Enables creation,
configuration or deletion of IP address pools in the current context.
Privilege
Security
Administrator, Administrator
Mode
Exec > Global
Configuration > Context Configuration
configure > context
context_name
Entering the above
command sequence results in the following prompt:
[context_name]host_name(config-ctx)#
Syntax
ip pool pool_name { ip_address/subnet_mask | ip_address_mask_combo | range start_ip_address end_ip_address } [ address-hold-timer address_hold_timer ] [ address-quarantine-timer seconds ] [ advertise-if-used ] [ alert-threshold [ group-available | pool-free | pool-hold | pool-release | pool-used ] low_thresh [ clear high_thresh ] ] [ explicit-route-advertise ] [ group-name group_name ] [ include-nw-bcast ] [ napt-users-per-ip-address users_per_ip [ alert-threshold { { pool-free | pool-hold | pool-release | pool-used } low_thresh [ clear high_thresh ] } + ] [ max-chunks-per-user max_chunks_per_user [ nat-binding-timer nat_binding_timer ] [ nat-pkt-drop-threshold high_thresh [ clear low_thresh ] ] [ nexthop-forwarding-address ip_address ] [ on-demand ] [ port-chunk-size port_chunk_size ] [ port-chunk-threshold port_chunk_threshold ] [ send-nat-binding-update ] + ] [ nat priority ] [ nat-one-to-one [ alert-threshold { { pool-free | pool-hold | pool-release | pool-used } low_thresh [ clear high_thresh] } + ] [ nat-binding-timer nat_binding_timer ] [ nat-pkt-drop-threshold high_thresh [ clear low_thresh ] ] [ nexthop-forwarding-address ip_address ] [ on-demand ] [ send-nat-binding-update ] + ] [ nat-realm users-per-nat-ip-address users [ on-demand [ address-hold-timer address_hold_timer ] ] ] [ nexthop-forwarding-address ip_address [ overlap vlanid vlan_id ] [ respond-icmp-echo ip_address ] ] [ nw-reachability server server_name ] [ policy allow-static-allocation ] [ framed-route-vrf-list vrf_list_name] [ pool-route ip_address/ip_mask ] [ private priority ] [ public priority ] [ resource priority ] [ send-icmp-dest-unreachable ] [ skip-nat-subscriber-ip-check ] [ srp-activate ] [ subscriber-gw-address ip_address ] [ static ] [ suppress-switchover-arps ] [ tag { none | pdif-setup-addr } ] [ unicast-gratuitous-arp-address ip_address ] [ vrf vrf_name { [ mpls-label input in_label_value | output out_label_value1 [ out_label_value2 ] } ] [framed-route-vrflist] +
no ip pool pool_name [ address-hold-timer ] [ address-quarantine-timer ] [ advertise-if-used ] [ alert-threshold [ [ group-available ] [ pool-free ] [ pool-hold ] [ pool-release ] [ pool-used ] + ] [ explicit-route-advertise ] [ group-name ] [ include-nw-bcast ] [ nexthop-forwarding-address [ respond-icmp-echo ] ] [ nw-reachability server ] [ policy allow-static-allocation ] [ framed-route-vrf-list ] [ send-icmp-dest-unreachable ] [ skip-nat-subscriber-ip-check ] [ srp-activate ] [ subscriber-gw-address ] [ suppress-switchover-arps ] [ tag { none | pdif-setup-addr } ] [ unicast-gratuitous-arp-address ] + [ send-nat-binding-update ] [ framed-route-vrflist ]
no
Removes the
specified IP address pool from the current context's configuration, or disables
the specified option(s) for the specified IP pool.
no alert-threshold
This command
without any optional keywords disables all alert thresholds.
name
Specifies the
logical name of the IP address pool.
name must be
an alphanumeric string of 1 through 31 characters.
Important |
An error message
displays if the
ip
pool name and
the
group name in
the configuration are the same. An error message displays if the
ip
pool name or
group name
are already used in the context.
|
ip_address
Specifies the
beginning IP address of the IP address pool using IPv4 dotted-decimal.
subnet_mask
Specifies the IP
address mask bits to determine the number of IP addresses in the pool.
ip_mask must
be specified using IPv4 dotted-decimal notation.
1 bits in the
ip_mask
indicate that bit position in the
ip_address
must also have a value of 1.
0 bits in the
ip_mask
indicate that bit position in the
ip_address
does not need to match – the bit can be either a 0 or a 1.
For example, if
the IP address and mask are specified as
172.168.10.0
and
255.255.255.224 , respectively, the pool will
contain IP addresses in the range
172.168.10.0
through
172.168.10.31
for a total of 32 addresses.
ip_address_mask_combo
Specifies a
combined IP address subnet mask bits to indicate what IP addresses the route
applies to.
ip_address_mask_combo must be specified using CIDR
notation where the IP address is specified using IPv4 dotted-decimal notation
and the mask bits are a numeric value which is the number of bits in the subnet
mask.
range
start_ip_address
end_ip_address
Specifies the IP
addresses for the IP pool as a range of addresses.
start_ip_address specifies the beginning of the
range of addresses for the IP pool.
end_ip_address specifies the end of the range of
addresses for the IP pool.
The IP address
range must be specified using IPv4 dotted-decimal notation.
For example, if
start_ip_address is specified as
172.168.10.0
and
end_ip_address is specified as
172.168.10.31
the IP pool will contain addresses in the range
172.168.10.0
through
172.168.10.31
for a total of 32 addresses.
private [
priority
]
Address pool may
only be used by mobile stations which have requested an IP address from a
specified pool. When private pools are part of an IP pool group, they are used
in a priority order according to the precedence setting.
priority must
be an integer from 0 through 10 with 0 being the highest priority. The default
value is 0.
public [
priority
]
Address pool is
used in priority order for assigning IP addresses to mobile stations which have
not requested a specific address pool.
priority must
be an integer from 0 through 10 with 0 being the highest priority. The default
value is 0.
static
Designates local
IP address pool to statically assign pooled addresses.
Important |
The keyword
static
must be used for DHCP served IP addresses.
|
tag { none | pdif-setup-addr }
Default:
none
none : default
tag for all IP address pools
pdif-setup-addr :pool with this tag should only be
used for PDIF calls.
address-hold-timer
seconds
When this is
enabled, and an active subscriber is disconnected, the IP address is held or
considered still in use, and is not returned to the free state until the
address-hold-timer expires. This enables subscribers who reconnect within the
length of time specified (in seconds) to obtain the same IP address from the IP
pool.
seconds is the time in seconds and must be an
integer from 0 through 31556926.
Important |
For releases prior to
20.0, a change made to the IP pool hold timer takes immediate effect on
existing addresses currently on hold. Timeouts are adjusted to align with the
new value.
For releases
after 20.0, the new timeout value will only be applied to addresses which
are put on hold in the future. Timeouts for addresses currently in the hold
state are not modified. They will timeout using the original timeout value.
|
Important |
Currently, the
address-hold-timer only supports IPv4 addresses.
|
address-quarantine-timer
seconds
Specifies
the timer value in seconds for an address quarantine timer as an integer from
20 through 86400. This timer cannot be configured with an address-hold-timer in
the same pool.
The IP pool
address-quarantine-timer is a mechanism to busy out a released IP address for a
specified interval. This prevents an IP address from being reused until the
quarantine timer expires.
Each IP pool can
be configured with a timer value that determines how long a recently released
address will be held in quarantine before being freed. When the timer has
expired, the address is returned to the list of free addresses, to be allocated
again to a new subscriber. Any address that has been released, but for which
the address-quarantine-timer has not expired, is still considered to be in use
for the purposes of allocation. If a subscriber tries to reconnect while the
address-quarantine timer is armed, even though it is the same subscriber ID,
the subscriber does not get the same address.
advertise-if-used
Advertises to the
peer routes only if addresses are being used in pool.
alert-threshold { group-available | pool-free | pool-hold |
pool-release | pool-used }
low_thresh
[ clear
high_thresh
]
Default: All
thresholds are disabled.
Configures IP
address pool-level utilization thresholds. These thresholds take precedence
over context-level IP pool thresholds.
group-available : Set an alert based on the
available percentage of IP addresses for the entire IP pool group.
pool-free : Set an alert based on the percentage of
IP addresses that are unassigned in this IP pool.
pool-hold : Set an alert based on the percentage of
IP addresses from this IP pool that are on hold.
pool-release : Set an alert based on the percentage
of IP addresses from this IP pool that are in the release state.
pool-used : This command sets an alert based on the
percentage of IP addresses that have been assigned from this IP pool.
Important |
Refer to the
threshold
available-ip-pool-group and
threshold
monitoring commands in this chapter for additional information on
IP pool utilization thresholding.
|
low_thresh : The IP pool utilization percentage
that must be met or exceeded within the polling interval to generate an alert
or alarm. It can be configured as an integer between 0 and 100.
clear
high_thresh :
The IP pool utilization percentage that maintains a previously generated alarm
condition. If the utilization percentage rises above the high threshold within
the polling interval, a clear alarm is generated. It may be configured as an
integer between 0 and 100.
Important |
This value is
ignored for the Alert model. In addition, if this value is not configured for
the Alarm model, the system assumes it is identical to the low threshold.
|
group-name
group_name
Assigns one or
more preconfigured IP pools to the IP pool group.
group_name is
case sensitive and must be an alphanumeric string of 1 through 31 characters.
One or more IP pool groups are assigned to a context and one IP pool group
consists one or more IP pool(s).
IP pool group name
is used in place of an IP pool name. When specifying a desired pool group in a
configuration the IP pool with the highest precedence is used first. When that
IP pool's addresses are exhausted the pool with the next highest precedence is
used.
include-nw-bcast
Allows pools to include the classful network and broadcast
addresses that are usually excluded when a pool crosses the classful network
boundaries.
To remove the
include-nw-bcast
option from the ip pool, use the
no ip pool test
include-nw-bcast command.
napt-users-per-ip-address
users_per_ip
[ alert-threshold { { pool-free | pool-hold | pool-release |
pool-used }
low_thresh
[ clear
high_thresh
] } + ] [ max-chunks-per-user
max_chunks_per_user
[ nat-binding-timer
nat_binding_timer
]
[ nat-pkt-drop-threshold
high_thresh
[ clear
low_thresh
] ]
[ nexthop-forwarding-address
ip_address
] [ on-demand ] [ port-chunk-size
port_chunk_size
] [ port-chunk-threshold
port_chunk_threshold
] [ send-nat-binding-update ] +
Important |
In UMTS
deployments this keyword is available in 9.0 and later releases. In CDMA
deployments this keyword is available in 8.3 and later releases.
|
Important |
In UMTS
deployments, on upgrading from Release 8.1 to Release 9.0, and in CDMA
deployments, on upgrading from Release 8.1 to 8.3, all NAT realms configured in
Release 8.1 using the
nat-realm
keyword must be reconfigured using either the
nat-one-to-one (for one-to-one NAT realms) or the
napt-users-per-ip-address (for many-to-one NAT
realms) keywords.
|
Configures many-to-one NAT realms.
-
users_per_ip :
Specifies how many users can share a single NAT IP address.
In 18 and earlier releases,
users_per_ip
must be an integer from 2 through 2016.
In 19 and later releases:
users_per_ip
must be an integer from 2 through 8064.
-
alert-threshold : Specifies the alert threshold for
the pool:
Important |
Thresholds
configured using the
alert-threshold keyword are specific to the pool
that they are configured in. Thresholds configured using the
threshold
ip-pool-* commands in the Context Configuration Mode apply to all
IP pools in that context, and override the threshold configurations set within
individual pools.
|
-
pool-free :
Percentage free alert threshold for this pool
-
pool-hold :
Percentage hold alert threshold for this pool
-
pool-release :
Percentage released alert threshold for this pool
-
pool-used :
Percentage used alert threshold for this pool
-
low_thresh :
The IP pool utilization percentage that must be met or exceeded within the
polling interval to generate an alert or alarm.
low_thresh
must be an integer from 0 through 100.
-
clear
high_thresh :
The IP pool utilization percentage that maintains a previously generated alarm
condition. If the utilization percentage rises above the high threshold within
the polling interval, a clear alarm is generated.
high_thresh
must be an integer from 0 through 100.
Important |
The
high_thresh
value is ignored for the Alert model. In addition, if this value is not
configured for the Alarm model, the system assumes it is identical to the low
threshold.
|
-
max-chunks-per-user
max_chunks_per_user : Specifies the maximum number
of port chunks to be allocated per subscriber in the many-to-one NAT pool.
In 18 and earlier releases:
max_chunks_per_user must be an integer from 1
through 2016.
In 19 and later releases:
max_chunks_per_user must be an integer from 1
through 8064.
Default: 1
-
nat-binding-timer
binding_timer : Specifies NAT Binding Timer for the
NAT pool.
timer must be
an integer from 0 through 31556926. If set to 0, is disabled. Default: 0
-
nat-pkt-drop-threshold
high_thresh
[ clear
low_thresh
] : Specifies
the NAT packet drop threshold in percentage (%).
high_thresh
specifies the high NAT packet drop percentage threshold, and must be an integer
from 0 through 100. Default: 0
clear
low_thresh
specifies the low NAT packet drop percentage threshold, and must be an integer
from 0 through 100. Default: 0
-
nexthop-forwarding-address
address :
Specifies the nexthop forwarding address for this pool.
address must
be an IPv4 or IPv6 address. If configured for a NAT pool, packets that are
NATed using that NAT pool will be routed based on the configured nexthop
address.
Important |
The
nexthop-forwarding-address support for NAT IP
pools is functional only in later releases of Release 9.0 and in 10.0 and later
releases.
|
-
on-demand :
Specifies allocating IP when matching data traffic begins.
-
port-chunk-size
size :
Specifies NAT port chunk size (number of NAT ports per chunk) for many-to-one
NAT pool.
In 18 and earlier releases:
size must be
an integer from 32 through 32256 (in multiples of 32).
In 19 and later releases:
size must be
an integer from 8 through 32256 (in multiples of 8).
Important |
The
port-chunk-size configuration is only available
for many-to-one NAT pools.
|
Important |
The
port-chunk-size must be a minimum of
64 with
systems configured as an A-BG or P-CSCF.
|
Important |
The
port-chunk-threshold configuration is only
available for many-to-one NAT pools.
|
Important |
send-nat-binding-update is supported for both
one-to-one and many-to-one realms.
|
The following IP
pool configuration keywords can also be used in the many-to-one NAT pool
configuration:
-
group-name
group_name : Specifies the pool group name. The
grouping enables to bind discontiguous IP address blocks in individual NAT IP
pools to a single pool group.
This keyword is available
for NAT pool configuration only in Release 10.0 and later.
NAT pool and
NAT pool group names must be unique.
group_name is
an alphanumeric string of 1 through 31 characters that is case sensitive.
-
srp-activate
Activates the
IP pool for Interchassis Session Recovery (ICSR).
nat
priority
Designates the IP address pool as a Network Address Translation
(NAT) address pool.
priority
specifies the priority of the NAT pool. 0 is the highest priority. If
priority is
not specified, the priority is set to 0.
Must be a value from 0 (default) to 10.
Important |
This
functionality is currently supported for use with systems configured as an A-BG
or P-CSCF.
|
nat-one-to-one [ alert-threshold { { pool-free | pool-hold |
pool-release | pool-used }
low_thresh
[ clear
high_thresh
] } + ] [ nat-binding-timer
nat_binding_timer
]
[ nat-pkt-drop-threshold
high_thresh
[ clear
low_thresh
] ]
[
nexthop-forwarding-address
ip_address
] [ on-demand ] [
send-nat-binding-update ] +
Important |
In UMTS
deployments this keyword is available in Release 9.0 and later releases. In
CDMA deployments this keyword is available in Release 8.3 and later releases.
|
Important |
In UMTS
deployments, on upgrading from Release 8.1 to Release 9.0, and in CDMA
deployments, on upgrading from Release 8.1 to Release 8.3, all NAT realms
configured in Release 8.1 using the
nat-realm
keyword must be reconfigured using either the
nat-one-to-one (for one-to-one NAT realms) or the
napt-users-per-ip-address (for many-to-one NAT
realms) keywords.
|
Configures
one-to-one NAT realm.
Important |
Thresholds
configured using the
alert-threshold keyword are specific to the pool
in which they are configured. Thresholds configured using the
thresholdip-pool
* commands in the Context Configuration Mode apply to all IP
pools in the context, and override the threshold configurations set within
individual pools.
|
-
pool-free :
Percentage free alert threshold for this pool
-
pool-hold :
Percentage hold alert threshold for this pool
-
pool-release :
Percentage released alert threshold for this pool
-
pool-used :
Percentage used alert threshold for this pool
-
low_thresh :
The IP pool utilization percentage that must be met or exceeded within the
polling interval to generate an alert or alarm.
low_thresh
must be an integer from 0 through 100.
-
clear
high_thresh :
The IP pool utilization percentage that maintains a previously generated alarm
condition. If the utilization percentage rises above the high threshold within
the polling interval, a clear alarm is generated.
high_thresh
must be an integer from 0 through 100.
Important |
The
high_thresh
value is ignored for the Alert model. In addition, if this value is not
configured for the Alarm model, the system assumes it is identical to the low
threshold.
|
-
nat-binding-timer
nat_binding_timer : Specifies NAT Binding Timer for
the NAT pool.
binding_timer
must be an integer from 0 through 31556926. If set to 0, is disabled.
Important |
For
many-to-one NAT pools, the default NAT Binding Timer value is 60 seconds. For
one-to-one NAT pools, it is 0. By default, the feature is disabled—the IP
addresses/ port-chunks once allocated will never be freed.
|
-
nat-pkt-drop-threshold
high_thresh
[ clear
low_thresh
] : Specifies
the NAT packet drop threshold in percentage (%).
high_thresh
specifies the high NAT packet drop percentage threshold, and must be an integer
from 0 through 100. Default: 0
clear
low_thresh
specifies the low NAT packet drop percentage threshold, and must be an integer
from 0 through 100. Default: 0
-
nexthop-forwarding-address
ip_address :
Specifies the nexthop forwarding address for this pool.
address must
be an IPv4 or IPv6 address. If configured for a NAT pool, packets that are
NATed using that NAT pool will be routed based on the configured nexthop
address.
Important |
The
nexthop-forwarding-address support for NAT IP
pools is functional only in later releases of Release9.0 and in Release 10.0
and later releases.
|
Important |
send-nat-binding-update is supported for both
one-to-one and many-to-one realms.
|
The following IP
pool configuration keywords can also be used in the one-to-one NAT pool
configurations:
-
address-hold-timer
address_hold_timer
-
group-name
group_name : specifies the pool group name. The
grouping enables to bind discontiguous IP address blocks in individual NAT IP
pools to a single pool group. NAT pool and NAT pool group names must be unique.
group_name is
an alphanumeric string of 1 through 31 characters that is case sensitive. This keyword is available for NAT pool configuration only in
StarOS 10.0 and later releases.
-
srp-activate :Activates the IP pool for
Interchassis Session Recovery (ICSR).
nat-realm users-per-nat-ip-address
users
[ on-demand [
address-hold-timer
address_hold_timer
] ]
Important |
In UMTS
deployments, the
nat-realm
keyword is only available in Release 8.1.
|
Important |
In Release 8.1,
the NAT On-demand feature is not supported.
|
Important |
This
functionality is currently supported for use with systems configured as an A-BG
or P-CSCF.
|
Designates the IP
address pool as a Network Address Translation (NAT) realm pool.
users-per-nat-ip-address
users :
specifies the number of users sharing a single NAT IP address as an integer
from 1 through 5000.
on-demand : Specifies to allocate IP when matching
data traffic begins.
address-hold-timer
address_hold_timer : Specifies the address hold
timer (in seconds) for this pool as an integer from 0 through 31556926. If set
to 0, the address hold timer is disabled.
Important |
Currently, the
address-hold-timer only supports IPv4 addresses.
|
nexthop-forwarding-address
ip_address
A subscriber that
is assigned an IP address from this pool is forwarded to the next hop gateway
with the specified IP address.
overlap vlan id
vlan_id
When a nexthop
forwarding address is configured, this keyword can be configured to enable
over-lapping IP address pool support and associates the pool with the specified
virtual LAN (VLAN).
vlan_id is
the identification number of a VLAN assigned to a physical port and can be
configured to any integer from 1 through 4095.
For more
information on configuring VLANs, refer to the
System
Administration Guide.
Important |
This
functionality is currently supported for use with systems configured as an HA,
or as a PDSN for Simple IP, or as a GGSN. This keyword can only be issued for
pools of type private or static and must be associated with a different nexthop
forwarding address and VLAN. A maximum of 256 over-lapping pools can be
configured per context and a maximum of 256 over-lapping pools can be
configured per HA or simple IPPDSN. For GGSNs, the total number of pools is
limited by the number of VLANs defined but the maximum number per context is
256. Additional network considerations and configuration outside of the system
maybe required.
|
nw-reachability server
server_name
Binds the name of
a configured network reachability server to the IP pool and enables network
reachability detection for the IP pool. This takes precedence over any network
reachability server settings in a subscriber configuration.
server_name : Specifies the name of a network
reachable server that has been defined in the current context, expressed as an
alphanumeric string of 1 through 16 characters.
Important |
Also see the
following commands for more information: Refer to the
policy
nw-reachability-fail command in the HA Configuration Mode to
configure the action that should be taken when network reachability fails.
Refer to the
nw-reachability
server command in this chapter to configure network reachability
servers. Refer to the
nw-reachability-server command in the Subscriber
Configuration Mode to bind a network reachability server to a specific
subscriber.
|
respond-icmp-echo
ip_address
Pings the first IP
address from overlapping IP address pools.
Important |
In order for
this functionality to work, all of the pools should contain an initial IP
address that can be pinged.
|
resource
Specifies this IP
pool as a resource pool. The IP addresses in resource pools may have IP
addresses that also exist in other resource pools. IP addresses from a resource
pool should not be used for IP connectivity within the system where the pool is
defined. These IP addresses should be allocated for sessions which are L3
tunneled through the system (IP-in-IP or GRE). It is possible for resource
pools in the same context to have overlapping addresses when the terminating
network elements for the L3 tunnels are in different VPNs. Default: Disabled
Also refer to the
Subscriber
Configuration Mode Commands chapter for a description of the
l3-to-l2-tunnel
address-policy command.
send-icmp-dest-unreachable
When enabled, this
generates an ICMP destination unreachable PDU when the system receives a PDU
destined for an unused address within the pool.
Default: Disabled
skip-nat-subscriber-ip-check
When enabled, this
is configured to skip private IP address check for non-NAT pools. This can be
configured only for non-NAT pools during call-setup if NAT is enabled for the
subscriber. If NAT is disabled, this value is not considered.
Default: Disabled
(subscriber IP check is done).
explicit-route-advertise
When enabled, the
output of
show ip pool
verbose includes the total number of explicit host routes.
Default: Enabled
srp-activate
Activates the IP
pool for Interchassis Session Recovery (ICSR).
subscriber-gw-address ip_address
Configures the
subscriber gateway address for this pool.
Important |
Using this keyword might give a message as "busyout configured".
This indicates that one ip address is reserved as subscriber-gw-address and not
the entire pool.
|
suppress-switchover-arp
Suppress
corresponding gratuitous ARP generation when a line card or MIO card switchover
occurs. Default: Disabled
unicast-gratuitous-arp-address
ip_address
Perform a unicast
gratuitous ARP to the specified IP address rather than broadcast gratuitous ARP
when gratuitous ARP generation is required. Default: Perform broadcast
gratuitous ARP.
vrf
vrf_name { [
mpls-label
input
in_label_value |
output
out_label_value1 [
out_label_value2 ] }
Associates a
preconfigured Virtual Routing and Forwarding (VRF) instance with this IP pool
and configures MPLS label parameters.
Important |
This command
must be used with next-hop parameters.
|
vrf_name is name of a preconfigured virtual
routing and forwarding (VRF) context configured in Context Configuration Mode
through
ip
vrf command.
-
in_label_value is the MPLS label that identifies
the inbound traffic destined for this pool.
-
out_label_value1 and
out_label_value2 identify the MPLS labels to be
added to the outgoing packets sent for subscribers from this pool. Where
out_label_value1 is the inner output label and
out_label_value2 is the outer output label.
MPLS label values
must be an integer from 16 through 1048575.
By default, the
pools configured are bound to the default VRF unless specified with a VRF name.
Important |
You cannot have
overlapping pool addresses using the same VRF. Also you cannot have two pools
using different VRFs but the same in-label irrespective of whether or not the
pools overlap. The pool must be private or static in-order to be associated
with a certain VRF. If the VRF with such a name is not configured, you are
prompted to add the VRF before configuring a pool.
|
policy allow-static-allocation
Configures static
address allocation policy for dynamic IP pool. This keyword enables a dynamic
IP pool to accept a static address for allocation.
Important |
In static
allocation scenario, the pool group name is returned by AAA in the attribute
SN1-IP-Pool-Name, and the IP address to use will be returned
in the
Framed-IP-Address attribute.
|
framed-route-vrf-list vrf_list_name
Configures a
vrf-list in order for NVSE VRF authorization.
pool-route
ip_address/ip_mask
Configures the IP
pool route instead of generating by-default. The address followed by the
pool-route
keyword can be an IPv4 or IPv6 address with the mask value.
+
Indicates that
more than one of the previous keywords can be entered within a single command.
Usage Guidelines
Define one or more
pools of IP addresses for the context to use in assigning IPs to mobile
stations. This command is also useful in resizing existing IP pools to expand
or contract the number of addresses allocated. If you resize an IP pool, the
change is effective immediately.
When using the
ip pool
command to resize an IP pool, the type must be specified since by default the
command assumes the type as public. In other words, the CLI syntax to resize an
IP pool is the same syntax used to create the pool. See examples below.
ip pool pool1 100.1.1.0/24 static
The syntax to
resize that pool would be:
ip pool pool1 100.1.1.0/25 static
A pool which is
deleted will be marked as such. No new IP addresses will be assigned from a
deleted pool. Once all assigned IP addresses from a deleted pool have been
released, the pool, and all associated resources, are freed.
Important |
If an IP address
pool is matched to a ISAKMP crypto map and is resized, removed, or added, the
corresponding security association must be cleared in order for the change to
take effect. Refer to the
clear crypto
command in the Exec mode for information on clearing security associations.
|
Over-lapping IP Pools:
The system supports the configuration of over-lapping IP address pools within a
particular context. Over-lapping pools are configured using either the resource
or overlap keywords.
The
resource
keyword allows over-lapping addresses tunneled to different VPN end points.
The
overlap
keyword allows over-lapping addresses each associated with a specific virtual
LAN (VLAN) configured for an egress port. It uses the VLAN ID and the nexthop
address to determine how to forward subscriber traffic with addresses from the
pool thus resolving any conflicts with overlapping addresses.
Note that if an
overlapping IP Pool is bound to an IPSec Tunnel (refer to the
match ip pool
command in the
Crypto Group
Configuration Mode chapter), that tunnel carries the traffic ignoring
the nexthop configuration. Therefore, the IPSec Tunnel takes precedence over
the nexthop configuration. (Thus, one can configure the overlapping IP Pool
with fake VLAN ID and nexthop and still be able to bind it to an IPSec Tunnel
for successful operation.
The
overlap
keyword allows over-lapping addresses each associated with a specific VLAN can
only be issued for pools of type private or static and must be associated with
a different nexthop forwarding address and VLAN. A maximum of 128 over-lapping
pools can be configured per context and a maximum of 256 over-lapping pools can
be configured per system.
Important |
Overlapping IP
address functionality is currently supported for use with systems configured as
an HA for Mobile IP, or as a PDSN for Simple
IP, or as a GGSN. For deployments in which subscriber traffic
is tunneled from the FA to the HA using IP-in-IP, a separate HA service must be
configured for each over-lapping pool.
|
IP Pool Address Assignment
Method: IP addresses can be dynamically assigned from a single pool or from
a group of pools. The addresses are placed into a queue in each pool. An
address is assigned from the head of the queue and, when released, returned to
the end. This method is known as least recently used (LRU).
When a group of
pools have the same priority, an algorithm is used to determine a probability
for each pool based on the number of available addresses, then a pool is chosen
based on the probability. This method, over time, allocates addresses evenly
from the group of pools.
Important |
Note that
setting different priorities on each individual pool in a group can cause
addresses in some pools to be used more frequently.
|
Important |
In NAT IP pool
configurations, the minimum number of public IP addresses that must be
allocated to each NAT pool must be greater than or equal to the number of
Session Managers (SessMgrs) available on the system.
On the ASR 5000, it is
>= 84 public IP addresses. This can be met by a range of 84 host addresses
from a single Class C. The remaining space from the Class C can be used for
other allocations.
|
Example
The following
commands define a private IP address pool, a public IP address pool, and a
static address pool, respectively.
ip pool samplePool1 1.2.3.0 255.255.255.0 private
ip pool samplePool2 1.3.0.0 255.255.0.0 public
ip pool samplePool3 1.4.5.0 255.255.255.0 static
The following
command defines a private IP pool specified with a range of IP addresses. The
pool has 101 addresses.
ip pool samplePool4 range 10.5.5.0 10.5.5.100 private
The following
command sets the address hold timer on the pool to
60 minutes
(3600
seconds):
ip pool samplePool4 address-hold-timer 3600
The following
command removes the IP address pool from the configuration:
no ip pool samplePool1
The following
command creates a static IP pool:
ip pool pool1 100.1.1.0/24 static
The following
command resizes the static IP pool created in the previous example:
ip pool pool1 100.1.1.0/25 static
Feedback