Cisco Systems OL-4387-02 manual Cached Service Profiles, Type of Service, Service Profile Example

Page 52

Chapter 7 Service Profiles and Cached Service Profiles

Cached Service Profiles

If the SESM web application is designed to use HTML frames, then this attribute also specifies whether the service is displayed in a new browser window or in a frame in the current (SESM) window, as follows:

Hurl—URL for a service displayed in a frame in the SESM browser window.

Uurl—URL for a service displayed in its own browser window.

Type of Service

(Optional) Indicates whether the service is proxy, tunnel, or passthrough.

Service-Info = “Ttype

Service Profile Example

Example 7-1is a service profile formatted for use with a freeware RADIUS server:

Example 7-1 Service Profile

service1.com Password = "cisco", Service-Type = outbound, Idle-Timeout = 1800,

Service-Info = "R192.168.1.128;255.255.255.192", Service-Info = "R192.168.2.0;255.255.255.192", Service-Info = "R192.168.3.0;255.255.255.0", Service-Info = "Gservice1",

Service-Info = "D192.168.2.81",

Service-Info = "MC",

Service-Info = "TP",

Service-Info = "ICompany Intranet Access",

Service-Info = "Oservice1.com"

Cached Service Profiles

The Cached Service Profiles feature enables SSG to use a cached copy of a service profile instead of downloading the profile from RADIUS every time a user logs on to the service.

SSG downloads service profiles when an IP user logs on to a service through SESM, or when a PPP user logs on to SSG through a structured username. SSG then downloads the service profile from the RADIUS server based on the service name. SSG retrieves the parameters that are specific to the service from the service profile and stores them locally. SSG authenticates the user based on the type of service and the AAA servers configured for that service. Upon successful authentication, the user is connected to the service. SSG downloads the service profile every time a user logs on to that service. This creates unnecessary traffic between the SSG and RADIUS.

The Cached Service Profiles feature eliminates the inefficiency of downloading the service profile each time a user logs on to a service. Instead, SSG caches the service profile and uses this cached profile when the user attempts to log on to the service again. If another user attempts to log on to the service, SSG uses the cached profile to process the service connection.

The following describes how service profiles are cached:

A user selects a service on the service logon page that SESM displays.

SSG receives the service logon request and looks up the service profile using the service name.

Cisco 10000 Series Router Service Selection Gateway Configuration Guide

7-4

OL-4387-02

 

 

Page 51 Page 53
Image 52
Page 51 Page 53
Contents Corporate Headquarters Copyright 2004, Cisco Systems, Inc All rights reserved N T E N T S IiiConfiguration Example for SSG AutoDomain Configuration Example for SSG Open Garden Configuration of VPI/VCI Static Binding to a Service Profile SSG Unconfig ViiViii Audience About This GuideDocument Organization Document Conventions Obtaining Documentation Related DocumentationCisco.com Documentation Feedback Obtaining Technical AssistanceDocumentation CD-ROM Ordering DocumentationCisco TAC Website Opening a TAC CaseTAC Case Priority Definitions XiiiObtaining Additional Publications and Information XivService Selection Gateway Overview Service Selection GatewaySSG Topology Example Default Network Access ProtocolsSupported SSG Features SSG RestrictionsService Selection Gateway Overview SSG Restrictions SSG Prerequisites SSG Architecture ModelService Selection Gateway Overview SSG Architecture Model OL-4387-02 Scalability and Performance Limitations and RestrictionsScalability and Performance Limitations and Restrictions Single Host Logon SSG Logon and LogoffPrerequisites for Single Host Logon SSG Autologoff Configuration of SSG AutologoffRestrictions for SSG Autologoff SSG Prepaid Idle Timeout Configuration Example for SSG AutologoffExample 3-1 SSG Autologoff Using ARP Ping Example 3-2 SSG Autologoff Using Icmp PingService Authorization Service ReauthorizationRestrictions for SSG Prepaid Idle Timeout Prerequisites for SSG Prepaid Idle TimeoutConfiguration of SSG Prepaid Idle Timeout Configuration Example for SSG Prepaid Idle TimeoutSSG Session and Idle Timeout Example 3-5 SSG Service-Specific TCP RedirectExample 3-7 SSG Threshold Volume Example 3-6 SSG Threshold TimeAuthentication and Accounting SSG Full Username Radius AttributeRestrictions for SSG Full Username Radius Attribute Example 4-1 Radius Freeware Format ExampleAccount Login and Logout Radius Accounting RecordsExample 4-3 Radius Accounting-Start Record Example 4-4 Radius Accounting-Stop RecordService Connection and Termination Authentication and Accounting Radius Accounting Records PPP Terminated Aggregation Service Selection MethodsPTA-Multidomain Web Service Selection Restrictions for PTA-MDSesm and SSG Performance OL-4387-02 Service Connection SSG AutoDomainConfiguration Example for SSG AutoDomain Configuration of SSG AutoDomainRestrictions for SSG AutoDomain Example 6-2 AutoDomain Exclude Profile SSG VSA Format Example 6-1 SSG AutoDomainExample 6-3 AutoDomain Exclude File Format SSG Prepaid Configuration of SSG PrepaidRestrictions for SSG Prepaid Configuration Example for SSG Prepaid SSG Open GardenConfiguration of SSG Open Garden Configuration Example for SSG Open GardenSSG Port-Bundle Host Key Restrictions for SSG Open GardenRestrictions for SSG Port-Bundle Host Key Mutually Exclusive Service Selection Configuration of SSG Port-Bundle Host KeyExclude Networks Prerequisites for SSG Port-Bundle Host KeyConfiguration of Mutually Exclusive Service Selection OL-4387-02 Service Profiles Downstream Access Control ListUpstream Access Control List Service Authentication TypeDomain Name Full UsernameService-Defined Cookie Service DescriptionService Mode Service Next-Hop GatewayCached Service Profiles Type of ServiceService Profile Example Example 7-1 Service ProfileConfiguration of Cached Service Profiles OL-4387-02 SSG Hierarchical Policing Overview SSG Hierarchical PolicingSSG Hierarchical Policing Token Bucket Scheme SSG Hierarchical Policing Configuration Restrictions for SSG Hierarchical PolicingConfiguration Examples for SSG Hierarchical Policing Example 8-2 Enabling Per-Session Policing on a RouterOL-4387-02 Interface Configuration Transparent PassthroughAccess Side Interfaces For exampleConfiguration of Transparent Passthrough Multicast Protocols on SSG InterfacesNetwork Side Interfaces Restrictions of Transparent PassthroughConfiguration of Multicast Protocols on SSG Interfaces SSG TCP Redirect Redirection for Unauthenticated Users10-1 Redirection for Unauthorized Services 10-2Initial Captivation 10-3Configuration of SSG TCP Redirect Restrictions for SSG TCP RedirectPrerequisites for SSG TCP Redirect 10-4Example 10-1 Binding a Server Group to a Port 10-5Example 10-2 Limiting Redirected TCP Sessions Configuring SSG TCP Redirect 10-6Configuration Examples for SSG TCP Redirect 10-7Example 10-3 Defining a Captive Portal Server Group Example 10-4 Defining Network Lists10-8 Example 10-5 Defining Port ListsVPI/VCI Static Binding to a Service Profile Miscellaneous SSG Features11-1 AAA Server Group Support for Proxy Services Configuration of Radius Virtual Circuit LoggingRadius Virtual Circuit Logging 11-2Packet Filtering 11-3Downstream Access Control List-outacl Upstream Access Control List-inaclRestrictions for Packet Filtering 11-4SSG Unconfig Configuration of Packet FilteringConfiguration Example for Packet Filtering Restrictions for SSG UnconfigPrerequisites for SSG Unconfig Configuration of SSG UnconfigConfiguration Examples for SSG Unconfig 11-6Service Translation SSG Enhancements for Overlapping Services11-7 11-8 Restrictions for Service Translation 11-9Configuration of Service Translation 11-10Expansion of Service IDs 11-11Network Sets 11-12Monitoring and Maintaining SSG 12-1Troubleshooting Radius Per-Service StatisticsRestrictions for Per-Service Statistics 12-2Monitoring the Parallel Express Forwarding Engine 12-312-4 SSG Configuration Example Figure A-1 SSG Example TopologyExample A-1 Cisco 10000 Router SSG Configuration Username cisco password 0 cisco clock timezone PSTSsg accounting interval 300 ssg profile-cache Full-duplex Peer default ip address pool SSG-POOL Exec-timeout 0 0 password lab SSG Feature Implementation Notes SSG Implementation NotesMpls Also see the Restrictions for SSG TCP Redirect section on OL-4387-02 O S S a R Y GL-1GL-2 GL-3 GL-4 GL-5 GL-6 D E IN-1DSL G-1 IN-2ISP G-2 L2TP IN-3Radius IN-4Reauthorizing prepaid IN-5TCP IN-6VRF G-5 VSA IN-7IN-8
Top Page Image Contents