Cisco IOS Service Selection Gateway Configuration Guide, Release 12.4
Service Selection Gateway Features Roadmap
Downloads: This chapterpdf (PDF - 132.0KB) The complete bookPDF (PDF - 3.64MB) | Feedback

Service Selection Gateway Features Roadmap

Table Of Contents

Service Selection Gateway Features Roadmap


Service Selection Gateway Features Roadmap


First Published: May 2, 2005
Last Updated: October 2, 2009

Note Effective with Cisco IOS Release 15.0(1)M, this feature is not available in Cisco IOS software.


This feature roadmap lists the Cisco IOS features documented in the Cisco IOS Service Selection Gateway Configuration Guide and maps them to the documents in which they appear. The roadmap is organized so that you can select your release train and see the features in that release. Find the feature name you are searching for and click on the URL in the "Where Documented" column to access the document containing that feature.

Feature and Release Support

Table 1 lists Service Selection Gateway (SSG) feature support for the following Cisco IOS software release trains:

Cisco IOS Releases 12.2T, 12.3, 12.3T, 12.4, and 12.4T

Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which Cisco IOS and Catalyst OS software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.


Note Table 1 lists only the Cisco IOS software release that introduced support for a given feature in a given Cisco IOS software release train. Unless noted otherwise, subsequent releases of that Cisco IOS software release train also support that feature.


Table 1 Supported SSG Features 

Release
Feature Name
Feature Description
Where Documented
Cisco IOS Releases 12.2T, 12.3, 12.3T, 12.4, and 12.4T

12.2(8)T

SSG Open Garden

The SSG Open Garden feature enables you to use Cisco SSG to implement open gardens, which are collections of Web sites or networks that subscribers can access as long as they have physical access to the network. Subscribers do not have to provide authentication information before accessing the Web sites in an open garden.

Configuring SSG for Subscriber Services

SSG TCP Redirect

The SSG TCP Redirect feature redirects certain packets, which would otherwise be dropped, to captive portals that can handle the packets in a suitable manner. For example, packets sent upstream by unauthorized users are forwarded to a captive portal that can redirect the users to a login window. Similarly, if users try to access a service to which they have not logged in, the packets are redirected to a captive portal that can provide a service login window.

Configuring SSG TCP Redirection Features

Per-Session Firewall

The SSG Per Session Firewall feature enables you to configure Cisco IOS software access control lists (ACLs) to prevent users, services, and pass-through traffic from accessing specific IP addresses and ports.

Configuring a Per-Session Firewall

12.2(11)T

Initial SSG Communication

The Initial SSG Communication feature comprises initial tasks you need to perform to enable SSG on the router and to establish SSG communication with other key components of the network, including Subscriber Edge Services Manager (SESM) and the authentication, authorization, and accounting (AAA) server.

Implementing SSG: Initial Tasks

RADIUS Profiles and Attributes for SSG

SSG uses RADIUS Profiles and attributes for the authentication, authorization, and accounting of subscribers.

RADIUS Profiles and Attributes for SSG

SSG Accounting

The SSG Accounting feature allows a service provider to decide how to configure billing and accounting for its users.

Configuring SSG Accounting

SSG Port-Bundle Host-Key

The SSG Port-Bundle Host Key feature enhances communication and functionality between the Service Selection Gateway (SSG) and the Cisco Subscriber Edge Services Manager (SESM) by introducing a mechanism that uses the host source IP address and source port to identify and monitor subscribers.

Implementing SSG: Initial Tasks

SSG Prepaid Tariff Switching

The SSG Prepaid Tariff Switching feature allows changes in tariffs during the lifetime of a connection.

Configuring SSG Accounting

12.2(13)T

SSG Accounting Update Interval Per Service

The SSG Accounting Update Interval Per Service feature allows the service provider to configure different accounting intervals for different services.

Configuring SSG Accounting

SSG AutoDomain

The SSG AutoDomain feature allows Service Selection Gateway (SSG) to authenticate subscribers automatically in the service domain.

Configuring SSG to Authenticate Subscribers Automatically in the Service Domain

SSG Autologon Using Proxy RADIUS

The SSG Autologon Using Proxy RADIUS feature enables SSG to act as a RADIUS proxy for non-SSD clients whose Access-Requests do not contain VSAs.

Configuring SSG to Serve as a RADIUS Proxy

SSG Hierarchical Policing

The SSG Hierarchical Policing feature ensures that a subscriber does not utilize additional bandwidth for overall service or for a specific service that is outside the bounds of the subscriber's contract with the service provider.

Configuring SSG Hierarchical Policing

12.3(4)T

Postpaid Tariff Switching for SSG

The Postpaid Tariff Switching for SSG feature allows changes in tariffs during the lifetime of a connection.

Configuring SSG Accounting

PPP Subscriber Access

The PPP subscriber access feature supports PPP as a subscriber access protocol.

Configuring SSG to Authenticate PPP Subscribers

PTA-MD Exclusion List

The PTA-MD Exclusion List feature allows you to create a set of domains that are excluded from normal SSG structured username processing.

Configuring SSG to Authenticate PPP Subscribers

SSG AAA Server Group for Proxy RADIUS

This feature allows you to configure multiple AAA servers. You can configure each remote RADIUS server with timeout and retransmission parameters. SSG will perform failover among the servers in the predefined group.

Configuring SSG to Serve as a RADIUS Proxy

SSG Autologoff

The SSG Autologoff feature supports methods to log subscribers out of SSG.

Configuring SSG to Log Off Subscribers

SSG Direction Configuration for Interfaces and Ranges

SSG implements service selection through selective routing of IP packets to destination networks on a per-subscriber basis. SSG uses the concept of interface direction (uplink or downlink) to help determine the forwarding path of incoming packets. An uplink interface is an interface towards the services; a downlink interface is an interface towards the subscribers.

Implementing SSG: Initial Tasks

SSG EAP Transparency

In 802.1x WLAN deployments, SSG acts as a RADIUS Proxy during Extensible Authentication Protocol (EAP) authentication between a WLAN AP and the corresponding AAA server. Using SSG as a RADIUS Proxy in 802.1x deployments enables WLAN users to access SSG functionality after they have connected to the AP.

Configuring SSG to Serve as a RADIUS Proxy

 

SSG Prepaid Enhancements

The SSG Prepaid Enhancements feature adds support for prepaid tariff switching, postpaid tariff switching, and simultaneous volume- and time-based prepaid billing to the existing SSG Prepaid feature.

Configuring SSG Accounting

SSG Prepaid Idle Timeout

The SSG Prepaid Idle Timeout feature enables SSG to return residual quota to the billing server from services that a user is logged into but not actively using.

Configuring SSG Accounting

SSG Proxy for CDMA2000

This feature enables service selection in CDMA2000 networks through enhancements to the SSG RADIUS Proxy functionality.

Configuring SSG to Serve as a RADIUS Proxy

SSG Service Profile Caching

The Service Profile Cache feature enables SSG to use a cached copy of a service profile instead of downloading the profile from a RADIUS server every time a user logs on to the service.

Configuring SSG for Subscriber Services

SSG Suppression of Unused Accounting Records

The SSG Suppression of Unused Accounting Records feature allows you to turn off unneeded Service Selection Gateway (SSG) accounting records.

Configuring SSG Accounting

SSG Unconfig

The SSG Unconfig feature releases and cleans up system resources acquired by SSG.

Implementing SSG: Initial Tasks

12.3(7)T

SSG Service Logon Enhancements

The SSG Service Logon Enhancements feature enables SSG to deliver services to a subscriber after receiving valid authentication information.

Configuring SSG for Subscriber Services

SSG Transparent Autologon

The SSG Transparent Autologon feature enables Service Selection Gateway (SSG) to authenticate and authorize a user on the basis of the source IP address of packets received from the user.

Configuring SSG to Authenticate Subscribers with Transparent Autologon

DNS Redirection

The SSG DNS Redirection feature enables you to match a domain name server (DNS) request to the appropriate domain name service, based on attributes of the user requesting the service.

Configuring Default DNS Redirection

12.3(8)T

SSG Interface Redundancy

SSG interface redundancy allows services to be associated with more than one interface to protect against link failures.

Implementing SSG: Initial Tasks

12.3(11)T

SSG Default Quota for Prepaid Billing Server Failure

The SSG Default Quota for Prepaid Billing Server Failure feature enables SSG to be configured to allocate a default quota when the prepaid server fails to respond to an authorization request.

Configuring SSG Accounting

12.3(14)T

Extended Prepaid Tariff Switching for SSG

The Extended Prepaid Tariff Switch for SSG feature is used to measure the usage of specific services at various times, even when the monetary value of the volume quota does not change at the time of tariff switching.

Configuring SSG Accounting

MAC-Address-Based Authentication for SSG

The MAC-Address-Based Authentication for SSG feature allows a service provider to authorize subscriber access to services by the subscriber's MAC address, thus eliminating the need for explicit user logins between client power cycles.

Configuring SSG for MAC-Address-Based Authentication

 

On-Demand IP Address Renewal for SSG

The SSG On-Demand IP Address Renewal feature enables service providers to manage the Dynamic Host Configuration Protocol (DHCP) pool from which a subscriber's IP address is assigned.

Configuring SSG On-Demand IP Address Renewal and SSG/DHCP Awareness

SSG L2TP Dial-Out

The L2TP Dial-Out feature provides mobile users with a way to securely connect to their SOHOs through the PSTN.

Configuring SSG for Subscriber Services

SSG Support for Subnet-Based Authentication

The SSG Support for Subnet-Based Authentication feature allows a service provider to identify subscribers to services by their subnet, rather than by a subscriber's IP address.

Configuring SSG Support for Subnet-Based Authentication

12.4(15)T

SSG Mobile Wireless Enhancements

The SSG Mobile Wireless Enhancements feature describes additional functionality enhancements including accounting-on-off suppression, accounting-start ignore configuration, and Packet of Disconnect (PoD) forwarding to the Network Access Server (NAS).

SSG Mobile Wireless Enhancements