Cisco Systems OL-4387-02 Network Router User Manual

Open as PDF

of 110

11-3

Cisco 10000 Series Router Service Selection Gateway Configuration Guide

OL-4387-02

Chapter 11 Miscellaneous SSG Features

Packet Filtering

Configuration of AAA Server Group Support for Proxy Services

To configure AAA Server Group Support for Proxy Services, use the RADIUS Server attribute. This

Service-Info vendor-specific attribute (VSA) is used to specify the remote RADIUS servers that SSG

uses to authenticate and authorize a service login for a proxy service type.

The RADIUS Server attribute has the following syntax:

Service-Info =

SRadius-server-address

;

auth-port

;

acct-port

;

secret-ke

y[;

retrans

;

timeout

;

deadtim

e]"

For more information, refer to the Service Selection Gateway, Release 12.2(15)B feature module.

Configuration Example for AAA Server Group Support for Proxy Services

The following example shows how to configure the RADIUS Server attribute to specify the remote

RADIUS servers SSG uses for authentication and authorization of service login for a proxy service type:

Service-Info = "S192.168.1.1;1645;1646;cisco"

Packet Filtering

The Cisco 10000 series router supports per-user access control lists (ACLs) to prevent users from

accessing specific IP addresses and ports. When an ACL attribute is added to a user profile, the attribute

applies globally to all the user’s traffic.

User profiles define the services and service groups to which a user is subscribed. RADIUS user profiles

contain a password, a list of subscribed services and groups, access control lists, and timeouts. User

profiles are configured on the RADIUS server or directly on the Cisco 10000 series router. The RADIUS

server or SESM downloads the user profiles to the router. For more information about RADIUS user

profiles and the attributes included in them, refer to the Service Selection Gateway, Release 12.2(15)B

feature module.

SSG accepts Cisco IOS ACLs and SSG ACLs. SSG ACLs take precedence over Cisco IOS ACLs when

both Cisco IOS and SSG ACLs are configured on the same SSG interface. The following Cisco-AV pair

attributes are used to specify either a Cisco IOS standard ACL or an extended ACL to be applied to either

downstream or upstream traffic:

• Downstream Access Control List—outacl, page 11-4

• Upstream Access Control List—inacl, page 11-4

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems OL-4387-02 Network Router User Manual