beautypg.com

Example-vrf with acl, Example—vrf with acl – Cisco 10000 User Manual

Page 302

background image

11-12

Cisco 10000 Series Router Software Configuration Guide

OL-2226-23

Chapter 11 Configuring Local AAA Server, User Database—Domain to VRF

Example—VRF with ACL

Applying a defined output ACL to this PPP:

aaa attribute list cisco1.com

attribute type addr-pool "pppoe" protocol ip

attribute type ip-unnumbered "loopback1" service ppp protocol ip

attribute type vrf-id "vrf1" service ppp protocol ip

attribute type outacl "101" service ppp protocol ip

access-list 101 deny icmp any any

Monitoring and Maintaining Local AAA Server, User Database—Domain to VRF

The following debug commands can be helpful in monitoring and maintaining Local AAA Server, User
Database—Domain to VRF:

debug aaa id—displays a unique key for a session and provides a way to track sessions

debug aaa authentication—displays the methods of authentication being used and the results of
these methods

debug aaa authorization—displays the methods of authorization being used and the results of these
methods

debug aaa per-user—displays information about per-user QoS parameters

debug ppp negotiation—shows PPP negotiation debug messages

debug ppp authen—indicates if a client is passing authentication

debug ppp error—displays protocol errors and error statistics associated with PPP connection
negotiation and operation

debug ppp forward—displays who is taking control of a session

debug sss error—displays diagnostic information about errors that may occur during Subscriber
Service Switch (SSS) call setup

debug radius—displays information about the RADIUS server

Caution

Because debugging output is assigned high priority in the CPU process, it can render the system
unusable. For this reason, use debug commands only to troubleshoot specific problems or during
troubleshooting sessions with Cisco Systems technical support personnel. Moreover, it is best to use
debug commands during periods of lower network traffic and fewer users. Debugging during these
periods decreases the likelihood that increased debug command processing overhead will affect system
use.