-
Cisco IOS Service Selection Gateway Configuration Guide, Release 12.4T
-
Service Selection Gateway Features Roadmap
-
Overview of SSG
-
Implementing SSG: Initial Tasks
-
Configuring SSG to Serve as a RADIUS Proxy
-
Configuring SSG to Authenticate Web Logon Subscribers
-
Configuring SSG to Authenticate PPP Subscribers
-
Configuring SSG to Authenticate Subscribers with Transparent Autologon
-
Configuring SSG to Authenticate Subscribers Automatically in the Service Domain
-
Configuring SSG for On-Demand IP Address Renewal
-
Configuring SSG Support for Subnet-Based Authentication
-
Configuring SSG for MAC-Address-Based Authentication
-
Configuring SSG for Subscriber Services
-
Configuring SSG Subscriber Experience Features
-
Configuring SSG to Log Off Subscribers
-
Configuring Accounting for SSG
-
RADIUS Profiles and Attributes for SSG
-
SSG Mobile Wireless Enhancements
-
Feedback
Table Of Contents
Service Selection Gateway Features Roadmap
Service Selection Gateway Features Roadmap
First Published: May 2, 2005Last Updated: October 2, 2009
Note
Effective with Cisco IOS Release 15.0(1)M, this feature is not available in Cisco IOS software.
This feature roadmap lists the Cisco IOS features documented in the Cisco IOS Service Selection Gateway Configuration Guide and maps them to the documents in which they appear. The roadmap is organized so that you can select your release train and see the features in that release. Find the feature name you are searching for and click on the URL in the "Where Documented" column to access the document containing that feature.
Feature and Release Support
Table 1 lists Service Selection Gateway (SSG) feature support for the following Cisco IOS software release trains:
•
Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which Cisco IOS and Catalyst OS software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Note
Table 1 Supported SSG Features
12.2(8)T
SSG Open Garden
The SSG Open Garden feature enables you to use Cisco SSG to implement open gardens, which are collections of Web sites or networks that subscribers can access as long as they have physical access to the network. Subscribers do not have to provide authentication information before accessing the Web sites in an open garden.
SSG TCP Redirect
The SSG TCP Redirect feature redirects certain packets, which would otherwise be dropped, to captive portals that can handle the packets in a suitable manner. For example, packets sent upstream by unauthorized users are forwarded to a captive portal that can redirect the users to a login window. Similarly, if users try to access a service to which they have not logged in, the packets are redirected to a captive portal that can provide a service login window.
Per-Session Firewall
The SSG Per Session Firewall feature enables you to configure Cisco IOS software access control lists (ACLs) to prevent users, services, and pass-through traffic from accessing specific IP addresses and ports.
12.2(11)T
Initial SSG Communication
The Initial SSG Communication feature comprises initial tasks you need to perform to enable SSG on the router and to establish SSG communication with other key components of the network, including Subscriber Edge Services Manager (SESM) and the authentication, authorization, and accounting (AAA) server.
RADIUS Profiles and Attributes for SSG
SSG uses RADIUS Profiles and attributes for the authentication, authorization, and accounting of subscribers.
SSG Accounting
The SSG Accounting feature allows a service provider to decide how to configure billing and accounting for its users.
SSG Port-Bundle Host-Key
The SSG Port-Bundle Host Key feature enhances communication and functionality between the Service Selection Gateway (SSG) and the Cisco Subscriber Edge Services Manager (SESM) by introducing a mechanism that uses the host source IP address and source port to identify and monitor subscribers.
SSG Prepaid Tariff Switching
The SSG Prepaid Tariff Switching feature allows changes in tariffs during the lifetime of a connection.
12.2(13)T
SSG Accounting Update Interval Per Service
The SSG Accounting Update Interval Per Service feature allows the service provider to configure different accounting intervals for different services.
SSG AutoDomain
The SSG AutoDomain feature allows Service Selection Gateway (SSG) to authenticate subscribers automatically in the service domain.
Configuring SSG to Authenticate Subscribers Automatically in the Service Domain
SSG Autologon Using Proxy RADIUS
The SSG Autologon Using Proxy RADIUS feature enables SSG to act as a RADIUS proxy for non-SSD clients whose Access-Requests do not contain VSAs.
SSG Hierarchical Policing
The SSG Hierarchical Policing feature ensures that a subscriber does not utilize additional bandwidth for overall service or for a specific service that is outside the bounds of the subscriber's contract with the service provider.
12.3(4)T
Postpaid Tariff Switching for SSG
The Postpaid Tariff Switching for SSG feature allows changes in tariffs during the lifetime of a connection.
PPP Subscriber Access
The PPP subscriber access feature supports PPP as a subscriber access protocol.
PTA-MD Exclusion List
The PTA-MD Exclusion List feature allows you to create a set of domains that are excluded from normal SSG structured username processing.
SSG AAA Server Group for Proxy RADIUS
This feature allows you to configure multiple AAA servers. You can configure each remote RADIUS server with timeout and retransmission parameters. SSG will perform failover among the servers in the predefined group.
SSG Autologoff
The SSG Autologoff feature supports methods to log subscribers out of SSG.
SSG Direction Configuration for Interfaces and Ranges
SSG implements service selection through selective routing of IP packets to destination networks on a per-subscriber basis. SSG uses the concept of interface direction (uplink or downlink) to help determine the forwarding path of incoming packets. An uplink interface is an interface towards the services; a downlink interface is an interface towards the subscribers.
SSG EAP Transparency
In 802.1x WLAN deployments, SSG acts as a RADIUS Proxy during Extensible Authentication Protocol (EAP) authentication between a WLAN AP and the corresponding AAA server. Using SSG as a RADIUS Proxy in 802.1x deployments enables WLAN users to access SSG functionality after they have connected to the AP.
SSG Prepaid Enhancements
The SSG Prepaid Enhancements feature adds support for prepaid tariff switching, postpaid tariff switching, and simultaneous volume- and time-based prepaid billing to the existing SSG Prepaid feature.
SSG Prepaid Idle Timeout
The SSG Prepaid Idle Timeout feature enables SSG to return residual quota to the billing server from services that a user is logged into but not actively using.
SSG Proxy for CDMA2000
This feature enables service selection in CDMA2000 networks through enhancements to the SSG RADIUS Proxy functionality.
SSG Service Profile Caching
The Service Profile Cache feature enables SSG to use a cached copy of a service profile instead of downloading the profile from a RADIUS server every time a user logs on to the service.
SSG Suppression of Unused Accounting Records
The SSG Suppression of Unused Accounting Records feature allows you to turn off unneeded Service Selection Gateway (SSG) accounting records.
SSG Unconfig
The SSG Unconfig feature releases and cleans up system resources acquired by SSG.
12.3(7)T
SSG Service Logon Enhancements
The SSG Service Logon Enhancements feature enables SSG to deliver services to a subscriber after receiving valid authentication information.
SSG Transparent Autologon
The SSG Transparent Autologon feature enables Service Selection Gateway (SSG) to authenticate and authorize a user on the basis of the source IP address of packets received from the user.
Configuring SSG to Authenticate Subscribers with Transparent Autologon
DNS Redirection
The SSG DNS Redirection feature enables you to match a domain name server (DNS) request to the appropriate domain name service, based on attributes of the user requesting the service.
12.3(8)T
SSG Interface Redundancy
SSG interface redundancy allows services to be associated with more than one interface to protect against link failures.
12.3(11)T
SSG Default Quota for Prepaid Billing Server Failure
The SSG Default Quota for Prepaid Billing Server Failure feature enables SSG to be configured to allocate a default quota when the prepaid server fails to respond to an authorization request.
12.3(14)T
Extended Prepaid Tariff Switching for SSG
The Extended Prepaid Tariff Switch for SSG feature is used to measure the usage of specific services at various times, even when the monetary value of the volume quota does not change at the time of tariff switching.
MAC-Address-Based Authentication for SSG
The MAC-Address-Based Authentication for SSG feature allows a service provider to authorize subscriber access to services by the subscriber's MAC address, thus eliminating the need for explicit user logins between client power cycles.
On-Demand IP Address Renewal for SSG
The SSG On-Demand IP Address Renewal feature enables service providers to manage the Dynamic Host Configuration Protocol (DHCP) pool from which a subscriber's IP address is assigned.
Configuring SSG On-Demand IP Address Renewal and SSG/DHCP Awareness
SSG L2TP Dial-Out
The L2TP Dial-Out feature provides mobile users with a way to securely connect to their SOHOs through the PSTN.
SSG Support for Subnet-Based Authentication
The SSG Support for Subnet-Based Authentication feature allows a service provider to identify subscribers to services by their subnet, rather than by a subscriber's IP address.
12.4(15)T
SSG Mobile Wireless Enhancements
The SSG Mobile Wireless Enhancements feature describes additional functionality enhancements including accounting-on-off suppression, accounting-start ignore configuration, and Packet of Disconnect (PoD) forwarding to the Network Access Server (NAS).
CCDE, CCENT, CCSI, Cisco Eos, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Lumin, Cisco Nexus, Cisco Nurse Connect, Cisco Pulse, Cisco StackPower, Cisco StadiumVision, Cisco TelePresence, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flipshare (Design), Flip Ultra, Flip Video, Flip Video (Design), Instant Broadband, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn, Cisco Capital, Cisco Capital (Design), Cisco:Financed (Stylized), Cisco Store, and Flip Gift Card are service marks; and Access Registrar, Aironet, AllTouch, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, Continuum, EtherFast, EtherSwitch, Event Center, Explorer, Fast Step, Follow Me Browsing, FormShare, GainMaker, GigaDrive, HomeLink, iLYNX, Internet Quotient, IOS, iPhone, iQuick Study, IronPort, the IronPort logo, Laser Link, LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerKEY, PowerPanels, PowerTV, PowerTV (Design), PowerVu, Prisma, ProConnect, ROSA, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0908R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2005-2009 Cisco Systems, Inc. All rights reserved.
