Manuals / Cisco Systems / Computer Equipment / Network Router

Cisco Systems OL-4387-02 manual Service Connection and Termination

Models: OL-4387-02

1 110

Download 110 pages 54.42 Kb

Page 33

Service Connection and Termination

Chapter 4 Authentication and Accounting

RADIUS Accounting Records

Service Connection and Termination

SSG also sends a RADIUS accounting-request record to the local RADIUS server when a user accesses or terminates a service. The Acct-Status-Type attribute included in the accounting-request record indicates whether the accounting-request marks the start of the user service or the end of the service.

When a user accesses a service, SSG sends an accounting-start record to RADIUS. When a user terminates a service, SSG sends an accounting-stop record.

Configuration Examples for Service Connection and Termination

Example 4-5shows the information contained in an accounting-start record for service access.

Example 4-5 RADIUS Accounting-Start Record for Service Access

User-Name = "username"

Acct-Status-Type = Start

Acct-Authentic = RADIUS

Service-Type = Framed

Acct-Session-Id = "00000010"

Framed-Protocol = PPP

Service-Info = "Nisp-name.com"

Service-Info = "Uusername"

Service-Info = "TP"

Acct-Delay-Time = 0

The following list describes some of the attributes included in the record. For more information, refer to the Service Section Gateway, Release 12.2(15)B feature module.

•Acct-Status-Type—Indicates that the accounting-request marks the start of the user service.

•Service-Type—Indicates the type of service requested or the type of service to be provided. PPP and SLIP connections use the service type.

•Service-Info—Indicates the following:

–Nname—Indicates the name of the service profile.

–Uname—Indicates the username used to authenticate the user with the remote RADIUS server. This attribute is used for proxy services.

–Ttype—Indicates whether the connection is proxy (X), tunnel (T), or passthrough (P).

Cisco 10000 Series Router Service Selection Gateway Configuration Guide

	OL-4387-02	4-3

Image 33

Cisco Systems OL-4387-02 manual Configuration Examples for Service Connection and Termination

Contents

Corporate Headquarters JanuaryCisco Systems, Inc 170 West Tasman Drive San Jose, CA 800 553-NETS Fax 408Copyright 2004, Cisco Systems, Inc All rights reserved Default Network Service Selection Gateway OverviewC O N T E N T S AudienceConfiguration Example for SSG Prepaid Configuration Example for SSG AutoDomainConfiguration Examples for Account Login and Logout Configuration of SSG AutologoffConfiguration of Mutually Exclusive Service Selection Configuration Example for SSG Open GardenService Profiles Service-Defined CookieInterface Configuration Configuration of VPI/VCI Static Binding to a Service ProfileConfiguring Port-Based Redirection for Unauthenticated Users Limiting Redirection for Unauthenticated UsersPer-Service Statistics SSG UnconfigRestrictions for SSG Unconfig Service Translationviii ContentsOL-4387-02 Audience About This GuideDocument Organization ChapterChapter Document ConventionsTitle DescriptionCisco 10000 Series Router Software Configuration Guides Cisco 10000 Series Router Feature MapRelated Documentation Obtaining DocumentationObtaining Technical Assistance Documentation FeedbackDocumentation CD-ROM Ordering DocumentationOpening a TAC Case Cisco TAC WebsiteTAC Case Priority Definitions http//tools.cisco.com/RPF/register/register.doObtaining Additional Publications and Information Service Selection Gateway Overview Service Selection GatewayC H A P T E R Figure 1-1 SSG Topology Example Access Protocols Default NetworkPackets from a User and Destined for the Default Network Packets from the Default Network and Destined for an SSG UserSSG Logon and Logoff, page Authentication and Accounting, page Supported SSG FeaturesService Selection Methods, page Service Connection, page Service Profiles and Cached Service Profiles, pageAny interface requiring tunneling for example, L2TP or GRE tunneling SSG Architecture Model SSG PrerequisitesInternet GamingIn Figure 1-2, subscribers access the SESM web portal application using any web browser on a variety of devices such as a desktop computer over DSL. The Cisco 10000 series router the SSG node forwards unauthenticated SSG traffic from the subscriber to SESM, configured as the captive portal and default network. The SSG feature set of the router allows the service provider to design a service selection access network OL-4387-02 Chapter 1 Service Selection Gateway Overview SSG Architecture ModelScalability and Performance Limitations and RestrictionsC H A P T E R Best-Access to network B at rate Good-Access to network B at rate SSG Logon and Logoff SSG Prepaid Idle Timeout, page SSG Session and Idle Timeout, pageSingle Host Logon Prerequisites for Single Host LogonSSG Autologoff Configuration of SSG AutologoffRestrictions for SSG Autologoff ARP pingConfiguration Example for SSG Autologoff SSG Prepaid Idle TimeoutService Reauthorization Service AuthorizationPrerequisites for SSG Prepaid Idle Timeout Restrictions for SSG Prepaid Idle TimeoutConfiguration of SSG Prepaid Idle Timeout Configuration Example for SSG Prepaid Idle TimeoutSSG Session and Idle Timeout Configuration Examples for SSG Full Username RADIUS Attribute Authentication and AccountingSSG Full Username RADIUS Attribute Restrictions for SSG Full Username RADIUS AttributeConfiguration Examples for Account Login and Logout Account Login and LogoutAccount Login and Logout, page Service Connection and Termination, pageConfiguration Examples for Service Connection and Termination Service Connection and TerminationService-Type-Indicates the type of service Web Service Selection, page Service Selection MethodsPPP Terminated Aggregation PTA-MultidomainRestrictions for PTA-MD Web Service SelectionSESM and SSG Performance OL-4387-02 Chapter 5 Service Selection Methods Web Service SelectionMutually Exclusive Service Selection, page Service ConnectionSSG AutoDomain SSG AutoDomain, page SSG Prepaid, page SSG Open Garden, pageConfiguration of SSG AutoDomain Configuration Example for SSG AutoDomainRestrictions for SSG AutoDomain Example 6-1 SSG AutoDomain Example 6-2 AutoDomain Exclude Profile SSG VSA FormatExample 6-3 AutoDomain Exclude File Format Configuration of SSG Prepaid SSG PrepaidRestrictions for SSG Prepaid SSG Open Garden Configuration Example for SSG PrepaidConfiguration Example for SSG Open Garden Configuration of SSG Open GardenSSG Open Garden, Release 12.24B feature module SSG Port-Bundle Host KeyRestrictions for SSG Port-Bundle Host Key Configuration of SSG Port-Bundle Host Key Mutually Exclusive Service SelectionSSG Port-Bundle Host Key, Release 12.24B feature module Exclude NetworksConfiguration of Mutually Exclusive Service Selection Configuration Example for Mutually Exclusive Service SelectionExample 6-5 Configuring a Mutually Exclusive Service Selection Group 6-10 Chapter 6 Service Connection Mutually Exclusive Service SelectionOL-4387-02 Downstream Access Control List Service ProfilesService Profiles, page Cached Service Profiles, page Service Profiles and Cached Service ProfilesService Authentication Type Upstream Access Control ListDomain Name Full UsernameService Description Service-Defined CookieService Mode Service Next-Hop GatewayCached Service Profiles Type of ServiceService Profile Example Configuration of Cached Service Profiles Chapter 7 Service Profiles and Cached Service Profiles Cached Service ProfilesOL-4387-02 SSG Hierarchical Policing Overview SSG Hierarchical PolicingSSG Hierarchical Policing Token Bucket Scheme C H A P T E RRestrictions for SSG Hierarchical Policing SSG Hierarchical Policing ConfigurationConfiguration Examples for SSG Hierarchical Policing Configuration Examples for SSG Hierarchical PolicingRouterconfig# local-profile cisco.com Routerconfig-prof# attribute 26 9 1 “QU1600030004000D2400040008000”Configuration Examples for SSG Hierarchical Policing Chapter 8 SSG Hierarchical PolicingOL-4387-02 Transparent Passthrough Interface ConfigurationTransparent Passthrough, page C H A P T E RAccess Side Interfaces Multicast Protocols on SSG Interfaces Configuration of Transparent PassthroughNetwork Side Interfaces Restrictions of Transparent PassthroughConfiguration of Multicast Protocols on SSG Interfaces Redirection for Unauthenticated Users, page Redirection for Unauthenticated UsersRedirection for Unauthorized Services, page Initial Captivation, page SSG TCP RedirectRedirection for Unauthorized Services 10-2group-name 10-3 Initial CaptivationRestrictions for SSG TCP Redirect Configuration of SSG TCP RedirectPrerequisites for SSG TCP Redirect 10-4Configuring Port-Based Redirection for Unauthenticated Users Configuration Considerations for SSG TCP RedirectLimiting Redirection for Unauthenticated Users Configuration Considerations for SSG TCP Redirect, pageCommand Configuring SSG TCP RedirectPurpose 10-6Configuration Example for Server Groups Configuration Examples for SSG TCP RedirectConfiguration Example for Network Lists Configuration Example for Server Groups, page10-8 Configuration Example for Port ListsExample 10-5 Defining Port Lists Chapter 10 SSG TCP RedirectVPI/VCI Static Binding to a Service Profile Miscellaneous SSG FeaturesRestrictions for VPI/VCI Static Binding to a Service Profile Configuration of VPI/VCI Static Binding to a Service ProfileConfiguration of RADIUS Virtual Circuit Logging AAA Server Group Support for Proxy ServicesRestrictions for AAA Server Group Support for Proxy Services RADIUS Virtual Circuit LoggingConfiguration Example for AAA Server Group Support for Proxy Services Configuration of AAA Server Group Support for Proxy ServicesDownstream Access Control List-outacl, page Upstream Access Control List-inacl, pageUpstream Access Control List-inacl Downstream Access Control List-outaclRestrictions for Packet Filtering 11-4Configuration of Packet Filtering SSG UnconfigConfiguration Example for Packet Filtering Restrictions for SSG UnconfigConfiguration of SSG Unconfig Prerequisites for SSG UnconfigConfiguration Examples for SSG Unconfig 11-6Service Translation SSG Enhancements for Overlapping ServicesService Translation, page Expansion of Service IDs, page 11-7Set1 0.0.0.0/0.0.0.0 Set2 10.58.253.0/255.255.255.0 Set3 11-8Restrictions for Service Translation Prerequisites for Service Translation11-9 Configuration Example for Service Translation Configuration of Service TranslationEnables service translation and indicates to the router to use the Service DefinitionsRestrictions for Expansion of Service IDs Expansion of Service IDsConfiguration Example for Expansion of Service IDs 11-1111-12 Network Sets12-1 Monitoring and Maintaining SSGCommand C H A P T E RPer-Service Statistics Troubleshooting RADIUSRestrictions for Per-Service Statistics Removes the specified serviceReference Guide Monitoring the Parallel Express Forwarding Engine12-3 CommandChapter 12 Monitoring and Maintaining SSG 12-4Monitoring the Parallel Express Forwarding Engine OL-4387-02A P P E N D I X A SSG Configuration ExampleAppendix A SSG Configuration Example Example A-1 Cisco 10000 Router SSG ConfigurationOL-4387-02 Appendix A SSG Configuration ExampleOL-4387-02 Appendix A SSG Configuration ExampleOL-4387-02 Appendix A SSG Configuration Exampleexec-timeout 0 0 password lab Appendix A SSG Configuration Examplentp clock-period 17181406 ntp update-calendar OL-4387-02SSG Implementation Notes SSG FeatureA P P E N D I X B Implementation NotesImplementation Notes SSG FeatureAlso see the “Restrictions for SSG TCP Redirect” section on page SSG FeatureImplementation Notes OL-4387-02 Appendix B SSG Implementation NotesG L O S S A R Y Digital Subscriber LineGL-1 GL-2 GL-3 GL-4 GL-5 xDSL GL-6Glossary OL-4387-02I N D E See CEFIN-1 idle timeout IN-2Idle Timeout Attribute 28 3-4 inacl attributeSee PXF See PPPIN-3 IN-4 See RBEAutoDomain Exclude Networks 6-8IN-5 IN-6 See VPIVC G-5 VCI G-5 vendor-specific attributes definition G-5 virtual channel identifier See VCI virtual circuit See VCVPI G-5 VPI/VCI implementation notes B-3 service profiles subscriber IN-7web service selection 5-2 web sites accessing through Open Garden 6-5 VRF G-5 VSA definition G-5IN-8 IndexOL-4387-02