Table of Contents
Advertisement
How to Configure Policies for Session Maintenance Timers
For IP subnet sessions, the peer (destination) IP address to be used for ICMP "hello" requests will be all
the IP addresses within the subnet. This means "hello" requests will be sent sequentially (not
simultaneously) to all the possible hosts within that subnet. If there is no response from any host in that
subnet, the session will be disconnected.
Another option is to configure ICMP directed broadcast for keepalive requests. If the subscriber hosts
recognize the IP subnet broadcast address, the ISG can send the ICMP "hello" request to the subnet
broadcast address. The subscribers need not be on the same subnet as the ISG for this configuration to
work. A directed broadcast keepalive request can work multiple hops away as long as these conditions
are satisfied:
•
•
When these two conditions are satisfied, you can optimize the ICMP keepalive configuration to
minimize the number of ICMP packets.
Note
Because enabling directed broadcasts increases the risk of denial of service attacks, the use of subnet
directed broadcasts is not turned on by default.
How to Configure Policies for Session Maintenance Timers
Configuring the session maintenance timers requires two separate tasks, one to set the idle timer and one
to set the session timer. Either one or both of these tasks can be performed in order to set session
maintenance control. The following tasks show how to set these timers in a service policy map and in a
RADIUS AAA server profile:
•
•
•
•
•
•
•
•
•
4
The group of subscribers identified by the subnet must have the same subnet mask provisioned
locally as the subnet provisioned on the subnet subscriber session on the ISG. Otherwise, the
subscriber hosts will not recognize the subnet broadcast address.
The router directly connected to the hosts must enable directed-broadcast forwarding, so that the IP
subnet broadcast gets translated into a Layer 2 broadcast.
Configuring the Session Timer in a Service Policy Map, page 5
Configuring the Session Timer on a AAA Server, page 6
Configuring the Connection Timer in a Service Policy Map, page 6
Configuring the Connection Timer on a AAA Server, page 7
Verifying the Session and Connection Timer Settings, page 8
Troubleshooting the Session and Connection Timer Settings, page 8
Configuring a Session Keepalive on the Router, page 10
Configuring a Session Keepalive on a RADIUS Server, page 12
Configuring the ISG to Interact with the RADIUS Server, page 12
Configuring ISG Policies for Session Maintenance
Hide quick links:
Advertisement
Chapters
Table of Contents
Need help?
Do you have a question about the IOS XE Intelligent Services and is the answer not in the manual?