Per-User (Per Function) Configuration

Per- User (Per Function) Configuration

The per-user configuration is one of the most advanced Cisco IOS Software features that is related to the scaling techniques. This concept is based on virtuality, where physical and virtual interfaces are related to each other, but the virtual ones do not have permanent physical interfaces associated with them. A virtual configuration uses physical interfaces, but it is flexible, dynamic, and per-function oriented. This Cisco design technique improves scalability and management, and increases router operation efficiency. These techniques are transparent to the design differences and can be used in any environment. From a remote access perspective, two virtual configuration techniques exist, where the first one is a subset of the second one:

• Virtual interface template service

• Virtual profiles

The sections that follow discuss the two virtual configuration techniques in greater detail.

Virtual Interface Templates

Virtual interface templates are used when the generic interface configuration and router-specific configuration information are combined. These templates provide a certain functionality. For example, when the router receives calls from a remote user, the template applies the predefined settings, such as type of authentication, speed, and IP address from a local pool, to the user. This creates a per-user, per-session (call) configuration. With the remote user call-in, the same template applies with a different IP and when the first user disconnects the call, the template is released and applied to another user request. The advantages for the ISP design are obvious:

• Scalability, because interface configurations can be separated from physical interfaces.

• Function-based, which makes the configuration short and easy to read.

• Efficient router operation and easier management, maintenance, and dynamic configuration assignment.

Virtual Profiles

A virtual profile is another instance of virtuality, which is intended to overcome the limitations of network scalabilty. It is based on the same functionality-specific technique, where the user-specific configuration information can be applied to any remote user. The configuration information for virtual profiles can come from either a virtual interface template, or per-user configuration information that is stored on an access control server (ACS), or both, depending on how the router and ACS are configured. When a user dials in, the virtual profile applies the generic interface configuration and then applies the per-user configuration to create a unique virtual access interface for that specific user.

The concept of virtuality has a significant impact on two of the most commonly used Cisco dial concepts: dial-on-demand routing (DDR) and dialer profiles. In the case of legacy DDR, both parties learn the routes after the connection, but they don't delete them after they are disconnected. In the case of virtual interfaces, because of their dynamic nature, the route is removed as soon as the connection is dropped. Besides, the number of virtual interfaces is not limited by the number of physical interfaces. For example, the Cisco 4500 IOS 12.1 (7) allows 300 dialer profiles, the Cisco 5300 IOS12.0 (7) allows 800 profiles, and the Cisco 7206VXR allows 2896. The number depends on interface descriptor blocks (IDBs).