Configuring ISG Subscriber Services
Configuration Examples for ISG Services
16
match access-group output name SERVICE1_ACL_OUT
!
policy-map type service SERVICE1
10 class type traffic SERVICE1_TC
timeout idle 600
timeout absolute 1800
accounting aaa list CAR_ACCNT_LIST
class type traffic default in-out
drop
AAA Server Configuration
Attributes/
Cisco-AVPair = "ip:traffic-class=in access-group name SERVICE1_ACL_IN priority 10"
Cisco-AVPair = "ip:traffic-class=in default drop"
Cisco-AVPair = "ip:traffic-class=out access-group name SERVICE1_ACL_OUT priority 10"
Cisco-AVPair = "ip:traffic-class=out default drop"
Cisco-AVPair = subscriber:accounting-list=CAR_ACCNT_LIST
Cisco-SSG-Service-Info = ISERVICE1
session-timeout = 1800
idle-timeout = 600
Service for ISG Policing: Examples
In the following examples, the service “BOD1M” is configured with per-flow accounting and ISG
policing. The access lists “BOD1M_IN_ACL_IN” and “BOD1M_ACL_OUT” are used to define the
traffic class. These examples are equivalent and show the two methods of service configuration: in a
service policy map that is configured directly on the ISG, and in a service profile that is configured on
a AAA server.
ISG Configuration
class-map type traffic match-any BOD1M_TC
match access-group input name BOD1M_IN_ACL_IN
match access-group output name BOD1M_ACL_OUT
!
policy-map type service BOD1M
10 class type traffic BOD1M_TC
accounting aaa list CAR_ACCNT_LIST
police input 512000 256000 5000
police output 1024000 512000 5000
class type traffic default in-out
drop
AAA Server Configuration
Attributes/
Cisco-AVPair = "ip:traffic-class=in access-group name BOD1M_IN_ACL priority 10"
Cisco-AVPair = "ip:traffic-class=in default drop"
Cisco-AVPair = "ip:traffic-class=out access-group name BOD1M _OUT_ACL priority 10"
Cisco-AVPair = "ip:traffic-class=out default drop"
Cisco-AVPair = subscriber:accounting-list=CAR_ACCNT_LIST
Cisco-SSG-Service-Info = IBOD1M
Cisco-SSG-Service-Info = QU;512000;256000;5000;D;1024000;512000;5000
To Next Page
Loading...
