Chapter 1 Service Selection Gateway Overview
Supported SSG Features
Supported SSG Features
The Cisco 10000 series router supports the following SSG features and functionality:
•SSG Logon and Logoff, page
•Authentication and Accounting, page
•Service Selection Methods, page
•Service Connection, page
•Service Profiles and Cached Service Profiles, page
•SSG Hierarchical Policing, page
•Interface Configuration, page
•SSG TCP Redirect, page
•VPI/VCI Static Binding to a Service Profile, page
•RADIUS Virtual Circuit Logging, page
•AAA Server Group Support for Proxy Services, page
•Packet Filtering, page
•SSG Unconfig, page
For more information about the SSG features, refer to the Service Selection Gateway, Release 12.2(15)B feature module.
For information about SSG features supported in a specific Cisco IOS release, refer to the
Cisco 10000 Series Router Feature Map.
SSG Restrictions
The SSG feature has the following restrictions:
•When using SSG hierarchical policing on Cisco 10000 Series routers, a maximum of 8 policing rates can be used per uplink interface and R attribute combination. Of these 8 rates, 1 is reserved for “no policing”, leaving 7 different police rates available per uplink interface and R attribute combination For example, if eight SSG services are bound to the same SSG
•Network address translation (NAT) functionality is not supported. This means that the router does not support concurrent access to multiple services for which the services, not the access provider, must assign the user’s IP address. For example, this restriction applies to concurrent access to a private service and SESM or the Open Garden network, or concurrent access to a tunnel service and SESM or the Open Garden network.
•The Cisco 10000 series router adds reachability information to the Open Garden and default networks for all services, both public and private. Because NAT is not supported, the addresses for the Open Garden and default networks cannot overlap addresses defined within the service definition.
•To restrict access to the Open Garden network by private services, you must specifically bind the Open Garden to the uplink interfaces. Do not bind the Open Garden to the interface used by the private service.
Cisco 10000 Series Router Service Selection Gateway Configuration Guide
| ||
|