Cisco Resource Pool Manager Server Scenarios

Cisco RPMS with local authentication, authorization, and accounting (AAA) services
- Call Management: Before Calls Are Answered
DNIS-Based Wholesale (VPDN) Dial Service

DNIS-Based Retail Dial Service
- Call Management: After Calls Are Answered
Domain Name/DNIS-Based Wholesale (VPDN) Dial Service

Retail Dial Service
Cisco RPMS without local AAA services
- Call Management: Before Calls Are Answered
DNIS-Based Wholesale (VPDN) Dial Service
- Call Management: After Calls Are Answered
Domain Name/DNIS-Based Wholesale (VPDN) Dial Service
Fault tolerance and resiliency
- Cisco RPMS primary and backup servers
- Backup customer profile
Standalone network access server (NAS) without Cisco RPMS

Cisco RPMS with Local AAA

This network configuration can be used by serice providers and others to provide wholesale (VPDN) dial service to corporate customers and other ISPs, and retail dial service to end users for Internet/intranet access.

Figure 3-1 shows Cisco RPMS with multiple connections to NASes for both wholesale (VPDN) and retail dial service. The wholesale (VPDN) connections are forwarded to VPDN tunnels using domain names or DNIS numbers. The retail connections use the local AAA server for user authentication before directing calls to the Internet/intranet.

Figure 3-1: NAS Group with Cisco RPMS (with AAA)

Using Cisco RPMS with a local AAA server provides the following call management and dial service offerings:

Call Management: Before Calls Are Answered
- DNIS-Based Wholesale (VPDN) Dial Service
- DNIS-Based Retail Dial Service
Call Management: After Calls Are Answered
- Domain Name/DNIS-Based Wholesale (VPDN) Dial Service
- Retail Dial Service

The setup and configurations of each call management and dial service offering are described separately. The configurations outlined in this section use the following:

Cisco RPMS server named coney with IP address 10.3.15.2
Local AAA server named pagoda with IP address 10.6.8.25
Remote home gateway AAA server named csnt-acs with IP address 10.5.55.47

Call Management	Dial Service	Cisco RPMS Configuration
Before Calls Are Answered	DNIS-Based Wholesale (VPDN)	1. Configuration>Customer Create the desired customer profile. 2. Configuration>DNIS Create the desired DNIS group and call type. 3. Configuration>Resources>Group and Configuration >Resources>Service Configure the resource groups and services 4. Configuration>VPDN Configure the desired VPDN groups with DNIS and tunnel data. 5. Configuration>Customer Assign the DNIS group, resource groups/services and VPDN group to the customer profile.
Before Calls Are Answered	DNIS-Based Retail	1. Configuration>Customer Create the desired customer profile. 2. Configuration>DNIS Create a DNIS group and assign it a call type. 3. Configuration>Resources>Group and Configuration >Resources>Service Configure the resource groups and services 4. Configuration>Customer Assign the DNIS group/call type and resource groups/services to the customer profile.
After Calls Are Answered	DNIS-Based Wholesale (VPDN)	1. Configuration>Customer Create the desired default customer profile. 2. Configuration>DNIS Access the default DNIS group and assign a call type. 3. Configuration>Resources>Group and Configuration >Resources>Service Configure the resource groups and services 4. Configuration>VPDN Configure the desired VPDN groups with DNIS numbers and tunnel data. 5. Configuration>Customer Assign the default DNIS group/call type, resource groups/services and VPDN group to the default customer profile.
After Calls Are Answered	Domain Name-Based Wholesale (VPDN)	1. Configuration>Customer Create the desired default customer profile. 2. Configuration>DNIS Access the default DNIS group and assign a call type. 3. Configuration>Resources>Group and Configuration >Resources>Service Configure the resource groups and services 4. Configuration>VPDN Configure the desired VPDN groups with domain name and tunnel data. 5. Configuration>Customer Assign the default DNIS group/call type, resource groups/services and VPDN group to the default customer profile.
After Calls Are Answered	Non-DNIS Retail	1. Configuration>Customer Create the desired default customer profile. 2. Configuration>DNIS Assign the default DNIS group a call type. 3. Configuration>Resources>Group and Configuration >Resources>Service Configure the resource groups and services 4. Configuration>Customer Assign the default DNIS group and resource groups/services to the default customer profile.

Call Management: Before Answering Calls

Using this type of call management, before calls are answered, Cisco RPMS subjects incoming calls to the configured DNIS groups/call types matching, enforces the customer profile sessions limits, and allocates resources according to the assigned resource groups. If the matching DNIS group/call type are configured for the call, the session/overflow limits are not exceeded, and resources are available, Cisco RPMS accepts the call and sends a call-accept message to the NAS and call processing continues. If a resource is not available, a channel not available (CNA) or busy call treatment can be used. When the telco group spans multiple NASes, CNA call treatment enables the switch to hunt across NASes for an available resource. If a customer profile is not available, the call treatment can be configured to be either no answer or busy.

Note The DNIS numbers in the configured DNIS groups must also be available in the required local exchange offices.

DNIS-Based Wholesale (VPDN) Dial Service

This type of dial service allows for the sharing of ports among wholesale (VPDN) customers using the DNIS numbers as the means to differentiate customers and service levels. No domain name is used so users do not enter a domain name with their user ID. However, DNIS numbers must be available for each VPDN customer.

To enable DNIS-based wholesale (VPDN) dial service along with applying call management before calls are answered, the following Cisco RPMS configurations are used:

Configuration>Customers>Add Customer
Configure a customer profile for each group of customers to whom this service is being offered. The Add Customer page allows you to specify customer data along with session count and session overflow limits for each customer.
Configuration>DNIS
Configure DNIS groups/call types for the supported DNIS numbers. In the configuration example, the DNIS group DGrp1/digital and DGrp2/speech with DNIS number 9495555555 are used.
Configuration>Customers>DNIS Groups and Call Types
Assign the configured DNIS groups/call types to the configured customer profiles. In the configuration example, the DNIS groups/call types used are DGrp1/digital and DGrp2/speech.
Configuration>Resources>Groups and Configuration>Resources>Services
Configure the resource groups/call types and optional resource modem services. In the configuration example, the resources groups/call types are digital/digital for ISDN calls and async1/speech for modem calls.

Note

Configuration>Customers>Resource Data
Assign the configured resource groups and optional resource modem services to the desired customer profiles.
Configuration>Customers>VPDN
Configure the VPDN groups. In this example, the configured VPDN group is VPDNGrp1.
- The DNIS number for the VPDN group is the same number specified in the DNIS group (9495555555).
- Tunneling protocol is l2f or l2tp.
- Tunnel ID is isp. This ID must match the remote name configured on the home gateway.
- VPDN IP endpoint is 10.5.5.13. This is the home gateway IP address.

: VPDN home gateway data can be specified in the local AAA server or the Cisco RPMS VPDN group. An example local AAA server VPDN home gateway configuration is

user = dnis:9495555555{
profile_id = 23
profile_cycle = 4
radius=Cisco11.3 {
check_items= {
2=cisco
}
reply_attributes= {
9,1="vpdn:ip-addresses=10.5.5.13"
9,1="vpdn:tunnel-id=isp"
9,1="vpdn:nas-password=cisco"
9,1="vpdn:gw-password=cisco"

: Cisco RPMS uses the VPDN session limit, VPDN session overflow limit, maximum MLP bundles, and maximum links per bundle specified in the VPDN group to manage the tunnel availability.

Configuration>Customers>VPDN Groups
Assign the configured VPDN groups to the desired customer profile.

NAS Configuration

Make the following entries in the NAS configuration files:

Local AAA configuration:

Define AAA group servers:

aaa group server tacacs+ coney
 server 10.3.15.2
!

Define the TACACS server for Telnet authentication:

aaa group server tacacs+ pagoda
 server 10.6.8.25
!

Define the TACACS server for PPP authentication:

aaa authentication login default pagoda							 //--it uses tacacs server group "pagoda" for telnet authentication--//
aaa authentication ppp default pagoda							 //--it uses tacacs server group "pagoda" for ppp user authentication--//

Define the AAA accounting server:

aaa accounting network default start-stop group pagoda										 //--it uses tacacs server group "pagoda" for accounting information --//

Enable resource pooling and configure resource groups, optional resource services, and AAA accounting:

resource-pool enable
resource-pool call treatment resource channel-not-available
resource-pool call treatment profile no-answer
!
resource-pool group resource digital
 range limit 10
!
resource-pool group resource async1
 range port 1/0 1/10
!
resource-pool group resource async2
 range port 1/11 1/20
!
resource-pool group resource async3
 range port 1/21 1/30
resource-pool aaa accounting ppp
resource-pool aaa protocol group coney

Enable VPDN:

vpdn enable			//--to enable vpdn--//

Configure TACACS connections. One TACACS connection is required to enable RMP for the NAS to communicate with Cisco RPMS.

tacacs-server host 10.6.8.25
tacacs-server host 10.3.15.2
tacacs-server key cisco
tacacs-server administration

: For the complete NAS configuration file, see "Configuration Files". For more detailed configuration and VPN information, refer to Cisco Access VPN Solutions Using Tunneling Technology.

Home Gateway Router Configuration

The home gateway router serves as the terminating device for the VPDN tunnels used for Cisco RPMS wholesale (VPDN) dial service. Make the following entries in the home gateway configuration files:

Define AAA authentication and authorization:

aaa new-model
aaa authentication login default tacacs+
aaa authentication ppp default tacacs+   
aaa authorization network default tacacs+

Enable VPDN:

vpdn enable

Configure VPDN groups. Define the tunneling protocol and tunnel ID. These must match the VPDN group data configured in Cisco RPMS.

vpdn-group 1
 accept dialin l2f virtual-template 1 remote isp
 local name hg
!
vpdn-group 2
 accept dialin l2tp virtual-template 1 remote isp
 local name hg

Define the TACACS host:

tacacs-server host 10.5.55.47
tacacs-server key cisco

The Cisco RPMS Maximum MLP bundles setting specifies the maximum number of connections that can open multilink connections in this VPDN group. The maximum links per bundle setting specifies the maximum number of links for each bundle. For example, if standard ISDN users will be part of this VPDN group, limit this setting to two links per bundle. If video conferencing will be used, increase this setting to accommodate the necessary bandwidth (usually six links).

For more detailed configuration and VPN information, refer to Cisco Access VPN Solutions Using Tunneling Technology.

Multiple Home Gateways

When more than one home gateway IP address is configured, sessions are automatically distributed among the IP addresses. If a connection fails, sessions are automatically distributed among the remaining IP addresses. If these home gateways will receive MLP connections, you must configure Stack Group Bidding Protocol (SGBP).

To configure SGBP on multiple home gateways, ensure the following configurations entries are added to the home gateway configuration files. The NAS is called qa5300e. The off-load router is called qa5300g. The second home gateway is called apm7200.

Home gateway 1 (off-load router):

multilink virtual-template 1
!
sgbp group mystack
sgbp seed-bid offload
sgbp member qa5300e 10.1.0.33
sgbp member qa5300g 10.5.5.31
vpdn enable
vpdn multihop

Home gateway 2:

multilink virtual-template 1
!
sgbp group mystack
sgbp member apm7200 10.5.5.13
sgbp member qa5300e 10.1.0.33
vpdn enable
vpdn multihop

: For the complete home gateway configuration, see "Configuration Files". For more detailed configuration and VPN information, refer to Cisco Access VPN Solutions Using Tunneling Technology.

DNIS-Based Retail Dial Service

To enable DNIS-based retail dial service along with applying call management before calls are answered, the following Cisco RPMS configurations are used:

Configuration>Customers>Add Customer
Configure a customer profile for the desired retail services. The customer profile allows you to specify session and session overflow limits for the retail service.
Configuration>DNIS
Configure DNIS groups/call types for the DNIS numbers.
Configuration>Customers>DNIS Groups and Call Types
Assign the configured DNIS groups to the desired customer profiles.
Configuration>Resources>Groups and Configuration>Resources>Services
Configure the resource groups/call types and optional resource modem services. In the configuration example, the resources groups/call types are digital/digital for ISDN calls and async2/speech for modem calls.

Note

Configuration>Customers>Resource Data
Assign the configured resource groups and optional resource modem services to the desired customer profiles.

Note A VPDN tunnel is not used for DNIS-based retail dial service.

NAS Configuration

Make the following entries in the NAS configuration files:

Local AAA configuration:

Define AAA group servers:

aaa group server tacacs+ coney
 server 10.3.15.2
!

Define the TACACS server for Telnet authentication:

aaa group server tacacs+ pagoda
 server 10.6.8.25
!

Define the TACACS server for PPP authentication:

aaa authentication login default pagoda							 //--it uses tacacs server group "pagoda" for telnet authentication--//
aaa authentication ppp default pagoda							 //--it uses tacacs server group "pagoda" for ppp user authentication--//

Define the AAA accounting server:

aaa accounting network default start-stop group pagoda										 //--it uses tacacs server group "pagoda" for accounting information --//

Enable resource pooling and configure resource groups, optional resource services, and aaa accounting:

resource-pool enable
resource-pool call treatment resource channel-not-available
resource-pool call treatment profile no-answer
!
resource-pool group resource digital
 range limit 10
!
resource-pool group resource async1
 range port 1/0 1/10
!
resource-pool group resource async2
 range port 1/11 1/20
!
resource-pool group resource async3
 range port 1/21 1/30
resource-pool aaa accounting ppp
resource-pool aaa protocol group coney

Configure TACACS connections. One TACACS connection is required to enable RMP for the NAS to communicate with Cisco RPMS:

tacacs-server host 10.6.8.25
tacacs-server host 10.3.15.2
tacacs-server key cisco
tacacs-server administration

: For the complete NAS configuration file, see "Configuration Files".

Call Management: After Calls Are Answered

Using this type of call management, Cisco RPMS answers all calls using a default DNIS group/call type, enforces the session/overflow limits defined in a default customer profile, and assigns the available resources from the resource groups assigned to the default customer profile. If the session/overflow limits are not exceeded, and resources are available, Cisco RPMS continues processing the call. If a resource is not available, a channel not available (CNA) or busy call treatment can be used. When the telco group spans multiple NASes, CNA call treatment enables the switch to hunt across NASes for an available resource. If a default customer profile is not available, the call treatment can be configured to be no answer or busy.

Domain Name-Based Wholesale (VPDN) Dial Service

The advantages of domain name VPDN dial service are that DNIS numbers are not used and user groups can be easier to manage. In addition, new numbers do not need to be ordered each time a customer is added. However, in order for a user to access the home gateway through domain name wholesale service, the domain name must appear in the user ID. For example, if the username is "jdoe" and the domain name is "company.com," the user ID would be "jdoe@company.com."

To enable domain name-based wholesale (VPDN) dial service along with applying call management after calls are answered, the following Cisco RPMS configurations are used:

Configuration>Customers>Add Customer
Configure a default customer profile for the desired customers. The customer profile contains session and session overflow limits applied for the customers. A default customer profile needs to be assigned the Default DNIS group.
Configuration>DNIS
Assign a call type to the default DNIS group. The default DNIS group is provided by Cisco RPMS and is used for all DNIS numbers not specified in other DNIS groups.
Configuration>Customers>DNIS Groups and Call Types
Assign the default DNIS group to the default customer profile. The default DNIS group is provided by Cisco RPMS and does not need to be created.
Configuration>Resources>Groups and Configuration>Resources>Services
Configure the resource groups and optional resource modem services.

Note

Configuration>Customers>Resource Data
Assign the configured resource groups and optional resource modem services to the desired default customer profiles.
Configuration>Customers>VPDN
Configure the VPDN groups. In the VPDN group, specify the domain names.
- A domain name (for example, cisco.com) can be entered for the VPDN group.
- Tunneling protocol is l2f or l2tp.
- Tunnel ID is isp. This ID must match the remote name configured on the home gateway.
- VPDN IP endpoint is 10.5.5.13. This is the IP address of the home gateway.
Configuration>Customers>VPDN Groups
Assign the configured VPDN groups to the default customer profile.

: VPDN home gateway data can be specified in the local AAA server or the Cisco RPMS VPDN group. An example local AAA server VPDN home gateway configuration is

user = domain:cisco.com{
profile_id = 23
profile_cycle = 4
radius=Cisco11.3 {
check_items= {
2=cisco
}
reply_attributes= {
9,1="vpdn:ip-addresses=10.5.5.13"
9,1="vpdn:tunnel-id=isp"
9,1="vpdn:nas-password=cisco"
9,1="vpdn:gw-password=cisco"

: Cisco RPMS uses the VPDN session limit, VPDN session overflow limit, maximum MLP bundles, and maximum links per bundle specified in the VPDN group to manage the tunnel availability.

NAS Configurations

Make the following entries in the NAS configuration files:

Local AAA configuration:

Define AAA group servers:

aaa group server tacacs+ coney
 server 10.3.15.2
!

Define the TACACS server for Telnet authentication:

aaa group server tacacs+ pagoda
 server 10.6.8.25
!

Define the TACACS server for PPP authentication:

aaa authentication login default pagoda							 //--it uses tacacs server group "pagoda" for telnet authentication--//
aaa authentication ppp default pagoda							 //--it uses tacacs server group "pagoda" for ppp user authentication--//

Define the AAA accounting server:

aaa accounting network default start-stop group pagoda										 //--it uses tacacs server group "pagoda" for accounting information --//

Enable resource pooling and configure resource groups, optional resource services, and aaa accounting:

resource-pool enable
resource-pool call treatment resource channel-not-available
resource-pool call treatment profile no-answer
!
resource-pool group resource digital
 range limit 10
!
resource-pool group resource async1
 range port 1/0 1/10
!
resource-pool group resource async2
 range port 1/11 1/20
!
resource-pool group resource async3
 range port 1/21 1/30
resource-pool aaa accounting ppp
resource-pool aaa protocol group coney

Enable VPDN:

vpdn enable			//--to enable vpdn--//ns

Configure TACACS connections. One TACACS connection is required to enable RMP for the NAS to communicate with Cisco RPMS:

tacacs-server host 10.6.8.25
tacacs-server host 10.3.15.2
tacacs-server key cisco
tacacs-server administration

For the complete NAS configuration file, see "Configuration Files". For more detailed configuration and VPN information, refer to Cisco Access VPN Solutions Using Tunneling Technology.

Home Gateway Configurations

The home gateway router serves as the terminating device for the VPDN tunnels used for Cisco RPMS wholesale (VPDN) dial service. Make the following entries in the home gateway configuration files:

Define AAA authentication and authorization:

aaa new-model
aaa authentication login default tacacs+
aaa authentication ppp default tacacs+   
aaa authorization network default tacacs+

Enable VPDN:

vpdn enable

Configure VPDN groups. Define the tunneling protocol and tunnel ID. These must match the VPDN group data configured in Cisco RPMS:

vpdn-group 1
 accept dialin l2f virtual-template 1 remote isp
 local name hg
!
vpdn-group 2
 accept dialin l2tp virtual-template 1 remote isp
 local name hg

Define the TACACS host:

tacacs-server host 10.5.55.47
tacacs-server key cisco

Multiple Home Gateways

To configure SGBP on multiple home gateways, ensure the following configurations are added to the home gateway configuration files. The NAS is called qa5300e. The off-load router is called qa5300g. The second home gateway is called apm7200.

Home gateway 1 (off-load router):

multilink virtual-template 1
!
sgbp group mystack
sgbp seed-bid offload
sgbp member qa5300e 10.1.0.33
sgbp member qa5300g 10.5.5.31
vpdn enable
vpdn multihop

Home gateway 2 :

multilink virtual-template 1
!
sgbp group mystack
sgbp member apm7200 10.5.5.13
sgbp member qa5300e 10.1.0.33
vpdn enable
vpdn multihop

: For the complete NAS configuration file, see "Configuration Files". For more detailed configuration and VPN information, refer to Cisco Access VPN Solutions Using Tunneling Technology.

DNIS-Based Wholesale (VPDN) Dial Service

The advantage of DNIS-based wholesale (VPDN) dial service is that username changes are not required. In order for domain name users to access the home gateway through domain name wholesale service, the domain name must appear in the user ID.

To enable DNIS-based wholesale (VPDN) dial service along with applying call management after calls are answered, the following Cisco RPMS configurations are used:

Configuration>Customers>Add Customer
Configure a default customer profile for the desired customers. The customer profile contains the session and session overflow limits for the customers. A default customer profile needs to be assigned the Default DNIS group.
Configuration>Customers>DNIS Groups and Call Types
Assign the default DNIS group to the default customer profile. The default DNIS group is provided by Cisco RPMS and does not need to be created. Also, assign the desired call types to the default DNIS group.
Configuration>Resources>Groups and Configuration>Resources>Services
Configure the resource groups and optional resource modem services.

Note

Configuration>Customers>Resource Data
Assign the configured resource groups and services to the desired default customer profiles:
Configuration>Customers>VPDN
Configure the VPDN groups. In the VPDN group, specify the DNIS numbers. The DNIS numbers must be different than the DNIS numbers specified in any created DNIS groups.
- DNIS numbers are entered for the VPDN group.
- Tunneling protocol is l2f or l2tp.
- Tunnel ID is isp. This ID must match the remote name configured on the home gateway.
- VPDN IP endpoint is 10.5.5.13. This is IP address of the home gateway.
Configuration>Customers>VPDN Groups
Assign the configured VPDN groups to the default customer profile.

: VPDN home gateway data can be specified in the local AAA server or the Cisco RPMS VPDN group. An example local AAA server VPDN home gateway configuration is:

user = dnis:9495555555{
profile_id = 23
profile_cycle = 4
radius=Cisco11.3 {
check_items= {
2=cisco
}
reply_attributes= {
9,1="vpdn:ip-addresses=10.5.5.13"
9,1="vpdn:tunnel-id=isp"
9,1="vpdn:nas-password=cisco"
9,1="vpdn:gw-password=cisco"

: Cisco RPMS uses the VPDN session limit, VPDN session overflow limit, maximum MLP bundles, and maximum links per bundle specified in the VPDN group to manage the tunnel availability.

NAS Configurations

Make the following entires in the NAS configuration files:

Local AAA configuration:

Define AAA group servers

aaa group server tacacs+ coney
 server 10.3.15.2
!

Define the TACACS server for Telnet authentication:

aaa group server tacacs+ pagoda
 server 10.6.8.25
!

Define the TACACS server for PPP authentication:

aaa authentication login default pagoda							 //--it uses tacacs server group "pagoda" for telnet authentication--//
aaa authentication ppp default pagoda							 //--it uses tacacs server group "pagoda" for ppp user authentication--//

Define the AAA accounting server:

aaa accounting network default start-stop group pagoda										 //--it uses tacacs server group "pagoda" for accounting information --//

Enable resource pooling and configure resource groups, optional resource services, and aaa accounting:

resource-pool enable
resource-pool call treatment resource channel-not-available
resource-pool call treatment profile no-answer
!
resource-pool group resource digital
 range limit 10
!
resource-pool group resource async1
 range port 1/0 1/10
!
resource-pool group resource async2
 range port 1/11 1/20
!
resource-pool group resource async3
 range port 1/21 1/30
resource-pool aaa accounting ppp
resource-pool aaa protocol group coney

Enable VPDN:

vpdn enable			//--to enable vpdn--//ns

Configure TACACS connections. One TACACS connection is required for the NAS to communicate with Cisco RPMS:

tacacs-server host 10.6.8.25
tacacs-server host 10.3.15.2
tacacs-server key cisco
tacacs-server administration

: For the complete NAS configuration file, see "Configuration Files". For more detailed configuration and VPN information, refer to Cisco Access VPN Solutions Using Tunneling Technology.

Home Gateway Configurations

The home gateway router serves as the terminating device for the VPDN tunnels used for Cisco RPMS wholesale (VPDN) dial service. Make the following entries in the home gateway configuration files:

Define AAA authentication and authorizatio:n

aaa new-model
aaa authentication login default tacacs+
aaa authentication ppp default tacacs+   
aaa authorization network default tacacs+

Enable VPDN:

vpdn enable

Configure VPDN groups. Define the tunneling protocol and tunnel ID. These must match the VPDN group data configured in Cisco RPMS:

vpdn-group 1
 accept dialin l2f virtual-template 1 remote isp
 local name hg
!
vpdn-group 2
 accept dialin l2tp virtual-template 1 remote isp
 local name hg

Define the TACACS host:

tacacs-server host 10.5.55.47
tacacs-server key cisco

For more detailed configuration and VPN information, refer to Cisco Access VPN Solutions Using Tunneling Technology.

Multiple Home Gateways

Home gateway 1 (off-load router):

multilink virtual-template 1
!
sgbp group mystack
sgbp seed-bid offload
sgbp member qa5300e 10.1.0.33
sgbp member qa5300g 10.5.5.31
vpdn enable
vpdn multihop

Home gateway 2:

multilink virtual-template 1
!
sgbp group mystack
sgbp member apm7200 10.5.5.13
sgbp member qa5300e 10.1.0.33
vpdn enable
vpdn multihop

: For the complete NAS configuration file, see "Configuration Files". For more detailed configuration and VPN information, refer to Cisco Access VPN Solutions Using Tunneling Technology.

Non-DNIS Retail Dial Service

To enable retail dial service along with applying call management after calls are answered, use the following Cisco RPMS configurations:

Configuration>Customers>Add Customer
Configure a default customer profile for the desired customers. The Add Customer page allows you to specify session and session overflow limits for the customer. A default customer profile does not need to be called "default," but will have the'Default' DNIS group assigned to it.
Configuration>Customers>DNIS Groups and Call Types
Assign the default DNIS group to the desired default customer profile. The "Default" DNIS group applies to all DNIS numbers not specified in other DNIS groups.
Configuration>Resources>Groups and Configuration>Resources>Services
Configure the resource groups and optional resource modem services.

Note

Configuration>Customers>Resource Data
Assign the configured resource groups and services to the desired customer profiles.

: Because a VPDN group is not configured for these DNIS numbers, a VPDN tunnel is not available and the call is processed as a retail dial service call.

NAS Configuration

Make the following entries in the NAS configuration files:

Local AAA configuration:

Define AAA group servers:

aaa group server tacacs+ coney
 server 10.3.15.2
!

Define the TACACS server for Telnet authentication:

aaa group server tacacs+ pagoda
 server 10.6.8.25
!

Define the TACACS server for PPP authentication:

aaa authentication login default pagoda							 //--it uses tacacs server group "pagoda" for telnet authentication--//
aaa authentication ppp default pagoda							 //--it uses tacacs server group "pagoda" for ppp user authentication--//

Define the AAA accounting server:

aaa accounting network default start-stop group pagoda										 //--it uses tacacs server group "pagoda" for accounting information --//

Enable resource pooling and configure resource groups, optional resource services, and aaa accounting:

resource-pool enable
resource-pool call treatment resource channel-not-available
resource-pool call treatment profile no-answer
!
resource-pool group resource digital
 range limit 10
!
resource-pool group resource async1
 range port 1/0 1/10
!
resource-pool group resource async2
 range port 1/11 1/20
!
resource-pool group resource async3
 range port 1/21 1/30
resource-pool aaa accounting ppp
resource-pool aaa protocol group coney

Configure TACACS connections. One TACACS connection is required to enable RMP for the NAS to communicate with Cisco RPMS:

tacacs-server host 10.6.8.25
tacacs-server host 10.3.15.2
tacacs-server key cisco
tacacs-server administration

: For the complete NAS configuration file, see "Configuration Files".

NAS Group with Cisco RPMS (No Local AAA) Configuration

This network configuration is used to provide wholesale (VPDN) dial service to corporate customers and other ISPs when a local AAA server is not present. Without a local AAA server, retail dial service is not available.

Figure 3-2 shows Cisco RPMS with multiple connections to NASes. The wholesale (VPDN) connections are forwarded to VPDN tunnels using domain names or DNIS numbers.

Figure 3-2: NAS Group with Cisco RPMS (without AAA)

Using Cisco RPMS without a local AAA server provides the following call management and dial service offerings:

Call Management: Before Calls Are Answered
- DNIS-Based Wholesale (VPDN) Dial Service
Call Management: After Calls Are Answered
- Domain Name/DNIS-Based Wholesale (VPDN) Dial Service

The setup and configuration of each call management and dial service offering is described separately. The configurations outlined in this section use a single Cisco RPMS, three Cisco AS5300s without a local AAA server.

Call Management	Dial Service	Cisco RPMS Configuration
Before Calls Are Answered	DNIS-Based Wholesale (VPDN)	1. Configuration>Customer Create the desired customer profile. 2. Configuration>DNIS Create the desired DNIS group and call type. 3. Configuration>Resources>Group and Configuration >Resources>Service Configure the resource groups and services 4. Configuration>VPDN Configure the desired VPDN groups with DNIS and tunnel data. 5. Configuration>Customer Assign the DNIS group, resource groups/services and VPDN group to the customer profile.
After Calls Are Answered	DNIS-Based Wholesale (VPDN)	1. Configuration>Customer Create the desired default customer profile. 2. Configuration>DNIS Access the default DNIS group and assign a call type. 3. Configuration>Resources>Group and Configuration >Resources>Service Configure the resource groups and services 4. Configuration>VPDN Configure the desired VPDN groups with DNIS and tunnel data. 5. Configuration>Customer Assign the default DNIS group, resource groups/services and VPDN group to the default customer profile.
After Calls Are Answered	Domain Name Based Wholesale (VPDN)	1. Configuration>Customer Create the desired default customer profile. 2. Configuration>DNIS Access the default DNIS group and assign a call type. 3. Configuration>Resources>Group and Configuration >Resources>Service Configure the resource groups and services 4. Configuration>VPDN Configure the desired VPDN groups with domain name and tunnel data. 5. Configuration>Customer Assign the default DNIS group, resource groups/services and VPDN group to the default customer profile.

Table 3-2:

Call Management Dial Service Cisco RPMS Configuration

Before Calls Are Answered

DNIS-Based Wholesale (VPDN)

1. Configuration>Customer
Create the desired customer profile.

2. Configuration>DNIS
Create the desired DNIS group and call type.

3. Configuration>Resources>Group and
Configuration >Resources>Service
Configure the resource groups and services

4. Configuration>VPDN
Configure the desired VPDN groups with
DNIS and tunnel data.

5. Configuration>Customer
Assign the DNIS group, resource
groups/services and VPDN group to the
customer profile.

After Calls Are Answered

DNIS-Based Wholesale (VPDN)

1. Configuration>Customer
Create the desired default customer profile.

2. Configuration>DNIS
Access the default DNIS group and assign a
call type.

3. Configuration>Resources>Group and
Configuration >Resources>Service
Configure the resource groups and services

4. Configuration>VPDN
Configure the desired VPDN groups with
DNIS and tunnel data.

5. Configuration>Customer
Assign the default DNIS group, resource
groups/services and VPDN group to the
default customer profile.

After Calls Are Answered

Domain Name Based Wholesale (VPDN)

1. Configuration>Customer
Create the desired default customer profile.

2. Configuration>DNIS
Access the default DNIS group and assign a
call type.

3. Configuration>Resources>Group and
Configuration >Resources>Service
Configure the resource groups and services

4. Configuration>VPDN
Configure the desired VPDN groups with
domain name and tunnel data.

5. Configuration>Customer
Assign the default DNIS group, resource
groups/services and VPDN group to the
default customer profile.

Call Management/Dial Service/Configuration without Local AAA

Call Management: Before Answering Calls

Note The DNIS numbers in the configured DNIS groups must also be available in the required local exchange offices.

DNIS-Based Wholesale (VPDN) Dial Service

To enable wholesale (VPDN) dial service along with applying call management before calls are answered, use the following Cisco RPMS configurations:

Configuration>Customers>Add Customer
Configure a customer profile for each group of customers to whom this service is being offerred. The Add Customer page allows you to specify customer data along with session count and session overflow limits for each customer.
Configuration>DNIS
Configure DNIS groups/call types for the desired DNIS numbers. In the configuration example, the DNIS groups DGrp1/digital and DGrp2/speech with DNIS number 9495555555 are used.
Configuration>Customers>DNIS Groups and Call Types
Assign the configured DNIS groups/call types to the configured customer profiles.
Configuration>Resources>Groups and Configuration>Resources>Services
Configure the resource groups/call types and optional resource modem services. In the configuration example, the resource groups/call types are digital/digital for ISDN calls and asynch1/speech for modem calls.

Note

Configuration>Customers>Resource Data
Assign the configured resource groups and optional resource services to the desired customer profiles.
Configuration>Customers>VPDN
Configure the VPDN groups. In the VPDN group, specify either the DNIS numbers. The DNIS numbers must match the DNIS numbers specified in the assigned DNIS groups.
- The DNIS number for the VPDN group is also specified in the DNIS group (9495555555).
- Tunneling protocol is l2f or l2tp.
- Tunnel ID is isp. This ID must match the remote name configured on the home gateway.
- VPDN IP endpoint is 10.5.5.13. This is the home gateway IP address.
Configuration>Customers>VPDN Groups
Assign the configured VPDN groups to the customer profile.

: VPDN data is specified in the Cisco RPMS VPDN group. Cisco RPMS uses the session limits, session overflow limits, maximum MLP bundles, and maximum links per bundle specified in the VPDN group to manage the tunnel availability.

NAS Configuration

Make the following entries in the NAS configuration files:

Enable resource pooling and configure resource groups and any optional resource services:

resource-pool enable
resource-pool call treatment resource channel-not-available
resource-pool call treatment profile no-answer
!
resource-pool group resource digital
 range limit 10
!
resource-pool group resource async1
 range port 1/0 1/10
!
resource-pool group resource async2
 range port 1/11 1/20
!
resource-pool group resource async3
 range port 1/21 1/30

Enable VPDN:

vpdn enable			//--to enable vpdn--//

Configure TACACS connections. One TACACS connection is required to enable RMP for the NAS to communicate with Cisco RPMS:

tacacs-server host 10.6.8.25
tacacs-server host 10.3.15.2
tacacs-server key cisco
tacacs-server administration

: For the complete NAS configuration file, see "Configuration Files". For more detailed configuration and VPN information, refer to Cisco Access VPN Solutions Using Tunneling Technology.

Home Gateway Router Configuration

The home gateway router serves as the terminating device for the VPDN tunnels used for Cisco RPMS wholesale (VPDN) dial service. Make the following entries in the home gateway configuration files:

Define AAA authentication and authorization:

aaa new-model
aaa authentication login default tacacs+
aaa authentication ppp default tacacs+   
aaa authorization network default tacacs+

Enable VPDN:

vpdn enable

Configure VPDN groups. Define the tunneling protocol and tunnel ID. These must match the VPDN group data configured in Cisco RPMS:

vpdn-group 1
 accept dialin l2f virtual-template 1 remote isp
 local name hg
!
vpdn-group 2
 accept dialin l2tp virtual-template 1 remote isp
 local name hg

Define the TACACS host.

tacacs-server host 10.5.55.47
tacacs-server key cisco

For more detailed configuration and VPN information, refer to Cisco Access VPN Solutions Using Tunneling Technology.

Multiple Home Gateways

To configure SGBP on multiple home gateways, ensure the following configuration entries are added to the home gateway configuration files. The NAS is called qa5300e. The off-load router is called qa5300g. The second home gateway is called apm7200.

Home gateway 1 (off-load router):

multilink virtual-template 1
!
sgbp group mystack
sgbp seed-bid offload
sgbp member qa5300e 10.1.0.33
sgbp member qa5300g 10.5.5.31
vpdn enable
vpdn multihop

Home gateway 2:

multilink virtual-template 1
!
sgbp group mystack
sgbp member apm7200 10.5.5.13
sgbp member qa5300e 10.1.0.33
vpdn enable
vpdn multihop

For the complete home gateway configuration, see "Configuration Files". For more detailed configuration and VPN information, refer to Cisco Access VPN Solutions Using Tunneling Technology.

Call Management: After Calls Are Answered

Using this type of call management, Cisco RPMS answers all calls, using a default DNIS group/call type, enforces the session/overflow limits defined in a default customer profile, and assigns the available resources from the resource groups assigned to the default customer profile. If the session/overflow limits are not exceeded, and resources are available, Cisco RPMS continues processing the call. If a resource is not available, a channel not available (CNA) or busy call treatment can be used. When the telco group spans multiple NASes, CNA call treatment enables the switch to hunt across NASes for an available resource. If a default customer profile is not available, the call treatment can be configured to be no answer or busy.

Domain Name-Based Wholesale (VPDN) Dial Service

The advantages of domain name VPDN dial service is that DNIS numbers are not used and user groups can be easier to manage. In addition, new numbers do not need to be ordered each time a customer is added. However, in order for a user to access the home gateway through domain name wholesale service, the domain name must appear in the user ID. For example, if the username is "jdoe" and the domain name is "company.com", the user ID would be "jdoe@company.com".

To enable domain name-based wholesale (VPDN) dial service along with applying call management after calls are answered, use the following Cisco RPMS configurations:

Configuration>Customers>Add Customer
Configure a default customer profile for the desired customers. The customer profile contains session and session overflow limits applied to the customer. A default customer profile needs to be assigned the Default DNIS group.
Configuration>DNIS
Assign a call type to the default DNIS group. The default DNIS group is provided by Cisco RPMS and is used for all DNIS numbers not specified in other DNIS groups.
Configuration>Customers>DNIS Groups and Call Types
Assign the default DNIS group/call type to the default customer profile. The default DNIS group is provided by Cisco RPMS and does not need to be created.
Configuration>Resources>Groups and Configuration>Resources>Services
Configure the resource groups and optional resource modem services.

Note

Configuration>Customers>Resource Data
Assign the configured resource groups and optional resource modem services to the default customer profile.
Configuration>Customers>VPDN
Configure the VPDN groups. In the VPDN group, specify the domain name.
- Tunneling protocol is l2f or l2tp.
- Tunnel ID is isp. This ID must match the remote name configured on the home gateway.
- VPDN IP endpoint is 10.5.5.13. This is the home gateway IP address.
Configuration>Customers>VPDN Groups
Assign the configured VPDN groups to the default customer profile.

: VPDN data is specified in the Cisco RPMS VPDN group. Cisco RPMS uses the session limits, session overflow limits, maximum MLP bundles, and maximum links per bundle specified in the VPDN group to manage the tunnel availability.

NAS Configurations

Make the following entries in the NAS configuration files:

Enable resource pooling and configure resource groups and any optional resource services:

resource-pool enable
resource-pool call treatment resource channel-not-available
resource-pool call treatment profile no-answer
!
resource-pool group resource digital
 range limit 10
!
resource-pool group resource async1
 range port 1/0 1/10
!
resource-pool group resource async2
 range port 1/11 1/20
!
resource-pool group resource async3
 range port 1/21 1/30

Enable VPDN:

vpdn enable			//--to enable vpdn--//ns

Configure TACACS connections. One TACACS connection is required to enable RMP for the NAS to communicate with Cisco RPMS:

tacacs-server host 10.6.8.25
tacacs-server host 10.3.15.2
tacacs-server key cisco
tacacs-server administration

: For the complete NAS configuration file, see "Configuration Files". For more detailed configuration and VPN information, refer to Cisco Access VPN Solutions Using Tunneling Technology.

Home Gateway Configurations

The home gateway router serves as the terminating device for the VPDN tunnels used for Cisco RPMS wholesale (VPDN) dial service. Make the following entires in the home gateway configuration files:

Define AAA authentication and authorization:

aaa new-model
aaa authentication login default tacacs+
aaa authentication ppp default tacacs+   
aaa authorization network default tacacs+

Enable VPDN:

vpdn enable
vpdn multihop

Configure VPDN groups. Define the tunneling protocol and tunnel ID. These must match the VPDN group data configured in Cisco RPMS:

vpdn-group 1
 accept dialin l2f virtual-template 1 remote isp
 local name hg
!
vpdn-group 2
 accept dialin l2tp virtual-template 1 remote isp
 local name hg

Define the TACACS host:

tacacs-server host 10.5.55.47
tacacs-server key cisco

For more detailed configuration and VPN information, refer to Cisco Access VPN Solutions Using Tunneling Technology.

Multiple Home Gateways

Home gateway 1 (off-load router):

sgbp group mystack
sgbp seed-bid offload
sgbp member qa5300e 10.1.0.33
sgbp member qa5300g 10.5.5.31
vpdn enable
vpdn multihop

Home gateway :2

multilink virtual-template 1
!
sgbp group mystack
sgbp member apm7200 10.5.5.13
sgbp member qa5300e 10.1.0.33
vpdn enable
vpdn multihop

For the complete NAS configuration file, see "Configuration Files". For more detailed configuration and VPN information, refer to Cisco Access VPN Solutions Using Tunneling Technology.

DNIS-Based Wholesale (VPDN) Dial Service

To enable DNIS-based wholesale (VPDN) dial service along with applying call management after calls are answered, use the following Cisco RPMS configurations:

Configuration>Customers>Add Customer
Configure a default customer profile for the desired customers. The Add Customer page allows you to specify session and session overflow limits for the customer.
Configuration>DNIS
Assign a call type to the default DNIS group. The default DNIS group is provided by Cisco RPMS and is used for all DNIS numbers not specified in other DNIS groups.
Configuration>Customers>DNIS Groups and Call Types
Assign the default DNIS group/call type to the default customer profile.
Configuration>Resources>Groups and Configuration>Resources>Services
Configure the resource groups and optional resource modem services.

Note

Configuration>Customers>Resource Data
Assign the configured resource groups and optional resource modem services to the default customer profile.
Configuration>Customers>VPDN
Configure the VPDN groups. In the VPDN group, specify the DNIS numbers. The DNIS numbers must be different than the DNIS numbers specified in the assigned DNIS groups.
- The DNIS number for the VPDN group is different from the DNIS numbers specified in the DNIS groups (9495555555).
- Tunneling protocol is l2f or l2tp.
- Tunnel ID is isp. This ID must match the remote name configured on the home gateway.
- VPDN IP endpoint is 10.5.5.13. This is the home gateway IP address.
Configuration>Customers>VPDN Groups
Assign the configured VPDN groups to the default customer profile.

: VPDN data is specified in the Cisco RPMS VPDN group. Cisco RPMS uses the session limits, session overflow limits, maximum MLP bundles, and maximum links per bundle specified in the VPDN group to manage the tunnel availability.

NAS Configurations

Make the following entries in the NAS configuration files:

Enable resource pooling and configure resource groups and any optional resource services:

resource-pool enable
resource-pool call treatment resource channel-not-available
resource-pool call treatment profile no-answer
!
resource-pool group resource digital
 range limit 10
!
resource-pool group resource async1
 range port 1/0 1/10
!
resource-pool group resource async2
 range port 1/11 1/20
!
resource-pool group resource async3
 range port 1/21 1/30

Enable VPDN:

vpdn enable			//--to enable vpdn--//ns

Configure TACACS connections. One TACACS connection is required to enable RMP for the NAS to communicate with Cisco RPMS:

tacacs-server host 10.6.8.25
tacacs-server host 10.3.15.2
tacacs-server key cisco
tacacs-server administration

: For the complete NAS configuration file, see "Configuration Files". For more detailed configuration and VPN information, refer to Cisco Access VPN Solutions Using Tunneling Technology.

Home Gateway Configurations

The home gateway router serves as the terminating device for the VPDN tunnels used for Cisco RPMS wholesale (VPDN) dial service. Make the following entries in the home gateway configuration files:

Define AAA authentication and authorization:

aaa new-model
aaa authentication login default tacacs+
aaa authentication ppp default tacacs+   
aaa authorization network default tacacs+

Enable VPDN:

vpdn enable
vpdn multihop

Configure VPDN groups. Define the tunneling protocol and tunnel ID. These must match the VPDN group data configured in Cisco RPMS:

vpdn-group 1
 accept dialin l2f virtual-template 1 remote isp
 local name hg
!
vpdn-group 2
 accept dialin l2tp virtual-template 1 remote isp
 local name hg

Define the TACACS host:

tacacs-server host 10.5.55.47
tacacs-server key cisco

For more detailed configuration and VPN information, refer to Cisco Access VPN Solutions Using Tunneling Technology.

Multiple Home Gateways

Home gateway 1 (off-load router):

sgbp group mystack
sgbp seed-bid offload
sgbp member qa5300e 10.1.0.33
sgbp member qa5300g 10.5.5.31
vpdn enable
vpdn multihop

Home gateway 2:

multilink virtual-template 1
!
sgbp group mystack
sgbp member apm7200 10.5.5.13
sgbp member qa5300e 10.1.0.33
vpdn enable
vpdn multihop

For the complete NAS configuration file, see "Configuration Files". For more detailed configuration and VPN information, refer to Cisco Access VPN Solutions Using Tunneling Technology.

Call Discrimination

Resource pool management offers a call discrimination feature that enables rejection of calls based on a DNIS group and call type filter. When a call arrives at the NAS, the DNIS and call type are matched against a table of disallowed calls. If the DNIS and call type match entries in this table, the call is rejected.

Call discrimination can be used by customers to manage billing of calls to different types of resources. If the service provider has a different billing structure for modem calls and for digital calls, each call type will be assigned a different DNIS. When a user calls the DNIS, the call type must be of the allowed call type or the call is rejected.

Call discrimination in Cisco RPMS subjects calls to DNIS group and call type (bearer capability) restrictions specified in a call discrimination table so calls can be blocked and disconnected before they are assigned to Cisco NAS resources. For example, call discrimination can be used to restrict a specific DNIS group to a only modem calls by creating call discrimination settings for the DNIS group and the other call types (digital, V.110, and V.120). (See Figure 3-3.)

To configure call discrimination in Cisco RPMS:

Configuration>DNIS

: Create the desired DNIS Groups.

Configuration > Call Info > Discrimination

: In the Call Discrimination Table page enter a name for the call discrimination table entry in the CD Name field. Select the DNIS groups and call types that will be prevented from accessing this the Cisco NAS resources managed by this Cisco RPMS. Click Add to Table to enter the selected entries. The call discrimination entries are added to the table.

Note The supported call types are speech, digital, V.110, and V.120.

Figure 3-3 illustrates the Cisco RPMS call discrimination feature.

Figure 3-3: Call Discrimination)

Special Case: Data 0ver Voice Bearer Service

Data over Voice Bearer Services (DOVBS) is a dial service that uses a customer profile and an assigned resource group of digital resources to direct data calls with a speech call type to HDLC controllers.

To support ISDN DOVBS, use a DNIS group and a configured customer profile to direct the speech call to the appropriate digital resource.

The DNIS group that is assigned to the customer profile should have a call type of speech. The resource group assigned to this customer profile will be digital resources and also have a call type of speech, so the call will terminate on an HDLC controller rather than a modem.

To DOVBS, use the following Cisco RPMS configurations:

Configuration>Customers>Add Customer
Configure a customer profile for the group of customers to whom this service is being offerred. The Add Customer page allows you to specify customer data along with session count and session overflow limits for each customer.
Configuration>DNIS
Configure DNIS group and assign a speech call type. This is the call type used for the data over voice calls.
Configuration>Customers>DNIS Groups and Call Types
Assign the configured DNIS group with a speech call type to the configured customer profile.
Configuration>Resources>Groups and Configuration>Resources>Services
Configure the resource group for the digital resources and assign a speech call type to the resource group. This is the call type for the digital resource groups used for data over voice calls.

Perform any other Cisco RPMS configuration options.

Special Case: Signaling System 7

The call information between the Cisco SC2200 and Cisco Resource Pool Manager Server communicates as follows:

PSTN sends user call set up information to the Cisco SC2200.
SC2200 sends a call request to the NAS.
NAS sends the call request to the RPMS.
If the user is allowed a port on the NAS, the RPMS will send a positive response to the NAS and send the resource to be allocated to the call.
NAS sends a positive response to the SC2200.
SC2200 responds to the PSTN.
PSTN completes the call to the NAS.
NAS negotiates PPP with the user and ultimately sends the call to VPDN (L2F or L2TP).
VPDN requests tunnel information from the RPMS or from a local RADIUS server.
NAS establishes a tunnel or uses an existing tunnel to the Home Gateway.
User is authenticated by the RADIUS server behind the Home Gateway.

Figure 3-4 illustrates Cisco RPMS and SS7.

Figure 3-4: Cisco RPMS with Signaling System 7

Accounting Data

New AAA accounting start and stop records for customer profiles are created in the network access server for every call and forwarded to your local AAA accounting server in the single NAS environment.

If a Cisco RPMS is being used to manage the resources in a group of network access servers, the information for the accounting records is forwarded from the Cisco RPMS to the network access server for each call. The NAS then creates the new AAA accounting start and stop records for customer profiles and forwards the records to your local AAA accounting server.

At the same time, the Cisco RPMS creates a call detail record for each call. You will use the call detail record for billing purposes if you are not using local AAA accounting server in your network.

The sample local AAA accounting data shows start and stop records for DNIS-based wholesale (VPDN) using Cisco RPMS.

A typical local AAA accounting start record looks like this:

Tue Mar 23 10:44:19 1999
NAS-IP-Address = 10.1.0.33
NAS-Port = 20018
cisco-vsa-port-string = "Serial0:18"
NAS-Port-Type = ISDN-Sync
User-Name = "cisco"
Called-Station-Id = "9494444443"
Calling-Station-Id = "8888817"
Acct-Status-Type = Start
Acct-Authentic = Local
User-Service-Type = Framed-User
Acct-Session-Id = "00000006"
Framed-Protocol = PPP
cisco-avpair = "rm-rg-name=digital"
cisco-avpair = "rm-cp-name=All"
cisco-avpair = "rm-call-type=digital"
cisco-avpair = "rm-dnis-group-name=qa5300e"
cisco-avpair = "rm-call-count=1"
cisco-avpair = "connect-tx-speed=64000"
cisco-avpair = "connect-rx-speed=64000"
cisco-avpair = "rm-overflow-flag=Off"
cisco-avpair = "tunnel-id=isp"
cisco-avpair = "gw-name=hg"
cisco-avpair = "vpdn-domain="
cisco-avpair = "vpdn-active-sessions=1" Acct-Delay-Time = 0

Tue Mar 23 10:44:19 1999 NAS-IP-Address = 10.1.0.33 NAS-Port = 20018 cisco-vsa-port-string = "Serial0:18" NAS-Port-Type = ISDN-Sync User-Name = "cisco" Called-Station-Id = "9494444443" Calling-Station-Id = "8888817" Acct-Status-Type = Start Acct-Authentic = Local User-Service-Type = Framed-User Acct-Session-Id = "00000006" Framed-Protocol = PPP cisco-avpair = "rm-rg-name=digital" cisco-avpair = "rm-cp-name=All" cisco-avpair = "rm-call-type=digital" cisco-avpair = "rm-dnis-group-name=qa5300e" cisco-avpair = "rm-call-count=1" cisco-avpair = "connect-tx-speed=64000" cisco-avpair = "connect-rx-speed=64000" cisco-avpair = "rm-overflow-flag=Off" cisco-avpair = "tunnel-id=isp" cisco-avpair = "gw-name=hg" cisco-avpair = "vpdn-domain=" cisco-avpair = "vpdn-active-sessions=1" Acct-Delay-Time = 0

Tue Mar 23 10:44:41 1999
NAS-IP-Address = 10.1.0.33
NAS-Port = 20018
cisco-vsa-port-string = "Serial0:18"
NAS-Port-Type = ISDN-Sync
User-Name = "cisco"
Called-Station-Id = "9494444443"
Calling-Station-Id = "8888817"
Acct-Status-Type = Stop
Acct-Authentic = Local User-Service-Type = Framed-User
Acct-Session-Id = "00000006"
Framed-Protocol = PPP
Acct-Terminate-Cause = Lost-Carrier
Acct-Input-Octets = 444
Acct-Output-Octets = 98
Acct-Input-Packets = 13
Acct-Output-Packets = 8
Acct-Session-Time = 23
cisco-avpair = "rm-rg-name=digital"
cisco-avpair = "rm-cp-name=All"
cisco-avpair = "rm-call-type=digital"
cisco-avpair = "rm-dnis-group-name=qa5300e"
cisco-avpair = "rm-call-count=1"
cisco-avpair = "connect-tx-speed=64000"
cisco-avpair = "connect-rx-speed=64000"
cisco-avpair = "rm-overflow-flag=Off"
cisco-avpair = "tunnel-id=isp"
cisco-avpair = "gw-name=hg"
cisco-avpair = "vpdn-domain="
cisco-avpair = "vpdn-active-sessions=1"
Acct-Delay-Time = 0

A typical local AAA accounting stop record looks like this:

Tue Mar 23 10:44:41 1999 NAS-IP-Address = 10.1.0.33 NAS-Port = 20018 cisco-vsa-port-string = "Serial0:18" NAS-Port-Type = ISDN-Sync User-Name = "cisco" Called-Station-Id = "9494444443" Calling-Station-Id = "8888817" Acct-Status-Type = Stop Acct-Authentic = Local User-Service-Type = Framed-User Acct-Session-Id = "00000006" Framed-Protocol = PPP Acct-Terminate-Cause = Lost-Carrier Acct-Input-Octets = 444 Acct-Output-Octets = 98 Acct-Input-Packets = 13 Acct-Output-Packets = 8 Acct-Session-Time = 23 cisco-avpair = "rm-rg-name=digital" cisco-avpair = "rm-cp-name=All" cisco-avpair = "rm-call-type=digital" cisco-avpair = "rm-dnis-group-name=qa5300e" cisco-avpair = "rm-call-count=1" cisco-avpair = "connect-tx-speed=64000" cisco-avpair = "connect-rx-speed=64000" cisco-avpair = "rm-overflow-flag=Off" cisco-avpair = "tunnel-id=isp" cisco-avpair = "gw-name=hg" cisco-avpair = "vpdn-domain=" cisco-avpair = "vpdn-active-sessions=1" Acct-Delay-Time = 0

Call detail records contain the following data:

Customer
DNIS
Call type
Call count
CLID
NAS IP address
NAS modem ID

NAS name
Start time
Stop time
React reason
Response code
VPDN reject reason
Overflow count

Reference number
Resource group name
Service group name
Modem connect tx speed
Modem connect rx speed
Modem disconnect tx speed
Modem disconnect rx speed

Tunnel name
Bundle ID
Hgw IP addr
Hgw name
Terminate cause
Call end status
Reconstructed

Customer DNIS Call type Call count CLID NAS IP address NAS modem ID	NAS name Start time Stop time React reason Response code VPDN reject reason Overflow count	Reference number Resource group name Service group name Modem connect tx speed Modem connect rx speed Modem disconnect tx speed Modem disconnect rx speed	Tunnel name Bundle ID Hgw IP addr Hgw name Terminate cause Call end status Reconstructed

Cisco RPMS Fault Tolerance and Resiliency

Cisco RPMS offers a fault-tolerant and resilient dial service management solutions.

NAS fail-over list
Primary and backup Cisco RPMS
Database replication
Call context reconstruction
Backup customer profiles

Figure 3-5 illustrates a fault tolerant architecture using Cisco RPMS.

Figure 3-5: Fault Tolerance

NAS Fail-Over List

A NAS is configured with a list of RPMS servers and will always attempt to contact the first one on the list. If it cannot reach the first one, it tries the next one and so on. In a typical configuration, the primary RPMS would first on the list and the backup RPMS would be second.

Primary/Backup Cisco RPMS Servers

Cisco RPMS allows you to run standalone or with a backup Cisco RPMS server. Each Cisco RPMS backup server can support multiple primary Cisco RPMS servers. The Cisco RPMS backup server requires Oracle replication and provides a backup configuration and counters in case the primary Cisco RPMS server(s) becomes unavailable. Identical configuration settings (customer profiles, DNIS groups, resource groups, VPDN groups, and others) must be configured on the primary and backup Cisco RPMS servers.

Note Each Cisco RPMS primary server can have only one backup server.

As calls are received, the primary Cisco RPMS server locally checks its session counts to perform session management. Periodically, these local counts are sent to the backup Cisco RPMS server for synchronization. When the session counts get close to a session limit, the primary Cisco RPMS server changes to get the session count from the backup server for each call. Although this might affect performance when the customer profile gets close to its session limit, it ensures an accurate session count is maintained in the primary and backup servers, and prevents oversubscription. When the session counts return to a lower level, Cisco RPMS goes back to local session counts to perform session management.

Database Replication

This is accomplished using the Oracle Database Replication Manager and the Cisco RPMS DBServer component. All configuration is replicated among primary and backup Cisco RPMS servers. Configuration changes are automatically updated to peer Cisco RPMS servers through replication and the DBServer cache update mechanism.

Oracle replication ensures all Cisco RPMS databases are synchronized. However, because database replication is asynchronous, it does not maintain session counts. To ensure the backup Cisco RPMS knows the current session counts, the Distributed Session Management (DSM) authority is maintained on the backup server.

Call Context Reconstruction

This mechanism involves the NAS storing an attribute containing pertinent data about a call so that it can be used by the backup in a fail-over situation to rebuild the context of an active call that was opened on the primary RPMS. The rebuilt context ensures that the proper counters can be maintained and that a meaningful Call Detail Record is generated for the call when it closes.

Backup Customer Profiles

Backup customer profiles are customer profiles configured locally on the Cisco NAS and used to answer calls based on a configured allocation scheme when the link between the Cisco NAS and Cisco RPMS is unavailable.

The backup customer profile can contain all of the elements defined in a standard customer profile, including base-size or overflow parameters. However, when the connection between the Cisco NAS and Cisco RPMS is unavailable, session counting and session limits are not applied to incoming calls. Also, after the connection is reestablished, there is no synchronization of call counters between the Cisco NAS and Cisco RPMS.

To enable a backup profile:

Ensure the resource-pool aaa protocol group <name> local command is configured on the NAS. For example:

resource-pool enable 
resource-pool call treatment resource channel-not-available 
resource-pool call treatment profile no-answer 
! 
resource-pool group resource digital 
range limit 10 
! 
resource-pool group resource async1 
range port 1/0 1/10 
! 
resource-pool group resource async2 
range port 1/11 1/20 
! 
resource-pool group resource async3 
range port 1/21 1/30 
! 
resource-pool aaa protocol group redline local 
! 
tacacs-server host 150.1.1.4 port 49

Note

Ensure the Cisco RPMS customer profiles, dnis groups, and other configuration settings are also defined identically on the NAS and Cisco RPMS.

Distributed Session Management

If identical configurations are used across multiple primary Cisco RPMS servers, Distributed Session Management (DSM) technology can be used to aggregate the resource and session counts on a centralized Cisco RPMS server. This centralized Cisco RPMS server can also be configured as a backup server for multiple primary servers.

Note Cisco RPMS use of DSM is independent of any configured CiscoSecure DSM settings.

Figure 3-6 illustrates a DSM architecture across several Cisco RPMS servers.

Figure 3-6: Cisco RPMS with DSM

Standalone NAS without Cisco RPMS Configuration

This configuration can be used to provide wholesale (VPDN) dial service to corporate customers and retail dial service to end users from a single NAS using Cisco IOS Resource Pool Manager (RPM) without Cisco RPMS server solution.

Figure 3-7 shows multiple connections to a NAS. In this scenario, some connections can be forwarded through VPDN tunnels for wholesale (VPDN) dial service. Others can be authenticated locally for retail dial service.

This configuration does not use Cisco RPMS. If more than one Cisco NAS is used, all configuration must be manually performed on each NAS using Cisco IOS commands, and resource usage information is not shared between NASes.

Figure 3-7: NAS without Cisco RPMS

Note For more information on standalone NAS configurations, see the Cisco IOS Resource Pool Manager Feature Module available on Cisco Connection Online.

Table of Contents

Cisco Resource Pool Manager Server Scenarios