Configuring ISG Policies for Automatic Subscriber Logon
How to Configure ISG Policies for Automatic Subscriber Logon
6
What to Do Next
You must apply the control policy to a context by using the service-policy type control command. For
information about applying control policies, see the module “
Configuring ISG Control Policies
”.
You may want to configure policies to determine what should happen for autologon subscribers whose
IP address or MAC address authorization fails; for example, you may want to redirect the subscriber to
the policy server for authentication.
Enabling the Remote-ID to Be Sent as the Calling-Station-ID
Perform this task to enable the ISG device to send the remote ID in the Calling-Station-ID (attribute 31)
field of accounting records and access requests.
SUMMARY STEPS
1.
enable
2.
configure terminal
3.
radius-server attribute 31 remote-id
Step 3
policy-map type control policy-map-name
Example:
Router(config)# policy-map type control TAL
Creates or modifies a control policy map, which is used to
define a control policy.
Step 4
class type control {class-map-name | always}
event session-start
Example:
Router(config-control-policymap)# class type
control TAL-subscribers event session-start
Specifies a control class, which defines the conditions that
must be met in order for an associated set of actions to be
executed.
•
Specify the control class-map that was configured in
the task “
Identifying Traffic for Automatic Logon in a
Control Policy Class Map
”.
Step 5
action-number authorize [aaa list {list-name |
default}] [password password] identifier
{auto-detect | circuit-id [plus remote-id]|
mac-address | source-ip-address | remote-id
[plus circuit-id]}
Example:
Router(config-control-policymap-class-control)#
1 authorize aaa list TAL_LIST password cisco
identifier source-ip-address
Inserts the specified identifier into the username field of
authorization requests.
•
For sessions triggered by an unrecognized IP address,
the MAC address should be used only when the
subscriber is one hop away.
•
The auto-detect keyword allows authorization to be
performed on Cisco Catalyst switches with
remote-ID:circuit-ID and on DSL Forum switches with
circuit-ID only.
Command or Action
Purpose
Содержание IOS XE
Страница 14: ...About Cisco IOS XE Software Documentation Additional Resources and Documentation Feedback xii ...
Страница 28: ...Using the Command Line Interface in Cisco IOS XE Software Additional Information xiv ...
Страница 36: ...Intelligent Services Gateway Features Roadmap 8 ...
Страница 46: ...Overview of ISG Feature Information for the Overview of ISG 10 ...
Страница 70: ...Configuring ISG Control Policies Feature Information for ISG Control Policies 24 ...
Страница 128: ...Configuring ISG Access for IP Subscriber Sessions Feature Information for ISG Access for IP Subscriber Sessions 44 ...
Страница 136: ...Configuring MQC Support for IP Sessions Feature Information for MQC Support for IP Sessions 8 ...
Страница 194: ...Configuring ISG Policies for Automatic Subscriber Logon Feature Information for ISG Automatic Subscriber Logon 12 ...
Страница 224: ...Configuring ISG Subscriber Services Feature Information for ISG Subscriber Services 20 ...
Страница 336: ...Configuring ISG Integration with SCE Feature Information for Configuring ISG Integration with SCE 16 ...
Страница 344: ...Service Gateway Interface Feature Information for Service Gateway Interface 8 ...