Configuring ISG Control Policies
How to Configure an ISG Control Policy
9
Default Method Lists
If you specify the default method list for any of the control policy actions, the default list will not appear
in the output of the show running-config command. For example, if you configure the following
command:
Router(config-control-policymap-class-control)# 1 authenticate aaa list default
the following will display in the output for the show running-config command:
1 authenticate
Named method lists will display in the show running-config command output.
SUMMARY STEPS
1. enable
2. configure terminal
3. policy-map type control policy-map-name
4. class type control {control-class-name | always} [event {access-reject | account-logoff |
account-logon | acct-notification | credit-exhausted | dummy-event | quota-depleted |
radius-timeout | service-failed | service-start | service-stop | session-default-service |
session-restart | session-service-found | session-start | timed-policy-expiry}]
5. action-number authenticate aaa list list-name
6. action-number authorize [aaa list list-name] [password password] [upon network-service-found
{continue | stop}] identifier {authenticated-domain | authenticated-username | auto-detect |
circuit-id [plus remote-id] | dnis | mac-address | nas-port | remote-id [plus circuit-id] |
source-ip-address | tunnel-name | unauthenticated-domain | unauthenticated-username |
vendor-class-id}
7. action-number collect [aaa list list-name] identifier {authen-status | authenticated-domain |
authenticated-username | dnis | mac-address | media | mlp-negotiated | nas-port | no-username
| protocol | service-name | source-ip-address | timer | tunnel-name | unauthenticated-domain |
unauthenticated-username | vrf}
8. action-number if upon network-service-found {continue | stop}
9. action-number proxy accounting aaa list {list-name | default}
10. action-number service [disconnect | local | vpdn]
11. action-number service-policy type control policy-map-name
12. action-number service-policy type service [unapply] [aaa list list-name] {name service-name |
identifier {authenticated-domain | authenticated-username | dnis | nas-port | tunnel-name |
unauthenticated-domain | unauthenticated-username}}
13. action-number set name identifier {authen-status | authenticated-domain |
authenticated-username | dnis | mac-address | media | mlp-negotiated | nas-port | no-username
| protocol | service-name | source-ip-address | timer | tunnel-name | unauthenticated-domain |
unauthenticated-username | vrf}
14. action-number set-timer name-of-timer minutes
15. action-number substitute name matching-pattern pattern-string
16. end
To Next Page
Loading...
Need help?
General