Showing results for 
Search instead for 
Did you mean: 

Configuring PPPoE Radius support for Zero Rate (ZR) and Rate Throttling including Zero Throttling (ZT) on ASR1002 platform


I'm setting up an ASR1002 router as a LNS and investigating how I can configure Zero Rate (ZR) and Rate Throttling including Zero-Throttling (ZT) for Radius /CoA support.

On the larger ASR9K platform, the "dynamic-template" can be used to achieve this: -

For Example:

 type service s1
  service-policy input i1 merge 2
  service-policy output o1 merge 2

The above "dynamic-template" parameter doesn't appear to be available on the ASR1002 as oppose to the ASR9K:


  aaa                     Authentication, Authorization and Accounting
  abort                   Abort this configuration session
  address-family          AFI/SAFI configuration
  address-pool            IP Local address pool lists
  alias                   Create an alias for entity
  ancp                    Access Node Control Protocol
  apply-group             Apply configuration from a group
  apply-template          Apply configuration from a template
  aps                     Configure SONET Automatic Protection Switching (APS)
  arp                     Global ARP configuration
  as-format               Autonomous system number format
  as-path-set             Define an AS-path set
  banner                  Define a login banner
  bfd                     Global BFD configuration commands
  call-home               Enter call-home configuration mode
  cdp                     Enable CDP, or configure global CDP subcommands
  cef                     CEF related commands
  cem                     Configure CEM parameters
  cinetd                  Global Cisco inetd configuration commands
  class-map               Configure a class-map
  clear                   Clear the uncommitted configuration
  clock                   Configure time-of-day clock
  clock-interface         Clock interface configuration commands
  commit                  Commit the configuration changes via pseudo-atomic operation
  community-set           Define a community set
  configuration           Configuration related settings
  control-plane           Configure Control Plane
  controller              Controller configuration subcommands
  crypto                  Global Crypto configuration command
  dbgtrace                Global Ucode Debug Trace(cisco-support)
  describe                Describe a command without taking real actions
  dhcp                    Dynamic Host Configuration Protocol
  display                 Configure QoS display options
  do                      Run an exec command
  domain                  Domain service related commands
  dynamic-template        Dynamically Applied Configuration Template Definition
  end                     Exit from configure mode
  error-disable           Configure error-disable
  ethernet                Ethernet configuration commands
  ethernet-services       Ethernet related services
  event                   Event related commands


ASR1002: (LNS)

Configure commands:
  aaa                         Authentication, Authorization and Accounting.
  access-list                 Add an access list entry
  accounting                  Policy accounting feature
  alias                       Create command alias
  alps                        Configure Airline Protocol Support
  ancp                        Configure ANCP
  appfw                       Configure the Application Firewall policy
  application                 Define application
  archive                     Archive the configuration
  arp                         Set a static ARP entry
  async-bootp                 Modify system bootp parameters
  auto                        Configure Automation
  banner                      Define a login banner
  bba-group                   Configure BBA Group
  beep                        Configure BEEP (Blocks Extensible Exchange Protocol)
  bfd                         BFD configuration commands
  bfd-template                BFD template configuration
  boot                        Modify system boot parameters
  bridge                      Bridge Group.
  bridge-domain               Bridge-domain global configuration commands
  bstun                       BSTUN global configuration commands
  buffers                     Adjust system buffer pool parameters
  busy-message                Display message when connection to host fails
  call                        Configure Call parameters
  call-home                   Enter call-home configuration mode
  cdp                         Global CDP configuration subcommands
  cef                         Cisco Express Forwarding
  chat-script                 Define a modem chat script
  class                       Configure cem class parameters
  class-map                   Configure CPL Class Map
  clns                        Global CLNS configuration subcommands
  clock                       Configure time-of-day clock
  cns                         CNS agents
  config-register             Define the configuration register
  configuration               Configuration access
  connect                     cross-connect two interfaces
  control-plane               Configure control plane services
  cops                        Common Open Policy Service (COPS)
  crypto                      Encryption module
  cts                         Cisco Trusted Security commands
  default                     Set a command to its defaults
  default-value               Default character-bits values
  define                      interface range macro definition
  device-sensor               IOS Sensor Commands
  diagnostic                  Configure diagnostic information
  dial-control-mib            Define Dial Control Mib parameters
  dial-peer                   Dial Map (Peer) configuration commands
  dialer                      Dialer commands
  dialer-list                 Create a dialer list entry
  dnsix-dmdp                  Provide DMDP service for DNSIX
  dnsix-nat                   Provide DNSIX service for audit trails
  do-exec                     To run exec commands in config mode
  downward-compatible-config  Generate a configuration compatible with older software
  dspfarm                     Enable the dspfarm service
  dspu                        DownStream Physical Unit Command
  eap                         EAP Global Configuration Commands
  enable                      Modify enable password parameters
  end                         Exit from configure mode
  esmc                        Ethernet Synchronization Messaging Channel
  ethernet                    Ethernet configuration
  event                       Event related configuration commands
  exception                   Exception handling
  exit                        Exit from configure mode
  facility-alarm              Configure facility alarms
  file                        Adjust file system parameters
  flow                        Global Flow configuration subcommands
  flow-sampler-map            Flow sampler configuration
  format                      Format the output
  frame-relay                 global frame relay configuration commands
  gateway                     Gateway
  glbp                        Global GLBP configuration commands
  global-address-family       Enter address-family base routing topology mode
  gw-accounting               Enable voip gateway accounting.
  help                        Description of the interactive help system
  hostname                    Set system's network name
  http                        HTTP Config
  hw-module                   Control of individual components in the system
  ingress-class-map           Ingress Classification Class-map
  interface                   Select an interface to configure
  ip                          Global IP configuration subcommands
  ipc                         Configure IPC system
  ipv6                        Global IPv6 configuration commands
  isis                        Global ISIS configuration subcommands
  issu                        ISSU config commands
  ivr                         ivr utility command
  kerberos                    Configure Kerberos
  key                         Key management
  kron                        Kron interval Facility
  l2                          Layer 2 configuration
  l2tp                        Layer 2 Tunneling Protocol (L2TP) parameters
  l2tp-class                  l2tp-class configuration
  l2vpn                       Layer2 VPN commands
  l3vpn                       l3vpn encapsulation ip commands
  lacp                        LACP configuration
  li-view                     LI View
  license                     Configure license features
  line                        Configure a terminal line
  lnm                         IBM Lan Manager
  load                        Load Protocol
  locaddr-priority-list       Establish queueing priorities based on LU address
  location                    Global location configuration commands
  logging                     Modify message logging facilities
  login                       Enable secure login checking
  login-string                Define a host-specific login string
  mac                         Global MAC configuration subcommands
  map-class                   Configure static map class
  map-list                    Configure static map list
  media                       Global media configuration
  memory                      Configure memory management
  menu                        Define a user-interface menu
  modemcap                    Modem Capabilities database
  monitor                     Monitoring different system events
  mpls                        Configure MPLS parameters
  mrcp                        MRCP(Real Time Streaming Protocol) configuration
  multilink                   PPP multilink global configuration
  mvr                         Enable/Disable MVR on the switch
  nat64                       NAT64 configuration commands
  ncia                        Native Client Interface Architecture
  netbios                     NETBIOS access control filtering
  netconf                     Configure NETCONF
  network-clock               Network clock config commands
  nmsp                        NMSP configuration commands
  no                          Negate a command or set its defaults
  ntp                         Configure NTP
  num-exp                     Dial Map Number Expansion configuration commands
  object-group                Configure ACL Object Group
  otv                         Configure OTV information
  parameter-map               parameter map
  parser                      Configure parser
  password                    Configure encryption password (key)
  per-call                    Per call debug
  pfr                         Performance Routing configuration submodes
  pfr-map                     Create pfr-map and enter pfr-map command mode
  platform                    platform specific configuration
  policy-map                  Configure Policy Map
  policy-peer                 External Policy Delegation(EPD) peer parameters
  port-channel                EtherChannel configuration
  ppp                         PPP global configuration
  privilege                   Command privilege parameters
  process                     Configure process
  process-max-time            Maximum time for process to run before voluntarily relinquishing processor
  prompt                      Set system's prompt
  pseudowire-class            Pseudowire-class configuration
  pseudowire-static-oam       Static PW OAM configuration
  qos                         Global QoS configuration subcommands
  radius                      RADIUS server configuration command
  radius-server               Modify RADIUS query parameters
  rbe                         Commands for Routing RFC 1483 Ethernet encapsulated packets
  recovered-clock             Clock recovery configuration commands
  redirect                    Configure L4 redirect parameters
  redundancy                  Enter redundancy mode
  regexp                      regexp commands
  resource                    Configure Embedded Resource Manager (ERM)
  resource-group              Configure Resource Group settings
  resume-string               Define a host-specific resume string
  rif                         Source-route RIF cache
  rlogin                      Rlogin configuration commands
  rmon                        Remote Monitoring
  route-map                   Create route-map or enter route-map command mode
  route-tag                   Route Tag
  router                      Enable a routing process
  rsrb                        RSRB LSAP/DSAP filtering
  rtsp                        RTSP(Real Time Streaming Protocol) configuration
  sampler                     Define a Sampler
  sap-priority-list           Establish queueing priorities based on SAP and/or MAC address(es)
  sasl                        Configure SASL
  sbc                         Session Border Controller
  sccp                        Enable Skinny Client Control Protocol
  scheduler                   Scheduler parameters
  scripting                   Configure options for scripting languages
  security                    Infra Security CLIs
  service                     Modify use of network based services
  service-policy              Configure service-policy
  service-routing             Configure service-routing
  shell                       Configure shell command
  sip-ua                      SIP User Agent (UA)
  sna                         Network Management Physical Unit Command
  snmp                        Modify non engine SNMP parameters
  snmp-server                 Modify SNMP engine parameters
  source-bridge               Source-route bridging ring groups
  spanning-tree               Spanning Tree Subsystem
  stacks                      Configure stacks
  standby                     Global HSRP configuration commands
  state-machine               Define a TCP dispatch state machine
  static-ipfrr                Config static ip fast rerouting rules
  stun                        STUN global configuration commands
  subscriber                  Subscriber configuration
  subscriber-policy           Subscriber policy
  subscription                ASNL based Subscriptions configuration
  tacacs                      TACACS server configuration command
  tacacs-server               Modify TACACS query parameters
  template                    Select a template to configure
  terminal-queue              Terminal queue commands
  tftp-server                 Provide TFTP service for netload requests
  time-range                  Define time range entries
  track                       Object tracking configuration commands
  translate                   Translate global configuration commands
  translation-rule            Global digit manipulation and translation
  transport                   Configure transport
  transport-map               Configure transport map
  upgrade                     Global upgrade configuration subcommands
  username                    Establish User Name Authentication
  virtual-profile             Virtual Profile configuration
  virtual-template            Virtual Template configuration
  vlan                        VLAN configuration commands
  voice                       Global voice configuration
  voice-card                  Configure a specific voice-card
  voicecap                    Add a voicecap entry
  voip-incoming               Global incoming VoIP configuration
  vpdn                        Virtual Private Dialup Network
  vpdn-group                  VPDN group configuration
  vpdn-template               vpdn-template configuration
  vrf                         VRF commands
  vrrp                        Global VRRP configuration commands
  vrrs                        vrrs global command
  vty-async                   Enable virtual async line configuration
  wsma                        Configure Web Services Management Agents
  x25                         X.25 Level 3
  x29                         X29 commands
  xconnect                    Xconnect config commands
  xdr                         Configure XDR parameters
  zone                        FW with zoning
  zone-pair                   Zone pair command



Am I using the correct s/ware release on the LNS?
If the "dynamic-template" is not supported on the ASR1002, is there another configuration method to provide the same Raduis support for ZR/ZT etc?

The LNS is currently running the following s/w release:


LNS#sh ver (snippets)
Cisco IOS Software, IOS-XE Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.2(4)S5, RELEASE SOFTWARE (fc1)
IOS XE Version: 03.07.05.S

System image file is "bootflash:asr1002x-universalk9.03.07.05.S.152-4.S5.SPA.bin"

License Level: advipservices
License Type: Permanent
Next reload license Level: advipservices

Any thoughts or pointers would be greatly appreciated.

Thanking you in advance.




Manuel Rodriguez
Cisco Employee

Hi Dronic,

Dynamic-template is a concept particular to IOS-XR BNG. There is no such a thing on IOS/IOS-XE.

From PPPoE perspective, the equivalent for that is the virtual-template interface. Under that interface you configure IP/PPP related commands and some other things similar toy what you do with a dynamic-template type ppp in IOS-XR.

In IOS/IOS-XE, you need to use policy-map type service in order to define a service.

You can check ISG documentation for more details on that:



Hi Manuel,

Firstly, thank you for your reply and the clarification re the "dynamic templates" being only XR BNG related.

Yes I already had a "virtual-template" interface configured in association with a "vpdn-group" definition for terminating the L2TP tunnel from the LAC (which in my test scenario is a BNG!).

Both share the same basic modular QoS structure as in:

Policy Map 

          > Class Map

                       > ACL

and the policy maps can then be applied to the "dynamic-template" on the BNG and "virtual-template" (interface) for the ASR1K LNS.

However I can not find any compatible "merge" cmd in association with the ASR1K IOS-XE (perhaps there is and it is not intuitive? )

 type service s1
  service-policy input i1 merge 2
  service-policy output o1 merge 2

Any further thoughts on the "merge" functionality or potential work around for IOS-XE?

Thanking you in advance.





Hi Dronic,


Merge functionality is available on IOS-XR only as well.



Hi Manuel,

How does one "link" the received RADIUS attrittibute

ie “subscriber:sa=SERVICE-POLICY-NAME”

to the LNS configuration?

Let me explain further..................

The ASR1002 is the LNS and the LAC is a BNG. A L2TP tunnel is established upon a User session request ( local RADIUS server provides the L2TP tunnel end points), and the final PPP authentication is perform by the remote RADIUS server via the L2TP tunnel.

This is shown by the following config snippets:


## VPDN GROUP (L2TP Tunnel) ##
vpdn-group 1
description for L2TP Testing with BNG (LAC)
  protocol l2tp
  virtual-template 1
terminate-from hostname BNGLAC
source-ip 10.x.x.x
local name l2tp-lns
l2tp tunnel password 7 0209144F1E15
l2tp tunnel timeout no-session never

## Virtual-template (applied to all PPPoE User Sessions) ##

interface Virtual-Template1
description Authenication using  Radius Testing
mtu 1492
ip unnumbered Loopback2
peer default ip address pool LNS-TEST-INTERNET
no keepalive
ppp authentication pap chap AUTH-SVR
ppp authorization AUTH-SVR
ppp accounting ACCT-SVR


Once authentication is successful, the RADIUS server will push out service polices in which matches defined "policy-map type service xxxx" definitions on the LNS.

What I do not understand is how the LNS will match the RADIUS received request:


to the configured "policy-map type service..."

policy-map type service DSL-64K-ZERO-RATED
sg-service-type primary
  service-policy input DSL-64K-ZERO-RATED-UP-P
  service-policy output DSL-64K-ZERO-RATED-DN-P
policy-map type service DSL-64K-RATED
sg-service-type secondary
  service-policy input DSL-64K-RATED-UP-P
  service-policy output DSL-64K-RATED-DN-P

Is there something required to be configured (ie service policy type control?) under the interface virtual-template 1 to "link" the received RADIUS request to the macthing defined service policies?

Any hints would be appreciated.

Thanking you in advance.


Kind Regards




Hi Dronic,

The LNS will match the services based on the "aaa authorization subscriber-service".

If you configure 'local' as method on that AAA list, the LNS will authorize (learn the service profile) from the local definition (CLI). You can also use radius and download the service definition from a radius server.

Check the command reference for more details:


Content for Community-Ad

This widget could not be displayed.