Manuals / Cisco Systems / Computer Equipment / Network Router

Cisco Systems OL-4387-02 manual SSG Logon and Logoff, Single Host Logon, C H A P T E R

Models: OL-4387-02

1 110

Download 110 pages 54.42 Kb

Page 25

SSG Logon and Logoff

C H A P T E R 3

SSG Logon and Logoff

The Cisco 10000 series router supports the following SSG features for logon and logoff related functions:

•Single Host Logon, page 3-1

•SSG Autologoff, page 3-2

•SSG Prepaid Idle Timeout, page 3-3

•SSG Session and Idle Timeout, page 3-6

This chapter describes each of SSG logon and logoff features.

Single Host Logon

The Single Host Logon feature enables users to enter authentication information only twice. To log on to a service through the SESM web application, a subscriber enters authentication information once for the PPP session and once for the service. The subscriber does not have to log on to the SESM. Instead, the SESM uses the PPP authenticated information from the SSG.

For non-PPP users, when a subscriber authenticates using the SESM application, the subscriber does not have to log on again for the remainder of the non-PPP session. However, the subscriber still has to log on to services. For more information, refer to Cisco Subscriber Edge Services Manager and Subscriber Policy Engine Installation and Configuration Guide.

Prerequisites for Single Host Logon

To use the Single Host Logon feature, you must install and configure Cisco SESM Release 3.1(1) or later.

Cisco 10000 Series Router Service Selection Gateway Configuration Guide

	OL-4387-02	3-1

Image 25

Cisco Systems OL-4387-02 manual SSG Logon and Logoff, Prerequisites for Single Host Logon, C H A P T E R

Contents

Corporate Headquarters JanuaryCisco Systems, Inc 170 West Tasman Drive San Jose, CA 800 553-NETS Fax 408Copyright 2004, Cisco Systems, Inc All rights reserved Default Network Service Selection Gateway OverviewC O N T E N T S AudienceConfiguration Example for SSG Prepaid Configuration Example for SSG AutoDomainConfiguration Examples for Account Login and Logout Configuration of SSG AutologoffConfiguration of Mutually Exclusive Service Selection Configuration Example for SSG Open GardenService Profiles Service-Defined CookieInterface Configuration Configuration of VPI/VCI Static Binding to a Service ProfileConfiguring Port-Based Redirection for Unauthenticated Users Limiting Redirection for Unauthenticated UsersPer-Service Statistics SSG UnconfigRestrictions for SSG Unconfig Service TranslationContents viiiOL-4387-02 Audience About This GuideDocument Organization ChapterChapter Document ConventionsTitle DescriptionCisco 10000 Series Router Software Configuration Guides Cisco 10000 Series Router Feature MapRelated Documentation Obtaining DocumentationObtaining Technical Assistance Documentation FeedbackDocumentation CD-ROM Ordering DocumentationOpening a TAC Case Cisco TAC WebsiteTAC Case Priority Definitions http//tools.cisco.com/RPF/register/register.doObtaining Additional Publications and Information Service Selection Gateway Service Selection Gateway OverviewC H A P T E R Figure 1-1 SSG Topology Example Access Protocols Default NetworkPackets from a User and Destined for the Default Network Packets from the Default Network and Destined for an SSG UserSSG Logon and Logoff, page Authentication and Accounting, page Supported SSG FeaturesService Selection Methods, page Service Connection, page Service Profiles and Cached Service Profiles, pageAny interface requiring tunneling for example, L2TP or GRE tunneling SSG Architecture Model SSG PrerequisitesInternet GamingIn Figure 1-2, subscribers access the SESM web portal application using any web browser on a variety of devices such as a desktop computer over DSL. The Cisco 10000 series router the SSG node forwards unauthenticated SSG traffic from the subscriber to SESM, configured as the captive portal and default network. The SSG feature set of the router allows the service provider to design a service selection access network OL-4387-02 Chapter 1 Service Selection Gateway Overview SSG Architecture ModelLimitations and Restrictions Scalability and PerformanceC H A P T E R Best-Access to network B at rate Good-Access to network B at rate SSG Logon and Logoff SSG Prepaid Idle Timeout, page SSG Session and Idle Timeout, pageSingle Host Logon Prerequisites for Single Host LogonSSG Autologoff Configuration of SSG AutologoffRestrictions for SSG Autologoff ARP pingConfiguration Example for SSG Autologoff SSG Prepaid Idle TimeoutService Reauthorization Service AuthorizationPrerequisites for SSG Prepaid Idle Timeout Restrictions for SSG Prepaid Idle TimeoutConfiguration of SSG Prepaid Idle Timeout Configuration Example for SSG Prepaid Idle TimeoutSSG Session and Idle Timeout Configuration Examples for SSG Full Username RADIUS Attribute Authentication and AccountingSSG Full Username RADIUS Attribute Restrictions for SSG Full Username RADIUS AttributeConfiguration Examples for Account Login and Logout Account Login and LogoutAccount Login and Logout, page Service Connection and Termination, pageConfiguration Examples for Service Connection and Termination Service Connection and TerminationService-Type-Indicates the type of service Web Service Selection, page Service Selection MethodsPPP Terminated Aggregation PTA-MultidomainRestrictions for PTA-MD Web Service SelectionSESM and SSG Performance OL-4387-02 Chapter 5 Service Selection Methods Web Service SelectionMutually Exclusive Service Selection, page Service ConnectionSSG AutoDomain SSG AutoDomain, page SSG Prepaid, page SSG Open Garden, pageConfiguration Example for SSG AutoDomain Configuration of SSG AutoDomainRestrictions for SSG AutoDomain Example 6-2 AutoDomain Exclude Profile SSG VSA Format Example 6-1 SSG AutoDomainExample 6-3 AutoDomain Exclude File Format SSG Prepaid Configuration of SSG PrepaidRestrictions for SSG Prepaid SSG Open Garden Configuration Example for SSG PrepaidConfiguration Example for SSG Open Garden Configuration of SSG Open GardenSSG Open Garden, Release 12.24B feature module SSG Port-Bundle Host KeyRestrictions for SSG Port-Bundle Host Key Configuration of SSG Port-Bundle Host Key Mutually Exclusive Service SelectionSSG Port-Bundle Host Key, Release 12.24B feature module Exclude NetworksConfiguration Example for Mutually Exclusive Service Selection Configuration of Mutually Exclusive Service SelectionExample 6-5 Configuring a Mutually Exclusive Service Selection Group Chapter 6 Service Connection Mutually Exclusive Service Selection 6-10OL-4387-02 Downstream Access Control List Service ProfilesService Profiles, page Cached Service Profiles, page Service Profiles and Cached Service ProfilesService Authentication Type Upstream Access Control ListDomain Name Full UsernameService Description Service-Defined CookieService Mode Service Next-Hop GatewayType of Service Cached Service ProfilesService Profile Example Configuration of Cached Service Profiles Cached Service Profiles Chapter 7 Service Profiles and Cached Service ProfilesOL-4387-02 SSG Hierarchical Policing Overview SSG Hierarchical PolicingSSG Hierarchical Policing Token Bucket Scheme C H A P T E RRestrictions for SSG Hierarchical Policing SSG Hierarchical Policing ConfigurationConfiguration Examples for SSG Hierarchical Policing Configuration Examples for SSG Hierarchical PolicingRouterconfig# local-profile cisco.com Routerconfig-prof# attribute 26 9 1 “QU1600030004000D2400040008000”Chapter 8 SSG Hierarchical Policing Configuration Examples for SSG Hierarchical PolicingOL-4387-02 Transparent Passthrough Interface ConfigurationTransparent Passthrough, page C H A P T E RAccess Side Interfaces Multicast Protocols on SSG Interfaces Configuration of Transparent PassthroughNetwork Side Interfaces Restrictions of Transparent PassthroughConfiguration of Multicast Protocols on SSG Interfaces Redirection for Unauthenticated Users, page Redirection for Unauthenticated UsersRedirection for Unauthorized Services, page Initial Captivation, page SSG TCP Redirect10-2 Redirection for Unauthorized Servicesgroup-name 10-3 Initial CaptivationRestrictions for SSG TCP Redirect Configuration of SSG TCP RedirectPrerequisites for SSG TCP Redirect 10-4Configuring Port-Based Redirection for Unauthenticated Users Configuration Considerations for SSG TCP RedirectLimiting Redirection for Unauthenticated Users Configuration Considerations for SSG TCP Redirect, pageCommand Configuring SSG TCP RedirectPurpose 10-6Configuration Example for Server Groups Configuration Examples for SSG TCP RedirectConfiguration Example for Network Lists Configuration Example for Server Groups, page10-8 Configuration Example for Port ListsExample 10-5 Defining Port Lists Chapter 10 SSG TCP RedirectVPI/VCI Static Binding to a Service Profile Miscellaneous SSG FeaturesRestrictions for VPI/VCI Static Binding to a Service Profile Configuration of VPI/VCI Static Binding to a Service ProfileConfiguration of RADIUS Virtual Circuit Logging AAA Server Group Support for Proxy ServicesRestrictions for AAA Server Group Support for Proxy Services RADIUS Virtual Circuit LoggingConfiguration Example for AAA Server Group Support for Proxy Services Configuration of AAA Server Group Support for Proxy ServicesDownstream Access Control List-outacl, page Upstream Access Control List-inacl, pageUpstream Access Control List-inacl Downstream Access Control List-outaclRestrictions for Packet Filtering 11-4Configuration of Packet Filtering SSG UnconfigConfiguration Example for Packet Filtering Restrictions for SSG UnconfigConfiguration of SSG Unconfig Prerequisites for SSG UnconfigConfiguration Examples for SSG Unconfig 11-6Service Translation SSG Enhancements for Overlapping ServicesService Translation, page Expansion of Service IDs, page 11-7Set1 0.0.0.0/0.0.0.0 Set2 10.58.253.0/255.255.255.0 Set3 11-8Prerequisites for Service Translation Restrictions for Service Translation11-9 Configuration Example for Service Translation Configuration of Service TranslationEnables service translation and indicates to the router to use the Service DefinitionsRestrictions for Expansion of Service IDs Expansion of Service IDsConfiguration Example for Expansion of Service IDs 11-1111-12 Network Sets12-1 Monitoring and Maintaining SSGCommand C H A P T E RPer-Service Statistics Troubleshooting RADIUSRestrictions for Per-Service Statistics Removes the specified serviceReference Guide Monitoring the Parallel Express Forwarding Engine12-3 CommandChapter 12 Monitoring and Maintaining SSG 12-4Monitoring the Parallel Express Forwarding Engine OL-4387-02A P P E N D I X A SSG Configuration ExampleAppendix A SSG Configuration Example Example A-1 Cisco 10000 Router SSG ConfigurationOL-4387-02 Appendix A SSG Configuration ExampleOL-4387-02 Appendix A SSG Configuration ExampleOL-4387-02 Appendix A SSG Configuration Exampleexec-timeout 0 0 password lab Appendix A SSG Configuration Examplentp clock-period 17181406 ntp update-calendar OL-4387-02SSG Implementation Notes SSG FeatureA P P E N D I X B Implementation NotesImplementation Notes SSG FeatureSSG Feature Also see the “Restrictions for SSG TCP Redirect” section on pageImplementation Notes OL-4387-02 Appendix B SSG Implementation NotesDigital Subscriber Line G L O S S A R YGL-1 GL-2 GL-3 GL-4 GL-5 xDSL GL-6Glossary OL-4387-02See CEF I N D EIN-1 idle timeout IN-2Idle Timeout Attribute 28 3-4 inacl attributeSee PPP See PXFIN-3 IN-4 See RBEAutoDomain Exclude Networks 6-8IN-5 IN-6 See VPIVC G-5 VCI G-5 vendor-specific attributes definition G-5 virtual channel identifier See VCI virtual circuit See VCVPI G-5 VPI/VCI implementation notes B-3 service profiles subscriber IN-7web service selection 5-2 web sites accessing through Open Garden 6-5 VRF G-5 VSA definition G-5Index IN-8OL-4387-02