Configuring Subscribers

Contents

1Configuring Subscribers
1.1About Subscribers
1.2Configuring Subscribers
1.2.1Configure a Subscriber Profile or Record
1.2.2Configure Subscriber Statistics Collection
1.2.3Configure Subscriber IP Address Attributes
1.2.4Configure PPP and PPPoE Subscriber Attributes
1.2.5Configure the Framed-Route Attribute for the Default Subscriber Profile to Allow for ECMP Routing
1.2.6Subscriber Record
1.2.7Subscriber Timeout
1.2.8NBNS Server for the Default Subscriber Profile
1.2.9PADM
1.2.10PPPoE MOTM
1.2.11Session Limits
1.2.12IP Pools
1.3Performing Subscriber Operations Tasks
Copyright

© Ericsson AB 2009–2011. All rights reserved. No part of this document may be reproduced in any form without the written permission of the copyright owner.

Disclaimer

The contents of this document are subject to revision without notice due to continued progress in methodology, design and manufacturing. Ericsson shall have no liability for any error or damage of any kind resulting from the use of this document.

Trademark List
SmartEdge  is a registered trademark of Telefonaktiebolaget LM Ericsson.
NetOp is a trademark of Telefonaktiebolaget LM Ericsson.

1   Configuring Subscribers

This document provides an overview of subscribers, describes subscriber circuit types and their encapsulations, and the tasks used to configure basic features for subscribers and subscriber sessions, and provides configuration examples. Configuration examples are provided to configure a subscriber profile and record, and specific configuration details for subscriber statistics, subscriber IP address attributes, PPP and PPPoE subscriber attributes, and the framed-route attribute in the default subscriber profile that allows for ECMP routing for IPv4 traffic.

For protocol- or feature-specific commands that appear in subscriber configuration mode, see the Command List or a protocol-specific document.

1.1   About Subscribers

Subscribers are end users of high-speed access services. Subscriber records are used to define a set of attributes, such as subscriber name, password, authentication, access control, rate-limiting, and policing information. A record is specific to the context in which the subscriber is configured.

Subscribers can be single-stack or dual-stack. Single-stack subscribers have only one type of IP service configured (IPv4 or IPv6) and exclusively support one type of traffic (IPv4 or IPv6). Dual-stack subscribers are authorized for both IPv4 and IPv6, and can simultaneously support both IPv4 and IPv6 traffic. Although dual-stack subscribers are authorized to simultaneously support both IPv4 and IPv6 traffic, it is not necessary for both stacks to be active at the same time. To configure the SmartEdge router to provide subscriber services for IPv6 or dual-stack subscribers, see Configuring IPv6 Subscriber Services.

Note:  
The SmartEdge router supports IPv6 subscriber services for PPP and PPPoE subscribers only.

You can configure a default subscriber profile to define attributes that are applied to all subscribers. With a default subscriber profile, you can configure attributes that are shared by many subscribers in a single configuration, rather than applying the same attributes separately to each subscriber record.

Similarly, you can create a named subscriber profile, which you can assign to one or more subscribers. Unlike the default subscriber profile which is automatically assigned to every subscriber record, you must explicitly assign a named subscriber profile to a subscriber record.

When assigned to a subscriber record, the values of the attributes in a named subscriber profile override the identical attributes in the default profile. Profile attributes, either from the default or named profile are overridden when identical attributes with different values are configured in a specific subscriber record.

Subscribers use hosts connected to various types of circuits. Table 1 lists the types of circuits which support subscribers and their encapsulations.

Table 1    Subscriber Circuit Types and Their Encapsulations
 

Circuit Encapsulations

Circuit Type

Bridge1483

Multi

Route1483

PPP

IPoE

IPv6oE

PPPoE

ATM PVC

Yes

Yes

Yes

Yes

Yes

802.1Q PVC

Yes

Yes

Yes

POS port

Yes

Child circuit

No

Yes

Note:  
If you specify the encapsulation for a circuit with the multi keyword, the parent circuit carries IP over Ethernet (IPoE) traffic.

Subscriber records can be configured in one of two ways:

Note:  
When IP Version 6 (IPv6) addresses are not referenced or explicitly specified, the term IP address can refer generally to IP Version 4 (IPv4) addresses, IPv6 addresses, or IP addressing. In instances where IPv6 addresses are referenced or explicitly specified, the term IP address refers only to IPv4 addresses. For a description of IPv6 addressing and the types of IPv6 addresses, see RFC 3513, Internet Protocol Version 6 (IPv6) Addressing Architecture.

IPv6 is a new version of the Internet Protocol, designed as the successor to IPv4. IPv6 is fully described in RFC 2460, Internet Protocol, Version 6 (IPv6) Specification. The changes from IPv4 to IPv6 include:

1.2   Configuring Subscribers

Note:  
In this section, the command syntax in the task tables displays only the root command; for the complete command syntax, see the Command List.

Note:  
For information about IP multicast options for a subscriber record or profile, see Configuring Service Policies.

Note:  
For information about configuring Address Resolution Protocol (ARP) and Dynamic Host Configuration Protocol (DHCP) options for a subscriber record or profile, see Configuring ARP and Configuring DHCP.

Note:  
For information specific to configuring IPv6 subscriber services on the SmartEdge router, see Configuring IPv6 Subscriber Services.

1.2.1   Configure a Subscriber Profile or Record

To configure a default subscriber profile, a name subscriber profile, or an individual subscriber record, perform the tasks in Table 2 and Table 3; enter all commands in subscriber configuration mode unless otherwise noted.

Table 2    Configure a Subscriber Profile or Record

#

Task

Root Command

Notes

1.

Create a default subscriber profile, a named subscriber profile, or an individual subscriber record, and access subscriber configuration mode.

subscriber profile

Enter this command in context configuration mode.

2.

Enter this command in context configuration mode.

subscriber default

 
 

 

subscriber name

For more information about the subscriber profile, subscriber default, and subscriber name commands, see the Command List.

Table 3 lists the attributes that you can apply to a default subscriber profile, a named subscriber profile, or an individual subscriber record; enter all commands in subscriber configuration mode unless otherwise noted.

Table 3    Configure Attributes for a Subscriber Profile or Record

Task

Root Command

Notes

Abort this configuration.

abort

Enter this command in context configuration mode.

Use information received from the DSLAM to adjust the rate.

access-line

 

Configure an ACL.

access-list

 

Configure a bridge subscriber.

bridge

 

Apply a bulkstats schema to the subscriber profile for this context.

bulkstats schema

 

Commit the configuration.

commit

 

Set the maximum number of DHCP addresses.

dhcp

 

Set the DNS server address.

dns

 

Specify the primary and secondary DNS IPv6 addresses.

dns6

For information about configuring IPv6 subscriber services on the SmartEdge router, see Configuring IPv6 Subscriber Services.

Exit Subscriber configuration mode.

exit

 

Apply a flow policy.

flow

 

Apply a forward policy.

forward

 

Configure Framed-Route attribute for this context.

framed-route allow-ecmp

This attribute can be configured only for the default subscriber profile. It is applied only to IPv4 subscriber traffic.

Apply an HTTP redirect profile.

http-redirect

 

Apply IP attributes.

ip

 

Set the mobile node and home agent secret key.


mobile-ip

If the shared key is configured under subscriber default, the SmartEdge router treats the user as a 3GPP2 user.

Apply a NAT policy.

nat

 

Apply IP source address validation.

ip source-validation

 

Specify the prefix to use for DHCP prefix delegation.

ipv6 delegated-prefix

This command is available in IPv6 subscriber record configuration mode only. For information about configuring IPv6 subscriber services on the SmartEdge router, see Configuring IPv6 Subscriber Services.

Specify the prefix that will be advertised to subscribers using ND.

ipv6 framed-prefix

This command is available in IPv6 subscriber record configuration mode only. For information about configuring IPv6 subscriber services on the SmartEdge router, see Configuring IPv6 Subscriber Services.

Configure an ND profile to be used with the given subscriber or subscriber profile.

ipv6 nd-profile

For information about configuring IPv6 subscriber services on the SmartEdge router, see Configuring IPv6 Subscriber Services.

Enable source validation for IPv6.

ipv6 source-validation

For information about configuring IPv6 subscriber services on the SmartEdge router, see Configuring IPv6 Subscriber Services.

Set the NBNS server address.

nbns

 

Disable or remove a parameter.

no

 

Limit the number of sessions a subscriber can access simultaneously.

port-limit

 

Set the subscriber MTU.

mtu

 

Set PPPoE.

pppoe

 

Modify the internal classification settings of packets sent or received from the subscriber.

propogate

 

Set the QoS node reference.

qos node-reference

 

Apply a QoS policy.

qos policy

 

Configure inbound and outbound policy circuit rates.

rate

 

Set rate adjustment.

rate-adjust

 

Configure the SBC adjacency.

sbc

 

Set the AAA session action.

session-action

 

Specify the maximum number of sessions allowed for each subscriber line.

session-limit

 

Assign an ATM shaping profile.

shaping-profile

 

Show configuration or system information.

show

 

Set absolute or idle session time-out value.

timeout

 

1.2.2   Configure Subscriber Statistics Collection

To configure statistics collection for all subscribers, perform the tasks in Table 4.

Table 4    Configure Subscriber Statistics Collection

Task

Root Command

Notes

1. Accesses stats collection configuration mode.

stats-collection

Enter this command in global configuration mode.

2. Excludes Layer 2 header data only, or Layer 2 header data, PPP control data, and PPPoE control data from subscriber statistics collection.

count exclude subscriber

Enter this command in stats collection configuration mode.

1.2.3   Configure Subscriber IP Address Attributes

To configure subscriber IP address attributes for a subscriber record or profile, perform one or more of the tasks in Table 5; enter all commands in subscriber configuration mode.

Table 5    Configure Subscriber IP Address Attributes

Task

Root Command

Notes

Assign an IP address to the subscriber record or profile.

ip address (subscriber)

 

Prevent address spoofing with IP source-address validation.

ip source-validation

 

Assign one or more static routes (to the same destination) to the subscriber record or profile.

ip subscriber route

 

Specifies the IP address of the primary or secondary NetBIOS Name Server (NBNS).

nbns

 

1.2.4   Configure PPP and PPPoE Subscriber Attributes

To configure the PPP and Point-to-Point Protocol over Ethernet (PPPoE) attributes for a subscriber profile or record, perform one or more of the tasks in Table 6; enter all commands in subscriber configuration mode. For more information on these commands, see the Command List.

Table 6    Configure the PPP and PPPoE Attributes for a Subscriber Profile

Task

Root Command

Notes

Specify the authentication password that the subscriber enters when initiating a PPP session.

password

 

Set the MTU used by PPP for the subscriber circuit.

ppp mtu

 

Create the message of the minute (MOTM) that the subscriber will see when first logging on.

pppoe motm

 

Set the subscriber’s PPPoE client to point the subscriber’s browser to a specific location after the subscriber’s PPP session is established.

pppoe url

 

1.2.5   Configure the Framed-Route Attribute for the Default Subscriber Profile to Allow for ECMP Routing

To configure the Framed-Route attribute (22) for the default subscriber profile within a specific context to allow for Equal-Cost Multi-Path (ECMP) routing for all IPv4 traffic for subscribers configured within the context, perform the tasks in Table 7; enter all commands in subscriber configuration mode.

Note:  
ECMP routing for IPv6 traffic is not supported for subscribers.

Table 7    Configure the Framed-Route Attribute for the Default Subscriber to Allow for ECMP Routing

Task

Root Command

Notes

Create a default subscriber profile and access subscriber configuration mode.

subscriber default

Enter this command in context configuration mode.

Configure multiple frame routes using the Framed-Route RADIUS attribute to allow for ECMP routing.

framed-route allow-ecmp

For more information about the Framed-Route attribute (22), see RADIUS Attributes.

1.2.6   Subscriber Record

The following example configures a PPP password, an IP address, and a static route and assigns a route tag to the IP address and to the static route in the subscriber record, pppuser, in the local context:

[local]Redback(config)#context local
[local]Redback(config-ctx)#subscriber name pppuser
[local]Redback(config-sub)#password in-test
[local]Redback(config-sub)#ip address 10.1.3.30
[local]Redback(config-sub)#ip subscriber-route 10.2.1.1/24
Note:  
Configuring a password is not required. However, if you specify a password in the bind subscriber command, you must configure the same password in the subscriber record. For more information on the bind subscriber command, see the Command List.

1.2.7   Subscriber Timeout

The following example configures a subscriber, roger, in the corp.com context to have a maximum session time of 120 minutes (2 hours):

[local]Redback(config)#context corp.com
[local]Redback(config-ctx)#subscriber name roger
[local]Redback(config-admin)#timeout absolute 120

The next example shows how to specify an idle time-out. In the default idle time-out, the subscriber session is dropped after a specified number of minutes with no activity. Optionally, you can specify an idle threshold and idle time-out direction. The following example shows how to configure an idle time-out of 60 bps in the receive and 30 bps in the transmit direction:

[local]Redback(config)#context corp.com
[local]Redback(config-ctx)#subscriber name roger
[local]Redback(config-admin)#timeout idle tx 60 rx 30

Use timeout idle direction to specify whether the idle condition is based on the traffic flowing in (receive) or out (transmit). If you specify no direction, the idle time-out is the same for both directions.

Use timeout idle threshold to exclude small amounts of traffic, such as those that viruses and worms might generate, from keeping otherwise inactive subscriber sessions from disconnecting.

The timeout idle threshold command lets you specify a non-zero subscriber traffic level to identify as idle. This is useful in cases where idle sessions will continue to send DNS (or similar) requests even though there is no data transfers coming from the user. Using the timeout idle threshold syntax, you specify the amount of data the subscriber transfers during a duration you set by using the timeout idle minutes command.

In the following example, you set the system to terminate a subscriber session after the subscriber sends 40 bytes/second or less over a duration of one minute:

[local]Redback(config)#context corp.com
[local]Redback(config-ctx)#subscriber name roger
[local]Redback(config-admin)#timeout idle threshold 40
[local]Redback(config-admin)#timeout idle 1

1.2.8   NBNS Server for the Default Subscriber Profile

The following example configures the default subscriber profile to supply a primary NBNS address to every PPP subscriber in the current context. For more information, see RFC 1877, PPP Internet Protocol Control Protocol Extensions for Name Server Addresses:

[local]Redback(config-ctx)#subscriber default
[local]Redback(config-sub)#nbns primary 10.10.1.1

1.2.9   PADM

The following example causes a PPPoE Active Discovery Message (PADM) packet containing the URL, http://www.cust1.com/members/joe@local, to be sent to the PPPoE client when the PPP session is established:

[local]Redback(config-ctx)#subscriber name joe
[local]Redback(config-sub)#pppoe url http://www.cust1.com/members/%U

The next example uses the pppoe url command (in subscriber configuration mode) to configure the subscriber default profile. For every subscriber, a PADM containing http://www.aol.com/members/name is sent to the PPPoE client when the PPP session is established:

[local]Redback(config-ctx)#subscriber default
[local]Redback(config-sub)#pppoe url http://www.aol.com/members/%u

1.2.10   PPPoE MOTM

The following example creates a PPPoE MOTM:

[local]Redback(config-sub)#pppoe motm System coming down at 0400 today for scheduled maintenance

The following example replaces the first MOTM with a new one:

[local]Redback(config-sub)#pppoe motm Scheduled system maintenance cancelled for 08/29.

The following example removes the existing MOTM so that no message is sent to subscribers:

[local]Redback(config-sub)#no pppoe motm

1.2.11   Session Limits

Alice, Bob, and Connie share a DSL connection, but they purchased a plan that allows only two people to use the connection at the same time. If Alice and Bob are already logged in and Connie tries to log in, the SmartEdge router rejects the request from Connie. This section shows the following examples:

1.2.11.1   Session Limit by Subscriber Name

You enter a context and then you enter each subscriber name and session limit attribute:

[local]Redback(config)#context isp2
[local]Redback(config-sub)#subscriber name alice
[local]Redback(config-sub)#session-limit agent-remote-id 2
[local]Redback(config-sub)#subscriber name bob
[local]Redback(config-sub)#session-limit agent-remote-id 2
[local]Redback(config-sub)#subscriber name connie
[local]Redback(config-sub)#session-limit agent-remote-id 2

1.2.11.2   Profile Assignment to Enforce a Session Limit

You create a context named isp2 and then a service profile for a service plan named gold. Next, you configure a session limit of two (2) for the service profile. You reference the profile as you add each subscriber. A profile can contain multiple subscriber attributes, which can save you repetitive keystrokes and avoid entry errors:

[local]Redback(config)#context isp2
[local]Redback(config-ctx)#subscriber profile gold
[local]Redback(config-sub)#session-limit agent-remote-id 2
[local]Redback(config-sub)#subscriber name alice
[local]Redback(config-sub)#profile gold
[local]Redback(config-sub)#subscriber name bob
[local]Redback(config-sub)#profile gold
[local]Redback(config-sub)#subscriber name connie
[local]Redback(config-sub)#profile gold

1.2.11.3   Default Profile Enforcement of a Session Limit

You create a context named isp2 and then you enter context configuration mode and set the session limit to two (2). Every subscriber line created within the context isp2 is automatically limited to two sessions:

[local]Redback(config)#context isp2
[local]Redback(config-ctx)#subscriber default
[local]Redback(config-sub)#session-limit agent-remote-id 2
[local]Redback(config-sub)#subscriber name alice
[local]Redback(config-sub)#subscriber name bob
[local]Redback(config-sub)#subscriber name connie

1.2.12   IP Pools

The following pair of examples show the use of unnamed and named IP pools. In each example, the configuration of the interfaces and pools is as follows:

[local]Redback(config)#context local
[local]Redback(config-ctx)#aaa authentication subscriber local
[local]Redback(config-ctx)#interface If-One
[local]Redback(config-if)#ip address 11.1.1.1 255.255.255.0
[local]Redback(config-if)#ip pool 11.1.1.2 255.255.255.0
[local]Redback(config-if)#interface If-Two
[local]Redback(config-if)#ip address 12.2.2.1 255.255.255.0
[local]Redback(config-if)#ip pool 12.2.2.2 255.255.255.0 name If-Two

!Example 1 - Use an unnamed pool associated with interface If-One

[local]Redback(config-ctx)#subscriber name joe
[local]Redback(config-sub)#ip address pool If-One

!Example 2 - Use a named pool

[local]Redback(config-ctx)#subscriber name joe
[local]Redback(config-sub)#ip address pool name If-Two

1.3   Performing Subscriber Operations Tasks

Subscriber operations tasks are listed in Table 8. Enter show commands in any mode. Enter all other commands in exec mode.

Table 8    Subscriber Operations Tasks

Task

Root Command

Clear one or more subscribers in the current context, thus terminating any Point-to-Point Protocol (PPP) or PPP over Ethernet (PPPoE) session or dropping any RFC 1483 bridged-encapsulated circuit connection.

clear subscriber

Terminate a subscriber session to allow changes to a subscriber record for a subscriber that is already bound, to take effect.

clear subscriber

Display subscriber information.

show subscribers