The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Feature History
|
|
12.2(4)B |
This feature was introduced. |
This document describes the Service Selection Gateway Accounting Update Interval Per Service feature. It includes the following sections:
•Supported Standards, MIBs, and RFCs
•Monitoring and Maintaining SSG Accounting Update Interval Per Service
The Service Selection Gateway (SSG) Accounting Update Interval Per Service feature enhances SSG accounting by allowing users to configure an interim accounting interval for a particular service. Without the SSG Accounting Update Interval Per Service feature, all accounting information is sent simultaneously and accounting information for a particular SSG service cannot be sent at a separate, independent interval.
SSG Accounting sends information such as billing, auditing, and reporting, so the SSG Accounting Update Interval Per Service feature allows for more granular interim accounting interval options for all of these functions.
Allows Accounting by Service
Before the introduction of the SSG Accounting Update Interval Per Service feature, SSG had one accounting interval for all services. Accounting intervals could not be set for an individual service, so monitoring some accounting services individually was problematic. Tasks such as billing by service were difficult because a particular service did not have an independent accounting interval.
With the SSG Accounting Update Interval Per Service feature, accounting can be performed on a particular SSG service when the service provider prefers different accounting intervals for different services.
•Authentication, Authorization, and Accounting (AAA)
•Service Selection Gateway (SSG)
•Cisco IOS Security Guide, Release 12.2
•Cisco IOS Security Command Reference, Release 12.2
•Cisco 6400 series routers
•Cisco 7200 series routers
•Cisco 7401ASR routers
Availability of Cisco IOS Software Images
Platform support for particular Cisco IOS software releases is dependent on the availability of the software images for those platforms. Software images for some platforms may be deferred, delayed, or changed without prior notice. For updated information about platform support and availability of software images for each Cisco IOS software release, refer to the online release notes or Cisco Feature Navigator.
Standards
None
MIBs
None
To obtain lists of supported MIBs by platform and Cisco IOS release, and to download MIB modules, go to the Cisco MIB website on Cisco.com at the following URL:
http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
RFCs
None
The RADIUS server should be configured and operational when using the SSG Accounting Update Interval Per Service feature.
See the following sections for configuration tasks for the SSG Accounting Update Interval Per Service feature. Each task in the list is identified as either required or optional.
•Configuring the SSG Accounting Update Interval Per Service Feature in a RADIUS Service Profile (required)
•Verifying SSG Accounting Update Interval Per Service (optional)
The SSG Accounting Update Interval Per Service feature can be configured in a RADIUS service profile. This service profile will have the following configuration.
Service-Info = "Linterval"
Note A RADIUS service profile can be configured using many authorization methods and the actual configuration steps depend on your selected security method. Therefore, this configuration example only provides the information required to configure an accounting interval in a service profile while not showing the configuration of the profile itself.
For information on authorization methods, see the "Configuring Authorization" section of the Cisco IOS Security Configuration Guide for Release 12.2.
The SSG Accounting Update Interval Per Service feature can also be configured on the router as part of a RADIUS local service profile.
Note If the L option is not defined, the accounting records for a service profile will be sent with all accounting records based on the configuration of the ssg accounting interval command. If the ssg accounting interval command is not set, the accounting records are sent every 600 seconds.
The following command can be entered to verify the SSG Accounting Update Interval Per Service feature:
This section contains the following configuration examples:
•Configuring SSG Accounting Update Interval Per Service in RADIUS Example
•Configuring SSG Accounting Update Interval Per Service on Router Example
•Verifying SSG Accounting Update Interval Per Service Example
In the following example, the interim accounting interval for the RADIUS service profile named proxy_ser is set at 90 using the L90 attribute. The attribute is italicized for emphasis.
user = proxy_ser{
radius=7200-SSG-v1.1 {
check_items= {
2=cisco
}
reply_attributes= {
9,251="TX"
9,251="R139.85.0.0;255.255.0.0"
9,251="S9.2.36.253;1645;1646;cisco;2;0"
9,251="L90"
28=600
}
}
}
In the following example, the local profile cisco.com is configured on the router to send an interim accounting update every 90 seconds:
Router(config)# local-profile cisco.com
Router(config-prof)# attribute 26 9 1 "L90"
In the following example, the interim accounting interval for the RADIUS service profile will be sent every 100 seconds. The configuration is indicated by the following output, which has been italicized for emphasis in the text:
Service Accounting Interval: 100
Router#
show ssg service serv1-proxy
------------------------ ServiceInfo Content -----------------------
Uplink IDB:
Name:serv1-proxy
Type:PROXY
Mode:CONCURRENT
Service Session Timeout:0 seconds
Service Idle Timeout:0 seconds
Service Accounting Interval: 100 seconds
Class Attr:NONE
Authentication Type:CHAP
Reference Count:1
Next Hop Gateway Key:my-key
DNS Server(s):Primary:10.13.1.5
Radius Server:IP=10.13.1.2, authPort=1645, acctPort=1646, secret=my-secret
Included Network Segments:
10.13.0.0/255.255.0.0
Excluded Network Segments:
Full User Name Used
Service Defined Cookie exist
Domain List:service1.com;
Active Connections:
1 :Virtual=255.255.255.255, Subscriber=10.20.10.2
------------------------ End of ServiceInfo Content ----------------
This section documents the attribute command. All other commands used with this feature are documented in the Cisco IOS Release 12.2 command reference publications.
Note The attribute command in this command reference only addresses the attribute command when used with the L attribute. See the SSG Command References document for the complete attribute command reference.
To configure an attribute in a local service profile, use the attribute profile configuration command. Use the no form of this command to delete an attribute from a service profile.
attribute radius-attribute-id [vendor-id] [cisco-vsa-type] "Linterval"
no attribute radius-attribute-id [vendor-id] [cisco-vsa-type] "Linterval"
For the L option: If the L option is not defined, the accounting records for a service profile will be sent with all accounting records based on the configuration of the ssg accounting interval command. If the ssg accounting interval command is not set, the accounting records are sent every 600 seconds.
Profile configuration
|
|
---|---|
12.2(4)B |
The L attribute was introduced. |
Use this command to configure attributes in local service profiles.
To change the SSG accounting interval for a service profile, use the L option in the attribute command.
Interim accounting can be disabled by entering the seconds variable as 0 (for instance, L0). When interim accounting is disabled, the normal accounting stops and starts are still sent.
In the following example, the local profile cisco.com is configured to send an interim accounting update every 90 seconds:
Router(config)# local-profile cisco.com
Router(config-prof)# attribute 26 9 1 "L90"
|
|
---|---|
local-profile |
Configures a local service profile. |
ssg accounting interval |
Specifies the interval at which accounting updates are sent to the server. |