Information Technology Reference
In-Depth Information
Interoperability with Other Features That Use Virtual Templates (Q10)
Virtual Profiles also interoperates with virtual access applications that clone a virtual template interface.
Each virtual access application can have at most one template to clone from, but it can clone from
multiple AAA configurations.
The interaction between Virtual Profiles and other virtual template applications is as follows:
If Virtual Profiles is enabled and a virtual template is defined for it, the Virtual Profiles virtual
template is used.
•
If Virtual Profiles is configured by AAA alone (no virtual template is defined for Virtual Profiles),
the virtual template for another virtual access application (VPDN, for example) can be cloned onto
the virtual access interface.
•
A virtual template, if any, is cloned to a virtual access interface before the Virtual Profiles AAA
configuration or AAA per-user configuration. AAA per-user configuration, if used, is applied last.
•
Terminology
The following new or uncommon terms are used here:
•
AV pair
—A configuration parameter on an AAA server; part of the user configuration that the AAA
server sends to the router in response to user-specific authorization requests. The router interprets
each AV pair as a Cisco IOS router configuration command and applies the AV pairs in order. In this
chapter, the term
AV pair
refers to an interface configuration parameter on a RADIUS server.
An interface configuration AV pair for Virtual Profiles can take a form such as this:
cisco-avpair = “lcp:interface-config=ip address 1.1.1.1 255.255.255.255.0”,
•
Cloning
—Creating and configuring a virtual access interface by applying configuration commands
from a specific virtual template. The virtual template is the source of the generic user information
and router-dependent information. The result of cloning is a virtual access interface configured with
all the commands in the template.
•
Virtual access interface
—Instance of a unique virtual interface that is created dynamically and
exists temporarily. Virtual access interfaces can be created and configured differently by different
applications, such as Virtual Profiles and virtual private dialup networks.
•
Virtual template interface
—Generic interface configuration for certain users or for a certain
purpose, plus router-dependent information. This takes the form of a list of Cisco IOS interface
commands to be applied to the virtual interface as needed.
•
Virtual profile
—Instance of a unique virtual access interface created dynamically when certain
users call in, and torn down dynamically when the call disconnects. A specific user's virtual profile
can be configured by a virtual template interface, a user-specific interface configuration stored on
an AAA server, or both a virtual template interface and a user-specific interface configuration from
AAA.
Configuration of a virtual access interface begins with a virtual template interface (if any), followed by
application of user-specific configuration for the particular user's dial-in session (if any).
Annotated Example of PPP Negotiation
In Figure 16-13, a
ping
brings up an ISDN link between routers Montecito and Goleta. Note that
although there is no timestamping in this example, it is usually recommended that you use the global
configuration command
service timestamps debug datetime msec
.
