Configuring ISG Control Policies
Configuration Examples for ISG Control Policies
19
Time remaining is 00:02:40
Configuration sources associated with this session:
Interface: Virtual-Template1, Active Time = 00:09:19
Control Policy for Restricting Access on the Basis of Interface and
Access Media: Example
This example shows how to configure a control policy to allow access only to users who enter the router
from a particular interface and access type. In this case, only PPPoE users will be allowed; everyone else
is barred.
The first condition class map “MATCHING-USERS” evaluates true only if all of the lines within it also
evaluate true; however, within “MATCHING-USERS” is a nested class map (second condition),
“NOT-ATM”. This nested class map represents a subcondition that must also evaluate to true. Note that
the class map “NOT-ATM” specifies “match-none”. This means that “NOT-ATM” evaluates to true only
if every condition line within it evaluates to false.
The third condition specifies matching on the NAS port associated with this subscriber. Specifically,
only subscribers that arrive on a Gigabit Ethernet interface and on slot 3 will evaluate to true.
! Configure the control class maps.
class-map type control match-all MATCHING-USERS
class type control NOT-ATM
match media ether
match nas-port type ether slot 3
!
class-map type control match-none NOT-ATM
match media atm
!
If the conditions in the class map “MATCHING-USERS” evaluate to true, the first action to be executed
is to authenticate the user. If authentication is successful, the service named “service1” will be
downloaded and applied. Finally, a Layer 3 service is provided.
If “MATCHING-USERS” is not evaluated as true, the “always” class will apply, which results in barring
anyone who does not match “MATCHING-USERS”.
! Configure the control policy map.
policy-map type control my-pppoe-rule
class type control MATCHING-USERS event session-start
1 authenticate aaa list XYZ
2 service-policy type service service1
3 service local
!
class type control always
1 service disconnect
!
! Apply the control policy to an interface.
interface gigabitethernet3/0/0
service-policy type control my-pppoe-rule
Finally, the policy is associated with an interface.
Содержание IOS XE
Страница 14: ...About Cisco IOS XE Software Documentation Additional Resources and Documentation Feedback xii ...
Страница 28: ...Using the Command Line Interface in Cisco IOS XE Software Additional Information xiv ...
Страница 36: ...Intelligent Services Gateway Features Roadmap 8 ...
Страница 46: ...Overview of ISG Feature Information for the Overview of ISG 10 ...
Страница 70: ...Configuring ISG Control Policies Feature Information for ISG Control Policies 24 ...
Страница 128: ...Configuring ISG Access for IP Subscriber Sessions Feature Information for ISG Access for IP Subscriber Sessions 44 ...
Страница 136: ...Configuring MQC Support for IP Sessions Feature Information for MQC Support for IP Sessions 8 ...
Страница 194: ...Configuring ISG Policies for Automatic Subscriber Logon Feature Information for ISG Automatic Subscriber Logon 12 ...
Страница 224: ...Configuring ISG Subscriber Services Feature Information for ISG Subscriber Services 20 ...
Страница 336: ...Configuring ISG Integration with SCE Feature Information for Configuring ISG Integration with SCE 16 ...
Страница 344: ...Service Gateway Interface Feature Information for Service Gateway Interface 8 ...