Table of Contents
Advertisement
Configuration Examples for ISG Automatic Subscriber Logon
Authentication status: authen
Rules, actions and conditions executed:
Session inbound features:
Feature: IP Idle Timeout
Timeout value is 600
Idle time is 00:00:21
Configuration sources associated with this session:
Interface: GigabtiEthernet0/0/0, Active Time = 00:00:24
Configuration Examples for ISG Automatic Subscriber Logon
This section contains the following example:
•
Automatic Subscriber Logon Based on IP Address: Example
In the following example, if the client is from the 1.1.1.0 subnet, the ISG sends an authorization request
to the list "TAL_LIST" with the subscriber's source IP address as the username. If the authorization
request is successful, any automatic-activation services specified in the returned user profile are
activated for the session, and the execution of rules within the control policy stops. If the authorization
is not successful, the rule execution proceeds, and the subscriber is redirected to the policy server to log
in. If the subscriber does not log in within five minutes, the session is disconnected.
ISG Configuration
subscriber service password cisco
interface GigabitEthernet0/0/0
service-policy type control RULEA
aaa authentication login TAL_LIST group radius
aaa authentication login LOCAL local
access-list 100 permit ip any any
class-map type traffic match-any all-traffic
match access-group input 100
match access-group output 100
policy-map type service redirectprofile
class type traffic all-traffic
redirect to ip 10.0.0.148 port 8080
class-map type control match-all CONDA
match source-ip-address 10.1.1.0 255.255.255.0
!
class-map type control match-all CONDF
match timer TIMERB
match authen-status unauthenticated
8
subscriber rule-map DEFAULT
condition always event session-start
1 authorize identifier mac-address
Automatic Subscriber Logon Based on IP Address: Example, page 8
Configuring ISG Policies for Automatic Subscriber Logon
Hide quick links:
Advertisement
Chapters
Table of Contents
