Manuals
/
Cisco Systems
/
Computer Equipment
/
Network Router
Cisco Systems
OL-4387-02
manual
Viii
Models:
OL-4387-02
1
8
110
110
Download
110 pages
54.42 Kb
5
6
7
8
9
10
11
12
<
>
Troubleshooting
Password
Default Network
Login
SSG Unconfig
Downstream Access Control List
SSG Prepaid Idle Timeout
Authorization
Service Selection Gateway
Supported SSG Features
Page 8
Image 8
Contents
Cisco 10000 Series Router Service Selection Gateway Configuration Guide
viii
OL-4387-02
Page 7
Page 9
Page 8
Image 8
Page 7
Page 9
Contents
Corporate Headquarters
Copyright 2004, Cisco Systems, Inc All rights reserved
N T E N T S
Iii
Configuration Example for SSG AutoDomain
Configuration Example for SSG Open Garden
Configuration of VPI/VCI Static Binding to a Service Profile
SSG Unconfig
Vii
Viii
Document Organization
About This Guide
Audience
Document Conventions
Cisco.com
Related Documentation
Obtaining Documentation
Documentation Feedback
Obtaining Technical Assistance
Documentation CD-ROM
Ordering Documentation
Cisco TAC Website
Opening a TAC Case
TAC Case Priority Definitions
Xiii
Obtaining Additional Publications and Information
Xiv
Service Selection Gateway Overview
Service Selection Gateway
SSG Topology Example
Default Network
Access Protocols
Supported SSG Features
SSG Restrictions
Service Selection Gateway Overview SSG Restrictions
SSG Prerequisites
SSG Architecture Model
Service Selection Gateway Overview SSG Architecture Model
OL-4387-02
Scalability and Performance
Limitations and Restrictions
Scalability and Performance Limitations and Restrictions
Prerequisites for Single Host Logon
SSG Logon and Logoff
Single Host Logon
Restrictions for SSG Autologoff
Configuration of SSG Autologoff
SSG Autologoff
SSG Prepaid Idle Timeout
Configuration Example for SSG Autologoff
Example 3-1 SSG Autologoff Using ARP Ping
Example 3-2 SSG Autologoff Using Icmp Ping
Service Authorization
Service Reauthorization
Restrictions for SSG Prepaid Idle Timeout
Prerequisites for SSG Prepaid Idle Timeout
Configuration of SSG Prepaid Idle Timeout
Configuration Example for SSG Prepaid Idle Timeout
SSG Session and Idle Timeout
Example 3-5 SSG Service-Specific TCP Redirect
Example 3-7 SSG Threshold Volume
Example 3-6 SSG Threshold Time
Authentication and Accounting
SSG Full Username Radius Attribute
Restrictions for SSG Full Username Radius Attribute
Example 4-1 Radius Freeware Format Example
Account Login and Logout
Radius Accounting Records
Example 4-3 Radius Accounting-Start Record
Example 4-4 Radius Accounting-Stop Record
Service Connection and Termination
Authentication and Accounting Radius Accounting Records
PTA-Multidomain
Service Selection Methods
PPP Terminated Aggregation
Web Service Selection
Restrictions for PTA-MD
Sesm and SSG Performance
OL-4387-02
Service Connection
SSG AutoDomain
Restrictions for SSG AutoDomain
Configuration of SSG AutoDomain
Configuration Example for SSG AutoDomain
Example 6-3 AutoDomain Exclude File Format
Example 6-1 SSG AutoDomain
Example 6-2 AutoDomain Exclude Profile SSG VSA Format
Restrictions for SSG Prepaid
Configuration of SSG Prepaid
SSG Prepaid
Configuration Example for SSG Prepaid
SSG Open Garden
Configuration of SSG Open Garden
Configuration Example for SSG Open Garden
SSG Port-Bundle Host Key
Restrictions for SSG Open Garden
Restrictions for SSG Port-Bundle Host Key
Mutually Exclusive Service Selection
Configuration of SSG Port-Bundle Host Key
Exclude Networks
Prerequisites for SSG Port-Bundle Host Key
Configuration of Mutually Exclusive Service Selection
OL-4387-02
Service Profiles
Downstream Access Control List
Upstream Access Control List
Service Authentication Type
Domain Name
Full Username
Service-Defined Cookie
Service Description
Service Mode
Service Next-Hop Gateway
Cached Service Profiles
Type of Service
Service Profile Example
Example 7-1 Service Profile
Configuration of Cached Service Profiles
OL-4387-02
SSG Hierarchical Policing Token Bucket Scheme
SSG Hierarchical Policing
SSG Hierarchical Policing Overview
SSG Hierarchical Policing Configuration
Restrictions for SSG Hierarchical Policing
Configuration Examples for SSG Hierarchical Policing
Example 8-2 Enabling Per-Session Policing on a Router
OL-4387-02
Interface Configuration
Transparent Passthrough
Access Side Interfaces
For example
Configuration of Transparent Passthrough
Multicast Protocols on SSG Interfaces
Network Side Interfaces
Restrictions of Transparent Passthrough
Configuration of Multicast Protocols on SSG Interfaces
10-1
Redirection for Unauthenticated Users
SSG TCP Redirect
Redirection for Unauthorized Services
10-2
Initial Captivation
10-3
Configuration of SSG TCP Redirect
Restrictions for SSG TCP Redirect
Prerequisites for SSG TCP Redirect
10-4
Example 10-2 Limiting Redirected TCP Sessions
10-5
Example 10-1 Binding a Server Group to a Port
Configuring SSG TCP Redirect
10-6
Configuration Examples for SSG TCP Redirect
10-7
Example 10-3 Defining a Captive Portal Server Group
Example 10-4 Defining Network Lists
10-8
Example 10-5 Defining Port Lists
11-1
Miscellaneous SSG Features
VPI/VCI Static Binding to a Service Profile
AAA Server Group Support for Proxy Services
Configuration of Radius Virtual Circuit Logging
Radius Virtual Circuit Logging
11-2
Packet Filtering
11-3
Downstream Access Control List-outacl
Upstream Access Control List-inacl
Restrictions for Packet Filtering
11-4
SSG Unconfig
Configuration of Packet Filtering
Configuration Example for Packet Filtering
Restrictions for SSG Unconfig
Prerequisites for SSG Unconfig
Configuration of SSG Unconfig
Configuration Examples for SSG Unconfig
11-6
11-7
SSG Enhancements for Overlapping Services
Service Translation
11-8
Restrictions for Service Translation
11-9
Configuration of Service Translation
11-10
Expansion of Service IDs
11-11
Network Sets
11-12
Monitoring and Maintaining SSG
12-1
Troubleshooting Radius
Per-Service Statistics
Restrictions for Per-Service Statistics
12-2
Monitoring the Parallel Express Forwarding Engine
12-3
12-4
SSG Configuration Example
Figure A-1 SSG Example Topology
Example A-1 Cisco 10000 Router SSG Configuration
Username cisco password 0 cisco clock timezone PST
Ssg accounting interval 300 ssg profile-cache
Full-duplex
Peer default ip address pool SSG-POOL
Exec-timeout 0 0 password lab
SSG Feature Implementation Notes
SSG Implementation Notes
Mpls
Also see the Restrictions for SSG TCP Redirect section on
OL-4387-02
O S S a R Y
GL-1
GL-2
GL-3
GL-4
GL-5
GL-6
D E
IN-1
DSL G-1
IN-2
ISP G-2 L2TP
IN-3
Radius
IN-4
Reauthorizing prepaid
IN-5
TCP
IN-6
VRF G-5 VSA
IN-7
IN-8
Top
Page
Image
Contents
