Cisco 10000 User Manual
Page 78
2-18
Cisco 10000 Series Router Software Configuration Guide
OL-2226-23
Chapter 2 Scalability and Performance
Configuring the Cisco 10000 Series Router for High Scalability
Setting VRF and IP Unnumbered Interface Configurations in User Profiles
Although the Cisco 10000 series router continues to support the lcp:interface-config VSA, the
ip:vrf-id and ip:ip-unnumbered VSAs provide another way to set the VRF and IP unnumbered
interface configurations in user profiles. The ip:vrf-id and ip:ip-unnumbered VSAs have the following
syntax:
Cisco:Cisco-AVpair = “ip:vrf-id=vrf-name”
Cisco:Cisco-AVpair = “ip:ip-unnumbered=interface-name”
You should specify only one ip:vrf-id and one ip:ip-unnumbered value in a user profile. However, if
the profile configuration includes multiple values, the Cisco 10000 series router applies the value of the
last VSA received, and creates a virtual access subinterface. If the profile includes the
lcp:interface-config VSA, the router always applies the value of the lcp:interface-config VSA, and
creates a full virtual access interface.
In Cisco IOS Release 12.2(15)BX, when you specify a VRF in a user profile, but do not configure the
VRF on the Cisco 10000 series router, the router accepts the profile. However, in Cisco IOS
Release 12.2(16)BX1 and later releases, the router rejects the profile.
Setting VRF and IP Unnumbered Interface Configuration in a Virtual Interface Template
You can specify one VSA value in the user profile on RADIUS and another value locally in the virtual
template interface. The Cisco 10000 series router clones the template and then applies the values
configured in the profiles it receives from RADIUS, resulting in the removal of any IP configurations
when the router applies the profile values.
Redefining User Profiles to Use the ip:vrf-id and ip:ip-unnumbered VSAs
The requirement of a full virtual access interface when using the lcp:interface-config VSA in user
profiles can result in scalability issues such as increased memory consumption. This situation is
especially true when the Cisco 10000 series router attempts to apply a large number of per-user profiles
that include the lcp:interface-config VSA. Therefore, when updating your user profiles, we recommend
that you redefine the lcp:interface-config VSA to the scalable ip:vrf-id and ip:ip-unnumbered VSAs.
shows how to redefine the VRF named newyork using the ip:vrf-id VSA.
Example 2-15 Redefining VRF Configurations
Change:
Cisco:Cisco-Avpair = “lcp:interface-config=ip vrf forwarding newyork”
To:
Cisco:Cisco-Avpair = “ip:vrf-id=newyork”
shows how to redefine the Loopback 0 interface using the ip:ip-unnumbered VSA.
Example 2-16 Redefining IP Unnumbered Interfaces
Change:
Cisco:Cisco-Avpair = “lcp:interface-config=ip unnumbered Loopback 0”
To:
Cisco:Cisco-Avpair = “ip:ip-unnumbered=Loopback 0”