-
This documentation has been moved
-
Intelligent Services Gateway Features Roadmap
-
Overview of ISG
-
Configuring ISG Control Policies
-
Configuring ISG Access for PPP Sessions
-
Configuring ISG Access for IP Subscriber Sessions
-
MQC Support for IP Sessions
-
Configuring ISG Port-Bundle Host Key
-
Configuring ISG as a RADIUS Proxy
-
RADIUS-Based Policing
-
Configuring ISG Policies for Automatic Subscriber Logon
-
Enabling ISG to Interact with External Policy Servers
-
Configuring ISG Subscriber Services
-
Configuring ISG Network Forwarding Policies
-
Configuring ISG Accounting
-
Configuring ISG Support for Prepaid Billing
-
Configuring ISG Policies for Session Maintenance
-
Redirecting Subscriber Traffic Using ISG Layer 4 Redirect
-
Configuring ISG Policies for Regulating Network Access
-
Configuring ISG Integration with SCE
-
Service Gateway Interface
-
Troubleshooting ISG with Session Monitoring and Distributed Conditional Debugging
-
Table Of Contents
Prerequisites for ISG Accounting
Restrictions for ISG Accounting
Information About ISG Accounting
ISG Accounting Messages on ANCP Ports
How to Configure ISG Accounting
Enabling ISG Per-Session Accounting
Enabling Per-Session Accounting in a User Profile on a AAA Server
Enabling ISG Per-Flow Accounting
Enabling Per-Flow Accounting in a Service Profile on the AAA Server
Enabling Per-Flow Accounting in a Service Policy Map on the Router
Enabling ISG Per-Service Accounting
Enabling Per-Service Accounting on the ISG
Configuring RADIUS for Service Activation and Deactivation
Enabling Per-Service Accounting in a Service Profile on a AAA Server
Enabling Per-Service Accounting in a Service Policy Map on the Router
Configuring ISG Postpaid Tariff Switching
Verifying ISG Accounting and Postpaid Tariff Switching
Display Information About a Subscriber Session
Display AAA Subscriber Sessions
Display AAA Information for Subscribers
Display Information About ISG Postpaid Tariff Switching
Configuration Examples for ISG Accounting
Per-Service Accounting: Example
Per-Service Accounting on ISG: Example
ISG Postpaid Tariff Switching: Examples
Feature Information for ISG Accounting
Configuring ISG Accounting
First Published: March 20, 2006Last Updated: May 6, 2010Intelligent Services Gateway (ISG) is a Cisco IOS and Cisco IOS XE software feature set that provides a structured framework in which edge devices can deliver flexible and scalable services to subscribers. This module describes how to configure ISG accounting, including per-session accounting or per-flow accounting, per-service accounting, broadcast accounting, and postpaid tariff switching.
Finding Feature Information
For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the "Feature Information for ISG Accounting" section.
Use Cisco Feature Navigator to find information about platform support and Cisco IOS XE software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Contents
•
Prerequisites for ISG Accounting
•
•
•
•
•
Prerequisites for ISG Accounting
For information about release and platform support, see the "Feature Information for ISG Accounting" section.
Restrictions for ISG Accounting
ISG accounting supports only the RADIUS protocol.
If authentication, authorization, and accounting (AAA) broadcast accounting is used in conjunction with periodic accounting, you cannot configure different accounting periods for different accounting groups.
Information About ISG Accounting
Before you configure ISG accounting, you should understand the following concepts:
Overview of ISG Accounting
ISG supports per-session, per-service, and per-flow accounting. Per-session accounting is the aggregate of all the flow traffic for a session. Per-session accounting can be enabled in a user profile. Per-service accounting can be enabled in a service profile or service policy map.
Per-flow accounting, which accounts for a subset of session traffic as defined by a traffic class, is enabled in a service profile or service policy map. When per-flow accounting is configured, the Parent-Session-ID vendor-specific attribute (VSA) is included in accounting records so that per-session and per-flow accounting records can be correlated in the RADIUS server.
When accounting is configured in a user profile, the service name attribute is not included in accounting records.
Session accounting is enabled if the aaa accounting network default command is configured and a AAA method list is specified. (It is recommended that you use a named method list rather than the default method list.) Flow accounting is disabled by default and will take place only if a AAA method list is specified in the service profile or service policy map. ISG accounting sends Accounting-Start, interim, and Accounting-Stop records to the specified AAA method list.
Per-service accounting allows RADIUS to track when services become active and stop within a subscriber session. Per-service accounting is the aggregate of all flow traffic for the duration of the service. Using this feature, the router includes all activated services for the session in a single accounting start message. When per-service accounting is configured, the service name and Parent-Session-ID attributes are included in accounting records.
ISG Accounting Messages on ANCP Ports
Accounting messages sent by ISG for sessions on an Access Node Control Protocol (ANCP) port contain the following AAA attributes: nas-tx-speed, nas-tx-speed-bps, nas-rx-speed, and nas-rx-speed-bps. ISG retrieves the values for these attributes from the Digital Subscriber Line Access Multiplexer (DSLAM) ANCP notification sent to ISG or from the Quality of Service (QoS) policy configured on the interface.
When an ANCP port is in an UP state, the attribute values are taken from the DSLAM ANCP notification sent to ISG. If the ANCP port state changes to a DOWN state, the ANCP accounting messages will continue to contain the AAA attributes sent in the DSLAM notification.
If the ANCP-port state has never been set to the UP state, ISG can retrieve the nas-tx-speed, nas-tx-speed-bps, nas-rx-speed, and nas-rx-speed-bps AAA attributes from the QoS policy on that interface.
In order to retrieve the AAA attributes from the QoS policy, the policy must be configured prior to the configuration of the ANCP neighbor, otherwise ISG uses the previous values (if any) for the AAA attributes when a session is established.
If the QoS policy values are changed, ISG continue to use the previous values until the ANCP neighbor is removed and reconfigured.
Accounting Records
ISG accounting uses the RADIUS protocol to facilitate interaction between ISG and an external RADIUS-based AAA or mediation server. ISG sends accounting records with the associated attributes to the AAA accounting method list when the following events occur: account logon, account logoff, service logon, and service logoff. The accounting server can be configured to interpret the records to generate bills for postpaid sessions.
Account Logon and Logoff
ISG sends a RADIUS Accounting-Request record to the specified AAA method list when a subscriber logs onto or off of ISG. The Acct-Status-Type attribute included in the Accounting-Request record indicates if the record marks the start (commencement) of the subscriber session or the stop (termination) of the session.
When the aaa accounting command is enabled with the system, default, start-stop, and group keywords, accounting records are sent to the AAA server. When a subscriber logs on, ISG sends an Accounting-Start record to the AAA server. When a subscriber logs off, ISG sends an Accounting-Stop record.
Service Logon and Logoff
ISG sends a RADIUS Accounting-Start record to the AAA server when a service is activated for a subscriber, and it sends an Accounting-Stop record when a service is deactivated. The record contains a different accounting session ID from the accounting session ID of the parent session.
The Acct-Status-Type attribute included in the Accounting-Request record indicates whether the record marks the start or the end of the service. The name of the service is included in accounting records for service logon and logoff.
Accounting records may be sent for events other than account and service logon and logoff. See the "Configuring Accounting" chapter of the Cisco IOS XE Security Configuration Guide, for more information.
Interim Accounting Updates
ISG supports interim (intermittent) RADIUS accounting updates, which work the same way as "watchdog" RADIUS accounting. Accounting updates are sent between the times that ISG sends Accounting-Start and Accounting-Stop records.
ISG supports two types of interim accounting: accounting updates for new information (such as a new IP address) and periodic accounting, in which accounting records are sent at a configurable interval.
Interim accounting for new information can be enabled or disabled globally. Periodic accounting can be enabled for specific contexts, such as globally, in user profiles, and in services.
Broadcast Accounting
ISG supports AAA broadcast accounting, which is the ability to send user accounting records to multiple RADIUS servers. AAA broadcast accounting provides service providers with geographical redundancy for RADIUS servers, and provides accounting records to partners in wholesale models. For information about configuring AAA broadcast accounting, see the "Configuring Accounting" chapter in the "Authentication, Authorization, and Accounting" part of the Cisco IOS XE Security Configuration Guide.
Postpaid Tariff Switching
ISG postpaid tariff switching allows changes in tariffs during the lifetime of a connection. This feature applies to time-based or volume-based postpaid sessions in which the tariff changes at certain times of the day.
Typically, a service provider would use postpaid tariff switching to offer different tariffs to a subscriber while the subscriber is still connected; for example, changing a subscriber to a less expensive tariff during off-peak hours.
To handle tariff switches for postpaid connections, the accounting packets log the usage information during the various tariff-switch intervals. The service profile contains a weekly tariff-switch plan detailing the times of day at which tariff changes occur. ISG monitors the usage at every tariff-switch point and records this information in interim accounting records. The billing server monitors all interim accounting updates and obtains the information about the traffic sent at each tariff rate.
Note
How to Configure ISG Accounting
Perform one or more of the following tasks to configure ISG accounting:
•
•
•
•
•
Enabling ISG Per-Session Accounting
Per-session accounting can be configured in the following configuration sources:
•
This procedure contains the following sections:
•
Prerequisites
ISG sends accounting records to the authentication, authorization, and accounting (AAA) method list specified in the user profile, service profile, or service policy map. The tasks in this section assume that you have configured a AAA method list by using the aaa accounting command. See the Cisco IOS Security Command Reference for more information.
AAA servers must be configured to support ISG accounting.
Enabling Per-Session Accounting in a User Profile on a AAA Server
Use the attributes in this procedure to enable per-session accounting in a user profile on a AAA server. When accounting is configured in the user profile instead of the service profile, the Service Name attribute does not appear in the accounting.
SUMMARY STEPS
1.
2.
DETAILED STEPS
Step 1
Add the Accounting attribute to the user profile. This attribute enables accounting and specifies the AAA method list to which accounting updates will be sent.
Step 2
(Optional) Add the Acct-Interim-Interval (attribute 85) to the user profile. This attribute specifies the number of seconds between interim updates.
What to Do Next
You may want to configure a method of activating the service policy map or service profile; for example, control policies can be used to activate services. For more information about methods of service activation, see the module "Configuring ISG Subscriber Services."
Troubleshooting Tips
The following commands can be used to troubleshoot ISG accounting:
•
•
•
Enabling ISG Per-Flow Accounting
ISG per-flow accounting can be configured in the following configuration sources:
•
•
This procedure contains the following sections:
•
•
Prerequisites
ISG sends accounting records to the authentication, authorization, and accounting (AAA) method list specified in the user profile, service profile, or service policy map. The tasks in this section assume that you have configured a AAA method list by using the aaa accounting command. See the Cisco IOS Security Command Reference for more information.
AAA servers must be configured to support ISG accounting.
Enabling Per-Flow Accounting in a Service Profile on the AAA Server
Perform this task to configure per-flow accounting in a service profile on the AAA server.
Prerequisites
This task assumes that you have defined IP access lists for specifying traffic.
SUMMARY STEPS
1.
2.
3.
DETAILED STEPS
Step 1
Add the ISG Traffic Class attribute to the service profile. This attribute specifies input and output traffic to which the service will apply. Both an input and output traffic classifier can be added to a service profile.
Step 2
Add the Accounting attribute to the service profile on the AAA server. This attribute enables accounting and specifies the AAA method list to which accounting updates will be sent. The AAA method list must be configured.
Note
Step 3
(Optional) Add the IETF RADIUS attribute Acct-Interim-Interval (attribute 85) to the service profile on the AAA server. This attribute specifies the number of seconds between interim updates.
Enabling Per-Flow Accounting in a Service Policy Map on the Router
Perform this task to enable accounting in a local service policy map for a specific flow.
Prerequisites
This task assumes that you have defined a traffic class map and associated IP access lists. See the module "Configuring ISG Subscriber Services" for more information about configuring traffic classes.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
DETAILED STEPS
Troubleshooting Tips
The following commands can be used to troubleshoot ISG accounting:
•
•
•
What to Do Next
You may want to configure a method of activating the service policy map or service profile; for example, control policies can be used to activate services. For more information about methods of service activation, see the module "Configuring ISG Subscriber Services."
Enabling ISG Per-Service Accounting
Per-service accounting can be configured in the following configuration sources:
•
•
This procedure contains the following sections:
•
•
•
•
Prerequisites
ISG sends accounting records to the authentication, authorization, and accounting (AAA) method list specified in the user profile, service profile, or service policy map. The tasks in this section assume that you have configured a AAA method list by using the aaa accounting command. See the Cisco IOS Security Command Reference for more information.
AAA servers must be configured to support ISG accounting.
Enabling Per-Service Accounting on the ISG
Use the following procedure to enable per-service accounting on the ISG.
SUMMARY STEPS
1.
2.
3.
4.
DETAILED STEPSConfiguring RADIUS for Service Activation and Deactivation
Configure Cisco VSA 250 and VSA 252 in the service profile on RADIUS to dynamically activate and deactivate services. RADIUS uses VSA 250 in Access-Accept and VSA 252 in CoA messages. These VSAs have the following syntax:
252 0b "service(parameter1=value,parameter2=value,...)"250 "service(parameter1=value,parameter1=value,...)"When deactivating a service, RADIUS sends the same information in VSA 252 that was used for service activation, except that service deactivation uses 0c in the VSA instead of the 0b parameter used for service activation. VSA 252 has the following syntax for service deactivation:
252 0xC "service(parameter1=value,parameter2=value,...)"
Enabling Per-Service Accounting in a Service Profile on a AAA Server
Use the attributes in this procedure to enable per-service accounting in a service profile on a AAA server. Note that for per-service accounting, the traffic class attribute should not be included in the service profile.
SUMMARY STEPS
1.
2.
DETAILED STEPS
Step 1
Add the Accounting attribute to the service profile. This attribute enables accounting and specifies the AAA method list to which accounting updates will be sent.
Step 2
(Optional) Add the Acct-Interim-Interval (attribute 85) to the service profile. This attribute specifies the number of seconds between interim updates.
Enabling Per-Service Accounting in a Service Policy Map on the Router
To configure per-service accounting in a service policy map on the router, you must configure an empty traffic class map (a traffic class map that does not specify an access list) and enable accounting within the empty traffic class in a service policy map. Perform this task to enable per-service accounting in a service policy map.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
8.
DETAILED STEPS
What to Do Next
You may want to configure a method of activating the service policy map or service profile; for example, control policies can be used to activate services. For more information about methods of service activation, see the module "Configuring ISG Subscriber Services."
Troubleshooting Tips
The following commands can be used to troubleshoot ISG accounting:
•
•
•
Configuring ISG Postpaid Tariff Switching
ISG postpaid tariff switching can be configured in the following configuration source:
•
If you include a traffic class in the service profile, postpaid tariff switching will apply to the specified flow. If you do not configure a traffic class, postpaid tariff switching will apply to the session. Perform this task to configure per-session or per-flow postpaid tariff switching.
Prerequisites
ISG per-session or per-flow accounting must be configured in order for postpaid tariff switching to work.
SUMMARY STEPS
1.
2.
DETAILED STEPS
Step 1
Add the Post Paid Vendor-Specific Attribute (VSA) to the service profile. This attribute specifies the weekly tariff-switch points for postpaid tariff switching. The syntax description follows:
hh:mm:ss:d—Weekly tariff-switch time.
•
•
•
•
00000001 = Monday
00000010 = Tuesday
00000100 = Wednesday
00001000 = Thursday
00010000 = Friday
00100000 = Saturday
01000000 = Sunday
Step 2
Add the ISG Traffic Class attribute to the service profile. This attribute specifies input and output traffic to which the service will apply. Both an input and output traffic classifier can be added to a service profile.
What to Do Next
You may want to configure a method of activating the service policy map or service profile; for example, control policies can be used to activate services. For more information about methods of service activation, see the module "Configuring ISG Subscriber Services".
Verifying ISG Accounting and Postpaid Tariff Switching
Perform the following tasks to verify ISG accounting and postpaid tariff switching configuration:
•
•
•
•
Display Information About a Subscriber Session
Use the show subscriber session command to display information about an ISG subscriber session.
SUMMARY STEPS
1.
2.
DETAILED STEPS
Examples
This section contains examples of output for the show subscriber session command.
show subscriber session Output When ISG Accounting Is Applied to a Flow
In the following example, ISG accounting is configured in a service profile that specifies a traffic class, which means that accounting will be performed on the flow and not the parent session. In this example, 157 is the unique ID of the traffic class.
Router# show subscriber session uid 157 detailedSubscriber session handle: E5000092, state: connected, service: Ltm InternalUnique Session ID: 157Identifier:SIP subscriber access type(s): Traffic-ClassRoot SIP Handle: 2B000011, PID: 76Current SIP options: Req Fwding/Req FwdedSession Up-time: 3 minutes, 45 seconds, Last Changed: 3 minutes, 45 secondsAAA unique ID: 0Switch handle: F300015FSession inbound features:Feature: Service accountingService: video1Method List: remote-localOutbound direction:Packets = 84, Bytes = 33600
Feature: PolicingUpstream Params:Average rate = 8000, Normal burst = 1500, Excess burst = 3000Config level = ServiceSession outbound features:Feature: Service accountingService: video1Method List: remote-localOutbound direction:Packets = 84, Bytes = 33600Feature: PolicingDnstream Params:Average rate = 64000, Normal burst = 12000, Excess burst = 24000Config level = ServiceConfiguration sources associated with this session:Service: video1, Active Time = 3 minutes, 46 seconds
show subscriber session Output When ISG Accounting Is Applied to a Session
The following example shows sample output for the show subscriber session command for a session rather than a flow.
Router# show subscriber session uid 730 detailedSubscriber session handle: 3800009A, state: connected, service: Local TermUnique Session ID: 730Identifier: igq2acctSIP subscriber access type(s): IP-Interface/Account-Logon-CHRoot SIP Handle: A600000E, PID: 75Child SIP Handle: F9000018, PID: 73Current SIP options: Req Fwding/Req FwdedSession Up-time: 3 minutes, 57 seconds, Last Changed: 2 minutes, 59 secondsAAA unique ID: 81Switch handle: 890003A0Interface: ATM6/0.1Policy information:Authentication status: authenConfig downloaded for session policy:From Access-Type: Account-Logon-CH, Client: SM, Event: Got More KeysProfile name: apply-config-only, 2 referencesssg-account-info "SAfoo"Rules, actions and conditions executed:subscriber rule-map rule1condition always event any-eventaction 1 authenticateSession inbound features:Feature: Session accountingMethod List: fooOutbound direction:Packets = 10, Bytes = 1000Session outbound features:Feature: Session accountingMethod List: fooOutbound direction:Packets = 10, Bytes = 1000Configuration sources associated with this session:Interface: ATM6/0.1, Active Time = 3 minutes, 58 seconds
Display AAA Subscriber Sessions
Use the show aaa sessions command to display information about AAA subscriber sessions.
SUMMARY STEPS
1.
2.
DETAILED STEPS
Examples
This example shows sample output for the show aaa sessions command:
Router# show aaa sessionsTotal sessions since last reload: 141Session Id: 167Unique Id: 151User Name: *not available*IP Address: 192.168.0.1Idle Time: 0CT Call Handle: 0Display AAA Information for Subscribers
Use the show aaa user command to display information about AAA subscribers.
SUMMARY STEPS
1.
2.
DETAILED STEPSExamples
This section contains examples of output for the show aaa user command:
Output for a Specific User
Unique id 151 is currently in use.Accounting:log=0x20C201Events recorded :CALL STARTNET UPIPCP_PASSINTERIM STARTVPDN NET UPupdate method(s) :PERIODICupdate interval = 60Outstanding Stop Records : 0Dynamic attribute list:
1A1CABE8 0 00000001 connect-progress(68) 4 Call Up1A1CABF8 0 00000001 pre-session-time(294) 4 0(0)1A1CAC08 0 00000001 nas-tx-speed(421) 4 423630024(194014C8)1A1CAC18 0 00000001 nas-rx-speed(71) 4 139317740(84DD1EC)1A1CAC28 0 00000001 elapsed_time(364) 4 46122(B42A)1A1CAC50 0 00000001 bytes_in(135) 4 11434660(AE7AA4)1A1CAC60 0 00000001 bytes_out(274) 4 0(0)1A1CAC70 0 00000001 pre-bytes-in(290) 4 0(0)1A1CAC80 0 00000001 pre-bytes-out(291) 4 0(0)1A1CAC90 0 00000001 paks_in(136) 4 92215(16837)1A1CADF0 0 00000001 paks_out(275) 4 0(0)1A1CAE00 0 00000001 pre-paks-in(292) 4 0(0)1A1CAE10 0 00000001 pre-paks-out(293) 4 0(0)No data for type EXECNo data for type CONNNET: Username=(n/a)Session Id=000000A7 Unique Id=00000097Start Sent=1 Stop Only=Nstop_has_been_sent=NMethod List=189F046C : Name = CAR_mlistAttribute list:1A1CADF0 0 00000001 session-id(361) 4 167(A7)1A1CAE00 0 00000001 protocol(297) 4 ip1A1CAE10 0 00000001 addr(8) 4 192.168.0.11A1CAE20 0 00000001 Framed-Protocol(101) 4 PPP1A1CAE30 0 00000009 clid-mac-addr(37) 6 00 00 04 00 00 2A--------No data for type CMDNo data for type SYSTEMNo data for type RM CALLNo data for type RM VPDNNo data for type AUTH PROXYNo data for type 8No data for type CALLNo data for type VPDN-TUNNELNo data for type VPDN-TUNNEL-LINKNo data for type 12No data for type IPSEC-TUNNELNo data for type RESOURCENo data for type 15Debg: No data availableRadi: No data availableInterface:TTY Num = -1Stop Received = 0Byte/Packet Counts till Call Start:Start Bytes In = 0 Start Bytes Out = 0Start Paks In = 0 Start Paks Out = 0Byte/Packet Counts till Service Up:Pre Bytes In = 0 Pre Bytes Out = 0Pre Paks In = 0 Pre Paks Out = 0Cumulative Byte/Packet Counts :Bytes In = 11434660 Bytes Out = 0Paks In = 92215 Paks Out = 0StartTime = 12:02:40 IST Oct 16 2007AuthenTime = 12:02:40 IST Oct 16 2007Component = IEDGE_ACCOUNTINGAuthen: service=NONE type=NONE method=RADIUSKerb: No data availableMeth: No data availablePreauth: No Preauth data.General:Unique Id = 00000097Session Id = 000000A7Attribute List:1A1CADF0 0 00000001 port-type(198) 4 PPPoE over VLAN1A1CAE00 0 00000009 interface(194) 7 4/0/0/2PerU: No data availableOutput for All Users
Router# show aaa user all--------------------------------------------------Unique id 151 is currently in use.Accounting:log=0x20C201Events recorded :CALL STARTNET UPIPCP_PASSINTERIM STARTVPDN NET UPupdate method(s) :PERIODICupdate interval = 60Outstanding Stop Records : 0Dynamic attribute list:1A1CABE8 0 00000001 connect-progress(68) 4 Call Up1A1CABF8 0 00000001 pre-session-time(294) 4 0(0)1A1CAC08 0 00000001 nas-tx-speed(421) 4 423630024(194014C8)1A1CAC18 0 00000001 nas-rx-speed(71) 4 139317740(84DD1EC)1A1CAC28 0 00000001 elapsed_time(364) 4 46122(B42A)1A1CAC50 0 00000001 bytes_in(135) 4 11434660(AE7AA4)1A1CAC60 0 00000001 bytes_out(274) 4 0(0)1A1CAC70 0 00000001 pre-bytes-in(290) 4 0(0)1A1CAC80 0 00000001 pre-bytes-out(291) 4 0(0)1A1CAC90 0 00000001 paks_in(136) 4 92215(16837)1A1CADF0 0 00000001 paks_out(275) 4 0(0)1A1CAE00 0 00000001 pre-paks-in(292) 4 0(0)1A1CAE10 0 00000001 pre-paks-out(293) 4 0(0)No data for type EXECNo data for type CONNNET: Username=(n/a)Session Id=000000A7 Unique Id=00000097Start Sent=1 Stop Only=Nstop_has_been_sent=NMethod List=189F046C : Name = CAR_mlistAttribute list:1A1CADF0 0 00000001 session-id(361) 4 167(A7)1A1CAE00 0 00000001 protocol(297) 4 ip1A1CAE10 0 00000001 addr(8) 4 192.168.0.11A1CAE20 0 00000001 Framed-Protocol(101) 4 PPP1A1CAE30 0 00000009 clid-mac-addr(37) 6 00 00 04 00 00 2A--------No data for type CMDNo data for type SYSTEMNo data for type RM CALLNo data for type RM VPDNNo data for type AUTH PROXYNo data for type 8No data for type CALLNo data for type VPDN-TUNNELNo data for type VPDN-TUNNEL-LINKNo data for type 12No data for type IPSEC-TUNNELNo data for type RESOURCENo data for type 15Debg: No data availableRadi: No data availableInterface:TTY Num = -1Stop Received = 0Byte/Packet Counts till Call Start:Start Bytes In = 0 Start Bytes Out = 0Start Paks In = 0 Start Paks Out = 0Byte/Packet Counts till Service Up:Pre Bytes In = 0 Pre Bytes Out = 0Pre Paks In = 0 Pre Paks Out = 0Cumulative Byte/Packet Counts :Bytes In = 11434660 Bytes Out = 0Paks In = 92215 Paks Out = 0StartTime = 12:02:40 IST Oct 16 2007AuthenTime = 12:02:40 IST Oct 16 2007Component = IEDGE_ACCOUNTINGAuthen: service=NONE type=NONE method=RADIUSKerb: No data availableMeth: No data availablePreauth: No Preauth data.General:Unique Id = 00000097Session Id = 000000A7Attribute List:1A1CADF0 0 00000001 port-type(198) 4 PPPoE over VLAN1A1CAE00 0 00000009 interface(194) 7 4/0/0/2PerU: No data availableDisplay Information About ISG Postpaid Tariff Switching
Use the show sss session command to display information about ISG postpaid tariff switching.
SUMMARY STEPS
1.
2.
DETAILED STEPS
Examples
The following sample output for the show sss session command displays information about ISG postpaid tariff switching.
Router# show sss sessionCurrent Subscriber Information: Total sessions 1 Uniq ID Interface State Service Identifier Up-time 3 Vi2.1 authen Local Term user4 00:11:28 5 Traffic-Clas unauthen Ltm Internal 00:11:28 MCP_BBA_8#show sss session uid 3 deta MCP_BBA_8#show sss session uid 3 detailed Unique Session ID: 3 Identifier: user4 SIP subscriber access type(s): PPPoE/PPP Current SIP options: Req Fwding/Req Fwded Session Up-time: 00:11:33, Last Changed: 00:11:33 Interface: Virtual-Access2.1 Policy information: Context 2C12FB88: Handle 5C070D01 AAA_id 00003EAB: Flow_handle 0 Authentication status: authen Downloaded User profile, excluding services: service-type 2 [Framed] ssg-account-info ''Ntc_svc1'' ssg-account-info ''Atc_svc1'' Downloaded User profile, including services: service-type 2 [Framed] ssg-account-info ''Ntc_svc1'' ssg-account-info ''Atc_svc1'' timeout 2000 (0x7D0) idletime 2000 (0x7D0) traffic-class ''in access-group name 101'' traffic-class ''out access-group name 102'' accounting-list ''ppp_users_list'' ssg-service-info ''PPW19:55:00:127'' Config history for session (recent to oldest): Access-type: Web-service-logon Client: SM Policy event: Apply Config Success (Service) Profile name: tc_svc1, 4 references timeout 2000 (0x7D0) idletime 2000 (0x7D0) traffic-class ''in access-group name 101'' traffic-class ''out access-group name 102'' accounting-list ''ppp_users_list'' ssg-service-info ''PPW19:55:00:127'' Access-type: PPP Client: SM Policy event: Process Config Connecting Profile name: apply-config-only, 2 references service-type 2 [Framed] ssg-account-info ''Ntc_svc1'' ssg-account-info ''Atc_svc1'' Active services associated with session: name ''tc_svc1'' Session inbound features: Traffic classes: Traffic class session ID: 5 ACL Name: 101, Packets = 48963975, Bytes = 2252342850 Unmatched Packets = 0, Re-classified packets (redirected) = 0 Session outbound features: Traffic classes: Traffic class session ID: 5 ACL Name: 102, Packets = 59834949, Bytes = 2752407654 Unmatched Packets = 0, Re-classified packets (redirected) = 0 Configuration sources associated with this session: Service: tc_svc1, Active Time = 00:11:36 AAA Service ID = 806290049 Interface: Virtual-Template1, Active Time = 00:11:36Configuration Examples for ISG Accounting
This section contains the following examples:
•
•
•
•
Per-Flow Accounting: Examples
Per-Flow Accounting Configured in a Local Service Policy Map
The following example shows per-flow accounting configured in a service policy map for a service called "video1".
class-map type traffic match-any video1match access-group output 101match access-group input 100policy-map type service video1class type traffic video1accounting aaa list mlist1
Per-Flow Accounting Configured in a Service Profile on the AAA Server
The following example shows per-flow accounting configured in a remote service profile for a service called "video1".
video1 Password = "cisco"Cisco-AVpair = "traffic-class=input access-group 101 priority 20",Cisco-AVpair = "traffic-class=output access-group 112 priority 20",Cisco-Avpair = "accounting-list=remote-local",Service-Info = "QU;8000",Service-Info = "QD;64000"
Per-Service Accounting: Example
The following configuration example allows multiple services in a single Access-Accept message and enables session accounting for the services. The example also enables RADIUS to authorize the subscriber to access the services.
subscriber service multiple-acceptsubscriber service session-accountingsubscriber authorization enablevpdn enable
Per-Service Accounting on ISG: Example
The following example shows how to configure per-service accounting in a service policy map on the ISG device:
class-map type traffic match-any classmap1policy-map type service polmap1class type traffic classmap1accounting aaa list mlist1ISG Postpaid Tariff Switching: Examples
The following example shows the configuration of a postpaid tariff switch each day of the week at midnight:
Cisco-AVpair = "PPW00:00:00:127"The following example shows the configuration of a postpaid tariff switch Monday through Friday at 8:00 p.m.:
Cisco-AVpair = "PPW20:00:00:31"The following example shows the configuration of a postpaid tariff switch Monday through Friday at 6:00 a.m.:
Cisco-AVpair = "PPW06:00:00:31"
Additional References
The following sections provide references related to ISG accounting.
Related Documents
ISG commands
AAA configuration tasks
The "Authentication, Authorization, and Accounting (AAA)" section in the Cisco IOS XE Securing User Services Configuration Guide
AAA commands
The "Authentication, Authorization, and Accounting (AAA)" section in the Cisco IOS Security Command Reference
Technical Assistance
Feature Information for ISG Accounting
Table 1 lists the features in this module and provides links to specific configuration information. For information on a feature in this technology that is not documented here, see the Cisco IOS XE Intelligent Services Gateway Features Roadmap.
Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which Cisco IOS XE software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Note
Table 1 Feature Information for ISG Accounting
ISG: Accounting: Per Session, Service, and Flow
Cisco IOS XE Release 2.2
ISG accounting provides the means to bill for account or service usage. ISG accounting uses the RADIUS protocol to facilitate interaction between ISG and an external RADIUS-based AAA or mediation server.
The following sections provide information about this feature:
•
ISG: Accounting: Postpaid
Cisco IOS XE Release 2.2
ISG accounting provides the means to bill for account or service usage. ISG sends accounting start and stop records for sessions and services to an accounting server for postpaid billing. The accounting server interprets the records to generate bills.
The following sections provide information about this feature:
•
ISG: Accounting: Tariff Switching
Cisco IOS XE Release 2.2
ISG accounting provides the means to bill for account or service usage. Where billing rates change at fixed times and sessions are active across the boundary at which the rates change, ISG will provide accounting data to the billing server indicating the boundary.
•
ISG: Accounting: Per-Service Accounting
Cisco IOS XE Release 2.4
ISG accounting provides the means to bill for account or service usage. ISG accounting uses the RADIUS protocol to facilitate interaction between ISG and an external RADIUS-based AAA or mediation server.
The following sections provide information about this feature:
•
CCDE, CCENT, CCSI, Cisco Eos, Cisco Explorer, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Nurse Connect, Cisco Pulse, Cisco SensorBase, Cisco StackPower, Cisco StadiumVision, Cisco TelePresence, Cisco TrustSec, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flipshare (Design), Flip Ultra, Flip Video, Flip Video (Design), Instant Broadband, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn, Cisco Capital, Cisco Capital (Design), Cisco:Financed (Stylized), Cisco Store, Flip Gift Card, and One Million Acts of Green are service marks; and Access Registrar, Aironet, AllTouch, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Lumin, Cisco Nexus, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, Continuum, EtherFast, EtherSwitch, Event Center, Explorer, Follow Me Browsing, GainMaker, iLYNX, IOS, iPhone, IronPort, the IronPort logo, Laser Link, LightStream, Linksys, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, PCNow, PIX, PowerKEY, PowerPanels, PowerTV, PowerTV (Design), PowerVu, Prisma, ProConnect, ROSA, SenderBase, SMARTnet, Spectrum Expert, StackWise, WebEx, and the WebEx logo are registered trademarks of Cisco and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1002R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
© 2006-2010 Cisco Systems, Inc. All rights reserved.
