Chapter 11 Miscellaneous SSG Features

RADIUS Virtual Circuit Logging

RADIUS Virtual Circuit Logging

RADIUS Virtual Circuit (VC) Logging extends and modifies the RADIUS network access server (NAS) port field to carry VPI/VCI information. With RADIUS VC Logging enabled, the Cisco 10000 router (the SSG node) can send NAS port information to the RADIUS server, accurately recording the virtual path interface (VPI) and virtual circuit interface (VCI) of an incoming user or subscriber session. The VPI/VCI of the incoming permanent virtual circuit (PVC) is recorded at the point of entry on SSG, which offers the RADIUS client a unique VPI/VCI for each incoming PVC. This information is logged in the RADIUS accounting record that was created at session startup.

RADIUS VC Logging allows SSG to send NAS port information for an IP user on an ATM point-to-point VC or an Ethernet VLAN. SSG can also send NAS port information for PPPoX users.

For more information, refer to the RADIUS Virtual Circuit Logging, Release 11.3DB9 feature module.

Configuration of RADIUS Virtual Circuit Logging

To enable RADIUS VC Logging on the Cisco 10000 series router, use the following command in global configuration mode:

radius-server attribute nas-port format d

This command selects the ATM VC extended format for the NAS port field.

For more information, refer to the RADIUS Virtual Circuit Logging, Release 11.3DB9 feature module.

AAA Server Group Support for Proxy Services

The AAA Server Group Support for Proxy Services feature allows you to configure multiple AAA servers for redundancy. The RADIUS Server attribute enables AAA server group support for proxy services. Each group is associated with a service that requires proxy RADIUS AAA. You can configure each remote RADIUS server with timeout and retransmission parameters. When necessary, the SSG performs failover among the servers in the predefined group.

The RADIUS Server attribute specifies the remote RADIUS servers that SSG uses to authenticate, authorize, and perform accounting for a service login for a proxy service type. This attribute is used only in service profiles and is required. SSG automatically creates an AAA server group that contains the remote RADIUS server for this service profile.

For more information, refer to the Service Selection Gateway, Release 12.2(15)B feature module.

Restrictions for AAA Server Group Support for Proxy Services

The AAA Server Group Support for Proxy Services feature has the following restriction:

The RADIUS Server attribute is supported only by SSG with SESM in RADIUS mode.

Cisco 10000 Series Router Service Selection Gateway Configuration Guide

11-2

OL-4387-02

 

 

Page 72
Image 72
Cisco Systems OL-4387-02 manual Radius Virtual Circuit Logging, AAA Server Group Support for Proxy Services, 11-2