ISG Dynamic VLAN Interface Provisioning

The ISG Dynamic VLAN Interface Provisioning feature enables the automatic creation of VLAN interfaces based on the VLAN packet trigger. The VLAN interface configuration is downloaded from the RADIUS server. This module describes how to enable ISG to dynamically configure VLAN interfaces for simple IP sessions.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Prerequisites for ISG Dynamic VLAN Interface Provisioning

  • Disable VLAN filtering on the corresponding SPAs by using the hw-module subslot [m/n] ethernet vlan unlimited command.

    Note

    Although disabling this command avoids dropping of unknown VLAN tags, it affects other features that use VLAN filtering. For example, some QoS features like dot1p do not work when this command is disabled.

Restrictions for ISG Dynamic VLAN Interface Provisioning

  • After provisioning a DVLAN interface, it is not advised to write memory as this will disable removal of the DVLAN interface.

  • It is not advised to manually delete a dynamically provisioned interface. This should be done only with CoA or by using the clear vlan-autoconfig interface command.

    Note

    You can delete up to a maximum of 200 interfaces using the clear vlan-autoconfig interface command.

  • Semantic errors encountered during shell-map execution are not handled.

  • You can only configure upto 64000 VLANs per system in the Cisco ASR 1000 Series Aggregation Services Routers. The following table lists the VLAN scale restrictions for the Cisco ASR 1000 Series Aggregation Services Routers RP2 and ESP40 platform with 8GB memory.

    Platform Scalability

    ASR 1000 RP2+ESP40

    8GB RP2

    Number of VLANs per port

    4000

    Number of VLANs per SPA

    8000

    32000 with VLAN unlimited

    Number of VLANs per system

    64000

    Number of QinQ VLANs per port

    4000

    Number of QinQ VLANs per SPA

    8000

    32000 with VLAN unlimited

    Number of QinQ VLANs per system

    64000

Information About ISG Dynamic VLAN Interface Provisioning

Overview of ISG Dynamic VLAN Interface Provisioning

This feature simplifies the VLAN sub-interface configuration by downloading the configuration details from a RADIUS-based server. These details are based on the VLAN tag of the first packet coming on the access interface. Any FSOL with a VLAN tag can bring up the dynamic VLAN interface. The configuration that is downloaded is defined in the shell map and the shell map parameters are passed through RADIUS during Access Accept. To de-provision the interface, you need to do it manually through CoA only.

Benefits of ISG Dynamic VLAN Provisioning

Some benefits of automatically dynamic VLAN provisioning on the Cisco ISG interface are listed below:

  • You need not manually configure the VLAN sub-Interfaces on the device.

  • Dynamic VLAN provisioning reduces maintenance time due to simplified operations.

  • Performance is improved as the VLAN interface configurations are not included in the startup configuration.

IOS Shell Maps and Usage

The VLAN interface configuration for different VLANs is similar except that for the set of interface-specific parameters that need to be configured. These interface-specific parameters are downloaded from the RADIUS server.

The interface configuration commands are merged together in the IOS shell map to serve as a template. This template contains IOS CLI commands where the interface-specific parameters are replaced by shell variables. To configure a specific VLAN interface, the shell map is invoked with the appropriate parameters that replace these shell map variables.

The following steps describe how to use shell maps:

  • Define the IOS shell map on the router through CLI.

  • Configure this shell map name along with the VLAN interface configuration parameters on the RADIUS server for a specific VLAN ID.

  • The VLAN interface configuration module downloads the specified IOS shell map along with the appropriate VLAN interface configuration parameters from the RADIUS server.

  • The VLAN interface configuration module triggers the corresponding shell map with the appropriate number of parameters.

  • Ensure that the number of configuration parameters for a specific VLAN matches the number of variables expected by the corresponding shell map.

    The various scenarios of parameter mismatch are listed below:

    • If the number of parameters are more, the extra parameters shall be ignored.

    • If the RADIUS server does not provide all the required parameters, a configuration error occurs.

    • If the RADIUS message carries a shell function name that does not exist on the device, a configuration error occurs.

  • Configure separate IOS shell maps for each VLAN.

  • Use the RADIUS CoA to change the VLAN interface configuration. Here, the CoA contains the IOS shell map name to be used along with the desired parameters.

  • The IOS shell infrastructure synchronizes the active and standby IOS shell maps.

Configuration Examples for ISG Dynamic VLAN Interface Provisioning

Example: Configuring ISG Dynamic VLAN Interface Provisioning

sh running-config
Building configuration...

Current configuration : 5262 bytes
!
! Last configuration change at 19:15:51 IST Mon Jun 30 2014
!
version 15.5
service timestamps debug uptime
service timestamps log datetime msec localtime show-timezone
no platform punt-keepalive disable-kernel-core
!
hostname UUT
!
boot-start-marker
boot system harddisk:asr1000rp2-adventerprisek9.BLD_MCP_DEV_LATEST_20140618_050043_2.bin
boot-end-marker
!
shell map PROFILE20  {
 conf t
 interface GigabitEthernet0/0/4.$sub_if
 encapsulation dot1q $outer_vlan second-dot1q $in_vlan
 ip address $ip 255.255.255.0
 pppoe enable group global
 end
}
shell map PROFILE33  {
 conf t
 interface Port-channel30.$sub_if
 encap dot1q $outer_vlan second-dot1q $cvlan
 ip address $ip 255.255.255.0
 pppoe enable group global
 end
}
shell trigger PROFILE20 PROFILE20
shell trigger PROFILE33 PROFILE33
shell trigger rate rate
aqm-register-fnf
!
aaa new-model
!
!
aaa authentication enable default none
aaa authentication ppp default group radius
aaa authorization exec default group radius
aaa authorization network default group radius
!
!
!
!
aaa server radius dynamic-author
 client 9.0.0.134 server-key coa
!
aaa session-id common
clock timezone IST 5 30
!
!
!
!
!
!
!
!
!


no ip domain lookup

!
!
!
!
!
!
!
!
!
!
vlan-autoconfig authorize list default password cisco
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
hw-module subslot 0/0 ethernet vlan unlimited
spanning-tree extend system-id
!
username lab password 0 lab
username CPE password 0 lab
!
redundancy
 mode sso
!
!
!
!
!
!
ip tftp source-interface GigabitEthernet0/0/0
ip tftp blocksize 8192
!
!
!
!
!
bba-group pppoe global
 virtual-template 1
!
!
interface Loopback1
 ip address 2.2.2.1 255.255.255.0
!
interface Port-channel30
 no ip address
 no negotiation auto
!
interface GigabitEthernet0/0/4
 ip address 5.5.5.1 255.255.0.0
 negotiation auto
 vlan-autoconfig
!
interface Virtual-Template1
 ip unnumbered Loopback1
 peer default ip address pool pool1
 ppp authentication chap
!
ip local pool pool1 2.2.2.2 2.2.2.100
ip default-gateway 9.27.0.1
ip forward-protocol nd
!
no ip http server
no ip http secure-server
ip route 9.0.0.134 255.255.255.255 9.27.0.1
ip route 10.64.67.0 255.255.255.0 9.27.0.1
ip route 10.105.37.142 255.255.255.255 10.64.67.1
ip route 202.153.144.25 255.255.255.255 9.27.0.1
!
ip access-list extended A
 permit ip any any
!
access-list 10 permit any
!
!
!
radius-server host 9.0.0.134 key cisco
no radius-server vsa send accounting
no radius-server vsa send authentication
!
!
control-plane
!
 !
 !
 !
 !
!
!
!
!
alias exec svs show vlan-autoconfig summary
alias exec svv show vlan-autoconfig vlan
alias exec sva show vlan-autoconfig access
alias exec stat show vlan-autoconfig statistics
alias exec punt_pol show platform software punt-policer | i Auto
alias exec punt_infra show platform software infrastructure punt | i Auto
alias exec punt_qfp show platform hardware qfp a infrastructure punt policer
alias exec cvs clear vlan-autoconfig stat
!
line con 0
 exec-timeout 0 0
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 transport input all
!
!
!
end

Example: Configuring RSIM

VLAN Sub-Interface Creation from Radius

simulator radius server 10.0.1.2
Subscriber profiles for creating sub interfaces
user-name prefix Ethernet0/0:12 subscriber 26
user-name prefix Ethernet0/0:11 subscriber 25
user-name prefix Ethernet0/0:10 subscriber 24
Subscriber profile 24 25 26 are defined for creating virtual interface
simulator radius subscriber 24
vsa cisco generic 1 string "vlan-auto-config=1"
vsa cisco generic 1 string "vac-service-info=PROFILE1(vlan=10; ip=1.1.1.1)"
!
simulator radius subscriber 25
vsa cisco generic 1 string "vlan-auto-config=1"
vsa cisco generic 1 string "vac-service-info=PROFILE1(vlan=11;ip=2.2.2.2)"
!
simulator radius subscriber 26
vsa cisco generic 1 string "vlan-auto-config=1"
vsa cisco generic 1 string "vac-service-info=PROFILE1(vlan=12;ip=3.3.3.3)"
!

VLAN Sub-Interface Deletion from Radius

Simulator radius subscriber 101
vsa cisco generic 1 string "vlan-auto-config=1"
vsa cisco generic 1 string "vac-subinterface-id=10"
vsa cisco generic 1 string "subscriber:command=vlan-autoconfig-delete"
attribute 87 string "Ethernet0/0"
!
simulator radius subscriber 102
vsa cisco generic 1 string "vlan-auto-config=1"
vsa cisco generic 1 string "vac-subinterface-id=11"
vsa cisco generic 1 string "subscriber:command=vlan-autoconfig-delete"
attribute 87 string "Ethernet0/0"
!
simulator radius subscriber 103
vsa cisco generic 1 string "vlan-auto-config=1"
vsa cisco generic 1 string "vac-subinterface-id=12"
vsa cisco generic 1 string "subscriber:command=vlan-autoconfig-delete"
attribute 87 string "Ethernet0/0“
Push the following subscriber profile from rsim as given below to delete a Sub interface
simulator radius request 1 coa 101
simulator radius request 1 coa 102
simulator radius request 1 coa 103

Additional References for ISG Dynamic VLAN Interface Provisioning

Related Documents

Related Topic

Document Title

Cisco IOS commands

Master Command List, All Releases

ISG commands

ISG Command Reference

Technical Assistance

Description Link

The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.

To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.

Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.

http:/​/​www.cisco.com/​support

Feature Information for ISG Dynamic VLAN Interface Provisioning

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.
Table 1 Feature Information for ISG Dynamic VLAN Provisioning

Feature Name

Releases

Feature Information

ISG Dynamic VLAN Provisioning

The ISG Dynamic VLAN Interface Provisioning feature enables the automatic creation of VLAN interfaces based on the VLAN packet trigger. The VLAN interface configuration is downloaded from the RADIUS server.

The following command was introduced: vlan-autoconfig.