Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Example: Creating Access Policies for Subscribers

 

In this example, the service provider manages an interface on the router. The interface is associated with a subscriber. The access policy is a default policy that supports various types of subscribers and interfaces. Some examples are DHCP, static IP subscribers, and PPP subscribers.

From the service provider’s perspective, the service provider’s network is on the inside, and the enterprise network is on the outside. Ingress traffic flows from the enterprise network to the service provider’s network. Egress traffic flows from the service provider’s network to the enterprise network.

The default policy installed on the interface sets the context of other services that the subscriber will activate later. The default policy can restrict subscriber access to the network or provide a default access. You can also use the default policy to create a walled garden effect by sending subscribers to the SAE server and requiring them to activate a service before they can access other services in the system. (The term walled garden is used to describe an environment in which a service provider limits a subscriber’s access to Web content and services.)

The precedence of the policy rules in default policies is very important. When the related service is activated, the service policy needs a high priority (low value) so that the service policy is used instead of the default policy.

Types of Policies

The policy used for access depends on the type of services that it will be used for. Generally, policies with filter, forward, rate-limit or policer, and next-hop actions are used.

Sample Access Policies

This section contains examples of access policies for DHCP subscribers and PPP subscribers. In both of these examples, there are two content providers. Traffic destined for the content provider networks is sent to the residential portal by means of a next-hop action that forwards traffic to the virtual IP address of the portal. (See SRC PE Sample Applications Guide.)

Traffic to the portal has a high priority and is not affected by other service policies. This way, the subscriber can always access the portal. Traffic from the network is forwarded without any restrictions.

DHCP Policy Group

The following information shows the configuration details of the DHCP policy group.

Policy List Out

Policy List In

PPP Policy Group

The following information shows the configuration details of the PPP policy group.

Policy List Out

Policy List In