Cisco IOS Intelligent Services Gateway Configuration Guide, Release 12.2SR
Configuring ISG Policies for Session Maintenance
Download this chapter
Configuring ISG Policies for Session MaintenanceConfiguring ISG Policies for Session Maintenance
Download the complete book
Cisco IOS Intelligent Services Gateway Configuration Guide PDF, Release 12.2SRCisco IOS Intelligent Services Gateway Configuration Guide PDF, Release 12.2SR (PDF - 3 MB)
give_us_feedback

Table Of Contents

Configuring ISG Policies for Session Maintenance

Finding Feature Information

Contents

Prerequisites for Configuring Policies for Session Maintenance

Restrictions for Configuring Policies for Session Maintenance

Information About Configuring Policies for Session Maintenance

Session Maintenance Timers

Benefits of Session Maintenance Timers

Monitoring Sessions

Using ARP for Keepalive Messages

Using ICMP for Keepalive Messages

How to Configure Policies for the Session Maintenance Timers

Configuring the Session Timer in a Service Policy Map

What to Do Next

Configuring the Session Timer on a AAA Server

Configuring the Connection Timer in a Service Policy Map

What to Do Next

Configuring the Connection Timer on a AAA Server

Verifying the Session and Connection Timer Settings

Troubleshooting the Session and Connection Timer Settings

Prerequisites for Troubleshooting the Session Maintenance Timers

Restrictions for Troubleshooting the Session Maintenance Timers

Debug Commands Available for the Session Maintenance Timers

Enabling the Session Maintenance Timer Debug Commands

Configuring a Session Keepalive on the Router

Prerequisites

Restrictions

Examples

Configuring a Session Keepalive on a RADIUS Server

Configuration Examples for Session Maintenance Timers

Session Timer Configuration in a Service Policy Map: Example

Connection Idle Timer Configuration in a Service Policy Map: Example

Session Timer Show Command Output: Example

Connection Idle Timer Show Command Output: Example

Session Timer Debug Output: Example

Connection Idle Timer Debug Output: Example

Additional References

Related Documents

Technical Assistance

Feature Information for Configuring ISG Policies for Session Maintenance


Configuring ISG Policies for Session Maintenance

First Published: March 20, 2006
Last Updated: November 5, 2009

Intelligent Services Gateway (ISG) is a Cisco IOS software feature set that provides a structured framework in which edge devices can deliver flexible and scalable services to subscribers. ISG provides two commands, timeout absolute and timeout idle, that each allow control over a session and a traffic class configured on the session as defined by a service policy map. Additionally, the Internet Engineering Task Force (IETF) RADIUS attributes Session-Timeout (attribute 27) and Idle-Timeout (attribute 28) can be used in service profiles on an authentication, authorization, and accounting (AAA) server to configure the same session maintenance control.

IP subscriber session keepalive support is configured for monitoring session data traffic in the upstream direction for idleness. Address Resolution Protocol (ARP) is used for Layer 2 connected subscribers. For routed host (Layer 3 connected) subscribers, the protocol defaults to Internet Control Message Protocol (ICMP). ICMP is also used in configurations where the access interface does not support ARP.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the "Feature Information for Configuring ISG Policies for Session Maintenance" section.

Use Cisco Feature Navigator to find information about platform support and Cisco IOS and Catalyst OS software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.

Contents

Prerequisites for Configuring Policies for Session Maintenance

Restrictions for Configuring Policies for Session Maintenance

Information About Configuring Policies for Session Maintenance

How to Configure Policies for the Session Maintenance Timers

Configuration Examples for Session Maintenance Timers

Additional References

Feature Information for Configuring ISG Policies for Session Maintenance

Prerequisites for Configuring Policies for Session Maintenance

A traffic class is required only if an idle timer or session timer is being installed on a service that has a traffic class definition in it. If the timer is installed on a session or service that has no traffic class, a traffic class is not required. See the "Configuring ISG Subscriber Services" module for information about how to configure a traffic class.

Restrictions for Configuring Policies for Session Maintenance

For an idle timeout that is applied on an IP session (rather than on a PPP session), there is currently no way to specify the direction. By default, the direction in which the idle timer is applied is always outbound.

ISG supports both per-session and per-flow accounting. Per-session accounting is the aggregate of all the flow traffic for a session. Per-session accounting can be enabled in a user profile or in a service profile or service policy map.

Beginning in Cisco IOS Release 12.2(33)SRC, the Cisco 7600 router supports ISG accounting with the following restriction:

Because the Cisco 7600 router does not support the traffic class feature, it does not support session control based on traffic class.

Information About Configuring Policies for Session Maintenance

Before you configure the ISG session maintenance timers, you should understand the following concepts:

Session Maintenance Timers

Benefits of Session Maintenance Timers

Monitoring Sessions

Using ARP for Keepalive Messages

Using ICMP for Keepalive Messages

Session Maintenance Timers

ISG provides two commands (each of which can be set independently) to maintain control over a session and its connection. The timeout absolute command controls how long a session can be connected before it is terminated. The timeout idle command controls how long a connection can be idle before it is terminated. Both commands detect both PPP and IP sessions and can be applied in a service, on a per-session basis, or in a flow. All subscriber traffic will reset the timers; however, non-network traffic such as PPP control packets will not reset the timers.

The scope of the session timers and connection timers is determined by the type of service within which the timer is specified. If specified in a service profile for which no traffic class is defined, the timer action will be to terminate the session or connection. If a traffic class specifier resides in the service profile, the timer action will be to deactivate the service.

Benefits of Session Maintenance Timers

The PPP idle timeout functionality has been replaced by the ISG idle timeout feature. The idle timer is a generic feature that can be set to detect idle traffic in both PPP and IP sessions.

You set the idle timer in a service profile that is installed on a session to control how long that service stays installed before it is removed from the session because no traffic is flowing through that service. If the service has traffic class parameters associated with it, that traffic class is terminated when this timer expires, or when the session itself is terminated.

The same is true for the session timer, except that this timer determines how long the session or service stays up, regardless of traffic flowing through it.

Monitoring Sessions

The IP subscriber session's data traffic in the upstream direction can be monitored for idleness using a keepalive feature configured for the subscriber. If a session is idle for a configured period of time, keepalive requests are sent to the subscriber. This action verifies that the connection is still active. The protocol to use for the keepalive request and response can be configured based on the IP subscriber session type. If it is a directly connected host (Layer #2 connection), ARP is used. For routed host (Layer 3 connected) subscribers, ICMP is used. If the access interface does not support ARP, the keepalive protocol defaults to ICMP.

Using ARP for Keepalive Messages

When a session is established and the keepalive feature is configured to use ARP, the keepalive feature saves the ARP entry as a valid original entry for verifying future ARP responses.

Note In cases where the access interface does not support ARP, the protocol for keepalives defaults to ICMP.

When ARP is configured, the ARP unicast request is sent to the subscriber. After a configured interval of time, the ARP response (if received) is verified. If the response is correct and matches the original entry that was saved when the subscriber was initially established, the keepalive feature continues monitoring the data plane for the configured interval of time. If the response is not correct, the keepalive feature resends the ARP request until a correct response is received or the configured maximum number of attempts is exceeded.

Using ICMP for Keepalive Messages

If ICMP is configured, the ICMP "hello" request is sent to the subscriber and checked for a response, until the configured maximum number of attempts is exceeded.

For IP subnet sessions, the peer (destination) IP address to be used for ICMP "hello" requests will be all the IP addresses within the subnet. This means "hello" requests will be sent sequentially (not simultaneously) to all the possible hosts within that subnet. If there is no response from any host in that subnet, the session will be disconnected.

Another option is to configure ICMP directed broadcast for keepalive requests. If the subscriber hosts recognize the IP subnet broadcast address, the ISG can send the ICMP "hello" request to the subnet broadcast address. The subscribers need not be on the same subnet as the ISG for this configuration to work. A directed broadcast keepalive request can work multiple hops away as long as these conditions are satisfied:

The group of subscribers identified by the subnet must have the same subnet mask provisioned locally as the subnet provisioned on the subnet subscriber session on the ISG. Otherwise, the subscriber hosts will not recognize the subnet broadcast address.

The router directly connected to the hosts must enable directed-broadcast forwarding, so that the IP subnet broadcast gets translated into a Layer 2 broadcast.

When these two conditions are satisfied, you can optimize the ICMP keepalive configuration to minimize the number of ICMP packets.

Note Because enabling directed broadcasts increases the risk of denial of service attacks, the use of subnet directed broadcasts is not turned on by default.

How to Configure Policies for the Session Maintenance Timers

Configuring the session maintenance timers requires two separate tasks, one to set the idle timer and one to set the session timer. Either one or both of these tasks can be performed in order to set session maintenance control. The following tasks show how to set these timers in a service policy map and in a RADIUS AAA server profile:

Configuring the Session Timer in a Service Policy Map (required)

Configuring the Session Timer on a AAA Server (required)

Configuring the Connection Timer in a Service Policy Map (required)

Configuring the Connection Timer on a AAA Server (required)

Verifying the Session and Connection Timer Settings (optional)

Troubleshooting the Session and Connection Timer Settings (optional)

Configuring the Session Timer in a Service Policy Map

Perform this task to set the session timer in a service policy map.

SUMMARY STEPS

1. enable

2. configure terminal

3. policy-map type service policy-map-name

4. [priority] class type traffic class-map-name

5. timeout absolute duration-in-seconds

6. end

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

policy-map type service policy-map-name

Example:

Router(config)# policy-map type service policy1

Enters policy map configuration mode so you can begin configuring the service policy.

Step 4 

[priority] class type traffic class-map-name

Example:

Router(config-control-policymap)# class type traffic class1

Associates a previously configured traffic class with the policy map.

Step 5 

timeout absolute duration-in-seconds

Example:

Router(config-control-policymap-class-control)# timeout absolute 30

Specifies the session lifetime, in a range from 30 to 4294967 seconds.

Step 6 

end

Example:

Router(conf-subscriber-profile)# end

(Optional) Returns to privileged EXEC mode.

What to Do Next

You may want to configure a method of activating the service policy map or service profile; for example, control policies can be used to activate services. For more information about methods of service activation, see the module "Configuring ISG Subscriber Services."

Configuring the Session Timer on a AAA Server

Perform this task to set the session timer on a AAA server profile.

SUMMARY STEPS

1. Add the RADIUS Session-Timeout attribute to a user or service profile.

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

Session-Timeout=duration-in-seconds

Sets the IETF RADIUS session timer (attribute 27) in a user or service profile, in a range from 30 to 4294967 seconds.

Configuring the Connection Timer in a Service Policy Map

Perform this task to set the connection timer in a service policy map.

SUMMARY STEPS

1. enable

2. configure terminal

3. policy-map type service policy-map-name

4. [priority] class type traffic class-map-name

5. timeout idle duration-in-seconds

6. end

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

policy-map type service policy-map-name

Example:

Router(config)# policy-map type service policy1

Enters policy map configuration mode so you can begin configuring the service policy.

Step 4 

[priority] class type traffic class-map-name

Example:

Router(config-control-policymap)# class type traffic class1

Associates a previously configured traffic class to the policy map.

Step 5 

timeout idle duration-in-seconds

Example:

Router(config-control-policymap-class-control)# timeout idle 3000

Specifies how long a connection can be idle before it is terminated, in a range from 1 to 4294967 seconds.

Step 6 

end

Example:

Router(conf-subscriber-profile)# end

(Optional) Returns to privileged EXEC mode.

What to Do Next

You may want to configure a method of activating the service policy map or service profile; for example, control policies can be used to activate services. For more information about methods of service activation, see the module "Configuring ISG Subscriber Services."

Configuring the Connection Timer on a AAA Server

Perform this task to set the connection timer on a AAA server profile.

SUMMARY STEPS

1. Add the RADIUS Idle-Timeout attribute to a user profile or service profile.

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

Idle-Timeout=duration-in-seconds

Sets IETF RADIUS (attribute 28) in a user or service profile, in a range from 1 to 4294967 seconds.

Verifying the Session and Connection Timer Settings

Perform this task to verify that the timers have been installed correctly.

SUMMARY STEPS

1. enable

2. show subscriber session all

3. end

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

show subscriber session all

Example:

Router# show subscriber session all

Displays current subscriber information, including reports about the timers that are enabled.

Step 3 

end

Example:

Router# end

Exits privileged EXEC mode.

Troubleshooting the Session and Connection Timer Settings

The following sections list the debug commands that can be used to troubleshoot the session maintenance timers and describe the tasks you perform to enable them:

Prerequisites for Troubleshooting the Session Maintenance Timers

Restrictions for Troubleshooting the Session Maintenance Timers

Debug Commands Available for the Session Maintenance Timers

Enabling the Session Maintenance Timer Debug Commands

Prerequisites for Troubleshooting the Session Maintenance Timers

Before performing the task in this section, it is recommended that you be familiar with the use of Cisco IOS debug commands described in the introductory chapters of the Cisco IOS Debug Command Reference. Also see the module "Troubleshooting ISG with Session Monitoring and Distributed Conditional Debugging."

Restrictions for Troubleshooting the Session Maintenance Timers

Caution Because debugging output is assigned high priority in the CPU process, it can render the system unusable. For this reason, use the Cisco IOS debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco technical support staff. Moreover, it is best to use debug commands during periods of lower network traffic and fewer users, or on a debug chassis with a single active session. Debugging during these periods decreases the likelihood that increased debug command processing overhead will affect system use.

Debug Commands Available for the Session Maintenance Timers

Table 1 lists the debug commands that can be used to diagnose problems with the session maintenance timers.

Table 1 Debug Commands for Troubleshooting Session Maintenance Timers

Command
Purpose

debug subscriber feature error

Displays general Feature Manager errors.

debug subscriber feature event

Displays general Feature Manager events.

debug subscriber feature name idle-timer error

Displays idle timer errors.

debug subscriber feature name idle-timer event

Displays idle timer events.

debug subscriber feature name session-timer error

Displays session timer errors.

debug subscriber feature name session-timer event

Displays session timer events.


Enabling the Session Maintenance Timer Debug Commands

Perform this task to enable the session maintenance timer debug commands.

SUMMARY STEPS

1. enable

2. debug command

3. end

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables higher privilege levels, such as privileged EXEC mode.

Enter your password if prompted.

Step 2 

debug command

Example:

Router# debug subscriber feature name session-timer error

Enter one or more of the debug commands listed in Table 1.

Enter the specific no debug command when you are finished.

Step 3 

end

Example:

Router# end

Exits privileged EXEC mode.

Configuring a Session Keepalive on the Router

This task describes how to configure the keepalive feature on the router, using either ARP or ICMP.

Because the session keepalive feature is checking for the subscriber's health and presence, this feature is applied only to the session as a whole and not per-flow.

Prerequisites

This feature can be configured on a Cisco 7200 or Cisco 7600 router.

Restrictions

If a service profile includes an ISG traffic class configuration, the keepalive feature will be ignored.

If this feature is applied to a non-IP session, for example, a PPP over Ethernet (PPPoE) or PPP over ATM (PPPoA) session, this feature application will fail and the following applies:

If the feature is applied at a session-start event, both the feature application and the session will fail.

If this feature is pushed onto a session after the session-start event, the push will fail.

SUMMARY STEPS

1. enable

2. configure terminal

3. policy-map type service policy-map-name

4. keepalive [idle period1] [attempts max-retries] [interval period2] [protocol ICMP [broadcast] | ARP]

5. exit

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

policy-map type service policy-map-name

Example:

Router(config)# policy-map type service policymap1

Enters service policy map configuration mode.

Note The keepalive feature can be configured only in this mode.

Step 4 

keepalive [idle period1] [attempts max-retries] [interval period2] [protocol ICMP [broadcast] | ARP]

Example:

Router(config-service-policymap)# keepalive idle 7 attempts 3 interval 1 protocol arp

Configures the maximum idle period, number of requests, interval between requests, and protocol for keepalive messages.

The ranges and defaults are:

Idle period: range 5 to10 seconds; default is 10 seconds

Attempts: range 3 to10; default is 5

Interval: default is 1 to10 seconds

Protocol: for Layer 2 connections, the default is ARP; for routed connections, the default is ICMP

Broadcast option: by default this option is disabled

Note If this command is applied to a non-IP session, the command will fail. If the command is applied to a non-IP session at the session-start event, the session will also fail.

Step 5 

exit

Example:

Router(config-service-policymap)# exit

Returns to global configuration mode.

Examples

The following example configures the keepalive feature on a router using ARP: 

policy-map type service accting_service

 class type traffic ALL

 !

  keepalive interval 3 protocol ARP

!

Configuring a Session Keepalive on a RADIUS Server

This task describes how to configure the session keepalive parameters on a RADIUS server.

SUMMARY STEPS

1. Service-Name password = "cisco"

2. Cisco-Avpair = "subscriber:keepalive = [idle period1] [attempts Max-retries] [interval period2] [protocol ICMP [broadcast] | ARP}"

DETAILED STEPS

Step 1 Service-Name password = "cisco"

Step 2 Cisco-Avpair = "subscriber:keepalive = [idle period1] [attempts Max-retries] [interval period2] [protocol ICMP [broadcast] | ARP}"

Configures the allowable idle period, maximum number of attempts to connect, the interval between attempts, and the communication protocol to be used.

The ranges and defaults are as follows:

Idle period: range is 5 to10 seconds; default is 10 seconds.

Attempts: range is 3 to 10; default is 5.

Interval: default is 1 to 10 seconds.

Protocol: for Layer 2 connections, the default is ARP; for routed connections, the default is ICMP.

Broadcast option: by default this option is disabled.

Note If a service profile includes an ISG traffic class configuration, the keepalive feature will be ignored.

Configuration Examples for Session Maintenance Timers

This section contains the following examples:

Session Timer Configuration in a Service Policy Map: Example

Connection Idle Timer Configuration in a Service Policy Map: Example

Session Timer Show Command Output: Example

Connection Idle Timer Show Command Output: Example

Session Timer Debug Output: Example

Connection Idle Timer Debug Output: Example

Session Timer Configuration in a Service Policy Map: Example

The following example limits session time in a service policy map to 4800 seconds (80 minutes): 

class-map type traffic match-any traffic-class

 match access-group input 101

 match access-group output 102

policy-map type service video-service

 class traffic-class

  police input 20000 30000 60000

  police output 21000 31500 63000

  timeout absolute 4800

 class type traffic default

 drop

Connection Idle Timer Configuration in a Service Policy Map: Example

The following example limits idle connection time in a service policy map to 30 seconds: 

class-map type traffic match-any traffic-class

 match access-group input 101

 match access-group output 102

policy-map type service video-service

 class type traffic traffic-class

  police input 20000 30000 60000

  police output 21000 31500 63000

  timeout idle 30

 class type traffic default

 drop

Session Timer Show Command Output: Example

The following example shows the settings for the session timer displayed by the show subscriber session all privileged EXEC command. 

Current Subscriber Information: Total sessions 1

--------------------------------------------------

Unique Session ID: 3

Identifier: user01

SIP subscriber access type(s): PPPoE/PPP

Current SIP options: Req Fwding/Req Fwded

Session Up-time: 00:02:50, Last Changed: 00:02:53

AAA unique ID: 4

Interface: Virtual-Access2.1


Policy information:

  Context 02DE7380: Handle 1B000009

  Authentication status: authen

  User profile, excluding services:

    Framed-Protocol      1 [PPP]

    username             "user01"

    Framed-Protocol      1 [PPP]

    username             "user01"

  Prepaid context: not present



Non-datapath features:

 Feature: Session Timeout

  Timeout value is 180000 seconds

  Time remaining is 2d01h

Configuration sources associated with this session:

Interface: Virtual-Template1, Active Time = 00:02:52

Connection Idle Timer Show Command Output: Example

The following example shows the settings for the idle timer as displayed by the show subscriber session all privileged EXEC command. 

Current Subscriber Information: Total sessions 1

--------------------------------------------------

Unique Session ID: 4

Identifier: user01

SIP subscriber access type(s): PPPoE/PPP

Current SIP options: Req Fwding/Req Fwded

Session Up-time: 00:01:44, Last Changed: 00:01:46

AAA unique ID: 5

Interface: Virtual-Access2.1


Policy information:

  Context 02DE7380: Handle AD00000C

  Authentication status: authen

  User profile, excluding services:

    Framed-Protocol      1 [PPP]

    username             "user01"

    Framed-Protocol      1 [PPP]

    username             "user01"

  Prepaid context: not present



Session outbound features:

 Feature: PPP Idle Timeout

  Timeout value is 2000		

  Idle time is 00:01:44		

Configuration sources associated with this session:

Interface: Virtual-Template1, Active Time = 00:01:47

Session Timer Debug Output: Example

The following example shows output when the session timer debug commands (debug subscriber feature error, debug subscriber feature event, debug subscriber feature name session-timer error, and debug subscriber feature name session-timer event) are enabled. 

*Jan 12 18:38:51.947: SSF[Vi2.1/Abs Timeout]: Vaccess interface config

update; not per-user, ignore

*Jan 12 18:38:53.195: SSF[Vt1/uid:3]: Install interface configured

features

*Jan 12 18:38:53.195: SSF[Vt1/uid:3]: Associate segment element handle

0x95000002 for session 1191182344, 1 entries

*Jan 12 18:38:53.195: SSF[Vt1/uid:3/Abs Timeout]: Group feature install

*Jan 12 18:38:53.195: SSF[uid:3/Abs Timeout]: Adding feature to none segment(s)

Connection Idle Timer Debug Output: Example

The following example shows output when the idle timer debug commands (debug subscriber feature error, debug subscriber feature event, debug subscriber feature name idle-timer error, and debug subscriber feature name idle-timer event) are enabled. 

*Jan 12 18:43:15.167: SSF[Vt1/uid:4]: Install interface configured

features

*Jan 12 18:43:15.167: SSF[Vt1/uid:4]: Associate segment element handle

0xF4000003 for session 67108875, 1 entries

*Jan 12 18:43:15.167: SSF[Vt1/uid:4/Idle Timeout]: Group feature install

*Jan 12 18:43:15.167: SSF[uid:4/Idle Timeout]: Adding feature to outbound

segment(s)	

*Jan 12 18:43:15.167: Idle Timeout[uid:4]: Idle timer start, duration 2000

seconds, direction: outbound

*Jan 12 18:43:16.327: SSM FH: [SSS:PPPoE:8198:Idle Timeout:4097] created

02DFFDD8

*Jan 12 18:43:16.327: SSM FH: [SSS:PPPoE:8198:Idle Timeout:4097] added

02DFFDD8 [outbound]

*Jan 12 18:43:16.327: SSM FH: [SSS:PPPoE:8198:Idle Timeout:4097]

installed: ok

*Jan 12 18:43:16.327: SSM FH: [SSS:PPPoE:8198:Idle Timeout:4097]

installed: ok

*Jan 12 18:43:19.147: SSM FH: [SSS:PPPoE:8198:Idle Timeout:4097] bound

Additional References

The following sections provide references related to session maintenance timers.

Related Documents

Related Topic
Document Title

ISG commands

Cisco IOS Intelligent Services Gateway Command Reference

ppp timeout idle and timeout absolute PPP timer commands

Cisco IOS Dial Technologies Command Reference.


Technical Assistance

Description
Link

The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.

To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.

Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.

http://www.cisco.com/techsupport


Feature Information for Configuring ISG Policies for Session Maintenance

Table 2 lists the features in this module and provides links to specific configuration information. Only features that were introduced or modified in Cisco IOS Release 12.2(28)SB or later releases appear in the table. If you are looking for information on a feature in this technology that is not documented here, see the "Intelligent Services Gateway Features Roadmap."

Not all commands may be available in your Cisco IOS software release. For details on when support for specific commands was introduced, see the command reference documents.

Cisco IOS software images are specific to a Cisco IOS software release, a feature set, and a platform. Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.

Note Table 2 list only the Cisco IOS software release that introduced support for a given feature in a given Cisco IOS software release train. Unless noted otherwise, subsequent releases of that Cisco IOS software release train also support that feature.

Table 2 Feature Information for ISG Session Maintenance 

Feature Name
Releases
Feature Configuration Information

ISG: Session: Lifecycle: Idle Timeout

12.2(28)SB
12.2(33)SRC

The ISG idle timeout controls how long a connection can be idle before it is terminated.

The following sections provide information about this feature:

Session Maintenance Timers

How to Configure Policies for the Session Maintenance Timers

In Cisco IOS Release 12.2(33)SRC, support was added for the Cisco 7600 router.

ISG: Session Protection & Resiliency: Keepalive-ARP, ICMP

12.2(33)SRC
12.2(33)SB

IP subscriber session keepalive support is configured for monitoring session data traffic in the upstream direction for idleness. Address Resolution Protocol (ARP) is used for Layer 2 connected subscribers. For routed hosts (Layer 3 connected) subscribers, the protocol defaults to Internet Control Message Protocol (ICMP). ICMP is also used in configurations where the access interface does not support ARP.

In Cisco IOS Release 12.2(33)SRC, this feature was introduced on the Cisco 7200 and Cisco 7600 routers.

The following sections provide information about this feature:

Configuring a Session Keepalive on the Router

Configuring a Session Keepalive on a RADIUS Server

The following command was introduced: keepalive [idle period1] [attempts max-retries] [interval period2] [protocol ICMP [broadcast] | ARP].

In Cisco IOS Release 12.2(33)SB, support was added for the Cisco 10000 router.


CCDE, CCENT, CCSI, Cisco Eos, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Nurse Connect, Cisco Pulse, Cisco SensorBase, Cisco StackPower, Cisco StadiumVision, Cisco TelePresence, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flipshare (Design), Flip Ultra, Flip Video, Flip Video (Design), Instant Broadband, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn, Cisco Capital, Cisco Capital (Design), Cisco:Financed (Stylized), Cisco Store, Flip Gift Card, and One Million Acts of Green are service marks; and Access Registrar, Aironet, AllTouch, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Lumin, Cisco Nexus, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, Continuum, EtherFast, EtherSwitch, Event Center, Explorer, Follow Me Browsing, GainMaker, iLYNX, IOS, iPhone, IronPort, the IronPort logo, Laser Link, LightStream, Linksys, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, PCNow, PIX, PowerKEY, PowerPanels, PowerTV, PowerTV (Design), PowerVu, Prisma, ProConnect, ROSA, SenderBase, SMARTnet, Spectrum Expert, StackWise, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.

All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0910R)

Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.

© 2008 Cisco Systems, Inc. All rights reserved.