- Finding Feature Information
- Contents
- Restrictions for Multiservice Activation and Deactivation in a CoA Message
- Information About Multiservice Activation and Deactivation in a CoA Message
- How to Configure Multiservice Activation and Deactivation in a CoA Message
- Configuration Examples for Multiservice Activation and Deactivation in a CoA Message
- Additional References
- Feature Information for Multiservice Activation and Deactivation in a CoA Message
Multiservice Activation and Deactivation in a CoA Message
This feature allows multiple services to be activated or deactivated by a single Change of Authorization (CoA) message sent from the policy server. This feature is similar to the Multiservice Activation in Access-Accept Message feature, but in this case it is assumed that the user session is already active.
Finding Feature Information
For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the "Feature Information for Multiservice Activation and Deactivation in a CoA Message" section.
Use Cisco Feature Navigator to find information about platform support and Cisco IOS XE software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Contents
•
Restrictions for Multiservice Activation and Deactivation in a CoA Message
•Information About Multiservice Activation and Deactivation in a CoA Message
•How to Configure Multiservice Activation and Deactivation in a CoA Message
•Configuration Examples for Multiservice Activation and Deactivation in a CoA Message
•Feature Information for Multiservice Activation and Deactivation in a CoA Message
Restrictions for Multiservice Activation and Deactivation in a CoA Message
•All service names included in the multiservice activation or deactivation message must be Intelligent Services Gateway (ISG) aware. For example, they must be of type class-map type service "service1."
•If one of the services activation or deactivation messages fails, the broadband remote access server (BRAS) rolls back only the previous successfully activated or deactivated services and those that were included in the same multiservice activation or deactivation CoA message.
•However, the current ISG implementation has limitations in the process of reestablishing the state of previously activated or deactivated services. For example, if a feature that can overlap is enabled in the same session, the new, successfully activated or deactivated feature parameters delete the old parameters of the same feature, which was already activated in that session. Attempts to reestablish old parameters of that feature fail.
•If a valid CLI-configured ISG service is forwarded through CoA to a new session and fails (ISG service is unable to find an accounting list):
–BRAS does not wait for the hardware to be provisioned.
–An ACK message is relayed.
–ISG services are not applied.
–Tracebacks are observed.
Information About Multiservice Activation and Deactivation in a CoA Message
To configure multiservice activation or deactivation in a CoA message, you must understand the following concepts:
•Multiservice Activation and Deactivation in a CoA Message Overview
Multiservice Activation and Deactivation in a CoA Message Overview
The CoA multiservice activation or deactivation message contains a list of services. Multiple services are listed in the form of multiple lines in a VSA 252.
For the case of multiservice deactivation within one CoA message, the RADIUS server sends the request to deactivate multiple services within one CoA multiservice deactivation message. For each service listed in the multiservice deactivation message, the BRAS deactivates the service. Successful deactivation of the service is followed by an accounting-stop message.
If a service cannot be successfully deactivated, the BRAS aborts the deactivation of all subsequent services contained in the multiservice activation message. The BRAS activates all the services within the same multiservice activation message that were successfully deactivated before the failed service activated.
An existing VSA 252 is used to form one multiservice activation or deactivation CoA message. To form one multiservice activate or deactivate CoA message, multiple lines of VSA 252 are included in the message. The following example shows mixed multiservice activation or deactivation in one CoA message:
RADIUS Format
ISG#
00:41:15: RADIUS: CoA received from id 76 10.168.1.6:1700, CoA Request, len 67
00:41:15: CoA: 10.168.1.6 request queued
00:41:15: RADIUS: authenticator C4 AC 5D 50 6A BE D7 00 - F9 1D FA 38 15 32 25 3A
00:41:15: RADIUS: Vendor, Cisco [26] 18
00:41:15: RADIUS: ssg-account-info [250] 12 "S151.1.1.2"
00:41:15: RADIUS: Vendor, Cisco [26] 17
00:41:15: RADIUS: ssg-command-code [252] 11
00:41:15: RADIUS: 0B 70 6F 6C 69 63 65 31 [Service-Log-On service1]
00:41:15: RADIUS: Vendor, Cisco [26] 17
00:41:15: RADIUS: ssg-command-code [252] 11
00:41:15: RADIUS: 0B 70 6F 6C 69 63 65 32 [Service-Log-On service2]
00:41:15: RADIUS: Vendor, Cisco [26] 17
00:41:15: RADIUS: ssg-command-code [252] 11
00:41:15: RADIUS: 0C 73 65 72 76 69 63 65 33 [Service-Log-Off service3]
00:41:15: RADIUS: Vendor, Cisco [26] 17
00:41:15: RADIUS: ssg-command-code [252] 11
00:41:15: RADIUS: 0B 70 6F 6C 69 63 65 34 [Service-Log-On service4]
QoS Policy for VSA 252
You can use VSA 252 concatenated quality of service (QoS) syntax in a RADIUS CoA message. The syntax is used to activate or deactivate ISG service and the QoS policy by parsing the VSA 252 concatenated string.
Note ISG manages multiple QoS services in one CoA message and applies the message to activate static and parameterized QoS.
How to Configure Multiservice Activation and Deactivation in a CoA Message
This section contains the following procedures:
•Activating a Session Service Using CoA (optional)
•Deactivating a Session Service Using CoA (optional)
Activating a Session Service Using CoA
Configure Cisco VSA 252 in the service profile on RADIUS to dynamically activate a session service with CoA. RADIUS uses VSA 252 in CoA messages with the following syntax:
vsa cisco generic 252 binary 0b suffix "qos:vc-qos-policy-out=IPOne_out;qos:vc-qos-policy-in=IPOne_in;;"
The CoA command in this example performs the following actions:
•Initiates an ISG service "qos:vc-qos-policy-out=IPOne_out;qos:vc-qos-policy-in=IPOne_in;;".
•Replaces the default QoS output child policy on virtual template IPOne_out and installs the IPOne_out policy if there is no default output child policy on the virtual template.
•Replaces the default QoS input child policy on virtual template IPOne_in and installs the IPOne_in policy if there is no default input child policy configured on the virtual template.
Deactivating a Session Service Using CoA
To dynamically activate a session service using CoA and default QoS policy on a virtual template, configure Cisco VSA 252 in the RADIUS service profile. RADIUS uses VSA 252 in CoA messages with the following syntax:
vsa cisco generic 252 binary 0c suffix "qos:vc-qos-policy-out=IPOne_out;qos:vc-qos-policy-in=IPOne_in;;"
The CoA command in this example performs the following actions:
•Terminates an ISG service "qos:vc-qos-policy-out=IPOne_out;qos:vc-qos-policy-in=IPOne_in".
•Replaces the QoS output child policy IPOne_out with the default child policy configured on the appropriate virtual template interface.
•Replaces the QoS input child policy IPOne_in with the default child policy configured on the appropriate virtual template interface.
Configuration Examples for Multiservice Activation and Deactivation in a CoA Message
This section provides the following configuration example:
•Activating and Deactivating QoS Services Using VSA 252: Example
Activating and Deactivating QoS Services Using VSA 252: Example
To activate QoS services, RADIUS adds one or more multiple QoS classes to the parent and child policy in one VSA 252 string and relays the following syntax:
CoA VSA 252 0b <new service>
In addition to the existing services, the new service should be installed and should not have overlapping classes with the current services.
The following example defines QoS activation and adds the QoS classes in the parameterized QoS service RADIUS form:
VSA252 0b q-p-out=IPOne1-isg-acct_service(1)((c-d,voip)1(200000,9216,0,1,0,0)10(9));q-p-in= ((c-d,voip)1(200000,9216,0,1,0,0)10(9))
To deactivate the second service, RADIUS relays the same VSA 252 string that was used for service activation, replacing "0b" with "0c".
The following example defines QoS deactivation and deletes the QoS classes in the parameterized QoS service RADIUS form:
VSA252 0c q-p-out=IPOne1-isg-acct_service(1)((c-d,voip)1(200000,9216,0,1,0,0)10(9));q-p-in= ((c-d,voip)1(200000,9216,0,1,0,0)10(9))
Additional References
The following sections provide references related to the Multiservice Activation and Deactivation in a CoA Message feature.
Related Documents
|
|
|
|---|---|
IEEE 802.1Q VLAN |
Configuring Routing Between VLANs with IEEE 802.1Q Encapsulation |
Queue-in-Queue VLAN Tags |
|
ANCP Commands |
RFCs
|
|
|
|---|---|
ANCP extension draft |
GSMP Extensions for Access Node Control Mechanism, Internet draft |
RFC 3292 |
General Switch Management Protocol (GSMP) V3 |
RFC 3293 |
General Switch Management Protocol (GSMP), Packet Encapsulations for Asynchronous Transfer Mode (ATM), Ethernet and Transmission Control Protocol (TCP) |
Technical Assistance
Feature Information for Multiservice Activation and Deactivation in a CoA Message
Table 1 lists the release history for this feature.
Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which Cisco IOS XE software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Note Table 1 lists only the Cisco IOS XE software release that introduced support for a given feature in a given Cisco IOS XE software release train. Unless noted otherwise, subsequent releases of that Cisco IOS XE software release train also support that feature.
Feedback