Home » Cisco Manuals » Bridges & Routers » Cisco ASR1006 » Manual Viewer

Cisco ASR1006 Configuration Guide - Page 242

Enhancing the Scalability of Per-User Configurations

UPC - 882658196423

Add to My Manuals
Save this manual to your list of manuals

Page 242 highlights

Using the cisco-avpair="lcp:interface-config" RADIUS Attribute Broadband Scalability and Performance To enhance the scalability of per-user configurations, in many cases, different Cisco AV-pairs are available to place the subscriber interface in a Virtual Routing and Forwarding (VRF) instance or to apply a policy map to the session. For example, use the ip:vrf-id and ip:ip-unnumbered VSAs to reconfigure a user's VRF. For information about enhancing scalability see, "Enhancing the Scalability of Per-User Configurations" section on page 8. Enhancing the Scalability of Per-User Configurations To enhance scalability of per-user configurations without changing the router configuration, use the ip:vrf-id and ip:ip-unnumbered RADIUS attributes. These per-user vendor-specific attributes (VSAs) are used to map sessions to VRFs and IP unnumbered interfaces. The VSAs are applied to virtual access subinterfaces and are processed during PPP authorization. The ip:vrf-id attribute is used to map sessions to VRFs. Any profile that uses the ip:vrf-id VSA must also use the ip:ip-unnumbered VSA to install IP configurations on the VAI that is to be created. The PPP that is used on a VAI to be created requires the ip:ip-unnumbered VSA. An Internet Protocol Control Protocol (IPCP) session is not established if IP is not configured on the interface. You must configure either the ip address command or the ip unnumbered command on the interface so that these configurations are present on the VAI that is to be created. However, specifying the ip address and ip unnumbered commands on a virtual template interface is not required because pre-existing IP configurations, if any, are removed when the ip:ip-vrf VSA is installed on the VAI. Therefore, any profile that uses the ip:vrf-id VSA must also use the ip:ip-unnumbered VSA to install IP configurations on the VAI that is to be created. These per-user VSAs can be applied to VAIs. Therefore, the per-user authorization process does not require the creation of full VAIs, which improves scalability. Setting the VRF and IP Unnumbered Interface Configurations in User Profiles Although the Cisco ASR 1000 Series Router continues to support the lcp:interface-config VSA, the ip:vrf-id and ip:ip-unnumbered VSAs provide another way to set the VRF and IP unnumbered interface configurations in user profiles. The ip:vrf-id and ip:ip-unnumbered VSAs have the following syntax: Cisco:Cisco-AVpair = "ip:vrf-id=vrf-name" Cisco:Cisco-AVpair = "ip:ip-unnumbered=interface-name" You should specify only one ip:vrf-id and one ip:ip-unnumbered value in a user profile. However, if the profile configuration includes multiple values, the Cisco ASR 1000 Series Router applies the value of the last VSA received, and creates a virtual access subinterface. If the profile includes the lcp:interface-config VSA, the router always applies the value of the lcp:interface-config VSA. Setting the VRF and IP Unnumbered Interface Configurations in Virtual Interface Templates You can specify one VSA value in a user profile on RADIUS and another value locally in the virtual template interface. The Cisco ASR 1000 Series Router clones the template and then applies the values configured in the profiles it receives from RADIUS, resulting in the removal of any IP configurations when the router applies the profile values. Cisco ASR 1000 Series Aggregation Services Routers Software Configuration Guide 8

Section	Page
Cisco ASR 1000 Series Aggregation Services Routers Software Configuration Guide	1
Contents	3
Preface	15
Objectives	15
Document Revision History	16
Organization	18
Related Documentation	19
Cisco ASR 1000 Series Routers Documentation	19
Conventions	19
Obtaining Documentation and Submitting a Service Request	20
Software Packaging and Architecture	21
Software Packaging on the Cisco ASR 1000 Series Routers	21
ASR 1000 Series Routers Software Overview	21
Consolidated Packages	22
Important Information About Consolidated Packages	22
Individual Software SubPackages Within a Consolidated Package	23
Important Notes About Individual SubPackages	23
Optional Software SubPackages Outside of Consolidated Packages	24
Important Notes About Optional SubPackages	24
Provisioning Files	24
Important Notes About Provisioning Files	25
ROMmon Image	25
File to Upgrade Field Programmable Hardware Devices	25
Processes Overview	26
IOS as a Process	27
Dual IOS Processes	28
File Systems on the Cisco ASR 1000 Series Router	28
Autogenerated File Directories and Files	29
Important Notes About Autogenerated Directories	29
Using Cisco IOS XE Software	31
Accessing the CLI Using a Router Console	31
Accessing the CLI Using a Directly-Connected Console	32
Connecting to the Console Port	32
Using the Console Interface	32
Accessing the CLI from a Remote Console Using Telnet	33
Preparing to Connect to the Router Console Using Telnet	33
Using Telnet to Access a Console Interface	33
Accessing the CLI from a Remote Console Using a Modem	34
Using the Auxiliary Port	34
Using Keyboard Shortcuts	35
Using the History Buffer to Recall Commands	35
Understanding the Command Mode	36
Understanding the Diagnostic Mode	37
Getting Help	38
Finding Command Options	38
Using the no and default Forms of Commands	41
Saving Configuration Changes	42
Managing Configuration Files	42
Filtering the Output of the show and more Commands	43
Powering Off a Router	44
Finding Support Information for Platforms and Cisco Software Images	44
Using the Cisco Feature Navigator	44
Using the Software Advisor	45
Using the Software Release Notes	45
Console Port, Telnet, and SSH Handling	47
Console Port Overview for the Cisco ASR 1000 Series Routers	47
Console Port Handling Overview	47
Telnet and SSH Overview for the Cisco ASR 1000 Series Routers	48
Persistent Telnet and Persistent SSH Overview	48
Configuring a Console Port Transport Map	49
Examples	50
Configuring Persistent Telnet	51
Prerequisites	51
Examples	53
Configuring Persistent SSH	54
Examples	56
Viewing Console Port, SSH, and Telnet Handling Configurations	57
Important Notes and Restrictions	62
Consolidated Packages and SubPackages Management	63
Running the Cisco ASR 1000 Series Routers: An Overview	63
Running the Cisco ASR 1000 Series Routers Using Individual and Optional SubPackages: An Overview	64
Running the Cisco ASR 1000 Series Routers Using a Consolidated Package: An Overview	64
Running the Cisco ASR 1000 Series Routers: A Summary	65
Software File Management Using Command Sets	66
The request platform Command Set	66
The copy Command	67
The issu Command Set	67
Managing and Configuring the Router to Run Using Consolidated Packages and Individual SubPackages	68
Quick Start Software Upgrade	68
Managing and Configuring a Router to Run Using a Consolidated Package	69
Managing and Configuring a Consolidated Package Using the copy Command	69
Managing and Configuring a Consolidated Package Using the request platform software package install Command	70
Managing and Configuring a Router to Run Using Individual SubPackages From a Consolidated Package	72
Extracting a Consolidated Package and Booting Using the Provisioning File	72
Copying a Set of Individual SubPackage Files, and Booting Using a Provisioning File	76
Managing and Configuring a Router to Run Using Optional SubPackages	76
Installing an Optional SubPackage	77
Uninstalling an Optional SubPackage	78
Troubleshooting Software Mismatch with ESP Board ASR1000-ESP10-N	80
Upgrading Individual SubPackages	80
Upgrading a SPA SubPackage	81
Software Upgrade Process	83
Contents	84
Prerequisites for Software Upgrade Process	84
ISSU Upgrade for Redundant Platforms	84
Overview of ISSU on the Cisco ASR 1000 Series Routers	84
ISSU Rollback Timer Overview	86
Software Upgrade with Dual IOS Processes on a Single RP Overview	86
Cisco IOS XE Software Package Compatibility for ISSU	86
Restrictions for ISSU	87
ISSU Upgrade Procedures	87
Using ISSU to Perform a Consolidated Package Upgrade in a Dual Route Processor Configuration	88
Using ISSU to Upgrade the SubPackages in a Dual Route Processor Configuration	94
In Service One-Shot Software Upgrade Procedure	156
ISSU Procedures (Prior to Cisco IOS XE Release 2.1.2)	156
Using ISSU to Perform a Consolidated Package Upgrade in a Dual Route Processor Configuration (Prior to Cisco IOS XE 2.1.2)	157
Using ISSU to Upgrade SubPackages (Prior to Cisco IOS XE Release 2.1.2)	157
Upgrade Process With Service Impact for Nonredundant Platforms	158
Configuring SSO on a Cisco ASR 1001, Cisco ASR 1002, or Cisco ASR 1004 Router	159
Using SubPackages for Software Upgrade on a Cisco ASR 1001 Router	161
Using SubPackages for Software Upgrade on a Cisco ASR 1002 or Cisco ASR 1004 Router (software upgrade Command Set)	176
Using SubPackages for Software Upgrade on a Cisco ASR 1002 or Cisco ASR 1004 Router (request platform Command Set)	201
Additional References	223
Related Documents	224
Standards	224
MIBs	224
RFCs	224
Technical Assistance	224
Feature Information for Software Upgrade Process	225
High Availability Overview	227
Finding Feature Information in This Module	227
Contents	227
Hardware Redundancy Overview on the Cisco ASR 1000 Series Routers	228
Software Redundancy on the Cisco ASR 1000 Series Routers	229
Software Redundancy Overview	230
Second IOS Process on a Cisco ASR 1002 or 1004 Router	230
Route Processor Redundancy	231
Stateful Switchover	231
SSO-Aware Protocol and Applications	232
IPsec Failover	232
Bidirectional Forwarding Detection	232
Additional References	233
Related Documents	233
Standards	233
MIBs	233
RFCs	233
Technical Assistance	233
Feature Information for High Availability Overview	234
Broadband Scalability and Performance	235
Finding Feature Information in This Module	235
Contents	235
PPP Sessions and L2TP Tunnel Scaling	236
Restrictions for PPP Sessions and L2TP Tunnel Scaling	236
IP Sessions Scaling	237
Layer 4 Redirect Scaling	238
Configuring the Cisco ASR 1000 Series Router for High Scalability	238
Configuring Call Admission Control	239
Control Plane Policing	239
VPDN Group Session Limiting	240
PPPoE Session Limiting	240
Monitoring PPP Sessions Using the SNMP Management Tools	240
Configuring the Access Interface Input and Output Hold Queue	240
Configuring the keepalive Command	240
Scaling the L2TP Tunnel Configurations	241
Using the cisco-avpair=\	241
Enhancing the Scalability of Per-User Configurations	242
Setting the VRF and IP Unnumbered Interface Configurations in User Profiles	242
Setting the VRF and IP Unnumbered Interface Configurations in Virtual Interface Templates	242
Redefining User Profiles to Use the ip:vrf-id and ip:ip-unnumbered VSAs	243
Walk-by User Support for PWLAN in ISG	243
Restrictions for Walk-by Session Support for PWLAN in ISG	243
ISG Scaling to Support Lite Sessions	244
Additional References	245
Related Documents	245
Standards	245
MIBs	245
RFCs	245
Technical Assistance	245
Feature Information for Broadband Scalability and Performance	246
Configuring Cisco License Call Home	247
Finding Feature Information in This Module	247
Contents	247
Prerequisites for Cisco License Call Home	248
Restrictions for Cisco License Call Home	248
Informatio n About Cisco License Call Homes	248
Cisco License Call Home Interface	248
How to Configure Cisco License Call Home	249
Installing Licenses or Upgrading Software by Using Cisco License Call Home	249
Rehosting a License by Using Cisco License Call Home	250
Requesting a License Resend by Using Cisco License Call Home	251
Configuration Examples for Cisco License Call Home	252
Example: Installing Licenses or Upgrading Software by Using Cisco License Call Home	252
Example: Rehosting a License by Using Cisco License Call Home	253
Example: Requesting a License Resend by Using Cisco License Call Home	254
Additional References	255
Related Documents	255
Standards	255
MIBs	255
RFCs	255
Technical Assistance	255
Feature Information for Cisco License Call Home	256
Configuring Call Home	257
Contents	257
Information About Call Home	258
Benefits of Using Call Home	258
How to Obtain Smart Call Home Service	259
Prerequisites for Call Home	259
How to Configure Call Home	260
Configuring the Management Interface VRF	260
What To Do Next	261
Configuring a Destination Profile	261
Configuring a Destination Profile to Send Email Messages	262
Configuring a Destination Profile to Send HTTP Messages	266
Working With Destination Profiles	270
Subscribing to Alert Groups	273
Periodic Notification	274
Message Severity Threshold	274
Syslog Pattern Matching	275
Configuring Contact Information	277
Example	278
Configuring the Number of Call Home Messages Sent Per Minute	279
Enabling and Disabling Call Home	279
Sending Call Home Communications Manually	280
Sending a Call Home Test Message Manually	280
Sending Call Home Alert Group Messages Manually	280
Submitting Call Home Analysis and Report Requests	281
Sending the Output of a Command to Cisco or an E-Mail Address	283
How To Configure Call Home to Support the Smart Call Home Service	283
Prerequisites	284
Configure and Enable Call Home	284
Declare and Authenticate a CA Trustpoint	287
Examples	289
Start Smart Call Home Registration	289
What To Do Next	290
Displaying Call Home Configuration Information	290
Examples	291
Default Settings	295
Alert Group Trigger Events and Commands	296
Message Contents	298
Sample Syslog Alert Notification in Long Text Format	302
Sample Syslog Alert Notification in XML Format	306
Additional References	313
Related Documents	314
Standards	314
MIBs	314
RFCs	314
Technical Assistance	315
Feature Information for Call Home	315
Configuring Cisco Right-To-Use License	317
Finding Feature Information	317
Contents	317
Prerequisites for Cisco Right-To-Use License	317
Restrictions for Cisco Right-To-Use License	318
Information About Cisco Right-To-Use License	318
Overview	318
Right-To-Use Supported Software Licenses	318
Evaluation and Right-To-Use Licenses	319
How to Activate an Evaluation License	320
Configuration Examples for Right-To-Use Supported Software Licenses	321
Configuring Throughput	322
Example: Accepting Global EULA	322
Example: Accepting EULA for Software Redundancy License	322
Example: Accepting EULA for Inter-Chassis Redundancy License	323
Example: Accepting EULA for Lawful Intercept License	324
Example: Sample output for Show Commands	325
Sample Output for the show license EULA Command	325
Sample Output for the show license all Command	326
Additional References	327
Related Documents	327
MIBs	327
Technical Assistance	328
Feature Information for Cisco Right-To-Use License	329
Using the Management Ethernet Interface	331
Finding Feature Information in This Module	331
Contents	331
Gigabit Ethernet Management Interface Overview	332
Gigabit Ethernet Port Numbering	332
IP Address Handling in ROMmon and the Management Ethernet Port	332
Gigabit Ethernet Management Interface VRF	333
Common Ethernet Management Tasks	333
Viewing the VRF Configuration	334
Viewing Detailed VRF Information for the Management Ethernet VRF	334
Setting a Default Route in the Management Ethernet Interface VRF	334
Setting the Management Ethernet IP Address	335
Telnetting over the Management Ethernet Interface	335
Pinging over the Management Ethernet Interface	335
Copy Using TFTP or FTP	335
NTP Server	336
SYSLOG Server	336
SNMP-Related Services	336
Domain Name Assignment	336
DNS service	336
RADIUS or TACACS+ Server	336
VTY lines with ACL	337
Additional References	338
Standards	338
MIBs	338
RFCs	338
Technical Assistance	338
Feature Information for Using the Management Ethernet Interface	338
Network Synchronization Support	341
Finding Feature Information in This Module	341
Contents	341
Network Synchronization Overview	342
Synchronization Status Message and Ethernet Synchronization Messaging Channel	345
Synchronization Status Message	345
Ethernet Synchronization Messaging Channel	345
Clock Selection Algorithm	345
Restrictions and Usage Guidelines	346
Configuring Network Synchronization	347
Configuring Clock Recovery from SyncE	347
Configuring Clock Recovery from a BITS Port	348
Configuring Clock Recovery from BITS Port as an Input-Source	348
Configuring Clock Recovery from BITS Port as an Output-Source	349
Configuring SyncE by Using the Line to External Feature	350
Managing Synchronization on the Cisco ASR 1000 Series Router	351
Verifying the Network Synchronization Configuration	352
Troubleshooting the Network Synchronization Configuration	356
Additional References	358
Related Documents	358
Standards	358
MIBs	358
RFCs	358
Technical Assistance	358
Feature Information for Network Synchronization Support	359
Configuring Bridge Domain Interfaces	361
Finding Feature Information	361
Contents	361
Restrictions for Bridge Domain Interfaces	361
Information About Bridge Domain Interfaces	362
Ethernet Virtual Circuit Overview	362
Bridge Domain Interface Encapsulation	363
Assigning a MAC Address	363
Support for IP Protocols	363
Support for IP Forwarding	364
Packet Forwarding	364
Layer 2 to Layer 3	364
Layer 3 to Layer 2	364
Link States of a Bridge Domain and a Bridge Domain Interface	365
BDI Initial State	365
BDI Link State	365
Bridge Domain Interface Statistics	365
Creating or Deleting a Bridge Domain Interface	366
Bridge Domain Interface Scalability	366
How to Configure a Bridge Domain Interface	366
Example	368
Additional References	370
Related Documents	370
Standards	370
MIBs	370
RFCs	370
Technical Assistance	370
Feature Information for Configuring Bridge Domain Interfaces	371
Monitoring and Maintaining Multilink Frame Relay	373
Finding Feature Information in This Module	373
Contents	373
Feature Overview	374
Configuring Multilink Frame Relay	374
Monitoring and Maintaining Frame Relay and Multilink Frame Relay	374
Additional References	375
Related Documents	375
Standards	375
MIBs	375
RFCs	375
Technical Assistance	375
Feature Information for Monitoring and Maintaining Multilink Frame Relay	376
Configuring MPLS Layer 2 VPNs	377
Finding Feature Information	377
Contents	377
Overview of L2VPN Interworking	378
L2VPN Interworking Modes	378
Ethernet or Bridged Interworking	378
IP or Routed Interworking	379
Prerequisites for Frame Relay DLCI-to-ATM AAL5SNAP Bridged Interworking	380
Frame Relay DLCI-to-ATM AAL5SNAP Bridged Interworking	380
Configuring Frame Relay DLCI-to-ATM AAL5SNAP Bridged Interworking	382
Example: Frame Relay-to-ATM Bridged Interworking on an ATM-PE Router	386
Example: Frame Relay-to-ATM Bridged Interworking on a Frame Relay-PE Router	392
Gigabit EtherChannel for Virtual Private Wire Service	393
Supported Modes	393
GEC Like-to-Like Mode	393
Any-to-GEC Mode	394
Restrictions for Gigabit EtherChannel for Virtual Private Wire Service	394
Configuring Gigabit EtherChannel for Virtual Private Wire Service	395
EtherChannel-to-EtherChannel over MPLS (Bridged) Interworking	395
EtherChannel-to-EtherChannel over MPLS (Routed) Interworking	397
Example: GEC Like-to-Like (Routed) Interworking	399
Any-to-EtherChannel over MPLS (Bridged) Interworking	400
Any-to-EtherChannel over MPLS (Routed) Interworking	402
Additional References	406
Related Documents	406
Standards	406
MIBs	406
RFCs	407
Technical Assistance	407
Feature Information for Configuring MPLS Layer 2 VPNs	407
Glossary	409
Tracing and Trace Management	411
Tracing Overview	411
How Tracing Works	411
Tracing Levels	412
Viewing a Tracing Level	413
Setting a Tracing Level	414
Viewing the Content of the Trace Buffer	415
Configuring and Accessing the Web User Interface	417
Web User Interface Overview	417
Web User Interface General Overview	417
Legacy Web User Interface Overview	418
Graphics-Based Web User Interface Overview	419
Persistent Web User Interface Transport Maps Overview	420
Configuring the Router for Web User Interface Access	421
Authentication and the Web User Interface	423
Domain Name System and the Web User Interface	423
Clocks and the Web User Interface	423
Accessing the Web User Interface	424
Using Auto Refresh	425
Web User Interface Tips and Tricks	426
Unsupported Commands	427
Configuration Examples	431
Configuring the Router to Boot the Consolidated Package on the TFTP Server	431
Copying the Consolidated Package from the TFTP Server to the Router	435
Configuring the Router to Boot Using the Consolidated Package Stored on the Router	436
Extracting the SubPackages from a Consolidated Package into the Same File System	437
Extracting the SubPackages from a Consolidated Package into a Different File System	439
Configuring the Router to Boot Using the SubPackages	440
Backing Up Configuration Files	444
Copying a Startup Configuration File to Bootflash	444
Copying a Startup Configuration File to an USB Flash Disk	444
Copying a Startup Configuration File to a TFTP Server	445
Enabling a Second IOS Process on a Single RP Using SSO	445
ISSU-Consolidated Package Upgrade	449

Match case Limit results 1 per page

Broadband Scalability and Performance

Using the cisco-avpair="lcp:interface-config" RADIUS Attribute

Cisco ASR 1000 Series Aggregation Services Routers Software Configuration Guide

To enhance the scalability of per-user configurations, in many cases, different Cisco AV-pairs are

available to place the subscriber interface in a Virtual Routing and Forwarding (VRF) instance or to

apply a policy map to the session. For example, use the ip:vrf-id and ip:ip-unnumbered VSAs to

reconfigure a user’s VRF. For information about enhancing scalability see,

“Enhancing the Scalability

of Per-User Configurations” section on page 8

Enhancing the Scalability of Per-User Configurations

To enhance scalability of per-user configurations without changing the router configuration, use the

ip:vrf-id and ip:ip-unnumbered RADIUS attributes. These per-user vendor-specific attributes (VSAs)

are used to map sessions to VRFs and IP unnumbered interfaces. The VSAs are applied to virtual access

subinterfaces and are processed during PPP authorization.

The ip:vrf-id attribute is used to map sessions to VRFs. Any profile that uses the ip:vrf-id VSA must also

use the ip:ip-unnumbered VSA to install IP configurations on the VAI that is to be created. The PPP that

is used on a VAI to be created requires the ip:ip-unnumbered VSA. An Internet Protocol Control Protocol

(IPCP) session is not established if IP is not configured on the interface. You must configure either the

ip address command or the ip unnumbered command on the interface so that these configurations are

present on the VAI that is to be created. However, specifying the ip address and ip unnumbered

commands on a virtual template interface is not required because pre-existing IP configurations, if any,

are removed when the ip:ip-vrf VSA is installed on the VAI. Therefore, any profile that uses the ip:vrf-id

VSA must also use the ip:ip-unnumbered VSA to install IP configurations on the VAI that is to be

created.

These per-user VSAs can be applied to VAIs. Therefore, the per-user authorization process does not

require the creation of full VAIs, which improves scalability.

Setting the VRF and IP Unnumbered Interface Configurations in User Profiles

Although the Cisco ASR 1000 Series Router continues to support the lcp:interface-config VSA, the

ip:vrf-id and ip:ip-unnumbered VSAs provide another way to set the VRF and IP unnumbered interface

configurations in user profiles. The ip:vrf-id and ip:ip-unnumbered VSAs have the following syntax:

Cisco:Cisco-AVpair = “ip:vrf-id=vrf-name”

Cisco:Cisco-AVpair = “ip:ip-unnumbered=interface-name”

You should specify only one ip:vrf-id and one ip:ip-unnumbered value in a user profile. However, if the

profile configuration includes multiple values, the Cisco ASR 1000 Series Router applies the value of

the last VSA received, and creates a virtual access subinterface. If the profile includes the

lcp:interface-config VSA, the router always applies the value of the lcp:interface-config VSA.

Setting the VRF and IP Unnumbered Interface Configurations in Virtual Interface Templates

You can specify one VSA value in a user profile on RADIUS and another value locally in the virtual

template interface. The Cisco ASR 1000 Series Router clones the template and then applies the values

configured in the profiles it receives from RADIUS, resulting in the removal of any IP configurations

when the router applies the profile values.