Cisco BBSM 5.2 User Guide
1 - Introduction
Download this chapter
1 - Introduction 1 - Introduction
give_us_feedback

Table Of Contents

Introduction

New in Software Release 5.2

Media and Deployment Options

BBSM User Groups, Permissions, and Interface

Dashboard

Administration

Operations

Reports

Using Navigation Buttons

Connecting a Client to BBSM

Advanced Topics

Bandwidth Reservation

Page Sets

Port Hopping

Private and Public IP Addresses (Multinets)

RADIUS

Security

Switch Clustering

Two-Way PMS Interface

VLANs

VPN

Web Proxies

Web Servers


Introduction

Cisco Building Broadband Service Manager (BBSM) is a software-based service platform that enables customers to create, market, and operate broadband access services, such as high-speed Internet access. BBSM provides "plug-and-play" end-user connections and tiered service levels. With BBSM, you can provide your own services, which reduces support requirements and increases use.

This introductory chapter describes the following:

New in Software Release 5.2

Media and Deployment Options

BBSM User Groups, Permissions, and Interface

Using Navigation Buttons

Connecting a Client to BBSM

Advanced Topics

The system essentially combines network access control and management functions that would normally be contained on multiple servers into one management device. These functions include the following:

Connection—Enables user Internet access regardless of the client's interface configurations.

Authentication—Supports multiple authentication methods.

Accounting—Supports accounting and payment methods including credit cards, RADIUS, access codes, and PMS. The PMS interface and credit card billing can also enable "impulse" charges for additional bandwidth or future value-added services.

Portal—Includes a forced portal, walled garden free access, and Start pages that you can customize.

Bandwidth options—Supports options such as bandwidth throttling and bandwidth reservation

Network buildout and configuration—Includes multiple features to support network installation, configuration, and testing.

A comprehensive software developer's kit (SDK) is available that helps you customize interfaces.

BBSM is available as a preloaded server appliance, or you can purchase the software separately and install it yourself. If you are installing your BBSM, rather than using a factory installed BBSM, refer to the Cisco BBSM 5.2 and BBSD Installation Guide for instructions on installing BBSM and for the minimum hardware and software requirements. For information on obtaining the installation guide and other documentation, refer to the "Obtaining Documentation" section in the Preface to this user guide.

New in Software Release 5.2

This section briefly describes some of the new and upgraded features added to the 5.2 software release of BBSM. See the individual descriptions and configuration procedures for additional information.

Bandwidth reservation

Allows hotel guests to reserve minimum bandwidth for upcoming meetings and sets up classes of service (bandwidth rates) for these reservations. The feature adds a calendar interface for scheduling access codes and bandwidth management. The group bandwidth management does not affect the existing bandwidth throttling feature. Both can be used on the same BBSM server, but not for the same reservation.

Two-way PMS

Expands the BBSM interface to the PMS to be bidirectional. This provides the ability for BBSM to pull guest data from the PMS system. This data can then be used to enhance the end-user experience by providing customized content. This feature also provides an interface for viewing guest folios and guest checkout from the room.

Client selection between public and private IPs

Allows service providers to "upsell" their public IP addresses to VPN users as a premium service. Eliminates the VPN issues that occur with the use of private IP addressing. Allows service providers to confidently say that all VPN clients are supported.

Cable modem private IPs and client public IPs

Works with the client selection between public and private IPs feature. Allows for a more cost-effective allocation of VPN-capable public IP addresses to clients and of private IPs to cable modems. Both devices are granted IP addresses from one central DHCP server located on the BBSM server.

Mapping cable modem ports and locations in one step

Allows the technician to map the cable modem port and the location at the same time. Does not require an active session.

RADIUS prepaid account support

Allows Remote Authentication Dial-In User Service (RADIUS) end users to prepay for Internet service from the customer's Internet service provider (ISP).

Support for Cisco switch clustering

Reduces the number of required IP addresses from one per switch to one per cluster (up to 16 switches). BBSM can recognize the entire cluster through one manageable IP address.

Broadband roaming

Allows BBSM to support broadband roaming by adding a new client-BBSM interface and changes to the BBSM-RADIUS interface, while maintaining backwards compatibility with existing BBSM applications. This BBSM release supports the iPass Smart Client. Note that iPass is supported regardless of the page set configured on BBSM; however, a Secure Sockets Layer (SSL) certificate is required.

Session deactivation feature

Allows a BBSM administrator or operator to terminate any active session through the Dashboard, which enables the administrator to have additional control to deactivate any malicious users.

Better support for handheld devices

Provides improved support for micro browsers, such as the Compaq iPAQ device, to correctly display on-screen information.

New Page Set Wizard

Allows BBSM administrators to create their own custom DailyHotel page set by using a web-based wizard, which simplifies custom page set creation.

Improved Switch Discovery Wizard

Quicker and easier switch discovery to simplify configuration. Works with access points and switches in a bridged network topology.

Load balancing

Enables you to configure a number of BBSM servers into a load-balanced and redundant configuration. As additional users log on, the added traffic is balanced, which optimizes performance. Also, if one server becomes disabled, the second server is available to provide uninterrupted service.

MSDE "sa" and BBSD password changes

Provides a user-friendly way to change the Microsoft SQL Server Data Engine (MSDE) "sa" and BBSD login passwords.

New web API for posting PMS charges

Provides an interface for remote applications to post room charges to the PMS.

Improved GUI to simplify configuration and usability

Includes a new Start page for connecting to the Internet, improved port-mapping capabilities, improved navigation in WEBconfig, and the combination of two similar applications, Port Control and Subscription Port Control, into one application: Port Control.

Media and Deployment Options

BBSM manages the delivery of broadband services and the associated network elements. You can use the following media options for BBSM transmission:

Existing phone lines—Cisco long-reach Ethernet (LRE) switches deliver 5- to 15-Mbps over existing Category 1, 2, and 3 wiring. LRE is ideal for the following:

Multi-unit (MxU) buildings, such as hotels, residential multi-dwelling units (MDUs), and commercial multi-tenant units (MTUs).

Enterprise campus environments, such as manufacturing facilities, educational campuses, and hospitals.

Ethernet—Cisco's Ethernet switches include the Catalyst 2900 XL, 2950, 3500 XL, 3550, 4000, and 6500 series switches.

Wireless LAN—BBSM supports the Cisco Aironet 340, 350, 1100, and 1200 wireless LAN (WLAN) access points.

Cable—Cisco's uBR7x00 cable modem termination system (CMTS) uses the coaxial cable that already exists in hotels, apartment buildings, and office buildings.

Note Although you can select third-party switches as an option, these switches have not been tested with BBSM and are not supported.

The BBSM system supports the following types of networks:

Bridged networks—A centrally located BBSM provides DHCP and static (plug-and-play) support.

Fully routed networks—Only DHCP is supported.

Mixed (integrated routed and bridged) networks

The BBSM server, which is the "router" that all traffic must pass through before reaching the Internet, is assigned router number 0. This number is predefined and always has an IP address of 127.0.0.1. It is a loopback address that the BBSM server uses to communicate with itself. (Figure 1-1 shows an example BBSM network.)

Figure 1-1 Typical BBSM Building Network

Bridged Networks

In a bridged network, packets do not pass through a router from the client to the BBSM server. BBSM is the "router" that connects the bridged network to the Internet. Broadcast packets reach all network computers. All switches are on the BBSM server internal network and are associated with router number 0, which is the BBSM server. (See Figure 1-2.)

Figure 1-2 Basic Bridged BBSM Network

Routed Networks

In a routed network, packets pass through one or more routers from the client to the BBSM server. Because BBSM does not have access to the client's broadcast packets, plug-and-play is not supported. All switches are associated with routers numbered other than "0" (BBSM), and these routers are reachable through gateways on the BBSM internal network. (See Figure 1-3.)

You must enter information within the BBSM network about routers that act as a client's default gateway. As an example, in Figure 1-3, you must specify routers 1 and 2, but router A does not need to be specified. Refer to the "Configuring Routers" section. Of course, the routers themselves still need to be configured separately.

Figure 1-3 Basic Routed BBSM Network

Mixed Routed and Bridged Network

Mixed routed and bridged networks include a bridged network and one or more routed networks. Some switches are on the BBSM server internal network, and others can be reached through gateways on the internal network. See Figure 1-4.

Figure 1-4 Basic Mixed and Routed BBSM Network

BBSM User Groups, Permissions, and Interface

The BBSM Dashboard comprises three primary components, Administration, Operations, and Reports, that are based on user permissions. To perform system functions, select one of the sections under components. The following are the permissions of the corresponding user groups:

Administrator—Full access to perform all system functions

Operator—Access to perform all Operations functions and view reports

Reports user—Access to view reports

The Dashboard and the three components are described in the sections that follow.

Dashboard

The Dashboard is the BBSM home page for accessing BBSM options. (See Figure 1-6.) You can access the Dashboard locally or remotely:

To access the Dashboard locally, double-click the Dashboard icon on the desktop. The Dashboard appears. (You can also choose Start > BBSM Dashboard to access the dashboard.)

To access the Dashboard remotely, launch Internet Explorer to access the BBSM server on port 9488 instead of through the default web server port 80. Use one of the following:

If you are accessing BBSM from a remote location, enter this BBSM Dashboard URL: http://<external_NIC_address>:9488/www, where <external_NIC_address> is the external NIC address of the BBSM server you want to access; for example, type http://10.10.1.2:9488/www, and press Enter. The Enter Network Password dialog box appears. (See Figure 1-5.)

If you are accessing the BBSM server within BBSM's internal network, enter this BBSM Dashboard URL: http://<internal_IP_address>:9488/www, where <internal_IP_address> is the internal IP address of the BBSM server you want to access; for example, type http://192.168.42.1:9488/www, and press Enter. The Enter Network Password dialog box appears. (See Figure 1-5.)

Figure 1-5 Enter Network Password

When you access the Dashboard remotely, you are prompted for a username and password. (Leave the domain name blank.) Your access level depends on the username and password that you enter:

- Reports usernames are granted access to reports only.

- Operator usernames are granted access to reports and operations.

- Administrator usernames are granted access to all.

These usernames and passwords are created when a site is created. A site can be created in switch discovery or in WEBconfig during site configuration. (Refer to the "Running the Switch Discovery Wizard" section.)

Figure 1-6 Dashboard for Single Sites

If the BBSM system has multiple sites, the Dashboard contains a drop-down menu from which you select the desired site. (See Figure 1-7.) Then you select the desired Dashboard option.

Figure 1-7 Dashboard for Multiple Sites

Administration

The four Administration options allow you to perform all administrative tasks, including configuring the BBSM system. The Administration section requires that the user have the privileges of the Administrators user group, which is the default Windows 2000 Administrator group. These three options can be accessed only by users with full administrative rights:

WEBconfig—WEBconfig is the primary tool for configuring BBSM. Clicking WEBconfig displays the BBSM Server Settings web page and the navigation bar (NavBar) for selecting all of the web pages used to configure the system. (See Figure 1-8.) To close WEBconfig and return to the Dashboard, just click the Dashboard link in the upper right-hand corner of the web page.

WEB PMS Test—WEB PMS Test is used to test the physical connection and transfer of data between BBSM and the PMS.

WEBpatch—WEBpatch is used to transfer and install service packs or patches and upgrades for the BBSM software. With WEBpatch, you can update the BBSM server software remotely and obtain a list of details about the installed BBSM service packs/patches/upgrades.

Page Set Wizard—The Page Set Wizard enables the administrator to create their own custom DailyHotel page set by using a web-based wizard.

Figure 1-8 BBSM WEBconfig Default Web Page and Navigation Bar

Table 1-1 describes the WEBconfig web page options.

Table 1-1 WEBconfig Web Page Options

Web Page
Description

BBSM Server Settings

Configures server-wide settings such as bandwidth management, transparent proxy, and the SMTP forwarding IP address.

IP Addresses

Configures the IP address ranges for the BBSM server and the network equipment.

Sites

Manages site data and locations.

Routers

Sets router interface parameters. Configures routes to the switches and to the client computers attached to these switches. (This feature is for routed networks and is not related to WAN activities.)

Network Elements

Expands to the Access Points, cable modem termination system (CMTS), and Switches web pages for each site:

Access Points—For a particular site, cluster, and switch number, sets access point parameters, such as cluster IP address and access point type.

CMTS—For a specific site and CMTS, sets the CMTS mode, parameters, and cable modem IP ranges and DHCP options.

Switches—For a particular site, cluster, and switch number, sets the switch parameters, such as number of client ports, cluster IP address, router IP address, and Cisco switch type. Note that each site can support multiple clusters, and each cluster can support up to 16 cluster-capable switches.

Port Test Settings

For each site, expands to the Port Test Settings web page, which selects the port test parameters, including switch mode.

Billing

Expands to the PMS/Print, RADIUS, and Credit Card web pages, which define the billing features for the site:

PMS/Print—For each site, expands to configure the PMS settings and call types.

RADIUS—Configures the RADIUS server parameters and, for each site, multiple concurrent RADIUS sessions.

Credit Card—Configures the credit card server parameters and, for each site, the site merchant ID number.

Security/SSL

Configures the domain name for SSL page sets and enables changes to the MSDE "sa" and BBSD passwords.

Bandwidth
Reservation

Expands to the External Router, Total Bandwidth, and Classes of Service web pages:

External Router—Configures the IP address and the Telnet "terminal" and IOS "enable" passwords.

Total Bandwidth—Sets the router bandwidth parameters, for total property and unreserved users.

Classes of Service—For the router, sets the class of service parameters.

Custom Page Sets

Adds your new custom page sets and sets the associated Start page. The page set then appears in the Page Set drop-down menu when you are configuring port settings from your Network Elements web page.

Walled Garden

Configures the desired walled garden web sites, which let the end user view the web sites that you specify free of charge.

Port Hopping

Configures the port hop delay.


Operations

The following are the options available under the Operations section of the Dashboard, which requires users to be in the Operators or Administrators user group. This group can view all reports and perform all functions located in the Operations section:

Port Control—The Port Control web pages allow you to view a list of port control data to perform maintenance for ports and edit per-port policies.

Map Rooms—The Map Rooms web pages allow you to change port assignments for a room, a meeting room, or a public space.

Access Code Management—Access code management allows you to generate, edit, delete and view access codes.

Client Deactivation—Client Deactivation allows you to remotely terminate active client sessions and reactivate them.

If you need to add Operator users, refer to your Windows 2000 documentation for instructions and then choose Start > Programs > Administrative Tools > Computer Management > Local Users and Groups to create the new users. After creating the users, add them to these two Windows groups:

BBSM Operator

BBSM Operator for site x, where x is the site number

Reports

The Reports option consists of the Reporting Pages section, which enables you to view BBSM operational data. Users can be in the Reports, Operators, or Administrator user group. The interface consists of seven web pages that are accessible from a toolbar at the top of the page. To close Reports and return to the Dashboard, click the Dashboard link in the upper right corner.

If you need to add Reports users, refer to your Windows 2000 documentation for instructions and then choose Start > Programs > Administrative Tools > Computer Management > Local Users and Groups to create the new users. After creating the users, add them to these two Windows groups:

BBSM Reports

BBSM Reports for site x, where x is the site number

Using Navigation Buttons

Most of the BBSM web pages use navigation buttons to locate the appropriate information that you want to see. Use the navigation buttons to locate the correct record before making changes. (See Table 1-2.)

When no records exist for that function, the button is disabled. For example, the First and Previous buttons are grayed out when you are viewing the first record.

Table 1-2 Navigation Button Descriptions

Button
Description


Returns the user to the first record or page.


Returns the user to the previous record or page.


Takes the user to the next record or page.


Takes the user to the last record or page.


Connecting a Client to BBSM

To connect a client to BBSM, the client should meet minimum requirements to ensure successful operation. This section describes those requirements and how end users connect to the BBSM server. Table 1-3 shows the operating system and browser versions that have been tested and are supported for BBSM software release 5.2.

Table 1-3 Minimum End-User Client Connection Requirements

Component
Tested and Supported for BBSM 5.2

Operating system

Windows 98, 2000 Professional, and XP Professional

Linux Red Hat 7.1

Macintosh OS9.0 and OS10.0

Browser

Internet Explorer 5.0 or higher

Netscape Navigator 4.7x or higher

Colors, depth

256 (65,000 recommended)

Screen Area, pixels

800 by 600

For Compaq H3635 and H3760 iPAQ pocket PCs: 240 by 320 limitation. (For additional information about configuring a pocket PC, refer to the Cisco BBSM SDK Developer Guide.)


The page set that the BBSM administrator selects in the Switch Discovery Wizard or from the Page Set drop-down menu in the WEBconfig Network Element Port Settings pop-up window determines which Start page the end user uses to connect to the Internet. Figure 1-9 shows the DailyHotel Start page that was customized using the Page Set wizard.

Figure 1-9 DailyHotel Start Page

The following example demonstrates a general connection sequence for an end user.

A hotel has purchased a BBSM server, set it up, and selected the DailyHotel page set. After checking into a hotel room, an end user with a laptop computer might do the following:

Step 1 Connect the laptop to the jack using a standard 10Base-T Ethernet cable and turn it on.

Step 2 Launch the browser. The DailyHotel Connect page appears.

Step 3 If applicable, enter any requested authentication information.

Step 4 Click Connect (or Submit). The end user is then redirected to a "Connecting..." window and then to the configured portal page for the hotel.

Advanced Topics

The following sections describe many BBSM features and components. Features not requiring detailed discussions are described in "Basic BBSM Configuration." The following are described in this section:

Bandwidth Reservation

Page Sets

Port Hopping

Private and Public IP Addresses (Multinets)

RADIUS

Security

Switch Clustering

Two-Way PMS Interface

VLANs

Web Proxies

Web Servers

Bandwidth Reservation

BBSM software release 5.2 enables hotel customers to reserve bandwidth for meetings that require broadband access. When hotel customers reserve meeting rooms, they have the option of specifying a bandwidth reservation for their meeting. During the meeting when guests are logged in, the reserved bandwidth is available only to meeting room guests.

Being able to reserve bandwidth provides several specific advantages to the hotel:

An added source of revenue—Because the hotel will have a range of bandwidths for customers to choose from, it can offer a tiered pricing structure to meeting room customers. The higher the bandwidth that customers require, the higher the price for the reservation.

More efficient use of hotel Internet bandwidth—Most guest Internet use occurs in the evening when business travelers are in their rooms. During the day, hotel bandwidth is usually underused and can be used for generating additional meeting room revenue.

Hotels that want to take advantage of bandwidth reservation do not need to buy any additional bandwidth. Instead, they can re-allocate their existing bandwidth. For example, if a hotel has 1,000 kbps of bandwidth currently allocated for guest use, a bandwidth reservation of 200 kbps would decrease the total amount of bandwidth available for general guest use to 800 kbps. In addition, reservations do not actually decrement the total hotel bandwidth unless someone is logged into the reservation. As soon as the last person using the reserved bandwidth logs out, the bandwidth is available again for guest use.

For this reason, it is important not to oversubscribe the network. If the full amount of bandwidth were reserved, no bandwidth would be left for hotel guests. Each hotel must determine how much bandwidth it wants to provide for its guests and weigh that against the increased revenue potential of the bandwidth reservation system.

Bandwidth Throttling and Bandwidth Reservation

BBSM software release 5.2 supports the bandwidth throttling feature used in previous releases and a new bandwidth reservation feature. These are described below:

Bandwidth throttling—The specified bandwidth is a maximum bandwidth. Clients receive no more than the specified bandwidth.

Bandwidth reservation—Clients in the reservation pool share the specified minimum bandwidth. Instead of using QoS, bandwidth is reserved by using the Cisco IOS Class-Based Shaping feature. For additional information about Class-Based Shaping, go to the following website:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121t/121t2/
clsbsshp.htm

How Reserved Bandwidth is Used

To access the reserved bandwidth, you connect to BBSM using an access code that is generated when you make the reservation. This is similar to the access code feature that existed in previous versions of BBSM. The number of needed access codes is specified when the reservation is made (the maximum number is 1,000). Because all access codes for a group (reservation) will share the reserved bandwidth, bandwidth is reserved per group, not per access code. Larger groups will require more bandwidth.

Access codes are normally used from the meeting room where a group is convening. However, the bandwidth reservation is not tied to any particular port, so users are not limited to the meeting room. If meeting room attendees are also hotel guests, they can use their access code to log in from their room, and they still receive their reserved bandwidth. (This depends on the page set that is available from the guest rooms, as not all page sets allow users to enter an access code.)

Although access codes are not confined to a port, they are confined to a site. For this reason, users at one hotel site cannot travel to another site and expect to connect using a single access code for both.

Modifying Bandwidth Reservations

A bandwidth reservation can be edited at any time with the calendar user interface described in the "Creating and Configuring Access Codes" section. If a hotel needs to change the bandwidth for any reservation, it can select a different class of service associated with that reservation before and during the event time.

If a bandwidth is modified during the event and users are logged into the reservation, the new bandwidth is not applied to existing users. The new bandwidth applies for the rest of the reservation time for all new clients logging in. This provides the hotel with some recourse in case the system becomes too heavily subscribed.

Preserving Historical Information

For auditing purposes, the access code system allows customers to view past and future reservations, including any bandwidth that was reserved. The Delete button can be used to delete a class of service only if no past or future reservations exist at this class of service. If reservations exist for this class of service, it cannot be deleted, but it can be disabled to prevent any new reservations from being made.

Classes of Service

BBSM creates bandwidth classes of service that correspond to different levels of Internet service. In a particular day, several different bandwidth reservations may exist that are composed of different classes. For example, if a hotel has set aside 500 kbps for meeting room bandwidth reservations, it could define three classes of service— 300 kbps, 200 kbps, and 100 kbps. Notice that the total bandwidth exceeds the maximum of 500 kbps, so the system would not allow all three classes of service to be reserved for one day. However, one day the system might have five reservations at the 100 kbps class, and the next day it might have three reservations—one at the 100 kbps class and two at the 200 kbps class. The reservation system would ensure that no more than 500 kbps are reserved for any one day, but the classes can be combined in any way to total 500 kbps. Because this solution provides greater flexibility, the bandwidth reservation feature on BBSM uses this class of service model.

BBSM administrators have the ability to add their own classes of service. In addition, the BBSM installation creates several predefined classes of service.

After a class of service is created, all properties can be modified until the class of service is used for a reservation. Once a reservation exists using the class of service, its name and bandwidth cannot be modified to ensure that the network does not become oversubscribed. A maximum of 64 classes of service can be created.

What Bandwidth Reservation Adds to Your Router

In some cases, the external router is managed by an ISP who may be concerned about the configuration that BBSM adds to the router. If you are working with an ISP who needs more information about what the bandwidth reservation feature adds to the router, this section describes the router configuration in more detail. Note that no BBSM bandwidth reservation commands are ever entered manually on the router; BBSM adds them automatically when the bandwidth reservation feature is used.

Bandwidth reservation uses the IOS Class-Based Shaping feature to configure the router. Refer to the following website for documentation about Class-Based Shaping:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121t/121t2/
clsbsshp.htm

The configuration added to the router consists of a policy map, several class maps (one for each class of service), and one extended access list for each class map. Some parts of the configuration are static, and some are dynamic, as follows:

Static—The policy map is the static part of the configuration.

Dynamic—Class maps and extended access lists are created dynamically as users log in to the reservations. Once the last user logs out of a reservation, the class map and extended access list for that reservation are deleted from the running configuration.

None of the configuration is stored in permanent memory (NVRAM). It is only in the running configuration. If you reload your running configuration, you will erase the bandwidth reservation configuration.

All of the configuration settings on the router contain the string "BBSM." If you want to try out the bandwidth reservation feature, first create a reservation. (Refer to "Creating and Configuring Access Codes" section.) Then log in to BBSM as an end user using an access code. Now telnet to your external router and view the running configuration. Look for the BBSM string. The policy map, class maps, and extended access lists all have names that include this string. As mentioned earlier, when you deactivate the client session, the dynamic part of the configuration is removed. However, you can always reload the running configuration on the router to restore the previous configuration.

Page Sets

BBSM uses page sets made up of active server page (ASP) files, commonly called "pages." BBSM ships with default page sets that you can modify to meet your needs (see Table 1-4).

When the end user starts their session, the page set ASP files execute on the BBSM server and on the end user's browser. Different page sets contain different types of ASP files. By choosing specific page sets, you are selecting ASP files that associate an access policy and, if desired, an accounting policy with a specific port. These policies define the access and accounting methods that will be used for the end user's session. They are described briefly below:

Access policies—The access policy defines the end user's connection process when connecting to the Internet. The default page sets enable you to select these access policies: Access Code, Block, Daily, Minute, RADIUS, or Subscription.

Accounting policies—The accounting policy determines how end users are billed for BBSM Internet services. BBSM provides these default accounting policies: ICS Credit Card, Cruise Line, Hotel, and RADIUS. If you do not want to bill the end user, you can use the Null accounting policy.

If the end user will be entering sensitive information, such as credit card information, then you should use page sets that provide SSL. For these SSL page sets, you must buy and install an SSL certificate. For complete details on installing the certificate, refer to "Installing an SSL Certificate." The other default BBSM page sets transmit data in clear text.

To configuring your ports, you have the following page set options:

You can use the BBSM default page sets without making changes.

Your web designer can modify the default page sets to create custom page sets. For information on using the Page Set Wizard to create a page set that adds a property logo, image, and text to a basic DailyHotel page set, refer to the "Using the Page Set Wizard" section.

Your developer can use the BBSM SDK to create new page sets. Refer to the Cisco BBSM 5.2 SDK Developer Guide and the following software download URL:

http://www.cisco.com/pcgi-bin/tablebuild.pl/bbsm52

For information on adding the custom page set to the list of available page sets, refer to the "Adding Custom Page Sets to BBSM" section.

Caution Because page sets whose names end in "Clear" do not use SSL security, Cisco does not recommend using them in production (see Table 1-4). These page sets do not use SSL to transmit information to the BBSM server. The end user's browser transmits RADIUS and credit card information to BBSM in clear text. BBSM provides them for demonstration and testing situations in which installing a server certificate is not feasible.

If you are using multinets, note that the page set assigned to the user's port determines whether an administrator or operator provisions the multinet or the end user self-provisions the multinet. Table 1-4 shows which page sets the end user can self-provision.

Table 1-4 BBSM Default Page Set Descriptions 

Page Set
Uses SSL?
Who Selects
Public/Private
Multinet?
Description

AccessCode

No

Administrator
or operator

Prompts the end user to enter an access code to access the Internet for an authorized period configured by the BBSM operator. Use this page set if you want multiple users to be able to access the Internet at the same time through one access code. (Refer also to the MeetingRoom page set.)

BiDirectional_
DailyHotel

No

End user

Demonstrates how to use the guest data that BBSM pulls from the PMS. Meant to be an example of how to take advantage of the bidirectional PMS interface, the page set provides the default DailyHotel page set functionality, plus functionality such as viewing guest folio and guest checkout. You must customize the BiDirectional ASP files to achieve the desired functionality.

BlockICS

No

End user

Prompts the end user to enter credit card information to access the Internet for a block of minutes.

CruiseLine

No

End user

Prompts the end user to enter credit card information or access card information (access card information is not the same as an access code) to access the Internet per minute or for a block of minutes.

DailyHotel

No

End user

Gives the end user access for a 24-hour period and sends charges to the hotel's PMS or local printer.

DailyICS

DailyICSClear

Yes

No

End user

Prompts the end user to enter credit card information to access the Internet for a 24-hour period.

MeetingRoom

No

Administrator
or operator

Prompts the end user to enter an access code to access the Internet for an authorized period configured by the BBSM administrator. Use this page set if you want only one user to be able to access the Internet at a time through the access code. (Refer also to the AccessCode page set.)

Mega

MegaClear

Yes

No

Administrator
or operator

Provides access flexibility to the end user and still controls access. Modify the page set to fit your needs.

MinuteICS

MinuteICSClear

Yes

No

End user

Prompts the end user to enter credit card information to access the Internet per minute.

RADIUS

RADIUSClear

Yes

No

Administrator
or operator

Prompts the end user to enter a RADIUS username and password to access the Internet.

RADIUSUBand

RADIUSUBand
Clear

Yes

No

End user

Prompts the end user to enter a RADIUS username and password to access the Internet. It also permits the end user to select their desired bandwidth at a specified price. For this page set, the disconnect web page presents the end user with an estimated summary for the time of the active session and the charges accrued at the selected bandwidth.

Subscription

No

End user

Allows the end user to access the Internet for a specified date range. Use it to offer free Internet access on a port by specifying the date range for free access in Port Control. By default, the Subscription page set does not do billing.

SubscriptionHome

No

Administrator
or operator

Allows the end user to access the Internet for a per-port specified date range. When the user activates a session, BBSM redirects the user to the originally requested URL, which is usually the home page set in the browser.

SubscriptionHotel

SubscriptionHotel
MultipleDay

No

No

End user

Allows the end user to access the Internet for a specified (SubscriptionHotel) or varied (SubscriptionHotelMultipleDay) date range. If the user attempts Internet access outside the date range, these page sets allow the user to self-provision the subscription by billing it to the hotel's PMS.

SubscriptionICS

No

End user

Allows the end user to access the Internet for a per-port specified date range. If the end user attempts to access the Internet outside the date range, the page set allows the user to bill the subscription to a credit card.


Port Hopping

The port hopping feature allows wireless users to move from port to port without interrupting BBSM service. Within a BBSM network, users can move between like types of hardware, such as wireless access points, switch ports, or cable modems. Users cannot hop back and forth between wireless access points and wired switches. Also, mobility across subnets or cells operated by different customers is not supported.

Port hopping is disabled by default, and only the administrator can enable it. For procedures on different ways to configure port hopping, refer to the following sections:

To configure port hopping for the entire BBSM server, run the Switch Discovery Wizard. Refer to Running the Switch Discovery Wizard.

To configure ports for port hopping during the initial configuration, use WEBconfig. Refer to Configuring Network Elements.

To configure ports after the initial configuration, use the Port Control feature. Refer to Using Port Control.

When port hopping is enabled, BBSM keeps the session active when the user moves to another port or disassociates temporarily. For example, disassociation might occur when the signal is weak or an object comes between the wireless access point and the end user, which causes the user to associate suddenly with a secondary access point that might be configured to another aggregation switch port.

When a user dissociates from the BBSM network, BBSM searches for the user until one of the following occurs:

The user's MAC address reappears back on the network within the configured port hop delay time period. The session then continues without interruption.

The port hop delay time period expires. BBSM then deactivates the session, and the user must reauthenticate to regain Internet access.

Transactions that occur while using port hopping are logged to the Transaction History report. Each time a port hop event occurs, BBSM makes an entry into the Transaction History report to record the event. You can view these transactions through the Reporting Pages link on the Dashboard.

Note the following about port hopping:

Searching for end user—When port hopping is enabled and an end user disappears from the network, BBSM begins searching configured network elements for the end user. BBSM first searches the last known network element that the end user was associated with. If the user is not found, BBSM then searches the other network elements until the end user is found or the port hop delay time period expires.

Session duration—The reported duration of an active session varies depending on how the session terminates:

If the search succeeds, BBSM includes the search time in the session duration.

If the search fails to find the user before the port hop delay time period expires, BBSM does not include the search time in the session duration. As a result, users that turn off their computers to terminate sessions are not charged BBSM's search time after they have disconnected.

Port hopping between sites—Port hopping is not allowed across BBSM sites. If a user disappears from the network for less time than the port hop delay time period, the session remains active until BBSM finds the user again on a port at the same BBSM site. However, if BBSM finds the user on a port at a different BBSM site from where the active session originated, the session is deactivated.

Note A user could move from the original site, authenticate to another site, and then move back to the original site within the port hop delay time period. In this case, BBSM deactivates the original active session even though the user moved back to the original site. You should deploy your network to prevent overlap between cells on different sites.

Port hopping from a port hop disabled port—Port hopping is enabled on a per-port basis. The end user is allowed to hop from a port hop enabled port to any port on the same site and continue the session even if the port hop status of the destination port is disabled. However, the user is not allowed to hop from a port hop disabled port at all. If this is attempted, BBSM deactivates the session.

Port policy—As the user hops from port to port, the port policy that BBSM associates with the user session follows the user to each new port:

BBSM applies the bandwidth limit (in kbps) specified at session activation to the session as the user moves from port to port.

If a user has selected a dynamic bandwidth boost from a BBSM web page, the bandwidth boost settings follow the session to the new port when the user moves to another port.

Active Ports report—While the system is searching for a user, the user session remains active and appears in the Active Ports report as associated with the last used port.

Port hopping works with any BBSM page set. However, some page sets apply more than others; for example, as follows:

Wireless network—Page sets such as DailyHotel that use the BBSM port and room numbers for billing are not useful because rooms are not recognized in wireless networks. The signal from an access point extends beyond walls. Most access points, such as Cisco Aironet, configure all users to the same port number. In this case, using the Hotel accounting policy would not provide useful billing information for a PMS to accurately charge users.

Wired network—The BBSM port ID and room numbers are more meaningful when using PMS billing. When using port hopping, BBSM keeps track of the original port and room number to make sure that charges incurred during the session are billed correctly to the user. As a user moves from port to port, although the system reports each new port and location, BBSM bills only the original port and room.

Private and Public IP Addresses (Multinets)

With BBSM software release 5.2, you can offer your end users the choice of using individually assigned private or public DHCP IP addresses:

Public IP addresses can be accessed by other devices on the Internet.

Private IP addresses cannot be accessed by other Internet devices.

To explain the difference between private and public IP addresses, we can compare the IP address to a phone number. A public IP address is equivalent to a full 10-digit telephone number (619-555-1234), and a private address is equivalent to an office extension number.

The end user's needs determine which type of IP address is the best one to use:

The advantage of using public IP addresses is that some virtual private network (VPN) systems require their clients to have public IP addresses to operate correctly.

The advantage of using private IP addresses is that many security threats are eliminated, because other Internet devices cannot access private IP addresses. Because the local network automatically maps each private IP address to a different public IP address for data going to and from the Internet, a private IP address is never visible on the Internet. An additional advantage of private IP addresses is that, in many locations, private IP addresses are cheaper to provide than public IP addresses.

A BBSM server that is configured to support both private and public IP addresses is classified as multinet, because the internal NIC is configured with two distinct logical subnets. A singlenet BBSM server is configured as a single logical subnet and supports only one logical subnet of IP address.

For the initial configuration, the way that BBSM is configured for multinet differs based on whether BBSM is customer installed or factory installed:

Customer installed—Customer-installed BBSM servers can be configured as multinets or singlenets during BBSM installation. For additional information, refer to the Cisco BBSM and BBSD Installation Guide.

Factory installed—Factory-installed BBSM servers are configured initially as singlenet and must be reconfigured for multinet. To change your BBSM server to a multinet configuration, you must configure Windows for multinets. Refer to the "Configuring Windows for Multinets" section.

Note If you are using multinets, you cannot use the load balancing feature.

For additional information about multinet use, refer to the following sections:

To configure the public or private IP addresses, refer to the "Running the Address Change Wizard" section.

To see which page sets support multinet provisioning by an administrator or self-provisioning by the end user, refer to the "Page Sets" section.

To add, change, or delete public-private IP addresses after the initial configuration, refer to the "Changing the Internal Network IP Address Ranges" section.

RADIUS

The BBSM server has a built-in RADIUS client that complies with RADIUS standards, RFCs 2865 and 2866 and is compatible with any compliant RADIUS server, although the officially supported servers are Cisco ACS, Microsoft IAS, and Navis. This section describes the BBSM interface with the RADIUS server, including the RADIUS attributes that BBSM supports, user-provisioned bandwidth page sets, and prepaid RADIUS.

For details on BBSM configuration and reporting, refer to the following sections:

Configuring RADIUS Billing

RADIUS Session History Report

RADIUS Authentication and Authorization

Each time the end user connects to the BBSM server using a page set configured for RADIUS, BBSM prompts for a username and password and then sends this data to a configured RADIUS authentication server in an access-request packet. Note that the RADIUS authentication server does not have to be the same server as the RADIUS accounting server.

To provide redundancy in case the RADIUS server does not respond, you can configure multiple RADIUS servers in WEBconfig. This configuration includes the order in which these servers are contacted, with 1 being the first server contacted; 2, the second server contacted; and so on (Configuring RADIUS Billing). BBSM attempts to contact the servers until an access-accept packet is received:

If a server does not respond within the specified time, BBSM attempts to contact that server up to three times before moving to the next server.

If a server responds with an access-reject packet, BBSM immediately sends the access-request packet to the next server.

RADIUS Accounting

BBSM saves Internet session information and then sends it to a configured RADIUS accounting server in start and stop accounting-request packets and, if configured, in interim-update packets. BBSM sends this data in the same ranked order and manner that it uses for access-request packets. With this session data, administrators can perform independent billing on a flat-rate or per-minute basis.

RADIUS Attributes

This section describes the RADIUS attributes that BBSM sends to the RADIUS server and receives from the server. Table 1-5 lists the access-request and accounting-request attributes by packet type, and Table 1-6 describes these attributes and several others that could be included in the access-accept packet from the RADIUS server.

Table 1-5 RADIUS Access-Request and Accounting-Request Packets

Attribute
No.
Access-Request
Accounting-Request
         Start
Interim-Update
          Stop

User-Name

1

          X

        X

        X

        X

User-Password

2

          X

     

NAS-IP-Address

4

          X

        X

        X

        X

NAS-Port

5

          X

        X

        X

        X

Service-Type

6

          X

        X

        X

        X

Framed-Protocol

7

          X

        X

        X

        X

Framed-IP-Address

8

          X

        X

        X

        X

Class

25

 

        X

        X

        X

Vendor-Specific

26

 

        X

        X

        X

Called-Station-ID

30

          X

        X

        X

        X

Calling-Station-ID

31

          X

        X

        X

        X

NAS-Identifier
(if configured in BBSM)

32

          X

        X

        X

        X

Acct-Status-Type

40

 

        X

        X

        X

Acct-Input-Octets

42

     

        X

Acct-Output-Octets

43

     

        X

Acct-Session-ID

44

          X

        X

        X

        X

Acct-Session-Time

46

     

        X

Acct-Input-Packets

47

     

        X

Acct-Output-Packets

48

     

        X

Acct-Terminate-Cause

49

     

        X

NAS-Port-Type

61

          X

        X

        X

        X


Table 1-6 RADIUS Attribute Descriptions

Attribute
No.
Description

User-Name

1

The end user enters this name to authenticate against the RADIUS server and access the Internet through BBSM.

User-Password

2

The end user enters this password to authenticate against the RADIUS server and access the Internet through BBSM. The password is encrypted before being sent to the RADIUS server.

NAT-IP-Address

4

Either the IP address of the BBSM external NIC or the IP address entered as the NAT IP address on the WEBconfig RADIUS Server web page.

NAS-Port

5

The NAS-Port value is a numeric value (therefore the leading zeros of the site number are dropped). BBSM maps the NAS-Port attribute as the following:  aaabbccddd, where aaa = site number, bb = cluster, cc = switch, and ddd = port.

For example, if the site number = 1, the cluster number = 2, the switch number = 3, and the port number = 5, the NAS-Port number = 10203005.

Service-Type

6

The number 2 in this field indicates "Framed."

Framed-Protocol

7

The number 1 in this field indicates "PPP" (point-to-point protocol). Note that for historical reasons, BBSM sends 1 in this attribute even though clients do not usually use PPP.

Framed-IP-Address

8

IP address of client connecting to the Internet through BBSM.

Reply-Message

18

If this attribute is included in the Access-Accept packet, BBSM forwards this string to the Smart Client using the XML tag, <AuthenticationReply>.

Class

25

Use this attribute to send optional information to the accounting server. If this attribute is included in the Access-Accept packet, BBSM sends this information unmodified to the accounting server.

Vendor-Specific

26

The end-user bandwidth (in kbps). You can use the bandwidth Vendor-Specific attribute (VSA) in two different scenarios:

VSA sent from the RADIUS server to BBSM—In this scenario, BBSM is configured to use the RADIUS or RADIUSClear page set and the end user logs on. The RADIUS server sends the bandwidth VSA to BBSM in an access-accept packet. BBSM reads the VSA, and if the Bandwidth Throttle check box in WEBconfig is checked (bandwidth enabled), BBSM throttles the end user to that speed. The VSA is not sent back to the RADIUS server in the accounting packets. For setting the Bandwidth Throttle option, refer to the "Configuring the Network and Bandwidth Management Settings" section.

VSA sent from BBSM to the RADIUS server—In this scenario, BBSM is configured to use the RADIUSUBand or RADIUSUBandClear page set. If the Bandwidth Throttle check box in WEBconfig is checked (bandwidth enabled), the bandwidth selection is displayed on the Start page and the end user selects a bandwidth and logs on. BBSM throttles the user to the selected speed and sends the bandwidth VSA in all accounting packets.

The following is the format for the BBSM bandwidth vendor-specific attribute (VSA):

Type = 26

Length (bytes) = 12

Vendor-ID = 5263

Vendor-type = 1

Vendor-length (bytes) = 6

Vendor-string (kbps) = Specified bandwidth, such as 256

Session-Timeout

27

If this attribute is included in the access-accept packet, BBSM terminates the session after the number of Session-Timeout seconds unless the session has terminated earlier for another reason.

Called-Station-Id

30

The MAC address of the BBSM internal NIC. The string is a sequence of 12 hexadecimal characters.

Calling-Station-Id

31

The MAC address of the client (end-user) NIC.

NAS-Identifier

32

The NAS Identifier value entered on the WEBconfig RADIUS Server web page. If no value is entered in this field, BBSM does not include this attribute in the RADIUS Access-Request packet.

Acct-Status-Type

40

The number contained in this field indicates one of the following types of Accounting-Request packets:

1 = Start Accounting-Request

2 = Interim-Update Accounting-Request

3 = Stop Accounting-Request

Acct-Input-Octets

42

The number of octets (bytes) that BBSM received from the end user during their session.

Acct-Output-Octets

43

The number of octets (bytes) that BBSM transmitted to the end user during their session.

Acct-Session-Id

44

The unique Session ID assigned to each BBSM end-user session used to identify all authentication and accounting messages generated for a single user session.

Acct-Session-Time

46

The number of seconds for which the end user received service.

Acct-Input-Packets

47

The number of packets that BBSM received from the end user during the user's session.

Acct-Output-Packets

48

The number of packets that BBSM transmitted to the end user during the user's session.

Acct-Terminate-Cause

49

The number contained in this field indicates how the session was terminated, as follows:

1 = User Request—Action by the end user caused the session to terminate; for example, the user visited the disconnect URL.

4 = Idle Timeout—Network equipment detected that the end user disappeared from the network.

5 = Session Timeout—The access policy determined that the session should end; for example, the session duration reached the Session-Timeout attribute specified in an Access-Accept.

6 = Admin Reset—Action by the administrator caused the session to terminate.

NAS-Port-Type

61

5 = Virtual.


User-Provisioned Bandwidth

The two user-provisioned bandwidth (UBand) page sets, RADIUSUBand and RADIUSUBandClear, allow administrators to define bandwidth offerings. The end user then chooses the desired bandwidth on the Start page, such as the following:

64K for $0.15/minute

128K for $0.25/minute

Unlimited for $0.30/minute

BBSM throttles the session at the selected bandwidth and sends the bandwidth VSA to the RADIUS accounting server in the start, stop, and interim-update accounting-request packets. Note that the administrator must ensure that the RADIUS accounting server is configured to accept this bandwidth so the data can be retrieved for bi