|
|
September 2001
These release notes contain important information regarding the Cisco Subscriber Edge Services Manager (Cisco SESM) Release 3.1(1).
Cisco SESM provides extremely robust, highly scalable connection management to Internet services. It provides the end user (the subscriber) with a single web page for accessing multiple Internet services. The ISPs and NAPs deploying Cisco SESM can customize the content of the web pages and thereby control the subscriber experience for different categories of subscribers.
 |
Note For information about obtaining a license number, see the "Obtaining a License Number" section on. |
These release notes discuss the following topics:
Cisco SESM includes a set of Java-based components that are used by ISPs and NAPs to create customized web server applications. An SESM web application presents subscribers with a menu of services, enabling them to access and disconnect from different services using a web browser.
For subscribers of Internet services, SESM offers flexibility and convenience, including the ability to access multiple services simultaneously. Subscribers interact with SESM from a web page using a standard Internet browser. They do not need to download any software or plug-ins to use SESM.
For Internet service providers, SESM provides a way to control the user experience and promote customer loyalty. Service providers can change the look and feel of an SESM application, brand the application, and control the content of the pages displayed to their subscribers.
Cisco SESM Deployment Options
Cisco SESM Release 3.1(1) has three deployment options:
All three deployment options are available from the same installation package. You choose the deployment option you want during the installation.
Software Components in Cisco SESM
The software components bundled in the Cisco SESM installation package are:
| Component Name | Explanation |
|---|---|
NWSP | New World Service Provider (NWSP) This component includes the NWSP sample application (including JSPs and images), SESM libraries, configuration files, and startup scripts. |
Jetty | Jetty Web Server components |
DESS | Directory-enabled service selection (DESS) components that provide the interface between SESM and the LDAP directory and the functionality for the role-based access control (RBAC) style authorization. The DESS components are:
|
RDP | RADIUS/DESS Proxy (RDP) Server. This server responds to RADIUS requests from SSG by using the DESS application programming interface to query the LDAP directory. |
CDAT | Cisco Distributed Administration Tool (CDAT). CDAT is a specialized SESM web application that administrators can use to populate and manage the DESS/AUTH extensions to the LDAP directory schema. |
New World Service Provider Sample Application
The Cisco SESM installation package includes a sample SESM web server application, called the New World Service Provider (NWSP), that you can configure and subsequently execute as an example of SESM capabilities. You can create the desired look-and-feel and branded aspects of a customized SESM web server application by altering the sample application or writing your own application using the NWSP as an example.
Captive Portal Sample Application
The Cisco SESM installation package includes a captive portal sample application. This application demonstrates how several powerful features in SESM Release 3.1(1) work together to redirect unauthorized users to an SESM sign-on page immediately after opening a web browser. See the "New Features" section for more information about this and other Cisco SESM features.
Demo Mode
The Cisco SESM installation package provides an option to install and configure a demonstration version of the NWSP and captive portal sample applications. The demo version simulates the actions of an SESM application without using an SSG, a RADIUS server, or an LDAP directory. The demo is intended for demonstration purposes only and does not predict SESM performance in a production environment.
Host Key Port Bundle Feature on SSG
The host key port bundle option is an important new feature on the SSG. The host key is a software token (or key) that uniquely identifies each subscriber currently logged on to SESM, even when multiple subscribers are using the same IP address. The host key is a unique combination of an SSG IP address from a range of IP addresses and a port number from a range of port numbers.
The host key port bundle feature provides the following advantages to SESM applications:
Jetty Server
SESM applications are Java 2 Platform, Enterprise Edition (J2EE) compliant web server applications. In the sample SESM application, J2EE services are provided by embedded Jetty server components from Mort Bay Consulting. The SESM installation procedure installs these Jetty server components along with the SESM application. If desired, web developers at your site can deploy a J2EE-compliant server other than the Jetty server.
|
Note Initially, the host key feature works only with SESM applications running on the Jetty server. |
Additional Required Network Software
The following software components are used in a Cisco SESM deployment.
Upgrading from Cisco Service Selection Dashboard Release 3.0(1)
The Cisco Service Selection Dashboard (SSD) Release 3.0(1) software, released in June 2001, is essentially the same as SESM in RADIUS mode. An SSD Release 3.0(1) web application works in an SESM RADIUS mode deployment. See the "Upgrading from SSD Release 3.0(1)" section for reinstallation procedures.
Upgrading from SSD Release 2.5(1) and Earlier Releases
The configuration and deployment of SESM Release 3.1(1) is different from the predecessor product, Service Selection Dashboard (SSD) Release 2.5(1) and earlier releases. The main differences are:
If you are currently using SSD Release 2.5(1) or earlier, see the "Upgrading from SSD Release 2.5(1)" section for migration information.
See the following documentation regarding SESM.
The key new features in SESM Release 3.1(1) are:
The following key features were introduced in SSD Release 3.0(1):
Table 1 describes the key features in Cisco SESM Release 3.1(1).
| Feature | Description |
|---|---|
Multiple Internet service selection | An SESM web application provides a web portal from which subscribers can: An SESM web application works in conjunction with SSG to authenticate the subscriber, to obtain the list of services that the subscriber is authorized to use, and to obtain the session status information. The SESM application sends service connection requests to SSG, which makes the connection. |
JSPs provide a standard way to integrate Java code with HTML to present interactive, dynamically updated, personalized, and branded web pages to your subscribers. | |
Walled gardens, open gardens, retail pages, and service advertisements | The following features are implemented through the use of customized JSPs:
|
Captive portal |
|
|
| An SESM web application can detect a subscriber's preferred locale, device and browser type, and connection location and respond with web pages appropriate to the subscriber's preferred language, device capabilities, and connection type. |
This feature offers a streamlined login procedure in a PPP network. A subscriber who logs on using a PPP client can access the SESM application without having to re-enter the username and password. | |
This feature on the SSG ensures that each currently logged-on subscriber is uniquely identified, regardless of the IP address being used. This SSG feature allows SESM applications to support the following types of subscribers:
This feature also enhances scaling and configuration of large SESM deployments. | |
Highly scalable | An SESM web server application is highly scalable in the following ways:
|
| The following features are available only when SESM is deployed in DESS mode. | |
Subscriber account self care | This feature allows subscribers to change their own account details, such as address information and passwords. This subscriber updating capability relieves the service provider from time-consuming maintenance tasks. The NWSP sample application illustrates this feature. |
Subscriber service subscription | This feature allows subscribers to subscribe to new services and have immediate access to those services. This feature relieves the service provider from time-consuming service enrollment tasks. It also benefits the subscriber because there is no delay in receiving access to a new service. Subscribers can also unsubscribe from a service. The NWSP sample application illustrates this feature. |
Subscriber sub-account creation and management | This feature allows a subscriber with a main account to create subaccounts, with different services and access information in each subaccount. For example, a family might have subaccounts for each family member, with a different set of authorized services within each subaccount. The main account can create and delete subaccounts and subscribe to services for the subaccounts. The NWSP sample application illustrates this feature. |
Cisco Distributed Administration Tool (CDAT) | CDAT is a web-based application for administrators to use in creating and maintaining the information on users, services, and access policy that is stored in an LDAP directory. The CDAT application is described in the Cisco Distributed Administration Tool Guide. |
Role based access control (RBAC) | RBAC is an access model that allows administrators to manage groups of subscribers, rather than individuals. Using the RBAC model, administrators define roles, which have specific privileges, and groups, which have assigned roles. Individual subscribers are then assigned to a group and inherit the roles of that group. The Cisco DESS and AUTH APIs implement the RBAC model. See the Cisco Distributed Administration Tool Guide for more information about RBAC. |
The following sections highlight some important installation information.
See the Cisco Subscriber Edge Services Manager and Subscriber Policy Engine Installation and Configuration Guide for complete installation instructions.
The SESM installation program provides for two types of installation:
The license number is important when you are requesting technical support for SESM from Cisco. After installation, you can see your license number and the software version in the licensenum.txt file under the installation directory.
You can download the SESM software from the Cisco web site or copy it from the SESM product CD-ROM. The Cisco SESM software is contained in the following packages.
If you purchased a contract that allows you to obtain the SESM software from the Cisco web site, follow these procedures:
Step 2 Click the Login button. Enter your Cisco user ID and password.
To access the Cisco images from the CCO Software Center, you must have a valid Cisco user ID and password. See your Cisco account representative if you need help.
Step 3 Under Service and Support, click Software Center.
Step 4 Click Web Software.
Step 5 Click Cisco Subscriber Edge Services Manager.
Step 6 Download the appropriate image based on the platform you intend to use for hosting the SESM web application.
The SSG, LDAP directory, and RADIUS components do not need to be installed and configured before you execute the Cisco SESM installation program. However, the installation program prompts you for configuration information about these components, such as IP addresses, ports, shared secrets, and other information required for the SESM components to communicate with them. You should know these values before you perform the installation. Otherwise, you will need to reconfigure the solution later.
In the case of the LDAP directory, it is advantageous to install the Cisco SESM solution when the directory is running and to have update rights to the directory. The installation program can install required extensions to the LDAP directory.
If you are installing the demo, the installation program does not prompt you for configuration information about SSGs, LDAP directories, or RADIUS servers.
The following sections describe some important considerations related to the Cisco SESM.
To install SESM on a Windows NT platform from the SESM product CD-ROM, copy the installation file from the CD-ROM onto a local drive and perform the installation using the local copy. For more information, see the explanation for caveat CSCuk27495.
The following features require support on the SSG:
To use the captive portal feature in SESM, the Cisco 6400 NRP must be running Cisco IOS Release 12.1(5)DC1 or later and the SSG TCP redirect must be configured appropriately.
To use the host key feature, the Cisco 6400 NRP must be running Cisco IOS Release 12.2(2)B or later and the SSG host key feature must be configured appropriately. The host key feature can be enabled and disabled on both the SESM and SSG products to ensure backwards compatibility.
On Windows platforms, JRE Version 1.2.2 displays the following messages at SESM application startup:
A nonfatal internal JIT (3.10.107(x)) error 'Relocation error:
NULL relocation target' has occurred in
'org/apache/crimson/parser/Parser2.maybeComment (Z)Z': Interpreting method.
Ignore this message.
It has been observed that the performance of the Java Runtime Environment (JRE) Version 1.3.0 on Solaris is less than optimal. Later versions of the JRE may have improved performance. The reference JRE for SESM Release 3.1(1) is JRE Version 1.2.2_08.
The Sun example JMX server includes an HTML adaptor server that produces a web-based management console. This console displays the currently set values for all attributes in the XML configuration files and is useful for development environments.
However, the JMX HTML adaptor server is not production quality. For example, configuration changes that you make using this console are not persistent. You should remove this server from your configuration files before you transition the SESM application to public use.
To remove the JMX HTML adaptor server, comment out the following element in the nwsp/config/nwsp.xml file:
<Configure init="99"
class="com.sun.jdmk.comm.HtmlAdaptorServer"
name="com.cisco.aggbu:name=HtmlAdaptorServer">
<Set name="Port" type="int"><SystemProperty
name="management.portno"/></Set>
<Call name="start"/>
</Configure>
Cisco SESM Release 3.1(1) uses numerous security mechanisms:
If you are using a Sun Ultra or Enterprise, you must use Solaris Version 2.6 or later. For live deployments, we recommend using an Enterprise class server with hot-swappable components and load-balancing across multiple servers. The Cisco Content Services Switch 11000 (CSS 11000) is preferred for load balancing.
For Windows NT installations, we highly recommend that you use hardware that meets the Windows NT Hardware Compatibility List (HCL) guidelines set by Microsoft with at least 64 MB of RAM (128 MB of RAM is recommended). Memory requirements are influenced by login rates, the number of subscribers concurrently logged on, and the number of services the subscribers are subscribed to use. See Chapter 5, "Running SESM Components," in the Cisco Subscriber Edge Services Manager and Subscriber Policy Engine Installation and Configuration Guide for more details about memory requirements.
This section contains information about upgrading from previous releases of the software.
SESM Release 3.1(1) in RADIUS mode is essentially the same as the Cisco Service Selection Dashboard (SSD) Release 3.0(1). An SSD Release 3.0(1) web application works in an SESM RADIUS mode deployment. Some changes were made in the XML Document Type Definition (DTD) for the MBean configuration files. Therefore, there are slight differences in the configuration files from those that were installed for SSD Release 3.0(1). There are a few new optional configuration parameters. Some Java APIs were deprecated, and the NWSP sample application was improved.
We recommend that you install SESM in a different directory from where you installed SSD Release 3.0(1), to preserve the configuration files (for your reference) and any JSP customizations that you made to the NWSP application. Be sure to copy the customizations into the new installation directory.
This section describes how to upgrade your software from SSD Release 2.5(1) to SESM Release 3.1(1). The section discusses the following topics:
In SSD Release 2.5(1), the look and feel of the web server application was controlled by HTML templates defined for the Cisco solution.
In SESM Release 3.1(1), predefined templates are not used. Rather, you use standard JSP technology to customize the look and feel of your SESM web application.
To migrate from an SSD Release 2.5(1) web application to an SESM Release 3.1(1) web application, you must recode your application's web pages to integrate them into the JSP technology. In most cases, the design of your application presentation and the individual web page designs can be reused. SESM Release 3.1(1) allows but does not require frames. Graphic images and branding efforts can all be reused.
See the Cisco Subscriber Edge Services Manager Web Developer Guide for information on creating an SESM Release 3.1(1) web server application.
Table 2 shows configuration file differences between SSD Release 2.5(1) and SESM Release 3.1(1).
Table 3 is a reference for administrators who are familiar with SSD Release 2.5(1). The table explains how SESM Release 3.1(1) handles parameters and features that you might have implemented in SSD Release 2.5(1).
| Feature | Product Release | Sample Contents (from dashboard.conf and nwsp.xml, unless otherwise noted) |
|---|---|---|
Single Sign-on | SSD 2.5(1) | # To use SSO, set REAUTHENTICATE=off, otherwise on. |
SESM 3.1(1) | <Set name="singleSignOn" type="boolean">true</Set>
| |
Stress test | SSD 2.5(1) | # STRESS_TEST=true allows the client IP address to be added to the URL. This allows
a stress test client to be used, |
SESM 3.1(1) | The stress test feature is not implemented in SESM Release 3.1(1). | |
Demo mode | SSD 2.5(1) | # DEMO_SSD=true will simulate an SSG and AAA server using data from the AAAFILE,
otherwise false. |
SESM 3.1(1) | The following element in the SSD MBean sets SESM to run in Demo mode. <Set name="mode">Demo</Set>
The following element specifies the filename containing demonstration data. <Configure name="com.cisco.aggbu:name=SSDDemoMode">
<Set name="demoDataFile" type="java.lang.String"><SystemProperty
name="application.home"/>/config/demo.txt</Set>
</Configure>
| |
Service list format | SSD 2.5(1) | # SERVICE_LIST=text displays service names as text; =icon displays them as images. |
SESM 3.1(1) | <Put name="useIcons" type="boolean">TRUE</Put>
| |
Default template | SSD 2.5(1) | # DEFAULT_TEMPLATE sets directory to find HTML images if no template directory
matches a service name. |
SESM 3.1(1) | Not applicable. Templates are not used in this release. | |
Templates location | SSD 2.5(1) | # TEMPLATE_ROOT_DIR is the root directory from which all template directories are
enumerated. |
SESM 3.1(1) | Not applicable. Templates are not used in this release. | |
Cache managing | SSD 2.5(1) | # IDLE_TIMEOUT_SECONDS is the period for which a user object remains in the SSD
cache. |
SESM 3.1(1) | Not applicable.
| |
SSD 2.5(1) | # SERVICE_IDLE_TIMEOUT_SECONDS is the time before a service cache object is removed
from memory. | |
SESM 3.1(1) | <Set name="profileCachePeriod" type="int">600</Set>
| |
Auto logon | SSD 2.5(1) | # Specifies if SSD should perform service auto logons. Normally performed by SSG.
Default is off. |
SESM 3.1(1) | <Set name="autoConnect" type="boolean">false</Set>
| |
Sessions | SSD 2.5(1) | # Initial number of session objects created in the SSD and added to a pool |
SESM 3.1(1) | Not applicable in the new SSG interface implementation. | |
Server URL | SSD 2.5(1) | # Server URL. This specifies where clients go to in search of server pages. |
SESM 3.1(1) | Not applicable in this release.
| |
Templates | SSD 2.5(1) | # Period in seconds between checking for modified HTML files in cache for
replacement. |
SESM 3.1(1) | Not applicable. Templates are not used in this release. | |
SSL redirects | SSD 2.5(1) | # Redirect to SSL port. If set, all HTTP requests are redirected to |
SESM 3.1(1) | Not applicable. Frames are not required in this release. | |
Authenticate level | SSD 2.5(1) | # Authenticaton level 0=trust IP, 1=Trust SSL, 2=Trust Session 3=Trust SSL/Session
4=No trust |
SESM 3.1(1) | This feature is implemented using a combination of HTTP sessions, cookies, and the host key feature. | |
Message server | SSD 2.5(1) | # This section defines the messaging server to which the SSG can send system
messages. |
SESM 3.1(1) | Not applicable. The SSG asynchronous messaging service is superseded by the host key feature and its ability to signal state changes. | |
AAA configuration, primary and secondary servers | SSD 2.5(1) | This section defines the primary RADIUS server that the SSD queries for service
profiles. |
SESM 3.1(1) | <Configure name="com.cisco.aggbu:name=AAA,connection=ServiceProfile"> | |
SSG mappings | SSD 2.5(1) | servers.conf file |
SESM 3.1(1) | <Configure name="com.cisco.aggbu:name=SSG"> | |
Localization | SSD 2.5(1) | localizationDB.conf file |
SESM 3.1(1) | .properties files For example, a file named message_en.properties holds English language message text. See the Cisco Subscriber Edge Services Manager Web Developer Guide for more information. |
Table 4 describes known problems in SESM Release 3.1(1).
| Caveats | Description |
|---|---|
CSCdv02447 | When CDAT displays subaccounts, it displays group membership and not blocked roles. Workaround: You can manipulate these values using an LDAP server administration tool, such as ConsoleOne, or by using the appropriate NWSP application self-care feature to modify the roles of a subaccount. |
CSCdu12277 | The status entry for a service in the NWSP application does not show bytes in/out. The byte and packet counts are currently not available from the SSG, but will be supported in a future release of SSG. Workaround: None. |
CSCdu12329 | The installation application does not check for incorrect entries, based on either content or format. Workaround: Make sure to enter the correct details during the installation. |
CSCdv19095 | When you install the DESS component, and you check the Extend Schema option, the installation program does not provide a warning message if it fails to extend the directory schema due to a permissions problem. Workaround: Make sure to enter a directory administrator with permissions to extend the directory schema if you want the installation program to perform that task. Also, use a directory administration tool, such as ConsoleOne, to check the schema after installation to ensure that the DESS and AUTH extensions were applied. If not, use ConsoleOne to grant schema extension permissions to a user. Then rerun the installation, using the correct user when you are prompted for a directory administrator. |
CSCuk24636 | In a Point-to-Point Protocol (PPP) deployment using the single sign-on (SSO) feature, if the subscriber logs off from the SESM web application, the SSO feature does not subsequently work for that subscriber for the same IP address. Workaround: Remove the logout button from SESM applications that will be used in PPP with SSO deployments. Subscribers can end their sessions by terminating the PPP session. |
CSCuk26887 | If the default language of the Java virtual machine (JVM) is not English, the NWSP web application does not correctly display resources from resource bundles. In some circumstances, messages not intended for the end user appear. The default JVM language is normally the default language of the operating system on the Windows NT or Solaris server. Workarounds: There are three workarounds to this problem: 1. Rename the installed resource bundle files 2. Specify a default locale in the NWSP application code 3. Change the default language of the JVM to English Rename the Installed Resource Bundle Files The installed resource files are named specifically for the English locale. You can change the names to the conventional default names, which work for all locales, or change the names to match the default language of your JVM. For example, rename resource_en.properties to resource.properties (the default name, which matches all locales) or resource_it.properties (to match the Italian locale), and so on. The messages still appear in English, unless you translate the contents of the files. To rename the resource bundle files, follow these procedures.
1. Rename nwsp/docroot/WEB-INF/classes/messages_en.properties 2. In nwsp/docroot/WEB-INF/lib:
Note Use an extraction tool, such as WinZip, to unbundle and rebundle jar files. 3. Restart the NWSP web application. You do not need to recompile the application. Specify a Default Locale in the NWSP Application Code This workaround overrides the default locale of the JVM by specifying a default for the application. 1. In nwsp/docroot/decorator/createLocaleDimension.jspi, add a line that specifies the default locale to use. For example, to make the NWSP use the Italian locale (IT): l10n:context
locale='<%= new Locale("it","IT") %>' **Add this line**
resourceBundleName="messages"
scope="<%= pageContext.SESSION_SCOPE %>"
|
CSCuk26887 (continued) | 2. Recompile and restart the NWSP application. Alternatively, if precompilation is not required, replace nwsp/docroot/WEB-INF/web.xml by web.recompile.xml and restart the NWSP application on a machine with a JDK. See the Cisco Subscriber Edge Services Manager Web Developer Guide for more information about recompiling NWSP. Change the Default Language of the JVM to English To change the default JVM language on Windows NT: 1. From the Start Menu, choose Settings > Control Panel > Regional Options. 2. In the Locale drop down box, choose any of the English language locales. To change the default JVM language on Solaris, follow instructions in the operating system documentation. |
CSCuk26904 | In CDAT, if you attempt to change the description of a service from the existing text to an empty string, an AccessException error occurs. Workaround: Do not change the service description field to an empty field. If there is no other description, enter the service name in the description field. |
CSCuk26909 | CDAT does not include fields for setting the state and postal code for a subscriber. Workaround: Use an LDAP server administration tool, such as ConsoleOne, or the self-care feature in the SESM web application (NWSP) to set these values. |
CSCuk26929 | The NWSP application does not allow a subscriber to log off from a service within a service group. Workaround: Correct the JSP that controls service logoffs as follows: 1. Edit the nwsp/docroot/serviceLogoff.jsp file. 2. Replace lines 54 to 66 in the file serviceLogoff.jsp with lines 62-66 and 72-112 from nwsp/docroot/serviceLogon.jsp. 3. In the copied code, replace the three references to serviceLogon.jsp with serviceLogoff.jsp in the Log.debug statements. 4. Recompile the NWSP application and restart it. Alternatively, if precompilation is not required, replace nwsp/docroot/WEB-INF/web.xml by web.recompile.xml and restart the NWSP application on a machine with a JDK. See the Cisco Subscriber Edge Services Manager Web Developer Guide for more information about recompiling NWSP. |
CSCuk26956 | In the NWSP application deployed in DESS mode, if you create a subaccount and then subsequently change attributes for that subaccount, the modifications do not appear until the cache period for the authentication token expires. The changes are written to the directory but not to the cached object. Workaround: Tune the cache aging parameters to low values to minimize the time it takes the token to expire in the cache. You might notice a slight performance impact from this workaround. Follow these procedures: 1. Edit the NWSP configuration file (nwsp/config/nwsp.xml). 2. Find the DESSMode Configure element, which starts as follows: <Configure jmxname="com.cisco.aggbu:name=DESSMode">
3. Set tokenCheckInterval to 1 and tokenMaxAge to 0, as follows: <Set name="tokenCheckInterval" type="int">1</Set>
<Set name="tokenMaxAge" type="int">0</Set>
4. Restart the NWSP application. |
CSCuk26964 | During RDP installation, if you choose the Add Services button, the installation program does not correctly change the rdp.xml file to add the handler that implements the RDP add services feature. Workaround: To implement the RDP add services feature, manually edit the rdp.xml configuration file, as follows: 1. Edit the rdp.xml file. 2. Find the RDPPacketFactory configure element, which starts as follows: <Configure jmxname="com.cisco.aggbu:name=RDPPacketFactory">
3. Go to the second addType call. Find the following line: <Arg>com.cisco.aggbu.rdp.UserLogonFramedPacket</Arg>
<Arg>com.cisco.aggbu.rdp.UserLogonFramedAddServicesPacket</Arg>
|
CSCuk26973 | If you access the NWSP application from a Solaris machine using the Netscape 4.03 browser, a Javascript error occurs on the subaccount management page. Workaround: The best workaround is to update the browser. Otherwise, you can ignore this error message or edit the JSP to eliminate the problem. To edit the JSP, follow these procedures: 1. Edit nwsp/docroot/pages-ssm/subaccountManage.jsp. 2. Remove the preload from the body tag in line 345. To do this, find the following code: <body topmargin="0" leftmargin="0" marginwidth="0" marginheight="0"
text="#fffff f" link="#FFCC00" vlink="#FFCC00" alink="#FFCC00"
onLoad="MM_callJS('pageOnLoad( )');
MM_preloadImages
('%3Cshape:path%20idFile=%27/images/subaccount_button_r2_c2_ f2.gif%27/%3E')"
onUnload="MM_callJS('pageOnUnload()')">
<body topmargin="0" leftmargin="0" marginwidth="0" marginheight="0"
text="#fffff f" link="#FFCC00" vlink="#FFCC00" alink="#FFCC00"
onLoad="MM_callJS('pageOnLoad( )')" onUnload="MM_callJS('pageOnUnload()')">
3. Recompile and restart the NWSP application. Alternatively, if precompilation is not required, replace nwsp/docroot/WEB-INF/web.xml by web.recompile.xml and restart the NWSP application on a machine with a JDK. See the Cisco Subscriber Edge Services Manager Web Developer Guide for more information about recompiling NWSP. |
CSCuk26991 | If a subaccount is set so that it does not have the service subscription permission, it cannot see its own subscribed services. The parent account also cannot see the subscribed services. All services appear as unavailable and cannot be made available. Workaround: Modify the subaccount management JSP (nwsp/docroot/subaccountManage.jsp) so that it does not display the subscription check box; rather, subscription permissions will always be available by default. Make these changes by deleting or commenting out the following three lines of code:
if (!checkedServiceSubscription.equals(""))
if (!checkedServiceSubscription.equals(""))
<td class="MediumText"><l10n:resource key="serviceSubscription">Service
Subscription </l10n:resource> <input type="checkbox"
name="serviceSubscription" value="true" <%= checkedServiceSubscription %>
></td>
Note This change does not affect the ability of the main account to block a subaccount from subscribing to specific services. After you modify the JSP, recompile the JSPs, or if precompilation is not required, copy nwsp/docroot/WEB-INF/web.recompile.xml to web.xml. Then restart the web server. |
CSCuk26995 | On Windows NT platforms, the silent and console installation modes do not work. Workaround: Install SESM using the graphical user interface (GUI) installation mode. |
CSCuk27063 | If RDP is configured to proxy requests to another RADIUS server, authentication fails. Workaround: None. The RDP does not currently work in proxy mode due to incorrect password encryption. |
If you are installing SESM from the SESM product CD-ROM onto a Windows NT platform, the installation application fails because it tries to write to the CD's partition, which is read only. Workaround: Copy the installation file to your Windows NT platform and execute the local copy to install SESM. | |
CSCuk27639 | The fields associated with creating a tunnel service type in CDAT do not work. Workaround: Define the appropriate values using the local Cisco AV pairs as illustrated below: vpdn:tunnel-id=tunnelName
vpdn:l2tp-tunnel-password=tunnelPassword
vpdn:tunnel-type=l2tp
vpdn:ip-addresses=tunnelIpAddress
|
CSCdu33191 | The captive portal cannot determine the port number of the original HTTP request that was redirected by the SSG TCP redirect feature. When the captive portal recreates the original request, it uses the port number that the application server is listening on. Workaround: To ensure that the browser is redirected to the correct server and port after authentication, ensure the SESM web server is running on port 80 (which is the default HTTP port). |
CSCdu47568 | In some circumstances, the SESM web application can fail if the Java virtual machine (JVM) runs out of internal heap space. Workaround: If failure occurs repeatedly, consider one or both of the following:
|
Cisco provides Cisco.com as a starting point for all technical assistance. Customers and partners can obtain documentation, troubleshooting tips, and sample configurations from online tools. For Cisco.com registered users, additional troubleshooting tools are available from the TAC website.
Cisco.com is the foundation of a suite of interactive, networked services that provides immediate, open access to Cisco information and resources at anytime, from anywhere in the world. This highly integrated Internet application is a powerful, easy-to-use tool for doing business with Cisco.
Cisco.com provides a broad range of features and services to help customers and partners streamline business processes and improve productivity. Through Cisco.com, you can find information about Cisco and our networking solutions, services, and programs. In addition, you can resolve technical issues with online technical support, download and test software packages, and order Cisco learning materials and merchandise. Valuable online skill assessment, training, and certification programs are also available.
Customers and partners can self-register on Cisco.com to obtain additional personalized information and services. Registered users can order products, check on the status of an order, access technical support, and view benefits specific to their relationships with Cisco.
To access Cisco.com, go to the following website:
The Cisco TAC website is available to all customers who need technical assistance with a Cisco product or technology that is under warranty or covered by a maintenance contract.
If you have a priority level 3 (P3) or priority level 4 (P4) problem, contact TAC by going to the TAC website:
P3 and P4 level problems are defined as follows:
In each of the above cases, use the Cisco TAC website to quickly find answers to your questions.
To register for Cisco.com, go to the following website:
http://www.cisco.com/register/
If you cannot resolve your technical issue by using the TAC online resources, Cisco.com registered users can open a case online by using the TAC Case Open tool at the following website:
http://www.cisco.com/tac/caseopen
If you have a priority level 1(P1) or priority level 2 (P2) problem, contact TAC by telephone and immediately open a case. To obtain a directory of toll-free numbers for your country, go to the following website:
http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml
P1 and P2 level problems are defined as follows:
AccessPath, AtmDirector, Browse with Me, CCIP, CCSI, CD-PAC, CiscoLink, the Cisco Powered Network logo, Cisco Systems Networking Academy, the Cisco Systems Networking Academy logo, Fast Step, Follow Me Browsing, FormShare, FrameShare, GigaStack, IGX, Internet Quotient, IP/VC, iQ Breakthrough, iQ Expertise, iQ FastTrack, the iQ Logo, iQ Net Readiness Scorecard, MGX, the Networkers logo, Packet, RateMUX, ScriptBuilder, ScriptShare, SlideCast, SMARTnet, TransPath, Unity, Voice LAN, Wavelength Router, and WebViewer are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, Discover All That's Possible, and Empowering the Internet Generation, are service marks of Cisco Systems, Inc.; and Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco IOS logo, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Enterprise/Solver, EtherChannel, EtherSwitch, FastHub, FastSwitch, IOS, IP/TV, LightStream, MICA, Network Registrar, PIX, Post-Routing, Pre-Routing, Registrar, StrataView Plus, Stratm, SwitchProbe, TeleRouter, and VCO are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and certain other countries.
All other trademarks mentioned in this document or Web site are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0108R)
Copyright © 2001, Cisco Systems, Inc.
All rights reserved.
Posted: Tue Jul 16 19:29:06 PDT 2002
All contents are Copyright © 1992--2002 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.