|
|
This feature module describes enhancements to the Node Route Processor-Service Selection Gateway (NRP-SSG) feature. It includes information on the benefits of the enhancements, supported platforms, related documents, and so forth.
This document includes the following sections:
The enhancements to the NRP-SSG are included in Cisco IOS Release 12.0(5)DC. The NRP-SSG is a switching solution for service providers who offer intranet, extranet, and Internet connections to subscribers using high-speed data circuit equipment (DCE) such as Asymmetric Digital Subscriber Line (ADSL) to allow simultaneous access to network services. The NRP-SSG with Web Selection works in conjunction with the Cisco Service Selection Dashboard (SSD). The Cisco SSD is an open source web-based server application that allows users to select from multiple passthrough and proxy services through a standard web browser.
The NRP-SSG works with Cisco Express Forwarding (CEF) switching technology to provide maximum Layer 3 switching performance. Because CEF is topology-driven rather than traffic-driven, its performance is unaffected by network size or dynamics.
The NRP-SSG uses IOS Network Address Translation (NAT) to map the inside IP addresses of subscribers to the outside IP addresses from the destination service networks. This replaces the SSG NAT used in Cisco IOS Release 12.0(3)DC.
The NRP-SSG supports virtual path identifier/virtual channel identifier (VPI/VCI) closed user groups by allowing VPI/VCIs to be bound to a given service. All users accessing the NRP-SSG through the VPI/VCI or range of VPI/VCIs will be able to access the service. You can specify whether users are allowed to access only the bound service or other additional services to which they subscribe. A closed user group service can only be selected through the VPI/VCI and not by entering the domain name in the user name of a Point-to-Point Protocol (PPP) session.
The NRP-SSG supports intermittent RADIUS accounting updates. When a user logs on to the NRP-SSG, the NRP-SSG sends an accounting start record to the local RADIUS server. When a user logs on to a service, the NRP-SSG sends a connection start record to the local RADIUS server and to the remote RADIUS proxy server. During the time that the user is logged on to the NRP-SSG, the NRP-SSG sends accounting update records at specified intervals to the appropriate server. When a user logs off from a service, the NRP-SSG sends a connection stop record to the local RADIUS server and to the remote RADIUS proxy server. When a user logs off from the NRP-SSG, the NRP-SSG sends an accounting stop record to the local RADIUS server.
The NRP-SSG works in conjunction with the Cisco SSD. The Cisco SSD is a specialized web server, populated by the service provider, that lists all of the potential networks (or services) a particular customer can access. Customers select and deselect services from a menu through a frames-enabled HTML browser.
For related information on this feature, refer to the following documents:
Node Route Processor-Service Selection Gateway Enhancements are supported on the Cisco 6400.
None
None
None
If you want to perform Layer 3 service selection, you must install and configure the Cisco Service Selection Dashboard as described in the Cisco Service Selection Dashboard User Guide.
Perform the following tasks to configure the NRP-SSG enhancements. All of these tasks are optional.
This task is optional. Set the interval at which accounting updates are sent to the accounting server.
| Command | Purpose |
|---|---|
Router(config-if)#ssg accounting interval seconds | Specifies the interval at which accounting updates are sent to the accounting server. The minimum interval is 60 seconds. The default interval is 120 seconds. |
Use the show running-config command to verify that the accounting interval has been set correctly.
This task is optional. CEF is disabled by default. CEF only works with PPPoE.
| Command | Purpose |
|---|---|
Router(config)# | Enables global IP CEF. |
Use the show running-config and show ip cef commands to verify that CEF has been enabled.
This task is optional. To configure IOS Network Address Translation (NAT), you must specify an inside interface from which clients connect to the NRP-SSG and an outside interface from which services are accessed. Enter interface or subinterface configuration mode for the desired inside and outside interfaces and enter the appropriate command below.
| Command | Purpose |
|---|---|
Router(config-if)#ip nat inside | Specifies the inside interface from which clients access the NRP-SSG. |
Router(config-subif)# | Specifies the outside interface from which services are accessed. |
Use the show running-config command to verify that inside and outside ports have been specified correctly. Use the show ip nat translations command to view your NAT addresses.
This task is optional. To configure VPI/VCI closed user groups, you must bind VPI/VCIs to a given service as described below. Closed user groups allow all users accessing the NRP-SSG through the VPI/VCI or range of VPI/VCIs to access the service. You can specify whether users are allowed to access only the bound service or other additional services to which they subscribe. A closed user group service can only be selected through the VPI/VCI and not by entering the domain name in the user name of a PPP session.
| Command | Purpose |
|---|---|
Router(config)#ssg vc-service-map service-name [interface slot-module-port] start-vpi | start-vpi/vci [end-vpi | end-vpi/vci] exclusive | non-exclusive | Map VCs to service names. |
Use the show running-config and show ssg vc-service-map command to view service name to VC mappings.
???
| Command | Purpose |
|---|---|
Router#show ssg vc-service-map | Displays VC to service name mappings |
ssg accounting interval 600
The following example RADIUS accounting records will be sent to the appropriate server every 600 seconds while the user is logged on to the NRP-SSG:
NAS-IP-Address = 172.16.11.1 NAS-Port = 0 NAS-Port-Type = Virtual User-Name = "cisco" Acct-Status-Type = Update Acct-Authentic = RADIUS Service-Type = Framed Acct-Session-Id = "00000000" Acct-Session-Time = 77 Acct-Input-Octets = 0 Acct-Output-Octets = 0 Acct-Input-Packets = 0 Acct-Output-Packets = 0 Framed-Protocol = PPP Framed-IP-Address = 172.16.11.12 Control-Info = "I0;0" Control-Info = "O0;0" Acct-Delay-Time = 0
NAS-IP-Address = 172.16.11.1 NAS-Port = 0 NAS-Port-Type = Virtual User-Name = "cisco" Acct-Status-Type = Update Acct-Authentic = RADIUS Service-Type = Framed Acct-Session-Id = "00000012" Acct-Session-Time = 8 Acct-Input-Octets = 0 Acct-Output-Octets = 0 Acct-Input-Packets = 0 Acct-Output-Packets = 0 Framed-Protocol = PPP Control-Info = "I0;0" Control-Info = "O0;0" Service-Info = "Nservice.com" Service-Info = "Uname" Service-Info = "TX" Acct-Delay-Time = 0
ip cef
interface ATM0/0/0.10 multipoint ip address 192.168.103.12 255.255.255.0 no ip directed-broadcast ip nat outside ip pim sparse-dense-mode ip pim multipoint-signalling map-group mapgroup1 atm multipoint-signalling atm esi-address 202020202020.10 interface Virtual-Template1 ip unnumbered FastEthernet0/0/0 no ip directed-broadcast ip nat inside ip mroute-cache keepalive 60 peer default ip address pool pool1 ppp authentication pap
ssg vc-service-map public1 1/37 non-exclusive
This section documents new commands associated with the NRP-SSG enhancements. All other commands used with this feature are documented in the Cisco IOS Release 12.0 command reference publications.
To display VC to service name mappings, use the show ssg vc-service-map global configuration command.
show ssg vc-service-map [vpi/vci [| {begin expression | exclude expression | include expression}] | service service-name [| {begin expression | exclude expression | include expression}]] [| {begin expression | exclude expression | include expression}]
vpi/vci | (Optional) VPI/VCI value including the slash, for example, 3/33. |
service | (Optional) Displays the VCs mapped to a service name. |
service-name | (Optional) Service name. |
begin | (Optional) Begin with the line that contains expression. |
exclude | (Optional) Exclude lines that contain expression. |
include | (Optional) Include lines that contain expression. |
expression | (Optional) Word or phrase used to determine what lines will be shown. |
No default behavior or values.
Privileged EXEC
| Release | Modification |
|---|---|
12.0(5)DC | This command was introduced. |
Use this command to display VC to service name mappings.
The following example displays the VCs mapped to the Worldwide service name:
RouterA# show ssg vc-service-map service Worldwide Interface From To Service Name Type All 3 /33 None Worldwide non-exclusive
| Command | Description |
|---|---|
Maps VCs to service names. |
To specify the interval at which accounting updates are sent to the accounting server, use the ssg accounting interval global configuration command. To disable the accounting interval, use the no form of this command.
ssg accounting interval seconds
seconds | (60-4294967295) Number of seconds after which an accounting update will be sent to the accounting server. The minimum interval is 60 seconds. |
The accounting interval is 120 seconds by default.
Global configuration
| Release | Modification |
|---|---|
12.0(5)DC | This command was introduced. |
Use this command to specify the interval at which accounting updates are sent to the accounting server.
The following example specifies that the NRP-SSG will send an accounting update to the accounting server every 60 seconds:
routerA# configure terminal Enter configuration commands, one per line. End with CNTL/Z. routerA(config)# ssg accounting interval 60
To map VCs to service names, use the ssg vc-service-map global configuration command. To disable VC to service name mapping, use the no form of this command.
ssg vc-service-map service-name [interface slot-module-port] start-vpi | start-vpi/vci [end-vpi | end-vpi/vci] exclusive | non-exclusive
service-name | Service name. |
interface | Specifies a service name mapping for an NSP interface. |
slot-module-port | Slot, module and port of the NSP interface through which the NRP will access the mapped service. |
start-vpi | (0-255) VPI or start of a range of VPIs that will be mapped to the service. |
start-vpi/vci | (0-255) VPI/VCI or start of a range of VPI/VCIs that will be mapped to the service. |
end-vpi | (0-255) End of a range of VPIs that will be mapped to the service. |
end-vpi/vci | (0-255) End of a range of VPI/VCIs that will be mapped to the service. |
exclusive | Users will only be able to access the mapped service. |
non-exclusive | Users will be able to access the mapped service as well as any other services to which they are subscribed. Users can log in to the NRP-SSG with a user name and password, establishing a non-PPP Termination Aggregation (PTA) session, and a PTA session to the mapped service will be established by default. If non-exclusive is specified for the service mapping, users can also establish a PTA session to another service to which they are subscribed. |
The service mapping is non-exclusive by default.
Global configuration
| Release | Modification |
|---|---|
12.0(5)DC | This command was introduced. |
Use this command to map VCs to service names. If you specify a VC to service name mapping as exclusive, specifying a username will log you into the mapped service. However specifying username@service will not log you in. If you specify a mapping as non-exclusive, specifying a username will log you into the mapped service. However, username@service1 will log you into service1.
The following example maps all users coming into the NRP on VPI/VCI 3/33 to the service Worldwide exclusively:
routerA# configure terminal Enter configuration commands, one per line. End with CNTL/Z. routerA(config)# ssg vc-service-map Worldwide 3/33 exclusive
| Command | Description |
|---|---|
Displays VC to service name mappings. |
Posted: Thu Nov 11 14:59:51 PST 1999
Copyright 1989-1999©Cisco Systems Inc.