Home » Cisco Manuals » Bridges & Routers » Cisco ASR1002-5G-SHA/K9 » Manual Viewer

Cisco ASR1002-5G-SHA/K9 Software Guide - Page 215

Enhancing the Scalability of Per-User Configurations

View all Cisco ASR1002-5G-SHA/K9 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 215 highlights

Chapter 6 Broadband Scalability and Performance Using the cisco-avpair="lcp:interface-config" RADIUS Attribute Before configuring the virtual access subscriber interface using the lcp:interface-config command, configure the aaa policy interface-config allow-subinterface command. If the subinterface is not configured, the following error message is displayed when creating a session with one of the RADIUS attributes: *Mar 13 22:04:03.358: %FMANRP_ESS-4-FULLVAI: Session creation failed due to Full Virtual-Access Interfaces not being supported. Check that all applied Virtual-Template and RADIUS features support Virtual-Access sub-interfaces. swidb= 0x7FA35A42F218, ifnum= 30 To enhance the scalability of per-user configurations, in many cases, different Cisco AV-pairs are available to place the subscriber interface in a Virtual Routing and Forwarding (VRF) instance or to apply a policy map to the session. For example, use the ip:vrf-id and ip:ip-unnumbered VSAs to reconfigure a user's VRF. For information about enhancing scalability see, "Enhancing the Scalability of Per-User Configurations" section on page 6-7. Enhancing the Scalability of Per-User Configurations To enhance scalability of per-user configurations without changing the router configuration, use the ip:vrf-id and ip:ip-unnumbered RADIUS attributes. These per-user vendor-specific attributes (VSAs) are used to map sessions to VRFs and IP unnumbered interfaces. The VSAs are applied to virtual access subinterfaces and are processed during PPP authorization. The ip:vrf-id attribute is used to map sessions to VRFs. Any profile that uses the ip:vrf-id VSA must also use the ip:ip-unnumbered VSA to install IP configurations on the VAI that is to be created. The PPP that is used on a VAI to be created requires the ip:ip-unnumbered VSA. An Internet Protocol Control Protocol (IPCP) session is not established if IP is not configured on the interface. You must configure either the ip address command or the ip unnumbered command on the interface so that these configurations are present on the VAI that is to be created. However, specifying the ip address and ip unnumbered commands on a virtual template interface is not required because pre-existing IP configurations, if any, are removed when the ip:ip-vrf VSA is installed on the VAI. Therefore, any profile that uses the ip:vrf-id VSA must also use the ip:ip-unnumbered VSA to install IP configurations on the VAI that is to be created. These per-user VSAs can be applied to VAIs. Therefore, the per-user authorization process does not require the creation of full VAIs, which improves scalability. Setting the VRF and IP Unnumbered Interface Configurations in User Profiles Although the Cisco ASR 1000 Series Router continues to support the lcp:interface-config VSA, the ip:vrf-id and ip:ip-unnumbered VSAs provide another way to set the VRF and IP unnumbered interface configurations in user profiles. The ip:vrf-id and ip:ip-unnumbered VSAs have the following syntax: Cisco:Cisco-AVpair = "ip:vrf-id=vrf-name" Cisco:Cisco-AVpair = "ip:ip-unnumbered=interface-name" You should specify only one ip:vrf-id and one ip:ip-unnumbered value in a user profile. However, if the profile configuration includes multiple values, the Cisco ASR 1000 Series Router applies the value of the last VSA received, and creates a virtual access subinterface. If the profile includes the lcp:interface-config VSA, the router always applies the value of the lcp:interface-config VSA. OL-16506-10 Cisco ASR 1000 Series Aggregation Services Routers Software Configuration Guide 6-7

Section	Page
Cisco ASR 1000 Series Aggregation Services Routers Software Configuration Guide	1
Contents	3
Preface	11
Objectives	11
Document Revision History	12
Organization	13
Related Documentation	14
Cisco ASR 1000 Series Routers Documentation	14
Conventions	15
Obtaining Documentation and Submitting a Service Request	16
Software Packaging and Architecture	17
Software Packaging on the Cisco ASR 1000 Series Routers	17
ASR 1000 Series Routers Software Overview	17
Consolidated Packages	18
Important Information About Consolidated Packages	18
Individual Software SubPackages Within a Consolidated Package	19
Important Notes About Individual SubPackages	19
Optional Software SubPackages Outside of Consolidated Packages	20
Important Notes About Optional SubPackages	20
Provisioning Files	20
Important Notes About Provisioning Files	21
ROMmon Image	21
File to Upgrade Field Programmable Hardware Devices	21
Processes Overview	22
IOS as a Process	23
Dual IOS Processes	24
File Systems on the Cisco ASR 1000 Series Router	24
Autogenerated File Directories and Files	25
Important Notes About Autogenerated Directories	25
Using Cisco IOS XE Software	27
Accessing the CLI Using a Router Console	27
Accessing the CLI Using a Directly-Connected Console	28
Connecting to the Console Port	28
Using the Console Interface	28
Accessing the CLI from a Remote Console Using Telnet	29
Preparing to Connect to the Router Console Using Telnet	29
Using Telnet to Access a Console Interface	29
Accessing the CLI from a Remote Console Using a Modem	30
Using the Auxiliary Port	30
Using Keyboard Shortcuts	31
Using the History Buffer to Recall Commands	31
Understanding the Command Mode	32
Understanding the Diagnostic Mode	33
Getting Help	34
Finding Command Options	34
Using the no and default Forms of Commands	37
Saving Configuration Changes	38
Managing Configuration Files	38
Filtering the Output of the show and more Commands	39
Powering Off a Router	40
Finding Support Information for Platforms and Cisco Software Images	40
Using the Cisco Feature Navigator	40
Using the Software Advisor	41
Using the Software Release Notes	41
Consolidated Packages and SubPackages Management	43
Running the Cisco ASR 1000 Series Routers: An Overview	43
Running the Cisco ASR 1000 Series Routers Using Individual and Optional SubPackages: An Overview	44
Running the Cisco ASR 1000 Series Routers Using a Consolidated Package: An Overview	44
Running the Cisco ASR 1000 Series Routers: A Summary	45
Software File Management Using Command Sets	46
The request platform Command Set	46
The copy Command	47
The issu Command Set	47
Managing and Configuring the Router to Run Using Consolidated Packages and Individual SubPackages	48
Quick Start Software Upgrade	48
Managing and Configuring a Router to Run Using a Consolidated Package	49
Managing and Configuring a Consolidated Package Using the copy Command	49
Managing and Configuring a Consolidated Package Using the request platform software package install Command	50
Managing and Configuring a Router to Run Using Individual SubPackages From a Consolidated Package	52
Extracting a Consolidated Package and Booting Using the Provisioning File	52
Copying a Set of Individual SubPackage Files, and Booting Using a Provisioning File	56
Managing and Configuring a Router to Run Using Optional SubPackages	56
Installing an Optional SubPackage	57
Uninstalling an Optional SubPackage	58
Troubleshooting Software Mismatch with ESP Board ASR1000-ESP10-N	60
Upgrading Individual SubPackages	60
Upgrading a SPA SubPackage	61
Software Upgrade Process	63
ISSU Upgrade for Redundant Platforms	64
Overview of ISSU on the Cisco ASR 1000 Series Routers	64
ISSU Rollback Timer Overview	65
Software Upgrade with Dual IOS Processes on a Single RP Overview	66
Cisco IOS XE Software Package Compatibility for ISSU	66
Prerequisites for ISSU	66
Restrictions for ISSU	67
ISSU Upgrade Procedures	67
Using ISSU to Perform a Consolidated Package Upgrade in a Dual Route Processor Configuration	67
Using ISSU to Upgrade the SubPackages in a Dual Route Processor Configuration	74
In Service One-Shot Software Upgrade Procedure	135
ISSU Procedures (Prior to Cisco IOS XE Release 2.1.2)	135
Using ISSU to Perform a Consolidated Package Upgrade in a Dual Route Processor Configuration (Prior to Cisco IOS XE 2.1.2)	136
Using ISSU to Upgrade SubPackages (Prior to Cisco IOS XE Release 2.1.2)	136
Upgrade Process With Service Impact for Nonredundant Platforms	137
Configuring SSO on a Cisco ASR 1001, Cisco ASR 1002, or Cisco ASR 1004 Router	138
Using SubPackages for Software Upgrade on a Cisco ASR 1001 Router	140
Using SubPackages for Software Upgrade on a Cisco ASR 1002 or Cisco ASR 1004 Router (software upgrade Command Set)	156
Using SubPackages for Software Upgrade on a Cisco ASR 1002 or Cisco ASR 1004 Router (request platform Command Set)	181
High Availability Overview	203
Hardware Redundancy Overview on the Cisco ASR 1000 Series Routers	203
Software Redundancy on the Cisco ASR 1000 Series Routers	205
Software Redundancy Overview	205
Second IOS Process on a Cisco ASR 1002 or 1004 Router	206
Route Processor Redundancy	207
Stateful Switchover	207
SSO-Aware Protocol and Applications	208
IPsec Failover	208
Bidirectional Forwarding Detection	208
Broadband Scalability and Performance	209
PPP Sessions and L2TP Tunnel Scaling	209
Restrictions for PPP Sessions and L2TP Tunnel Scaling	210
IP Sessions Scaling	211
Layer 4 Redirect Scaling	211
Configuring the Cisco ASR 1000 Series Router for High Scalability	211
Configuring Call Admission Control	212
Control Plane Policing	212
VPDN Group Session Limiting	213
PPPoE Session Limiting	213
Monitoring PPP Sessions Using the SNMP Management Tools	213
Configuring the Access Interface Input and Output Hold Queue	213
Configuring the keepalive Command	214
Scaling the L2TP Tunnel Configurations	214
Using the cisco-avpair=\	214
Enhancing the Scalability of Per-User Configurations	215
Setting the VRF and IP Unnumbered Interface Configurations in User Profiles	215
Setting the VRF and IP Unnumbered Interface Configurations in Virtual Interface Templates	216
Redefining User Profiles to Use the ip:vrf-id and ip:ip-unnumbered VSAs	216
Configuring Call Home	217
Information About Call Home	217
Benefits of Using Call Home	218
How to Obtain Smart Call Home Service	218
Prerequisites for Call Home	219
How to Configure Call Home	219
Configuring the Management Interface VRF	220
What To Do Next	221
Configuring a Destination Profile	221
Configuring a Destination Profile to Send Email Messages	221
Configuring a Destination Profile to Send HTTP Messages	226
Working With Destination Profiles	228
Subscribing to Alert Groups	231
Periodic Notification	232
Message Severity Threshold	232
Syslog Pattern Matching	232
Configuring Contact Information	235
Example	236
Configuring the Number of Call Home Messages Sent Per Minute	236
Enabling and Disabling Call Home	237
Sending Call Home Communications Manually	238
Sending a Call Home Test Message Manually	238
Sending Call Home Alert Group Messages Manually	238
Submitting Call Home Analysis and Report Requests	239
Sending the Output of a Command to Cisco or an E-Mail Address	240
How To Configure Call Home to Support the Smart Call Home Service	241
Prerequisites	241
Configure and Enable Call Home	242
Declare and Authenticate a CA Trustpoint	244
Examples	245
Start Smart Call Home Registration	246
What To Do Next	246
Displaying Call Home Configuration Information	247
Examples	248
Default Settings	252
Alert Group Trigger Events and Commands	253
Message Contents	255
Sample Syslog Alert Notification in Long Text Format	259
Sample Syslog Alert Notification in XML Format	263
Additional References	269
Related Documents	269
Standards	269
MIBs	270
RFCs	270
Technical Assistance	270
Feature Information for Call Home	270
Console Port, Telnet, and SSH Handling	273
Console Port Overview for the Cisco ASR 1000 Series Routers	273
Console Port Handling Overview	273
Telnet and SSH Overview for the Cisco ASR 1000 Series Routers	274
Persistent Telnet and Persistent SSH Overview	274
Configuring a Console Port Transport Map	275
Examples	276
Configuring Persistent Telnet	277
Prerequisites	277
Examples	279
Configuring Persistent SSH	280
Examples	282
Viewing Console Port, SSH, and Telnet Handling Configurations	283
Important Notes and Restrictions	288
Using the Management Ethernet Interface	289
Gigabit Ethernet Management Interface Overview	289
Gigabit Ethernet Port Numbering	290
IP Address Handling in ROMmon and the Management Ethernet Port	290
Gigabit Ethernet Management Interface VRF	290
Common Ethernet Management Tasks	291
Viewing the VRF Configuration	291
Viewing Detailed VRF Information for the Management Ethernet VRF	292
Setting a Default Route in the Management Ethernet Interface VRF	292
Setting the Management Ethernet IP Address	292
Telnetting over the Management Ethernet Interface	293
Pinging over the Management Ethernet Interface	293
Copy Using TFTP or FTP	293
NTP Server	293
SYSLOG Server	294
SNMP-Related Services	294
Domain Name Assignment	294
DNS service	294
RADIUS or TACACS+ Server	294
VTY lines with ACL	295
Synchronous Ethernet Support	297
Synchronous Ethernet Overview	297
Synchronization Status Message and Ethernet Synchronization Messaging Channel	298
Synchronization Status Message	299
Ethernet Synchronization Messaging Channel	299
Clock Selection Algorithm	299
Restrictions and Usage Guidelines	300
Configuring Synchronous Ethernet	300
Configuring Clock Recovery from SyncE	301
Configuring Clock Recovery from a BITS Port	303
Configuring a SyncE Using the Line-to-External Method	305
Managing Synchronization on the Cisco ASR 1000 Series Router	307
Verifying the SyncE Configuration	309
Troubleshooting the SyncE Configuration	312
Configuring Bridge Domain Interfaces	315
Restrictions for the Bridge Domain Interface	315
Information About a Bridge Domain Interface	315
Ethernet Virtual Circuit Overview	316
Assigning a MAC Address	316
Support for IP Protocols	316
Support for IP Forwarding	317
Packet Forwarding	317
Layer 2 to Layer 3	317
Layer 3 to Layer 2	317
Link States of a Bridge Domain and a Bridge Domain Interface	318
Bridge Domain Interface Statistics	318
Creating or Deleting a Bridge Domain Interface	318
Bridge Domain Interface Scalability	319
Configuring a Bridge Domain Interface	319
Monitoring and Maintaining Multilink Frame Relay	323
Feature Overview	323
Configuring Multilink Frame Relay	323
Monitoring and Maintaining Frame Relay and Multilink Frame Relay	323
Tracing and Trace Management	325
Tracing Overview	325
How Tracing Works	325
Tracing Levels	326
Viewing a Tracing Level	327
Setting a Tracing Level	328
Viewing the Content of the Trace Buffer	329
Configuring and Accessing the Web User Interface	331
Web User Interface Overview	331
Web User Interface General Overview	331
Legacy Web User Interface Overview	332
Graphics-Based Web User Interface Overview	333
Persistent Web User Interface Transport Maps Overview	334
Configuring the Router for Web User Interface Access	335
Authentication and the Web User Interface	337
Domain Name System and the Web User Interface	337
Clocks and the Web User Interface	337
Accessing the Web User Interface	338
Using Auto Refresh	339
Web User Interface Tips and Tricks	340
Unsupported Commands	341
Configuration Examples	345
Configuring the Router to Boot the Consolidated Package on the TFTP Server	345
Copying the Consolidated Package from the TFTP Server to the Router	349
Configuring the Router to Boot Using the Consolidated Package Stored on the Router	350
Extracting the SubPackages from a Consolidated Package into the Same File System	351
Extracting the SubPackages from a Consolidated Package into a Different File System	353
Configuring the Router to Boot Using the SubPackages	354
Backing Up Configuration Files	358
Copying a Startup Configuration File to Bootflash	358
Copying a Startup Configuration File to an USB Flash Disk	358
Copying a Startup Configuration File to a TFTP Server	359
Enabling a Second IOS Process on a Single RP Using SSO	359
ISSU-Consolidated Package Upgrade	363

Match case Limit results 1 per page

6-7

Cisco ASR 1000 Series Aggregation Services Routers Software Configuration Guide

OL-16506-10

Chapter 6

Broadband Scalability and Performance

Using the cisco-avpair="lcp:interface-config" RADIUS Attribute

Before configuring the virtual access subscriber interface using the

lcp:interface-config

command,

configure the

aaa policy interface-config allow-subinterface

command.

If the subinterface is not configured, the following error message is displayed when creating a session

with one of the RADIUS attributes:

*Mar 13 22:04:03.358: %FMANRP_ESS-4-FULLVAI: Session creation failed due to Full

Virtual-Access Interfaces not being supported. Check that all applied Virtual-Template and

RADIUS features support Virtual-Access sub-interfaces. swidb= 0x7FA35A42F218, ifnum= 30

To enhance the scalability of per-user configurations, in many cases, different Cisco AV-pairs are

available to place the subscriber interface in a Virtual Routing and Forwarding (VRF) instance or to

apply a policy map to the session. For example, use the ip:vrf-id and ip:ip-unnumbered VSAs to

reconfigure a user’s VRF. For information about enhancing scalability see,

“Enhancing the Scalability

of Per-User Configurations” section on page 6-7

Enhancing the Scalability of Per-User Configurations

To enhance scalability of per-user configurations without changing the router configuration, use the

ip:vrf-id and ip:ip-unnumbered RADIUS attributes. These per-user vendor-specific attributes (VSAs)

are used to map sessions to VRFs and IP unnumbered interfaces. The VSAs are applied to virtual access

subinterfaces and are processed during PPP authorization.

The ip:vrf-id attribute is used to map sessions to VRFs. Any profile that uses the ip:vrf-id VSA must also

use the ip:ip-unnumbered VSA to install IP configurations on the VAI that is to be created. The PPP that

is used on a VAI to be created requires the ip:ip-unnumbered VSA. An Internet Protocol Control Protocol

(IPCP) session is not established if IP is not configured on the interface. You must configure either the

ip address command or the ip unnumbered command on the interface so that these configurations are

present on the VAI that is to be created. However, specifying the ip address and ip unnumbered

commands on a virtual template interface is not required because pre-existing IP configurations, if any,

are removed when the ip:ip-vrf VSA is installed on the VAI. Therefore, any profile that uses the ip:vrf-id

VSA must also use the ip:ip-unnumbered VSA to install IP configurations on the VAI that is to be

created.

These per-user VSAs can be applied to VAIs. Therefore, the per-user authorization process does not

require the creation of full VAIs, which improves scalability.

Setting the VRF and IP Unnumbered Interface Configurations in User Profiles

Although the Cisco ASR 1000 Series Router continues to support the lcp:interface-config VSA, the

ip:vrf-id and ip:ip-unnumbered VSAs provide another way to set the VRF and IP unnumbered interface

configurations in user profiles. The ip:vrf-id and ip:ip-unnumbered VSAs have the following syntax:

Cisco:Cisco-AVpair = “ip:vrf-id=vrf-name”

Cisco:Cisco-AVpair = “ip:ip-unnumbered=interface-name”

You should specify only one ip:vrf-id and one ip:ip-unnumbered value in a user profile. However, if the

profile configuration includes multiple values, the Cisco ASR 1000 Series Router applies the value of

the last VSA received, and creates a virtual access subinterface. If the profile includes the

lcp:interface-config VSA, the router always applies the value of the lcp:interface-config VSA.