Table Of Contents
Prerequisites for SSG Prepaid Enhancements
Restrictions for SSG Prepaid Enhancements
Information About SSG Prepaid Enhancements
Overview of Service Selection Gateway
Simultaneous Volume- and Time-Based Prepaid Billing
Benefits of SSG Prepaid and SSG Prepaid Enhancements
How to Configure SSG Prepaid Enhancements
Configuring Session ID and Time-Stamp Information
Specifying the AAA Server for SSG Prepaid Authorization
Verifying SSG Prepaid Configuration
Monitoring and Maintaining SSG Prepaid Enhancements
Configuration Examples for SSG Prepaid Enhancements
SSG Prepaid Configuration: Example
SSG Prepaid Enhancements
The Service Selection Gateway (SSG) prepaid enhancements described in this document add support for prepaid tariff switching, postpaid tariff switching, and simultaneous volume- and time-based prepaid billing to the existing SSG Prepaid feature. The SSG Prepaid feature allows SSG to check a subscriber's available credit to determine whether to connect the subscriber to a service and how long any such connection can last.
Feature History for the SSG Prepaid Enhancements Feature
Finding Support Information for Platforms and Cisco IOS Software Images
Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.
Contents
•Prerequisites for SSG Prepaid Enhancements
•Restrictions for SSG Prepaid Enhancements
•Information About SSG Prepaid Enhancements
•How to Configure SSG Prepaid Enhancements
•Configuration Examples for SSG Prepaid Enhancements
Prerequisites for SSG Prepaid Enhancements
•SSG accounting must be enabled in order for the SSG Prepaid enhancements features to be used. SSG accounting is enabled by default. If it has been disabled, enable it by using the ssg accounting command in global configuration mode.
•The SSG Prepaid enhancements features require the authentication, authorization, and accounting (AAA) server to have prepaid billing support.
Restrictions for SSG Prepaid Enhancements
•The volume quota is for combined upstream and downstream traffic.
Information About SSG Prepaid Enhancements
Before you use the SSG Prepaid Enhancements feature, you should understand the following concepts:
•Overview of Service Selection Gateway
•Benefits of SSG Prepaid and SSG Prepaid Enhancements
Overview of Service Selection Gateway
The SSG is a switching solution for service providers that offer intranet, extranet, and Internet connections to subscribers that use broadband access technology such as digital subscriber lines, cable modems, or wireless networks to allow simultaneous access to network services.
SSG works in conjunction with the Cisco Service Selection Dashboard (SSD) or its successor product, the Cisco Subscriber Edge Services Manager (SESM). Together with the SESM or SSD, SSG provides subscriber authentication, service selection, and service connection capabilities to subscribers of Internet services. Subscribers interact with an SESM or SSD web application using a standard Internet browser.
How SSG Prepaid Works
The SSG Prepaid feature allows SSG to check a subscriber's available credit to determine whether to connect the subscriber to a service and, how long any connection can last. The subscriber's credit is administered by the billing server as a series of quotas representing either a duration of use (in seconds) or an allowable data volume (in bytes). A quota is an allotment of available credit.
To obtain the first quota for a connection, SSG submits an authorization request to the AAA server. The AAA server contacts the prepaid billing server, which forwards the quota values to SSG. SSG then monitors the connection to track the quota usage. When the quota runs out, SSG performs reauthorization. During reauthorization, the billing server may provide SSG with an additional quota if there is available credit. If no further quota is provided, SSG logs the user off. The following sections provide more detail about how the SSG prepaid feature and associated enhancements work.
•Simultaneous Volume- and Time-Based Prepaid Billing
Service Authorization
SSG differentiates prepaid services from postpaid services by the presence of the Service Authorization vendor-specific attribute (VSA) in the service profile. The presence of this attribute in the service profile means that SSG must perform authorization before providing access to the service.
Table 1 lists the elements of the Service Authorization VSA.
Once a service has been identified as prepaid, SSG generates an Access-Request packet called a Service Authorization Request. The contents of this new type of Access-Request packet are listed in Table 2.
The prepaid billing server performs authorization based on the same key that was used for authentication. For example, for mobile wireless networks, where the unique key that is used for authentication is the Calling-Station-ID attribute (attribute 31), the quota authorization would also be performed using the Calling-Station-ID attribute.
The AAA server responds to the Service Authorization Request packet with an Access-Accept packet that defines the quota parameters for the connection. The Access-Accept packet for a Service Authorization Request is listed in Table 3. Authorization for a service is provided based on the presence and contents of the Quota VSA in the Access-Accept packet listed in Table 4.
If a nonzero quota is returned in the authorization response, SSG creates a connection to the service using the initial quota value in seconds for time and bytes for volume. A value of zero in a quota means the user has insufficient credit and is not authorized to use that service; no connection is made. If the Quota attribute is not present in the authorization response, SSG treats the connection as postpaid.
The SSG Prepaid Enhancements feature introduces support for simultaneous time- and volume-based prepaid billing. The service authorization response can contain both quota types (for time and volume). That is, the authorization response contains both "QT" and "QV" attributes. SSG starts a quota timer and continuously monitors the connection with respect to volume. When either the volume or quota tokens (a token is a unit of quota) runs out, SSG reauthorizes the connection. The next service authorization request contains the usage on both of these quota types in its response. Note that both of the quota parameters (volume and time) must be nonzero. The functionality can interwork with the prepaid idle-timeout functionality and volume threshold. Table 5 lists the attributes contained in a response to a service authorization request.
In the case of volume quota, instead of the SSG using a single token, two quota tokens can be allocated to accommodate the tariff switching functionality. The dual quota functionality also interworks with the tariff switching functionality. Instead of the presence of QV and QT attributes in the authorization response, QX and QT attributes can be present together in the authorization response. In this case, reauthorization is done whenever the time quota runs out and either of the two volume quota tokens runs out in its respective period. Table 6 lists the attributes contained in a response to a service reauthorization request.
The interworking of idle-timeout and dual-quota functionality with the existing prepaid features is shown in Table 7.
The interworking of dual-quota functionality with tariff switching and idle-timeout is shown in Table 8.
Note In Table 8, QT represents time-based quota, and QX represents quota for prepaid and postpaid tariff switching. TS denotes time of tariff switch, PRE denotes prepaid switch quota, and POST denotes postpaid switch quota. QXTS;PRE;POST represents QX<time of tariff switch>;<prepaid switch quota>;postpaid switch quota>.
If dual quota was allotted in the earlier authorization, the reauthorization request contains both the volume and time attributes. The volume attributes may include the quota for tariff switching (QB) in addition to the volume-based quota (QV) when the connection is made in the post-tariff switch period. The reauthorization reason attribute may be present in the reauthorization request. Table 9 describes the reasons.
Service Reauthorization
During a connection, SSG decrements a volume-based quota until it runs out. If the quota is based on time, the connection is allowed to proceed for the quota duration. When the quota reaches zero, SSG issues a Service Reauthorization Request to the billing server. The Service Reauthorization Request includes an SSG VSA called Quota Used. The Quota Used VSA has the same format as the Quota VSA described in Table 4. The content of the Service Reauthorization Request is listed in Table 10.
If service reauthorization is unsuccessful, the billing server will respond to the Service Reauthorization Request with an Access-Accept packet containing a quota of zero. SSG will terminate the connection to the service at this point. If service reauthorization is successful, the billing server will return another quota to SSG, and the connection will be allowed to continue.
Simultaneous Volume- and Time-Based Prepaid Billing
The simultaneous volume- and time-based prepaid billing feature allows the SSG to provide volume- and time-based prepaid billing on the same service.
Typically this feature is used in a prepaid environment such as a Public Wireless LAN (PWLAN) in an airport lounge or coffee shop.
With simultaneous volume- and time-based prepaid billing, the service provider can bill the subscriber based on volume and time used, and hence be able to charge for any use of the same service. Before this feature was available, a subscriber on a single volume-based service could have a connection open for any length of time without incurring any charge.
The prepaid billing server can now allocate quotas in both time and volume, and SSG is able to monitor the connection on both types. The SSG performs a reauthorization whenever either of these quota types is exhausted.
Prepaid Tariff Switching
Prepaid tariff switching enhances the SSG prepaid capability by allowing changes in tariffs during the lifetime of a connection, thus providing greater flexibility. This feature applies to volume-based prepaid connections where the tariff changes at certain times of the day.
Typically, a service provider would use prepaid tariff switching because they want to be able to offer different tariffs to an end user during the time they are still connected; for example, changing a user to a less expensive tariff during off-peak hours.
When the SSG is monitoring the prepaid connection based on volume, at the tariff switching time, the SSG can switch to the new charging rate. This feature will not affect any existing prepaid functionality, including the idle-timeout feature.
Note The SSG is not involved in computing the billing rate changes that occur at tariff switch points. Billing rate change computations are performed by the prepaid billing server.
SSG supports prepaid tariff switching by using dual quota tokens that correspond to the pretariff switch time period and posttariff switch time-period. The appropriate token is used by SSG during the period in which the service is active.
In order to allow for time-of-day rating changes, the prepaid billing server specifies the tariff change time and the tokens for postswitch and preswitch periods in its authorization response to the SSG.
Note The tariff change time is specified in seconds denoting the number of seconds from the authorization time when a tariff switch needs to happen for prepaid billing.
At the point of tariff switch, SSG does a token switch and starts using the second token for its prepaid connection monitoring purpose. Re-authorization will happen only when either of these tokens gets exhausted and not when a tariff change occurs.
Authorization and Reauthorization Behavior When Prepaid Tariff Switching Occurs
Table 11 describes the behavior of SSG in the various events that occur when prepaid tariff switching takes place.
SSG Prepaid Tariff-Switching VSAs
The VSA shown in Table 12 is used in authorization and reauthorization responses to send quota tokens and the tariff switch time. Table 12 lists the VSA content.
The VSA shown in Table 13 is used in reauthorization requests and accounting packets. This VSA is used in addition to the usual quota volume attribute that indicates the total volume usage in a connection. Table 13 lists the VSA content.
Postpaid Tariff Switching
Postpaid tariff switching enhances the SSG postpaid capability by allowing changes in tariffs during lifetime of a connection, thus providing greater flexibility. This feature applies to volume based postpaid connections where the tariff changes at certain times of the day.
Typically, a service provider would use postpaid tariff switching because they want to be able to offer different tariffs to a subscriber while they are still connected; For example, changing a user to a less expensive tariff during off-peak hours.
To handle tariff switches for postpaid connections, the accounting packets log the usage information during the various tariffs switch intervals. The service profile contains a weekly tariff-switch plan detailing the times of day at which tariff changes occur. The SSG monitors the usage at every tariff-switch point and records this information in the interim accounting records. The billing server monitors all accounting interim updates and obtains the information about the volume of traffic sent at each tariff rate.
Service Profile Definition VSA
The service profile definition is used in the service profile to specify the tariff-switch points. Table 14 lists the VSA content.
The following example shows the configuration of the Service Profile Definition VSA to support a daily fee. The tariff switch will occur each midnight.
SSG Service-Info = "PPW00:00:00:12"The following example show the configuration of the Service Profile Definition VSA to support an off-peak tariff in which a tariff switch occurs Monday through Friday at 8:00 p.m.:
SSG Service-Info = "PPW20:00:00:31"The following example shows the configuration of the Service Profile Definition VSA to support an on-peak tariff in which a tariff switch occurs Monday through Friday at 6:00 a.m.:
SSG Service-Info = "PPW06:00:00:31"The Service Profile Definition VSA is used in accounting packets sent for postpaid connections. This VSA has the same format as the VSA used for prepaid connections involving tariff switching. See Table 13 for details of the SSG prepaid tariff-switching VSA.
Interim Accounting Updates
The interim accounting records contain the cumulative usage information (since start of connection) and the amount of usage after the last tariff-switch time. The accounting stop record contains the total usage information and the volume of traffic sent after the last tariff switch.
Note All accounting interim updates and the accounting stop packets must be processed by the billing server to retrieve the information of usage in the various intervals due to the tariff switch. So the accounting interim update interval must be less than the tariff-switch interval.
The following example illustrates how the accounting interim updates would look in various tariff switch periods and how the billing server has to interpret the records to obtain the individual usages in the various intervals.
Let us consider that a user logged in to the connection at time T0. Let the tariff-switch points in that week be Tx, Ty, and Tz. Let us say that the user logs out at T1.
Accounting records A1 through A5 were sent in the various tariff-switching intervals. All interim accounting records contain the total volume of traffic sent in the connection from start until that point in time. This volume of traffic value is available in the standard accounting attributes and the SSG Accounting VSAs. For records sent after a tariff switch, the tariff-switch VSA indicates usage since the last tariff-switch point.
Accounting record A1 does not contain any tariff-switch VSAs. Accounting record A2 contains a tariff switch VSA to indicate the usage since the last tariff switch point. Note that more than one interim accounting record can be sent in the interval, depending on the accounting interval configured. It is possible to derive the usage in the various intervals even if only one accounting record in an interval was successfully sent. The following sequence shows how the billing server calculates usage in the interval between Tx and Ty.
Record A2 contains total volume (V2) and usage since the last tariff-switch point Tx (T2).
So amount of usage in interval (T0,Tx) represented as V(0,x) = V2 - T2
Record A3 contains total volume (V3) since start of connection, and the last tariff switch point Ty (T3).
So amount of usage in interval (T0,Ty) represented as V(0,y) = V3 - T3.
So amount of usage in interval (Tx,Ty) represented as V(x,y) = V(0,y) - V(0,x)
Note that accounting stop record A5 also contains only the total volume and the usage since the last tariff-switch point and not the usage in the various intervals.
Thus the information in these interim accounting records would enable the service provider to derive the accounting information in the various tariff-switching intervals.
Cookie VSA
The SSG Prepaid Enhancements features introduces the Cookie VSA. The Cookie VSA can be used in a user profile to facilitate both SSG prepaid billing and postpaid billing, or by the billing servers for correlation purposes. Whenever the Cookie VSA is present in a user profile, it is sent in all accounting transactions, including prepaid transactions such as authorization and reauthorization. Table 15 lists the elements in the Cookie VSA.
Table 15 Cookie VSA Elements
Attribute ID Vendor ID Subattribute ID and Type Attribute Name Subattribute Data26
9
250
Account-InfoCookie
V<user-defined cookie>.
Benefits of SSG Prepaid and SSG Prepaid Enhancements
Real-Time Billing
The SSG Prepaid Enhancements feature allows for real-time billing with maximum flexibility, regardless of the type of service and billing scheme. Users can be billed on a flat rate, air-time, or volume basis.
Concurrent Service Access
The SSG prepaid solution can support concurrent service access. SSG services can be configured for concurrent or sequential access. Concurrent access allows users to log in to a service while being connected to other services. Sequential access requires that the user log out from all other services before accessing a service.
Simultaneous Volume- and Time-Based Prepaid Billing
SSG supports rating on both time and volume simultaneously for prepaid services. The prepaid billing server may allocate quotas in both time and volume, and SSG monitors the connection on both these parameters. SSG performs a reauthorization whenever either of these quota types is exhausted.
Prepaid and Postpaid Tariff-Switching
SSG prepaid tariff-switching and postpaid tariff-switching introduce flexibility in SSG billing capabilities by supporting changes in tariffs during the lifetime of a connection.
How to Configure SSG Prepaid Enhancements
The following sections describe configuration, verification, and monitoring tasks for the SSG Prepaid Enhancements features:
•Configuring Session ID and Time-Stamp Information
•Specifying the AAA Server for SSG Prepaid Authorization
•Verifying SSG Prepaid Configuration
•Monitoring and Maintaining SSG Prepaid Enhancements
•SSG Prepaid Configuration: Example
Configuring Session ID and Time-Stamp Information
Perform this task to configure the session ID and time-stamp.
The session ID is configured using RADIUS attribute 44 (Accounting Session ID). The radius-server attribute 44 include-in-access-req command is used to send RADIUS attribute 44 in Access-Request packets before user authentication (including requests for preauthentication). The time-stamp is configured using RADIUS attribute 55 (Event-Timestamp). The radius-server attribute 55 include-in-acct-req command is used to send RADIUS attribute 55 (Event-Timestamp) in accounting packets.
This task configures SSG to provide the prepaid billing server with session ID and time-stamp information.
SUMMARY STEPS
1. enable
2. configure terminal
3. radius-server attribute 44 include-in-access-req
4. radius-server attribute 55 include-in-acct-req
DETAILED STEPS
Specifying the AAA Server for SSG Prepaid Authorization
Perform this task to specify the AAA server group to be used for SSG prepaid authorization.
The AAA server group to be used for SSG prepaid authorization can be specified locally on the router or in the RADIUS service profile. To specify the SSG prepaid server in the RADIUS service profile, use the following attribute:
9,251 = "PZS<serverip addr>authport;acctport;secret;retransmit;timeout;deadtime"
To specify the interim accounting interval in the RADIUS service profile, use the following attribute.
9,251 = "PZI<value>"
This task specifies the SSG prepaid server by using the router's command-line interface (CLI).
Prerequisites
The AAA server group must be configured by the service provider using the aaa group server radius command.
SUMMARY STEPS
1. enable
2. configure terminal
3. ssg enable
4. ssg aaa group prepaid server group
DETAILED STEPS
Verifying SSG Prepaid Configuration
Perform this task to verify the SSG prepaid configuration.
Information about the host's connection to the specified service is displayed using the show ssg connection command. The content of the current configuration file is displayed using the show running-config command.
This task verifies the configuration of SSG prepaid functionality.
SUMMARY STEPS
1. enable
2. configure terminal
3. show ssg connection ip-address service-name [interface]
4. show running-config
DETAILED STEPS
Monitoring and Maintaining SSG Prepaid Enhancements
Perform this task to display debug information about the RADIUS traffic, SSG control events, control packets, and SSG data path packets that can be used to monitor and maintain the SSG prepaid functionality.
This task monitors and maintains SSG prepaid functionality.
SUMMARY STEPS
1. enable
2. debug radius
3. debug ssg ctrl-events
4. debug ssg ctrl-packets
5. debug ssg data
DETAILED STEPS
Configuration Examples for SSG Prepaid Enhancements
This section provides the following configuration example:
•SSG Prepaid Configuration: Example
SSG Prepaid Configuration: Example
The following example shows how to configure RADIUS attributes 44 and 55 to support SSG prepaid billing services:
radius-server attribute 44 include-in-access-reqradius-server attribute 55 include-in-acct-reqAdditional References
The following sections provide references related to the SSG Prepaid Enhancements Feature.
Related Documents
Standards
MIBs
RFCs
Technical Assistance
Command Reference
This section documents only new and modified commands.
show ssg connection
To display the connections of a given host and a service name, use the show ssg connection command in privileged EXEC mode.
show ssg connection ip-address service-name [ip-address]
Syntax Description
Defaults
No default behavior or values
Command Modes
Privileged EXEC
Command History
Examples
Prepaid Service Based on Volume: Example
The following example displays the SSG connection for a prepaid service that uses a volume-based quota:
Router# show ssg connection 192.168.1.1 InstMsg------------------------ConnectionObject Content -----------------------User Name:Owner Host:192.168.1.1Associated Service:InstMsgConnection State:0 (UP)Connection Started since:*00:25:58.000 UTC Tue Oct 23 2001User last activity at:*00:25:59.000 UTC Tue Oct 23 2001Connection Traffic Statistics:Input Bytes = 0, Input packets = 0Output Bytes = 0, Output packets = 0Quota Type = 'VOLUME', Quota Value = 100Session policing disabledPrepaid Service Based on Time: Example
The following example displays the SSG connection for a prepaid service that uses a time-based quota:
Router# show ssg connection 192.168.1.2 Prepaid-internet------------------------ConnectionObject Content -----------------------User Name:HostOwner Host:192.168.1.2Associated Service:Prepaid-internetConnection State:0 (UP)Connection Started since:*00:34:06.000 UTC Tue Oct 23 2001User last activity at:*00:34:07.000 UTC Tue Oct 23 2001Connection Traffic Statistics:Input Bytes = 0, Input packets = 0Output Bytes = 0, Output packets = 0Quota Type = 'TIME', Quota Value = 100Session policing disabledAutologin Service: Example
The following example shows the service connection for the autologin service to host 10.3.6.1:
Router# show ssg connection 192.168.1.3 autologin------------------------ ConnectionObject Content -----------------------User Name:autologinOwner Host:192.168.1.3Associated Service:autologinConnection State:0 (UP)Connection Started since:*20:41:26.000 UTC Fri Jul 27 2001User last activity at:*20:41:26.000 UTC Fri Jul 27 2001Connection Traffic Statistics:Input Bytes = 0 (HI = 0), Input packets = 0Output Bytes = 0 (HI = 0), Output packets = 0Prepaid Time Quota: Example
The following example displays the SSG connection for a prepaid service that uses a time-based quota:
Router# show ssg connection 192.168.1.4 Prepaid_tariff_svc------------------------ConnectionObject Content -----------------------User Name: Prepaid_tariff_hostOwner Host: 192.168.1.4Associated Service: Prepaid_tariff_svcCalling station id:Connection State: 0 (UP)Connection Started since: *22:31:01.000 UTC Wed May 28 2003User last activity at: *22:31:02.000 UTC Wed May 28 2003Connection Traffic Statistics:Input Bytes = 0, Input packets = 0Output Bytes = 0, Output packets = 0Prepaid quota:Quota Type = 'TIME', Quota Value = 120Current state in forwarding path = 'None'Session policing disabledPrepaid Authorize on Traffic: Example
The following example displays the SSG connection for a prepaid service that is currently frozen; that is, the SSG will request reauthorization when it receives the first packet on this connection:
Router# show ssg connection 192.168.1.5 Prepaid_tariff_svc------------------------ConnectionObject Content -----------------------User Name: Prepaid_tariff_hostOwner Host: 192.168.1.5Associated Service: Prepaid_tariff_svcCalling station id:Connection State: 0 (UP)Connection Started since: *22:36:54.000 UTC Wed May 28 2003User last activity at: *22:36:55.000 UTC Wed May 28 2003Connection Traffic Statistics:Input Bytes = 0, Input packets = 0Output Bytes = 0, Output packets = 0Prepaid quota:Quota Type = 'VOLUME', Quota Value = 0Quota Type = 'TIME', Quota Value = 0Timeout Value = 0Current state in forwarding path = 'Wait (Reauthorize on traffic)'Session policing disabledPrepaid Idle Timeout: Example
The following example displays the SSG connection for a prepaid service when the SSG has frozen the connection for a definite period of time (Timeout Value). The SSG will request reauthorization when the timeout value expires. Until then, the SSG either drops the packets or redirects them.
Router# show ssg connection 192.168.1.6 Prepaid_tariff_svc------------------------ConnectionObject Content -----------------------User Name: Prepaid_tariff_hostOwner Host: 192.168.1.6Associated Service: Prepaid_tariff_svcCalling station id:Connection State: 0 (UP)Connection Started since: *22:39:10.000 UTC Wed May 28 2003User last activity at: *22:39:10.000 UTC Wed May 28 2003Connection Traffic Statistics:Input Bytes = 0, Input packets = 0Output Bytes = 0, Output packets = 0Prepaid quota:Quota Type = 'VOLUME', Quota Value = 0Quota Type = 'TIME', Quota Value = 0Timeout Value = 60Current state in forwarding path = 'Drop or redirect traffic'Session policing disabled(Prepaid Volume Quota: Example)
The following example displays the SSG connection for a prepaid service when the connection uses a volume-based quota type only:
Router# show ssg connection 192.168.1.7 Prepaid_tariff_svc------------------------ConnectionObject Content -----------------------User Name: Prepaid_tariff_hostOwner Host: 192.168.1.7Associated Service: Prepaid_tariff_svcCalling station id:Connection State: 0 (UP)Connection Started since: *22:39:10.000 UTC Wed May 28 2003User last activity at: *22:39:11.000 UTC Wed May 28 2003Connection Traffic Statistics:Input Bytes = 0, Input packets = 0Output Bytes = 0, Output packets = 0Prepaid quota:Quota Type = 'VOLUME', Quota Value = 1000Current state in forwarding path = 'Volume'Session policing disabledPrepaid Dual Quota: Example
The following example displays the SSG connection for a prepaid service that has both time and volume quotas simultaneously:
Router# show ssg connection 192.168.1.8 Prepaid_tariff_svc------------------------ConnectionObject Content -----------------------User Name: Prepaid_tariff_hostOwner Host: 192.168.1.8Associated Service: Prepaid_tariff_svcCalling station id:Connection State: 0 (UP)Connection Started since: *22:59:29.000 UTC Wed May 28 2003User last activity at: *22:59:29.000 UTC Wed May 28 2003Connection Traffic Statistics:Input Bytes = 0, Input packets = 0Output Bytes = 0, Output packets = 0Prepaid quota:Quota Type = 'VOLUME', Quota Value = 1100Quota Type = 'TIME', Quota Value = 60Timeout Value = 30Current state in forwarding path = 'Volume'Session policing disabledPrepaid Tariff-Switching Quota: Example
The following example displays the SSG connection for a prepaid service when it has tariff-switching quota available:
Router# show ssg connection 192.168.1.9 Prepaid_tariff_svc------------------------ConnectionObject Content ----------------------- User Name: Prepaid_tariff_host Owner Host: 192.168.1.9 Associated Service: Prepaid_tariff_svc Calling station id: Connection State: 0 (UP) Connection Started since: *23:07:34.000 UTC Wed May 28 2003 User last activity at: *23:07:34.000 UTC Wed May 28 2003 Connection Traffic Statistics:Input Bytes = 0, Input packets = 0Output Bytes = 0, Output packets = 0Prepaid quota:Quota Type = 'VOLUME', Quota Value = 2000Tariff-switch time = 1054163314Quota post tariff-switch = 1500Current state in forwarding path = 'Volume'Session policing disabledPrepaid Tariff-Switch Quota in Posttariff-Switch Period: Example
The following example displays the SSG connection for a prepaid service when the connection is in the posttariff-switch period.
Router# show ssg connection 192.168.1.10 Prepaid_tariff_svc------------------------ConnectionObject Content ----------------------- User Name: Prepaid_tariff_host Owner Host: 192.168.1.10 Associated Service: Prepaid_tariff_svc Calling station id: Connection State: 0 (UP) Connection Started since: *23:07:34.000 UTC Wed May 28 2003 User last activity at: *23:08:07.000 UTC Wed May 28 2003 Connection Traffic Statistics:Input Bytes = 1051, Input packets = 2Output Bytes = 1051, Output packets = 2Prepaid quota:Quota Type = 'VOLUME', Quota Value = 3602Tariff-switch time = 1054163336Volume usage post tariff-switch = 0Current state in forwarding path = 'Volume'Session policing disabledTable 16 describes the significant fields shown in the displays.
Related Commands
Command Descriptionclear ssg connection
Removes the connections of a given host and a service name.
ssg aaa group prepaid
To specify the server group to be used for SSG prepaid authorization, use the ssg aaa group prepaid command in global configuration mode. To remove this specification, use the no form of this command.
ssg aaa group prepaid server-group
no ssg aaa group prepaid server-group
Syntax Description
Defaults
If a server group is not specified by using the ssg aaa group prepaid command, the default RADIUS server configured on the router will be used for SSG prepaid authorization.
Command Modes
Global configuration
Command History
Release Modification12.2(16)B
This command was introduced.
12.3(4)T
This command was integrated into Cisco IOS Release 12.3(4)T.
Usage Guidelines
The ssg aaa group prepaid command allows you to configure a global server for SSG prepaid authorization. Configure the global server group by using the aaa group server radius command. Use the ssg aaa group prepaid command to attach the server group to SSG for SSG prepaid authorization.
Examples
The following example shows a configuration for a global SSG prepaid authorization server:
!aaa group server radius ssg_prepaidserver 10.2.3.4 auth-port 1645 acct-port 1646...ssg aaa group prepaid ssg_prepaid!Related Commands
Command Descriptionaaa group server radius
Groups different RADIUS server hosts into distinct lists and distinct methods.
Glossary
AAA—Authentication, Authorization and Accounting.
Access-Accept—Response packet from the RADIUS server notifying the access server that the user is authenticated. This packet contains the user profile, which defines the specific AAA functions assigned to the user.
Access-Request—Request packet sent to the RADIUS server by the access server requesting authentication of the user.
MS—Mobile Station.
PS—Prepaid server.
PWLAN—Public Wireless LAN.
SESM—Subscriber Edge Services Manager. Successor product to the Cisco SSD. The SESM is part of a Cisco solution that allows subscribers of digital subscriber line (DSL), cable, wireless, and dialup to simultaneously access multiple services provided by different Internet service providers, application service providers, and corporate access servers.
SSD—The Service Selection Dashboard (SSD) server is a customizable Web-based application that works with the Cisco SSG to allow end customers to log into and disconnect from proxy and pass-through services through a standard Web browser.
SSG—Service Selection Gateway.
VSA—Vendor-Specific Attribute. An attribute that has been implemented by a particular vendor. It uses the attribute Vendor-Specific to encapsulate the resulting attribute-value (AV) pair.
Note Refer to Internetworking Terms and Acronyms for terms not included in this glossary.
Copyright © 2003 Cisco Systems, Inc. All rights reserved.