Support User Manuals

Cisco Systems 10000 Network Router User Manual

Open as PDF

of 624

2-18

Cisco 10000 Series Router Software Configuration Guide

OL-2226-23

Chapter 2 Scalability and Performance

Configuring the Cisco 10000 Series Router for High Scalability

Setting VRF and IP Unnumbered Interface Configurations in User Profiles

Although the Cisco 10000 series router continues to support the lcp:interface-config VSA, the

ip:vrf-id and ip:ip-unnumbered VSAs provide another way to set the VRF and IP unnumbered

interface configurations in user profiles. The ip:vrf-id and ip:ip-unnumbered VSAs have the following

syntax:

Cisco:Cisco-AVpair = “ip:vrf-id=vrf-name”

Cisco:Cisco-AVpair = “ip:ip-unnumbered=interface-name”

You should specify only one ip:vrf-id and one ip:ip-unnumbered value in a user profile. However, if

the profile configuration includes multiple values, the Cisco

10000 series router applies the value of the

last VSA received, and creates a virtual access subinterface. If the profile includes the

lcp:interface-config VSA, the router always applies the value of the lcp:interface-config VSA, and

creates a full virtual access interface.

In Cisco IOS Release 12.2(15)BX, when you specify a VRF in a user profile, but do not configure the

VRF on the Cisco 10000 series router, the router accepts the profile. However, in Cisco IOS

Release

12.2(16)BX1 and later releases, the router rejects the profile.

Setting VRF and IP Unnumbered Interface Configuration in a Virtual Interface Template

You can specify one VSA value in the user profile on RADIUS and another value locally in the virtual

template interface. The Cisco

10000 series router clones the template and then applies the values

configured in the profiles it receives from RADIUS, resulting in the removal of any IP configurations

when the router applies the profile values.

Redefining User Profiles to Use the ip:vrf-id and ip:ip-unnumbered VSAs

The requirement of a full virtual access interface when using the lcp:interface-config VSA in user

profiles can result in scalability issues such as increased memory consumption. This situation is

especially true when the Cisco

10000 series router attempts to apply a large number of per-user profiles

that include the lcp:interface-config VSA. Therefore, when updating your user profiles, we recommend

that you redefine the lcp:interface-config VSA to the scalable ip:vrf-id and ip:ip-unnumbered VSAs.

Example 2-15 shows how to redefine the VRF named newyork using the ip:vrf-id VSA.

Example 2-15 Redefining VRF Configurations

Change:

Cisco:Cisco-Avpair = “lcp:interface-config=ip vrf forwarding newyork”

To:

Cisco:Cisco-Avpair = “ip:vrf-id=newyork”

Example 2-16 shows how to redefine the Loopback 0 interface using the ip:ip-unnumbered VSA.

Example 2-16 Redefining IP Unnumbered Interfaces

Change:

Cisco:Cisco-Avpair = “lcp:interface-config=ip unnumbered Loopback 0”

To:

Cisco:Cisco-Avpair = “ip:ip-unnumbered=Loopback 0”

previous next