (used on the multihop node), and uses VPDN group 1 to obtain VPDN configuration information:
! subscriber profile host:lac service vpdn group 1
Local Termination for the Subscriber Service Switch Policy Example
The following example provides local termination service to users in the domain cisco.com:
! subscriber profile cisco.com service local
Denial of Service for the Subscriber Service Switch Policy Example
The following example denies service to users in the domain cisco.com:
! subscriber profile cisco.com service deny
RADIUS Subscriber Service Support Profiles Examples
The following examples show typical RADIUS AV pair scripts to enable VPDN service and to define the service keys that are collected:
# # Domain "cisco.com" users get VPDN service with the enclosed configuration. # cisco.com Password = "cisco" User-Service-Type = Outbound-User, cisco-avpair = "sss:sss-service=vpdn", cisco-avpair = "vpdn:tunnel-id=nas-provider", cisco-avpair = "vpdn:ip-addresses=10.0.3.96", cisco-avpair = "vpdn:nas-password=secret1", cisco-avpair = "vpdn:gw-password=secret2" # # Users with DNIS 1234567 get VPDN service with the enclosed configuration. # dnis:1234567 Password = "cisco" User-Service-Type = Outbound-User, cisco-avpair = "sss:sss-service=vpdn", cisco-avpair = "vpdn:tunnel-id=nas-provider", cisco-avpair = "vpdn:ip-addresses=10.0.3.96", cisco-avpair = "vpdn:nas-password=secret1", cisco-avpair = "vpdn:gw-password=secret2" # # Users on the remote tunnel (LAC) get VPDN service with the enclosed configuration. # host:lac Password = "cisco" User-Service-Type = Outbound-User, cisco-avpair = "sss:sss-service=vpdn", cisco-avpair = "vpdn:tunnel-id=nas-provider", cisco-avpair = "vpdn:ip-addresses=10.0.3.96", cisco-avpair = "vpdn:nas-password=secret1", cisco-avpair = "vpdn:gw-password=secret2"
Additional References
Related Documents
|
Related Topic |
Document Title |
|---|---|
|
AAA |
Cisco IOS Security Configuration Guide; refer to " Part 1: Authentication, Authorization, and Accounting (AAA) " |
|
AAA commands: complete command syntax, command mode, defaults, usage guidelines, and examples |
Cisco IOS Security Command Reference |
|
Broadband access, PPPoE |
Cisco IOS Wide-Area Networking Configuration Guide; refer to " Part 2: Broadband Access" |
|
Broadband access, PPPoE, commands: complete command syntax, command mode, defaults, usage guidelines, and examples |
Cisco IOS Wide-Area Networking Command Reference |
|
PPP |
Cisco IOS Dial Technologies Configuration Guide; refer to "Part 9: PPP Configuration " |
|
VPDN |
Cisco IOS Dial Technologies Configuration Guide; refer to "Part 8: Virtual Templates, Profiles, and Networks " |
|
PPP and VPDN commands: complete command syntax, command mode, defaults, usage guidelines, and examples |
Cisco IOS Dial Technologies Command Reference |
|
Subscriber Service Switch |
Subscriber Service Switch feature module |
Standards
|
Standards |
Title |
|---|---|
|
None |
-- |
MIBs
|
MIBs |
MIBs Link |
|---|---|
|
None |
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: |
RFCs
|
RFCs |
Title |
|---|---|
|
None |
-- |
Technical Assistance
|
Description |
Link |
|---|---|
|
Technical Assistance Center (TAC) home page, containing 30,000 pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content. |
Feature Information for Subscriber Profile Support
The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to . An account on Cisco.com is not required.|
Feature Name |
Releases |
Feature Information |
|---|---|---|
|
Subscriber Profile Support |
12.3(4)T |
The Subscriber Profile Support feature introduces new functionality for the Subscriber Service Switch architecture, a Cisco IOS subsystem that connects subscribers to network access services at Layer 2. This new functionality affects how the Subscriber Service Switch Manager determines a service for each subscriber with a combination of a policy and a service lookup model. The following commands were introduced or modified: service deny, service local, service vpdn group, subscriber profile. |
Feedback