Chapter 3 SSG Logon and Logoff
SSG Session and Idle Timeout
Example 3-5shows how to configure the SSG TCP Redirect feature for a specific service. The commands redirect all prepaid service traffic to the captive portal group called "InternetRedirectGroup" and configure the captive portal group as the server group used for redirecting prepaid traffic.
Example 3-5 SSG Service-Specific TCP Redirect
ssg enable
ssg tcp-redirect
server-group InternetRedirectGroup server 10.0.0.1 8080
server 10.0.0.20 80 end
The service profile for InternetRedirectGroup is shown here:
ServiceInfo="Z"
(Optional) You can configure SSG to reauthorize a prepaid user's connection before the user has completely consumed the allotted quota for a service. To do this, enter the global-configuration commands shown below to configure a time-based or a volume-based threshold value. Example 3-6shows how to configure a threshold time value of 10 seconds. Example 3-7shows how to configure threshold volume value of 2000 bytes.
Example 3-6 SSG Threshold Time
ssg prepaid threshold time 10
Example 3-7 SSG Threshold Volume
ssg prepaid threshold volume 2000
SSG Session and Idle Timeout
In a dial-up networking or bridged (non-PPP) network environment, a user can disconnect from the network access server (NAS) and release the IP address without logging out from the SSG. When this happens, the SSG continues to allow traffic to pass from that IP address, which can create a problem if the another user obtains the same IP address. SSG provides two mechanisms to prevent this problem from occurring:
•Session-Timeout RADIUS attribute—Specifies the maximum length of time for which a host or connection object can remain continuously active.
•Idle-Timeout RADIUS attribute—Specifies the maximum length of time for which a session or connection can remain idle before it is disconnected.
The Session-Timeout and Idle-Timeout attributes are used in either a user or service profile. In a user profile, the attribute applies to the user session. In a service profile, the attribute applies individually to each service connection.
Cisco 10000 Series Router Service Selection Gateway Configuration Guide
