Example: Wholesale L2TP Model Hierarchical Policy Configuration
- There are two terminated subscribers and their corresponding IP interfaces are I1 & I2 in the E-serier router.
- There is a single tunneled subscriber whose interface is I3.
- Interfaces I1 and I2 have dedicated 1 Mbps bandwidth each and interface I3 has dedicated 10 Mbps bandwidth. However, if interface I3 is not forwarding any traffic, then the allocated 10 Mbps can be shared by interfaces I1 and I2. Therefore, interfaces I1 and I2 can individually go up to a maximum of 11 Mbps if only one is actively sending traffic. If both interfaces are actively sending traffic, they can both get a maximum of 6 Mbps. However, any time interface I3 is actively sending traffic, it can forward up to the contracted 10 Mbps and interfaces I1 and I2 fall back to 1 Mbps.
To use this example, you must configure the following:
- IP_RATE, Committed Rate:1 Mbps
- Peak Rate: 11 Mbps
- Committed Action: transmit unconditional
- Conformed Action: transmit conditional
- Exceeded Action: drop
- Committed Rate: 10 Mbps
- Peak Rate: 0 Mbps
- Committed Action: transmit unconditional
- Conformed Action: drop
- Exceeded Action: drop
- VLAN_RATE, Committed Rate: 12 Mbps
- Peak Rate: 0 Mbps
- Committed Action: transmit final
- Conformed Action: drop
- Exceeded Action: drop
- IP policy USER_POL1 is attached as input to I1, IP policy USER_POL2 is attached as input to I2, and L2TP policy USER_POL3 is attached as input to I3.
- Policer instance VLAN_RATE is shared across all three instances of EPG1.
- Create a rate-limit that can be shared across all forwarding interfaces. Create an external parent group to hold this rate limit.
- Create a policy list to attach to users 1 and 2.
- Create a policy list to attach to user 3.
- In both terminated users' record in RADIUS, you must specify the ingress policy name IP_POL. You must specify the ingress policy name L2TP_POL in the tunneled user's record in RADIUS. However, be sure to specify the policy parameter through a profile.
host1(config)#rate-limit-profile VLAN_RATE two-rate hierarchical
host1(config-rate-limit-profile)#committed-rate 12000000
host1(config-rate-limit-profile)#committed-action transmit final
host1(config-rate-limit-profile)#exit
host1(config)#parent-group EPG1
host1(config-parent-group)#rate-limit-profile VLAN_RATE
host1(config-parent-group)#exit
host1(config)#rate-limit-profile IP_RATE two-rate hierarchical
host1(config-rate-limit-profile)#committed-rate 1000000
host1(config-rate-limit-profile)#committed-action transmit unconditional
host1(config-rate-limit-profile)#peak-rate 11000000
host1(config-rate-limit-profile)#conformed-action transmit conditional
host1(config-rate-limit-profile)#exit
host1(config)#policy-parameter A hierarchical
host1(config-policy-parameter)#exit
host1(config)#ip policy-list IP_POL
host1(config-policy-list)#classifier-group * external parent-group EPG1 parameter A
host1(config-policy-list-classifier-group)#rate-limit-profile IP_RATE
host1(config-policy-list-classifier-group)#exit
host1(config-policy-list)#exit
host1(config)#rate-limit-profile L2TP_RATE two-rate hierarchical
host1(config-rate-limit-profile)#committed-rate 10000000
host1(config-rate-limit-profile)#committed-action transmit unconditional
host1(config-rate-limit-profile)#exit
host1(config)#l2tp policy-list L2TP_POL
host1(config-policy-list)#classifier-group * external parent-group EPG1 parameter A
host1(config-policy-list-classifier-group)#rate-limit-profile L2TP_RATE
host1(config-policy-list-classifier-group)#exit
host1(config-policy-list)#exit
host1(config)#profile PPPOE_PROF1
host1(config-profile)#ip policy-parameter hierarchical A 1
host1(config-profile)#l2tp policy-parameter hierarchical A 1
host1(config-profile)#exit
host1(config)#interface fastEthernet 3/0.1
host1(config-interface)#vlan id 1
host1(config-interface)#encapsulation pppoe
host1(config-interface)#profile PPPOE_PROF1
host1(config-interface)#pppoe auto-configure
host1(config-interface)#exit