-
Cisco IOS Intelligent Service Gateway Configuration Guide, Release 12.2 SB
-
ISG Features Roadmap
-
Configuring ISG Control Policies
-
Configuring ISG Access for PPP Sessions
-
Configuring ISG Access for IP Subscriber Sessions
-
Configuring ISG Port-Bundle Host Key
-
Configuring ISG as a RADIUS Proxy
-
Configuring ISG Policies for Automatic Subscriber Logon
-
Enabling ISG to Interact with External Policy Servers
-
Configuring ISG Subscriber Services
-
Configuring ISG Network Forwarding Policies
-
Configuring ISG Accounting
-
Configuring ISG Support for Prepaid Billing
-
Configuring ISG Policies for Session Maintenance
-
Redirecting Subscriber Traffic with ISG Layer 4 Redirect
-
Configuring ISG Policies for Regulating Network Access
-
Troubleshooting ISG with Session Monitoring and Distributed Conditional Debugging
-
Configuring ISG Layer 3 Access (Cisco IOS Release 12.2(28)SB)
-
Managing ISG Subscriber IP Addresses (Cisco IOS Release 12.2(28)SB)
-
Configuring ISG VRF Transfer (Cisco IOS Release 12.2(28)SB)
-
Table Of Contents
Configuring ISG Policies for Session Maintenance
Prerequisites for Configuring Policies for Session Maintenance
Restrictions for Configuring Policies for Session Maintenance
Information About Configuring Policies for Session Maintenance
Benefits of the Session Maintenance Timers
How to Configure the Session Maintenance Timers
Configuring the Session Timer in a Service Policy Map
Configuring the Session Timer on a AAA Server
Configuring the Connection Timer in a Service Policy Map
Configuring the Connection Timer on a AAA Server
Verifying the Session and Connection Timer Settings
Troubleshooting the Session and Connection Timer Settings
Prerequisites for Troubleshooting the Session Maintenance Timers
Restrictions for Troubleshooting the Session Maintenance Timers
Debug Commands Available for the Session Maintenance Timers
Enabling the Session Maintenance Timer Debug Commands
Configuration Examples for Session Maintenance Timers
Session Timer Configuration in a Service Policy Map: Example
Connection Idle Timer Configuration in a Service Policy Map: Example
Session Timer Show Command Output: Example
Connection Idle Timer Show Command Output: Example
Session Timer Debug Output: Example
Connection Idle Timer Debug Output: Example
Feature Information for Configuring Policies for Session Maintenance
Configuring ISG Policies for Session Maintenance
First Published: March 20, 2006Last Updated: March 20, 2006Intelligent Service Gateway (ISG) is a Cisco IOS software feature set that provides a structured framework in which edge devices can deliver flexible and scalable services to subscribers. ISG provides two commands, timeout absolute and timeout idle, that each allow control over a session and a traffic class configured on the session as defined by a service policy map. Additionally, the Internet Engineering Task Force (IETF) RADIUS attributes Session-Timeout (attribute 27) and Idle-Timeout (attribute 28) can be used in service profiles on a authentication, authorization, and accounting (AAA) server to configure the same session maintenance control.
Finding Feature Information in This Module
Your Cisco IOS software release may not support all features. To find information about feature support and configuration and platform requirements, use the "Feature Information for Configuring Policies for Session Maintenance" section.
Contents
•
Prerequisites for Configuring Policies for Session Maintenance
•
•
•
•
•
Prerequisites for Configuring Policies for Session Maintenance
For information about release and platform support, see the "Feature Information for Configuring Policies for Session Maintenance" section.
A traffic class is required only if the idle timer or session timer is being installed on a service that has a traffic class definition in it. If the timer is installed on a session or service that has no traffic class, a traffic class is not required. See the "Configuring ISG Subscriber Services" module for information about how to configure a traffic class.
Restrictions for Configuring Policies for Session Maintenance
For the idle timeout that is applied on an IP session (rather than on a PPP session), there is currently no way to specify the direction. By default, the direction in which the idle timer is applied is always outbound.
Information About Configuring Policies for Session Maintenance
Before you configure the ISG session maintenance timers, you should understand the following concepts:
•
Session Maintenance Timers
ISG provides two commands (each of which can be set independently) to maintain control over a session and its connection. The timeout absolute command controls how long a session can be connected before it is terminated. The timeout idle command controls how long a connection can be idle before it is terminated. Both commands detect both PPP and IP sessions and can be applied in a service, on a per-session basis, or in a flow. All subscriber traffic will reset the timers; however, non-network traffic such as PPP control packets will not reset the timers.
The scope of the session timers and connection timers is determined by the type of service within which the timer is specified. If specified in a service profile for which no traffic class is defined, the timer action will be to terminate the session or connection. If a traffic class specifier resides in the service profile, the timer action will be to deactivate the service.
Benefits of the Session Maintenance Timers
The PPP idle timeout functionality has been replaced by the ISG idle timeout feature. The idle timer is a generic feature that can be set to detect idle traffic in both PPP and IP sessions.
You set the idle timer in a service profile that is installed on a session to control how long that service stays installed before it is removed from the session because no traffic is flowing through that service. If the service has traffic class parameters associated with it, that traffic class is terminated when this timer expires, or when the session itself is terminated.
The same is true for the session timer, except that this timer determines how long the session or service stays up, regardless of traffic flowing through it.
How to Configure the Session Maintenance Timers
Configuring the session maintenance timers requires two separate tasks, one to set the idle timer and one to set the session timer. Either one or both of these tasks can be performed in order to set session maintenance control. The following tasks show how to set these timers in a service policy map and in a RADIUS AAA server profile:
•
•
•
•
•
•
Configuring the Session Timer in a Service Policy Map
Perform this task to set the session timer in a service policy map.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
DETAILED STEPS
What to Do Next
You may want to configure a method of activating the service policy map or service profile; for example, control policies can be used to activate services. For more information about methods of service activation, see the module "Configuring ISG Subscriber Services."
Configuring the Session Timer on a AAA Server
Perform this task to set the session timer on a AAA server profile.
SUMMARY STEPS
1.
DETAILED STEPS
Step 1
Session-Timeout=duration-in-seconds
Sets the IETF RADIUS session timer (attribute 27) in a user or service profile, in a range from 30 to 4294967 seconds.
Configuring the Connection Timer in a Service Policy Map
Perform this task to set the connection timer in a service policy map.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
DETAILED STEPS
What to Do Next
You may want to configure a method of activating the service policy map or service profile; for example, control policies can be used to activate services. For more information about methods of service activation, see the module "Configuring ISG Subscriber Services."
Configuring the Connection Timer on a AAA Server
Perform this task to set the connection timer on a AAA server profile.
SUMMARY STEPS
1.
DETAILED STEPS
Step 1
Idle-Timeout=duration-in-seconds
Sets IETF RADIUS (attribute 28) in a user or service profile, in a range from 1 to 4294967 seconds.
Verifying the Session and Connection Timer Settings
Perform this task to verify that the timers have been installed correctly.
SUMMARY STEPS
1.
2.
3.
DETAILED STEPS
Troubleshooting the Session and Connection Timer Settings
The following sections list the debug commands that can be used to troubleshoot the session maintenance timers and describes the tasks you perform to enable them:
•
•
•
•
Prerequisites for Troubleshooting the Session Maintenance Timers
Before performing the task in this section, it is recommended that you be familiar with the use of Cisco IOS debug commands described in the introductory chapters of the Cisco IOS Debug Command Reference, Release 12.3T. Also see the module "Troubleshooting ISG with Session Monitoring and Distributed Conditional Debugging."
Restrictions for Troubleshooting the Session Maintenance Timers
Caution
Debug Commands Available for the Session Maintenance Timers
Table 17 lists the debug commands that can be used to diagnose problems with the session maintenance timers.
Enabling the Session Maintenance Timer Debug Commands
Perform this task to enable the session maintenance timer debug commands.
SUMMARY STEPS
1.
2.
3.
DETAILED STEPS
Step 1
enable
Example:Router> enable
Enables higher privilege levels, such as privileged EXEC mode.
•
Step 2
debug command
Example:Router# debug subscriber feature name session-timer error
Enter one or more of the debug commands listed in Table 17.
•
Step 3
end
Example:Router# end
Exits privileged EXEC mode.
Configuration Examples for Session Maintenance Timers
This section contains the following examples:
•
•
•
•
•
•
Session Timer Configuration in a Service Policy Map: Example
The following example limits session time in a service policy map to 4800 seconds (80 minutes):
class-map type traffic match-any traffic-classmatch access-group input 101match access-group output 102policy-map type service video-serviceclass traffic-classpolice input 20000 30000 60000police output 21000 31500 63000timeout absolute 4800class type traffic defaultdropConnection Idle Timer Configuration in a Service Policy Map: Example
The following example limits idle connection time in a service policy map to 30 seconds:
class-map type traffic match-any traffic-classmatch access-group input 101match access-group output 102policy-map type service video-serviceclass type traffic traffic-classpolice input 20000 30000 60000police output 21000 31500 63000timeout idle 30class type traffic defaultdropSession Timer Show Command Output: Example
The following example shows the settings for the session timer displayed by the show subscriber session all privileged EXEC command. Reports of interest are highlighted in bold text.
Current Subscriber Information: Total sessions 1--------------------------------------------------Unique Session ID: 3Identifier: user01SIP subscriber access type(s): PPPoE/PPPCurrent SIP options: Req Fwding/Req FwdedSession Up-time: 00:02:50, Last Changed: 00:02:53AAA unique ID: 4Interface: Virtual-Access2.1Policy information:Context 02DE7380: Handle 1B000009Authentication status: authenUser profile, excluding services:Framed-Protocol 1 [PPP]username "user01"Framed-Protocol 1 [PPP]username "user01"Prepaid context: not presentNon-datapath features:Feature: Session TimeoutTimeout value is 180000 secondsTime remaining is 2d01hConfiguration sources associated with this session:Interface: Virtual-Template1, Active Time = 00:02:52Connection Idle Timer Show Command Output: Example
The following example shows the settings for the idle timer as displayed by the show subscriber session all privileged EXEC command. Reports of interest are highlighted in bold text.
Current Subscriber Information: Total sessions 1--------------------------------------------------Unique Session ID: 4Identifier: user01SIP subscriber access type(s): PPPoE/PPPCurrent SIP options: Req Fwding/Req FwdedSession Up-time: 00:01:44, Last Changed: 00:01:46AAA unique ID: 5Interface: Virtual-Access2.1Policy information:Context 02DE7380: Handle AD00000CAuthentication status: authenUser profile, excluding services:Framed-Protocol 1 [PPP]username "user01"Framed-Protocol 1 [PPP]username "user01"Prepaid context: not presentSession outbound features:Feature: PPP Idle TimeoutTimeout value is 2000Idle time is 00:01:44Configuration sources associated with this session:Interface: Virtual-Template1, Active Time = 00:01:47Session Timer Debug Output: Example
The following example shows output when the session timer debug commands (debug subscriber feature error, debug subscriber feature event, debug subscriber feature name session-timer error, and debug subscriber feature name session-timer event) are enabled. Reports of interest are highlighted in bold text.
*Jan 12 18:38:51.947: SSF[Vi2.1/Abs Timeout]: Vaccess interface configupdate; not per-user, ignore*Jan 12 18:38:53.195: SSF[Vt1/uid:3]: Install interface configuredfeatures*Jan 12 18:38:53.195: SSF[Vt1/uid:3]: Associate segment element handle0x95000002 for session 1191182344, 1 entries*Jan 12 18:38:53.195: SSF[Vt1/uid:3/Abs Timeout]: Group feature install*Jan 12 18:38:53.195: SSF[uid:3/Abs Timeout]: Adding feature to none segment(s)Connection Idle Timer Debug Output: Example
The following example shows output when the idle timer debug commands (debug subscriber feature error, debug subscriber feature event, debug subscriber feature name idle-timer error, and debug subscriber feature name idle-timer event) are enabled. Reports of interest are highlighted in bold text.
*Jan 12 18:43:15.167: SSF[Vt1/uid:4]: Install interface configuredfeatures*Jan 12 18:43:15.167: SSF[Vt1/uid:4]: Associate segment element handle0xF4000003 for session 67108875, 1 entries*Jan 12 18:43:15.167: SSF[Vt1/uid:4/Idle Timeout]: Group feature install*Jan 12 18:43:15.167: SSF[uid:4/Idle Timeout]: Adding feature to outboundsegment(s)*Jan 12 18:43:15.167: Idle Timeout[uid:4]: Idle timer start, duration 2000seconds, direction: outbound*Jan 12 18:43:16.327: SSM FH: [SSS:PPPoE:8198:Idle Timeout:4097] created02DFFDD8*Jan 12 18:43:16.327: SSM FH: [SSS:PPPoE:8198:Idle Timeout:4097] added02DFFDD8 [outbound]*Jan 12 18:43:16.327: SSM FH: [SSS:PPPoE:8198:Idle Timeout:4097]installed: ok*Jan 12 18:43:16.327: SSM FH: [SSS:PPPoE:8198:Idle Timeout:4097]installed: ok*Jan 12 18:43:19.147: SSM FH: [SSS:PPPoE:8198:Idle Timeout:4097] boundAdditional References
The following sections provide references related to session maintenance timers.
Related Documents
Technical Assistance
Feature Information for Configuring Policies for Session Maintenance
Table 18 lists the features in this module and provides links to specific configuration information. Only features that were introduced or modified in Cisco IOS Release 12.2(28)SB or later releases appear in the table. If you are looking for information on a feature in this technology that is not documented here, see the "Intelligent Service Gateway Features Roadmap."
Not all commands may be available in your Cisco IOS software release. For details on when support for specific commands was introduced, see the command reference documents.
Cisco IOS software images are specific to a Cisco IOS software release, a feature set, and a platform. Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.
Note
Copyright © 2006 Cisco Systems, Inc. All rights reserved.
