Table of Contents
Configuring Dial Services
After a call is answered, dial service management determines whether the call is authenticated locally or with a home gateway through a Virtual Private Dial-Up Network (VPDN) tunnel. Cisco Resource Pool Manager Server (Cisco RPMS) supports the following types of dial services:
- Dialed number information service (DNIS) VPDN dial service
- Domain name VPDN dial service
- Local authentication, authorization, and accounting (AAA) dial service
VPDN groups contain the information required to establish a tunnel with a home gateway, the maximum number of sessions and overflow sessions, the IP address(es) of the home gateway(s), the DNISes that belong to the VPDN group, and threshold settings.
Note Alerts are generated when thresholds are exceeded. Because 100% can never be exceeded, setting a threshold to 100% is equivalent to disabling it.
To create a DNIS-based VPDN group and add it to a customer profile, complete the following procedures:
- Create a VPDN group
- Add the home gateway IP address(es) to the VPDN group
- Associate DNIS numbers with the VPDN group
- Add the VPDN group to a customer profile
Note The VPDN group must be assigned to the same customer profile as the DNIS group.
To create a VPDN group, follow these steps:
Step 1 Select Configuration:VPDN and click Add VPDN Group.
The Add a New VPDN Group page appears.
Step 2 Enter the VPDN group name.
Note Cisco RPMS supports spaces in the VPDN group name. For example, you can name a VPDN group "Customer1 VPDN Group."
Step 3 Enter a VPDN group description. The Description field is for informational purposes and has no effect on the operation of Cisco RPMS.
Step 4 Configure the following tunnel information:
- Select the tunneling protocol (L2F or L2TP).
- Enter the tunnel ID. The tunnel ID must match the VPDN incoming statement on the home gateway. For more information, refer to documentation regarding the vpdn incoming command in the Cisco IOS Configuration Guide.
- If this is an L2TP tunnel, enter the L2TP password.
- Enter the NAS password. The home gateway uses this password to authenticate with the NAS.
Step 5 Configure the following home gateway information:
- Enter the home gateway name. This field is for informational purposes and does not affect the Cisco RPMS.
- Enter any descriptive information in the Home Gateway Info field. This field is for informational purposes and does not affect the Cisco RPMS.
- Enter the home gateway password. The NAS uses this password to authenticate with the home gateway.
Step 6 Configure the following VPDN information:
- Enter the maximum number of standard VPDN sessions in the Group Session Limit field. For unlimited sessions, select No Limit.
- Enter the Group Session Threshold (in percent). When this threshold is exceeded, an alert notification is generated. For example, if the VPDN group session limit is 100 and the threshold is 85%, an alert will be generated when 86 or more sessions are logged on simultaneously.
- Enter the maximum number of overflow sessions in the Group Session Overflow Limit field. For unlimited sessions, select No Limit.
- Overflow sessions are useful for billing excess sessions at a premium rate. For example, if a customer is having a live "all hands" meeting and many people are expected to view the meeting remotely, you could set the overflow sessions to No Limit and charge a premium rate for the excess bandwidth requirements.
- Multilink PPP (MLP) bundles can improve throughput by splitting packets and sending them over parallel links. However, if many users are connecting via MLP, the group session limit might be quickly exceeded. To prevent this from occurring, enter a maximum number of MLP connections in the Maximum MLP Bundles.
- Enter the maximum number of number of links for each MLP bundle in the Maximum Links per Bundle field.
- For example, if this VPDN group is restricted to standard ISDN connections only, enter 2. If this VPDN group is used for video conferencing, you might enter 6.
Step 7 Click Add.
The VPDN group is created.
Step 8 Follow the procedures described in the "Adding the Home Gateway IP Address(es)" section and the "Associating DNISes" section.
At least one home gateway IP address must be specified for a VPDN group. If more than one home gateway IP address is specified, sessions are load-balanced (round-robin) between the IP addresses.
Note If these home gateways will receive MLP connections, you must configure Stack Group Bidding Protocol (SGBP). For more information, see "Configuring Stack Group Bidding Protocol."
The Cisco RPMS sends three IP addresses at a time. For example, if the IP addresses of eight NASes were 1.1.1.1, 2.2.2.2, 3.3.3.3, 4.4.4.4, 5.5.5.5, 6.6.6.6, 7.7.7.7, and 8.8.8.8, requests would be sent in the following order:
1.1.1.1,2.2.2.2,3.3.3.3
4.4.4.4,5.5.5.5,6.6.6.6,
7.7.7.7,8.8.8.8,1.1.1.1
Note To prevent traffic from being directed to the same home gateways, do not use home gateways in increments of three.
To add the home gateway IP address(es) to a VPDN group, follow these steps:
Step 1 Select from the following:
- If you just created a VPDN group, click the VPDN Group IP Data button on the bottom of the Add a New VPDN Group page.
- If you are adding home gateway IP addresses to an existing DNIS group, select Configuration:VPDN and click the VPDN group's VPDN Group IP button at the bottom of the page.
Step 2 Enter the IP address of a home gateway in the IP Address field.
Step 3 Enter the maximum number of sessions that this home gateway can accept in the Limit field. For unlimited sessions, select the No Limit check box.
Step 4 Enter the IP endpoint threshold in the Threshold field. When this threshold is exceeded, an alert notification is generated. For example, if the session limit is 10 and the threshold is 70%, an alert will be generated when 8 or more sessions are simultaneously logged on to this home gateway IP address.
Step 5 Click Add to VPDN Group.
The IP address is added.
Step 6 Repeat Steps 2 through 5 for each home gateway IP address.
After a call is answered, the NAS sends a VPDN request to the Cisco RPMS to set up a VPDN tunnel using a domain name or a DNIS number. In order for the NASes to set up tunnels, you must enter all DNIS numbers that are associated with the customer profile.
To add the DNIS number(s) to a VPDN group, follow these steps:
Step 1 Select from the following:
- If you just created a VPDN group, click the VPDN Group Domain/DNIS Numbers button at the bottom of the Add a New VPDN Group page.
- If you are adding numbers to an existing DNIS group, select Configuration:VPDN and click the VPDN group's View VPDN Group button. Then, click VPDN Group DNIS/Domain at the bottom of the page.
Step 2 Enter a DNIS number in the Domain/DNIS field as it appears from the end office switch. DNIS numbers sent from an end office switch are usually a single block of numbers that includes the area code and no delimiters (for example, spaces, hyphens, periods, and commas).
Step 3 Click Add to VPDN Group.
The DNIS number is added.
Step 4 Repeat Steps 2 and 3 for each DNIS number.
To add a VPDN group to a customer profile, follow these steps:
Step 1 Select Configuration:Customers and click the customer profile's VPDN Groups button. The Valid VPDN Groups page appears.
Step 2 Select a VPDN group from the list box.
Step 3 Click Add to Customer.
Step 4 Repeat this procedure for each VPDN group that you want to add to this customer profile.
Note The VPDN group must be assigned to the customer profile that the DNIS group is assigned.
VPDN groups contain the information required to establish a tunnel with a home gateway, the maximum number of sessions, the IP address(es) of the home gateway(s), the domain names that belong to the VPDN group, and threshold settings.
Note In order for a user to access the home gateway through a domain name, the domain name must appear in the user ID. For example, if the username is "jdoe" and the domain name is "company.com," the user ID would be "jdoe@company.com."
Note Alerts are generated when thresholds are exceeded. Because 100% can never be exceeded, setting a threshold to 100% is equivalent to disabling it.
To create a domain name VPDN group and add it to a customer profile, complete the following procedures:
- Create a VPDN group
- Add the home gateway IP address(es) to the VPDN group
- Associate domain names with the VPDN group
- Add the VPDN group to a customer profile
Step 1 Select Configuration:VPDN and click Add VPDN Group.
The Add a New VPDN Group page appears.
Step 2 Enter the VPDN group name.
Note Cisco RPMS supports spaces in the VPDN group name.
Step 3 Enter a VPDN group description. The Description field is for informational purposes and has no effect on the operation of Cisco RPMS.
Step 4 Configure the following tunnel information:
- Select the tunneling protocol (L2F or L2TP).
- Enter the tunnel ID. The tunnel ID must match the VPDN incoming statement on the home gateway. For more information, refer to documentation regarding the vpdn incoming command in the Cisco IOS Configuration Guide.
- If this is an L2TP tunnel, enter the L2TP password.
- Enter the NAS password. The home gateway uses this password to authenticate with the NAS.
Step 5 Configure the following home gateway information:
- Enter the home gateway name. This field is for informational purposes and does not affect the Cisco RPMS.
- Enter any descriptive information in the Home Gateway Info field. This field is for informational purposes and does not affect the Cisco RPMS.
- Enter the home gateway password. The NAS uses this password to authenticate with the home gateway.
Step 6 Configure the following VPDN information:
- Enter the maximum number of standard VPDN sessions in the Group Session Limit field. For unlimited sessions, select No Limit.
- Enter the Group Session Threshold (in percent). When this threshold is exceeded, an alert notification is generated. For example, if the VPDN group session limit is 100 and the threshold is 85%, an alert will be generated when 86 or more sessions are logged on simultaneously.
- Enter the maximum number of overflow sessions in the Group Session Overflow Limit field. For unlimited sessions, select No Limit.
- Overflow session are useful for billing excess sessions at a premium rate. For example, if a customer is having a live "all hands" meeting and many people are expected to view the meeting remotely, you could set the overflow sessions to No Limit and charge a premium rate for the excess bandwidth requirements.
- Multilink PPP (MLP) bundles can improve throughput by splitting packets and sending them over parallel links. However, if many users are connecting via MLP, the group session limit might be quickly exceeded. To prevent this from occurring, enter a maximum number of MLP connections in the Maximum MLP Bundles.
- Enter the maximum number of number of links per each MLP bundle in the Maximum Links per Bundle field.
- For example, if this VPDN group is restricted to standard ISDN connections only, enter 2. If this VPDN group is used for video conferencing, you might enter 6.
Step 7 Click Add. The VPDN group is created.
Step 8 Follow the procedures described in the "Adding the Home Gateway IP Address(es)" section and the "Associating Domain Names" section.
At least one home gateway IP address must be specified for a VPDN group. If more than one home gateway IP address is specified, sessions are load-balanced (round-robin) between the IP addresses.
Note If these home gateways will receive MLP connections, you must configure Stack Group Bidding Protocol (SGBP). For more information, see "Configuring Stack Group Bidding Protocol."
The Cisco RPMS sends three IP addresses at a time. For example, if the IP addresses of eight NASes were 1.1.1.1, 2.2.2.2, 3.3.3.3, 4.4.4.4, 5.5.5.5, 6.6.6.6, 7.7.7.7, and 8.8.8.8, requests would be sent in the following order:
1.1.1.1,2.2.2.2,3.3.3.3
4.4.4.4,5.5.5.5,6.6.6.6,
7.7.7.7,8.8.8.8,1.1.1.1
Note To prevent traffic from being directed to the same home gateways, do not use home gateways in increments of three.
To add the home gateway IP address(es) to a VPDN group, follow these steps:
Step 1 Select from the following:
- If you just created a VPDN group, click VPDN Group IP Data at the bottom of the Add a New VPDN group page.
- If you are adding home gateway IP addresses to an existing DNIS group, select Configuration:VPDN and click the VPDN group's VPDN Group IP button at the bottom of the page.
Step 2 Enter the IP address of a home gateway in the IP Address field.
Step 3 Enter the maximum number of sessions that this home gateway can accept in the Limit field. For unlimited sessions, select the No Limit check box.
Step 4 Enter the IP endpoint threshold in the Threshold field. When this threshold is exceeded, an alert notification is generated. For example, if the session limit is 10 and the threshold is 70%, an alert will be generated when 8 or more sessions are simultaneously logged on to this home gateway IP address.
Step 5 Click Add to VPDN Group.
The IP address is added.
Step 6 Repeat Steps 2 through 5 for each home gateway IP address.
After a call is answered, the NAS sends a VPDN request to the Cisco RPMS to set up a VPDN tunnel using a domain name or a DNIS number. In order for the NASes to set up tunnels, you must enter all domain names that are associated with the customer profile.
To add the domain name(s) to a VPDN group, follow these steps:
Step 1 Select from the following:
- If you just created a VPDN group, click the VPDN Group Domain/DNIS Numbers button on the bottom of the Add a New VPDN Group page.
- If you are adding domain names to an existing DNIS group, select Configuration > VPDN and click the VPDN group's VPDN Group DNIS/Domain button.
Step 2 Enter a domain name in the Domain/DNIS field.
Step 3 Click Add to VPDN Group.
The domain name is added.
Step 4 Repeat Steps 2 and 3 for each domain name.
To add a VPDN group to a customer profile, follow these steps:
Step 1 Select Configuration:Customers and click the customer profile's VPDN Groups button.
The Valid VPDN Groups page appears.
Step 2 Select a VPDN group from the list box.
Step 3 Click Add to Customer.
Step 4 Repeat this procedure for each VPDN group that you want to add to this customer profile.
After a call is answered, the NAS sends a request to the Cisco RPMS for VPDN information based on a domain name or DNIS number. If the Cisco RPMS cannot find VPDN information, the NAS uses the DNIS or domain name to attempt to build a VPDN tunnel locally or from the AAA server.
If the NAS cannot get VPDN information from the Cisco RPMS, locally, or from a AAA server, the NAS assumes the call is a retail dial customer and authenticates the call with the local AAA server.
To configure local AAA authentication, set up a local AAA server. Any calls that are not sent to a home gateway through a VPDN tunnel will be authenticated locally.
Posted: Thu Aug 31 07:32:29 PDT 2000
Copyright 1989-2000©Cisco Systems Inc.
