Hide Navigation Pane
Show Navigation Pane
Download
SHA1
Example: Wholesale L2TP Model Hierarchical Policy Configuration
In this example:
- There are two terminated subscribers and their corresponding IP interfaces are I1 & I2 in the E Series router.
- There is a single tunneled subscriber whose interface is I3.
- Interfaces I1 and I2 have dedicated 1 Mbps bandwidth each
and interface I3 has dedicated 10 Mbps bandwidth. However, if interface
I3 is not forwarding any traffic, then the allocated 10 Mbps can be
shared by interfaces I1 and I2. Therefore, interfaces I1 and I2 can
individually go up to a maximum of 11 Mbps if only one is actively
sending traffic. If both interfaces are actively sending traffic,
they can both get a maximum of 6 Mbps. However, any time interface
I3 is actively sending traffic, it can forward up to the contracted
10 Mbps and interfaces I1 and I2 fall back to 1 Mbps.
Figure 10: Interface Stack for Wholesale L2TP Mode
To use this example, you must configure the following:
- At interfaces I1 and I2:
- IP_RATE, Committed Rate:1 Mbps
- Peak Rate: 11 Mbps
- Committed Action: transmit unconditional
- Conformed Action: transmit conditional
- Exceeded Action: drop
- At I3—L2TP_RATE:
- Committed Rate: 10 Mbps
- Peak Rate: 0 Mbps
- Committed Action: transmit unconditional
- Conformed Action: drop
- Exceeded Action: drop
- Policers at I1, I2, and I3 feed into a single policer
that has the following configuration:
- VLAN_RATE, Committed Rate: 12 Mbps
- Peak Rate: 0 Mbps
- Committed Action: transmit final
- Conformed Action: drop
- Exceeded Action: drop
- IP policy USER_POL1 is attached as input to I1, IP policy USER_POL2 is attached as input to I2, and L2TP policy USER_POL3 is attached as input to I3.
- Policer instance VLAN_RATE is shared across all three
instances of EPG1.
Figure 11: Wholesale L2TP Configuration
- Create a rate-limit that can be shared across all forwarding
interfaces. Create an external parent group to hold this rate limit.host1(config)#rate-limit-profile VLAN_RATE two-rate hierarchical host1(config-rate-limit-profile)#committed-rate 12000000 host1(config-rate-limit-profile)#committed-action transmit final host1(config-rate-limit-profile)#exit
host1(config)#parent-group EPG1 host1(config-parent-group)#rate-limit-profile VLAN_RATE host1(config-parent-group)#exit - Create a policy list to attach to users 1 and 2.host1(config)#rate-limit-profile IP_RATE two-rate hierarchical host1(config-rate-limit-profile)#committed-rate 1000000 host1(config-rate-limit-profile)#committed-action transmit unconditional host1(config-rate-limit-profile)#peak-rate 11000000 host1(config-rate-limit-profile)#conformed-action transmit conditional host1(config-rate-limit-profile)#exit
host1(config)#policy-parameter A hierarchical host1(config-policy-parameter)#exit host1(config)#ip policy-list IP_POL host1(config-policy-list)#classifier-group * external parent-group EPG1
parameter A host1(config-policy-list-classifier-group)#rate-limit-profile IP_RATE host1(config-policy-list-classifier-group)#exit host1(config-policy-list)#exit - Create a policy list to attach to user 3.host1(config)#rate-limit-profile L2TP_RATE two-rate hierarchical host1(config-rate-limit-profile)#committed-rate 10000000 host1(config-rate-limit-profile)#committed-action transmit unconditional host1(config-rate-limit-profile)#exit
host1(config)#l2tp policy-list L2TP_POL host1(config-policy-list)#classifier-group * external parent-group EPG1
parameter A host1(config-policy-list-classifier-group)#rate-limit-profile L2TP_RATE host1(config-policy-list-classifier-group)#exit host1(config-policy-list)#exit - In both terminated users' record in RADIUS, you must specify
the ingress policy name IP_POL. You must specify the ingress policy
name L2TP_POL in the tunneled user's record in RADIUS. However, be
sure to specify the policy parameter through a profile.host1(config)#profile PPPOE_PROF1 host1(config-profile)#ip policy-parameter hierarchical A 1 host1(config-profile)#l2tp policy-parameter hierarchical A 1 host1(config-profile)#exit
host1(config)#interface fastEthernet 3/0.1 host1(config-interface)#vlan id 1 host1(config-interface)#encapsulation pppoe host1(config-interface)#profile PPPOE_PROF1 host1(config-interface)#pppoe auto-configure host1(config-interface)#exit
