Filter
Top Products
B-3
Cisco 10000 Series Router Service Selection Gateway Configuration Guide
OL-4387-02
Appendix B SSG Implementation Notes
RADIUS Proxy Not Supported.
Service Profiles MTU Size Attribute—In Directory Enabled Service Selection Subscription (DESS)
mode, SESM does not support the use of the MTU Size attribute.
Service-Defined Cookie Attribute—SSG does not parse or interpret the value of this
attribute. You must configure the proxy RADIUS server to interpret this attribute.
A RADIUS service profile supports only one Service-Defined Cookie.
SMTP Redirect Not supported, even if it is configured.
TCP Redirect Supported to default network only. User traffic to services might be dropped,
even if it does not match a redirect port.
Network-specific redirects do not work unless the network is part of an exclude
network or part of an active service. As a workaround, use redirects based on
service name.
The authentication feature applies only to non-PPP users. PPP users are always
authenticated as part of the PPP negotiation process. PPP users logging off from
SESM are also redirected.
Initial Captivation—If the packet matches the redirection filter, the packet is
subject to initial captivation and is redirected. If the packet does not match the
redirection filter, the packet is not subject to initial captivation and is dropped.
Also see the “Restrictions for SSG TCP Redirect” section on page 10-4.
Transparent
Passthrough
Supported only for traffic to the user (host). Not supported for traffic from the
user (host). Use Open Garden to allow SSG hosts access to certain networks.
Unauthorized downstream traffic is always allowed, but unauthorized upstream
traffic from an SSG host is dropped.
Unsupported
Features
If an unsupported feature (such as NAT) is applied to an SSG connection, the
router does not reject the connection; however, the feature is not applied to traffic
over the connection.
VPI/VCI Static
Binding to a
Service Profile
The feature applies only to PPP sessions.
You must statically configure the feature.
SESM cannot map the VC to the service.
Table B-1 SSG Implementation Notes for the Cisco 10000 Router (continued)
SSG Feature Implementation Notes