This documentation has been moved
Intelligent Service Gateway Features Roadmap
Downloads: This chapterpdf (PDF - 249.0KB) The complete bookPDF (PDF - 3.42MB) | Feedback

Intelligent Services Gateway Features Roadmap

Table Of Contents

Intelligent Services Gateway Features Roadmap


Intelligent Services Gateway Features Roadmap


First Published: March 20, 2006
Last Updated: July 30, 2010

This feature roadmap lists the Cisco IOS features documented in the Cisco IOS Intelligent Services Gateway Configuration Guide and maps them to the documents in which they appear. The roadmap is organized so that you can select your release train and see the features in that release. Find the feature name you are searching for and click on the URL in the "Where Documented" column to access the document containing that feature.

Feature and Release Support

Table 1 lists ISG feature support for the following Cisco IOS software release trains:

Cisco IOS Release 15.0S

Cisco IOS Release 12.2SR

Cisco IOS Release 12.2SB

Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which Cisco IOS and Catalyst OS software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.


Note Table 1 lists only the Cisco IOS software release that introduced support for a given feature in a given Cisco IOS software release train. Unless noted otherwise, subsequent releases of that Cisco IOS software release train also support that feature.


Table 1 lists the most recent release of each software train first and the features in alphabetical order within the release.

Table 1 Supported ISG Features in Cisco IOS Releases 12.2SB, 12.2(33)SR, and 15.0S

Release
Feature Name
Feature Description
Where Documented
Cisco IOS Release 15.0S

15.0(1)S

DHCP Server User Authentication

This feature is used to authenticate the DHCP clients.

Configuring ISG Access for IP Subscriber Sessions

15.0(1)S

ISG: Accounting: Per Session, Service & Flow

ISG accounting provides a means to bill for account or service usage. ISG accounting uses the RADIUS protocol to facilitate interaction between ISG and an external RADIUS-based AAA or mediation server.

Configuring ISG Accounting

15.0(1)S

ISG: Authentication: DHCP Option 82 Line ID - AAA Authorization support

This feature enhances ISG automatic subscriber logon by providing support for authorization on the basis of the circuit-Id and remote-Id.

Configuring ISG Policies for Automatic Subscriber Logon

15.0(1)S

ISG: Flow Control: Flow Redirect

The ISG Layer 4 Redirect feature enables service providers to better control the user experience by allowing subscriber TCP or UDP packets to be redirected to specified servers for appropriate handling. ISG Layer 4 redirection can be applied to individual subscriber sessions or flows.

Redirecting Subscriber Traffic Using ISG Layer 4 Redirect

15.0(1)S

ISG: Flow Control: QoS Control: MQC Support for IP Sessions

Provides modular QoS CLI (MQC) provisioning on Cisco ISG IP sessions.

Configuring MQC Support for IP Sessions

15.0(1)S

ISG: Instrumentation: Session & Flow Monitoring (local and external)

ISG provides a mechanism for continuously monitoring interface and CPU statistics. This feature introduces the show interface monitor and show processes cpu monitor commands, which display statistics that are updated at specified intervals.

Troubleshooting ISG with Session Monitoring and Distributed Conditional Debugging

15.0(1)S

ISG: Network Interface: IP Routed, VRF Aware MPLS

ISG supports several types of forwarding to connect subscriber sessions to networks. These connections can be to the Internet, corporate intranets, ISPs, or walled gardens for content delivery. ISG supports both routed and MPLS-enabled interfaces for network access.

Configuring ISG Network Forwarding Policies

15.0(1)S

ISG: Policy Control: DHCP Proxy

This feature enables ISG to dynamically interact with DHCP and apply policies that influence the IP addresses that DHCP assigns to subscribers.

Configuring ISG Access for IP Subscriber Sessions

15.0(1)S

ISG: Policy Control: ISG-SCE Control Bus

This feature enables integration of an ISG device with an SCE device at the control plane level, allowing the two devices to work as one when policies are applied to a subscriber session.

Configuring ISG Integration with SCE

15.0(1)S

ISG: Policy Control: Multidimensional Identity per Session

ISG control policies provide a flexible way to collect pieces of subscriber identity during session establishment. Control policies also allow session policy to be applied iteratively as more elements of identity become available to the system.

Configuring ISG Control Policies

15.0(1)S

ISG: Policy Control: Policy Server: CoA

This feature provides ISG support for the RADIUS Change of Authorization (CoA) extension, which facilitates dynamic authorization.

Enabling ISG to Interact with External Policy Servers

15.0(1)S

ISG: Policy Control: Policy: Domain Based (Auto-domain, Proxy)

ISG control policies manage the primary services and rules used to enforce particular contracts. Polices can be configured to interpret the domain as a request to activate the service associated with that domain name, allowing users to automatically receive services in accordance with the domain that they are attempting to connect.

Configuring ISG Control Policies

15.0(1)S

ISG: Policy Control: Policy: Triggers (Time, Volume, Duration)

ISG control policies can be configured with time-based, volume-based, and duration-based policy triggers. Time-based triggers use an internal clock, allowing policies to be applied at specific times. Volume-based triggers are based on packet count; when the packet count reaches a specified value, the specified policy is applied. Duration-based triggers are based on an internal timer. Upon expiration of the timer, the specified policy is applied.

Configuring ISG Control Policies

15.0(1)S

ISG: Policy Control: Service Profiles

ISG defines a service as a collection of policies that can be applied to any subscriber session. Services can be configured on the router or on an external AAA server.

Configuring ISG Subscriber Services

15.0(1)S

ISG: Policy Control: User Profiles

ISG user profiles specify services and functionality that should be applied to ISG sessions for the specified subscriber. User profiles are defined on an external AAA server.

Configuring ISG Subscriber Services

15.0(1)S

ISG: Session: Authentication

ISG automatic subscriber logon enables another specified identifier to be used in place of the username in authorization requests. Enabling the AAA server to authorize subscribers on the basis of a specified identifier allows subscriber profiles to be downloaded from the AAA server as soon as packets are received from subscribers.

Configuring ISG Policies for Automatic Subscriber Logon

15.0(1)S

ISG: Session: Auth: Single Sign On

Single sign-on eliminates the need to authenticate a session more than once when a subscriber has access to services provided by other devices in the administrative domain of the access or service provider.

Overview of ISG

15.0(1)S

ISG: Session: Auth: PBHK

This feature provides an in-band signaling mechanism for session identification at external portals. TCP packets from subscribers are mapped to a local IP address for the ISG gateway and a range of ports. This mapping allows the portal to identify the ISG gateway from which the session originated.

Configuring ISG Port-Bundle Host Key

15.0(1)S

ISG: Session: Creation: Interface IP Session: L2

ISG IP interface sessions include all IP traffic received on a specific physical or virtual interface. IP interface sessions are provisioned through the CLI; that is, a session is created when the IP interface session commands are entered.

Configuring ISG Access for IP Subscriber Sessions

15.0(1)S

ISG: Session: Creation: Interface IP Session: L3

ISG IP interface sessions include all IP traffic received on a specific physical or virtual interface. IP interface sessions are provisioned through the CLI; that is, a session is created when the IP interface session commands are entered.

Configuring ISG Access for IP Subscriber Sessions

15.0(1)S

ISG: Session: Creation: IP Session: Subnet & Source IP: L2

The ISG session is the primary component used for associating services and policies across specific data flows. An IP subnet session is an ISG session that includes any IP traffic from a single IP subnet. A source-IP-based session includes traffic from a single source IP address.

Configuring ISG Access for IP Subscriber Sessions

15.0(1)S

ISG: Session: Creation: IP Session: Protocol Event (DHCP)

Most ISG sessions are created upon detection of a data flow that cannot be affiliated with an already active session. An ISG can be configured to create an IP session upon receipt of the first DHCP DISCOVER packet received from a subscriber.

Configuring ISG Access for IP Subscriber Sessions

15.0(1)S

ISG: Session: Creation: IP Session: Subnet & Source IP: L3

The ISG session is the primary component used for associating services and policies across specific data flows. An IP subnet session is an ISG session that includes any IP traffic from a single IP subnet. A source-IP-based session includes traffic from a single source IP address.

Configuring ISG Access for IP Subscriber Sessions

15.0(1)S

ISG: Session: LifeCycle: Idle Timeout

The ISG idle timeout controls how long a connection can be idle before it is terminated.

Configuring ISG Policies for Session Maintenance

15.0(1)S

ISG: Session: LifeCycle: POD

An ISG can be configured to interact with external policy servers. A policy server can use RADIUS Packet of Disconnect (POD) to manage the life cycle of any ISG session. The primary role of the POD message is to terminate an ISG session.

Enabling ISG to Interact with External Policy Servers

15.0(1)S

ISG: Session: Protection & Resiliency: Keepalive - ARP, ICMP

This feature allows IP subscriber session health to be monitored by configuring keepalive messages using ARP or ICMP, depending upon the type of connection to be monitored.

Configuring ISG Policies for Session Maintenance

15.0(1)S

ISG: Session: VRF Transfer

The ISG session is the primary component used for associating services and policies with specific data flows. ISG sessions are associated with virtual routing and forwarding instances when routing is required for the network service. ISG VRF transfer provides a means to dynamically switch an active session between virtual routing domains.

Configuring ISG Access for IP Subscriber Sessions

15.0(1)S

ISG: Subscriber Aware Ethernet

Provides ISG functionality in distributed IP and PPPoE sessions on Cisco 7600 series routers that have SIP-400 or Ethernet Services Plus (ES+) access-facing line cards.

ISG: Subscriber Aware Ethernet

Cisco IOS Release 12.2SR

12.2(33)SRE2

ISG: Triple Key Authentication Support

This feature enables triple-key authentication by passing the location information from SESM to the RADIUS server in the access-request message.

Enabling ISG to Interact with External Policy Servers

12.2(33)SRE

DHCP Server User Authentication

This feature is used to authenticate the DHCP clients.

Configuring ISG Access for IP Subscriber Sessions

12.2(33)SRE

ISG: AAA Wireless Enhancements

RADIUS proxy enhancements provide additional support for mobile wireless environments. It includes changes to RADIUS attribute 31 processing.

Configuring ISG as a RADIUS Proxy

12.2(33)SRE

ISG: Authentication: RADIUS Proxy WiMax Enhancements

RADIUS proxy enhancements provide additional support for WiMax broadband environments.

Configuring ISG as a RADIUS Proxy

12.2(33)SRE

ISG: Instrumentation: DHCP Lease Query Support

The DHCP Lease Query transaction is a DHCP transaction with special message types that enable, among other things, clients to query DHCP servers regarding the owner and the lease-expiration-time of an IP address.

Configuring ISG Access for IP Subscriber Sessions

12.2(33)SRE

ISG: Policy Control: Differentiated Initial Policy Control

This feature provides minimal or temporary network access to subscribers when the RADIUS servers are down or cannot be accessed because of network problems.

Configuring ISG Control Policies

12.2(33)SRE

ISG: Session: Multicast: Coexistence

This feature introduces the ability to host all the subscribers and services (data and multicast) on the same VLAN by enabling multicast and IP sessions to coexist on the same subinterface.

Configuring ISG Access for IP Subscriber Sessions

12.2(33)SRE

ISG: Static Session Creation

This feature enables administrator-initiated static IP sessions

Configuring ISG Access for IP Subscriber Sessions

12.2(33)SRD

ISG: Authentication: DHCP Option 60 and Option 82 with VPN-ID Support for Transparent Automatic Logon

This feature enables service providers to support TAL through DHCP option 60 and option 82 and wholesale IP sessions through the VPN-ID extension to option 82.

Configuring DHCP Option 60 and Option 82 with VPN-ID Support for Transparent Automatic Logon

12.2(33)SRC

IP Subscriber Session CLI Updates

Some of the commands that are used to configure ISG IP subscriber sessions were modified or replaced in this release.

Configuring ISG Access for IP Subscriber Sessions

12.2(33)SRC

ISG:Accounting: Per Session, Service, and Flow

ISG accounting provides a means to bill for account or service usage. ISG accounting uses the RADIUS protocol to facilitate interaction between ISG and an external RADIUS-based AAA or mediation server.

Configuring ISG Accounting

12.2(33)SRC

ISG:Accounting: Postpaid

ISG accounting provides a means to bill for account or service usage. ISG sends accounting start and stop records for sessions and services to an accounting server for postpaid billing. The accounting server interprets the records to generate bills.

Configuring ISG Accounting

12.2(33)SRC

ISG:Accounting: Tariff Switching

ISG accounting provides a means to bill for account or service usage. Where billing rates change at fixed times and sessions are active across the boundary at which the rates change, ISG will provides accounting data to the billing server indicating the boundary. Tariff switching can also be used between accounting methods, such as switching from prepaid billing to post paid billing.

Configuring ISG Accounting

Configuring ISG Support for Prepaid Billing

12.2(33)SRC

ISG:Accounting: Time-Based Prepaid

ISG prepaid billing support allows ISG to check a subscriber's available credit to determine whether to allow the subscriber access to a service and how long the access can last. ISG supports time-based prepaid billing.

Configuring ISG Support for Prepaid Billing

12.2(33)SRC

ISG:Accounting: Volume-Based Prepaid

ISG prepaid billing support allows ISG to check a subscriber's available credit to determine whether to allow the subscriber access to a service and how long the access can last. ISG supports volume-based prepaid billing.

Configuring ISG Support for Prepaid Billing

12.2(33)SRC

ISG:Authentication: DHCP Option 82 Line ID - AAA Authorization Support

This feature enhances ISG automatic subscriber logon by providing support for authorization on the basis of the circuit-Id and remote-Id.

Configuring ISG Policies for Automatic Subscriber Logon

12.2(33)SRC

ISG:Flow Control: Flow Redirect

The ISG Layer 4 Redirect feature enables service providers to better control the user experience by allowing subscriber TCP or UDP packets to be redirected to specified servers for appropriate handling. ISG Layer 4 redirection can be applied to individual subscriber sessions or flows.

Redirecting Subscriber Traffic Using ISG Layer 4 Redirect

12.2(33)SRC

ISG:Flow Control: QoS Control: Dynamic Rate Limiting

ISG can change the allowed bandwidth of a session or flow by dynamically applying rate-limiting policies.

Configuring ISG Network Forwarding Policies

12.2(33)SRC

ISG: Flow Control: QoS Control: MQC Support for IP Sessions

Provides modular QoS CLI (MQC) provisioning on Cisco ISG IP sessions.

Configuring MQC Support for IP Sessions

12.2(33)SRC

ISG:Instrumentation: Advanced Conditional Debugging

ISG provides the ability to define various conditions for filtering debug output. Conditional debugging generates very specific and relevant information that can be used for session, flow, subscriber, and service diagnostics.

Troubleshooting ISG with Session Monitoring and Distributed Conditional Debugging

12.2(33)SRC

ISG:Instrumentation: Session and Flow Monitoring

ISG provides a mechanism for continuously monitoring interface and CPU statistics. This feature introduces the show interface monitor and show processes cpu monitor commands, which display statistics that are updated at specified intervals.

Troubleshooting ISG with Session Monitoring and Distributed Conditional Debugging

12.2(33)SRC

ISG:Network Interface: IP Routed, VRF-Aware MPLS

ISG supports several types of forwarding to connect subscriber sessions to networks. These connections can be to the Internet, corporate intranets, ISPs, or walled gardens for content delivery. ISG supports both routed and MPLS-enabled interfaces for network access.

Configuring ISG Network Forwarding Policies

12.2(33)SRC

ISG:Network Interface: Tunneled (L2TP)

ISG supports several types of forwarding to connect subscriber sessions to networks. These connections can be to Internet, corporate Intranets, ISPs or walled gardens for content delivery. ISG supports tunneled interfaces to networks.

Configuring ISG Network Forwarding Policies

12.2(33)SRC

ISG:Policy Control: Cisco Policy Language

ISG control policies are a structured replacement for feature-specific configuration commands and allow configurable functionality to be expressed in terms of an event, a condition, and an action. Control policies provide an intuitive and extensible framework, with a consistent set of CLI commands, for specifying system behavior. The ISG policy language is aligned with the Cisco Common Classification Policy Language (C3PL).

Configuring ISG Control Policies

12.2(33)SRC

ISG:Policy Control: DHCP Proxy

This feature enables ISG to dynamically interact with DHCP and apply policies that influence the IP addresses that DHCP assigns to subscribers.

Configuring ISG Access for IP Subscriber Sessions

12.2(33)SRC

ISG:Policy Control: ISG-SCE Control Bus

This feature enables integration of an ISG device with an SCE device at the control plane level, allowing the two devices to work as one when policies are applied to a subscriber session.

Configuring ISG Integration with SCE

12.2(33)SRC

ISG:Policy Control: Multidimensional Identity per Session

ISG control policies provide a flexible way to collect pieces of subscriber identity during session establishment. Control policies also allow session policy to be applied iteratively as more elements of identity become available to the system.

Configuring ISG Control Policies

12.2(33)SRC

ISG:Policy Control: Policy: Domain Based (Auto-domain, Proxy)

ISG control policies manage the primary services and rules used to enforce particular contracts. Polices can be configured to interpret the domain as a request to activate the service associated with that domain name, allowing users to automatically receive services in accordance with the domain that they are attempting to connect.

Configuring ISG Control Policies

12.2(33)SRC

ISG:Policy Control: Policy: Triggers

ISG control policies can be configured with time-based, volume-based, and duration-based policy triggers. Time-based triggers use an internal clock, allowing policies to be applied at specific times. Volume-based triggers are based on packet count; when the packet count reaches a specified value, the specified policy is applied. Duration-based triggers are based on an internal timer. Upon expiration of the timer, the specified policy is applied.

Configuring ISG Control Policies

12.2(33)SRC

ISG:Policy Control: Policy Server: CoA

This feature provides ISG support for the RADIUS Change of Authorization (CoA) extension, which facilitates dynamic authorization.

Enabling ISG to Interact with External Policy Servers

12.2(33)SRC

ISG:Policy Control: Policy Server: CoA ASCII Command Code Support

This feature enables ISG to receive ASCII command codes for Account Logon, Account Logoff, Service Logon, Service Logoff, and Account Status queries and to perform the required functionality based on the command code.

Cisco IOS ISG RADIUS Interface Guide

12.2(33)SRC

ISG:Policy Control: Policy Server: SSG-SESM Protocol

ISG supports Cisco's proprietary protocol to communicate with the SESM policy server.

Cisco SSG-to-ISG DSL Broadband Migration Guide

12.2(33)SRC

ISG:Policy Control: RADIUS Proxy Enhancement

The ISG RADIUS proxy feature enables ISG to serve as a proxy between a client device that uses RADIUS authentication and a AAA server. ISG RADIUS proxy functionality enables ISG to "sniff" (look at) the RADIUS packet flows and, upon successful authentication, transparently create a corresponding ISG session.

Configuring ISG as a RADIUS Proxy

12.2(33)SRC

ISG:Policy Control: Service Profiles

ISG defines a service as a collection of policies that can be applied to any subscriber session. Services can be configured on the router or on an external AAA server.

Configuring ISG Subscriber Services

12.2(33)SRC

ISG:Policy Control: User Profiles

ISG user profiles specify services and functionality that should be applied to ISG sessions for the specified subscriber. User profiles are defined on an external AAA server.

Configuring ISG Subscriber Services

12.2(33)SRC

ISG:Session: Auth: PBHK

The ISG Port-Bundle Host Key feature serves as an in-band signaling mechanism for session identification at external portals. TCP packets from subscribers are mapped to a local IP address for the ISG gateway and a range of ports. This mapping allows the portal to identify the ISG gateway from which the session originated.

Configuring ISG Port-Bundle Host Key

12.2(33)SRC

ISG:Session: Auth: Single Sign-On

Single sign-on eliminates the need to authenticate a session more than once when a subscriber has access to services provided by other devices in the administrative domain of the access or service provider.

Overview of ISG

12.2(33)SRC

ISG:Session: Authentication

ISG automatic subscriber logon enables another specified identifier to be used in place of the username in authorization requests. Enabling the AAA server to authorize subscribers on the basis of a specified identifier allows subscriber profiles to be downloaded from the AAA server as soon as packets are received from subscribers.

Configuring ISG Policies for Automatic Subscriber Logon

12.2(33)SRC

ISG:Session: Creation: Interface IP Session: L2

ISG IP interface sessions include all IP traffic received on a specific physical or virtual interface. IP interface sessions are provisioned through the CLI; that is, a session is created when the IP interface session commands are entered.

Configuring ISG Access for IP Subscriber Sessions

12.2(33)SRC

ISG:Session: Creation: Interface IP Session: L3

ISG IP interface sessions include all IP traffic received on a specific physical or virtual interface. IP interface sessions are provisioned through the CLI; that is, a session is created when the IP interface session commands are entered.

Configuring ISG Access for IP Subscriber Sessions

12.2(33)SRC

ISG:Session: Creation: IP Session: Protocol Event (DHCP)

Most ISG sessions are created upon detection of a data flow that cannot be affiliated with an already active session. An ISG can be configured to create an IP session upon receipt of the first DHCP DISCOVER packet received from a subscriber.

Configuring ISG Access for IP Subscriber Sessions

12.2(33)SRC

ISG:Session: Creation: IP Session: Subnet and Source IP: L2

The ISG session is the primary component used for associating services and policies across specific data flows. An IP subnet session is an ISG session that includes any IP traffic from a single IP subnet. A source-IP-based session includes traffic from a single source IP address.

Configuring ISG Access for IP Subscriber Sessions

12.2(33)SRC

ISG: Session: Creation: IP Session: Subnet and Source IP: L3

The ISG session is the primary component used for associating services and policies across specific data flows. An IP subnet session is an ISG session that includes any IP traffic from a single IP subnet. A source-IP-based session includes traffic from a single source IP address.

Configuring ISG Access for IP Subscriber Sessions

12.2(33)SRC

ISG:Session: Creation: P2P Session (PPPoE, PPPoXoX)

The ISG session is the primary context to which services and policies are associated across specific data flows. Point-to-point (P2P) sessions are established through a signaling protocol. ISG handles many variants of P2P encapsulation, such as PPP, PPPoE, and PPPoA.

Configuring ISG Access for PPP Sessions

12.2(33)SRC

ISG:Session: Lifecycle: Idle Timeout

The ISG idle timeout controls how long a connection can be idle before it is terminated.

Configuring ISG Policies for Session Maintenance

12.2(33)SRC

ISG:Session: Lifecycle: Packet of Disconnect (POD)

An ISG can be configured to interact with external policy servers. A policy server can use RADIUS Packet of Disconnect (POD) to manage the life cycle of any ISG session. The primary role of the POD message is to terminate an ISG session.

Enabling ISG to Interact with External Policy Servers

12.2(33)SRC

ISG:Session: VRF Transfer

The ISG session is the primary component used for associating services and policies with specific data flows. ISG sessions are associated with virtual routing and forwarding instances when routing is required for the network service. ISG VRF transfer provides a means to dynamically switch an active session between virtual routing domains.

Configuring ISG Access for IP Subscriber Sessions

12.2(33)SRC

ISG:Session Protection and Resiliency: Keepalive—ARP, ICMP

This feature allows IP subscriber session health to be monitored by configuring keepalive messages using ARP or ICMP, depending upon the type of connection to be monitored.

Configuring ISG Policies for Session Maintenance

12.2(33)SRC

ISG: Subscriber Aware Ethernet

This feature makes ISG functionality available on the Cisco 7600 router.

The following ISG accounting functions are not supported on the Cisco 7600 router:

Per service

Per flow

Postpaid

Tariff switching

Time-based or volume-based prepaid

ISG: Subscriber Aware Ethernet

12.2(33)SRC

Service Gateway Interface

The SGI implements a web services interface to access the policy, subscriber, and session management functionality of ISG.

Service Gateway Interface

Cisco IOS Release 12.2SB

12.2(31)SB2

ISG:Policy Control: Policy Server: CoA ASCII Command Code Support

This feature enables ISG to receive ASCII command codes for Account Logon, Account Logoff, Service Logon, Service Logoff, and Account Status queries and to perform the required functionality based on the command code.

Cisco IOS ISG RADIUS Interface Guide

12.2(31)SB2

ISG:Policy Control: RADIUS Proxy Enhancement

The ISG RADIUS proxy feature enables ISG to serve as a proxy between a client device that uses RADIUS authentication and a AAA server. ISG RADIUS proxy functionality enables ISG to "sniff" (look at) the RADIUS packet flows and, upon successful authentication, transparently create a corresponding ISG session.

Configuring ISG as a RADIUS Proxy

12.2(31)SB2

IP Subscriber Session CLI Updates

Some of the commands that are used to configure ISG IP subscriber sessions were modified or replaced in this release.

Configuring ISG Access for IP Subscriber Sessions

12.2(28)SB

ISG:Accounting: Per Session, Service, and Flow

ISG accounting provides a means to bill for account or service usage. ISG accounting uses the RADIUS protocol to facilitate interaction between ISG and an external RADIUS-based AAA or mediation server.

Configuring ISG Accounting

12.2(28)SB

ISG:Accounting: Postpaid

ISG accounting provides a means to bill for account or service usage. ISG sends accounting start and stop records for sessions and services to an accounting server for postpaid billing. The accounting server interprets the records to generate bills.

Configuring ISG Accounting

12.2(28)SB

ISG:Accounting: Tariff Switching

ISG accounting provides a means to bill for account or service usage. Where billing rates change at fixed times and sessions are active across the boundary at which the rates change, ISG will provides accounting data to the billing server indicating the boundary. Tariff switching can also be used between accounting methods, such as switching from prepaid billing to post paid billing.

Configuring ISG Accounting

Configuring ISG Support for Prepaid Billing

12.2(28)SB

ISG:Accounting: Time-Based Prepaid

ISG prepaid billing support allows ISG to check a subscriber's available credit to determine whether to allow the subscriber access to a service and how long the access can last. ISG supports time-based prepaid billing.

Configuring ISG Support for Prepaid Billing

12.2(28)SB

ISG:Accounting: Volume-Based Prepaid

ISG prepaid billing support allows ISG to check a subscriber's available credit to determine whether to allow the subscriber access to a service and how long the access can last. ISG supports volume-based prepaid billing.

Configuring ISG Support for Prepaid Billing

12.2(28)SB

ISG:Authentication: DHCP Option 82 Line ID - AAA Authorization Support

This feature enhances ISG automatic subscriber logon by providing support for authorization on the basis of the circuit-Id and remote-Id.

Configuring ISG Policies for Automatic Subscriber Logon

12.2(28)SB

ISG:Flow Control: Flow Redirect

The ISG Layer 4 Redirect feature enables service providers to better control the user experience by allowing subscriber TCP or UDP packets to be redirected to specified servers for appropriate handling. ISG Layer 4 redirection can be applied to individual subscriber sessions or flows.

Redirecting Subscriber Traffic Using ISG Layer 4 Redirect

12.2(28)SB

ISG:Flow Control: QoS Control: Dynamic Rate Limiting

ISG can change the allowed bandwidth of a session or flow by dynamically applying rate-limiting policies.

Configuring ISG Network Forwarding Policies

12.2(28)SB

ISG:Instrumentation: Advanced Conditional Debugging

ISG provides the ability to define various conditions for filtering debug output. Conditional debugging generates very specific and relevant information that can be used for session, flow, subscriber, and service diagnostics.

Troubleshooting ISG with Session Monitoring and Distributed Conditional Debugging

12.2(28)SB

ISG:Instrumentation: Session and Flow Monitoring

ISG provides a mechanism for continuously monitoring interface and CPU statistics. This feature introduces the show interface monitor and show processes cpu monitor commands, which display statistics that are updated at specified intervals.

Troubleshooting ISG with Session Monitoring and Distributed Conditional Debugging

12.2(28)SB

ISG:Network Interface: IP Routed, VRF-Aware MPLS

ISG supports several types of forwarding to connect subscriber sessions to networks. These connections can be to the Internet, corporate intranets, ISPs, or walled gardens for content delivery. ISG supports both routed and MPLS-enabled interfaces for network access.

Configuring ISG Network Forwarding Policies

12.2(28)SB

ISG:Network Interface: Tunneled (L2TP)

ISG supports several types of forwarding to connect subscriber sessions to networks. These connections can be to Internet, corporate Intranets, ISPs or walled gardens for content delivery. ISG supports tunneled interfaces to networks.

Configuring ISG Network Forwarding Policies

12.2(28)SB

ISG:Policy Control: Cisco Policy Language

ISG control policies are a structured replacement for feature-specific configuration commands and allow configurable functionality to be expressed in terms of an event, a condition, and an action. Control policies provide an intuitive and extensible framework, with a consistent set of CLI commands, for specifying system behavior. The ISG policy language is aligned with the Cisco Common Classification Policy Language (C3PL).

Configuring ISG Control Policies

12.2(28)SB

ISG:Policy Control: DHCP Proxy

This feature enables ISG to dynamically interact with DHCP and apply policies that influence the IP addresses that DHCP assigns to subscribers.

Configuring ISG Access for IP Subscriber Sessions

12.2(28)SB

ISG:Policy Control: Multidimensional Identity per Session

ISG control policies provide a flexible way to collect pieces of subscriber identity during session establishment. Control policies also allow session policy to be applied iteratively as more elements of identity become available to the system.

Configuring ISG Control Policies

12.2(28)SB

ISG:Policy Control: Policy: Domain Based (Auto-domain, Proxy)

ISG control policies manage the primary services and rules used to enforce particular contracts. Polices can be configured to interpret the domain as a request to activate the service associated with that domain name, allowing users to automatically receive services in accordance with the domain that they are attempting to connect.

Configuring ISG Control Policies

12.2(28)SB

ISG:Policy Control: Policy: Triggers

ISG control policies can be configured with time-based, volume-based, and duration-based policy triggers. Time-based triggers use an internal clock, allowing policies to be applied at specific times. Volume-based triggers are based on packet count; when the packet count reaches a specified value, the specified policy is applied. Duration-based triggers are based on an internal timer. Upon expiration of the timer, the specified policy is applied.

Configuring ISG Control Policies

12.2(28)SB

ISG:Policy Control: Policy Server: CoA

This feature provides ISG support for the RADIUS Change of Authorization (CoA) extension, which facilitates dynamic authorization.

Enabling ISG to Interact with External Policy Servers

12.2(28)SB

ISG:Policy Control: Policy Server: SSG-SESM Protocol

ISG supports Cisco's proprietary protocol to communicate with the SESM policy server.

Cisco SSG-to-ISG DSL Broadband Migration Guide

12.2(28)SB

ISG:Policy Control: Service Profiles

ISG defines a service as a collection of policies that can be applied to any subscriber session. Services can be configured on the router or on an external AAA server.

Configuring ISG Subscriber Services

12.2(28)SB

ISG:Policy Control: User Profiles

ISG user profiles specify services and functionality that should be applied to ISG sessions for the specified subscriber. User profiles are defined on an external AAA server.

Configuring ISG Subscriber Services

12.2(28)SB

ISG:Session: Auth: PBHK

The ISG Port-Bundle Host Key feature serves as an in-band signaling mechanism for session identification at external portals. TCP packets from subscribers are mapped to a local IP address for the ISG gateway and a range of ports. This mapping allows the portal to identify the ISG gateway from which the session originated.

Configuring ISG Port-Bundle Host Key

12.2(28)SB

ISG:Session: Auth: Single Sign-On

Single sign-on eliminates the need to authenticate a session more than once when a subscriber has access to services provided by other devices in the administrative domain of the access or service provider.

Overview of ISG

12.2(28)SB

ISG:Session: Authentication

ISG automatic subscriber logon enables another specified identifier to be used in place of the username in authorization requests. Enabling the AAA server to authorize subscribers on the basis of a specified identifier allows subscriber profiles to be downloaded from the AAA server as soon as packets are received from subscribers.

Configuring ISG Policies for Automatic Subscriber Logon

12.2(28)SB

ISG:Session: Creation: Interface IP Session: L2

ISG IP interface sessions include all IP traffic received on a specific physical or virtual interface. IP interface sessions are provisioned through the CLI; that is, a session is created when the IP interface session commands are entered.

Configuring ISG Access for IP Subscriber Sessions

12.2(28)SB

ISG:Session: Creation: Interface IP Session: L3

ISG IP interface sessions include all IP traffic received on a specific physical or virtual interface. IP interface sessions are provisioned through the CLI; that is, a session is created when the IP interface session commands are entered.

Configuring ISG Access for IP Subscriber Sessions

12.2(28)SB

ISG:Session: Creation: IP Session: Protocol Event (DHCP)

Most ISG sessions are created upon detection of a data flow that cannot be affiliated with an already active session. An ISG can be configured to create an IP session upon receipt of the first DHCP DISCOVER packet received from a subscriber.

Configuring ISG Access for IP Subscriber Sessions

12.2(28)SB

ISG:Session: Creation: IP Session: Subnet and Source IP: L2

The ISG session is the primary component used for associating services and policies across specific data flows. An IP subnet session is an ISG session that includes any IP traffic from a single IP subnet. A source-IP-based session includes traffic from a single source IP address.

Configuring ISG Access for IP Subscriber Sessions

12.2(28)SB

ISG: Session: Creation: IP Session: Subnet and Source IP: L3

The ISG session is the primary component used for associating services and policies across specific data flows. An IP subnet session is an ISG session that includes any IP traffic from a single IP subnet. A source-IP-based session includes traffic from a single source IP address.

Configuring ISG Access for IP Subscriber Sessions

12.2(28)SB

ISG:Session: Creation: P2P Session (PPPoE, PPPoXoX)

The ISG session is the primary context to which services and policies are associated across specific data flows. Point-to-point (P2P) sessions are established through a signaling protocol. ISG handles many variants of P2P encapsulation, such as PPP, PPPoE, and PPPoA.

Configuring ISG Access for PPP Sessions

12.2(28)SB

ISG:Session: Lifecycle: Idle Timeout

The ISG idle timeout controls how long a connection can be idle before it is terminated.

Configuring ISG Policies for Session Maintenance

12.2(28)SB

ISG:Session: Lifecycle: Packet of Disconnect (POD)

An ISG can be configured to interact with external policy servers. A policy server can use RADIUS Packet of Disconnect (POD) to manage the life cycle of any ISG session. The primary role of the POD message is to terminate an ISG session.

Enabling ISG to Interact with External Policy Servers

12.2(28)SB

ISG:Session: VRF Transfer

The ISG session is the primary component used for associating services and policies with specific data flows. ISG sessions are associated with virtual routing and forwarding instances when routing is required for the network service. ISG VRF transfer provides a means to dynamically switch an active session between virtual routing domains.

Configuring ISG Access for IP Subscriber Sessions