Configuring ISG Policies for Automatic Subscriber Logon
How to Configure ISG Policies for Automatic Subscriber Logon
6
What to Do Next
You must apply the control policy to a context by using the service-policy type control command. For
information about applying control policies, see the module “Configuring ISG Control Policies”.
You may want to configure policies to determine what should happen for autologon subscribers whose
IP address or MAC address authorization fails; for example, you may want to redirect the subscriber to
the policy server for authentication.
Enabling the Remote-ID to Be Sent as the Calling-Station-ID
Perform this task to enable the ISG device to send the remote ID in the Calling-Station-ID (attribute 31)
field of accounting records and access requests.
SUMMARY STEPS
1. enable
2. configure terminal
3. radius-server attribute 31 remote-id
Step 3
policy-map type control policy-map-name
Example:
Router(config)# policy-map type control TAL
Creates or modifies a control policy map, which is used to
define a control policy.
Step 4
class type control {class-map-name | always}
event session-start
Example:
Router(config-control-policymap)# class type
control TAL-subscribers event session-start
Specifies a control class, which defines the conditions that
must be met in order for an associated set of actions to be
executed.
• Specify the control class-map that was configured in
the task “Identifying Traffic for Automatic Logon in a
Control Policy Class Map”.
Step 5
action-number authorize [aaa list {list-name |
default}] [password password] identifier
{auto-detect | circuit-id [plus remote-id]|
mac-address | source-ip-address | remote-id
[plus circuit-id]}
Example:
Router(config-control-policymap-class-control)#
1 authorize aaa list TAL_LIST password cisco
identifier source-ip-address
Inserts the specified identifier into the username field of
authorization requests.
• For sessions triggered by an unrecognized IP address,
the MAC address should be used only when the
subscriber is one hop away.
• The auto-detect keyword allows authorization to be
performed on Cisco Catalyst switches with
remote-ID:circuit-ID and on DSL Forum switches with
circuit-ID only.
Command or Action Purpose
To Next Page
Loading...
Need help?
General