Intelligent Services Gateway Configuration Guide, Cisco IOS XE Release 3S
Configuring ISG Accounting
Downloads: This chapterpdf (PDF - 1.46MB) The complete bookPDF (PDF - 5.22MB) | The complete bookePub (ePub - 1.6MB) | Feedback

Configuring ISG Accounting

Contents

Configuring ISG Accounting

The Intelligent Services Gateway (ISG) is a Cisco software feature set that provides a structured framework to edge devices that can deliver flexible and scalable services to subscribers. This module describes how to configure ISG accounting, including per-session accounting or per-flow accounting, broadcast accounting, and postpaid tariff switching.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Prerequisites for ISG Accounting

  • Configure the authentication, authorization, and accounting (AAA) method list using the aaa accounting command before configuring Intelligent Services Gateway (ISG) accounting. ISG sends accounting records to the AAA method list specified in the user profile, service profile, or service policy map. For more information about the AAA commands, see the Cisco IOS Security Command Reference: Commands A to C .
  • AAA servers must be configured to support ISG accounting.

Restrictions for ISG Accounting

  • Intelligent Services Gateway (ISG) accounting supports only the RADIUS protocol.
  • If authentication, authorization, and accounting (AAA) broadcast accounting is used with periodic accounting, you cannot configure different accounting periods for different accounting groups.

Information About ISG Accounting

Overview of ISG Accounting

Intelligent Services Gateway (ISG) supports per-session, per-service, or per-flow accounting. Per-session accounting is the aggregate of all the flow traffic for a session and it can be enabled in a user profile.

Per-flow accounting, which accounts for a subset of session traffic as defined by a traffic class, is enabled in a service profile or service policy map. When per-flow accounting is configured, the Parent-Session-ID vendor-specific attribute (VSA) is included in accounting records so that per-session and per-flow accounting records can be correlated in the RADIUS server.

Within a subscriber session, per-service accounting enables RADIUS to track services when they become active and when they stop. Per-service accounting is the aggregate of all flow traffic for the duration of the service. Using this feature, the device includes all activated services for the session in a single accounting start message. Per-service accounting can be enabled in a service profile or service policy map. When per-service accounting is configured, the service name and Parent-Session-ID attributes are included in accounting records.


Note


When accounting is configured in a user profile, the service name attribute is not included in accounting records.


Session accounting is enabled if the aaa accounting network default command is configured and a authentication, authorization, and accounting (AAA) method list is specified. We recommend that you use a named method list rather than the default method list. Flow accounting is disabled by default and will take place only if a AAA method list is specified in the service profile or a service policy map. ISG accounting sends Accounting-Start, interim, and Accounting-Stop records to the specified AAA method list.

ISG Accounting Messages on ANCP Ports

Accounting messages sent by Intelligent Services Gateway (ISG) for sessions on an Access Node Control Protocol (ANCP) port contain the following authentication, authorization, and accounting (AAA) attributes:
  • nas-rx-speed
  • nas-rx-speed-bps
  • nas-tx-speed
  • nas-tx-speed-bps
ISG retrieves the values for these attributes from the Digital Subscriber Line Access Multiplexer (DSLAM) ANCP notification sent to ISG or from the quality of service (QoS) policy configured on the interface.

When an ANCP port is in an up state, the attribute values are taken from the DSLAM ANCP notification sent to ISG. If the ANCP port state changes to a down state, the ANCP accounting messages will continue to contain the AAA attributes sent in the DSLAM notification.

If the ANCP port state has never been set to up, ISG can retrieve the nas-tx-speed, nas-tx-speed-bps, nas-rx-speed, and nas-rx-speed-bps AAA attributes from the QoS policy on that interface.

To retrieve the AAA attributes from the QoS policy, the policy must be configured before the configuration of the ANCP neighbor; otherwise, ISG uses the previous values (if any) for the AAA attributes when a session is established.

If the QoS policy values are changed, ISG continues to use the previous values until the ANCP neighbor is removed and reconfigured.

Service Activation and Deactivation Configuration on RADIUS

You can configure Cisco VSA 250 and VSA 252 in the service profile on RADIUS to dynamically activate and deactivate services. RADIUS uses VSA 250 in Access-Accept and VSA 252 in Change of Authorization (CoA) messages. These VSAs have the following syntax:

252 0b "service(parameter1=value,parameter2=value,...)"
250 "service(parameter1=value,parameter1=value,...)"

When deactivating a service, RADIUS sends the same information in VSA 252 that was used for service activation, except that service deactivation uses 0c parameters in the VSA instead of the 0b parameter used for service activation. VSA 252 has the following syntax for service deactivation:

252 0xC "service(parameter1=value,parameter2=value,...)" 
	 

ISG Accounting Records

Intelligent Services Gateway (ISG) accounting uses the RADIUS protocol to facilitate interaction between ISG and an external RADIUS-based authentication, authorization, and accounting (AAA) server or a mediation server. ISG sends accounting records with the associated attributes to the AAA accounting method list when the following events occur—account logon, account logoff, service logon, and service logoff. The accounting server can be configured to interpret the accounting records to generate bills for postpaid sessions.

Account Logon and Logoff

ISG sends a RADIUS Accounting-Request record to the specified AAA method list when a subscriber logs on to or out off ISG. The Acct-Status-Type attribute included in the Accounting-Request record indicates if the record marks the start (commencement) of the subscriber session or the stop (termination) of the session.

When the aaa accounting command is enabled with the system, default, start-stop, and group keywords, accounting records are sent to the AAA server. When a subscriber logs on, ISG sends an Accounting-Start record to the AAA server. When a subscriber logs off, ISG sends an Accounting-Stop record to the AAA server.

Service Logon and Logoff

ISG sends a RADIUS Accounting-Start record to the AAA server when a service is activated for a subscriber, and it sends an Accounting-Stop record when a service is deactivated. The record contains an accounting session ID that is different from the accounting session ID of the parent session.

The Acct-Status-Type attribute included in the Accounting-Request record indicates whether the record marks the start or the end of the service. The name of the service is included in accounting records for service logon and logoff.

Accounting records may be sent for events other than account and service logon and logoff. See the Securing User Services Configuration Guide Library for more information.

Interim ISG Accounting Updates

Intelligent Services Gateway (ISG) supports interim (intermittent) RADIUS accounting updates that work the same way as “watchdog” RADIUS accounting. Accounting updates are sent between the time that ISG sends Accounting-Start and Accounting-Stop records.

ISG supports two types of interim accounting—accounting updates for new information (such as a new IP address) and periodic accounting, in which accounting records are sent at a configurable interval.

Interim accounting can be enabled or disabled globally for new information. Periodic accounting can be enabled for specific contexts, such as globally, in user profiles, and in services.

Broadcast Accounting

Intelligent Services Gateway (ISG) supports authentication, authorization, and accounting (AAA) broadcast accounting, which is the ability to send user accounting records to multiple RADIUS servers. AAA broadcast accounting provides service providers with geographical redundancy for RADIUS servers and provides accounting records to partners in wholesale models. For information about configuring AAA broadcast accounting, see the “Configuring Accounting” chapter in the Cisco Authentication, Authorization, and Accounting Configuration Guide.

ISG Postpaid Tariff Switching

The Intelligent Services Gateway (ISG) Postpaid Tariff Switching feature allows changes in tariffs during the lifetime of a connection. This feature applies to time-based or volume-based postpaid sessions in which the tariff changes at certain times of the day.

Typically, a service provider would use postpaid tariff switching to offer different tariffs to a subscriber while the subscriber is still connected. For example, changing a subscriber to a less expensive tariff during off-peak hours.

To handle tariff switches for postpaid connections, accounting packets log the usage information during the various tariff-switch intervals. The service profile contains a weekly tariff-switch plan detailing the times of day during which tariff changes occur. ISG monitors the usage at every tariff-switch point and records this information in interim accounting records. The billing server monitors all the interim accounting updates and obtains the information about the traffic sent at each tariff rate.


Note


Tariff switching is not required for time-based billing services. Because the billing server knows the service logon and logoff time stamps, it can calculate the various tariffs that apply during that time.


Subscriber Accounting Accuracy

The Subscriber Accounting Accuracy feature guarantees that the I/O packet/byte statistics in the Accounting-Stop record are accurate to within one second.

Subscriber accounting data is sent to authentication, authorization, and accounting (AAA) servers during the following events:

  • Configured intervals during the lifetime of the session or service
  • Service logoff
  • Session tear down

Use the subscriber accounting accuracy milliseconds command to set the value for the Subscriber Accounting Accuracy feature.

HA Support for ISG Accounting

The accounting start and stop records that Intelligent Services Gateway (ISG) sends to an external RADIUS accounting server contains cumulative counters associated with subscriber sessions. ISG can also send interim accounting records containing the latest time and volume statistics at periodic intervals during a session’s lifetime. This information is correlated by a third-party billing software to generate billing records for the subscriber.

The ISG stateful switchover (SSO) and In Service Software Upgrade (ISSU) feature adds high availability (HA) support to the ISG session, service, and flow accounting. This HA support includes a periodic session update feature that enables ISG to retain cumulative accounting counters associated with the subscriber sessions after an SSO or ISSU event. Configuring this feature prevents the new active processor from restarting the accounting counters from zero after an SSO event. You can also specify that the first record sent after an SSO event is an interim accounting record for sessions, services, and flows that survive the switchover.

The following are some of the counters and their associated counters that retain their value after Route Processor (RP) SSO:
  • Session counters:
    • Acct-Input-Octets
    • Acct-Input-Packets
    • Acct-Output-Octets
    • Acct-Output-Packets
    • Acct-Session-Time
  • Service counters:
    • Acct-Input-Octets
    • Acct-Input-Packets
    • Acct-Output-Octets
    • Acct-Output-Packets

For information about configuring HA on the ISG device, see the High Availability Configuration Guide.

How to Configure ISG Accounting

Enabling ISG per-Session Accounting

Per-session accounting can be configured in the user profile of a authentication, authorization, and accounting (AAA) server.

This task contains the following sections:

Enabling ISG per-Session Accounting in a User Profile on a AAA Server

Use the attributes given in this procedure to enable per-session accounting in a user profile on an authentication, authorization, and accounting (AAA) server.


Note


You must configure a service for an accounting list before enabling a per-session accounting in a user profile. A per-session accounting list cannot be applied on a session in Intelligent Services Gateway (ISG) if a service is not configured; that is, you must have a dummy service configured under the accounting list when there is no service configured.


SUMMARY STEPS

    1.    Cisco-Attribute-Value pair (AVpair)=“accounting-list=accounting-mlist-name

    2.    IETF RADIUS attribute Acct-Interim-Interval (attribute 85)


DETAILED STEPS
    Step 1   Cisco-Attribute-Value pair (AVpair)=“accounting-list=accounting-mlist-name

    Adds the Accounting attribute to the user profile. This attribute enables accounting and specifies the AAA method list to which accounting updates will be sent.

    Step 2   IETF RADIUS attribute Acct-Interim-Interval (attribute 85)

    (Optional) Adds the Acct-Interim-Interval (attribute 85) to the user profile. This attribute specifies the number of seconds between interim updates.


    Enabling a per-User Accounting List

    Perform this task to enable a dummy service on an accounting list. A dummy service is a string that is used to get an authorization from a server for a user profile when no service is configured.

    SUMMARY STEPS

      1.    userxxx2@cisco.com Cleartext-Password := “cisco111”

      2.    Cisco-Account-Info += “ADUMMYSERVICE”,


    DETAILED STEPS
      Step 1   userxxx2@cisco.com Cleartext-Password := “cisco111”

      Adds the username and password account information for a RADIUS user profile.

      Step 2   Cisco-Account-Info += “ADUMMYSERVICE”,

      Adds a dummy service to a RADIUS user profile for an accounting list on an authentication, authorization, and accounting (AAA) server.


      Enabling ISG per-Flow Accounting

      Intelligent Services Gateway (ISG) per-flow accounting can be configured in the following configuration sources:

      • Service profile on a AAA server
      • Service policy map on the ISG device

      This procedure contains the following sections:

      Enabling ISG per-Flow Accounting in a Service Profile on the AAA Server

      Perform this task to configure a per-flow accounting in a service profile on the authentication, authorization, and accounting (AAA) server.

      Before You Begin

      This task assumes that you have defined IP access lists for specifying the traffic.

      SUMMARY STEPS

        1.    Cisco-AVpair=“ip:traffic-class={in | out} access-group [acl-number | name acl-name] [priority n]”

        2.    Cisco-AVpair=“accounting-list=accounting-mlist-name

        3.    IETF RADIUS attribute Acct-Interim-Interval (attribute 85)


      DETAILED STEPS
        Step 1   Cisco-AVpair=“ip:traffic-class={in | out} access-group [acl-number | name acl-name] [priority n]”

        Adds the Intelligent Services Gateway (ISG) traffic class attribute to the service profile. This attribute specifies the input and output traffic to which the service will apply. Both an input and output traffic classifier can be added to a service profile.

        Step 2   Cisco-AVpair=“accounting-list=accounting-mlist-name

        Adds the accounting attribute to the service profile on the AAA server. This attribute enables accounting and specifies the AAA method list to which accounting updates will be sent. The AAA method list must be configured.

        Note   

        If this attribute is configured in a service profile that does not include a traffic class, accounting is performed on the session rather than on the flow.

        Step 3   IETF RADIUS attribute Acct-Interim-Interval (attribute 85)

        (Optional) Adds the IETF RADIUS attribute Acct-Interim-Interval (attribute 85) to the service profile on the AAA server. This attribute specifies the number of seconds between interim updates.


        Enabling ISG per-Flow Accounting in a Service Policy Map

        Perform this task to enable accounting in a local service policy map for the device for a specific flow.

        Before You Begin

        This task assumes that you have defined a traffic class map and associated IP access lists. See the module “Configuring ISG Subscriber Services” for more information about configuring traffic classes.

        SUMMARY STEPS

          1.    enable

          2.    configure terminal

          3.    policy-map type service policy-map-name

          4.    class type traffic class-map-name

          5.    accounting aaa list AAA-method-list

          6.    end


        DETAILED STEPS
           Command or ActionPurpose
          Step 1 enable


          Example:
          Device> enable
           

          Enables privileged EXEC mode.

          • Enter your password if prompted.
           
          Step 2 configure terminal


          Example:
          Device# configure terminal
           

          Enters global configuration mode.

           
          Step 3 policy-map type service policy-map-name


          Example:
          Device(config)# policy-map type service service1
           

          Creates or defines a service policy map, which is used to define an Intelligent Services Gateway (ISG) service and enters service policy-map configuration mode.

           
          Step 4 class type traffic class-map-name


          Example:
          Device(config-service-policymap)# class type traffic firstclass
           

          Associates a previously configured traffic class with the policy map and enters control policy-map traffic class configuration.

           
          Step 5 accounting aaa list AAA-method-list


          Example:
          Device(config-control-policymap-class-traffic)# accounting aaa list list1
           

          Enables accounting and specifies the authentication, authorization, and accounting (AAA) method list to which accounting updates will be sent.

          • The AAA method list must be configured.
           
          Step 6 end


          Example:
          Device(config-control-policymap-class-traffic)# end
           

          Returns to privileged EXEC mode.

           

          Enabling ISG per-Service Accounting

          Per-service accounting can be configured in the following configuration sources:

          • Service profile on a AAA server
          • Service policy map on the ISG device

          This procedure contains the following sections:

          Enabling per-Service Accounting on ISG

          SUMMARY STEPS

            1.    enable

            2.    configure terminal

            3.    subscriber service multiple-accept

            4.    subscriber service session-accounting

            5.    end


          DETAILED STEPS
             Command or ActionPurpose
            Step 1 enable


            Example:
            Device> enable
             
            Enables privileged EXEC mode.
            • Enter your password if prompted.
             
            Step 2 configure terminal


            Example:
            Device# configure terminal
             

            Enters global configuration mode.

             
            Step 3 subscriber service multiple-accept


            Example:
            Device(config)# subscriber service multiple-accept
             

            Enables multiple services in a single Access-Accept message.

             
            Step 4 subscriber service session-accounting


            Example:
            Device(config)# subscriber service session-accounting
             

            Enables subscriber services accounting.

            • All started services are included in the session accounting start message.
             
            Step 5 end


            Example:
            Device(config)# end
             

            Returns to privileged EXEC mode.

             

            Enabling per-Service Accounting in a Service Profile on a AAA Server

            Use the attributes in this procedure to enable per-service accounting in a service profile on a authentication, authorization, and accounting (AAA) server. Note that for per-service accounting, the traffic class attribute should not be included in the service profile.

            SUMMARY STEPS

              1.    Cisco-AVpair=“accounting-list=accounting_mlist_name

              2.    IETF RADIUS attribute Acct-Interim-Interval (attribute 85)


            DETAILED STEPS
              Step 1   Cisco-AVpair=“accounting-list=accounting_mlist_name

              Adds the Accounting attribute to the service profile. This attribute enables accounting and specifies the AAA method list to which accounting updates will be sent.

              Step 2   IETF RADIUS attribute Acct-Interim-Interval (attribute 85)

              (Optional) Adds the Acct-Interim-Interval (attribute 85) to the service profile. This attribute specifies the number of seconds between interim updates.


              Enabling per-Service Accounting in a Service Policy Map

              To configure a per-service accounting in a service policy map on the device, you must configure an empty traffic class map (a traffic class map that does not specify an access list) and enable accounting within the empty traffic class in the service policy map.

              SUMMARY STEPS

                1.    enable

                2.    configure terminal

                3.    class-map type traffic match-any class-map-name

                4.    exit

                5.    policy-map type service policy-map-name

                6.    class type traffic class-map-name

                7.    accounting aaa list AAA-method-list

                8.    end


              DETAILED STEPS
                 Command or ActionPurpose
                Step 1 enable


                Example:
                Device> enable
                 

                Enables privileged EXEC mode.

                • Enter your password if prompted.
                 
                Step 2 configure terminal


                Example:
                Device# configure terminal
                 

                Enters global configuration mode.

                 
                Step 3 class-map type traffic match-any class-map-name


                Example:
                Device(config)# class-map type traffic match-any empty_class 
                 

                Creates or modifies a traffic class map, which is used for matching packets to a specified ISG traffic class, and enters traffic class-map configuration mode.

                • For per-session accounting, create an empty traffic class map, that is, a traffic class map that does not specify an access list for matching traffic.
                 
                Step 4 exit


                Example:
                Device(config-traffic-classmap)# exit 
                 

                Exits traffic class-map configuration mode.

                 
                Step 5 policy-map type service policy-map-name


                Example:
                Device(config)# policy-map type service polmap1
                 

                Creates or defines a service policy map, which is used to define an ISG service, and enters service policy-map configuration mode.

                 
                Step 6 class type traffic class-map-name


                Example:
                Device(config-service-policymap)# class type traffic empty_class 
                 

                Associates a traffic class map with the service policy map and enters service policy-map traffic class configuration mode.

                • In this step, reference the empty traffic class map that you created in Step 3.
                 
                Step 7 accounting aaa list AAA-method-list


                Example:
                Device(config-service-policymap-class-traffic)# accounting aaa list list1
                 

                Enables accounting and specifies the authentication, authorization, and accounting (AAA) method list to which accounting updates will be sent.

                 
                Step 8 end


                Example:
                Device(config-service-policymap-class-traffic)# end
                 

                Returns to privileged EXEC mode.

                 

                Configuring ISG Postpaid Tariff Switching

                ISG postpaid tariff switching can be configured in the service profile on a authentication, authorization, and accounting (AAA) server.

                If you include a traffic class in the service profile, postpaid tariff switching will apply to the specified flow. If you do not configure a traffic class, postpaid tariff switching will apply to the session. Perform this task to configure per-session or per-flow postpaid tariff switching.

                Before You Begin

                Intelligent Services Gateway (ISG) per-session or per-flow accounting must be configured for postpaid tariff switching to work.

                SUMMARY STEPS

                  1.    Cisco-AVpair = “PPWhh:mm:ss:d

                  2.    Cisco-AVpair = “ip:traffic-class={in | out} access-group [acl-number | name acl-name ] [priority n ]”


                DETAILED STEPS
                  Step 1   Cisco-AVpair = “PPWhh:mm:ss:d

                  Adds the postpaid VSA to the service profile. This attribute specifies the weekly tariff-switch points for postpaid tariff switching. The syntax description is as follows:

                  hh :mm:ss:d—Weekly tariff-switch time.

                  • hh = hour of day <0-23>
                  • mm = minutes <0-59>
                  • ss = seconds <0-59>
                  • d = bitmap format for the days of week. Each weekday is represented by one bit, as follows:
                    • 00000001 = Monday
                    • 00000010 = Tuesday
                    • 00000100 = Wednesday
                    • 00001000 = Thursday
                    • 00010000 = Friday
                    • 00100000 = Saturday
                    • 01000000 = Sunday
                  Step 2   Cisco-AVpair = “ip:traffic-class={in | out} access-group [acl-number | name acl-name ] [priority n ]”

                  Adds the ISG traffic class attribute to the service profile. This attribute specifies input and output traffic to which the service will apply. Both an input and output traffic classifier can be added to a service profile.


                  What to Do Next

                  You may want to configure a method of activating the service policy map or service profile. For example, control policies can be used to activate services. For more information about methods of service activation, see the “Configuring ISG Subscriber Services” module.

                  Verifying ISG Accounting and Postpaid Tariff Switching

                  To verify and troubleshoot Intelligent Services Gateway (ISG) accounting and postpaid tariff switching, use any of the following commands in privileged EXEC mode. You can use these commands in any order.

                  SUMMARY STEPS

                    1.    show subscriber session

                    2.    show aaa sessions

                    3.    show aaa user {all | unique id}

                    4.    show sss session [all]


                  DETAILED STEPS
                     Command or ActionPurpose
                    Step 1 show subscriber session


                    Example:
                    Device# show subscriber session
                     

                    Displays ISG subscriber session information.

                     
                    Step 2 show aaa sessions


                    Example:
                    Device# show aaa sessions 
                     

                    Displays authentication, authorization, and accounting (AAA) subscriber session information.

                     
                    Step 3 show aaa user {all | unique id}


                    Example:
                    Device# show aaa user all
                     

                    Displays AAA subscriber information for all users or a specified user.

                     
                    Step 4 show sss session [all]


                    Example:
                    Device# show sss session
                     

                    Displays Subscriber Service Switch (SSS) session status.

                     

                    Enabling Periodic Session Update

                    Perform this task to enable Intelligent Services Gateway (ISG) to periodically synchronize the dynamic accounting statistics (counters) for subscriber sessions on the standby processor, to suppress accounting on and accounting off messages during a switchover, or to send the interim accounting record first after a switchover.

                    SUMMARY STEPS

                      1.    enable

                      2.    configure terminal

                      3.    subscriber redundancy dynamic periodic-update interval minutes

                      4.    aaa accounting redundancy suppress system-records

                      5.    aaa accounting redundancy best-effort-reuse send-interim

                      6.    end


                    DETAILED STEPS
                       Command or ActionPurpose
                      Step 1 enable


                      Example:
                      Device> enable
                       

                      Enables privileged EXEC mode.

                      • Enter your password if prompted.
                       
                      Step 2 configure terminal


                      Example:
                      Device# configure terminal
                       

                      Enters global configuration mode.

                       
                      Step 3 subscriber redundancy dynamic periodic-update interval minutes


                      Example:
                      Device(config)# subscriber redundancy dynamic periodic-update interval 30
                       

                      Enables periodic update of accounting statistics for subscriber sessions.

                       
                      Step 4aaa accounting redundancy suppress system-records


                      Example:
                      Device(config)# aaa accounting redundancy suppress system-records
                       

                      Suppresses accounting on and accounting off messages during a switchover.

                       
                      Step 5aaa accounting redundancy best-effort-reuse send-interim


                      Example:
                      Device(config)# aaa accounting redundancy best-effort-reuse send-interim
                       

                      Sends the interim accounting record first after a switchover for session and service accounting.

                       
                      Step 6 end


                      Example:
                      Device(config)# end
                       

                      Returns to privileged EXEC mode.

                       

                      Verifying Periodic Session Update

                      To verify and troubleshoot the configuration of the periodic session update on the ISG device, use any of the following commands in privileged EXEC mode. You can use these commands in any order.

                      Command

                      Purpose

                      show ccm clients

                      Displays information about cluster control manager (CCM) clients in HA dual RP systems.

                      show ccm queues

                      Displays CCM queue statistics for HA dual RP systems.

                      show ccm sessions

                      Displays information about CCM sessions in HA dual RP systems.

                      Troubleshooting ISG Accounting

                      Use the commands in this task to monitor and troubleshoot Intelligent Services Gateway (ISG) accounting. All these commands are optional and can be entered in any order.

                      SUMMARY STEPS

                        1.    enable

                        2.    debug aaa accounting

                        3.    debug radius brief

                        4.    debug subscriber feature name accounting event


                      DETAILED STEPS
                         Command or ActionPurpose
                        Step 1 enable


                        Example:
                        Device> enable 
                         
                        Enables privileged EXEC mode.
                        • Enter your password if prompted.
                         
                        Step 2debug aaa accounting


                        Example:
                        Device# debug aaa accounting
                                 
                         

                        Displays information about authentication, authorization, and accounting (AAA) TACACS+ authentication.

                         
                        Step 3debug radius brief


                        Example:
                        Device# debug radius brief
                                 
                         

                        Enables debugging of the RADIUS configuration.

                         
                        Step 4debug subscriber feature name accounting event


                        Example:
                        Device# debug subscriber feature name accounting event 
                                 
                         

                        Displays diagnostic information about the installation and removal of ISG features on ISG subscriber sessions.

                         

                        Configuration Examples for ISG Accounting

                        Example: Enabling ISG per-Flow Accounting

                        Example: Enabling ISG per-Flow Accounting in a Service Profile on the AAA Server

                        The following example shows Intelligent Services Gateway (ISG) per-flow accounting configured in a remote service profile for a service called “video1”:

                           video1        Password = "cisco"
                           Cisco-AVpair = "traffic-class=input access-group 101 priority 20",
                           Cisco-AVpair = "traffic-class=output access-group 112 priority 20",
                           Cisco-Avpair = "accounting-list=remote-local",
                           Service-Info = "QU;8000",
                           Service-Info = "QD;64000"

                        Example: Enabling ISG per-Flow Accounting in a Service Policy Map

                        The following example shows ISG per-flow accounting configured in a service policy map for a service called “video1”:

                        class-map type traffic match-any video1
                         match access-group output 101
                         match access-group input 100
                        !
                        policy-map type service video1
                         class type traffic video1
                          accounting aaa list mlist1

                        Example: Enabling ISG per-Service Accounting

                        The following configuration example allows multiple services in a single Access-Accept message and enables session accounting for services. The example also shows how to enable RADIUS to authorize the subscriber to access services.

                        subscriber service multiple-accept
                        subscriber service session-accounting
                        subscriber authorization enable
                        

                        Example: Enabling a per-User Accounting List

                        The following example shows a dummy service configured for an Intelligent Services Gateway (ISG) per-session accounting list configured on an authentication, authorization, and accounting (AAA) server:

                        userxxx2@cisco.com Cleartext-Password := "cisco111"
                                 Service-Type = Framed-User,
                                 Framed-Protocol = PPP,
                                 Framed-IP-Address = 192.168.17.17,
                                 Cisco-Account-Info += "ADUMMYSERVICE",
                        DUMMYSERVICE Cleartext-Password := "cisco"
                                 Cisco-AVPair+= "accounting-list=testacct",

                        Example: Enabling ISG per-Service Accounting in a Service Policy Map

                        The following example shows how to configure per-service accounting in a service policy map on the Intelligent Services Gateway (ISG) device:

                        class-map type traffic match-any classmap1
                        !
                        policy-map type service polmap1
                         class type traffic classmap1
                          accounting aaa list mlist1

                        Example: Configuring Postpaid Tariff Switching

                        The following example shows the configuration of a postpaid tariff switch each day of the week at midnight:

                        Cisco-AVpair = "PPW00:00:00:127" 

                        The following example shows the configuration of a postpaid tariff switch Monday through Friday at 8:00 p.m.:

                        Cisco-AVpair = "PPW20:00:00:31" 

                        The following example shows the configuration of a postpaid tariff switch Monday through Friday at 6:00 a.m.:

                        Cisco-AVpair = "PPW06:00:00:31" 

                        Example: Enabling Periodic Session Update

                        The following example shows that the Intelligent Services Gateway (ISG) device is configured to suppress accounting on and accounting off messages during a switchover and to send the interim accounting record first after a switchover. The ISG device also synchronizes the accounting counters for subscriber sessions on the standby processor every 30 minutes.
                        subscriber redundancy dynamic periodic-update interval 30
                        !
                        aaa accounting redundancy suppress system-records
                        aaa accounting redundancy best-effort-reuse send-interim
                        

                        Examples: Verifying ISG Accounting and Postpaid Tariff Switching

                        This section contains examples of output for the “Verifying ISG Accounting and Postpaid Tariff Switching” task.

                        show subscriber session Output When ISG Accounting Is Applied to a Flow

                        In the following example, Intelligent Services Gateway (ISG) accounting is configured in a service profile that specifies a traffic class, which means that accounting will be performed on the flow and not the parent session. In this example, 157 is the unique ID of the traffic class.

                        Device# show subscriber session uid 157 detailed
                        
                        Subscriber session handle: E5000092, state: connected, service: Ltm Internal
                        Unique Session ID: 157
                        Identifier:
                        SIP subscriber access type(s): Traffic-Class
                        Root SIP Handle: 2B000011, PID: 76
                        Current SIP options: Req Fwding/Req Fwded
                        Session Up-time: 3 minutes, 45 seconds, Last Changed: 3 minutes, 45 seconds
                        AAA unique ID: 0
                        Switch handle: F300015F
                        Session inbound features:
                        Feature: Service accounting
                         Service: video1
                         Method List: remote-local
                         Outbound direction:
                         Packets = 84, Bytes = 33600
                        Feature: Policing
                         Upstream Params:
                        Average rate = 8000, Normal burst = 1500, Excess burst = 3000
                        Config level = Service
                        Session outbound features:
                        Feature: Service accounting
                         Service: video1
                         Method List: remote-local
                         Outbound direction:
                                Packets = 84, Bytes = 33600
                        Feature: Policing
                         Dnstream Params:
                        Average rate = 64000, Normal burst = 12000, Excess burst = 24000
                        Config level = Service
                        Configuration sources associated with this session:
                        Service: video1, Active Time = 3 minutes, 46 seconds

                        show subscriber session Output When ISG Accounting Is Applied to a Session

                        The following is sample output from the show subscriber session command for a session rather than a flow:

                        Device# show subscriber session uid 730 detailed
                        
                        Subscriber session handle: 3800009A, state: connected, service: Local Term
                        Unique Session ID: 730
                        Identifier: igq2acct
                        SIP subscriber access type(s): IP-Interface/Account-Logon-CH
                        Root SIP Handle: A600000E, PID: 75
                        Child SIP Handle: F9000018, PID: 73
                        Current SIP options: Req Fwding/Req Fwded
                        Session Up-time: 3 minutes, 57 seconds, Last Changed: 2 minutes, 59 seconds
                        AAA unique ID: 81
                        Switch handle: 890003A0
                        Interface: ATM6/0.1
                        Policy information:
                          Authentication status: authen
                          Config downloaded for session policy:
                          From Access-Type: Account-Logon-CH, Client: SM, Event: Got More Keys
                            Profile name: apply-config-only, 2 references
                              ssg-account-info     "SAfoo"
                          Rules, actions and conditions executed:
                            subscriber rule-map rule1
                              condition always event any-event
                                action 1 authenticate
                        Session inbound features:
                        Feature: Session accounting
                         Method List: foo
                         Outbound direction:
                                Packets = 10, Bytes = 1000
                        Session outbound features:
                        Feature: Session accounting
                         Method List: foo
                         Outbound direction:
                                Packets = 10, Bytes = 1000
                        Configuration sources associated with this session:
                        Interface: ATM6/0.1, Active Time = 3 minutes, 58 seconds

                        The following is sample output from the show aaa sessions command:

                        Device# show aaa sessions
                        
                        Total sessions since last reload: 141
                        Session Id: 167
                           Unique Id: 151
                           User Name: *not available*
                           IP Address: 192.168.0.1
                           Idle Time: 0
                           CT Call Handle: 0
                        

                        Output for a Specific User

                        The following is sample output from the show aaa user command:

                        Device# show aaa user
                        
                        Unique id 151 is currently in use.
                        Accounting:
                          log=0x20C201
                          Events recorded :
                            CALL START
                            NET UP
                            IPCP_PASS
                            INTERIM START
                            VPDN NET UP
                          update method(s) :
                            PERIODIC
                          update interval = 60
                        Outstanding Stop Records : 0
                        1A1CABE8 0 00000001 connect-progress(68) 4 Call Up
                            1A1CABF8 0 00000001 pre-session-time(294) 4 0(0)
                            1A1CAC08 0 00000001 nas-tx-speed(421) 4 423630024(194014C8)
                            1A1CAC18 0 00000001 nas-rx-speed(71) 4 139317740(84DD1EC)
                            1A1CAC28 0 00000001 elapsed_time(364) 4 46122(B42A)
                            1A1CAC50 0 00000001 bytes_in(135) 4 11434660(AE7AA4)
                            1A1CAC60 0 00000001 bytes_out(274) 4 0(0)
                            1A1CAC70 0 00000001 pre-bytes-in(290) 4 0(0)
                            1A1CAC80 0 00000001 pre-bytes-out(291) 4 0(0)
                            1A1CAC90 0 00000001 paks_in(136) 4 92215(16837)
                            1A1CADF0 0 00000001 paks_out(275) 4 0(0)
                            1A1CAE00 0 00000001 pre-paks-in(292) 4 0(0)
                            1A1CAE10 0 00000001 pre-paks-out(293) 4 0(0)
                          No data for type EXEC
                          No data for type CONN
                          NET: Username=(n/a)
                            Session Id=000000A7 Unique Id=00000097
                            Start Sent=1 Stop Only=N
                            stop_has_been_sent=N
                            Method List=189F046C : Name = CAR_mlist
                            Attribute list:
                              1A1CADF0 0 00000001 session-id(361) 4 167(A7)
                        1A1CAE00 0 00000001 protocol(297) 4 ip
                              1A1CAE10 0 00000001 addr(8) 4 192.168.0.1
                              1A1CAE20 0 00000001 Framed-Protocol(101) 4 PPP
                              1A1CAE30 0 00000009 clid-mac-addr(37) 6 00 00 04 00 00 2A 
                        --------  
                          No data for type CMD
                          No data for type SYSTEM
                          No data for type RM CALL
                          No data for type RM VPDN
                          No data for type AUTH PROXY
                          No data for type 8
                          No data for type CALL
                          No data for type VPDN-TUNNEL
                          No data for type VPDN-TUNNEL-LINK
                          No data for type 12
                          No data for type IPSEC-TUNNEL
                          No data for type RESOURCE
                          No data for type 15
                        Debg: No data available
                        Radi: No data available
                        Interface:
                          TTY Num = -1
                          Stop Received = 0
                          Byte/Packet Counts till Call Start:
                        Start Bytes In = 0             Start Bytes Out = 0         
                            Start Paks  In = 0             Start Paks  Out = 0         
                          Byte/Packet Counts till Service Up:
                            Pre Bytes In = 0             Pre Bytes Out = 0         
                            Pre Paks  In = 0             Pre Paks  Out = 0         
                          Cumulative Byte/Packet Counts :
                            Bytes In = 11434660      Bytes Out = 0         
                            Paks  In = 92215         Paks  Out = 0         
                          StartTime = 12:02:40 IST Oct 16 2007
                          AuthenTime = 12:02:40 IST Oct 16 2007
                          Component = IEDGE_ACCOUNTING
                        Authen: service=NONE type=NONE method=RADIUS
                        Kerb: No data available
                        Meth: No data available
                        Preauth: No Preauth data.
                        General:  
                          Unique Id = 00000097
                          Session Id = 000000A7
                          Attribute List:
                            1A1CADF0 0 00000001 port-type(198) 4 PPPoE over VLAN
                            1A1CAE00 0 00000009 interface(194) 7 4/0/0/2
                        PerU: No data available

                        Output for All Users

                        Device# show aaa user all
                           
                        --------------------------------------------------
                        Unique id 151 is currently in use.
                        Accounting:
                          log=0x20C201
                          Events recorded :
                            CALL START
                            NET UP
                            IPCP_PASS
                            INTERIM START
                            VPDN NET UP
                          update method(s) :
                            PERIODIC
                          update interval = 60
                        Outstanding Stop Records : 0
                          Dynamic attribute list:
                            1A1CABE8 0 00000001 connect-progress(68) 4 Call Up
                            1A1CABF8 0 00000001 pre-session-time(294) 4 0(0)
                            1A1CAC08 0 00000001 nas-tx-speed(421) 4 423630024(194014C8)
                            1A1CAC18 0 00000001 nas-rx-speed(71) 4 139317740(84DD1EC)
                            1A1CAC28 0 00000001 elapsed_time(364) 4 46122(B42A)
                            1A1CAC50 0 00000001 bytes_in(135) 4 11434660(AE7AA4)
                            1A1CAC60 0 00000001 bytes_out(274) 4 0(0)
                            1A1CAC70 0 00000001 pre-bytes-in(290) 4 0(0)
                            1A1CAC80 0 00000001 pre-bytes-out(291) 4 0(0)
                            1A1CAC90 0 00000001 paks_in(136) 4 92215(16837)
                            1A1CADF0 0 00000001 paks_out(275) 4 0(0)
                            1A1CAE00 0 00000001 pre-paks-in(292) 4 0(0)
                            1A1CAE10 0 00000001 pre-paks-out(293) 4 0(0)
                          No data for type EXEC
                          No data for type CONN
                          NET: Username=(n/a)
                            Session Id=000000A7 Unique Id=00000097
                            Start Sent=1 Stop Only=N
                            stop_has_been_sent=N
                            Method List=189F046C : Name = CAR_mlist
                            Attribute list:
                              1A1CADF0 0 00000001 session-id(361) 4 167(A7)
                        1A1CAE00 0 00000001 protocol(297) 4 ip
                              1A1CAE10 0 00000001 addr(8) 4 192.168.0.1
                              1A1CAE20 0 00000001 Framed-Protocol(101) 4 PPP
                              1A1CAE30 0 00000009 clid-mac-addr(37) 6 00 00 04 00 00 2A 
                        --------  
                          No data for type CMD
                          No data for type SYSTEM
                          No data for type RM CALL
                          No data for type RM VPDN
                          No data for type AUTH PROXY
                          No data for type 8
                          No data for type CALL
                          No data for type VPDN-TUNNEL
                          No data for type VPDN-TUNNEL-LINK
                          No data for type 12
                          No data for type IPSEC-TUNNEL
                          No data for type RESOURCE
                          No data for type 15
                        Debg: No data available
                        Radi: No data available
                        Interface:
                          TTY Num = -1
                          Stop Received = 0
                          Byte/Packet Counts till Call Start:
                        Start Bytes In = 0             Start Bytes Out = 0         
                            Start Paks  In = 0             Start Paks  Out = 0         
                          Byte/Packet Counts till Service Up:
                            Pre Bytes In = 0             Pre Bytes Out = 0         
                            Pre Paks  In = 0             Pre Paks  Out = 0         
                          Cumulative Byte/Packet Counts :
                            Bytes In = 11434660      Bytes Out = 0         
                            Paks  In = 92215         Paks  Out = 0         
                          StartTime = 12:02:40 IST Oct 16 2007
                          AuthenTime = 12:02:40 IST Oct 16 2007
                          Component = IEDGE_ACCOUNTING
                        Authen: service=NONE type=NONE method=RADIUS
                        Kerb: No data available
                        Meth: No data available
                        Preauth: No Preauth data.
                        General:  
                          Unique Id = 00000097
                          Session Id = 000000A7
                          Attribute List:
                            1A1CADF0 0 00000001 port-type(198) 4 PPPoE over VLAN
                            1A1CAE00 0 00000009 interface(194) 7 4/0/0/2
                        PerU: No data available

                        Example: Troubleshooting ISG Accounting

                        The following is sample output from the debug aaa accounting command:

                        Device# debug aaa accounting
                        
                        16:49:21: AAA/ACCT: EXEC acct start, line 10
                        16:49:32: AAA/ACCT: Connect start, line 10, glare
                        16:49:47: AAA/ACCT: Connection acct stop:
                        task_id=70 service=exec port=10 protocol=telnet address=209.165.201.1 cmd=glare bytes_in=308 bytes_out=76 paks_in=45 
                              

                        Additional References

                        Related Documents

                        Related Topic

                        Document Title

                        Cisco IOS commands

                        Cisco IOS Master Command List, All Releases

                        ISG commands

                        Cisco IOS Intelligent Services Gateway Command Reference

                        AAA configuration tasks

                        Authentication, Authorization, and Accounting Configuration Guide

                        AAA commands

                        Cisco IOS Security Command Reference: Commands A to C

                        Configuring ISG subscriber services

                        “Configuring ISG Subscriber Services” section in the Intelligent Services Gateway Configuration Guide

                        HA commands

                        Cisco IOS High Availability Command Reference

                        HA configuration

                        Cisco IOS XE High Availability Configuration Guide

                        Technical Assistance

                        Description

                        Link

                        The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

                        http:/​/​www.cisco.com/​cisco/​web/​support/​index.html

                        Feature Information for ISG Accounting

                        The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

                        Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

                        Table 1 Feature Information for ISG Accounting

                        Feature Name

                        Releases

                        Feature Information

                        1 second accuracy—IPv6 session counters and ISGv6 services

                        Cisco IOS XE Release 3.5S

                        Support for PPP IPv6 and dual-stack sessions was added to the Subscriber Accounting Accuracy feature.

                        ISG Accounting—Postpaid

                        Cisco IOS XE Release 2.2

                        ISG accounting provides the means to bill for account or service usage. ISG sends accounting start and accounting stop records for sessions and services to an accounting server for postpaid billing. The accounting server interprets the records to generate bills.

                        ISG Accounting—per-Service Accounting

                        Cisco IOS XE Release 2.4

                        ISG accounting provides the means to bill for account or service usage. ISG accounting uses the RADIUS protocol to facilitate interaction between ISG and an external RADIUS-based AAA or mediation server.

                        ISG Accounting—Tariff Switching

                        Cisco IOS XE Release 2.2

                        ISG accounting provides the means to bill for account or service usage. Where billing rates change at fixed times and sessions are active across the boundary at which the rates change, ISG will provide accounting data to the billing server indicating the boundary.

                        ISG Flow Control—SSO/ISSU

                        Cisco IOS XE Release 3.5S

                        HA support was added for ISG features including ISG accounting.