Support User Manuals

Cisco Systems OL-4387-02 Network Router User Manual

Open as PDF

of 110

6-6

Cisco 10000 Series Router Service Selection Gateway Configuration Guide

OL-4387-02

Chapter6 Service Connection

SSG Port-Bundle Host Key

Restrictions for SSG Open Garden

The SSG Open Garden feature has the following restrictions:

• RADIUS accounting records are not created for Open Garden services.

• The Cisco 10000 router supports the creation of Open Garden services by using local profiles only;

you cannot use RADIUS profiles.

• The Cisco 10000 router does not support overlapping Open Garden service networks.

Configuration of SSG Open Garden

To designate a service as an Open Garden service, use the ssg open-garden command in global

configuration mode. For more information on configuring an Open Garden, refer to the

SSG Open Garden, Release 12.2(4)B feature module.

Configuration Example for SSG Open Garden

The following example defines two services named og1 and og2 and adds them to the Open Garden.

!

ssg open-garden og1

ssg open-garden og2

!

local-profile og1

attribute 26 9 251 “Oopengarden1.com”

attribute 26 9 251 “D10.13.1.5”

attribute 26 9 251 “R10.1.1.0;255.255.255.0

local-profile og2

attribute 26 9 251 “Oopengarden2.com”

attribute 26 9 251 “D10.14.1.5”

attribute 26 9 251 “R10.2.1.0;255.255.255.0”

attribute 26 9 251 “R10.3.1.0;255.255.255.0”

!

ssg bind service og2 10.5.5.1

SSG Port-Bundle Host Key

The SSG Port-Bundle Host Key feature enhances communication and functionality between SSG and

SESM by introducing a mechanism that uses the host source IP address and source port to identify and

monitor subscribers.

With the SSG Port-Bundle Host Key feature, SSG performs port-address translation (PAT) and

network-address translation (NAT) on the HTTP traffic between the subscriber and the SESM server.

When a subscriber sends an HTTP packet to the SESM server, SSG creates a port map that changes the

source IP address to a configured SSG source IP address and changes the source TCP port to a port

allocated by SSG. SSG assigns a bundle of ports to each subscriber because one subscriber can have

several simultaneous TCP sessions when accessing a web page. The assigned host key, or combination

of port-bundle and SSG source IP address, uniquely identifies each subscriber. The host key is carried

in RADIUS packets sent between the SESM server and SSG in the Subscriber IP vendor-specific

attribute (VSA). When the SESM server sends a reply to the subscriber, SSG translates the destination

IP address and destination TCP port according to the port map.

previous next