|
|
This feature module describes enhancements to the Node Route Processor-Service Selection Gateway (NRP-SSG) feature. It includes information on the benefits of the enhancements, supported platforms, related documents, and so forth.
This document includes the following sections:
The enhancements to the NRP-SSG are included in Cisco IOS Release 12.0(5)DC. The NRP-SSG is a switching solution for service providers who offer intranet, extranet, and Internet connections to subscribers using high-speed data circuit equipment (DCE) such as Asymmetric Digital Subscriber Line (ADSL) to allow simultaneous access to network services. The NRP-SSG with Web Selection works in conjunction with the Cisco Service Selection Dashboard (SSD). The Cisco SSD is an open source web-based server application that allows users to select from multiple passthrough and proxy services through a standard web browser.
The NRP-SSG works with Cisco Express Forwarding (CEF) switching technology to provide maximum Layer 3 switching performance. Because CEF is topology-driven rather than traffic-driven, its performance is unaffected by network size or dynamics.
The NRP-SSG uses IOS Network Address Translation (NAT) to map the inside IP addresses of subscribers to the outside IP addresses from the destination service networks. This replaces the SSG NAT used in Cisco IOS Release 12.0(3)DC.
The NRP-SSG supports virtual path identifier/virtual channel identifier (VPI/VCI) closed user groups by allowing VPI/VCIs to be bound to a given service. All users accessing the NRP-SSG through the VPI/VCI or range of VPI/VCIs will be able to access the service. You can specify whether users are allowed to access only the bound service or other additional services to which they subscribe. A closed user group service can only be selected through the VPI/VCI and not by entering the domain name in the user name of a Point-to-Point Protocol (PPP) session.
The NRP-SSG supports intermittent RADIUS accounting updates. When a user logs on to the NRP-SSG, the NRP-SSG sends an accounting start record to the local RADIUS server. When a user logs on to a service, the NRP-SSG sends a connection start record to the local RADIUS server and to the remote RADIUS proxy server. During the time that the user is logged on to the NRP-SSG, the NRP-SSG sends accounting update records at specified intervals to the appropriate server. When a user logs off from a service, the NRP-SSG sends a connection stop record to the local RADIUS server and to the remote RADIUS proxy server. When a user logs off from the NRP-SSG, the NRP-SSG sends an accounting stop record to the local RADIUS server.
The NRP-SSG works in conjunction with the Cisco SSD. The Cisco SSD is a specialized web server, populated by the service provider, that lists all of the potential networks (or services) a particular customer can access. Customers select and deselect services from a menu through a frames-enabled HTML browser.
For related information on this feature, refer to the following documents:
Node Route Processor-Service Selection Gateway Enhancements are supported on the Cisco 6400.
If you want to perform Layer 3 service selection, you must install and configure the Cisco Service Selection Dashboard as described in the Cisco Service Selection Dashboard User Guide.
Perform the following tasks to configure the NRP-SSG enhancements. All of these tasks are optional.
This task is optional. Set the interval at which accounting updates are sent to the accounting server.
| Command | Purpose |
|---|---|
Specifies the interval at which accounting updates are sent to the accounting server. The minimum interval is 60 seconds. The default interval is 120 seconds. |
Use the show running-config command to verify that the accounting interval has been set correctly.
This task is optional. CEF is disabled by default. CEF only works with PPPoE.
Use the show running-config and show ip cef commands to verify that CEF has been enabled.
This task is optional. To configure IOS Network Address Translation (NAT), you must specify an inside interface from which clients connect to the NRP-SSG and an outside interface from which services are accessed. Enter interface or subinterface configuration mode for the desired inside and outside interfaces and enter the appropriate command below.
| Command | Purpose |
|---|---|
Specifies the inside interface from which clients access the NRP-SSG. |
|
Specifies the outside interface from which services are accessed. |
Use the show running-config command to verify that inside and outside ports have been specified correctly. Use the show ip nat translations command to view your NAT addresses.
This task is optional. To configure VPI/VCI closed user groups, you must bind VPI/VCIs to a given service as described below. Closed user groups allow all users accessing the NRP-SSG through the VPI/VCI or range of VPI/VCIs to access the service. You can specify whether users are allowed to access only the bound service or other additional services to which they subscribe. A closed user group service can only be selected through the VPI/VCI and not by entering the domain name in the user name of a PPP session.
| Command | Purpose |
|---|---|
Use the show running-config and show ssg vc-service-map command to view service name to VC mappings.
The following example RADIUS accounting records will be sent to the appropriate server every 600 seconds while the user is logged on to the NRP-SSG:
This section documents new commands associated with the NRP-SSG enhancements. All other commands used with this feature are documented in the Cisco IOS Release 12.0 command reference publications.
To display VC to service name mappings, use the show ssg vc-service-map global configuration command.
No default behavior or values.
Use this command to display VC to service name mappings.
The following example displays the VCs mapped to the Worldwide service name:
| Command | Description |
|---|---|
To specify the interval at which accounting updates are sent to the accounting server, use the ssg accounting interval global configuration command. To disable the accounting interval, use the no form of this command.
The accounting interval is 120 seconds by default.
Use this command to specify the interval at which accounting updates are sent to the accounting server.
The following example specifies that the NRP-SSG will send an accounting update to the accounting server every 60 seconds:
To map VCs to service names, use the ssg vc-service-map global configuration command. To disable VC to service name mapping, use the no form of this command.
The service mapping is non-exclusive by default.
Use this command to map VCs to service names. If you specify a VC to service name mapping as exclusive, specifying a username will log you into the mapped service. However specifying username@service will not log you in. If you specify a mapping as non-exclusive, specifying a username will log you into the mapped service. However, username@service1 will log you into service1.
The following example maps all users coming into the NRP on VPI/VCI 3/33 to the service Worldwide exclusively:
| Command | Description |
|---|---|
Posted: Fri Jan 17 01:57:22 PST 2003
All contents are Copyright © 1992--2002 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.