Cisco OL-4387-02 Bedienungsanleitung
- Schauen Sie die Anleitung online durch oderladen Sie diese herunter
- 110 Seiten
- 0.03 mb
Zur Seite of
Ähnliche Gebrauchsanleitungen
-
Network Router
Cisco 1760
41 Seiten 0.77 mb -
Network Router
Cisco UBR10012
72 Seiten 5.17 mb -
Network Router
Cisco 2500 Series
12 Seiten 1.47 mb -
Network Router
Cisco 1800 Series
28 Seiten 2.9 mb -
Network Router
Cisco Router Cisco 1700
45 Seiten 6.61 mb -
Network Router
Cisco CISCO1805
4 Seiten 3.58 mb -
Network Router
Cisco 1710
12 Seiten 4.36 mb -
Network Router
Cisco RV042
2 Seiten 0.78 mb
Richtige Gebrauchsanleitung
Die Vorschriften verpflichten den Verkäufer zur Übertragung der Gebrauchsanleitung Cisco OL-4387-02 an den Erwerber, zusammen mit der Ware. Eine fehlende Anleitung oder falsche Informationen, die dem Verbraucher übertragen werden, bilden eine Grundlage für eine Reklamation aufgrund Unstimmigkeit des Geräts mit dem Vertrag. Rechtsmäßig lässt man das Anfügen einer Gebrauchsanleitung in anderer Form als Papierform zu, was letztens sehr oft genutzt wird, indem man eine grafische oder elektronische Anleitung von Cisco OL-4387-02, sowie Anleitungsvideos für Nutzer beifügt. Die Bedingung ist, dass ihre Form leserlich und verständlich ist.
Was ist eine Gebrauchsanleitung?
Das Wort kommt vom lateinischen „instructio”, d.h. ordnen. Demnach kann man in der Anleitung Cisco OL-4387-02 die Beschreibung der Etappen der Vorgehensweisen finden. Das Ziel der Anleitung ist die Belehrung, Vereinfachung des Starts, der Nutzung des Geräts oder auch der Ausführung bestimmter Tätigkeiten. Die Anleitung ist eine Sammlung von Informationen über ein Gegenstand/eine Dienstleistung, ein Hinweis.
Leider widmen nicht viele Nutzer ihre Zeit der Gebrauchsanleitung Cisco OL-4387-02. Eine gute Gebrauchsanleitung erlaubt nicht nur eine Reihe zusätzlicher Funktionen des gekauften Geräts kennenzulernen, sondern hilft dabei viele Fehler zu vermeiden.
Was sollte also eine ideale Gebrauchsanleitung beinhalten?
Die Gebrauchsanleitung Cisco OL-4387-02 sollte vor allem folgendes enthalten:
- Informationen über technische Daten des Geräts Cisco OL-4387-02
- Den Namen des Produzenten und das Produktionsjahr des Geräts Cisco OL-4387-02
- Grundsätze der Bedienung, Regulierung und Wartung des Geräts Cisco OL-4387-02
- Sicherheitszeichen und Zertifikate, die die Übereinstimmung mit entsprechenden Normen bestätigen
Warum lesen wir keine Gebrauchsanleitungen?
Der Grund dafür ist die fehlende Zeit und die Sicherheit, was die bestimmten Funktionen der gekauften Geräte angeht. Leider ist das Anschließen und Starten von Cisco OL-4387-02 zu wenig. Eine Anleitung beinhaltet eine Reihe von Hinweisen bezüglich bestimmter Funktionen, Sicherheitsgrundsätze, Wartungsarten (sogar das, welche Mittel man benutzen sollte), eventueller Fehler von Cisco OL-4387-02 und Lösungsarten für Probleme, die während der Nutzung auftreten könnten. Immerhin kann man in der Gebrauchsanleitung die Kontaktnummer zum Service Cisco finden, wenn die vorgeschlagenen Lösungen nicht wirksam sind. Aktuell erfreuen sich Anleitungen in Form von interessanten Animationen oder Videoanleitungen an Popularität, die den Nutzer besser ansprechen als eine Broschüre. Diese Art von Anleitung gibt garantiert, dass der Nutzer sich das ganze Video anschaut, ohne die spezifizierten und komplizierten technischen Beschreibungen von Cisco OL-4387-02 zu überspringen, wie es bei der Papierform passiert.
Warum sollte man Gebrauchsanleitungen lesen?
In der Gebrauchsanleitung finden wir vor allem die Antwort über den Bau sowie die Möglichkeiten des Geräts Cisco OL-4387-02, über die Nutzung bestimmter Accessoires und eine Reihe von Informationen, die erlauben, jegliche Funktionen und Bequemlichkeiten zu nutzen.
Nach dem gelungenen Kauf des Geräts, sollte man einige Zeit für das Kennenlernen jedes Teils der Anleitung von Cisco OL-4387-02 widmen. Aktuell sind sie genau vorbereitet oder übersetzt, damit sie nicht nur verständlich für die Nutzer sind, aber auch ihre grundliegende Hilfs-Informations-Funktion erfüllen.
Inhaltsverzeichnis der Gebrauchsanleitungen
-
Seite 1
Corporate He adquarters Cisc o Syst ems , Inc . 170 West Ta sman Drive San Jos e, CA 95 134-1706 USA http://www.ci sco.com Tel: 408 526-4000 800 553- NETS (638 7) Fax: 408 526-4100 C i s c o 1 0000 S e r i e s R o u t e r S e r v i c e S election Gate w a y Configuration Guide January 20 04 Text Pa rt Nu mber: OL-4387- 02[...]
-
Seite 2
THE SPECIFICATIONS AND INFORMATION REGARDING TH E PRODUCTS IN THIS MANUAL ARE SUBJE CT TO CHANGE WITHOUT NO TICE. ALL STATEMENT S, INFORMATI ON, AND RECOMMENDA TIONS IN T HIS MANUAL ARE BELIEVED TO BE ACCURATE BU T ARE PRESEN TED WITHOUT WARRANTY OF ANY KIND, EXPRE SS OR IMPLIED. USERS MUST TA KE FULL RESPONSIBILITY FOR THEIR AP PLICATION OF ANY PR[...]
-
Seite 3
iii Cisco 10000 Seri es Router Service Selection Gateway Configurat ion Guide OL-4387-02 CONTEN TS About Th is Guide ix Audienc e ix Document Organi zation ix Document Convent ions x Relat ed D ocum ent atio n xi Obtain ing Docu mentati on xi Cisco. com xi Document ation C D-ROM xii Orderi ng Documenta tion xii Document ation F eedback xii Obtain i[...]
-
Seite 4
Cont ent s iv Cisco 10000 Ser ies Router Ser vice Selecti on Gateway Confi guration Guid e OL-4387-02 Config uratio n of SSG Auto logoff 3-2 Config uratio n Exampl e for SSG Autol ogoff 3-3 SSG Prepai d Idle Timeou t 3-3 Servic e Author izati on 3-4 Servic e Reaut horizat ion 3-4 Restri ctions for S SG Pr epaid I dle Ti meout 3-5 Prereq uisite s fo[...]
-
Seite 5
Content s v Cisco 10000 S eries Router S ervice Selecti on Gateway Conf iguration Gui de OL-4387-02 Restri ctions for SSG Open Gard en 6-6 Config uration of SSG Open Ga rden 6-6 Config uration Exampl e for SSG Open Gar den 6-6 SSG Port- Bundle Hos t Key 6-6 Restri ctions for SSG Port- Bundle Hos t Key 6-7 Prereq uisite s for SSG Po rt-B undle Host [...]
-
Seite 6
Cont ent s vi Cisco 10000 Ser ies Router Ser vice Selecti on Gateway Confi guration Guid e OL-4387-02 CHAPTER 9 Interf ace Configur ation 9-1 Transp arent Passth rough 9-1 Access Si de Inter faces 9-2 Network Si de Inter faces 9-3 Restri ctions of Trans parent Pa ssthrou gh 9-3 Config urati on of Tran sparent Passth rough 9-3 Multic ast Pro tocols [...]
-
Seite 7
Content s vii Cisco 10000 S eries Router S ervice Selecti on Gateway Conf iguration Gui de OL-4387-02 Config urati on of Pack et Filte ring 11-5 Config urati on Exampl e for Pac ket Filt ering 11 -5 SSG U nconfig 11-5 Restri ctions for SSG Unco nfig 11-5 Prereq uisite s for SSG Unc onfig 11-6 Config uration of SSG Uncon fig 11-6 Config uration Exam[...]
-
Seite 8
Cont ent s viii Cisco 10000 Ser ies Router Ser vice Selecti on Gateway Confi guration Guid e OL-4387-02[...]
-
Seite 9
ix Cisco 10000 Series R outer Ser vice Select ion Gateway Conf igurati on Guide OL-4387-02 About This Guide This gu ide pr ovides in forma tion abo ut th e Ser vice Sel ection Gateway (SSG) f eat ures of the C isco 10 000 Series Rou ter . The SSG feature s are sup ported in Cis co IOS Relea se 12.2( 16)BX and late r relea ses. Audience Thi s guid e[...]
-
Seite 10
x Cisco 10000 Serie s Router Servic e Se lection Gate way Co nfiguration Guide OL-4387-02 About Thi s Guide Document Conventi ons Note Th is guide also incl udes a gl ossary of t erms use d in the doc ument a nd an ind ex to help you loc ate topi cs. Document Co nventions This guid e uses th e following conv enti ons: • Bold is used f or comman d[...]
-
Seite 11
xi Cisco 10000 Series R outer Ser vice Select ion Gateway Conf igurati on Guide OL-4387-02 About Thi s Guide Relat ed Docume ntation Cautio n Means re a d e r b e c a re f ul . In this situation, you might do somethin g that could result in equipment dam age or loss of dat a. War ni n g Means danger . Y ou are in a situation that could cause bodily[...]
-
Seite 12
xii Cisco 10000 Serie s Router Servic e Se lection Gate way Co nfiguration Guide OL-4387-02 About Thi s Guide Docum entation Fe edback Documenta tion CD-ROM Cisco documentati on and additio nal literature are a v ailable in a Cisco Documentation CD-R OM packag e, w hich ma y have shipped with your produ ct. The Do cume ntati on CD-ROM is upd ated r[...]
-
Seite 13
xiii Cisco 10000 Series R outer Ser vice Select ion Gateway Conf igurati on Guide OL-4387-02 About Thi s Guide Obtaining Technical Assistance Cisco TAC W ebsite The Cisco T A C website provides onl ine docume nts and to ols for troub leshoot ing and re solving technical issues wi th Ci sco pr oducts and te chnolo gies . The C isco T A C web site is[...]
-
Seite 14
xiv Cisco 10000 Serie s Router Servic e Se lection Gate way Co nfiguration Guide OL-4387-02 About Thi s Guide Obtainin g Addi tional Pub lications and Informat ion Obtaining Ad ditional Publication s and Informatio n Informa tion ab out Cisco pro ducts, t echnologi es, and ne twork soluti ons is av ailable from various online and printe d source s.[...]
-
Seite 15
C HAPTER 1-1 Cisco 10000 S eries Router S ervice Selecti on Gateway Conf iguration Gui de OL-4387-02 1 Service Selection Gateway Overview The Service Selec tion Gate way feature, a v ailable in Cisco IOS Release 12.2(16)BX or later , o f fers a switching solu tion to service pro vider s. W orking in conjuncti on with the Cisco Subscrib er Edge Serv[...]
-
Seite 16
1-2 Cisco 10000 Serie s Router Servic e Se lection Gate way Co nfiguration Guide OL-4387-02 Chapter 1 S ervice Selection Gateway Overview Service Selec tion Gateway Figur e 1 -1 SSG T opology Ex ample Note Th e Cisco 1000 0 series rou ter does not supp ort tunnel ing of SSG user s. The Cisc o 100 00 ser ies ro uter adds the Open Ga rden and default[...]
-
Seite 17
1-3 Cisco 10000 S eries Router S ervice Selecti on Gateway Conf iguration Gui de OL-4387-02 Chapter 1 Service Sele ction Ga teway O verview Service Selection Gateway Default Network The defau lt network is a loca tion that SSG allo ws u nauthentic ated users to acc ess. The default netw ork is a sin gle IP addre ss or subn et, t ypical ly the I P a[...]
-
Seite 18
1-4 Cisco 10000 Serie s Router Servic e Se lection Gate way Co nfiguration Guide OL-4387-02 Chapter 1 S ervice Selection Gateway Overview Supported SSG Feature s Supported SSG Features The C isco 10 000 s eries r outer suppo rts the follo wing SSG feat ures and function ality: • SSG Logo n and L ogoff, page 3-1 • Authent icati on and Account in[...]
-
Seite 19
1-5 Cisco 10000 S eries Router S ervice Selecti on Gateway Conf iguration Gui de OL-4387-02 Chapter 1 Service Sele ction Ga teway O verview SSG Re stric tions • The Cisco 100 00 router’ s SSG software and forwarding softw are handle multiple us ers attached to a single Cisco IOS softw are interf ace in dif ferent w ays, which could res ult in u[...]
-
Seite 20
1-6 Cisco 10000 Serie s Router Servic e Se lection Gate way Co nfiguration Guide OL-4387-02 Chapter 1 S ervice Selection Gateway Overview SSG Prerequisi tes SSG Prerequisites The SSG featur e has the follo wing prereq uisites : • The Cisco 1000 0 series rou ter mu st be running Cisc o IOS Release 1 2.2(16)BX or later . • The perfo rma nce ro ut[...]
-
Seite 21
1-7 Cisco 10000 S eries Router S ervice Selecti on Gateway Conf iguration Gui de OL-4387-02 Chapter 1 Service Sele ction Ga teway O verview SSG Archit ecture Mo del In Figure 1-2 , subs cribers access the SESM web po rtal appl ication u sing an y web b row ser on a v ariety of devices (su ch as a desk top co mputer over DSL). The Cisco 10000 se rie[...]
-
Seite 22
1-8 Cisco 10000 Serie s Router Servic e Se lection Gate way Co nfiguration Guide OL-4387-02 Chapter 1 S ervice Selection Gateway Overview SSG Ar chitecture M odel[...]
-
Seite 23
C HAPTER 2-1 Cisco 10000 S eries Router S ervice Selecti on Gateway Conf iguration Gui de OL-4387-02 2 Scalability and Performance The inf rastructure of the serv ice prov ider mu st be capable of support ing the se rvices the enterprise custom er or Intern et service p rovid er (ISP) want s to of fer its subs cribers. It must also be able to scale[...]
-
Seite 24
2-2 Cisco 10000 Serie s Router Servic e Se lection Gate way Co nfiguration Guide OL-4387-02 Chapter 2 Scala bility and Performance Limitati ons and Rest riction s No w , consider th e follo wing re vised service defin itions in which two dif f erent servic es are def ined. These service de finitio ns allo w all users to conne ct to the Standard ser[...]
-
Seite 25
C HAPTER 3-1 Cisco 10000 S eries Router S ervice Selecti on Gateway Conf iguration Gui de OL-4387-02 3 SSG Logon and Logoff The Ci sco 1000 0 se ries rou ter sup ports the foll owing SSG featu res for logon a nd log off related functions: • Single Host Lo gon, pag e 3-1 • SSG Autolog off, page 3- 2 • SSG Prepai d Idle T imeou t, page 3-3 • [...]
-
Seite 26
3-2 Cisco 10000 Serie s Router Servic e Se lection Gate way Co nfiguration Guide OL-4387-02 Chapter 3 S SG Logon and L ogoff SSG Auto log off SSG Autologoff The SS G Auto log off feature en ab les S SG to verif y conne ctivity w ith eac h host. SSG che cks the st atus of the connec tion with e ach hos t at configured inte rvals. If SSG find s that [...]
-
Seite 27
3-3 Cisco 10000 S eries Router S ervice Selecti on Gateway Conf iguration Gui de OL-4387-02 Chapter 3 SSG Logon and Logoff SSG Prep aid Idl e Timeout Configuration Example for SSG Autologoff Exam ple 3-1 shows ho w to enable autologo ff with ARP ping. Example 3 -1 SSG A utolog of f Using ARP Ping ssg auto-logoff arp interval 60 Exam ple 3-2 shows h[...]
-
Seite 28
3-4 Cisco 10000 Serie s Router Servic e Se lection Gate way Co nfiguration Guide OL-4387-02 Chapter 3 S SG Logon and L ogoff SSG Prepaid Idle Ti meout Service Authorization SSG sends a service aut horization req uest to the billing serv er upon initial servic e authorizatio n. Explicit service a uthorizat ion is req uired when e ver a user attempts[...]
-
Seite 29
3-5 Cisco 10000 S eries Router S ervice Selecti on Gateway Conf iguration Gui de OL-4387-02 Chapter 3 SSG Logon and Logoff SSG Prep aid Idl e Timeout Restrictions for SSG Prepa id Idle Timeout The SSG Prepaid I dle T imeout feat ure h as the f ollo wing restri ctions: • The Ci sco 10000 router suppo rts only time -based SSG Prepa id for a servic [...]
-
Seite 30
3-6 Cisco 10000 Serie s Router Servic e Se lection Gate way Co nfiguration Guide OL-4387-02 Chapter 3 S SG Logon and L ogoff SSG Session an d Idle Timeout Exam ple 3-5 sho ws ho w to conf igure the SSG TCP Redir ect fea ture f or a sp ecif ic serv ice. Th e comma nds redi rect all prepaid s ervice tr af fi c to the ca pti v e porta l group called &[...]
-
Seite 31
C HAPTER 4-1 Cisco 10000 S eries Router S ervice Selecti on Gateway Conf iguration Gui de OL-4387-02 4 Authentic ation and Accou nting The C isco 10 000 seri es r outer supp orts th e follo wing SSG f eatures for authentic ation a nd acc ountin g related f unctions: • SSG Full Username RADIUS Attrib ute, page 4-1 • RADIUS Acco unting Record s, [...]
-
Seite 32
4-2 Cisco 10000 Serie s Router Servic e Se lection Gate way Co nfiguration Guide OL-4387-02 Chapter 4 A uthentication and Accounting RADIUS Ac counting Records RADIUS Accounting Records SSG sends acc ounting reco rds with the associa ted attrib utes to the RADIUS acco unting serv er when the follo w ing ev ents occu r: • Account Login and Lo gout[...]
-
Seite 33
4-3 Cisco 10000 S eries Router S ervice Selecti on Gateway Conf iguration Gui de OL-4387-02 Chapter 4 Authenticati on and Acco unting RADIUS Accounting Re cords Service C onnectio n and Termi nation SSG also s ends a RADI US accoun ting-req uest reco rd to t he local RAD IUS serv er w hen a use r access es or te rminates a servic e. The Acct-Stat u[...]
-
Seite 34
4-4 Cisco 10000 Serie s Router Servic e Se lection Gate way Co nfiguration Guide OL-4387-02 Chapter 4 A uthentication and Accounting RADIUS Ac counting Records Exam ple 4-6 shows the informat ion conta ined in an accounti ng-stop re cord for ser vic e termina tion. Example 4 -6 RADIUS A ccounting-St op Recor d f or Service T er mina tion NAS-IP-Add[...]
-
Seite 35
C HAPTER 5-1 Cisco 10000 S eries Router S ervice Selecti on Gateway Conf iguration Gui de OL-4387-02 5 Service Selection Methods The Cisco 100 00 series ro uter supports the follo wing se rvice selec tion methods: • PPP T erminated Aggregation, page 5-1 • PT A-Mul tidomain, page 5-1 • W eb Se rvice Sele ction, pa ge 5-2 This c hapter d escrib[...]
-
Seite 36
5-2 Cisco 10000 Serie s Router Servic e Se lection Gate way Co nfiguration Guide OL-4387-02 Chapter 5 Service Sele ction Met hods Web Service Sel ection Restrictions for PTA-MD A user cannot co nnect to multiple service s that are simultaneo usly in differ ent VRFs. Web Service Selection W eb service selection en ables users to concurrently acc ess[...]
-
Seite 37
5-3 Cisco 10000 S eries Router S ervice Selecti on Gateway Conf iguration Gui de OL-4387-02 Chapter 5 Serv ice Selection Methods Web Service Selection SESM and SSG Performa nce Packets sent betwe en the SSG a nd the SE SM might re quire p rocessing by th e Cisco 1 0000 ro uter Rou te Process or (RP) , instea d of the par allel ex pres s forwar ding[...]
-
Seite 38
5-4 Cisco 10000 Serie s Router Servic e Se lection Gate way Co nfiguration Guide OL-4387-02 Chapter 5 Service Sele ction Met hods Web Service Sel ection[...]
-
Seite 39
C HAPTER 6-1 Cisco 10000 S eries Router S ervice Selecti on Gateway Conf iguration Gui de OL-4387-02 6 Service Connection The Ci sco 10 000 seri es ro uter s upport s the follo wing SSG feat ures for ser vice co nnecti on: • SSG AutoD omain, page 6- 1 • SSG Prepaid, page 6-4 • SSG Open Gard en, page 6-5 • SSG Port-Bundle Host K ey , page 6-[...]
-
Seite 40
6-2 Cisco 10000 Serie s Router Servic e Se lection Gate way Co nfiguration Guide OL-4387-02 Chapter 6 Service C onnect ion SSG Auto Dom ain Y ou c an con figure SSG Au toDoma in in basic or extend ed mode . In basic mode, the AutoDoma in pro file do wnloaded from the AAA ser ver is a se rvice prof ile. T his service p rofi le is a proxy o r VPDN se[...]
-
Seite 41
6-3 Cisco 10000 S eries Router S ervice Selecti on Gateway Conf iguration Gui de OL-4387-02 Chapter 6 Serv ice Connect ion SSG AutoDomain Example 6 -1 SSG A utoDomain ssg auto-domain mode extended select called-station-id nat user-address download exclude-profile ssg-auto-domain-exclude-profile cisco exclude apn cisco exclude domain motorola Exampl[...]
-
Seite 42
6-4 Cisco 10000 Serie s Router Servic e Se lection Gate way Co nfiguration Guide OL-4387-02 Chapter 6 Service C onnect ion SSG Prepaid SSG Prepaid The SSG Pr epaid feat ure a llo ws a use r to conn ect to a ser vice if the use r has pr epaid f or the service. SSG checks a subscrib er’ s av ailable credit to determine w hether to co nnect th e sub[...]
-
Seite 43
6-5 Cisco 10000 S eries Router S ervice Selecti on Gateway Conf iguration Gui de OL-4387-02 Chapter 6 Serv ice Connect ion SSG Open Garden Configuration Example for SSG Prepaid Exam ple 6-4 configure s a global p repa id server group named ssg_prepaid and attach es the server gr oup to the SSG. Example 6 -4 At tachi ng a Global Pr epaid Server G r [...]
-
Seite 44
6-6 Cisco 10000 Serie s Router Servic e Se lection Gate way Co nfiguration Guide OL-4387-02 Chapter 6 Service C onnect ion SSG Port-Bund le Host Key Restrictions for SSG Open Garden The SSG Open Gar den featur e has the follo wing res trictio ns: • RADIUS acc ounting records are no t created for Open Gard en service s. • The C isco 1000 0 route[...]
-
Seite 45
6-7 Cisco 10000 S eries Router S ervice Selecti on Gateway Conf iguration Gui de OL-4387-02 Chapter 6 Serv ice Connect ion SSG Po rt-Bun dle Ho st Ke y For each T CP session betw een a subs criber and t he SESM server , SSG use s one port fr om t he port bundle as the port map. Port mappi ngs are flagged as eligible f or reuse on the basis of inact[...]
-
Seite 46
6-8 Cisco 10000 Serie s Router Servic e Se lection Gate way Co nfiguration Guide OL-4387-02 Chapter 6 Service C onnect ion Exclude N etworks Prerequisites for SSG Port-Bundle Host Key The SSG Port-Bun dle Host K ey feature ha s the following requ ireme nts: • The Ci sco 1000 0 route r support s the SSG Port-B undle H ost Key feature f or Cisco SE[...]
-
Seite 47
6-9 Cisco 10000 S eries Router S ervice Selecti on Gateway Conf iguration Gui de OL-4387-02 Chapter 6 Serv ice Connect ion Mutually Exclusive Service Selection A SESM configurat ion op tion c ontrol s the SESM action when a su bscriber is a lread y logge d int o one service and the n selects another service in the group: • SESM can a utomaticall [...]
-
Seite 48
6-10 Cisco 10000 Serie s Router Servic e Se lection Gate way Co nfiguration Guide OL-4387-02 Chapter 6 Service C onnect ion Mutually Exclusive Ser vice Selecti on[...]
-
Seite 49
C HAPTER 7-1 Cisco 10000 S eries Router S ervice Selecti on Gateway Conf iguration Gui de OL-4387-02 7 Service Profiles and Cached Service Profiles The RA DIUS se rver or the SESM downloa ds servi ce pro files to the Ci sco 1000 0 ser ies rou ter ( SSG node) as needed . T ypically , the SSG remov es the servi ce prof ile from memory afte r the user[...]
-
Seite 50
7-2 Cisco 10000 Serie s Router Servic e Se lection Gate way Co nfiguration Guide OL-4387-02 Chapter 7 Service Profiles and C ached Service Profiles Service Profi les Upstream Acce ss Con trol List Specif ies ei ther an IOS standard acc ess contro l list or a n exte nded acc ess control li st to be applied to upstrea m traffic coming from the user .[...]
-
Seite 51
7-3 Cisco 10000 S eries Router S ervice Selecti on Gateway Conf iguration Gui de OL-4387-02 Chapter 7 Serv ice Profiles and Cached Serv ice Profiles Service Profiles Service-Defined Cookie Enabl es you to includ e user -def ined inf ormati on in RADIUS aut henticati on and acco unting reque sts. Service-Info = “ Vstrin g ” Note • SSG does not[...]
-
Seite 52
7-4 Cisco 10000 Serie s Router Servic e Se lection Gate way Co nfiguration Guide OL-4387-02 Chapter 7 Service Profiles and C ached Service Profiles Cached S ervice Profiles If the SESM web applica tion is designed to use HTML frames, then this attribu te also specifi es whether the serv ice is displa yed in a ne w bro wser windo w or in a fram e in[...]
-
Seite 53
7-5 Cisco 10000 S eries Router S ervice Selecti on Gateway Conf iguration Gui de OL-4387-02 Chapter 7 Serv ice Profiles and Cached Serv ice Profiles Cached Service Profiles • If the servi ce prof ile e xists and it is ac ti ve, SSG us es the service p rofi le to process th e logon request. • If the ser vice prof ile e xists, b ut it is inac ti [...]
-
Seite 54
7-6 Cisco 10000 Serie s Router Servic e Se lection Gate way Co nfiguration Guide OL-4387-02 Chapter 7 Service Profiles and C ached Service Profiles Cached S ervice Profiles[...]
-
Seite 55
C HAPTER 8-1 Cisco 10000 S eries Router S ervice Selecti on Gateway Conf iguration Gui de OL-4387-02 8 SSG Hierarchical Policing The SSG Hierarchical Po licing feature ensure s that a subscriber does not utilize additio nal bandwidth for o verall ser vice or for a specifi c service that is outside the bounds of the subscriber’ s contract with the[...]
-
Seite 56
8-2 Cisco 10000 Serie s Router Servic e Se lection Gate way Co nfiguration Guide OL-4387-02 Chapter 8 SSG Hierar chical P olicing Restrictions for SSG Hie rarchical Policing Restrictions for SSG Hierarchical Policing The SS G Hier arch ical Polic ing feat ure has the fo llowing restric tions : • When using SSG hierarchical policin g on Cisco 1000[...]
-
Seite 57
8-3 Cisco 10000 S eries Router S ervice Selecti on Gateway Conf iguration Gui de OL-4387-02 Chapter 8 SSG Hierarc hical Policing Configuration Examples for SSG Hierarchical Policing Configuration E xamples for SSG Hiera rchical Policing Example 8-1 Configur in g a RADIUS Service Profile for P er -Session Pol icing Router(config)# local-profile cisc[...]
-
Seite 58
8-4 Cisco 10000 Serie s Router Servic e Se lection Gate way Co nfiguration Guide OL-4387-02 Chapter 8 SSG Hierar chical P olicing Configur ation Examp les for SSG Hierar chical Pol icing[...]
-
Seite 59
C HAPTER 9-1 Cisco 10000 S eries Router S ervice Selecti on Gateway Conf iguration Gui de OL-4387-02 9 Interface Configuration When an inter face i s conf igured as a n SSG uplink or d own link interf ace, non-SSG traff ic is not allo wed to pass through th e interf ace. Y ou conf igure inte rfaces tha t are connecte d to services as uplink interf [...]
-
Seite 60
9-2 Cisco 10000 Serie s Router Servic e Se lection Gate way Co nfiguration Guide OL-4387-02 Chapter 9 Interface Co nfiguration Transpar ent Passt hrough Access S ide Interfa ces For access side int erfaces, t he interf ace t ype determines t he method used to indicate an interfa ce as SSG or transparent passthroug h. If you enable SSG glob ally , S[...]
-
Seite 61
9-3 Cisco 10000 S eries Router S ervice Selecti on Gateway Conf iguration Gui de OL-4387-02 Chapter 9 Interface Configurat ion Multicast Protocols on SSG Interfaces Network Side Interfaces For network side inte rfaces, SSG up link interfa ces can ac cept and for ward both SSG traff ic and transp arent passth rough tr af fic . The SSG softw are clas[...]
-
Seite 62
9-4 Cisco 10000 Serie s Router Servic e Se lection Gate way Co nfiguration Guide OL-4387-02 Chapter 9 Interface Co nfiguration Multicas t Protocols on SSG Interfa ces Configuration of Multicast Pr otocols on SSG Interfaces For SSG to fo rward mu lticast pack ets to the Cisco IOS routing engine, conf igure the follo wing: • Conf igure the interf a[...]
-
Seite 63
C HAPTER 10-1 Cisco 10000 S eries Router S ervice Selecti on Gateway Conf iguration Gui de OL-4387-02 10 SSG TCP Redirect The SSG TCP Red irect feature r edirect s cert ain user pack ets to an a lternati v e loca tion th at can handle the pack ets in a suita ble manner . This feature w orks in c onjunction with th e SESM web int erface. SSG TCP Red[...]
-
Seite 64
10-2 Cisco 10000 Serie s Router Servic e Se lection Gate way Co nfiguration Guide OL-4387-02 Chapter 10 SSG TC P Redi rect The SSG T CP Redire ct feat ure always send s redire cted packets to a capt i ve portal group tha t consist s of one or more servers. SSG selects one server from the gro up in a rou nd-robin fashion to rece i ve the redir ected[...]
-
Seite 65
10-3 Cisco 10000 S eries Router S ervice Selecti on Gateway Conf iguration Gui de OL-4387-02 Chapter 10 SSG TCP Redirect Figur e 1 0-1 Restr icting Access t o Networ ks w ithin A uthor ized Services The fo llowing describes th e behavior of redi rection for unauth oriz ed service s: • If a pack et arri ves f rom an unautho rized SSG user o r it i[...]
-
Seite 66
10-4 Cisco 10000 Serie s Router Servic e Se lection Gate way Co nfiguration Guide OL-4387-02 Chapter 10 SSG TC P Redi rect T ypically , if a serv ice is con nected, SSG fo rwar ds pack ets to a user and pa cke ts from a user e ve n if the packets do not mat ch the pro tocol and TC P ports speci fied for redirect ion. Howev er , the behavior of init[...]
-
Seite 67
10-5 Cisco 10000 S eries Router S ervice Selecti on Gateway Conf iguration Gui de OL-4387-02 Chapter 10 SSG TCP Redirect The foll owin g sections describe the se tasks in more deta il: • Configuration Consid eration s for SSG T CP Redir ect, pa ge 10-5 • Conf iguring Po rt-Based Redi rection for U nauthe nticat ed Use rs, pag e 10- 5 • Limiti[...]
-
Seite 68
10-6 Cisco 10000 Serie s Router Servic e Se lection Gate way Co nfiguration Guide OL-4387-02 Chapter 10 SSG TC P Redi rect Configuring SSG TC P Redirect T o c onfigure SSG TCP R edire ct, use the f ollowing co mmand s beginnin g in glob al configurati on mod e: For more detailed informatio n, refer to the SSG TCP Redir e ct for Services , Release 1[...]
-
Seite 69
10-7 Cisco 10000 S eries Router S ervice Selecti on Gateway Conf iguration Gui de OL-4387-02 Chapter 10 SSG TCP Redirect Configuration Example s for SSG TCP R edirect This sec tion pro vides the follo wing examp le conf igurations: • Configurati on Exam ple fo r Ser ver Groups, pag e 10-7 • Configurati on Exampl e for Network Lists, pag e 10-7 [...]
-
Seite 70
10-8 Cisco 10000 Serie s Router Servic e Se lection Gate way Co nfiguration Guide OL-4387-02 Chapter 10 SSG TC P Redi rect Configuration Example for Po rt Lists Exam ple 10 -5 sh o ws how to configure a port l ist named ports fo r TCP redi rectio n of HTTP p ackets and associ ate the po rt list to the serv er g roups na med servi ceRedir ect1 and i[...]
-
Seite 71
C HAPTER 11-1 Cisco 10000 S eries Router S ervice Selecti on Gateway Conf iguration Gui de OL-4387-02 11 Miscellaneous SSG Fe atures This chapte r describes the follo wing SSG feature s: • VPI/VCI St atic Bindin g to a Service Profile, page 11-1 • RADIUS V irt ual C ircui t Loggin g, pa ge 11 -2 • AAA Server Gr oup Support fo r Proxy Service [...]
-
Seite 72
11-2 Cisco 10000 Serie s Router Servic e Se lection Gate way Co nfiguration Guide OL-4387-02 Chapte r 11 Miscellane ous SSG F eatures RADIUS Virtua l Circuit Logging RADIUS Virtual Circuit Logging RADIUS V irtual Circuit ( VC) Logging extends and modifies the RADIUS network access server (NAS) port field to ca rry V PI/VCI in format ion. With RADI [...]
-
Seite 73
11-3 Cisco 10000 S eries Router S ervice Selecti on Gateway Conf iguration Gui de OL-4387-02 Chapter 1 1 Miscellaneo us SSG Feat ures Packet Fil tering Configuration of AAA Server Gr oup Support for Proxy Services T o configure AAA Serv er Group Supp ort for Proxy Services, use the RADIUS Server attribute . This Service-In fo ve ndor- specif ic att[...]
-
Seite 74
11-4 Cisco 10000 Serie s Router Servic e Se lection Gate way Co nfiguration Guide OL-4387-02 Chapte r 11 Miscellane ous SSG F eatures Packet Fi ltering Downstrea m Access Control List—o utacl Specif ies either a Cisco I OS standa rd A CL or an e xtended A CL to be appl ied to d o wnstre am traf fic goin g to the user . Cisco-AVpair = "ip:out[...]
-
Seite 75
11-5 Cisco 10000 S eries Router S ervice Selecti on Gateway Conf iguration Gui de OL-4387-02 Chapter 1 1 Miscellaneo us SSG Feat ures SSG Unco nfig Configuration of Packet Filt ering T o conf igur e SSG A CLs, us e the foll o wing Cisco -A V pair attrib utes: • Do wnstream Acces s Contro l List (outac l) Cisco-AVpair = "ip:outacl [ # numbe r[...]
-
Seite 76
11-6 Cisco 10000 Serie s Router Servic e Se lection Gate way Co nfiguration Guide OL-4387-02 Chapte r 11 Miscellane ous SSG F eatures SSG Uncon fig Prerequisites for SSG Unconfig Y ou must en able SSG be fore you con f igure SSG Unconfig. Configuration of SSG Unconfig T o c onfigure SSG Unco nfig, perform any of the fol lowing option al tasks: • [...]
-
Seite 77
11-7 Cisco 10000 S eries Router S ervice Selecti on Gateway Conf iguration Gui de OL-4387-02 Chapter 1 1 Miscellaneo us SSG Feat ures SSG Enh ancements for Overla pping S ervices SSG Enhancemen ts for Overlapping Services Ove rlapping service s are services for which the rou te pref ix of one service match es or is contained within the rout e prefi[...]
-
Seite 78
11-8 Cisco 10000 Serie s Router Servic e Se lection Gate way Co nfiguration Guide OL-4387-02 Chapte r 11 Miscellane ous SSG F eatures SSG Enhanc ements for Overlapping Services Because network se ts for services m ust be uniqu e, the f ollow ing netwo rk sets are d efi ned internally: Set1 0.0.0.0 /0.0.0. 0 Set2 10.58 .253.0/255 .255. 255.0 Set3 10[...]
-
Seite 79
11-9 Cisco 10000 S eries Router S ervice Selecti on Gateway Conf iguration Gui de OL-4387-02 Chapter 1 1 Miscellaneo us SSG Feat ures SSG Enh ancements for Overla pping S ervices The serv ice translat ion mech anism then in ternally con verts the ser vices to t he fol lo wing sets: Serv ice B ronze _25 6 Set1 Service Sil ver_512 Set1 and set2 The s[...]
-
Seite 80
11-10 Cisco 10000 Serie s Router Servic e Se lection Gate way Co nfiguration Guide OL-4387-02 Chapte r 11 Miscellane ous SSG F eatures SSG Enhanc ements for Overlapping Services Configuration of Service Translation T o enable ser vice trans lation on the rou ter , enter the fol low ing comm and in gl obal con fi guration mode: Configuration Example[...]
-
Seite 81
11-11 Cisco 10000 S eries Router S ervice Selecti on Gateway Conf iguration Gui de OL-4387-02 Chapter 1 1 Miscellaneo us SSG Feat ures SSG Enh ancements for Overla pping S ervices Service B_512 Set2, set3, and set4 Servic e C_2048 Set2, set3, and set4 Servic e D_1024 Set2 Expansio n of Service IDs The Cisco 10000 router us es service IDs to determi[...]
-
Seite 82
11-12 Cisco 10000 Serie s Router Servic e Se lection Gate way Co nfiguration Guide OL-4387-02 Chapte r 11 Miscellane ous SSG F eatures SSG Enhanc ements for Overlapping Services Netw ork Set s: Set1 0.0.0.0 /0.0.0. 0 Set2 10.58.25 2.0/ 255.25 5.255. 0 Set3 10.58.25 3.0/ 255.25 5.255. 0 Set4 10.58.25 4.0/ 255.25 5.255. 0 Set5 10.58.10 2.6/ 255.25 5.[...]
-
Seite 83
C HAPTER 12-1 Cisco 10000 S eries Router S ervice Selecti on Gateway Conf iguration Gui de OL-4387-02 12 Monitoring and Maintaining SSG T o monitor and maintain SSG, use the follow ing commands in pr iv ilege d EXEC mode: Command Purpose Router# show ssg interface [ interface-number | brief ] Displays a list of all SSG interf aces, the bind directi[...]
-
Seite 84
12-2 Cisco 10000 Serie s Router Servic e Se lection Gate way Co nfiguration Guide OL-4387-02 Chapter 12 Monitoring and Maintaining SSG Troubles hooting RA DIUS Troubleshooting RADIUS T o troubleshoot communic ation between the RADIUS server and SSG, enter the deb ug radius comm and in privileged EXEC mode. Per-Service Statistics The Ci sco 100 00 s[...]
-
Seite 85
12-3 Cisco 10000 S eries Router S ervice Selecti on Gateway Conf iguration Gui de OL-4387-02 Chapter 12 Moni toring and Mai ntaining SSG Monitoring the Parallel Express Forwarding Engine Monitoring the Pa rallel Exp ress Forwarding E ngine T o moni tor the parall el ex pre ss forw ard ing (PXF ) engi ne, us e the fol lo wi ng comm ands in pri vi le[...]
-
Seite 86
12-4 Cisco 10000 Serie s Router Servic e Se lection Gate way Co nfiguration Guide OL-4387-02 Chapter 12 Monitoring and Maintaining SSG Monito ring the Para llel Expre ss Forw arding Engi ne[...]
-
Seite 87
A- 1 Cisco 10000 S eries Rout er Service Sel ection Gateway C onfigur ation Guide OL-4387-02 APPEND IX A SSG Configuration Example Exam ple A-1 is a sa mple SSG c onfiguration for the C isco 100 00 series router ba sed on t he topol ogy in Figure A-1 . The config uration in cludes AAA, PPP , SSG, and RADIUS. The SSG co nfig uration enables the Port[...]
-
Seite 88
A- 2 Cisco 10000 Serie s Router Servic e Se lection Gate way Co nfiguration Guide OL-4387-02 Appendix A SSG Con figurati on Example Example A -1 Cis co 1 00 0 0 Rout er SSG Configur ation ! version 12.2 no service pad service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone no servi[...]
-
Seite 89
A-3 Cisco 10000 Series R outer Ser vice Select ion Gateway Conf igurati on Guide OL-4387-02 Append ix A SSG Configuratio n Exampl e ssg accounting interval 300 ssg profile-cache ssg default-network 192.168.2.50 255.255.255.255 ssg service-password servicecisco ssg radius-helper auth-port 1812 acct-port 1813 ssg radius-helper key cisco ssg maxservic[...]
-
Seite 90
A- 4 Cisco 10000 Serie s Router Servic e Se lection Gate way Co nfiguration Guide OL-4387-02 Appendix A SSG Con figurati on Example interface FastEthernet0/0/0 description Connected to LAB Backbone ip address 192.168.2.60 255.255.255.0 no ip route-cache cef full-duplex ! interface GigabitEthernet1/0/0 no ip address no negotiation auto ! interface G[...]
-
Seite 91
A-5 Cisco 10000 Series R outer Ser vice Select ion Gateway Conf igurati on Guide OL-4387-02 Append ix A SSG Configuratio n Exampl e interface ATM8/0/1 no ip address shutdown no atm ilmi-keepalive ! interface ATM8/0/2 no ip address shutdown no atm ilmi-keepalive ! interface ATM8/0/3 no ip address shutdown no atm ilmi-keepalive ! interface Virtual-Te[...]
-
Seite 92
A- 6 Cisco 10000 Serie s Router Servic e Se lection Gate way Co nfiguration Guide OL-4387-02 Appendix A SSG Con figurati on Example exec-timeout 0 0 password lab ! ntp clock-period 17181406 ntp update-calendar end[...]
-
Seite 93
B-1 Cisco 10000 S eries Rout er Service Sel ection Gateway C onfigur ation Guide OL-4387-02 APPEND IX B SSG Implementation Notes Ta b l e B - 1 prov ides information about ho w SSG is implemented on the Cisco 10000 ser ies router. F or additional information about g eneral SSG limitations, see the “SSG Restrictions” section on page 1-4 , the ?[...]
-
Seite 94
B-2 Cisco 10000 Serie s Router Servic e Se lection Gate way Co nfiguration Guide OL-4387-02 Appendix B SSG Implementation Notes Local F orw arding Cann ot be enable d or disa bled through th e CLI. Only sev en serv ices ( network sets ) can be bo und to an u plink inter face. If a service cannot be cre ated on the toaster , then no connection is cr[...]
-
Seite 95
B-3 Cisco 10000 Series R outer Ser vice Select ion Gateway Conf igurati on Guide OL-4387-02 Append ix B SSG Implemen tation N otes RADI US Proxy N ot Su ppor ted. Se r v i ce P r o fi l es MTU Size Attribute—In Directory Enabled Serv ice Se lection Subscription (DESS) mode, SESM does no t support the use o f the MTU Size attribute. Service-Define[...]
-
Seite 96
B-4 Cisco 10000 Serie s Router Servic e Se lection Gate way Co nfiguration Guide OL-4387-02 Appendix B SSG Implementation Notes[...]
-
Seite 97
GL-1 Cisco 10000 Series R outer Ser vice Select ion Gateway Conf igurati on Guide OL-4387-02 GLOSSAR Y A authentication A security feat ure that allows access to informa tion to be gr anted on an individual basis. B bandwidth The range of fr equenc ies a tra nsmission line or ch annel ca n car ry . The gr eater the ban dwidth, the greater the inf o[...]
-
Seite 98
Glos sary GL-2 Cisco 10000 Serie s Router Servic e Se lection Gate way Co nfiguration Guide OL-4387-02 E encaps ulation The techniq ue used by layered protoc ols in whic h a layer adds header in format ion to the pro tocol data unit (PDU) from t he layer abov e. Ethernet One of the most co mmon loca l area networ k (LAN) w iring sche mes, Ethe rnet[...]
-
Seite 99
Glossary GL-3 Cisco 10000 Series R outer Ser vice Select ion Gateway Conf igurati on Guide OL-4387-02 P permanent virtual circui t A fix ed virtua l circuit between two users. Th e public data netwo rk equi v alent of a leased lin e. No call setup or clea ring pr ocedur es are ne eded. point-to-point subinterfac e W ith point-to- point subin terfac[...]
-
Seite 100
Glos sary GL-4 Cisco 10000 Serie s Router Servic e Se lection Gate way Co nfiguration Guide OL-4387-02 PVP Permanent vir tual path. V irtual path that con sists of PVCs. PXF Pa ralle l Exp ress F orwar ding. Also re ferred to as fast forwar der . A pipelined, multiprocessor parallel packet engi ne, optim ized for fast packet for warding . R RADIUS [...]
-
Seite 101
Glossary GL-5 Cisco 10000 Series R outer Ser vice Select ion Gateway Conf igurati on Guide OL-4387-02 T TCP Connec tion-oriented tr ansport lay er protocol that pro vides reliabl e full-duple x data transmission. TCP is part of the T CP/IP protocol stack. turbo access control list A function of th e PXF pipeline tha t determines whet her a packet m[...]
-
Seite 102
Glos sary GL-6 Cisco 10000 Serie s Router Servic e Se lection Gate way Co nfiguration Guide OL-4387-02 X xDSL V arious t ypes o f digit al sub scrib er line s. Exam ples includ e ADSL, H DLS, an d VDSL.[...]
-
Seite 103
IN-1 Cisco 10000 Series R outer Ser vice Select ion Gateway Conf igurati on Guide OL-4387-02 INDEX A aaa gr oup ser ver ra dius co mmand 6-4 AAA ser vers, pr oxy serv ices 11-2, 11-3 acces s-side inter faces 9-2 accou nting for SS G 4-1 to 4-4 accou nting reco rds (RADIUS) 4-2, 4-3 Account Session Time (Att ribute 46) 3-4 Acct-In fo a ttribut e 6-9[...]
-
Seite 104
Index IN-2 Cisco 10000 Serie s Router Servi ce Selection Gate way Configuratio n Guide OL-4387-02 downl oa d exclud e-pro fil e 6-8 no ss g ena ble fo rce-clea nup 11-5 PXF 12-3 show pxf cpu ac cess-lists 12-3 pxf cpu buffe rs 12-3 pxf cp u cef 12-3 pxf cp u cef me mory 12-3 pxf cpu conte xt 12-3 pxf cpu mrou te 12-3 pxf cpu queu e 12-3 pxf cpu sch[...]
-
Seite 105
Inde x IN-3 Cisco 10000 Series R outer Ser vice Select ion Gateway Conf igurati on Guide OL-4387-02 network-si de 9-3 transparent pa ssthrough 9-1 Intern et Protocol G-2 ISP G-2 L L2TP implemen tation notes B-1 local fo rwarding, implementation notes B-2 logging in to SSG 3-1 logging o n to SSG se rvices 7-4, 7-5 login RADIUS 4-2 logon implemen tat[...]
-
Seite 106
Index IN-4 Cisco 10000 Serie s Router Servi ce Selection Gate way Configuratio n Guide OL-4387-02 PPPoE definition G- 3 PPPoEoA, definition G-3 PPPoE over Ethernet G-3 PPPoE over IEEE 802 .1Q VLAN definition G- 3 PPPoX G-3 PPP terminated aggregation definition G- 3 PPP terminated aggregation. See PTA PPP termina ted aggregation multidomai n. See PT[...]
-
Seite 107
Inde x IN-5 Cisco 10000 Series R outer Ser vice Select ion Gateway Conf igurati on Guide OL-4387-02 Port-Bun dle Host Ke y 6-6, 6-8 Prepaid 6-4 Servic e-Defin ed Co okie at tribute 7-3 Service De scription att ribute 7-3 servic e groups 6-8 service IDs, network sets 11-11, 11-12 Servic e Mode attribute 7-3 Service Ne xt-Hop G ateway attr ibute 7-3 [...]
-
Seite 108
Index IN-6 Cisco 10000 Serie s Router Servi ce Selection Gate way Configuratio n Guide OL-4387-02 interfac es 1-3, 9-1, 9-3, 9-4 logon a nd log off 3-1 network a ccess 6-8 Open Gard en 6-5, 6-6 open gard en G-2 packet f iltering 11-3, 11-4, 11-5 Port-Bun dle Host Ke y 6-6, 6-8 prepaid i dle timeout 3-3, 3-5, 3-6 prepaid serv ices 6-4, 6-5 protoc ol[...]
-
Seite 109
Inde x IN-7 Cisco 10000 Series R outer Ser vice Select ion Gateway Conf igurati on Guide OL-4387-02 VPI G-5 VPI/VCI implemen tation notes B-3 service prof iles 11-1 subscr ib er 11-2 VRF G-5 VSA definition G- 5 W web service sele ction 5-2 web sites acce ssing thr ough Open Gard en 6-5, 6-6 X xDSL G-6[...]
-
Seite 110
Index IN-8 Cisco 10000 Serie s Router Servi ce Selection Gate way Configuratio n Guide OL-4387-02[...]