Cisco IOS Service Selection Gateway Configuration Guide, Release 12.4
Configuring SSG for On-Demand IP Address Renewal
Downloads: This chapterpdf (PDF - 180.0KB) The complete bookPDF (PDF - 3.64MB) | Feedback

Configuring SSG On-Demand IP Address Renewal and SSG/DHCP Awareness

Table Of Contents

Configuring SSG On-Demand IP Address Renewal and SSG/DHCP Awareness

Finding Feature Information

Contents

Prerequisites for SSG On-Demand IP Address Renewal and SSG/DHCP Awareness

Restrictions for SSG On-Demand IP Address Renewal and SSG/DHCP Awareness

Information About SSG On-Demand IP Address Renewal and SSG/DHCP Awareness

Overview of SSG On-Demand IP Address Renewal

Overview of SSG/DHCP Awareness

DHCP Notification for SSG On-Demand IP Address Renewal and SSG/DHCP Awareness

SSG On-Demand IP Address Renewal and SSG/DHCP Awareness Packet Flow

Benefits of SSG On-Demand IP Address Renewal and SSG/DHCP Awareness

SSG/DHCP Awareness Packet Flow

Benefits of SSG/DHCP Awareness

How to Configure SSG On-Demand IP Address Renewal and SSG/DHCP Awareness

Configuring SSG On-Demand IP Address Renewal and SSG/DHCP Awareness

Verifying and Troubleshooting SSG On-Demand IP Address Renewal and SSG/DHCP Awareness

Verifying a Subscriber's IP Address

Example

Displaying Subscriber Login Events and Errors for the SSG On-Demand IP Address Renewal and SSG/DHCP Awareness Feature

Example

Configuration Examples for SSG On-Demand IP Address Renewal and SSG/DHCP Awareness

Configuring SSG On-Demand IP Address Renewal and SSG/DHCP Awareness: Example

Feature Information for SSG On-Demand IP Address Renewal and SSG/DHCP Awareness


Configuring SSG On-Demand IP Address Renewal and SSG/DHCP Awareness


First Published: May 2, 2005
Last Updated: October 2, 2009

Note Effective with Cisco IOS Release 15.0(1)M, this feature is not available in Cisco IOS software.


The SSG On-Demand IP Address Renewal and SSG/DHCP Awareness feature enables service providers to manage the Dynamic Host Configuration Protocol (DHCP) pool from which a subscriber's IP address is assigned. By receiving an IP address through DHCP rather than through Network Address Translation (NAT), subscribers can access services that require a dynamically assigned IP address through the Cisco Service Selection Gateway (SSG).

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the "Feature Information for SSG On-Demand IP Address Renewal and SSG/DHCP Awareness" section.

Use Cisco Feature Navigator to find information about platform support and Cisco IOS and Catalyst OS software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.

Contents

Prerequisites for SSG On-Demand IP Address Renewal and SSG/DHCP Awareness

Restrictions for SSG On-Demand IP Address Renewal and SSG/DHCP Awareness

Information About SSG On-Demand IP Address Renewal and SSG/DHCP Awareness

How to Configure SSG On-Demand IP Address Renewal and SSG/DHCP Awareness

Configuration Examples for SSG On-Demand IP Address Renewal and SSG/DHCP Awareness

Feature Information for SSG On-Demand IP Address Renewal and SSG/DHCP Awareness

Prerequisites for SSG On-Demand IP Address Renewal and SSG/DHCP Awareness

SSG must be enabled before on-demand IP address renewal can be configured.

DHCP must be enabled on the router that is hosting SSG or on another router with SSG acting as a DHCP relay agent.

Restrictions for SSG On-Demand IP Address Renewal and SSG/DHCP Awareness

Subscribers cannot connect to two or more services simultaneously when each service requires that the subscriber's IP address be assigned from a different pool.

Information About SSG On-Demand IP Address Renewal and SSG/DHCP Awareness

To configure the SSG On-Demand IP Address Renewal and SSG/DHCP Awareness feature, you should understand the following concepts:

Overview of SSG On-Demand IP Address Renewal

Overview of SSG/DHCP Awareness

DHCP Notification for SSG On-Demand IP Address Renewal and SSG/DHCP Awareness

SSG On-Demand IP Address Renewal and SSG/DHCP Awareness Packet Flow

Benefits of SSG On-Demand IP Address Renewal and SSG/DHCP Awareness

SSG/DHCP Awareness Packet Flow

Benefits of SSG/DHCP Awareness

Overview of SSG On-Demand IP Address Renewal

SSG implements Layer 3 service selection through selective routing of IP packets to destination networks on a per-subscriber basis. It uses the subscriber's IP address to identify the subscriber session. A subscriber's computer may have a static IP address or may request an IP address via DHCP or from a RADIUS server. When the SSG On-Demand IP Address Renewal and SSG/DHCP Awareness feature is not configured, SSG performs network address translation (NAT) between the IP address assigned by the service provider with the original IP address of the subscriber.

With the SSG On-Demand IP Address Renewal and SSG/DHCP Awareness feature, you can configure SSG to force a subscriber to request an IP address directly from a service provider. The IP address request process is described in the "SSG On-Demand IP Address Renewal and SSG/DHCP Awareness Packet Flow" section.

Overview of SSG/DHCP Awareness

When a subscriber's router acts either as an IOS DHCP server or an IOS DHCP relay agent and the subscriber is a DHCP client, then configuring SSG/DHCP awareness will remove the SSG host object. When an active host object receives a DHCPRELEASE or when the DHCP lease for an active host object expires, the SSG host object is removed.

It is possible to reuse a session without configuring SSG/DHCP awareness because SSG is not notified of IOS DHCP server events.

DHCP Notification for SSG On-Demand IP Address Renewal and SSG/DHCP Awareness

Because the SSG On-Demand IP Address Renewal and SSG/DHCP Awareness feature utilizes DHCP to provide a subscriber's IP address, the router on which SSG is running must either run the DHCP server feature or act as a DHCP relay agent.

The Cisco IOS DHCP Server feature is a full DHCP server implementation that assigns and manages IP addresses from specified address pools within the router to DHCP clients.

A DHCP relay agent is any host that forwards DHCP packets between clients and servers. Relay agents are used to forward requests and replies between clients and servers when they are not on the same physical subnet. Relay agent forwarding is distinct from the normal forwarding of an IP router, where IP datagrams are switched between networks somewhat transparently. Relay agents receive DHCP messages and then generate a new DHCP message to send out on another interface.

The Cisco IOS DHCP relay agent supports the use of unnumbered interfaces. The DHCP relay agent automatically adds a static host route specifying the unnumbered interface as the outbound interface.

For optimal performance, Cisco recommends that the router running SSG also function as a DHCP relay agent, with the DHCP server running on a separate platform.

For more details about configuring DHCP, see the "Configuring DHCP" chapter in Part 1 of the Cisco IOS IP Addressing Services Configuration Guide, and the Configuring DHCP Enhancements for Edge-Session Management feature.

SSG On-Demand IP Address Renewal and SSG/DHCP Awareness Packet Flow

Figure 1 is a diagram of a simple network topology that supports on-demand IP address renewal for SSG. In this sample configuration, the router running SSG also acts as the DHCP relay agent, whereas the DHCP server is running on a separate platform.

Figure 1 Simple On-Demand IP Address Renewal Network Topology

In on-demand IP address renewal, the following events occur:

1. On bootup, a subscriber's computer sends a DHCPDISCOVER request to the DHCP relay agent. The DHCP relay agent forwards the DHCPDISCOVER request to the DHCP server.

2. The DHCP server assigns the subscriber a short lease-time IP address from the private address pool in a DHCPOFFER response, which is passed through SSG to the subscriber.

3. The subscriber's computer sends a DHCPREQUEST to the DHCP server, which responds with a DHCPACK to acknowledge receipt of the request and start the lease.

4. The DHCP relay agent informs SSG about this event by invoking the reg_invoke_dhcpd_address_assignment_notify() registry call. Since there is not yet a host object for the subscriber, SSG ignores this event. If transparent autologon (TAL) is enabled, however, SSG will trigger TAL for this IP address. The TAL authorization request will contain the MAC address of the user in RADIUS attribute 31.

5. Upon receipt of DHCPACK, the subscriber can log in to his or her account and service. When the subscriber logs in to a service for which an ISP-supplied IP address is mandated in the service profile, SSG triggers the DHCP relay agent to terminate the current lease and force the subscriber's computer to rediscover an IP address.

6. The subscriber's computer sends a new DHCPREQUEST to the DHCP relay agent.

7. The DHCP relay agent replies with a DHCPNAK message, forcing the subscriber's computer to send a new DHCPDISCOVER message.

8. Upon receipt of the new DHCPDISCOVER request, the DHCP relay agent informs SSG, which replies with the class name of the service.

9. The DHCP relay agent then forwards the DHCPDISCOVER request and class name to the DHCP server.

10. The DHCP server assigns an IP address from the service provider's address pool and sends a DHCPOFFER message to the subscriber's computer. The subscriber's computer replies with a DHCPREQUEST message, passed transparently through SSG.

11. The DHCP server sends a DHCPAK containing an IP address from the service provider's address pool. This IP address will have a finite lease time, typically a few minutes.

12. The DHCP relay agent informs SSG about the IP address assignment. SSG creates a host object for this new IP address and sends an Accounting-Start packet. SSG then removes the host object initially created for the IP address assigned from the private address pool (Step 2) and sends an Accounting-Stop packet.

13. When finished using the service, the subscriber may disconnect in one of two ways:

a. By logging out of the service. SSG informs the DHCP relay agent, which begins the process to forces the subscriber's computer to rediscover an IP address in the private address pool.

b. By sending a DHCPRELEASE message (for instance, if the subscriber shuts down the computer). The DHCP relay agent informs SSG, which removes the host object of this subscriber.

Benefits of SSG On-Demand IP Address Renewal and SSG/DHCP Awareness

The principal benefit of the SSG On-Demand IP Address Renewal and SSG/DHCP Awareness feature is to allow service providers to manage subscriber access to services using SSG while retaining the ability to assign an IP address from a pool configured for a specific service.

For Ethernet access subscribers, service providers can provide a short-term lease of an IPv4 address, and then, after authentication, provide a new IP address through DHCP. This two-stage IP address allocation process allows a service provider to reduce the number of assigned IPv4 addresses.

SSG/DHCP Awareness Packet Flow

In SSG/DHCP Awareness, the following events occur:

1. On bootup, a subscriber's computer sends a DHCPDISCOVER request to the DHCP server or DHCP relay agent. If SSG is a DHCP relay agent, the DHCP relay agent forwards the DHCPDISCOVER request to the DHCP server.

2. The DHCP server assigns the subscriber an IP address in a DHCPOFFER response.

3. The subscriber's computer sends a DHCPREQUEST to the DHCP server, which responds with a DHCPACK to acknowledge the receipt of the request and start the lease.

4. If SSG is a DHCP relay agent, the DHCP relay agent informs SSG about this event by invoking the reg_invoke_dhcpd_address_assignment_notify() registry call. Since there is not yet a host object for the subscriber, SSG ignores this event.

5. Upon receipt of DHCPACK, the subscriber can log in to his or her account and service.

6. When finished using the service, the subscriber may disconnect in one of the three ways:

a. By logging out of the service. Also called a graceful logout.

b. By sending a DHCPRELEASE message (for instance, if the subscriber shuts down the computer). The DHCP relay agent informs SSG, which removes the host object of this subscriber.

c. A non-graceful disconnect in which the client neither logs out of the service nor sends a DHCPRELEASE message. In this event, the subscribers to the SSG host object will be removed when the DHCP lease associated with the host object's IP address expires.

Benefits of SSG/DHCP Awareness

Configuring SSG/DHCP awareness prevents session reuse. Session reuse is possible without configuring SSG/DHCP awareness because SSG will not be notified about the IOS DHCP server events.

How to Configure SSG On-Demand IP Address Renewal and SSG/DHCP Awareness

This section contains the following tasks:

Configuring SSG On-Demand IP Address Renewal and SSG/DHCP Awareness (required)

Verifying and Troubleshooting SSG On-Demand IP Address Renewal and SSG/DHCP Awareness

Configuring SSG On-Demand IP Address Renewal and SSG/DHCP Awareness

Perform this task to configure the SSG On-Demand IP Address Renewal and SSG/DHCP Awareness feature.

SUMMARY STEPS

1. enable

2. configure terminal

3. ssg intercept dhcp

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

ssg intercept dhcp

Example:

Router(config)# ssg intercept dhcp

Configures SSG to force a subscriber's computer, upon logging in to an ISP service, to request an IP address from the DHCP pool associated with the service profile.

Configures SSG to perform a logout when a DHCPRELEASE is received for an SSG host object or when the DHCP lease expires for an IP address associated with an SSG host object.

Verifying and Troubleshooting SSG On-Demand IP Address Renewal and SSG/DHCP Awareness

The following tasks display configuration and event information when the SSG On-Demand IP Address Renewal and SSG/DHCP Awareness feature is enabled:

Verifying a Subscriber's IP Address

Displaying Subscriber Login Events and Errors for the SSG On-Demand IP Address Renewal and SSG/DHCP Awareness Feature

Verifying a Subscriber's IP Address

Perform this task to verify a subscriber's IP address.

SUMMARY STEPS

1. enable

2. show ssg host [ip-address | count | username]

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

show ssg host [ip-address | count | username]

Example:
Router# show ssg host username

Displays information about a Service Selection Gateway (SSG) subscriber and the current connections of the subscriber.

Use this command with the username keyword to display all host usernames and IP addresses.

Use this command with the subscriber's IP address as the ip-address argument to display information about an individual subscriber.

Example

The following is sample output from the show ssg host username command:

Router# show ssg host username

1:10.3.1.1        (active) Host name:pppoauser
2:10.3.6.1        (active) Host name:ssguser2

### Total HostObject Count(including inactive hosts):2

Displaying Subscriber Login Events and Errors for the SSG On-Demand IP Address Renewal and SSG/DHCP Awareness Feature

Perform this task to display subscriber login events and errors when the SSG On-Demand IP Address Renewal and SSG/DHCP awareness feature is enabled.

SUMMARY STEPS

1. enable

2. debug ssg dhcp {error | event} [ip-address]

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

debug ssg dhcp {error | event} [ip-address]

Example:
Router# debug ssg dhcp event 209.165.200.225

To limit the display of information to a specific subscriber, enter the subscriber's IP address as the ip-address argument. Use the error keyword to display only error messages, or the event keyword to display only event messages.

Example

The following is sample output from the debug ssg dhcp event command:

Router# debug ssg dhcp event 209.165.200.225

SSG DHCP awareness events debugging is on

2d20h: SSG-DHCP-EVN: DHCP-DISCOVER event received. SSG-dhcp awareness feature enabled
2d20h: SSG-DHCP-EVN:209.165.200.225: Get pool name called for 000c.31ea.a9c0
2d20h: SSG-DHCP-EVN: Get pool class called, class name = ISP_svc1


### Total HostObject Count(including inactive hosts):2

Configuration Examples for SSG On-Demand IP Address Renewal and SSG/DHCP Awareness

This section contains the following configuration example:

Configuring SSG On-Demand IP Address Renewal and SSG/DHCP Awareness: Example

Configuring SSG On-Demand IP Address Renewal and SSG/DHCP Awareness: Example

The following example shows a simple configuration to enable SSG to support on-demand IP address renewal:

enable
 configure terminal
 ssg intercept dhcp

Feature Information for SSG On-Demand IP Address Renewal and SSG/DHCP Awareness

Table 1 lists the features in this module and provides links to specific configuration information. Only features that were introduced or modified in Cisco IOS Release 12.3(14)T or a later release appear in the table.

For information on a feature in this technology that is not documented here, see the Service Selection Gateway Features Roadmap.

Not all commands may be available in your Cisco IOS software release. For release information about a specific command, see the command reference documentation.

Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which Cisco IOS and Catalyst OS software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.


Note Table 1 lists only the Cisco IOS software release that introduced support for a given feature in a given Cisco IOS software release train. Unless noted otherwise, subsequent releases of that Cisco IOS software release train also support that feature.


Table 1 Feature Information for SSG On-Demand IP Address Renewal and SSG/DHCP Awareness

Feature Name
Releases
Feature Configuration Information

SSG On-Demand IP Address Renewal and SSG/DHCP Awareness

12.3(14)T
12.4
15.0(1)M

The SSG On-Demand IP Address Renewal and SSG/DHCP Awareness feature enables service providers to manage the Dynamic Host Configuration Protocol (DHCP) pool from which a subscriber's IP address is assigned.

The following sections provide information about this feature:

Overview of SSG On-Demand IP Address Renewal

Overview of SSG/DHCP Awareness

DHCP Notification for SSG On-Demand IP Address Renewal and SSG/DHCP Awareness

SSG On-Demand IP Address Renewal and SSG/DHCP Awareness Packet Flow

Benefits of SSG On-Demand IP Address Renewal and SSG/DHCP Awareness

SSG/DHCP Awareness Packet Flow

Benefits of SSG/DHCP Awareness

Configuring SSG On-Demand IP Address Renewal and SSG/DHCP Awareness

Verifying and Troubleshooting SSG On-Demand IP Address Renewal and SSG/DHCP Awareness

Configuring SSG On-Demand IP Address Renewal and SSG/DHCP Awareness: Example

The following commands were introduced or modified by this feature: debug ssg dhcp, ssg intercept dhcp.

This feature was removed in Cisco IOS Release 15.0(1)M.