Table Of Contents
System Resource Cleanup When SSG Is Unconfigured
Supported Standards, MIBs, and RFCs
Unconfiguring SSG and Releasing System Resources
Monitoring and Maintaining SSG Unconfig
Unconfiguring SSG and Releasing System Resources Example
Removing All Host Objects Example
Removing a Range of Host Objects Example
Removing Host Objects Associated with an Interface Example
Removing an SSG Service Object Example
SSG Unconfig
Feature History
Release Modification12.2(15)B
This feature was introduced on the Cisco 6400 series, Cisco 7200 series, and Cisco 7401ASR.
12.3(4)T
This feature was integrated into Cisco IOS Release 12.3(4)T.
This document describes the SSG Unconfig feature in Cisco IOS Releases 12.2(15)B and 12.3(4)T and includes the following sections:
•Supported Standards, MIBs, and RFCs
•Monitoring and Maintaining SSG Unconfig
Feature Overview
Overview of SSG
Service Selection Gateway (SSG) is a switching solution for service providers who offer intranet, extranet, and Internet connections to subscribers using broadband access technology such as digital subscriber lines (DSL), cable modems, or wireless to allow simultaneous access to network services.
SSG Unconfig
The SSG Unconfig feature enhances your ability to disable SSG at any time and releases the data structures and system resources created by SSG when SSG is unconfigured.
The SSG Unconfig feature enhances several Cisco IOS commands to delete all host objects and to delete a range of host objects. You can also delete all service objects or connection objects. The show ssg host command has been enhanced to display information about an interface and its IP address when host-key mode is enabled on that interface.
System Resource Cleanup When SSG Is Unconfigured
When you enable SSG, the SSG subsystem in Cisco IOS software acquires system resources that are never released, even after you disable SSG. The SSG Unconfig feature enables you to release and clean up system resources when SSG is not in use by entering the no ssg enable force-cleanup command.
Restrictions
Because the SSG Unconfig feature clears all SSG resources on the system, you should enter the no ssg enable force-cleanup command only when all users are logged out and there is no need to run SSG features on the router.
Related Documents
•Cisco IOS Voice, Video, and Fax Command Reference, Release 12.2
•Cisco IOS Voice, Video, and Fax Configuration Guide, Release 12.2
•Cisco Subscriber Edge Services Manager and Subscriber Policy Engine Installation and Configuration Guide
•SSG Accounting Update Interval per Service
•SSG Autologoff Enhancement
•SSG AutoLogin Using Proxy RADIUS
•SSG L2TP Dialout
•SSG Prepaid Idle Timeout
•SSG Proxy for CDMA2000
•SSG Service Profile Caching
•SSG TCP Redirect for Services
Supported Platforms
Finding Support Information for Platforms and Cisco IOS Software Images
Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.
Supported Standards, MIBs, and RFCs
Standards
No new or modified standards are supported by this feature.
MIBs
No new or modified MIBs are supported by this feature.
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:
RFCs
No new or modified RFCs are supported by this feature.
Prerequisites
SSG must be enabled by using the ssg enable command before SSG Unconfig can be configured.
Configuration Tasks
See the following sections for configuration tasks for the SSG Unconfig feature. Each task in the list is optional.
•Unconfiguring SSG and Releasing System Resources
Unconfiguring SSG and Releasing System Resources
To unconfigure SSG and release the system resources that SSG had acquired, enter the following command in global configuration mode:
Command PurposeRouter(config)# no ssg enable force-cleanup
Disables SSG, removes SSG feature configuration, and removes all SSG host, service, and connection objects.
Removing SSG Host Objects
To remove one or more SSG host objects, enter one of the following commands in privileged EXEC mode:
Note To enable the SSG port-bundle host key, enter the ssg port-map enable command in global configuration mode. For more information, refer to the SSG Port-Bundle Host Key document.
Removing SSG Service Objects
To remove one or more SSG service objects, enter the following command in privileged EXEC mode:
Command PurposeRouter# clear ssg service {service-name | all}
Removes one or all service objects and all associated connection objects.
Verifying SSG Unconfig
To verify the unconfiguration of SSG and the removal of SSG host and service objects, follow the steps below:
Step 1 Enter the show running-config command in privileged EXEC mode. No ssg commands should appear in the running configuration.
Step 2 Enter the show processes memory command with modifier include SSG in EXEC mode. You must type the vertical bar (|). There should be no processes running for SSG.
Router# show processes memory | include SSGRouter#No output appears if no SSG processes are running.
Step 3 Try to reenable SSG again one to five minutes (depending on the number of host and service objects currently active on the SSG) after starting SSG Unconfig. If SSG Unconfig has been successful, SSG will be reenabled. If SSG Unconfig is still in process, the following error message appears:
Router(config)# ssg enableSSG is unconfiguring!! Give this command again.
Troubleshooting Tips
Enter the show commands detailed in the "Verifying SSG Unconfig" section to confirm that SSG unconfiguration has been completed, all host and service objects have been removed, and SSG system processes have been disabled.
Monitoring and Maintaining SSG Unconfig
Configuration Examples
This section provides the following configuration examples:
•Unconfiguring SSG and Releasing System Resources Example
•Removing All Host Objects Example
•Removing a Range of Host Objects Example
•Removing Host Objects Associated with an Interface Example
•Removing an SSG Service Object Example
Unconfiguring SSG and Releasing System Resources Example
The following example shows how to disable SSG, remove SSG commands from the running configuration, and remove all SSG host, service, and connection objects:
Router(config)# no ssg enable force-cleanup
04:35:02: Delete all active host objects. It may take some time, please wait.
04:35:-02: ssg_unconfig_proc: UNCONFIGURATION COMPLETE
Removing All Host Objects Example
The following example shows how to remove all host objects and then verify that a specified host object has been removed:
Router# clear ssg host all
Router# show ssg host
--### Active HostObject Count:0Removing a Range of Host Objects Example
The following example shows how to remove a range of host objects:
Router# clear ssg host range 10.0.0.2 10.0.0.20Router# show ssg host##Total HostObject Count:0Removing Host Objects Associated with an Interface Example
The following example shows how to remove all host objects associated with a downlink interface and then verify that all host objects on that interface have been removed:
Router(config)# clear ssg host range 0.0.0.0 255.255.255.255 FastEthernet0/1
Router# show ssg host FastEthernet0/1
##Total HostObject Count:0Removing an SSG Service Object Example
The following example shows how to remove an SSG service object called "myservice" and to verify removal of "myservice":
Router# show ssg service myservice1:proxy_ser### Total ServiceInfoObject Count:1Router# clear ssg service myserviceRouter# show ssg service### Total ServiceInfoObject Count:0Command Reference
This section documents new and modified commands. All other commands used with this feature are documented in the Cisco IOS Release 12.3 T command reference publications.
clear ssg host
To remove a host object or a range of host objects, use the clear ssg host command in privileged EXEC mode. The command syntax of the clear ssg host command depends on whether the SSG port-bundle host key is enabled with the ssg port-map enable global configuration command.
SSG Host Key Is Not Enabled
clear ssg host {all | range {start-ip-address end-ip-address}}
SSG Host Key Is Enabled
clear ssg host {all | ip-address | range [start-ip-address end-ip-address [interface]]}
Syntax Description
Command Modes
Privileged EXEC
Command History
Usage Guidelines
Use this command to remove one, all, or a range of SSG host objects. You can specify the host objects to remove by entering the host IP addresses or the SSG downlink interface through which the subscriber is connected.
Note The system deletes the specified host objects that exist at the time that you enter this command. The system may not delete host objects that are created after you enter the command or while the system is executing the command. Enter the show ssg host command to confirm that all specified host objects have been deleted.
You can specify the SSG downlink interface only when the SSG Host Key feature is enabled. To enable the host key, enter the ssg port-map enable command in global configuration mode. To disable the host key, enter the no ssg port-map enable command.
Note The ssg port-map enable command does not take effect until after the router is reloaded.
Examples
SSG Port-Bundle Host Key Is Not Enabled
The following example shows how to delete host objects for a range of IP addresses:
Router# clear ssg host range 10.0.0.2 10.0.0.20The following example shows how to delete all host objects:
Router# clear ssg host allSSG Port-Bundle Host Key Is Enabled
The following example shows how to delete all host objects:
Router# clear ssg host allThe following example shows how to delete all host objects for subscribers connected through IP address 10.0.0.2:
Router# clear ssg host 10.0.0.2The following example shows how to delete host objects for a specific range of IP addresses:
Router# clear ssg host range 10.0.0.2 10.0.0.20The following example shows how to delete host objects for a specific IP address range and interface:
Router# clear ssg host range 10.0.0.2 10.0.0.20 FastEthernet 0/0Related Commands
Command Descriptionshow ssg host
Displays information about a subscriber and current connections of the subscriber.
ssg port-map enable
Enables the SSG port-bundle host key.
clear ssg service
To remove a service object and all connection objects of the service, use the clear ssg service command in privileged EXEC mode.
clear ssg service {service-name | all}
Syntax Description
Command Modes
Privileged EXEC
Command History
Usage Guidelines
Use this command to remove one or all service objects and all connection objects of the services.
Note When you use the all keyword, the system deletes all service objects that exist at the time that you enter this command. The system may not delete service objects that are created after you enter the command or while the system is executing the command. Enter the show ssg service command to confirm that all service objects have been deleted.
Examples
The following example show how to remove all service objects and connections:
Router# clear ssg service allThe following example shows how to remove a service called "Perftest":
Router# clear ssg service PerftestRelated Commands
show ssg host
To display information about a subscriber and the current connections of the subscriber, use the show ssg host command in privileged EXEC mode. The command syntax of the show ssg host command depends on whether the SSG port-bundle host key is enabled with the ssg port-map global configuration command.
SSG Port-Bundle Host Key Is Not Enabled
show ssg host [ip-address | count | username]
SSG Port-Bundle Host Key Is Enabled
show ssg host [ip-address | count | username] [interface [username]]
Syntax Description
Defaults
If no argument is provided, all current connections are displayed.
Command Modes
Privileged EXEC
Command History
Usage Guidelines
You can specify the SSG downlink interface only when the SSG Host Key feature is enabled. To enable the host key, enter the ssg port-map command in global configuration mode. To disable the host key, enter the no ssg port-map command.
Note The ssg port-map command does not take effect until after the router is reloaded.
Examples
The following example shows all active hosts:
Router# show ssg host1:10.3.1.1 [Host-Key 70.13.60.3:64]2:10.3.6.1 [Host-Key 70.13.60.3:65]### Active HostObject Count:2The following example shows information about host 10.3.1.1:
Router# show ssg host 10.3.1.1------------------------ HostObject Content -----------------------Activated:TRUEInterface:Virtual-Access1User Name:pppoauserHost IP:10.3.1.1Msg IP:0.0.0.0 (0)Host DNS IP:0.0.0.0Maximum Session Timeout:0 secondsHost Idle Timeout:0 secondsClass Attr:NONEUser logged on since:*20:59:51.000 UTC Fri Jul 27 2001User last activity at:*20:59:51.000 UTC Fri Jul 27 2001Default Service:NONEDNS Default Service:NONEActive Services:autologon;AutoService:autologon;Subscribed Services:The following example shows two host objects with the same IP address:
Router# show ssg host 10.3.1.1SSG:Overlapping hosts for IP 10.3.1.1 at interfaces:FastEthernet0/0/0Virtual-Access1In this case, use the interface argument to uniquely identify the host:
Router# show ssg host 10.3.1.1 FastEthernet0/0/0Note that the output produced by this command is the same as that produced by the command without the interface argument. The interface argument is used only to uniquely identify a host when there are overlapping host IP addresses.
The following example shows the usernames logged in to the active hosts:
Router# show ssg host username1:10.3.1.1 (active) Host name:pppoauser2:10.3.6.1 (active) Host name:ssguser2### Total HostObject Count(including inactive hosts):2Table 1 describes the significant fields shown in the display.
Related Commands
Command Descriptionclear ssg host
Removes a host object or a range of host objects.
ssg port-map
Enables the SSG port-bundle host key.
ssg enable
To enable SSG, use the ssg enable command in global configuration mode. To disable SSG, use the no form of this command.
ssg enable
no ssg enable [force-cleanup]
Syntax Description
Defaults
SSG is disabled.
Command Modes
Global configuration
Command History
Usage Guidelines
Use this command to enable SSG. If you enter the ssg enable command while the system is in the process of unconfiguring SSG, you will see a warning message, and the command will have no effect.
Use the no ssg enable force-cleanup command to unconfigure SSG and release all system resources for SSG.
Examples
The following example shows how to enable SSG:
Router(config)# ssg enableThe following example shows how to stop SSG packet processing and control events:
Router(config)# no ssg enableThe following example shows how to stop SSG packet processing and control events, unconfigure SSG, and release all SSG resources:
Router(config)# no ssg enable force-cleanup
Copyright © 2003 Cisco Systems, Inc. All rights reserved.