Guest

Cisco IOS Software Releases 12.2 Special and Early Deployments

SSG Service Profile Caching

  • Viewing Options

  • PDF (272.7 KB)
  • Feedback
SSG Service Profile Caching

Table Of Contents

SSG Service Profile Caching

Contents

Prerequisites for SSG Service Profile Caching

Information About SSG Service Profile Caching

How SSG Service Profile Caching Works

Benefits of SSG Service Profile Caching

How to Configure SSG Service Profile Caching

Enabling SSG Service Profile Caching

Changing the SSG Service Profile Caching Refresh Interval

Refreshing the SSG Service Profile Cache Manually

Verifying SSG Service Profile Caching

How to Monitor and Maintain SSG Service Profile Caching

Configuration Examples for SSG Service Profile Caching

Enabling SSG Service Profile Caching: Example

Changing the SSG Service Profile Cache Refresh Interval: Example

Refreshing the SSG Service Profile Cache Manually: Example

Verifying SSG Service Profile Caching and Refresh: Example

Additional References

Related Documents

Standards

MIBs

RFCs

Technical Assistance

Command Reference

ssg service-cache

ssg service-cache refresh


SSG Service Profile Caching


The SSG Service Profile Caching feature enhances the authentication process for Service Selection Gateway services by allowing users to authenticate a service using the service profile cached in SSG.

When SSG Service Profile Caching is not enabled, an authentication, authorization, and accounting (AAA) transaction is required to download a service profile each time an SSG subscriber logs onto the service. The other SSG subscribers already logged onto the service also have their service parameters automatically refreshed as a result of this AAA transaction. In many cases, this automatic refresh causes unnecessary traffic in SSG and on the AAA server.

Release
Modification

12.2(15)B

This feature was introduced.

12.3(4)T

This feature was integrated into Cisco IOS Release 12.3(4)T


Feature History for the SSG Service Profile Caching Feature

Finding Support Information for Platforms and Cisco IOS Software Images

Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.

Contents

Prerequisites for SSG Service Profile Caching

Information About SSG Service Profile Caching

Information About SSG Service Profile Caching

How to Configure SSG Service Profile Caching

Configuration Examples for SSG Service Profile Caching

Additional References

Command Reference

Prerequisites for SSG Service Profile Caching

SSG must be configured. For a list of prerequisites for SSG, see the "Prerequisites" section of the Service Selection Gateway document.

Information About SSG Service Profile Caching

To configure SSG Service Profile Caching, you should understand the following concepts:

How SSG Service Profile Caching Works

Benefits of SSG Service Profile Caching

How SSG Service Profile Caching Works

The SSG Service Profile Caching feature creates a cache of service profiles in SSG. A service profile is downloaded from the AAA server and then stored in the SSG service profile cache as a Service-Info object. Subsequent SSG subscribers hoping to use that service are authorized by the SSG service profile cache, provided that the service profile remains in the cache.

To ensure that the service profiles in the SSG service profile cache are regularly updated, the SSG service profile cache automatically refreshes the service profiles by downloading the service profiles from the AAA server at user-configured intervals (the default is every 120 minutes). SSG service profile caches can also be refreshed at any time by user action. Service profiles that are not being used by any SSG subscriber are removed from the SSG service profile cache.

Benefits of SSG Service Profile Caching

Additional AAA Server Resources

SSG service profile caching significantly reduces the number of SSG transactions with the AAA server, thereby freeing the AAA server from processing these transactions and freeing AAA server resources for other purposes.

Additional Bandwidth for SSG and the AAA Server

Because the SSG Service Profile Caching feature eliminates traffic used for authorizing users for service logon from the AAA server, additional bandwidth for SSG and the AAA server is available.

How to Configure SSG Service Profile Caching

This section contains the following procedures:

Enabling SSG Service Profile Caching

Changing the SSG Service Profile Caching Refresh Interval

Refreshing the SSG Service Profile Cache Manually

Verifying SSG Service Profile Caching and Refresh: Example

Enabling SSG Service Profile Caching

SSG service profile caching is enabled by default. If SSG service profile caching has been disabled, it can be re-enabled using the commands described in this section.

SUMMARY STEPS

1. enable

2. configure terminal

3. use the ssg service-cache command

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables higher privilege levels, such as privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

ssg service-cache

Example:

Router(config)# ssg service-cache

Enables caching of service profiles.

Upon entering the command, all service profiles currently being used by SSG are cached in SSG.

SSG service profiles are cached by default, so this command must be entered only if service profile caching has been disabled and has to be re-enabled.

Changing the SSG Service Profile Caching Refresh Interval

An SSG service profile refreshes by getting the service profile in the SSG service profile cache from the AAA server. The SSG service profile cache has a default refresh interval of 120 minutes. Use the commands in this section to change the refresh interval.

SUMMARY STEPS

1. enable

2. configure terminal

3. ssg service-cache refresh-interval minutes

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables higher privilege levels, such as privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

ssg service-cache refresh-interval minutes

Example:

Router(config)# ssg service-cache refresh-interval 160

Changes the refresh interval of the SSG service profile cache.

The refresh interval is expressed in minutes. The refresh interval can be configured at any one-minute interval between 10 minutes and 34,560 minutes (24 days).

The default refresh interval is 120 minutes.

Refreshing the SSG Service Profile Cache Manually

An SSG service profile refreshes by getting the service profile from the AAA server. The SSG service profile cache can be refreshed manually at any time by entering the command in this section.

SUMMARY STEPS

1. enable

2. configure terminal

3. ssg service-cache refresh [service-name | all]

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables higher privilege levels, such as privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

ssg service-cache refresh [service-name | all]

Example:

Router> ssg service-cache refresh service1

Causes the SSG service profile cache to be refreshed.

The service-name variable specifies a specific SSG service profile in the service profile cache to refresh. The all option specifies that all service profiles in the service profile cache be refreshed.

Verifying SSG Service Profile Caching

Use the commands in this section to verify the SSG Service Profile Caching feature.

SUMMARY STEPS

4. show ssg service service-name

5. show running-config

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

show ssg service service-name

Example:

Router> show ssg service service1

Displays various information about an SSG service, including the time remaining for the specified service to refresh.

Step 2 

show running-config

Example:

Router# show running-config

Displays the running configuration.

If no SSG service profile caching information is show in the running configuration output, SSG service profile caching is enabled since it is on by default. If SSG service profile caching has been disabled, the no ssg service-cache command should be visible in the show running-config output.

How to Monitor and Maintain SSG Service Profile Caching

The command in this section can be used to monitor information relevant to the SSG Service Profile Caching feature.

SUMMARY STEPS

1. use the show ssg service command

2. use the show ssg service service-name command

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

show ssg service

Example:

Router> show ssg service

Displays which services are currently being used by SSG and are, therefore, part of the SSG service profile cache if SSG service profile caching is enabled.

Step 2 

show ssg service service-name

Example:

Router> show ssg service service1

Displays various information about an SSG service, including the time remaining for the specified service to refresh.

Configuration Examples for SSG Service Profile Caching

Enabling SSG Service Profile Caching: Example

Changing the SSG Service Profile Cache Refresh Interval: Example

Refreshing the SSG Service Profile Cache Manually: Example

Verifying SSG Service Profile Caching and Refresh: Example

Enabling SSG Service Profile Caching: Example

In the following example, the caching of SSG service profiles is enabled:

Router(config)# ssg service-cache enable

Changing the SSG Service Profile Cache Refresh Interval: Example

In the following example, the SSG service profile cache will refresh by getting all of the service profiles in the SSG service profile cache from the AAA server every 240 minutes:

Router(config)# ssg service-cache refresh-interval 240

Refreshing the SSG Service Profile Cache Manually: Example

Refreshing All SSG Service Profiles

In the following example, all of the service profiles in the SSG service profile cache will be retrieved from the AAA server and will replace the service profiles in the SSG service profile cache:

Router# ssg service-cache refresh all

Refreshing a Specific SSG Service Profile

In the following example, service profile service1 will be retrieved from the AAA server and will replace the current service1 profile in the SSG service profile cache:

Router# ssg service-cache refresh service1

Verifying SSG Service Profile Caching and Refresh: Example

The show ssg service command is used to verify SSG service profile caching and the time remaining until the next SSG service profile cache refresh. The "Service Refresh timeleft" output shows how much time remains until the next SSG service profile cache refresh. If this field is not displayed in the show ssg service output, SSG service profile caching is not enabled.

Router# show ssg service passthru0 
------------------------ ServiceInfo Content ----------------------- 
Uplink IDB:Ethernet2/2 gw:0.0.0.0 
Name:passthru0 
Type:PASS-THROUGH 
Mode:CONCURRENT 
Service Session Timeout:0 seconds 
Service Idle Timeout:0 seconds 
Service refresh timeleft:57 minutes
<cut>

Additional References

The following sections provide references related to the SSG Service Profile Caching feature.

Related Documents

Related Topic
Document Title

SSG commands

Cisco IOS Wide-Area Networking Command Reference, Release 12.3 T

SSG configuration tasks

Service Selection Gateway, 12.3(4)T new-feature document

Service Selection Gateway Accounting Update Interval per Service, 12.2(13)T new-feature document

Service Selection Gateway Hierarchical Policing, 12.2(13)T new-feature document

SSG AutoDomain, 12.2(13)T new-feature document

SSG Autologoff Enhancement, 12.3(4)T new-feature document

SSG Autologon Using Proxy Radius, 12.2(13)T new-feature document

SSG Autologoff, 12.2(13)T new-feature document

SSG Proxy for CDMA2000, 12.3(4)T new-feature document

SSG Direction Configuration for Interfaces and Ranges, 12.3(4)T new-feature document

SSG EAP Transparency, 12.3(4)T new-feature document

SSG L2TP Dial-Out, 12.3(4)T new-feature document

SSG Open Garden, 12.2(13)T new-feature document

SSG Port-Bundle Host Key, 12.2(13)T new-feature document

SSG Prepaid, 12.2(13)T new-feature document

SSG Prepaid Idle Timeout, 12.3(4)T new-feature document

SSG Service Profile Caching, 12.3(4)T new-feature document

SSG Suppression of Unused Accounting Records, 12.3(4)T new-feature document

SSG TCP Redirect for Services, 12.2(13)T new-feature document

SSG Unconfig, 12.3(4)T new-feature document

SSG Unique Session ID, 12.3(4)T new-feature document

SESM

Cisco Subscriber Edge Services Manager and Subscriber Policy Engine Installation and Configuration Guide

Cisco Service Selection Dashboard Installation and Configuration Guide

Cisco Service Selection Dashboard Web Developer Guide

RADIUS commands

Cisco IOS Security Command Reference, Release 12.3 T

RADIUS configuration tasks

Cisco IOS Security Configuration Guide


Standards

Standards
Title

No new or modified standards are supported by this feature. Support for existing standards has not been modified by this feature.


MIBs

MIBs
MIBs Link

No new or modified MIBs are supported by this feature. Support for existing MIBs has not been modified by this feature.

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs


RFCs

RFCs
Title

No new or modified RFCs are supported by this feature. Support for existing RFCs has not been modified by this feature.


Technical Assistance

Description
Link

Technical Assistance Center (TAC) home page, containing 30,000 pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.

http://www.cisco.com/public/support/tac/home.shtml


Command Reference

This section documents new commands. All other commands used with this feature are documented in the Cisco IOS Release 12.3 T command reference publications.

ssg service-cache

ssg service-cache refresh

ssg service-cache

To enable the SSG Service Profile Caching feature, or to change the refresh interval for services in the service profile cache, use the ssg service-cache command in global configuration mode. To disable Service Selection Gateway (SSG) service profile caching, use the no form of this command.

ssg service-cache [refresh-interval minutes]

no ssg service-cache [refresh-interval minutes]

Syntax Description

refresh-interval

(Optional) Changes the refresh rate for the SSG service profile cache. An SSG service profile refreshes by getting the service profile from the AAA server.

If the refresh-interval argument is not entered, the default refresh rate of every 120 minutes is used.

minutes

(Optional) Specifies how often, in minutes, the service profiles in the SSG service profile cache will be refreshed. For instance, if the minutes option is set as 180, the SSG service profile cache will check the AAA server for the service profiles in the cache every 180 minutes. The refresh interval can be configured at any one-minute interval between 10 minutes and 34,560 minutes (24 days). The default is every 120 minutes.


Defaults

SSG service profile caching is enabled by default.

The default refresh interval for the SSG service profile cache is every 120 minutes.

Command Modes

Global configuration

Command History

Release
Modification

12.2(15)B

This command was introduced.

12.3(4)T

This command was integrated into Cisco IOS Release 12.3(4)T.


Usage Guidelines

The ssg service-cache command is used to enable SSG service profile caching. A refresh interval does not have to be specified (the default of 120 minutes will be used if no refresh interval is configured).

This command enhances the authentication process for SSG service logon by allowing users to authorize to a service using a service profile cached in SSG instead of downloading the service profile from the AAA server.

When this command is entered, all of the service profiles currently in use in SSG are immediately cached.

Examples

In the following example, SSG service profile caching is enabled:

Router(config)# ssg service-cache enable

In the following example, the service profiles in the SSG service profile cache will be updated from the AAA server every 240 minutes:

Router# configure terminal

Router(config)# ssg service-cache refresh-interval 240

Related Commands

Command
Description

show ssg service

Displays services that are currently being used by SSG and are, therefore, part of the SSG service profile cache if SSG Service Profile Caching is enabled.

show ssg service

Displays various information about an SSG service, including the time remaining for the specified service to refresh.

ssg service-cache refresh

Manually updates the SSG service profile cache with the service profiles available on the AAA server.


ssg service-cache refresh

To trigger an update the Service Selection Gateway service profile cache with the service profiles available on the AAA server, use the ssg service-cache refresh command in privileged EXEC mode.

ssg service-cache refresh [service-name | all]

no ssg service-cache refresh [service-name | all]

Syntax Description

service-name

(Required to refresh one SSG service profile in the SSG service profile cache.) Specifies that a specific service should be refreshed.

all

(Required to refresh all SSG profiles in the SSG profile cache.) Specifies that all of the service profiles in the SSG service profile cache should be refreshed.


Defaults

The SSG service profile cache, if enabled, is refreshed at intervals based on the ssg service-cache refresh-interval configuration. If an ssg service-cache refresh-interval is not specified, the default refresh rate is every 120 minutes.

Command Modes

Privileged EXEC

Command History

Release
Modification

12.2(15)B

This command was introduced.

12.3(4)T

This command was integrated into Cisco IOS Release 12.3(4)T.


Usage Guidelines

This command is used to refresh the profiles in the SSG service profile cache manually from the AAA server. The service profiles in the SSG service profile cache are automatically refreshed with the profiles from the AAA server at user-configurable intervals using the ssg service-cache refresh-interval command. The user can trigger a refresh at any time by issuing this command.

If an SSG service cache refresh fails for any reason (for instance, the AAA server is unreachable or down), the service profile caching for that service is disabled. Once a user is able to download the service successfully, caching for the service begins again.

Examples

In the following example, all of the service profiles in the SSG service profile cache will be retrieved from the AAA server and will replace the service profiles in the SSG service profile cache:

Router# ssg service-cache refresh all

In the following example, service profile service1 will be retrieved from the AAA server and will replace the current service1 profile in the SSG service profile cache:

Router# ssg service-cache refresh service1

Related Commands

Command
Description

ssg service-cache

Enables SSG service profile caching.