Setting Up Radius For Dynamic Qos Policies At The Session Level; Setting Up The Aaa Server - Cisco 10000 Series Configuration Manual
Quality of service configuration guide
Hide thumbs
Also See for 10000 Series:
- Configuration manual (370 pages) ,
- Troubleshooting manual (70 pages) ,
- Installation manual (14 pages)
Table of Contents
Advertisement
Chapter 17
Configuring Dynamic Subscriber Services
Setting Up RADIUS for Dynamic QoS Policies at the Session Level
To set up RADIUS for dynamic QoS policies at the session level, enter the following Cisco AV pairs in
the user profile on the RADIUS server:
atm:vc-qos-policy-in=<in policy name>
atm:vc-qos-policy-out=<out policy name>
Example 17-15
the policy map named dyn_out is configured for outbound traffic and the policy map named test_vc is
configured for inbound traffic.
Example 17-15 Setting Up RADIUS for Dynamic QoS Policies at the Session Level
Service-Type = Framed,
Framed-Protocol = PPP,
cisco-avpair = "atm:vc-qos-policy-out=dyn_out",
cisco-avpair = "atm:vc-qos-policy-in=test_vc"
When the router requests the policy name, the information in the user file is "pulled." A RADIUS users
file contains an entry for each user that the RADIUS server authenticates. Each entry, which is also
referred to as a user profile, establishes an attribute the user can access.
When looking at a user file, the data to the left of the equal (=) character is an attribute defined in the
dictionary file, and the data to the right of the equal character is the configuration data.
Setting Up the AAA Server
To set up the local AAA server for dynamic authorization service, which must be enabled to support
change of authorization (CoA) functionality that can push the policy map in an input and output
direction, configure the aaa server radius dynamic-author command with the client and server-key
subcommands.
aaa server radius dynamic-author
Configure the server-key by using the client server-key string subcommand to configure at the "client"
level, or use the server-key string subcommand to configure at the "global" level. Configuring at the
client level overrides the global level.
For security purposes, we recommend configuring each client and using different server-keys for each
client.
The port, auth-type, ignore session-key, and ignore server-key commands are optional.
The following example sets up the local AAA server:
aaa server radius dynamic-author
client 192.168.0.5 vrf coa server-key cisco1
client 192.168.1.5 vrf coa server-key cisco2
OL-7433-09
shows how to configure the Cisco AV pairs in the RADIUS user profile. In the example,
client {ip_addr | name} [vrf {vrfname}]
[server-key {string}]
server-key [0 | 7] {string}
port {port-num}
auth-type {any | all | session-key}
ignore session-key
ignore server-key
Applying QoS Parameters Dynamically to Sessions
Cisco 10000 Series Router Quality of Service Configuration Guide
17-29
Advertisement
Chapters
Table of Contents
