|
|
This chapter describes Cisco Resource Pool Management (RPM) feature. It includes the following main sections:
The following platforms support RPM in network access server standalone and group scenarios:
For a complete description of the commands mentioned in this chapter, see the Cisco IOS Dial Services Command Reference publication. To locate documentation of other commands that appear in this chapter, use the command reference master index or search online.
Cisco RPM enables telephone companies and Internet service providers (ISPs) to share dial resources for wholesale and retail dial network services. With RPM, telcos and ISPs can count, control, and manage dial resources and provide accounting for shared resources when implementing different service-level agreements.
You can configure RPM in a single, standalone Cisco network access server by using RPM or, optionally, across multiple network access server stacks by using one or more external Cisco Resource Pool Manager Servers (RPMS).
Cisco RPM gives data network service providers the capability to do the following:
 |
Note Ear and Mouth Feature Group B (E&M-FGB) is the only signalling type supported for channel-associated signalling (CAS) on T1 and T3 facilities; R2 is supported for E1 facilities. FG D is not supported. The Cisco IOS software collects DNIS digits for the signalling types FGB, PRI, and SS7 and only E&M-FGB and R2 CAS customer profiles are supported. For all other CAS signalling types, use the default DNIS group customer profiles. |
Cisco RPM manages both incoming calls and outgoing sessions. Cisco RPM differentiates dial customers through configured customer profiles based on the DNIS and call type determined at the time of an incoming call.
The components of incoming call management in the Cisco RPM are described in the following sections:
You can use Cisco RPM to answer all calls and differentiate customers by using VPDN profiles and groups. The components of outgoing session management in the Cisco RPM are described in the following sections:
|
Note These components of Cisco RPM are enabled after the network access server and other equipment has been initially set up, configured, and verified for proper operation of the dial, Point-to-Point Protocol (PPP), VPDN, and authentication, authorization, and accounting (AAA) segments. Refer to the Cisco IOS documentation for these other segments for installation, configuration, and troubleshooting information before attempting to use RPM. |
Configured DNIS groups and resource data can be associated to customer profiles. These customer profiles are selected by the incoming call DNIS number and call type and then used to identify resource allocations based on the associated resource groups and defined resource services.
After the call is answered, customer profiles can also be associated with VPDN groups so the configured VPDN sessions and other data necessary to set up or reject a VPDN session are applied to the answered calls. VPDN group data includes associated domain name or DNIS, IP addresses of endpoints, maximum sessions per endpoint, maximum Multilink PPP (MLP) bundles per VPDN group, maximum links per MLP bundle, and other tunnel information.
There are three types of customer profiles in Cisco RPM, which are described in the following sections:
Additionally, you can create a Customer Profile Template and associate it with a customer profile; it is then integrated into the customer profile.
A customer profile defines how and when to answer a call. Customer profiles include the following components (refer to Figure 30):
The incoming side of the customer profile determines if the call will be answered using parameters such as DNIS and call type from the assigned DNIS group and session limits. The call is then assigned the appropriate resource within the resource group defined in the customer profile. Each configured customer profile includes a maximum allowed session value and an overflow value. As sessions are started and ended, session counters are incremented and decremented so customer status is kept current. This information is used to monitor the customer resource limit and determine the appropriate call treatment based on the configured session limits.
The outgoing side of the customer profile directs the answered call to the appropriate destination:
Default customer profiles are used to provide session counting and resource assignment to incoming calls that do not match any of the configured DNIS groups. Although specific resources and DNIS groups can be assigned to customer profiles, default customer profiles allow resource pooling for the calls that do not match the configured DNIS groups or where the DNIS is not provided. Retail dial services and domain-based VPDN use default customer profiles.
When multiple default customer profiles are used, the call type (speech, digital, V.110, or V.120) of the default DNIS group is used to identify which default customer profile to use for an incoming call. At most, four default profiles (one for each call type) can be configured.
|
Note If default customer profiles are not defined, then calls that do not match a DNIS group in a customer profile are rejected with a "no answer" or "busy" call treatment sent to the switch. |
Backup customer profiles are customer profiles configured locally on the Cisco network access server and are used to answer calls based on a configured allocation scheme when the link between the Cisco network access server and Cisco RPMS is disabled. See the section "Configuring Customer Profiles Using Backup Customer Profiles" for more information about configuring backup customer profiles.
With RPM, users can also implement wholesale dial services without using VPDN tunnels to complete dial-in calls to destinations of the end customer. This capability is accomplished with components of the AAA groups and the PPP configurations.
The AAA group provides IP addresses of AAA servers for authentication and accounting. The PPP configurations allow users to configure the Cisco IOS PPP feature set on each customer profile. In this current implementation, PPP configuration is based on the following:
|
Note The AAA and PPP integration applies to a single network access server environment. |
To add PPP configurations to a customer profile, you must create a customer profile template. Once you create the template and associate it with a customer profile using the source template command, it is integrated into the customer profile.
The RPM customer profile template for the PPP command set, when used with the Cisco IOS feature, Server Groups Selected by DNIS, presents a strong single network access server solution for providers of wholesale dial services, as follows:
The section "Configuring a Customer Profile Template" later in this chapter describes how to create a customer profile template so that you can configure the Cisco IOS PPP features on a customer profile, but this section does not list the existing PPP command set. For information about the PPP command set, see the Cisco IOS Dial Services Command Reference publication.
A DNIS group is a configured list of DNIS numbers that correspond to the numbers dialed to access particular customers, service offerings, or both. Cisco RPM checks the DNIS number of inbound calls against the configured DNIS groups, as follows:
Supported call types are as follows:
|
Note Voice over IP, fax over IP, and dial-out calls are not supported in Cisco IOS Release 12.1 of RPM. |
Cisco RPM enables you to maximize the use of available shared resources within a Cisco network access server for various resource allocation schemes to support service-level agreements. Cisco RPM allows you to combine your Cisco network access server resource groups with call types (speech, digital, V.110, and V.120) and optional resource modem services. Resource groups and services are configured for customer profiles and assigned to incoming calls through DNIS groups and call types.
Resource groups have the following characteristics:
Resource assignments contain combinations of Cisco network access server resource groups, optional resource modem services, and call types. The network access server resources in resource groups that have not been assigned to a customer profile will not be used.
|
Note To support ISDN DoVBS, use a DNIS group and a configured customer profile to direct the speech call to the appropriate digital resource. The resource group assigned to this customer profile will be "digital resources" and also have a call type of "speech," so the call will terminate on an HDLC controller rather than a modem. |
A resource service contains a finite series of resource command strings that can be used to help dynamically configure an incoming connection.
Services supported by a resource group are determined by the combination of hardware and firmware installed. Currently, resource service options can be configured and applied to resource groups containing only MICA technologies modems. Resource services can be defined to affect minimum and maximum speed, modulation, error correction, and compression, as shown in Table 18.
| Service | Options | Comments |
|---|---|---|
min-speed | <300-56000>, any | Must be a V.90 increment. |
max-speed | <300-56000>, any | Must be a V.90 increment. |
modulation | k56flex, v22bis, v32bis, v34, v90, any | None |
error-correction | 1apm, mn14 | This is a hidden command. |
compression | mnps, v42bis | This is a hidden command. |
The VPDN group contains the data required to build a VPDN tunnel from the RPM network access server LAC to the LNS. In the context of RPM, VPDN is authorized by first associating a customer profile with a VPDN group, and second by associating the VPDN group to the DNIS group used for that customer profile. VPDN group data includes the endpoint IP addresses. Cisco RPM enables you to specify multiple IP endpoints for a VPDN group, as follows:
The VPDN group provides call management by allowing limits to be applied to both the number of MLP bundles per tunnel and the number of links per MLP bundle. Limits can also restrict the number of sessions per IP endpoint. If you require more granular control of VPDN counters, use VPDN profiles.
VPDN profiles allow for session and overflow limits to be imposed for a particular customer profile. These limits are unrelated to the limits imposed by the customer profile. A customer profile is associated with a VPDN profile. A VPDN profile is associated with a VPDN group. VPDN profiles are required only when these additional counters are required for VPDN usage per customer profile.
Call treatment determines how calls are handled when certain events require the call to be rejected. For example, if the session and overflow limits for one of your customers has been exceeded, any additional calls will receive a busy signal (refer to Table 19).
| Event | Call-Treatment Option | Results |
|---|---|---|
Customer profile not found | No answer (default) | The caller receives rings until the switch eventually times out. Implies that the network access server was appropriate, but resources were unavailable. The caller should try later. |
Busy | The switch drops the call from the network access server and sends a busy signal back to the caller. The call is rejected based on not matching a DNIS group/call type and customer profile. Can be used to immediately reject the call and free up the circuit. | |
Customer profile limits exceeded | Busy | The switch drops the call from the network access server and sends a busy signal back to the caller. |
Network access server resource not available | Channel not available (default)
| The switch sends the call to the next channel in the trunk group. The call can be answered, but the network access server does not have any available resources in the resource groups. Allows the switch to try additional channels until it gets to a different network access server in the same trunk group that has the available resources. |
Busy | The switch drops the call from the network access server and sends a busy signal back to the caller. Can be used when the trunk group does not span additional network access servers. | |
Call discrimination match | No answer | The caller receives rings until the switch eventually times out. |
On the incoming call management of the customer profile, the following sequence occurs to determine if a call is answered:
1. The incoming DNIS is mapped to a DNIS group; if there is no incoming DNIS number, or the DNIS number provided does not match any configured DNIS group, the DNIS group default is used.
2. The mapped DNIS group is checked against configured call discriminator profiles to confirm if this DNIS group/call-type combination is disallowed. If there is a match, the call is immediately rejected.
3. Once a DNIS group or a default DNIS group is identified, the customer profile associated with that DNIS group and the call type (from the bearer capability for ISDN call, statically configured for CAS calls) is selected. If there is no corresponding customer profile, the call is rejected.
4. The customer profile includes a session limit value and an overflow limit value. If these thresholds are not met, the call is then assigned the appropriate resource defined in the customer profile. If the thresholds are met, the call is rejected.
5. If resources are available from the resource group defined in the customer profile, the call is answered. Otherwise, the call is rejected.
6. As sessions start and end, the session counters increase and decrease, so the customer profile call counters are kept current.
Refer to Figure 31 for a graphical illustration of the RPM call processes.
After the call is answered and if VPDN is enabled, Cisco RPM checks the customer profile for an assigned VPDN group or profile. The outgoing session management of the customer profile directs the answered call to the appropriate destination (refer to Figure 32), as follows:
If a VPDN profile is found, the limits are checked, as follows:
If a VPDN group is found within the customer profile, the VPDN group data is used to build a VPDN tunnel, as follows:
If no VPDN profile is assigned to the customer profile and VPDN is enabled, non-RPM VPDN service is attempted. If the attempt fails, the call is processed as a retail dial service call if local AAA service is available.
You can generate accounting data for network dial service usage in network access server AAA attribute format.
You can configure the Cisco network access server to generate AAA accounting records for access to external AAA server option. The accounting start and stop records in AAA attribute format are sent to the external AAA server using either Remote Authentication Dial In User Service (RADIUS) server hosts or Terminal Access Controller Access Control System Plus (TACACS+) protocols for accounting data storage. Table 20 lists the new fields in the AAA accounting packets.
| Accounting Start Record | Accounting Stop Record |
|---|---|
Call-Type | Disconnect-Cause |
To support ISDN DoVBS, use a DNIS group and a configured customer profile to direct the speech call to the appropriate digital resource.
The resource group assigned to this customer profile will be "digital resources" and will also have a call type of speech, so the call will terminate on an HDLC controller rather than a modem.
RPM offers a call discrimination feature that rejects calls based on a DNIS group and call type filter. When a call arrives at the network access server, the DNIS and call type are matched against a table of disallowed calls. If the DNIS and call type match entries in this table, the call is rejected.
Call discrimination in Cisco RPM enables you to specify DNIS groups and call types to block and reject calls before they are assigned Cisco network access server resources or before any other Cisco RPM processing occurs. For example, call discrimination can be used to restrict a specific DNIS group to only modem calls by creating call discrimination settings for the DNIS group and the other call types (digital, V.110, and V.120); refer to Figure 33.
Call discrimination can be used by customers to manage billing of calls to different types of resources. If the service provider has a different billing structure for modem calls and for digital calls, each call type will be assigned a different DNIS. When a user calls the DNIS, the call type must be of the allowed call type or the call is rejected.
|
Note Supported call types are speech, digital, V.110, and V.120. |
A single network access server using Cisco RPM can provide the following:
Figure 34 and Figure 35 show multiple connections to a Cisco AS5300 network access server. Incoming calls to the network access server can use ISDN PRI signalling, CAS, or the SS7 signalling protocol. Figure 34 shows incoming calls that are authenticated locally for retail dial services, or forwarded through VPDN tunnels for wholesale dial services.
|
Note This implementation does not use Cisco RPMS. If you are not using Cisco RPMS and you have more than one Cisco network access server, you must manually configure each network access server by using Cisco IOS commands. Resource usage information is not shared between network access servers. |
Figure 35 shows a method of implementing wholesale dial services without using VPDN tunnels by creating individual customer profiles consisting of AAA groups and PPP configurations. The AAA groups provide IP addresses of AAA servers for authentication and accounting. The PPP configurations enable you to set different PPP parameter values on each customer profile. A customer profile typically includes the following PPP parameters:
|
Note The AAA and PPP integration applies to a single network access server environment; the external RPMS solution is not supported. |
For call processing, incoming calls are matched to a DNIS group and the customer profile associated with that DNIS group. If a match is found, the customer profile session and overflow limits are applied and if available, the required resources are allocated. If a DNIS group is not found, the customer profile associated with the default DNIS group is used. The call is rejected if a customer profile using the default DNIS group cannot be found.
After the call is answered and if VPDN is enabled, the Cisco RPM checks the customer profile for an assigned VPDN group or profile. If a VPDN group is found, Cisco RPM authorizes VPDN by matching the group domain name or DNIS with the incoming call. If a match is found, VPDN profile session and overflow limits are applied and, if the limits are not exceeded, tunnel negotiation begins. If the VPDN limits are exceeded, the call is disconnected.
If no VPDN profile is assigned to the customer profile and VPDN is enabled, non-RPM VPDN service will be attempted. If it fails, the call is processed as a retail dial service call if local AAA service is available.
Cisco RPM enables you to set base and overflow session limits in each customer profile. The base session limit determines the maximum number of nonoverflow sessions supported for a customer profile. When the session limit is reached, if overflow sessions are not enabled, any new calls are rejected. If overflow sessions are enabled, new sessions up to the session overflow limit are processed and marked as overflow for call handling and accounting.
The session overflow limit determines the allowable number of sessions above the session limit. If the session overflow limit is greater than zero, overflow sessions are enabled and the maximum number of allowed sessions is the session limit plus the session overflow limit. While the session overflow limit has been reached, any new calls are rejected. Table 21 summarizes the effects of session and session overflow limits.
Enabling overflow sessions is useful for allocating extra sessions for preferred customers at premium rates. Overflow sessions can also be useful for encouraging customers to adequately forecast bandwidth usage or for special events when normal session usage is exceeded. For example, if a customer is having a corporate-wide program and many people are expected to request remote access, you could enable many overflow sessions and charge a premium rate for the excess bandwidth requirements.
|
Note An overflow call is a call received while the session limit is exceeded and is in an overflow state. When a call is identified as an overflow call, the call maintains the overflow status throughout its duration, even if the number of current sessions returns below the session limit. |
| Base Session Limit | Session Overflow Limit | Call Handling |
|---|---|---|
0 | 0 | Reject all calls. |
10 | 0 | Accept up to 10 sessions. |
10 | 10 | Accept up to 20 sessions and mark sessions 11 to 20 as overflow sessions. |
0 | 10 | Accept up to 10 sessions and mark sessions 1 to 10 as overflow. |
All | 0 | Accept all calls. |
0 | All | Accept all calls and mark all calls as overflow. |
Cisco RPM enables you to configure base and overflow session limits per VPDN profile for managing VPDN sessions.
|
Note The VDPN session and session overflow limits are independent of the limits set in the customer profiles. |
The base VPDN session limit determines the maximum number of nonoverflow sessions supported for a VPDN profile. When the VPDN session limit is reached, if overflow sessions are not enabled, any new VPDN calls using the VPDN profile sessions are rejected. If overflow sessions are enabled, new sessions up to the session overflow limit are processed and marked as overflow for VPDN accounting.
The VPDN session overflow limit determines the number of sessions above the session limit allowed in the VPDN group. If the session overflow limit is greater than zero, overflow sessions are enabled and the maximum number of allowed sessions is the session limit plus the session overflow limit. While the session overflow limit has been reached, any new calls are rejected.
Enabling VPDN overflow sessions is useful for allocating extra sessions for preferred customers at premium rates. Overflow sessions are also useful for encouraging customers to adequately forecast bandwidth usage or for special events when normal session usage is exceeded. For example, if a customer is having a corporate-wide program and many people are expected to request remote access, you could enable many overflow sessions and charge a premium rate for the extra bandwidth requirements.
To ensure that resources are not consumed by a few users with MLP connections, Cisco RPM also enables you to specify the maximum number of MLP bundles that can open in a VPDN group. In addition, you can specify the maximum number of links for each MLP bundle.
For example, if standard ISDN users access the VPDN profile, limit this setting to two links per bundle. If video conferencing is used, increase this setting to accommodate the necessary bandwidth (usually six links). These limits have no overflow option and are configured under the VPDN group component.
Figure 36 and Figure 37 show logical flowcharts of RPM call processing for a standalone network access server with and without the RPM Direct Remote Services feature.
Figure 38 shows a typical resource pooling network scenario using RPMS.
Resource Manager Protocol (RMP) is a robust, recoverable protocol used for communication between the Cisco RPMS and the network access server. Each network access server client uses RMP to communicate resource management requests to the Cisco RPMS server. RPMS also periodically polls the network access server clients to query their current call information or address error conditions when they occur. RMP also allows for protocol attributes that make it extensible and enable support for customer billing requirements.
Figure 39 shows the relationship of Cisco RPMS and RMP.
|
Note RMP must be enabled on all network access servers that communicate with Cisco RPMS. |
Direct remote services is an enhancement to Cisco RPM implemented in Cisco IOS Release 12.0(7)T that enables service providers to implement wholesale dial services without using VPDN tunnels. A customer profile that has been preconfigured with a PPP template to define the unique PPP services for the wholesale dial customer is selected by the incoming DNIS and call type. At the same time, the DNIS is used to select AAA server groups for authentication/authorization and for accounting for the customer.
PPP Common Configuration Architecture (CCA) is the new component of the RPM customer profile that enables direct remote services. The full PPP command set available in Cisco IOS software is configurable per customer profile for wholesale dial applications. A customer profile typically includes the following PPP parameters:
The AAA session information is selected by the incoming DNIS. AAA server lists provide the IP addresses of AAA servers for authentication, authorization, and accounting in the wholesale local network of the customer. The server lists for both authentication and authorization and for accounting contain the server addresses, AAA server type, timeout, retransmission, and keys per server.
When direct remote services is implemented on a Cisco network access server, the following sequence occurs:
1. The network access server sends an authorization request packet to the AAA server by using the authentication method (PAP, CHAP, MSCHAP) that has been configured through PPP.
2. The AAA server accepts the authorization request and returns one of the following items to the network access server:
3. Depending on the response from the AAA server, the network access server assigns one of the following items to the user through the DNS/WINS:
|
Note If the AAA server sends back to the network access server a named IP address pool and that name does not exist on the network access server, the request for service is denied. If the AAA server does not send anything back to the network access server and there is an IP address pool name configured in the customer profile template, an address from that pool is used for the session. |
For information on SS7 implementation for RPM, see the document Cisco Resource Pool Manager Server 1.0 SS7 Implementation.
For more information about Cisco RPM, see the following documents:
Read and comply with the following restrictions and prerequisites before beginning RPM configuration:
For Cisco AS5200 and Cisco AS5300 access servers, Cisco IOS Release 12.0(4)XI1 or later releases must be running on the network access server.
The following tasks must be performed before starting configuration for RPM:
Perform the following tasks to configure your network access server for RPM:
See the section "Troubleshooting RPM" later in this chapter for troubleshooting tips. See the section "RPM Configuration Examples" at the end of this chapter for examples of how to configure RPM in your network.
To enable RPM, use the following commands beginning in global configuration mode:
| Command | Purpose | |
|---|---|---|
Step 1 |
| Enters global configuration mode. |
Step2 | Router(config)# resource-pool enable | Turns on RPM. |
Step3 | Router(config)# resource-pool call treatment resource channel-not-available | Creates a resource group for resource management. |
Step4 | Router(config)# resource-pool call treatment profile no-answer | Sets up the signal sent back to the telco switch in response to incoming calls. |
Step5 | Router(config) # resource-pool aaa protocol local | Specifies which protocol to use for resource management. |
|
NoteIf you have an RPMS, need not define VPDN groups/profiles, customer profiles, or DNIS groups on the network access server; you only need to define resource groups. Configure the remaining items by using the RPMS system. |
This configuration task is optional.
To configure DNIS groups, use the following commands beginning in global configuration mode:
| Command | Purpose | |
|---|---|---|
Step1 | Router(config)# dialer dnis group dnis-group-name | Creates a DNIS group. The name you specify in this step must match the name entered when configuring the customer profile. |
Step2 | Router(config-called-group)# call-type cas {digital | speech} | Statically sets the call-type override for incoming CAS calls. |
Step3 | Router(config-called-group)# number number | Enters DNIS numbers to be used in the customer profile. (Wildcards can be used.) |
For default DNIS service, no DNIS group configuration is required. The following characteristics and restrictions apply to DNIS group configuration:
Discriminator profiles enable you to process calls differently based on call type and DNIS combination.
To configure discriminator profiles, use the following commands beginning in global configuration mode:
| Command | Purpose | |
|---|---|---|
Step1 | Router(config)# resource-pool profile discriminator name | Creates a profile for the call discrimination. |
Step2 | Router(config-called-group)# call-type {all | digital | speech | v110 | v120} | Specifies the type of calls you want to block. The network access server will not answer these calls once they have been specified. |
Step3 | Router(config-called-group)# dnis group {dnis-group-name | default} | Enters the name of a DNIS group that is configured on the access server. Once a DNIS is associated with a call type in a discriminator, it cannot be used in any other discriminator. |
To configure resource groups, use the following commands beginning in global configuration mode:
| Command | Purpose | |
|---|---|---|
Step1 | Router(config)# resource-pool group resource name | Creates a resource group and assign it a name of up to 23 characters. |
Step2 | Router(config-resource-group)# range {port
{slot/port slot/port} | {limit number}
| Associates a range of modems or other physical resources with this resource group:
|
For external Cisco RPMS environments, configure resource groups on the network access server before defining them on external RPMS servers.
For standalone network access server environments, first configure resource groups before using them in customer profiles.
Resource groups can apply to multiple customer profiles.
|
NoteYou can separate physical resources into groups. However, do not put heterogeneous resources in the same group. Do not put MICA technologies modems in the same group as Microcom modems. Do not put modems and HDLC controllers in the same resource group. Do not configure the port and limit command parameters in the same resource group. |
To configure service profiles, use the following commands beginning in global configuration mode:
| Command | Purpose | |
|---|---|---|
Step1 | Router(config)# resource-pool profile service name | Creates a service profile and assign it a name of up to 23 characters. |
Step2 | Router(config-service-profil)# modem
min-speed {speed | any} max-speed {speed |
any [modulation value]}
| Specifies the desired modem parameter values. The range for min-speed and max-speed is 300 to 56000 bits per second. |
Service profiles are used to configure modem service parameters for MICA technologies modems. Note the following characteristics of service profiles:
To configure customer profiles, use the following commands beginning in global configuration mode:
| Command | Purpose | |
|---|---|---|
Step1 | Router(config)# resource-pool profile customer name | Creates a customer profile. |
Step2 | Router(config-customer-pro)# dnis group {dnis-group-name | default} | Includes a group of DNIS numbers in the customer profile. |
Step3 | Router(config-customer-pro)# limit base-size {number | all} | Specifies the base size usage limit. |
Step4 | Router(config-customer-pro)# limit
overflow-size {number | all}
| Specifies the oversize size usage limit. |
Step5 | Router(config-customer-pro)# resource WORD {digital | speech | v110 | v120} [service WORD] | Assigns resources and supported call types to the customer profile. |
Customer profiles are used so that service providers can assign different service characteristics to different customers. Note the following characteristics of customer profiles:
Default customer profiles are identical to standard customer profiles, except they do not have any associated DNIS groups. To define a default customer profile, use the reserved keyword default for the DNIS group:
| Command | Purpose | |
|---|---|---|
Step1 | Router(config)# resource-pool profile customer name | Assigns a name to the default customer profile. |
Step2 | Router(config-customer-pro)# dnis group default | Assigns the default DNIS group to the customer profile. This sets up the customer profile such that it will use the default DNIS configuration, which is automatically set on the network access server. |
The rest of the customer profile is configured as shown in the previous section "Configuring Customer Profiles."
Backup customer profiles are customer profiles configured locally on the Cisco network access server and are used to answer calls based on a configured allocation scheme when the link between the Cisco network access server and Cisco RPMS is disabled.
To enable the backup feature, you need to have already configured the following on the router:
The backup customer profile can contain all of the elements defined in a standard customer profile, including base size or overflow parameters. However, when the connection between the Cisco network access server and Cisco RPMS is unavailable, session counting and session limits are not applied to incoming calls. Also, after the connection is reestablished, there is no synchronization of call counters between the Cisco network access server and Cisco RPMS.
To configure customer profiles for using DoVBS, use the following commands beginning in global configuration command mode:
| Command | Purpose | |
|---|---|---|
Step1 | Router(config)# resource-pool profile customer name | Assigns a name to a customer profile. |
Step2 | Router(config-customer-pro)# dnis group name | Assigns a DNIS group to the customer profile. DNIS numbers are assigned as shown in the previous section. |
Step3 | Router(config)# limit base-size {number | all} | Specifies the VPDN base size usage limit. |
Step4 | Router(config)# limit overflow-size {number | all} | Specifies the VPDN overflow size usage limit. |
Step5 | Router(config-customer-pro)# resource name
{digital | speech | v110 | v120} [service
name] | Specifies resource names to use within the customer profile. |
To support ISDN DoVBS, use a DNIS group and a configured customer profile to direct the speech call to the appropriate digital resource. The DNIS group assigned to the customer profile should have a call type of speech. The resource group assigned to this customer profile will be digital resources and also have a call type of speech, so the call will terminate on an HDLC controller rather than a modem.
See the section "Customer Profile Configuration for DoVBS" at the end of this chapter for a configuration example.
Customer profile templates provide a way to keep each unique situation for a customer separate for both security and accountability. This is an optional configuration.
To configure a template and place it in a customer profile, ensure that all basic configurations and the RPM configurations have been completed and verified before attempting to configure the customer profile templates.
To add PPP configurations to a customer profile, create a customer profile template. Once you create the template and associate it with a customer profile by using the source template command, it is integrated into the customer profile.
To configure a template in RPM, use the following commands beginning in global configuration mode:
| Command | Purpose | |||
|---|---|---|---|---|
Step1 | Router(config)# template name | Creates a customer profile template and assign a unique name that relates to the customer that will be receiving it.
| ||
Step2 | Router(config-template)# peer default ip address pool pool-name | (Optional) Specifies that the customer profile to which this template is attached will use a local IP address pool with the specified name. | ||
Step3 | Router(config-template)# ppp authentication chap | (Optional) Sets the PPP link authentication method. | ||
Step4 | Router(config-template)# ppp multilink | (Optional) Enables Multilink PPP for this customer profile. | ||
Step5 | Router(config-template)# exit | Exits from template configuration mode; returns to global configuration mode. | ||
Step6 | Router(config)# resource-pool profile customer name | Enters customer profile configuration mode for the customer to which you wish to assign this template. | ||
Step7 | Router(config-customer-profi)#source template name | Attaches the customer profile template you have just configured to the customer profile. |
The following example shows a typical template configuration:
template Word
multilink {max-fragments frag-num | max-links num | min-links num}
peer match aaa-pools
peer default ip address {pool pool-name1 [pool-name2] | dhcp}
ppp ipcp {dns | wins} A.B.C.D [W.X.Y.Z]
resource-pool profile customer WORD
source template Word
aaa group-configuration aaa-group-name
template acme_direct
peer default ip address pool tahoe
ppp authentication chap isdn-users
ppp multilink
To verify your template configuration, perform the following steps:
Router# Router#show running-config begin template . . . template PPP1 peer default ip address pool pool1 pool2 ppp ipcp dns 10.1.1.1 10.1.1.2 ppp ipcp wins 10.1.1.3 10.1.1.4 ppp multilink max-links 2 . . .
Step 2 Ensure that your template appears in the configuration file.
| Command | Purpose | |
|---|---|---|
Step1 | Router(config)#resource -pool profile customer name | Assigns a name to a customer profile. |
Step2 | Router(config-customer-pr)#source templateRouter(config-customer-pr)#exitRouter(config)# | Associates the template with the customer profile. |
To verify the placement of your template in the customer profile, perform the following steps:
Router#show resource-pool customer
List of Customer Profiles:
CP1
CP2
Step 2 Look at the list of customer profiles and make sure that your profile appears in the list.
Step 3 To verify a particular customer profile configuration, enter the show resource-pool customer name EXEC command (where the customer profile name is "CP1"):
Router#show resource-pool customer CP1
97 active connections
120 calls accepted
210 max number of simultaneous connections
50 calls rejected due to profile limits
0 calls rejected due to resource unavailable
90 minutes spent with max connections
5 overflow connections
2 overflow states entered
0 overflow connections rejected
0 minutes spent in overflow
13134 minutes since last clear command
To configure AAA server groups, use the following commands beginning in global configuration mode:
| Command | Purpose | |
|---|---|---|
Step1 | Router(config)# aaa new-model | Enables AAA on the network access server. |
Step2 | Router(config)# radius-server key key | Set the authentication and encryption key used for all RADIUS or TACACS+ communications between the network access server and the RADIUS or TACACS+ daemon. |
Step3 | Router(config)# radius-server host {hostname
| ip-address key} [auth-port port acct-port
port]
| Specifies the host name or IP address of the server host before configuring the AAA server group. You can also specify the UDP destination ports for authentication and for accounting. |
Step4 | Router(config)# aaa group server {radius |
tacacs+} group-name
| Selects the AAA server type you want to place into a server group and assign a server group name. |
Step5 | Router(config-sg radius)# server ip-address | Specifies the IP address of the selected server type. This must be the same IP address that was assigned to the server host in Step 2. |
Step6 | Router(config-sg radius)# exit | Returns to global configuration mode. |
Step7 | Router(config)# resource-pool profile customer name | Enters customer profile configuration mode for the customer to which you wish to assign this AAA server group. |
Step8 | Router(config-customer-profil)# aaa group-configuration group-name | Associates this AAA server group (named in Step 4) with the customer profile named in Step 7. |
AAA server groups are lists of AAA server hosts of a particular type. The Cisco RPM currently supports RADIUS and TACACS+ server hosts. A AAA server group lists the IP addresses of the selected server hosts.
You can use a AAA server group to define a distinct list of AAA server hosts and apply this list to the Cisco RPM application. Note that the AAA server group feature works only when the server hosts in a group are of the same type.
A VPDN profile is required only if you want to impose limits on the VPDN tunnel that are separate from the customer limits.
To configure VPDN profiles, use the following commands beginning in global configuration mode:
| Command | Purpose | |
|---|---|---|
Step1 | Router(config)# resource-pool profile vpdn profile-name | Creates a VPDN profile and assigns it a profile name |
Step2 | Router(config-vpdn-profile)# limit base-size
{number | all}
| Specifies the maximum number of simultaneous base VPDN sessions to be allowed for this VPDN group under the terms of the service-level agreement (SLA). The range is 0 to 1000 sessions. If all sessions are to be designated as base VPDN sessions, specify all. |
Step3 | Router(config-vpdn-profile)# limit
overflow-size {number | all}
| Specifies the maximum number of simultaneous overflow VPDN sessions to be allowed for this VPDN group under the terms of the SLA. The range is 0 to 1000 sessions. If all sessions are to be designated as overflow VPDN sessions, specify all. |
Step4 | Router(config-vpdn-profile)# exit | Returns to global configuration mode. |
Step5 | Router(config)# resource-pool profile customer name | Enters customer profile configuration mode for the customer to which you wish to assign this VPDN group. |
Step6 | Router(config-customer-profi)# vpdn profile profile-name | Attaches the VPDN profile you have just configured to the customer profile to which it belongs, or, if the limits imposed by the VPDN profile are not required, attaches VPDN group instead (see the section "Configuring VPDN Groups" later in this chapter). |
To configure VPDN groups, use the following commands beginning in global configuration mode:
| Command | Purpose | |
|---|---|---|
Step1 | Router(config)# vpdn enable | Enables VPDN sessions on the network access server. |
Step2 | Router(config)# vpdn-group group-name | Creates a VPDN group and assigns it a unique name. Each VPDN group can have multiple endpoints (HGW/LNSs). |
Step3 | Router(config-vpdn)# request dialin {l2f |
l2tp} {ip ip-address} {domain domain-name |
dnis dnis-number}
| Specifies the tunneling protocol to be used to reach the remote peer defined by a specific IP address if a dial-in request is received for the specified domain name or DNIS number. The IP address that qualifies the session is automatically generated and need not be entered again. |
Step4 | Router(config-vpdn)# multilink {bundle number
| link number}
| Specifies the maximum number of bundles and links for all multilink users in the VPDN group. The range for both bundles and links is 0 to 32767. In general, each user requires one bundle. |
Step5 | Router(config-vpdn)# loadsharing ip ip-address [limit number] | Configures the endpoints for loadsharing. This router will share the load of IP traffic with the first router specified in Step 2. The limit keyword limits the number of simultaneous sessions that are sent to the remote endpoint (HGW/LNS). This limit can be 0 to 32767 sessions. |
Step6 | Router(config-vpdn)# backup ip ip-address [limit number] [priority number] | Sets up a backup HGW/LNS router. The number of sessions per backup can be limited. The priority number can be 2 to 32767. The highest priority is 2, which is the first HGW/LNS router to receive backup traffic. The lowest priority, which is the default, is 32767. |
Step7 | Router(config-vpdn)# exit | Returns to global configuration mode. |
Step8 | Router(config)# resource-pool profile vpdn profile-name | Enters either VPDN profile configuration mode or customer profile configuration mode, depending on whether you want to allow VPDN connections for a customer profile, or allow combined session counting on all of the VPDN sessions within a VPDN profile. |
Step9 | Router(config-vpdn-profile)# vpdn group group-name} | Attaches the VPDN group to either the VPDN profile or the customer profile specified in Step 7. |
A VPDN group consists of VPDN sessions that are combined and placed into a customer profile or a VPDN profile. Note the following characteristics of VPDN groups:
See the sections "Sample VPDN Configurations" and "VPDN Load Sharing and Backing Up Between Multiple HGW/LNSs" at the end of this chapter for examples of using VPDN with RPM.
To configure call discrimination, use the following commands beginning in global configuration mode:
| Command | Purpose | |
|---|---|---|
Step1 | | Creates a profile for the call discrimination.
|
Step2 | | Specifies the type of calls you want to block. The network access server will not answer these calls. |
Step3 |
| Enters the name of a DNIS group that is configured on the access server. |
|
NoteIf you have an RPMS, you need not define VPDN groups/profiles, customer profiles, or DNIS groups on the network access server---you need not define resource groups. The rest of the configuration can be done using the RPMS system. |
Session counting is provided for each VPDN profile. One session is brought up each time a remote client dials into a HGW/LNS router by using the network access server/LAC. Sessions are counted by using VPDN profiles. If you do not want to count the number of VPDN sessions, do not set up any VPDN profiles. VPDN profiles count sessions in one or more VPDN groups.
To configure VPDN profile session counting, use the following commands beginning in global configuration mode:
| Command | Purpose | |
|---|---|---|
Step1 | Router(config)# resource-pool profile vpdn name | Creates a VPDN profile. |
Step2 |
| Associates a VPDN group to the VPDN profile. VPDN sessions done within this VPDN group will be counted by the VPDN profile. |
Step3 | Router(config)# resource-pool profile customer name | Links the VPDN group to a customer profile. |
Step4 | Router(config-customer-profi) | Exits to EXEC mode to perform verification steps. |
To view VPDN group information configured under resource pooling, use the show resource-pool vpdn group command. In this example, two different VPDN groups are configured under two different customer profiles:
Router# show resource-pool vpdn group List of VPDN Groups under Customer Profiles Customer Profile customer1:customer1-vpdng Customer Profile customer2:customer2-vpdng List of VPDN Groups under VPDN Profiles VPDN Profile customer1-profile:customer1-vpdng
To display the contents of a specific VPDN group, use the show resource-pool vpdn group name command. This example contains one domain name, two DNIS called groups, and two endpoints:
Router# show resource-pool vpdn group customer2-vpdng VPDN Group customer2-vpdng found under Customer Profiles: customer2 Tunnel (L2TP) ------ dnis:cg1 dnis:cg2 dnis:jan Endpoint Session Limit Priority Active Sessions Status Reserved Sessions -------- ------------- -------- --------------- ------ ----------------- 172.21.9.67 * 1 0 OK - 1.1.1.1 * 2 0 OK - --------------- ------------- --------------- ----------------- Total * 0 0
To display the contents of a specific VPDN profile, use the show resource-pool vpdn profile name command, as follows:
Router# show resource-pool vpdn profile ? WORD VPDN profile name <cr> Router# show resource-pool vpdn profile customer1-profile 0 active connections 0 max number of simultaneous connections 0 calls rejected due to profile limits 0 calls rejected due to resource unavailable 0 overflow connections 0 overflow states entered 0 overflow connections rejected 1435 minutes since last clear command
|
NoteUse the debug vpdn event command to troubleshoot VPDN profile limits, session limits, and MLP connections. First, enable this command; then, send a call into the access server. Interpret the debug output and make configuration changes as needed. |
To debug the L2F or L2TP protocols, use the debug vpdn l2x command:
Router# debug vpdn l2x ? error VPDN Protocol errors event VPDN event l2tp-sequencing L2TP sequencing l2x-data L2F/L2TP data packets l2x-errors L2F/L2TP protocol errors l2x-events L2F/L2TP protocol events l2x-packets L2F/L2TP control packets packet VPDN packet
The Cisco IOS software enables you to limit the number of MLP bundles and links supported for each VPDN group. A bundle name consists of a username endpoint discriminator (for example, an IP address or phone number) sent during LCP negotiation.
To limit the number of MLP bundles in VPDN groups, use the following commands beginning in VPDN configuration mode:
| Command | Purpose | |
|---|---|---|
Step1 | Router(config)# vpdn-group name | Creates a VPDN group. |
Step2 | Router(config-vpdn)# multilink {bundle number | link number} | Limits the number of MLP bundles per VPDN group and links per bundle1. These settings limit the number of users that can multilink. |
| 1 Both the network access server/LAC and the HGW/LNS router must be configured to support multilink before a client can use multilink to connect to a HGW/LNS. |
The following example shows the show vpdn multilink command display for verifying MLP bundle limits:
Router# show vpdn multilink Multilink Bundle Name VPDN Group Active links Reserved links Bundle/Link Limit --------------------- ---------- ------------ -------------- ----------------- twv@anycompany.com vgdnis 0 0 */*
|
NoteUse the debug vpdn event and debug resource-pooling commands to troubleshoot VPDN profile limits, session limits, and MLP connections. First, enable this command; then, send a call into the access server. Interpret the debug output and make configuration changes as needed. |
To configure switched 56 over CT1 and RBS, use the following commands beginning in global configuration mode. Perform these tasks on the Cisco AS5200 and Cisco AS5300 access servers only.
| Command | Purpose | |
|---|---|---|
Step1 | Router(config)# controller t1 number | Specifies a controller. |
Step2 | Router(config-controller)# cas-group 0 timeslots 1-24 type e&m-fgb {dtmf | mf} {dnis} | Creates a CAS group and assigns time slots. |
Step3 | Router(config-controller)# framing {sf | esf} | Specifies framing. |
Step4 | Router(config-controller)# linecode {ami | b8zs} | Enters line code. |
Step5 | Router(config-controller)# exit | Exits to global configuration mode. |
Step6 | Router(config)# dialer dnis group name | Creates a dialer called group. |
Step7 | Router(config-called-group)# call-type cas digital | Assigns a call type as digital (switch 56). |
Step8 | Router(config)# interface serial number:number | Specifies logical serial interface, which was dynamically created when the cas-group command was issued. |
Step9 | Router(config-if)# | Configures the core protocol characteristics for the serial interface. |
Use the show dialer dnis command, as follows, to verify switched 56 over CT1:
Router# show dialer dnis group List of DNIS Groups: default mdm_grp1 Router# show dialer dnis group mdm_grp1 Called Number:2001 0 total connections 0 peak connections 0 calltype mismatches Called Number:2002 0 total connections 0 peak connections 0 calltype mismatches Called Number:2003 0 total connections 0 peak connections 0 calltype mismatches Called Number:2004 0 total connections 0 peak connections 0 calltype mismatches . . . Router# show dialer dnis number List of Numbers: default 2001 2002 2003 2004 . . .
The following sections provide call-counter and call-detail output for the different RPM components:
The following output of the show resource-pool call command shows the details for all current calls, including the customer profile and resource group, and the matched DNIS group:
Router# show resource-pool call Shelf 0, slot 0, port 0, channel 15, state RM_RPM_RES_ALLOCATED Customer profile ACME, resource group isdn-ports DNIS number 301001 Shelf 0, slot 0, port 0, channel 14, state RM_RPM_RES_ALLOCATED Customer profile ACME, resource group isdn-ports DNIS number 301001 Shelf 0, slot 0, port 0, channel 11, state RM_RPM_RES_ALLOCATED Customer profile ACME, resource group MICA-modems DNIS number 301001
The following output of the show resource-pool customer command shows the call counters for a given customer profile. These counters include historical data and can be cleared.
Router# show resource-pool customer ACME
3 active connections
41 calls accepted
3 max number of simultaneous connections
11 calls rejected due to profile limits
2 calls rejected due to resource unavailable
0 minutes spent with max connections
5 overflow connections
1 overflow states entered
11 overflow connections rejected
10 minutes spent in overflow
214 minutes since last clear command
The clear resource-pool command clears the call counters.
The following output of the show resource-pool discriminator command shows the call counters for a given discriminator profile. These counters include historical data and can be cleared.
Router# show resource-pool discriminator
List of Call Discriminator Profiles:
deny_DNIS
Router# show resource-pool discriminator deny_DNIS
1 calls rejected
The following output of the show resource-pool resource command shows the call counters for a given resource group. These counters include historical data and can be cleared.
Router# show resource-pool resource
List of Resources:
isdn-ports
MICA-modems
Router# show resource-pool resource isdn-ports
46 resources in the resource group
2 resources currently active
8 calls accepted in the resource group
2 calls rejected due to resource unavailable
0 calls rejected due to resource allocation errors
The following output of the show dialer dnis command shows the call counters for a given DNIS group. These counters include historical data and can be cleared.
Router# show dialer dnis group ACME_dnis_numbers DNIS Number:301001 11 total connections 5 peak connections 0 calltype mismatches
The following output of the show resource-pool vpdn command shows the call counters for a given VPDN profile or the tunnel information for a given VPDN group. These counters include historical data and can be cleared.
Router# show resource-pool vpdn profile ACME_VPDN
2 active connections
2 max number of simultaneous connections
0 calls rejected due to profile limits
0 calls rejected due to resource unavailable
0 overflow connections
0 overflow states entered
0 overflow connections rejected
215 minutes since last clear command
Router# show resource-pool vpdn group outgoing-2
VPDN Group outgoing-2 found under VPDN Profiles: ACME_VPDN
Tunnel (L2F)
------
dnis:301001
dnis:ACME_dnis_numbers
Endpoint Session Limit Priority Active Sessions Status Reserved Sessions
-------- ------------- -------- --------------- ------ -----------------
172.16.1.9 * 1 2 OK -
-------- ------------- --------------- -----------------
Total * 2 0
The following example of the show running EXEC command shows two different VPDN customer groups:
Router# show running Building configuration... . . . ! vpdn-group customer1-vpdng request dialin protocol l2f domain cisco.com domain cisco2.com dnis customer1-calledg initiate-to ip 172.21.9.67 loadsharing ip 172.21.9.68 limit 100 backup ip 172.21.9.69 priority 5 ! vpdn-group customer2-vpdng request dialin protocol l2tp dnis customer2-calledg domain acme.com initiate-to ip 172.22.9.5 !
The debug resource-pool command is useful as a first step to ensure proper operation. It is usually sufficient for most cases. Use the debug aaa authorization command for troubleshooting VPDN and modem service problems.
Problems that might typically occur are as follows:
|
NoteAlways enable the debug and log time stamps when troubleshooting RPM. |
This section provides the following topics for troubleshooting RPM:
The resource-pool component contains two modules---a dispatcher and a local resource-pool manager. The dispatcher interfaces with the signalling stack, resource-group manager, and AAA, and is responsible for maintaining resource-pool call state and status information. The state transitions can be displayed by enabling the resource-pool debug traces. Table 22 summarizes the resource pooling states.
| State | Description |
|---|---|
RM_IDLE | No call activity. |
RM_RES_AUTHOR | Call waiting for authorization, message sent to AAA. |
RM_RES_ALLOCATING | Call authorized, resource group manager allocating. |
RM_RES_ALLOCATED | Resource allocated, connection acknowledgment sent to signalling state. Call should get connected and become active. |
RM_AUTH_REQ_IDLE | Signalling module disconnected call while in RM_RES_AUTHOR. Waiting for authorization response from AAA. |
RM_RES_REQ_IDLE | Signalling module disconnected call while in RM_RES_ALLOCATING. Waiting for resource allocation response from resource group manager. |
The resource-pool state can be used to isolate problems. For example, if a call fails authorization in the RM_RES_AUTHOR state, investigate further with AAA authorization debugs to determine whether the problem lies in the resource-pool manager, AAA, or dispatcher.
The resource-pool component also contains local customer profiles and discriminators, and is responsible for matching, configuring, and maintaining the associated counters and statistics. The resource-pool component is responsible for the following:
| Command | Purpose |
|---|---|
debug resource-pool | This debug output should be sufficient for most RPM troubleshooting situations. |
debug aaa authorization | This debug output provides more specific information and shows the actual DNIS numbers passed and call types used. |
The following sample output of the debug resource-pool command displays a successful RPM connection. The entries in bold are of particular importance.
*Mar 1 02:14:57.439: RM state:RM_IDLE event:DIALER_INCALL DS0:0:0:0:21 *Mar 1 02:14:57.439: RM: event incoming call *Mar 1 02:14:57.443: RM state:RM_DNIS_AUTHOR event:RM_DNIS_RPM_REQUEST DS0:0:0:0:21 *Mar 1 02:14:57.447: RM:RPM event incoming call *Mar 1 02:14:57.459: RPM profile ACME found *Mar 1 02:14:57.487: RM state:RM_RPM_RES_AUTHOR event:RM_RPM_RES_AUTHOR_SUCCESS DS0:0:0:0:21 *Mar 1 02:14:57.487: Allocated resource from res_group isdn-ports *Mar 1 02:14:57.491: RM:RPM profile "ACME", allocated resource "isdn-ports" successfully *Mar 1 02:14:57.495: RM state:RM_RPM_RES_ALLOCATING event:RM_RPM_RES_ALLOC_SUCCESS DS0:0:0:0:21 *Mar 1 02:14:57.603: %LINK-3-UPDOWN: Interface Serial0:21, changed state to up *Mar 1 02:15:00.879: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0:21, changed state to up
The dialer component contains DNIS groups and is responsible for configuration, and maintenance of counters and statistics. The resource-pool component is responsible for the following:
Resource groups are created, maintained, allocated, freed, and tallied by the resource group manager. The resource group manager is also responsible for service profiles, which are applied to resources at call setup time. The resource group manager is responsible for:
Therefore, investigate the signalling stack when call attempts or call treatment behavior does not meet expectations. For ISDN, the debug isdn q931 command can be used to isolate errors between resource pooling, signalling stack, and switch. For CAS, the debug modem csm, service internal, and modem-mgmt csm debug-rbs commands are used on Cisco AS5200 and Cisco AS5300 access servers, while the debug csm and debug trunk cas port number timeslots number commands are used on the Cisco AS5800 access server.
In context with resource pooling, the AAA component is responsible for the following:
The VPDN component is responsible for the following:
The following output of the debug resource-pool command displays a customer profile that is not found for a particular DNIS group:
*Mar 1 00:38:21.011: RM state:RM_IDLE event:DIALER_INCALL DS0:0:0:0:3 *Mar 1 00:38:21.011: RM: event incoming call *Mar 1 00:38:21.015: RM state:RM_DNIS_AUTHOR event:RM_DNIS_RPM_REQUEST DS0:0:0:0:3 *Mar 1 00:38:21.019: RM:RPM event incoming call *Mar 1 00:38:21.103: RPM no profile found for call-type digital in default DNIS number *Mar 1 00:38:21.155: RM:RPM profile rejected do not allocate resource *Mar 1 00:38:21.155: RM state:RM_RPM_RES_AUTHOR event:RM_RPM_RES_AUTHOR_FAIL DS0:0:0:0:3 *Mar 1 00:38:21.163: RM state:RM_RPM_DISCONNECTING event:RM_RPM_DISC_ACK DS0:0:0:0:3
The following output of the debug resource-pool command displays an incoming call that is matched against a call discriminator profile:
*Mar 1 00:35:25.995: RM state:RM_IDLE event:DIALER_INCALL DS0:0:0:0:4 *Mar 1 00:35:25.999: RM: event incoming call *Mar 1 00:35:25.999: RM state:RM_DNIS_AUTHOR event:RM_DNIS_RPM_REQUEST DS0:0:0:0:4 *Mar 1 00:35:26.003: RM:RPM event incoming call *Mar 1 00:35:26.135: RM:RPM profile rejected do not allocate resource *Mar 1 00:35:26.139: RM state:RM_RPM_RES_AUTHOR event:RM_RPM_RES_AUTHOR_FAIL DS0:0:0:0:4 *Mar 1 00:35:26.143: RM state:RM_RPM_DISCONNECTING event:RM_RPM_DISC_ACK DS0:0:0:0:4
The following output of the debug resource-pool command displays what happens once the customer profile limits have been reached:
*Mar 1 00:43:33.275: RM state:RM_IDLE event:DIALER_INCALL DS0:0:0:0:9 *Mar 1 00:43:33.279: RM: event incoming call *Mar 1 00:43:33.279: RM state:RM_DNIS_AUTHOR event:RM_DNIS_RPM_REQUEST DS0:0:0:0:9 *Mar 1 00:43:33.283: RM:RPM event incoming call *Mar 1 00:43:33.295: RPM count exceeded in profile ACME *Mar 1 00:43:33.315: RM:RPM profile rejected do not allocate resource *Mar 1 00:43:33.315: RM state:RM_RPM_RES_AUTHOR event:RM_RPM_RES_AUTHOR_FAIL DS0:0:0:0:9 *Mar 1 00:43:33.323: RM state:RM_RPM_DISCONNECTING event:RM_RPM_DISC_ACK DS0:0:0:0:9
The following output of the debug resource-pool command displays the resources within a resource group all in use:
*Mar 1 00:52:34.411: RM state:RM_IDLE event:DIALER_INCALL DS0:0:0:0:19 *Mar 1 00:52:34.411: RM: event incoming call *Mar 1 00:52:34.415: RM state:RM_DNIS_AUTHOR event:RM_DNIS_RPM_REQUEST DS0:0:0:0:19 *Mar 1 00:52:34.419: RM:RPM event incoming call *Mar 1 00:52:34.431: RPM profile ACME found *Mar 1 00:52:34.455: RM state:RM_RPM_RES_AUTHOR event:RM_RPM_RES_AUTHOR_SUCCESS DS0:0:0:0:19 *Mar 1 00:52:34.459: All resources in res_group isdn-ports are in use *Mar 1 00:52:34.463: RM state:RM_RPM_RES_ALLOCATING event:RM_RPM_RES_ALLOC_FAIL DS0:0:0:0:19 *Mar 1 00:52:34.467: RM:RPM failed to allocate resources for "ACME"
Troubleshooting problems that might typically occur are as follows:
The following sample output of the debug resource-pool command displays a successful RPM/VPDN connection. The entries in bold are of particular importance.
*Mar 1 00:15:53.639: Se0:10 RM/VPDN/rm-session-request: Allocated vpdn info for domain NULL MLP Bundle SOHO *Mar 1 00:15:53.655: RM/VPDN/ACME_VPDN: VP LIMIT/ACTIVE/RESERVED/OVERFLOW are now 6/0/0/0 *Mar 1 00:15:53.659: RM/VPDN/ACME_VPDN: Session reserved for outgoing-2 *Mar 1 00:15:53.695: Se0:10 RM/VPDN: Session has been authorized using dnis:ACME_dnis_numbers *Mar 1 00:15:53.695: Se0:10 RM/VPDN/session-reply: NAS name HQ-NAS *Mar 1 00:15:53.699: Se0:10 RM/VPDN/session-reply: Endpoint addresses 172.16.1.9 *Mar 1 00:15:53.703: Se0:10 RM/VPDN/session-reply: VPDN tunnel protocol l2f *Mar 1 00:15:53.703: Se0:10 RM/VPDN/session-reply: VPDN Group outgoing-2 *Mar 1 00:15:53.707: Se0:10 RM/VPDN/session-reply: VPDN domain dnis:ACME_dnis_numbers *Mar 1 00:15:53.767: RM/VPDN: MLP Bundle SOHO Session Connect with 1 Endpoints: *Mar 1 00:15:53.771: IP 172.16.1.9 OK *Mar 1 00:15:53.771: RM/VPDN/rm-session-connect/ACME_VPDN: VP LIMIT/ACTIVE/RESERVED/OVERFLOW are now 6/1/0/0 *Mar 1 00:15:54.815: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0:10, changed state to up *Mar 1 00:15:57.399: %ISDN-6-CONNECT: Interface Serial0:10 is now connected to SOHO
The following sample output of the debug resource-pool command displays when there is no VPDN group associated with an incoming DNIS group. However, the output of the debug resource-pool command, as shown here, does not effectively reflect the problem:
*Mar 1 03:40:16.483: Se0:15 RM/VPDN/rm-session-request: Allocated vpdn info for domain NULL MLP Bundle SOHO *Mar 1 03:40:16.515: Se0:15 RM/VPDN/rm-session-request: Authorization failed *Mar 1 03:40:16.527: %VPDN-6-AUTHORERR: L2F NAS HQ-NAS cannot locate a AAA server for Se0:15 user SOHO *Mar 1 03:40:16.579: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up *Mar 1 03:40:17.539: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0:15, changed state to up *Mar 1 03:40:17.615: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to up *Mar 1 03:40:19.483: %ISDN-6-CONNECT: Interface Serial0:15 is now connected to SOHO
Whenever the debug resource-pool command offers no further assistance besides the indication that authorization has failed, enter the debug aaa authorization command to further troubleshoot the problem. In this case, the debug aaa authorization command output appears as the following example:
*Mar 1 04:03:49.846: Se0:19 RM/VPDN/rm-session-request: Allocated vpdn info for domain NULL MLP Bundle SOHO *Mar 1 04:03:49.854: Se0:19 AAA/AUTHOR/RM vpdn-session (3912941997): Port='DS0:0:0:0:19' list='default' service=RM *Mar 1 04:03:49.858: AAA/AUTHOR/RM vpdn-session: Se0:19 (3912941997) user='301001' *Mar 1 04:03:49.862: Se0:19 AAA/AUTHOR/RM vpdn-session (3912941997): send AV service=resource-management *Mar 1 04:03:49.866: Se0:19 AAA/AUTHOR/RM vpdn-session (3912941997): send AV protocol=vpdn-session *Mar 1 04:03:49.866: Se0:19 AAA/AUTHOR/RM vpdn-session (3912941997): send AV rm-protocol-version=1.0 *Mar 1 04:03:49.870: Se0:19 AAA/AUTHOR/RM vpdn-session (3912941997): send AV rm-nas-state=3278356 *Mar 1 04:03:49.874: Se0:19 AAA/AUTHOR/RM vpdn-session (3912941997): send AV rm-call-handle=27 *Mar 1 04:03:49.878: Se0:19 AAA/AUTHOR/RM vpdn-session (3912941997): send AV multilink-id=SOHO *Mar 1 04:03:49.878: Se0:19 AAA/AUTHOR/RM vpdn-session (3912941997): found list "default" *Mar 1 04:03:49.882: Se0:19 AAA/AUTHOR/RM vpdn-session (3912941997): Method=LOCAL *Mar 1 04:03:49.886: Se0:19 AAA/AUTHOR/RM/local (3912941997): Received AV service=resource-management *Mar 1 04:03:49.890: Se0:19 AAA/AUTHOR/RM/local (3912941997): Received AV protocol=vpdn-session *Mar 1 04:03:49.890: Se0:19 AAA/AUTHOR/RM/local (3912941997): Received AV rm-protocol-version=1.0 *Mar 1 04:03:49.894: Se0:19 AAA/AUTHOR/RM/local (3912941997): Received AV rm-nas-state=3278356 *Mar 1 04:03:49.898: Se0:19 AAA/AUTHOR/RM/local (3912941997): Received AV rm-call-handle=27 *Mar 1 04:03:49.902: Se0:19 AAA/AUTHOR/RM/local (3912941997): Received AV multilink-id=SOHO *Mar 1 04:03:49.906: Se0:19 AAA/AUTHOR/VPDN/RM/LOCAL: Customer ACME has no VPDN group for session dnis:ACME_dnis_numbers *Mar 1 04:03:49.922: Se0:19 AAA/AUTHOR (3912941997): Post authorization status = FAIL
The following output of the debug resource-pool command displays that VPDN profile limits have been reached:
*Mar 1 04:57:53.762: Se0:13 RM/VPDN/rm-session-request: Allocated vpdn info for domain NULL MLP Bundle SOHO *Mar 1 04:57:53.774: RM/VPDN/ACME_VPDN: VP LIMIT/ACTIVE/RESERVED/OVERFLOW are now 0/0/0/0 *Mar 1 04:57:53.778: RM/VPDN/ACME_VPDN: Session outgoing-2 rejected due to Session Limit *Mar 1 04:57:53.798: Se0:13 RM/VPDN/rm-session-request: Authorization failed *Mar 1 04:57:53.802: %VPDN-6-AUTHORFAIL: L2F NAS HQ-NAS, AAA authorization failure for Se0:13 user SOHO; At Session Max *Mar 1 04:57:53.866: %ISDN-6-DISCONNECT: Interface Serial0:13 disconnected from SOHO, call lasted 2 seconds *Mar 1 04:57:54.014: %LINK-3-UPDOWN: Interface Serial0:13, changed state to down *Mar 1 04:57:54.050: RM state:RM_RPM_RES_ALLOCATED event:DIALER_DISCON DS0:0:0:0:13 *Mar 1 04:57:54.054: RM:RPM event call drop *Mar 1 04:57:54.054: Deallocated resource from res_group isdn-ports
The following debug resource-pool command display shows that VPDN group limits have been reached. From this display, the problem is not obvious. To troubleshoot further, use the debug aaa authorization command described in the "Troubleshooting RPMS" section later in this chapter:
*Mar 1 05:02:22.314: Se0:17 RM/VPDN/rm-session-request: Allocated vpdn info for domain NULL MLP Bundle SOHO *Mar 1 05:02:22.334: RM/VPDN/ACME_VPDN: VP LIMIT/ACTIVE/RESERVED/OVERFLOW are now 5/0/0/0 *Mar 1 05:02:22.334: RM/VPDN/ACME_VPDN: Session reserved for outgoing-2 *Mar 1 05:02:22.358: Se0:17 RM/VPDN/rm-session-request: Authorization failed *Mar 1 05:02:22.362: %VPDN-6-AUTHORFAIL: L2F NAS HQ-NAS, AAA authorization failure for Se0:17 user SOHO; At Multilink Bundle Limit *Mar 1 05:02:22.374: %ISDN-6-DISCONNECT: Interface Serial0:17 disconnected from SOHO, call lasted 2 seconds *Mar 1 05:02:22.534: %LINK-3-UPDOWN: Interface Serial0:17, changed state to down *Mar 1 05:02:22.570: RM state:RM_RPM_RES_ALLOCATED event:DIALER_DISCON DS0:0:0:0:17 *Mar 1 05:02:22.574: RM:RPM event call drop *Mar 1 05:02:22.574: Deallocated resource from res_group isdn-ports
The following output of the debug resource-pool command displays that the IP endpoint for the VPDN group is not reachable:
*Mar 1 05:12:22.330: Se0:21 RM/VPDN/rm-session-request: Allocated vpdn info for domain NULL MLP Bundle SOHO *Mar 1 05:12:22.346: RM/VPDN/ACME_VPDN: VP LIMIT/ACTIVE/RESERVED/OVERFLOW are now 5/0/0/0 *Mar 1 05:12:22.350: RM/VPDN/ACME_VPDN: Session reserved for outgoing-2 *Mar 1 05:12:22.382: Se0:21 RM/VPDN: Session has been authorized using dnis:ACME_dnis_numbers *Mar 1 05:12:22.386: Se0:21 RM/VPDN/session-reply: NAS name HQ-NAS *Mar 1 05:12:22.386: Se0:21 RM/VPDN/session-reply: Endpoint addresses 172.16.1.99 *Mar 1 05:12:22.390: Se0:21 RM/VPDN/session-reply: VPDN tunnel protocol l2f *Mar 1 05:12:22.390: Se0:21 RM/VPDN/session-reply: VPDN Group outgoing-2 *Mar 1 05:12:22.394: Se0:21 RM/VPDN/session-reply: VPDN domain dnis:ACME_dnis_numbers *Mar 1 05:12:25.762: %ISDN-6-CONNECT: Interface Serial0:21 is now connected to SOHO *Mar 1 05:12:27.562: %VPDN-5-UNREACH: L2F HGW 172.16.1.99 is unreachable *Mar 1 05:12:27.578: RM/VPDN: MLP Bundle SOHO Session Connect with 1 Endpoints: *Mar 1 05:12:27.582: IP 172.16.1.99 Destination unreachable
Router# debug aaa authorization AAA Authorization debugging is on Router# show debug General OS: AAA Authorization debugging is on Resource Pool: resource-pool general debugging is on
The following displays of the debug resource-pool and debug aaa authorization commands show a successful RPM connection:
*Mar 1 06:10:35.450: AAA/MEMORY: create_user (0x723D24) user='301001' ruser=''port='DS0:0:0:0:12' rem_addr='102' authen_type=NONE service=NONE priv=0 *Mar 1 06:10:35.462: DS0:0:0:0:12 AAA/AUTHOR/RM call-accept (2784758907): Port='DS0:0:0:0:12' list='default' service=RM *Mar 1 06:10:35.466: AAA/AUTHOR/RM call-accept: DS0:0:0:0:12 (2784758907) user= '301001' *Mar 1 06:10:35.470: DS0:0:0:0:12 AAA/AUTHOR/RM call-accept (2784758907): send AV service=resource-management *Mar 1 06:10:35.470: DS0:0:0:0:12 AAA/AUTHOR/RM call-accept (2784758907): send AV protocol=call-accept *Mar 1 06:10:35.474: DS0:0:0:0:12 AAA/AUTHOR/RM call-accept (2784758907): send AV rm-protocol-version=1.0 *Mar 1 06:10:35.478: DS0:0:0:0:12 AAA/AUTHOR/RM call-accept (2784758907): send AV rm-nas-state=7513368 *Mar 1 06:10:35.482: DS0:0:0:0:12 AAA/AUTHOR/RM call-accept (2784758907): send AV rm-call-type=speech *Mar 1 06:10:35.486: DS0:0:0:0:12 AAA/AUTHOR/RM call-accept (2784758907): send AV rm-request-type=dial-in *Mar 1 06:10:35.486: DS0:0:0:0:12 AAA/AUTHOR/RM call-accept (2784758907): send AV rm-link-type=isdn *Mar 1 06:10:35.490: DS0:0:0:0:12 AAA/AUTHOR/RM call-accept (2784758907): found list "default" *Mar 1 06:10:35.494: DS0:0:0:0:12 AAA/AUTHOR/RM call-accept (2784758907): Method=LOCAL *Mar 1 06:10:35.498: DS0:0:0:0:12 AAA/AUTHOR/RM/local (2784758907): Received DNIS=301001 *Mar 1 06:10:35.498: DS0:0:0:0:12 AAA/AUTHOR/RM/local (2784758907): Received CLID=102 *Mar 1 06:10:35.502: DS0:0:0:0:12 AAA/AUTHOR/RM/local (2784758907): Received Port=DS0:0:0:0:12 *Mar 1 06:10:35.506: DS0:0:0:0:12 AAA/AUTHOR/RM/local (2784758907): Received AV service=resource-management *Mar 1 06:10:35.510: DS0:0:0:0:12 AAA/AUTHOR/RM/local (2784758907): Received AV protocol=call-accept *Mar 1 06:10:35.510: DS0:0:0:0:12 AAA/AUTHOR/RM/local (2784758907): Received AV rm-protocol-version=1.0 *Mar 1 06:10:35.514: DS0:0:0:0:12 AAA/AUTHOR/RM/local (2784758907): Received AV rm-nas-state=7513368 *Mar 1 06:10:35.518: DS0:0:0:0:12 AAA/AUTHOR/RM/local (2784758907): Received AV rm-call-type=speech *Mar 1 06:10:35.522: DS0:0:0:0:12 AAA/AUTHOR/RM/local (2784758907): Received AV rm-request-type=dial-in *Mar 1 06:10:35.526: DS0:0:0:0:12 AAA/AUTHOR/RM/local (2784758907): Received AV rm-link-type=isdn *Mar 1 06:10:35.542: AAA/AUTHOR (2784758907): Post authorization status = PASS_REPL *Mar 1 06:10:35.546: DS0:0:0:0:12 AAA/AUTHOR/RM/call-accept (2784758907): Processing AV service=resource-management *Mar 1 06:10:35.550: DS0:0:0:0:12 AAA/AUTHOR/RM/call-accept (2784758907): Processing AV protocol=call-accept *Mar 1 06:10:35.554: DS0:0:0:0:12 AAA/AUTHOR/RM/call-accept (2784758907): Processing AV rm-protocol-version=1.0 *Mar 1 06:10:35.558: DS0:0:0:0:12 AAA/AUTHOR/RM/call-accept (2784758907): Processing AV rm-response-code=overflow *Mar 1 06:10:35.558: DS0:0:0:0:12 AAA/AUTHOR/RM/call-accept (2784758907): Processing AV rm-call-handle=47 *Mar 1 06:10:35.562: DS0:0:0:0:12 AAA/AUTHOR/RM/call-accept (2784758907): Processing AV rm-call-count=2 *Mar 1 06:10:35.566: DS0:0:0:0:12 AAA/AUTHOR/RM/call-accept (2784758907): Processing AV rm-cp-name=ACME *Mar 1 06:10:35.570: DS0:0:0:0:12 AAA/AUTHOR/RM/call-accept (2784758907): Processing AV rm-rg-name#0=MICA-modems *Mar 1 06:10:35.574: DS0:0:0:0:12 AAA/AUTHOR/RM/call-accept (2784758907): Processing AV rm-rg-service-name#0=gold *Mar 1 06:10:35.578: DS0:0:0:0:12 AAA/AUTHOR/RM/call-accept (2784758907): Processing AV rm-call-treatment=busy *Mar 1 06:10:35.582: DS0:0:0:0:12 AAA/AUTHOR/RM/call-accept (2784758907): Processing AV rm-call-type=speech
This section provides the following configuration examples:
The following example demonstrates a basic RPM configuration:
resource-pool enable resource-pool call treatment resource busy resource-pool call treatment profile no-answer ! resource-pool group resource isdn-ports range limit 46 resource-pool group resource MICA-modems range port 1/0 2/23 ! resource-pool profile customer ACME limit base-size 30 limit overflow-size 10 resource isdn-ports digital resource MICA-modems speech service gold dnis group ACME_dnis_numbers ! resource-pool profile customer DEFAULT limit base-size 10 resource MICA-modems speech service silver dnis group default resource-pool profile discriminator deny_DNIS call-type digital dnis group bye-bye ! resource-pool profile service gold modem min-speed 33200 max-speed 56000 modulation v90 resource-pool profile service silver modem min-speed 19200 max-speed 33200 modulation v34 ! resource-pool aaa protocol local ! dialer dnis group ACME_dnis_numbers number 301001 dialer dnis group bye-bye number 301005
To allow ISDN calls with a speech bearer capability to be directed to digital resources, make the following change (highlighted in bold) to the configuration shown in the previous section, "Standard Configuration for RPM":
resource-pool profile customer ACME limit base-size 30 limit overflow-size 10 resource isdn-ports speech dnis group ACME_dnis_numbers
This change causes ISDN speech calls (in addition to ISDN digital calls) to be directed to the resource "isdn-ports"; thus, ISDN speech calls provide DoVBS.
The following example shows a direct remote services configuration:
resource-pool profile customer ACME limit base-size 30 limit overflow-size 10 resource isdn-ports digital resource MICA-modems speech service gold dnis group ACME_dnis_numbers aaa group-configuration tahoe source template acme_direct ! resource-pool profile customer DEFAULT limit base-size 10 resource MICA-modems speech service silver dnis group default resource-pool profile discriminator deny_DNIS call-type digital dnis group bye-bye ! resource-pool profile service gold modem min-speed 33200 max-speed 56000 modulation v90 resource-pool profile service silver modem min-speed 19200 max-speed 33200 modulation v34 ! resource-pool aaa protocol local ! template acme_direct peer default ip address pool tahoe ppp authentication chap isdn-users ppp multilink ! dialer dnis group ACME_dnis_numbers number 301001 dialer dnis group bye-bye number 301005
Adding the following commands to those listed in the section "Standard Configuration for RPM" earlier in this chapter allows you to use VPDN by setting up a VPDN profile and a VPDN group:
|
NoteIf the limits imposed by the VPDN profile are not required, do not configure the VPDN profile. Replace the vpdn profile ACME_VPDN command under the customer profile ACME with the vpdn group outgoing-2 command. |
resource-pool profile vpdn ACME_VPDN limit base-size 6 limit overflow-size 0 vpdn group outgoing-2 ! resource-pool profile customer ACME limit base-size 30 limit overflow-size 10 resource isdn-ports digital resource MICA-modems speech service gold dnis group ACME_dnis_numbers vpdn profile ACME_VPDN vpdn enable ! vpdn-group outgoing-2 request dialin protocol 12f dnis ACME_dnis_numbers local name HQ-NAS initiate-to ip 172.16.1.9 multilink bundle 1 multilink link 2 ! dialer dnis group ACME_dnis_numbers number 301001
The Cisco IOS software enables you to balance and back up VPDN sessions across multiple tunnel endpoints (HGW/LNS). When a user or session comes into the network access server/LAC, a VPDN load-balancing algorithm is triggered and applied to the call. The call is then passed to an available HGW/LNS. You can modify this function by limiting the number of sessions supported on an HGW/LNS router and limiting the number of MLP bundles and links.
Figure 40 shows an example of one network access server/LAC directing calls to two HGW/LNS routers by using the L2TP tunneling protocol. Each router has a different number of supported sessions and works at a different speed. The network access server/LAC is counting the number of active simultaneous sessions sent to each HGW/LNS.
In a standalone network access server environment (no RPMS server used), the network access server has complete knowledge of the status of tunnel endpoints. Balancing across endpoints is done by a "least-filled tunnel" or a "next-available round robin" approach. In an RPMS-controlled environment, RPMS has the complete knowledge of tunnel endpoints. However, the network access server still has the control over those tunnel endpoints selected by RPMS.
A standalone network access server uses the following default search criteria for load-balancing traffic across multiple endpoints (HGW/LNS):
|
NoteThis default search order criteria is independent of the Cisco RPMS application scenario. A standalone network access server uses a different load-sharing algorithm than the Cisco RPMS. This search criteria will change as future enhancements become available. |
vpdn enable ! vpdn-group outgoing-2 request dialin protocol l2tp dnis ACME_dnis_numbers local name HQ-NAS initiate-to ip 172.16.1.9 loadsharing ip 172.16.1.9 limit 200 loadsharing ip 172.16.2.17 limit 50 backup ip 172.16.3.22
Posted: Tue Jul 18 15:12:12 PDT 2000
Copyright 1989-2000©Cisco Systems Inc.