SSG Service Profile Caching

Similar documents
BGP Enforce the First Autonomous System Path

OSPF Incremental SPF

Suppress BGP Advertisement for Inactive Routes

IS-IS Incremental SPF

PPPoE Session Recovery After Reload

DHCP Lease Limit per ATM/RBE Unnumbered Interface

RADIUS NAS-IP-Address Attribute Configurability

IMA Dynamic Bandwidth

Generic Routing Encapsulation Tunnel IP Source and Destination VRF Membership

Configuring Multiple Basic Service Set Identifiers and Microsoft WPS IE SSIDL

VPDN Group Session Limiting

DHCP Option 82 Support for Routed Bridge Encapsulation

Logging to Local Nonvolatile Storage (ATA Disk)

PPPoE Client DDR Idle Timer

QoS Child Service Policy for Priority Class

PPP/MLP MRRU Negotiation Configuration

OSPF RFC 3623 Graceful Restart Helper Mode

Per IP Subscriber DHCP Triggered RADIUS Accounting

Configuring an Intermediate IP Multicast Helper Between Broadcast-Only Networks

RADIUS Tunnel Preference for Load Balancing and Fail-Over

Cisco Unity Express Voic System User s Guide

Troubleshooting ISA with Session Monitoring and Distributed Conditional Debugging

Modified LNS Dead-Cache Handling

IP SLAs Random Scheduler

ISSU and SSO DHCP High Availability Features

Installing IEC Rack Mounting Brackets on the ONS SDH Shelf Assembly

Protocol-Independent MAC ACL Filtering on the Cisco Series Internet Router

Configuring ISA Accounting

MPLS MTU Command Changes

Route Processor Redundancy Plus (RPR+)

VPDN LNS Address Checking

Configuring Route Maps to Control the Distribution of MPLS Labels Between Routers in an MPLS VPN

Cisco Voice Applications OID MIB

Contextual Configuration Diff Utility

Extended NAS-Port-Type and NAS-Port Support

PPPoE Session Limits per NAS Port

Frame Relay Conditional Debug Support

DHCP ODAP Server Support

This feature was introduced. This feature was integrated into Cisco IOS Release 12.2(27)SBA.

DHCP Relay MPLS VPN Support

Configuring the Cisco IOS DHCP Relay Agent

Packet Classification Using the Frame Relay DLCI Number

Autosense of MUX/SNAP Encapsulation and PPPoA/PPPoE on ATM PVCs

Cisco Smart Business Communications System Teleworker Set Up

Using Application Level Gateways with NAT

IP Event Dampening. Feature History for the IP Event Dampening feature

RADIUS Logical Line ID

Application Firewall Instant Message Traffic Enforcement

BECN and FECN Marking for Frame Relay over MPLS

Cisco Software Licensing Information for Cisco Unified Communications 500 Series for Small Business

PPPoE Service Selection

Cisco 806, Cisco 820 Series, Cisco 830 Series, SOHO 70 Series and SOHO 90 Series Routers ROM Monitor Download Procedures

Wireless LAN Error Messages

Configuring MPLS Multi-VRF (VRF-lite)

Cisco Report Server Readme

Cisco Aironet Directional Antenna (AIR-ANT-SE-WiFi-D)

Wireless LAN Overview

Exclusive Configuration Change Access and Access Session Locking

PPPoE Agent Remote-ID and DSL Line Characteristics Enhancement

Chunk Validation During Scheduler Heapcheck

Connecting Cisco DSU/CSU High-Speed WAN Interface Cards

Configuring Token Ring LAN Emulation for Multiprotocol over ATM

Installing the Cisco ONS Deep Door Kit

RSVP Message Authentication

Configuring Virtual Interfaces

Low Latency Queueing with Priority Percentage Support

White Paper: Using Microsoft Windows Server 2003 with Cisco Unity 4.0(4)

Cisco Unified MeetingPlace for Microsoft Office Communicator

ATM VP Average Traffic Rate

MPLS VPN: VRF Selection Based on Source IP Address

Release Notes for Cisco Aironet Client Utility and Driver, Version 3.0 for Mac OS

LAN Emulation Overview

Maintenance Checklists for Cisco Unity VPIM Networking (with Microsoft Exchange)

IP SLAs Proactive Threshold Monitoring

MPLS VPN OSPF and Sham-Link Support

Configuring ISG VRF Transfer (Cisco IOS Release 12.2(28)SB)

Cisco Unified Mobile Communicator 3.0 User Portal Guide

Maintenance Checklists for Microsoft Exchange on a Cisco Unity System

QoS: Color-Aware Policer

Cisco Aironet 1500 Series Access Point Large Pole Mounting Kit Instructions

Configuration Replace and Configuration Rollback

Using Microsoft Outlook to Schedule and Join Cisco Unified MeetingPlace Express Meetings

Control Messages APPENDIX

Site Preparation and Network Communications Requirements

MPLS Traffic Engineering Fast Reroute Link Protection

Release Notes for Cisco Security Agent for Cisco Unified MeetingPlace Release 6.0(7)

Connecting Cisco 4-Port FXS/DID Voice Interface Cards

Connecting Cisco WLAN Controller Enhanced Network Modules to the Network

Cisco Video Surveillance Virtual Matrix Client Configuration Guide

Maintenance Checklists for Active Directory on a Cisco Unity System with Exchange as the Message Store

Cisco Unified CallConnector for Microsoft Windows 1.4 Mobility Service Quick Reference Guide

Support of Provisionable QoS for Signaling Traffic

This feature was introduced. This feature was integrated into Cisco IOS Release 12.2(27)SBA.

MPLS Traffic Engineering (TE) Scalability Enhancements

Protected URL Database

Release Notes for Cisco ONS MA Release 9.01

This module was first published on May 2, 2005, and last updated on May 2, 2005.

Corporate Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA USA

Cisco Unified Web and Interaction Manager Supervision Console User s Guide

Cisco BTS Softswitch Site Preparation and Network Communications Requirements, Release 6.0. Safety and Compliance

Transcription:

SSG Service Profile Caching The SSG Service Profile Caching feature enhances the authentication process for Service Selection Gateway services by allowing users to authenticate a service using the service profile cached in SSG. When SSG Service Profile Caching is not enabled, an authentication, authorization, and accounting (AAA) transaction is required to download a service profile each time an SSG subscriber logs onto the service. The other SSG subscribers already logged onto the service also have their service parameters automatically refreshed as a result of this AAA transaction. In many cases, this automatic refresh causes unnecessary traffic in SSG and on the AAA server. Feature History for the SSG Service Profile Caching Feature Release 12.2(15)B 12.3(4)T Modification This feature was introduced. This feature was integrated into Cisco IOS Release 12.3(4)T Finding Support Information for Platforms and Cisco IOS Software Images Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear. Contents Prerequisites for SSG Service Profile Caching, page 2 Information About SSG Service Profile Caching, page 2 Information About SSG Service Profile Caching, page 2 How to Configure SSG Service Profile Caching, page 2 Configuration Examples for SSG Service Profile Caching, page 7 Additional References, page 8 Command Reference, page 10 Corporate Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA Copyright 2003 Cisco Systems, Inc. All rights reserved.

Prerequisites for SSG Service Profile Caching SSG Service Profile Caching Prerequisites for SSG Service Profile Caching SSG must be configured. For a list of prerequisites for SSG, see the Prerequisites section of the Service Selection Gateway document. Information About SSG Service Profile Caching To configure SSG Service Profile Caching, you should understand the following concepts: How SSG Service Profile Caching Works, page 2 Benefits of SSG Service Profile Caching, page 2 How SSG Service Profile Caching Works The SSG Service Profile Caching feature creates a cache of service profiles in SSG. A service profile is downloaded from the AAA server and then stored in the SSG service profile cache as a Service-Info object. Subsequent SSG subscribers hoping to use that service are authorized by the SSG service profile cache, provided that the service profile remains in the cache. To ensure that the service profiles in the SSG service profile cache are regularly updated, the SSG service profile cache automatically refreshes the service profiles by downloading the service profiles from the AAA server at user-configured intervals (the default is every 120 minutes). SSG service profile caches can also be refreshed at any time by user action. Service profiles that are not being used by any SSG subscriber are removed from the SSG service profile cache. Benefits of SSG Service Profile Caching Additional AAA Server Resources SSG service profile caching significantly reduces the number of SSG transactions with the AAA server, thereby freeing the AAA server from processing these transactions and freeing AAA server resources for other purposes. Additional Bandwidth for SSG and the AAA Server Because the SSG Service Profile Caching feature eliminates traffic used for authorizing users for service logon from the AAA server, additional bandwidth for SSG and the AAA server is available. How to Configure SSG Service Profile Caching This section contains the following procedures: Enabling SSG Service Profile Caching, page 3 Changing the SSG Service Profile Caching Refresh Interval, page 3 Refreshing the SSG Service Profile Cache Manually, page 4 Verifying SSG Service Profile Caching and Refresh: Example, page 7 2

SSG Service Profile Caching How to Configure SSG Service Profile Caching Enabling SSG Service Profile Caching SUMMARY STEPS DETAILED STEPS SSG service profile caching is enabled by default. If SSG service profile caching has been disabled, it can be re-enabled using the commands described in this section. 1. enable 2. configure terminal 3. use the ssg service-cache command Step 1 Step 2 Command or Action enable Router> enable configure terminal Purpose Enables higher privilege levels, such as privileged EXEC mode. Enter your password if prompted. Enters global configuration mode. Step 3 Router# configure terminal ssg service-cache Router(config)# ssg service-cache Enables caching of service profiles. Upon entering the command, all service profiles currently being used by SSG are cached in SSG. SSG service profiles are cached by default, so this command must be entered only if service profile caching has been disabled and has to be re-enabled. Changing the SSG Service Profile Caching Refresh Interval SUMMARY STEPS An SSG service profile refreshes by getting the service profile in the SSG service profile cache from the AAA server. The SSG service profile cache has a default refresh interval of 120 minutes. Use the commands in this section to change the refresh interval. 1. enable 2. configure terminal 3. ssg service-cache refresh-interval minutes 3

How to Configure SSG Service Profile Caching SSG Service Profile Caching DETAILED STEPS Step 1 Step 2 Command or Action enable Router> enable configure terminal Purpose Enables higher privilege levels, such as privileged EXEC mode. Enter your password if prompted. Enters global configuration mode. Step 3 Router# configure terminal ssg service-cache refresh-interval minutes Router(config)# ssg service-cache refresh-interval 160 Changes the refresh interval of the SSG service profile cache. The refresh interval is expressed in minutes. The refresh interval can be configured at any one-minute interval between 10 minutes and 34,560 minutes (24 days). The default refresh interval is 120 minutes. Refreshing the SSG Service Profile Cache Manually SUMMARY STEPS An SSG service profile refreshes by getting the service profile from the AAA server. The SSG service profile cache can be refreshed manually at any time by entering the command in this section. 1. enable 2. configure terminal 3. ssg service-cache refresh [service-name all] 4

SSG Service Profile Caching How to Configure SSG Service Profile Caching DETAILED STEPS Step 1 Step 2 Command or Action enable Router> enable configure terminal Purpose Enables higher privilege levels, such as privileged EXEC mode. Enter your password if prompted. Enters global configuration mode. Step 3 Router# configure terminal ssg service-cache refresh [service-name all] Router> ssg service-cache refresh service1 Causes the SSG service profile cache to be refreshed. The service-name variable specifies a specific SSG service profile in the service profile cache to refresh. The all option specifies that all service profiles in the service profile cache be refreshed. Verifying SSG Service Profile Caching Use the commands in this section to verify the SSG Service Profile Caching feature. SUMMARY STEPS 4. show ssg service service-name 5. show running-config DETAILED STEPS Step 1 Step 2 Command or Action show ssg service service-name Router> show ssg service service1 show running-config Router# show running-config Purpose Displays various information about an SSG service, including the time remaining for the specified service to refresh. Displays the running configuration. If no SSG service profile caching information is show in the running configuration output, SSG service profile caching is enabled since it is on by default. If SSG service profile caching has been disabled, the no ssg service-cache command should be visible in the show running-config output. 5

How to Configure SSG Service Profile Caching SSG Service Profile Caching How to Monitor and Maintain SSG Service Profile Caching SUMMARY STEPS DETAILED STEPS The command in this section can be used to monitor information relevant to the SSG Service Profile Caching feature. 1. use the show ssg service command 2. use the show ssg service service-name command Step 1 Step 2 Command or Action show ssg service Router> show ssg service show ssg service service-name Router> show ssg service service1 Purpose Displays which services are currently being used by SSG and are, therefore, part of the SSG service profile cache if SSG service profile caching is enabled. Displays various information about an SSG service, including the time remaining for the specified service to refresh. 6

SSG Service Profile Caching Configuration Examples for SSG Service Profile Caching Configuration Examples for SSG Service Profile Caching Enabling SSG Service Profile Caching: Example, page 7 Changing the SSG Service Profile Cache Refresh Interval: Example, page 7 Refreshing the SSG Service Profile Cache Manually: Example, page 7 Verifying SSG Service Profile Caching and Refresh: Example, page 7 Enabling SSG Service Profile Caching: Example In the following example, the caching of SSG service profiles is enabled: Router(config)# ssg service-cache enable Changing the SSG Service Profile Cache Refresh Interval: Example In the following example, the SSG service profile cache will refresh by getting all of the service profiles in the SSG service profile cache from the AAA server every 240 minutes: Router(config)# ssg service-cache refresh-interval 240 Refreshing the SSG Service Profile Cache Manually: Example Refreshing All SSG Service Profiles In the following example, all of the service profiles in the SSG service profile cache will be retrieved from the AAA server and will replace the service profiles in the SSG service profile cache: Router# ssg service-cache refresh all Refreshing a Specific SSG Service Profile In the following example, service profile service1 will be retrieved from the AAA server and will replace the current service1 profile in the SSG service profile cache: Router# ssg service-cache refresh service1 Verifying SSG Service Profile Caching and Refresh: Example The show ssg service command is used to verify SSG service profile caching and the time remaining until the next SSG service profile cache refresh. The Service Refresh timeleft output shows how much time remains until the next SSG service profile cache refresh. If this field is not displayed in the show ssg service output, SSG service profile caching is not enabled. Router# show ssg service passthru0 ------------------------ ServiceInfo Content ----------------------- Uplink IDB:Ethernet2/2 gw:0.0.0.0 Name:passthru0 Type:PASS-THROUGH Mode:CONCURRENT Service Session Timeout:0 seconds Service Idle Timeout:0 seconds Service refresh timeleft:57 minutes <cut> 7

Additional References SSG Service Profile Caching Additional References The following sections provide references related to the SSG Service Profile Caching feature. Related Documents Related Topic SSG commands SSG configuration tasks SESM Document Title Cisco IOS Wide-Area Networking Command Reference, Release 12.3 T Service Selection Gateway, 12.3(4)T new-feature document Service Selection Gateway Accounting Update Interval per Service, 12.2(13)T new-feature document Service Selection Gateway Hierarchical Policing, 12.2(13)T new-feature document SSG AutoDomain, 12.2(13)T new-feature document SSG Autologoff Enhancement, 12.3(4)T new-feature document SSG Autologon Using Proxy Radius, 12.2(13)T new-feature document SSG Autologoff, 12.2(13)T new-feature document SSG Proxy for CDMA2000, 12.3(4)T new-feature document SSG Direction Configuration for Interfaces and Ranges, 12.3(4)T new-feature document SSG EAP Transparency, 12.3(4)T new-feature document SSG L2TP Dial-Out, 12.3(4)T new-feature document SSG Open Garden, 12.2(13)T new-feature document SSG Port-Bundle Host Key, 12.2(13)T new-feature document SSG Prepaid, 12.2(13)T new-feature document SSG Prepaid Idle Timeout, 12.3(4)T new-feature document SSG Service Profile Caching, 12.3(4)T new-feature document SSG Suppression of Unused Accounting Records, 12.3(4)T new-feature document SSG TCP Redirect for Services, 12.2(13)T new-feature document SSG Unconfig, 12.3(4)T new-feature document SSG Unique Session ID, 12.3(4)T new-feature document Cisco Subscriber Edge Services Manager and Subscriber Policy Engine Installation and Configuration Guide Cisco Service Selection Dashboard Installation and Configuration Guide Cisco Service Selection Dashboard Web Developer Guide 8

SSG Service Profile Caching Additional References Related Topic RADIUS commands RADIUS configuration tasks Document Title Cisco IOS Security Command Reference, Release 12.3 T Cisco IOS Security Configuration Guide Standards Standards No new or modified standards are supported by this feature. Support for existing standards has not been modified by this feature. Title MIBs MIBs No new or modified MIBs are supported by this feature. Support for existing MIBs has not been modified by this feature. MIBs Link To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: http://www.cisco.com/go/mibs RFCs RFCs No new or modified RFCs are supported by this feature. Support for existing RFCs has not been modified by this feature. Title Technical Assistance Description Technical Assistance Center (TAC) home page, containing 30,000 pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content. Link http://www.cisco.com/public/support/tac/home.shtml 9

Command Reference SSG Service Profile Caching Command Reference This section documents new commands. All other commands used with this feature are documented in the Cisco IOS Release 12.3 T command reference publications. ssg service-cache ssg service-cache refresh 10

SSG Service Profile Caching ssg service-cache ssg service-cache To enable the SSG Service Profile Caching feature, or to change the refresh interval for services in the service profile cache, use the ssg service-cache command in global configuration mode. To disable Service Selection Gateway (SSG) service profile caching, use the no form of this command. ssg service-cache [refresh-interval minutes] no ssg service-cache [refresh-interval minutes] Syntax Description refresh-interval minutes (Optional) Changes the refresh rate for the SSG service profile cache. An SSG service profile refreshes by getting the service profile from the AAA server. If the refresh-interval argument is not entered, the default refresh rate of every 120 minutes is used. (Optional) Specifies how often, in minutes, the service profiles in the SSG service profile cache will be refreshed. For instance, if the minutes option is set as 180, the SSG service profile cache will check the AAA server for the service profiles in the cache every 180 minutes. The refresh interval can be configured at any one-minute interval between 10 minutes and 34,560 minutes (24 days). The default is every 120 minutes. Defaults SSG service profile caching is enabled by default. The default refresh interval for the SSG service profile cache is every 120 minutes. Command Modes Global configuration Command History Release 12.2(15)B 12.3(4)T Modification This command was introduced. This command was integrated into Cisco IOS Release 12.3(4)T. Usage Guidelines The ssg service-cache command is used to enable SSG service profile caching. A refresh interval does not have to be specified (the default of 120 minutes will be used if no refresh interval is configured). This command enhances the authentication process for SSG service logon by allowing users to authorize to a service using a service profile cached in SSG instead of downloading the service profile from the AAA server. When this command is entered, all of the service profiles currently in use in SSG are immediately cached. Examples In the following example, SSG service profile caching is enabled: Router(config)# ssg service-cache enable 11

ssg service-cache SSG Service Profile Caching In the following example, the service profiles in the SSG service profile cache will be updated from the AAA server every 240 minutes: Router# configure terminal Router(config)# ssg service-cache refresh-interval 240 Related Commands Command Description show ssg service Displays services that are currently being used by SSG and are, therefore, part of the SSG service profile cache if SSG Service Profile Caching is enabled. show ssg service Displays various information about an SSG service, including the time remaining for the specified service to refresh. ssg service-cache refresh Manually updates the SSG service profile cache with the service profiles available on the AAA server. 12

SSG Service Profile Caching ssg service-cache refresh ssg service-cache refresh To trigger an update the Service Selection Gateway service profile cache with the service profiles available on the AAA server, use the ssg service-cache refresh command in privileged EXEC mode. ssg service-cache refresh [service-name all] no ssg service-cache refresh [service-name all] Syntax Description service-name all (Required to refresh one SSG service profile in the SSG service profile cache.) Specifies that a specific service should be refreshed. (Required to refresh all SSG profiles in the SSG profile cache.) Specifies that all of the service profiles in the SSG service profile cache should be refreshed. Defaults The SSG service profile cache, if enabled, is refreshed at intervals based on the ssg service-cache refresh-interval configuration. If an ssg service-cache refresh-interval is not specified, the default refresh rate is every 120 minutes. Command Modes Privileged EXEC Command History Release 12.2(15)B 12.3(4)T Modification This command was introduced. This command was integrated into Cisco IOS Release 12.3(4)T. Usage Guidelines This command is used to refresh the profiles in the SSG service profile cache manually from the AAA server. The service profiles in the SSG service profile cache are automatically refreshed with the profiles from the AAA server at user-configurable intervals using the ssg service-cache refresh-interval command. The user can trigger a refresh at any time by issuing this command. If an SSG service cache refresh fails for any reason (for instance, the AAA server is unreachable or down), the service profile caching for that service is disabled. Once a user is able to download the service successfully, caching for the service begins again. Examples In the following example, all of the service profiles in the SSG service profile cache will be retrieved from the AAA server and will replace the service profiles in the SSG service profile cache: Router# ssg service-cache refresh all In the following example, service profile service1 will be retrieved from the AAA server and will replace the current service1 profile in the SSG service profile cache: Router# ssg service-cache refresh service1 13

ssg service-cache refresh SSG Service Profile Caching Related Commands Command ssg service-cache Description Enables SSG service profile caching. CCVP, the Cisco logo, and Welcome to the Human Network are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is a service mark of Cisco Systems, Inc.; and Access Registrar, Aironet, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iphone, IP/TV, iq Expertise, the iq logo, iq Net Readiness Scorecard, iquick Study, LightStream, Linksys, MeetingPlace, MGX, Networkers, Networking Academy, Network Registrar, PIX, ProConnect, ScriptShare, SMARTnet, StackWise, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries. All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0711R) Copyright 2003 Cisco Systems, Inc. All rights reserved. 14

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback