-
Cisco IOS Intelligent Service Gateway Configuration Guide, Release 12.2 SB
-
ISG Features Roadmap
-
Configuring ISG Control Policies
-
Configuring ISG Access for PPP Sessions
-
Configuring ISG Access for IP Subscriber Sessions
-
Configuring ISG Port-Bundle Host Key
-
Configuring ISG as a RADIUS Proxy
-
Configuring ISG Policies for Automatic Subscriber Logon
-
Enabling ISG to Interact with External Policy Servers
-
Configuring ISG Subscriber Services
-
Configuring ISG Network Forwarding Policies
-
Configuring ISG Accounting
-
Configuring ISG Support for Prepaid Billing
-
Configuring ISG Policies for Session Maintenance
-
Redirecting Subscriber Traffic with ISG Layer 4 Redirect
-
Configuring ISG Policies for Regulating Network Access
-
Troubleshooting ISG with Session Monitoring and Distributed Conditional Debugging
-
Configuring ISG Layer 3 Access (Cisco IOS Release 12.2(28)SB)
-
Managing ISG Subscriber IP Addresses (Cisco IOS Release 12.2(28)SB)
-
Configuring ISG VRF Transfer (Cisco IOS Release 12.2(28)SB)
-
Table Of Contents
Intelligent Service Gateway Features Roadmap
Intelligent Service Gateway Features Roadmap
First Published: March 20, 2006Last Updated: December 5, 2006This roadmap lists the features documented in the Cisco IOS Intelligent Service Gateway Configuration Guide and maps them to the modules in which they appear.
Feature, Release, and Platform Support
Table 1 lists Intelligent Service Gateway (ISG) feature support for Cisco IOS Release 12.2SB. Only features that were introduced or modified in Cisco IOS Release 12.2(28)SB or a later release appear in the table. Not all features may be supported in your Cisco IOS software release.
Cisco IOS software images are specific to a Cisco IOS software release, a feature set, and a platform. Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.
Note
Table 1 lists only the Cisco IOS software release that introduced support for a given feature in a given Cisco IOS software release train. Unless noted otherwise, subsequent releases of that Cisco IOS software release train also support that feature.
Table 1 Supported ISG Features in Cisco IOS Release 12.2SB
12.2(31)SB2
ISG:Policy Control: Policy Server: CoA ASCII Command Code Support
This feature enables ISG to receive ASCII command codes for Account Logon, Account Logoff, Service Logon, Service Logoff, and Account Status queries and to perform the required functionality based on the command code.
ISG:Policy Control: RADIUS Proxy Enhancement
The ISG RADIUS proxy feature enables ISG to serve as a proxy between a client device that uses RADIUS authentication and a AAA server. ISG RADIUS proxy functionality enables ISG to "sniff" (look at) the RADIUS packet flows and, upon successful authentication, transparently create a corresponding ISG session.
IP Subscriber Session CLI Updates
Some of the commands that are used to configure ISG IP subscriber sessions were modified or replaced in this release.
12.2(28)SB
ISG: Accounting: Per Session, Service, and Flow
ISG accounting provides means to bill for account or service usage. ISG accounting uses the RADIUS protocol to facilitate interaction between ISG and an external RADIUS-based AAA or mediation server.
ISG: Accounting: Postpaid
ISG accounting provides means to bill for account or service usage. ISG sends accounting start and stop records for sessions and services to an accounting server for postpaid billing. The accounting server interprets the records to generate bills.
ISG: Accounting: Tariff Switching
ISG accounting provides means to bill for account or service usage. Where billing rates change at fixed times and sessions are active across the boundary at which the rates change, ISG will provide accounting data to the billing server indicating the boundary. Tariff switching can also be used between accounting methods, such as switching from prepaid billing to post paid billing.
ISG: Accounting: Time-Based Prepaid
ISG prepaid billing support allows ISG to check a subscriber's available credit to determine whether to allow the subscriber access to a service and how long the access can last. ISG supports time-based prepaid billing.
ISG: Accounting: Volume-Based Prepaid
ISG prepaid billing support allows ISG to check a subscriber's available credit to determine whether to allow the subscriber access to a service and how long the access can last. ISG supports volume-based prepaid billing.
ISG: Authentication: DHCP Option 82 Line ID - AAA Authorization Support
This feature enhances ISG automatic subscriber logon by providing support for authorization on the basis of the circuit-id and remote-id.
ISG: Flow Control: Flow Redirect
The ISG Layer 4 Redirect feature enables service providers to better control the user experience by allowing subscriber TCP or UDP packets to be redirected to specified servers for appropriate handling. ISG Layer 4 redirection can be applied to individual subscriber sessions or flows.
ISG: Flow Control: QoS Control: Dynamic Rate Limiting
ISG can change the allowed bandwidth of a session or flow by dynamically applying rate-limiting policies.
ISG: Instrumentation: Advanced Conditional Debugging
ISG provides the ability to define various conditions for filtering debug output. Conditional debugging generates very specific and relevant information that can be used for session, flow, subscriber, and service diagnostics.
Troubleshooting ISG with Session Monitoring and Distributed Conditional Debugging
ISG: I nstrumentation: Session and Flow Monitoring
ISG provides a mechanism for continuously monitoring interface and CPU statistics. This feature introduces the show interface monitor and show processes cpu monitor commands, which display statistics that are updated at specified intervals.
Troubleshooting ISG with Session Monitoring and Distributed Conditional Debugging
ISG: Network Interface: IP Routed, VRF-Aware MPLS
ISG supports several types of forwarding to connect subscriber sessions to networks. These connections can be to the Internet, corporate intranets, ISPs, or walled gardens for content delivery. ISG supports both routed and MPLS-enabled interfaces for network access.
ISG: Network Interface: Tunneled (L2TP)
ISG supports several types of forwarding to connect subscriber sessions to networks. These connections can be to Internet, corporate Intranets, ISPs or walled gardens for content delivery. ISG supports tunnelled interfaces to networks.
ISG: Policy Control: Cisco Policy Language
ISG control policies are a structured replacement for feature-specific configuration commands and allow configurable functionality to be expressed in terms of an event, a condition, and an action. Control policies provide an intuitive and extensible framework, with a consistent set of CLI commands, for specifying system behavior. The ISG policy language is aligned with the Cisco Common Classification Policy Language (C3PL).
ISG: Policy Control: DHCP Proxy
This feature enables ISG to dynamically interact with DHCP and apply policies that influence the IP addresses that DHCP assigns to subscribers.
Managing ISG Subscriber IP Addresses (Cisco IOS Release 12.2(28)SB)
ISG: Policy Control: Multidimensional Identity per Session
ISG control policies provide a flexible way to collect pieces of subscriber identity during session establishment. Control policies also allow session policy to be applied iteratively as more elements of identity become available to the system.
ISG: Policy Control: Policy: Domain Based (Auto-domain, Proxy)
ISG control policies manage the primary services and rules used to enforce particular contracts. Polices can be configured to interpret the domain as a request to activate the service associated with that domain name, allowing users to automatically receive services in accordance with the domain to which they are attempting to connect.
ISG: Policy Control: Policy: Triggers
ISG control policies can be configured with time-based, volume-based, and duration-based policy triggers. Time-based triggers use an internal clock, allowing policies to be applied at specific times. Volume-based triggers are based on packet count; when the packet count reaches a specified value, the specified policy is applied. Duration-based triggers are based on an internal timer. Upon expiration of the timer, the specified policy is applied.
ISG: Policy Control: Policy Server: CoA
This feature provides ISG support for the RADIUS Change of Authorization (CoA) extension, which facilitates dynamic authorization.
ISG: Policy Control: Policy Server: SSG-SESM Protocol
ISG supports Cisco's proprietary protocol to communicate with the SESM policy server.
Cisco SSG-to-ISG DSL Broadband Migration Guide
ISG: Policy Control: Service Profiles
ISG defines a service as a collection of policies that can be applied to any subscriber session. Services can be configured on the router or on an external AAA server.
ISG: Policy Control: User Profiles
ISG user profiles specify services and functionality that should be applied to ISG sessions for the specified subscriber. User profiles are defined on an external AAA server.
ISG: Session: Auth: PBHK
The ISG Port-Bundle Host Key feature serves as an in-band signaling mechanism for session identification at external portals. TCP packets from subscribers are mapped to a local IP address for the ISG gateway and a range of ports. This mapping allows the portal to identify the ISG gateway from which the session originated.
ISG: Session: Auth: Single Sign-On
Single sign-on eliminates the need to authenticate a session more than once when a subscriber has access to services provided by other devices in the administrative domain of the access or service provider.
ISG: Session: Authentication
ISG automatic subscriber logon enables another specified identifier to be used in place of the username in authorization requests. Enabling the AAA server to authorize subscribers on the basis of a specified identifier allows subscriber profiles to be downloaded from the AAA server as soon as packets are received from subscribers.
ISG: Session: Creation: Interface IP Session: L2
ISG IP interface sessions include all IP traffic received on a specific physical or virtual interface. IP interface sessions are provisioned through the CLI; that is, a session is created when the IP interface session commands are entered.
Configuring ISG Layer 3 Access (Cisco IOS Release 12.2(28)SB)
ISG: Session: Creation: Interface IP Session: L3
ISG IP interface sessions include all IP traffic received on a specific physical or virtual interface. IP interface sessions are provisioned through the CLI; that is, a session is created when the IP interface session commands are entered.
Configuring ISG Layer 3 Access (Cisco IOS Release 12.2(28)SB)
ISG: Session: Creation: IP Session: Protocol Event (DHCP)
Most ISG sessions are created upon detection of a data flow that cannot be affiliated with an already active session. An ISG can be configured to create an IP session upon receipt of the first DHCP DISCOVER packet received from a subscriber.
Configuring ISG Layer 3 Access (Cisco IOS Release 12.2(28)SB)
ISG: Session: Creation: IP Session: Subnet and Source IP: L2
The ISG session is the primary component used for associating services and policies across specific data flows. An IP subnet session is an ISG session that includes any IP traffic from a single IP subnet . A source-IP-based session includes traffic from a single source IP address.
Configuring ISG Layer 3 Access (Cisco IOS Release 12.2(28)SB)
ISG: Session: Creation: IP Session: Subnet and Source IP: L3
The ISG session is the primary component used for associating services and policies across specific data flows. An IP subnet session is an ISG session that includes any IP traffic from a single IP subnet . A source-IP-based session includes traffic from a single source IP address.
Configuring ISG Layer 3 Access (Cisco IOS Release 12.2(28)SB)
ISG: Session: Creation: P2P Session (PPPoE, PPPoXoX)
The ISG session is the primary context to which services and policies are associated across specific data flows. Point-to-point (P2P) sessions are established through a signaling protocol. ISG handles many variants of P2P encapsulation, such as PPP, PPPoE, and PPPoA.
ISG: Session: Lifecycle: Idle Timeout
The ISG idle timeout controls how long a connection can be idle before it is terminated.
ISG: Session: Lifecycle: Packet of Disconnect (POD)
An ISG can be configured to interact with external policy servers. A policy server can use RADIUS Packet of Disconnect (POD) to manage the lifecycle of any ISG session. The primary role of the POD message is to terminate an ISG session.
ISG: Session: VRF Transfer
The ISG session is the primary component used for associating services and policies with specific data flows. ISG sessions are associated with virtual routing and forwarding instances when routing is required for the network service. ISG VRF transfer provides means to dynamically switch an active session between virtual routing domains.
Copyright © 2006 Cisco Systems, Inc. All rights reserved.
