Table Of Contents
Intelligent Services Gateway Features Roadmap
Intelligent Services Gateway Features Roadmap
First Published: March 20, 2006Last Updated: November 20, 2009This feature roadmap lists the Cisco IOS features documented in the Cisco IOS Intelligent Services Gateway Configuration Guide and maps them to the documents in which they appear. The roadmap is organized so that you can select your release train and see the features in that release. Find the feature name you are searching for and click on the URL in the "Where Documented" column to access the document containing that feature.
Feature and Release Support
Table 1 lists ISG feature support for the following Cisco IOS software release trains:
Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which Cisco IOS and Catalyst OS software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Note
Table 1 lists only the Cisco IOS software release that introduced support for a given feature in a given Cisco IOS software release train. Unless noted otherwise, subsequent releases of that Cisco IOS software release train also support that feature.
Table 1 lists the most recent release of each software train first and the features in alphabetical order within the release.
Table 1 Supported ISG Features in Cisco IOS Releases 12.2SB and 12.2(33)SR
12.2(31)SB2
ISG:Policy Control: Policy Server: CoA ASCII Command Code Support
This feature enables ISG to receive ASCII command codes for Account Logon, Account Logoff, Service Logon, Service Logoff, and Account Status queries and to perform the required functionality based on the command code.
12.2(31)SB2
ISG:Policy Control: RADIUS Proxy Enhancement
The ISG RADIUS proxy feature enables ISG to serve as a proxy between a client device that uses RADIUS authentication and a AAA server. ISG RADIUS proxy functionality enables ISG to "sniff" (look at) the RADIUS packet flows and, upon successful authentication, transparently create a corresponding ISG session.
12.2(31)SB2
IP Subscriber Session CLI Updates
Some of the commands that are used to configure ISG IP subscriber sessions were modified or replaced in this release.
12.2(28)SB
ISG:Accounting: Per Session, Service, and Flow
ISG accounting provides a means to bill for account or service usage. ISG accounting uses the RADIUS protocol to facilitate interaction between ISG and an external RADIUS-based AAA or mediation server.
12.2(28)SB
ISG:Accounting: Postpaid
ISG accounting provides a means to bill for account or service usage. ISG sends accounting start and stop records for sessions and services to an accounting server for postpaid billing. The accounting server interprets the records to generate bills.
12.2(28)SB
ISG:Accounting: Tariff Switching
ISG accounting provides a means to bill for account or service usage. Where billing rates change at fixed times and sessions are active across the boundary at which the rates change, ISG will provides accounting data to the billing server indicating the boundary. Tariff switching can also be used between accounting methods, such as switching from prepaid billing to post paid billing.
12.2(28)SB
ISG:Accounting: Time-Based Prepaid
ISG prepaid billing support allows ISG to check a subscriber's available credit to determine whether to allow the subscriber access to a service and how long the access can last. ISG supports time-based prepaid billing.
12.2(28)SB
ISG:Accounting: Volume-Based Prepaid
ISG prepaid billing support allows ISG to check a subscriber's available credit to determine whether to allow the subscriber access to a service and how long the access can last. ISG supports volume-based prepaid billing.
12.2(28)SB
ISG:Authentication: DHCP Option 82 Line ID - AAA Authorization Support
This feature enhances ISG automatic subscriber logon by providing support for authorization on the basis of the circuit-Id and remote-Id.
12.2(28)SB
ISG:Flow Control: Flow Redirect
The ISG Layer 4 Redirect feature enables service providers to better control the user experience by allowing subscriber TCP or UDP packets to be redirected to specified servers for appropriate handling. ISG Layer 4 redirection can be applied to individual subscriber sessions or flows.
12.2(28)SB
ISG:Flow Control: QoS Control: Dynamic Rate Limiting
ISG can change the allowed bandwidth of a session or flow by dynamically applying rate-limiting policies.
12.2(28)SB
ISG:Instrumentation: Advanced Conditional Debugging
ISG provides the ability to define various conditions for filtering debug output. Conditional debugging generates very specific and relevant information that can be used for session, flow, subscriber, and service diagnostics.
Troubleshooting ISG with Session Monitoring and Distributed Conditional Debugging
12.2(28)SB
ISG:Instrumentation: Session and Flow Monitoring
ISG provides a mechanism for continuously monitoring interface and CPU statistics. This feature introduces the show interface monitor and show processes cpu monitor commands, which display statistics that are updated at specified intervals.
Troubleshooting ISG with Session Monitoring and Distributed Conditional Debugging
12.2(28)SB
ISG:Network Interface: IP Routed, VRF-Aware MPLS
ISG supports several types of forwarding to connect subscriber sessions to networks. These connections can be to the Internet, corporate intranets, ISPs, or walled gardens for content delivery. ISG supports both routed and MPLS-enabled interfaces for network access.
12.2(28)SB
ISG:Network Interface: Tunneled (L2TP)
ISG supports several types of forwarding to connect subscriber sessions to networks. These connections can be to Internet, corporate Intranets, ISPs or walled gardens for content delivery. ISG supports tunneled interfaces to networks.
12.2(28)SB
ISG:Policy Control: Cisco Policy Language
ISG control policies are a structured replacement for feature-specific configuration commands and allow configurable functionality to be expressed in terms of an event, a condition, and an action. Control policies provide an intuitive and extensible framework, with a consistent set of CLI commands, for specifying system behavior. The ISG policy language is aligned with the Cisco Common Classification Policy Language (C3PL).
12.2(28)SB
ISG:Policy Control: DHCP Proxy
This feature enables ISG to dynamically interact with DHCP and apply policies that influence the IP addresses that DHCP assigns to subscribers.
12.2(28)SB
ISG:Policy Control: Multidimensional Identity per Session
ISG control policies provide a flexible way to collect pieces of subscriber identity during session establishment. Control policies also allow session policy to be applied iteratively as more elements of identity become available to the system.
12.2(28)SB
ISG:Policy Control: Policy: Domain Based (Auto-domain, Proxy)
ISG control policies manage the primary services and rules used to enforce particular contracts. Polices can be configured to interpret the domain as a request to activate the service associated with that domain name, allowing users to automatically receive services in accordance with the domain that they are attempting to connect.
12.2(28)SB
ISG:Policy Control: Policy: Triggers
ISG control policies can be configured with time-based, volume-based, and duration-based policy triggers. Time-based triggers use an internal clock, allowing policies to be applied at specific times. Volume-based triggers are based on packet count; when the packet count reaches a specified value, the specified policy is applied. Duration-based triggers are based on an internal timer. Upon expiration of the timer, the specified policy is applied.
12.2(28)SB
ISG:Policy Control: Policy Server: CoA
This feature provides ISG support for the RADIUS Change of Authorization (CoA) extension, which facilitates dynamic authorization.
12.2(28)SB
ISG:Policy Control: Policy Server: SSG-SESM Protocol
ISG supports Cisco's proprietary protocol to communicate with the SESM policy server.
12.2(28)SB
ISG:Policy Control: Service Profiles
ISG defines a service as a collection of policies that can be applied to any subscriber session. Services can be configured on the router or on an external AAA server.
12.2(28)SB
ISG:Policy Control: User Profiles
ISG user profiles specify services and functionality that should be applied to ISG sessions for the specified subscriber. User profiles are defined on an external AAA server.
12.2(28)SB
ISG:Session: Auth: PBHK
The ISG Port-Bundle Host Key feature serves as an in-band signaling mechanism for session identification at external portals. TCP packets from subscribers are mapped to a local IP address for the ISG gateway and a range of ports. This mapping allows the portal to identify the ISG gateway from which the session originated.
12.2(28)SB
ISG:Session: Auth: Single Sign-On
Single sign-on eliminates the need to authenticate a session more than once when a subscriber has access to services provided by other devices in the administrative domain of the access or service provider.
12.2(28)SB
ISG:Session: Authentication
ISG automatic subscriber logon enables another specified identifier to be used in place of the username in authorization requests. Enabling the AAA server to authorize subscribers on the basis of a specified identifier allows subscriber profiles to be downloaded from the AAA server as soon as packets are received from subscribers.
12.2(28)SB
ISG:Session: Creation: Interface IP Session: L2
ISG IP interface sessions include all IP traffic received on a specific physical or virtual interface. IP interface sessions are provisioned through the CLI; that is, a session is created when the IP interface session commands are entered.
12.2(28)SB
ISG:Session: Creation: Interface IP Session: L3
ISG IP interface sessions include all IP traffic received on a specific physical or virtual interface. IP interface sessions are provisioned through the CLI; that is, a session is created when the IP interface session commands are entered.
12.2(28)SB
ISG:Session: Creation: IP Session: Protocol Event (DHCP)
Most ISG sessions are created upon detection of a data flow that cannot be affiliated with an already active session. An ISG can be configured to create an IP session upon receipt of the first DHCP DISCOVER packet received from a subscriber.
12.2(28)SB
ISG:Session: Creation: IP Session: Subnet and Source IP: L2
The ISG session is the primary component used for associating services and policies across specific data flows. An IP subnet session is an ISG session that includes any IP traffic from a single IP subnet. A source-IP-based session includes traffic from a single source IP address.
12.2(28)SB
ISG: Session: Creation: IP Session: Subnet and Source IP: L3
The ISG session is the primary component used for associating services and policies across specific data flows. An IP subnet session is an ISG session that includes any IP traffic from a single IP subnet. A source-IP-based session includes traffic from a single source IP address.
12.2(28)SB
ISG:Session: Creation: P2P Session (PPPoE, PPPoXoX)
The ISG session is the primary context to which services and policies are associated across specific data flows. Point-to-point (P2P) sessions are established through a signaling protocol. ISG handles many variants of P2P encapsulation, such as PPP, PPPoE, and PPPoA.
12.2(28)SB
ISG:Session: Lifecycle: Idle Timeout
The ISG idle timeout controls how long a connection can be idle before it is terminated.
12.2(28)SB
ISG:Session: Lifecycle: Packet of Disconnect (POD)
An ISG can be configured to interact with external policy servers. A policy server can use RADIUS Packet of Disconnect (POD) to manage the life cycle of any ISG session. The primary role of the POD message is to terminate an ISG session.
12.2(28)SB
ISG:Session: VRF Transfer
The ISG session is the primary component used for associating services and policies with specific data flows. ISG sessions are associated with virtual routing and forwarding instances when routing is required for the network service. ISG VRF transfer provides a means to dynamically switch an active session between virtual routing domains.
12.2(33)SRE
ISG:AAA Wireless Enhancements
RADIUS proxy enhancements provide additional support for mobile wireless environments. It includes changes to RADIUS attribute 31 processing.
12.2(33)SRE
ISG:Authentication: RADIUS Proxy WiMax Enhancements
RADIUS proxy enhancements provide additional support for WiMax broadband environments.
12.2(33)SRE
ISG: Instrumentation: DHCP Lease Query Support
The DHCP Lease Query transaction is a DHCP transaction with special message types that enable, among other things, clients to query DHCP servers regarding the owner and the lease-expiration-time of an IP address.
12.2(33)SRE
ISG: Policy Control: Differentiated Initial Policy Control
This feature provides minimal or temporary network access to subscribers when the RADIUS servers are down or cannot be accessed because of network problems.
12.2(33)SRE
ISG: Session: Multicast: Coexistence
This feature introduces the ability to host all the subscribers and services (data and multicast) on the same VLAN by enabling multicast and IP sessions to coexist on the same subinterface.
12.2(33)SRE
ISG: Static Session Creation
This feature enables administrator-initiated static IP sessions
12.2(33)SRC
IP Subscriber Session CLI Updates
Some of the commands that are used to configure ISG IP subscriber sessions were modified or replaced in this release.
12.2(33)SRC
ISG:Accounting: Per Session, Service, and Flow
ISG accounting provides a means to bill for account or service usage. ISG accounting uses the RADIUS protocol to facilitate interaction between ISG and an external RADIUS-based AAA or mediation server.
12.2(33)SRC
ISG:Accounting: Postpaid
ISG accounting provides a means to bill for account or service usage. ISG sends accounting start and stop records for sessions and services to an accounting server for postpaid billing. The accounting server interprets the records to generate bills.
12.2(33)SRC
ISG:Accounting: Tariff Switching
ISG accounting provides a means to bill for account or service usage. Where billing rates change at fixed times and sessions are active across the boundary at which the rates change, ISG will provides accounting data to the billing server indicating the boundary. Tariff switching can also be used between accounting methods, such as switching from prepaid billing to post paid billing.
12.2(33)SRC
ISG:Accounting: Time-Based Prepaid
ISG prepaid billing support allows ISG to check a subscriber's available credit to determine whether to allow the subscriber access to a service and how long the access can last. ISG supports time-based prepaid billing.
12.2(33)SRC
ISG:Accounting: Volume-Based Prepaid
ISG prepaid billing support allows ISG to check a subscriber's available credit to determine whether to allow the subscriber access to a service and how long the access can last. ISG supports volume-based prepaid billing.
12.2(33)SRC
ISG:Authentication: DHCP Option 82 Line ID - AAA Authorization Support
This feature enhances ISG automatic subscriber logon by providing support for authorization on the basis of the circuit-Id and remote-Id.
12.2(33)SRC
ISG:Flow Control: Flow Redirect
The ISG Layer 4 Redirect feature enables service providers to better control the user experience by allowing subscriber TCP or UDP packets to be redirected to specified servers for appropriate handling. ISG Layer 4 redirection can be applied to individual subscriber sessions or flows.
12.2(33)SRC
ISG:Flow Control: QoS Control: Dynamic Rate Limiting
ISG can change the allowed bandwidth of a session or flow by dynamically applying rate-limiting policies.
12.2(33)SRC
ISG:Instrumentation: Advanced Conditional Debugging
ISG provides the ability to define various conditions for filtering debug output. Conditional debugging generates very specific and relevant information that can be used for session, flow, subscriber, and service diagnostics.
Troubleshooting ISG with Session Monitoring and Distributed Conditional Debugging
12.2(33)SRC
ISG:Instrumentation: Session and Flow Monitoring
ISG provides a mechanism for continuously monitoring interface and CPU statistics. This feature introduces the show interface monitor and show processes cpu monitor commands, which display statistics that are updated at specified intervals.
Troubleshooting ISG with Session Monitoring and Distributed Conditional Debugging
12.2(33)SRC
ISG:Network Interface: IP Routed, VRF-Aware MPLS
ISG supports several types of forwarding to connect subscriber sessions to networks. These connections can be to the Internet, corporate intranets, ISPs, or walled gardens for content delivery. ISG supports both routed and MPLS-enabled interfaces for network access.
12.2(33)SRC
ISG:Network Interface: Tunneled (L2TP)
ISG supports several types of forwarding to connect subscriber sessions to networks. These connections can be to Internet, corporate Intranets, ISPs or walled gardens for content delivery. ISG supports tunneled interfaces to networks.
12.2(33)SRC
ISG:Policy Control: Cisco Policy Language
ISG control policies are a structured replacement for feature-specific configuration commands and allow configurable functionality to be expressed in terms of an event, a condition, and an action. Control policies provide an intuitive and extensible framework, with a consistent set of CLI commands, for specifying system behavior. The ISG policy language is aligned with the Cisco Common Classification Policy Language (C3PL).
12.2(33)SRC
ISG:Policy Control: DHCP Proxy
This feature enables ISG to dynamically interact with DHCP and apply policies that influence the IP addresses that DHCP assigns to subscribers.
12.2(33)SRC
ISG:Policy Control: ISG-SCE Control Bus
This feature enables integration of an ISG device with an SCE device at the control plane level, allowing the two devices to work as one when policies are applied to a subscriber session.
12.2(33)SRC
ISG:Policy Control: Multidimensional Identity per Session
ISG control policies provide a flexible way to collect pieces of subscriber identity during session establishment. Control policies also allow session policy to be applied iteratively as more elements of identity become available to the system.
12.2(33)SRC
ISG:Policy Control: Policy: Domain Based (Auto-domain, Proxy)
ISG control policies manage the primary services and rules used to enforce particular contracts. Polices can be configured to interpret the domain as a request to activate the service associated with that domain name, allowing users to automatically receive services in accordance with the domain that they are attempting to connect.
12.2(33)SRC
ISG:Policy Control: Policy: Triggers
ISG control policies can be configured with time-based, volume-based, and duration-based policy triggers. Time-based triggers use an internal clock, allowing policies to be applied at specific times. Volume-based triggers are based on packet count; when the packet count reaches a specified value, the specified policy is applied. Duration-based triggers are based on an internal timer. Upon expiration of the timer, the specified policy is applied.
12.2(33)SRC
ISG:Policy Control: Policy Server: CoA
This feature provides ISG support for the RADIUS Change of Authorization (CoA) extension, which facilitates dynamic authorization.
12.2(33)SRC
ISG:Policy Control: Policy Server: CoA ASCII Command Code Support
This feature enables ISG to receive ASCII command codes for Account Logon, Account Logoff, Service Logon, Service Logoff, and Account Status queries and to perform the required functionality based on the command code.
12.2(33)SRC
ISG:Policy Control: Policy Server: SSG-SESM Protocol
ISG supports Cisco's proprietary protocol to communicate with the SESM policy server.
12.2(33)SRC
ISG:Policy Control: RADIUS Proxy Enhancement
The ISG RADIUS proxy feature enables ISG to serve as a proxy between a client device that uses RADIUS authentication and a AAA server. ISG RADIUS proxy functionality enables ISG to "sniff" (look at) the RADIUS packet flows and, upon successful authentication, transparently create a corresponding ISG session.
12.2(33)SRC
ISG:Policy Control: Service Profiles
ISG defines a service as a collection of policies that can be applied to any subscriber session. Services can be configured on the router or on an external AAA server.
12.2(33)SRC
ISG:Policy Control: User Profiles
ISG user profiles specify services and functionality that should be applied to ISG sessions for the specified subscriber. User profiles are defined on an external AAA server.
12.2(33)SRC
ISG:Session: Auth: PBHK
The ISG Port-Bundle Host Key feature serves as an in-band signaling mechanism for session identification at external portals. TCP packets from subscribers are mapped to a local IP address for the ISG gateway and a range of ports. This mapping allows the portal to identify the ISG gateway from which the session originated.
12.2(33)SRC
ISG:Session: Auth: Single Sign-On
Single sign-on eliminates the need to authenticate a session more than once when a subscriber has access to services provided by other devices in the administrative domain of the access or service provider.
12.2(33)SRC
ISG:Session: Authentication
ISG automatic subscriber logon enables another specified identifier to be used in place of the username in authorization requests. Enabling the AAA server to authorize subscribers on the basis of a specified identifier allows subscriber profiles to be downloaded from the AAA server as soon as packets are received from subscribers.
12.2(33)SRC
ISG:Session: Creation: Interface IP Session: L2
ISG IP interface sessions include all IP traffic received on a specific physical or virtual interface. IP interface sessions are provisioned through the CLI; that is, a session is created when the IP interface session commands are entered.
12.2(33)SRC
ISG:Session: Creation: Interface IP Session: L3
ISG IP interface sessions include all IP traffic received on a specific physical or virtual interface. IP interface sessions are provisioned through the CLI; that is, a session is created when the IP interface session commands are entered.
12.2(33)SRC
ISG:Session: Creation: IP Session: Protocol Event (DHCP)
Most ISG sessions are created upon detection of a data flow that cannot be affiliated with an already active session. An ISG can be configured to create an IP session upon receipt of the first DHCP DISCOVER packet received from a subscriber.
12.2(33)SRC
ISG:Session: Creation: IP Session: Subnet and Source IP: L2
The ISG session is the primary component used for associating services and policies across specific data flows. An IP subnet session is an ISG session that includes any IP traffic from a single IP subnet. A source-IP-based session includes traffic from a single source IP address.
12.2(33)SRC
ISG: Session: Creation: IP Session: Subnet and Source IP: L3
The ISG session is the primary component used for associating services and policies across specific data flows. An IP subnet session is an ISG session that includes any IP traffic from a single IP subnet. A source-IP-based session includes traffic from a single source IP address.
12.2(33)SRC
ISG:Session: Creation: P2P Session (PPPoE, PPPoXoX)
The ISG session is the primary context to which services and policies are associated across specific data flows. Point-to-point (P2P) sessions are established through a signaling protocol. ISG handles many variants of P2P encapsulation, such as PPP, PPPoE, and PPPoA.
12.2(33)SRC
ISG:Session: Lifecycle: Idle Timeout
The ISG idle timeout controls how long a connection can be idle before it is terminated.
12.2(33)SRC
ISG:Session: Lifecycle: Packet of Disconnect (POD)
An ISG can be configured to interact with external policy servers. A policy server can use RADIUS Packet of Disconnect (POD) to manage the life cycle of any ISG session. The primary role of the POD message is to terminate an ISG session.
12.2(33)SRC
ISG:Session: VRF Transfer
The ISG session is the primary component used for associating services and policies with specific data flows. ISG sessions are associated with virtual routing and forwarding instances when routing is required for the network service. ISG VRF transfer provides a means to dynamically switch an active session between virtual routing domains.
12.2(33)SRC
ISG:Session Protection and Resiliency: Keepalive—ARP, ICMP
This feature allows IP subscriber session health to be monitored by configuring keepalive messages using ARP or ICMP, depending upon the type of connection to be monitored.
12.2(33)SRC
ISG: Subscriber Aware Ethernet
This feature makes ISG functionality available on the Cisco 7600 router.
The following ISG accounting functions are not supported on the Cisco 7600 router:
•
•
•
•
•
12.2(33)SRC
Service Gateway Interface
The SGI implements a web services interface to access the policy, subscriber, and session management functionality of ISG.
CCDE, CCENT, CCSI, Cisco Eos, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Nurse Connect, Cisco Pulse, Cisco SensorBase, Cisco StackPower, Cisco StadiumVision, Cisco TelePresence, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flipshare (Design), Flip Ultra, Flip Video, Flip Video (Design), Instant Broadband, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn, Cisco Capital, Cisco Capital (Design), Cisco:Financed (Stylized), Cisco Store, Flip Gift Card, and One Million Acts of Green are service marks; and Access Registrar, Aironet, AllTouch, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Lumin, Cisco Nexus, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, Continuum, EtherFast, EtherSwitch, Event Center, Explorer, Follow Me Browsing, GainMaker, iLYNX, IOS, iPhone, IronPort, the IronPort logo, Laser Link, LightStream, Linksys, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, PCNow, PIX, PowerKEY, PowerPanels, PowerTV, PowerTV (Design), PowerVu, Prisma, ProConnect, ROSA, SenderBase, SMARTnet, Spectrum Expert, StackWise, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0910R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
© 2006-2009 Cisco Systems, Inc. All rights reserved.
Guest
