Question about ISG

Unanswered Question
Feb 18th, 2008
User Badges:

I have 7204NPE-G2 and 4 stacks of 3750.I need to shape/rate-limit about 400 users to in/out(Internet) directions.I don`t want to use PPP because I have hight rate local traffic.

I read few docs about ISG but i don`t understand,can I use ISG only for IP SESSION without RADIUS and DHCP.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
seducer666 Thu, 03/06/2008 - 06:07
User Badges:

Hm...Why it is not possible?

Maybe my question is incorrect.I have scheme:



7204-G2---(Radius server)

| |

3725 3725

Can I police in/out traffic on "IP" sessions using ISG?

I read this document and find examples of what I need,if I right understand functionality of ISG.

Can someone help me with understanding ISG.

class-map type traffic match-any BOD1M_TC

match access-group input name BOD1M_IN_ACL_IN

match access-group output name BOD1M_ACL_OUT


policy-map type service BOD1M

10 class type traffic BOD1M_TC

accounting aaa list CAR_ACCNT_LIST

police input 512000 256000 5000

police output 1024000 512000 5000

class type traffic default in-out


AAA Server Configuration


Cisco-AVPair = "ip:traffic-class=in access-group name BOD1M_IN_ACL priority 10"

Cisco-AVPair = "ip:traffic-class=in default drop"

Cisco-AVPair = "ip:traffic-class=out access-group name BOD1M _OUT_ACL priority 10"

Cisco-AVPair = "ip:traffic-class=out default drop"

Cisco-AVPair = subscriber:accounting-list=CAR_ACCNT_LIST

Cisco-SSG-Service-Info = IBOD1M

Cisco-SSG-Service-Info = QU;512000;256000;5000;D;1024000;512000;5000


This Discussion