Filter
Top Products
7-8
Cisco ASR 1000 Series Aggregation Services Routers Software Configuration Guide
OL-16506-17
Chapter 7 Broadband Scalability and Performance
Using the cisco-avpair="lcp:interface-config" RADIUS Attribute
Enhancing the Scalability of Per-User Configurations
To enhance scalability of per-user configurations without changing the router configuration, use the
ip:vrf-id and ip:ip-unnumbered RADIUS attributes. These per-user vendor-specific attributes (VSAs)
are used to map sessions to VRFs and IP unnumbered interfaces. The VSAs are applied to virtual access
subinterfaces and are processed during PPP authorization.
The ip:vrf-id attribute is used to map sessions to VRFs. Any profile that uses the ip:vrf-id VSA must also
use the ip:ip-unnumbered VSA to install IP configurations on the VAI that is to be created. The PPP that
is used on a VAI to be created requires the ip:ip-unnumbered VSA. An Internet Protocol Control Protocol
(IPCP) session is not established if IP is not configured on the interface. You must configure either the
ip address command or the ip unnumbered command on the interface so that these configurations are
present on the VAI that is to be created. However, specifying the ip address and ip unnumbered
commands on a virtual template interface is not required because pre-existing IP configurations, if any,
are removed when the ip:ip-vrf VSA is installed on the VAI. Therefore, any profile that uses the ip:vrf-id
VSA must also use the ip:ip-unnumbered VSA to install IP configurations on the VAI that is to be
created.
These per-user VSAs can be applied to VAIs. Therefore, the per-user authorization process does not
require the creation of full VAIs, which improves scalability.
Setting the VRF and IP Unnumbered Interface Configurations in User Profiles
Although the Cisco ASR 1000 Series Aggregation Services Router continues to support the
lcp:interface-config VSA, the ip:vrf-id and ip:ip-unnumbered VSAs provide another way to set the VRF
and IP unnumbered interface configurations in user profiles. The ip:vrf-id and ip:ip-unnumbered VSAs
have the following syntax:
Cisco:Cisco-AVpair = “ip:vrf-id=vrf-name”
Cisco:Cisco-AVpair = “ip:ip-unnumbered=interface-name”
You should specify only one ip:vrf-id and one ip:ip-unnumbered value in a user profile. However, if the
profile configuration includes multiple values, the Cisco ASR 1000 Series Aggregation Services Router
applies the value of the last VSA received, and creates a virtual access subinterface. If the profile
includes the lcp:interface-config VSA, the router always applies the value of the lcp:interface-config
VSA.
Setting the VRF and IP Unnumbered Interface Configurations in Virtual Interface Templates
You can specify one VSA value in a user profile on RADIUS and another value locally in the virtual
template interface. The Cisco ASR 1000 Series Aggregation Services Router clones the template and
then applies the values configured in the profiles it receives from RADIUS, resulting in the removal of
any IP configurations when the router applies the profile values.
Redefining User Profiles to Use the ip:vrf-id and ip:ip-unnumbered VSAs
The requirement of a full virtual access interface when using the lcp:interface-config VSA in user
profiles can result in scalability issues, such as increased memory consumption. This situation is
especially true when the Cisco ASR 1000 Series Aggregation Services Router attempts to apply a large
number of per-user profiles that include the lcp:interface-config VSA. Therefore, when updating your
user profiles, we recommend that you redefine the lcp:interface-config VSA to the scalable ip:vrf-id
and ip:ip-unnumbered VSAs.
The following example shows how to redefine a VRF named newyork using the ip:vrf-id VSA: