Guest

Cisco IOS Software Releases 12.2 Special and Early Deployments

SSG Unconfig

  • Viewing Options

  • PDF (285.3 KB)
  • Feedback
SSG Unconfig

Table Of Contents

SSG Unconfig

Feature Overview

Overview of SSG

SSG Unconfig

System Resource Cleanup When SSG Is Unconfigured

Restrictions

Related Documents

Supported Platforms

Supported Standards, MIBs, and RFCs

Prerequisites

Configuration Tasks

Unconfiguring SSG and Releasing System Resources

Removing SSG Host Objects

Removing SSG Service Objects

Verifying SSG Unconfig

Troubleshooting Tips

Monitoring and Maintaining SSG Unconfig

Configuration Examples

Unconfiguring SSG and Releasing System Resources Example

Removing All Host Objects Example

Removing a Range of Host Objects Example

Removing Host Objects Associated with an Interface Example

Removing an SSG Service Object Example

Command Reference

clear ssg host

clear ssg service

show ssg host

ssg enable


SSG Unconfig


Feature History

Release
Modification

12.2(15)B

This feature was introduced on the Cisco 6400 series, Cisco 7200 series, and Cisco 7401ASR.

12.3(4)T

This feature was integrated into Cisco IOS Release 12.3(4)T.


This document describes the SSG Unconfig feature in Cisco IOS Releases 12.2(15)B and 12.3(4)T and includes the following sections:

Feature Overview

Supported Platforms

Supported Standards, MIBs, and RFCs

Prerequisites

Configuration Tasks

Monitoring and Maintaining SSG Unconfig

Configuration Examples

Command Reference

Feature Overview

Overview of SSG

Service Selection Gateway (SSG) is a switching solution for service providers who offer intranet, extranet, and Internet connections to subscribers using broadband access technology such as digital subscriber lines (DSL), cable modems, or wireless to allow simultaneous access to network services.

SSG Unconfig

The SSG Unconfig feature enhances your ability to disable SSG at any time and releases the data structures and system resources created by SSG when SSG is unconfigured.

The SSG Unconfig feature enhances several Cisco IOS commands to delete all host objects and to delete a range of host objects. You can also delete all service objects or connection objects. The show ssg host command has been enhanced to display information about an interface and its IP address when host-key mode is enabled on that interface.

System Resource Cleanup When SSG Is Unconfigured

When you enable SSG, the SSG subsystem in Cisco IOS software acquires system resources that are never released, even after you disable SSG. The SSG Unconfig feature enables you to release and clean up system resources when SSG is not in use by entering the no ssg enable force-cleanup command.

Restrictions

Because the SSG Unconfig feature clears all SSG resources on the system, you should enter the no ssg enable force-cleanup command only when all users are logged out and there is no need to run SSG features on the router.

Related Documents

Cisco IOS Voice, Video, and Fax Command Reference, Release 12.2

Cisco IOS Voice, Video, and Fax Configuration Guide, Release 12.2

Cisco Subscriber Edge Services Manager and Subscriber Policy Engine Installation and Configuration Guide

Service Selection Gateway

SSG Accounting Update Interval per Service

SSG Autodomain

SSG Autologoff

SSG Autologoff Enhancement

SSG AutoLogin Using Proxy RADIUS

SSG Hierarchical Policing

SSG L2TP Dialout

SSG Open Garden

SSG Prepaid

SSG Prepaid Idle Timeout

SSG Proxy for CDMA2000

SSG Port-Bundle Host Key

SSG Service Profile Caching

SSG TCP Redirect for Services

Supported Platforms

Finding Support Information for Platforms and Cisco IOS Software Images

Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.

Supported Standards, MIBs, and RFCs

Standards

No new or modified standards are supported by this feature.

MIBs

No new or modified MIBs are supported by this feature.

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs

RFCs

No new or modified RFCs are supported by this feature.

Prerequisites

SSG must be enabled by using the ssg enable command before SSG Unconfig can be configured.

Configuration Tasks

See the following sections for configuration tasks for the SSG Unconfig feature. Each task in the list is optional.

Unconfiguring SSG and Releasing System Resources

Removing SSG Host Objects

Removing SSG Service Objects

Unconfiguring SSG and Releasing System Resources

To unconfigure SSG and release the system resources that SSG had acquired, enter the following command in global configuration mode:

Command
Purpose

Router(config)# no ssg enable force-cleanup

Disables SSG, removes SSG feature configuration, and removes all SSG host, service, and connection objects.

Removing SSG Host Objects

To remove one or more SSG host objects, enter one of the following commands in privileged EXEC mode:

Command
Purpose

Router# clear ssg host {all | range {start-ip-address end-ip-address}}

or

Router# clear ssg host {all | ip-address | range {start-ip-address end-ip-address [interface]}}

When SSG host key functionality is not enabled, removes all host objects or host objects specified by a range of IP addresses.

When SSG host key functionality is enabled, removes all host objects, a host object specified by an IP address, or host objects specified by a range of IP addresses. You can also specify the downlink interface through which the subscriber is connected.


Note To enable the SSG port-bundle host key, enter the ssg port-map enable command in global configuration mode. For more information, refer to the SSG Port-Bundle Host Key document.


Removing SSG Service Objects

To remove one or more SSG service objects, enter the following command in privileged EXEC mode:

Command
Purpose

Router# clear ssg service {service-name | all}

Removes one or all service objects and all associated connection objects.

Verifying SSG Unconfig

To verify the unconfiguration of SSG and the removal of SSG host and service objects, follow the steps below:


Step 1 Enter the show running-config command in privileged EXEC mode. No ssg commands should appear in the running configuration.

Step 2 Enter the show processes memory command with modifier include SSG in EXEC mode. You must type the vertical bar (|). There should be no processes running for SSG.

Router# show processes memory | include SSG
Router#

No output appears if no SSG processes are running.

Step 3 Try to reenable SSG again one to five minutes (depending on the number of host and service objects currently active on the SSG) after starting SSG Unconfig. If SSG Unconfig has been successful, SSG will be reenabled. If SSG Unconfig is still in process, the following error message appears:

Router(config)# ssg enable
SSG is unconfiguring!! Give this command again.

Troubleshooting Tips

Enter the show commands detailed in the "Verifying SSG Unconfig" section to confirm that SSG unconfiguration has been completed, all host and service objects have been removed, and SSG system processes have been disabled.

Monitoring and Maintaining SSG Unconfig

Command
Purpose

Router# show memory processes | include ssg

Displays the amount of memory used per system process and information about memory leaks.

If there are no memory leaks, output for the command should be NULL.

You must type the vertical bar (|).

Router# show ssg host [ip-address [interface] | count | username | interface]

Displays information about a subscriber and the current connections of the subscriber. Entering the count keyword displays a count of all active and inactive host objects. Entering the username keyword displays the host IP addresses and usernames.


Configuration Examples

This section provides the following configuration examples:

Unconfiguring SSG and Releasing System Resources Example

Removing All Host Objects Example

Removing a Range of Host Objects Example

Removing Host Objects Associated with an Interface Example

Removing an SSG Service Object Example

Unconfiguring SSG and Releasing System Resources Example

The following example shows how to disable SSG, remove SSG commands from the running configuration, and remove all SSG host, service, and connection objects:

Router(config)# no ssg enable force-cleanup


04:35:02: Delete all active host objects. It may take some time, please wait.

04:35:-02: ssg_unconfig_proc: UNCONFIGURATION COMPLETE

Removing All Host Objects Example

The following example shows how to remove all host objects and then verify that a specified host object has been removed:

Router# clear ssg host all

Router# show ssg host


--### Active HostObject Count:0

Removing a Range of Host Objects Example

The following example shows how to remove a range of host objects:

Router# clear ssg host range 10.0.0.2 10.0.0.20
Router# show ssg host

##Total HostObject Count:0

Removing Host Objects Associated with an Interface Example

The following example shows how to remove all host objects associated with a downlink interface and then verify that all host objects on that interface have been removed:

Router(config)# clear ssg host range 0.0.0.0 255.255.255.255 FastEthernet0/1

Router# show ssg host FastEthernet0/1


##Total HostObject Count:0

Removing an SSG Service Object Example

The following example shows how to remove an SSG service object called "myservice" and to verify removal of "myservice":

Router# show ssg service myservice

1:proxy_ser

### Total ServiceInfoObject Count:1

Router# clear ssg service myservice
Router# show ssg service

### Total ServiceInfoObject Count:0

Command Reference

This section documents new and modified commands. All other commands used with this feature are documented in the Cisco IOS Release 12.3 T command reference publications.

clear ssg host

clear ssg service

show ssg host

ssg enable

clear ssg host

To remove a host object or a range of host objects, use the clear ssg host command in privileged EXEC mode. The command syntax of the clear ssg host command depends on whether the SSG port-bundle host key is enabled with the ssg port-map enable global configuration command.

SSG Host Key Is Not Enabled

clear ssg host {all | range {start-ip-address end-ip-address}}

SSG Host Key Is Enabled

clear ssg host {all | ip-address | range [start-ip-address end-ip-address [interface]]}

Syntax Description

all

Clears all SSG host objects.

ip-address

Clears the specified SSG host object. This option is available only when SSG host key functionality is enabled.

range

Clears a specified range of SSG host objects.

start-ip-address

Host IP address. This argument specifies the beginning of an IP address range if you follow it with an end-ip-address value.

end-ip-address

(Optional) Host IP address that is used with the ip-address argument to specify a range of host objects.

interface

(Optional) SSG downlink interface through which the host or subscriber is connected, such as ATM, Fast Ethernet, or Virtual-Access. For more information, use the question mark (?) online help function.


Command Modes

Privileged EXEC

Command History

Release
Modification

12.0(3)DC

This command was introduced on the Cisco 6400 node route processor.

12.2(2)B

The interface argument was added for the SSG Host Key feature.

12.2(8)T

This command was integrated into Cisco IOS Release 12.2(8)T.

12.2(15)B

This command was modified by the introduction of

Syntax dependence on SSG host key

The start-ip-address and end-ip-address arguments

The all keyword

12.3(4)T

The modifications made in release 12.2(15)B were integrated into Cisco IOS Release 12.3(4)T.


Usage Guidelines

Use this command to remove one, all, or a range of SSG host objects. You can specify the host objects to remove by entering the host IP addresses or the SSG downlink interface through which the subscriber is connected.


Note The system deletes the specified host objects that exist at the time that you enter this command. The system may not delete host objects that are created after you enter the command or while the system is executing the command. Enter the show ssg host command to confirm that all specified host objects have been deleted.


You can specify the SSG downlink interface only when the SSG Host Key feature is enabled. To enable the host key, enter the ssg port-map enable command in global configuration mode. To disable the host key, enter the no ssg port-map enable command.


Note The ssg port-map enable command does not take effect until after the router is reloaded.


Examples

SSG Port-Bundle Host Key Is Not Enabled

The following example shows how to delete host objects for a range of IP addresses:

Router# clear ssg host range 10.0.0.2 10.0.0.20

The following example shows how to delete all host objects:

Router# clear ssg host all

SSG Port-Bundle Host Key Is Enabled

The following example shows how to delete all host objects:

Router# clear ssg host all

The following example shows how to delete all host objects for subscribers connected through IP address 10.0.0.2:

Router# clear ssg host 10.0.0.2

The following example shows how to delete host objects for a specific range of IP addresses:

Router# clear ssg host range 10.0.0.2 10.0.0.20

The following example shows how to delete host objects for a specific IP address range and interface:

Router# clear ssg host range 10.0.0.2 10.0.0.20 FastEthernet 0/0

Related Commands

Command
Description

show ssg host

Displays information about a subscriber and current connections of the subscriber.

ssg port-map enable

Enables the SSG port-bundle host key.


clear ssg service

To remove a service object and all connection objects of the service, use the clear ssg service command in privileged EXEC mode.

clear ssg service {service-name | all}

Syntax Description

service-name

Service name.

all

Clears all service objects.


Command Modes

Privileged EXEC

Command History

Release
Modification

12.0(3)DC

This command was introduced on the Cisco 6400 node route processor.

12.2(4)B

This command was integrated into Cisco IOS Release 12.2(4)B.

12.2(8)T

This command was integrated into Cisco IOS Release 12.2(8)T.

12.2(15)B

The all keyword was added.

12.3(4)T

The all keyword was integrated into Cisco IOS Release 12.3(4)T.


Usage Guidelines

Use this command to remove one or all service objects and all connection objects of the services.


Note When you use the all keyword, the system deletes all service objects that exist at the time that you enter this command. The system may not delete service objects that are created after you enter the command or while the system is executing the command. Enter the show ssg service command to confirm that all service objects have been deleted.


Examples

The following example show how to remove all service objects and connections:

Router# clear ssg service all

The following example shows how to remove a service called "Perftest":

Router# clear ssg service Perftest

Related Commands

Command
Description

show ssg binding

Displays service names that have been bound to interfaces and the interfaces to which they have been bound.

show ssg service

Displays the information for a service.

ssg bind service

Specifies the interface for a service.


show ssg host

To display information about a subscriber and the current connections of the subscriber, use the show ssg host command in privileged EXEC mode. The command syntax of the show ssg host command depends on whether the SSG port-bundle host key is enabled with the ssg port-map global configuration command.

SSG Port-Bundle Host Key Is Not Enabled

show ssg host [ip-address | count | username]

SSG Port-Bundle Host Key Is Enabled

show ssg host [ip-address | count | username] [interface [username]]

Syntax Description

ip-address

(Optional) Host IP address.

count

(Optional) Displays host object count, including inactive hosts.

username

(Optional) Displays all host usernames and IP addresses.

interface

(Optional) Downlink interface through which the host or subscriber is connected, such as ATM, Fast Ethernet, or Virtual-Access. For more information, use the question mark (?) online Help function.


Defaults

If no argument is provided, all current connections are displayed.

Command Modes

Privileged EXEC

Command History

Release
Modification

12.0(3)DC

This command was introduced on the Cisco 6400 Node Route Processor (NRP).

12.2(2)B

The interface argument was added.

12.2(8)T

This command was integrated into Cisco IOS Release 12.2(8)T.

12.2(15)B

This command was modified:

Introduced syntax dependence on SSG host key

Introduced count keyword

12.3(4)T

The modifications made in Release 12.2(15)B were integrated into Cisco IOS Release 12.3(4)T.


Usage Guidelines

You can specify the SSG downlink interface only when the SSG Host Key feature is enabled. To enable the host key, enter the ssg port-map command in global configuration mode. To disable the host key, enter the no ssg port-map command.


Note The ssg port-map command does not take effect until after the router is reloaded.


Examples

The following example shows all active hosts:

Router# show ssg host 

1:10.3.1.1         [Host-Key 70.13.60.3:64]
2:10.3.6.1         [Host-Key 70.13.60.3:65] 

### Active HostObject Count:2

The following example shows information about host 10.3.1.1:

Router# show ssg host 10.3.1.1 

------------------------ HostObject Content -----------------------
Activated:TRUE
Interface:Virtual-Access1
User Name:pppoauser
Host IP:10.3.1.1
Msg IP:0.0.0.0 (0)
Host DNS IP:0.0.0.0
Maximum Session Timeout:0 seconds
Host Idle Timeout:0 seconds
Class Attr:NONE
User logged on since:*20:59:51.000 UTC Fri Jul 27 2001
User last activity at:*20:59:51.000 UTC Fri Jul 27 2001
Default Service:NONE
DNS Default Service:NONE
Active Services:autologon;
AutoService:autologon;
Subscribed Services:

The following example shows two host objects with the same IP address:

Router# show ssg host 10.3.1.1 

SSG:Overlapping hosts for IP 10.3.1.1 at interfaces:FastEthernet0/0/0
Virtual-Access1

In this case, use the interface argument to uniquely identify the host:

Router# show ssg host 10.3.1.1 FastEthernet0/0/0 

Note that the output produced by this command is the same as that produced by the command without the interface argument. The interface argument is used only to uniquely identify a host when there are overlapping host IP addresses.

The following example shows the usernames logged in to the active hosts:

Router# show ssg host username 

   1:10.3.1.1        (active) Host name:pppoauser
   2:10.3.6.1        (active) Host name:ssguser2

### Total HostObject Count(including inactive hosts):2

Table 1 describes the significant fields shown in the display.

Table 1 show ssg host Field Descriptions 

Field
Description

Activated:

State of host object. Can be activated or inactivated.

Activated—IP address has been assigned to the host and host object was created successfully

Inactivated— A host is inactivated in the following situations:

When SSG, acting as a RADIUS proxy, is waiting for the IP address of the host, the host object is created but the state is inactive.

If a host that is using PPP logs off from SSG, but the virtual-access interface of that PPP host is still up, SSG moves the host object to the inactivated state.

Interface:

The interface on the SSG device from where the SSG host is routable.

User Name:

Username that is used to authenticate the host at the AAA server.

Host IP:

IP address assigned to host object.

Msg IP:

IP address of the messaging server. A messaging server notifies SSG of events such as the logging off of a host, an idle-timeout expiration, and a session-timeout expiration. The default messaging server is SESM.

Host DNS IP:

IP address of the DNS server of the host. This server will be used only if DNS queries cannot be forwarded to a DNS server for the services that are subscribed to by the host

Maximum Session Timeout:

Session timeout value (RADIUS attribute 27) defined in the user profile. The session timeout value is the amount of time for which the user will stay active after logging on. After this timer expires, the host object is deleted.

Host Idle Timeout:

Maximum amount of time that a host can stay idle (not forwarding any traffic before the host is deleted from SSG.

Class Attr:

Class attribute (RADIUS attribute 25) defined in the user profile. The class attribute is sent in all host accounting records. This attribute is used by some accounting servers.

User logged on since:

Time that the user logged on to SSG.

User last activity at:

Last time the user forwarded traffic via SSG.

Default Service:

This field is not currently supported.

DNS Default Service:

This field is not currently supported.

Active Services:

List of services to which the host has logged on.

AutoService:

List of services that the host logged on to at the time of SSG host log-on. These services are defined in the user profile, and the user can access these services after logging onto SSG.

Subscribed Services:

List of services to which the host is able to log on.


Related Commands

Command
Description

clear ssg host

Removes a host object or a range of host objects.

ssg port-map

Enables the SSG port-bundle host key.


ssg enable

To enable SSG, use the ssg enable command in global configuration mode. To disable SSG, use the no form of this command.

ssg enable

no ssg enable [force-cleanup]

Syntax Description

force-cleanup

(Optional) Unconfigures SSG and releases all resources that were acquired by SSG.


Defaults

SSG is disabled.

Command Modes

Global configuration

Command History

Release
Modification

12.0(7)DC

This command was introduced on the Cisco 6400 node route processor (NRP).

12.2(4)B

This command was integrated into Cisco IOS Release 12.2(4)B.

12.2(8)T

This command was integrated into Cisco IOS Release 12.2(8)T.

12.2(15)B

The force-cleanup keyword was added.

12.3(4)T

The force-cleanup keyword was integrated into Cisco IOS Release 12.3(4)T.


Usage Guidelines

Use this command to enable SSG. If you enter the ssg enable command while the system is in the process of unconfiguring SSG, you will see a warning message, and the command will have no effect.

Use the no ssg enable force-cleanup command to unconfigure SSG and release all system resources for SSG.

Examples

The following example shows how to enable SSG:

Router(config)# ssg enable

The following example shows how to stop SSG packet processing and control events:

Router(config)# no ssg enable

The following example shows how to stop SSG packet processing and control events, unconfigure SSG, and release all SSG resources:

Router(config)# no ssg enable force-cleanup