NRP-SSG Enhancements [Cisco IOS Software Releases 12.0 Special and Early Deployments]

Node Route Processor—Service Selection Gateway Enhancements
Feature Overview
Benefits
Restrictions
Related Features and Technologies
Related Documents
Supported Platforms
New Supported Standards, MIBs, and RFCs
Prerequisites
Configuration Tasks
Configuring RADIUS Interim Accounting
Verifying Interim Accounting
Configuring Cisco Express Forwarding
Verifying Cisco Express Forwarding
Configuring IOS Network Address Translation
Verifying IOS Network Address Translation
Configuring VPI/VCI Indexing to Service Profile
Verifying VPI/VCI Indexing to Service Profile
Troubleshooting Tips
Monitoring and Maintaining the NRP-SSG
Configuration Examples
RADIUS Interim Accounting

Account Update
Connection Update

CEF
IOS NAT
Service Name to VC Mapping
Command Reference
show ssg vc-service-map

Syntax Description

Defaults
Command Modes
Command History

Usage Guidelines
Examples
Related Commands

ssg accounting interval

Syntax Description

Defaults
Command Modes
Command History

Usage Guidelines
Examples

ssg vc-service-map

Syntax Description

Defaults
Command Modes
Command History

Usage Guidelines
Examples
Related Commands

Node Route Processor—Service Selection Gateway Enhancements

This feature module describes enhancements to the Node Route Processor-Service Selection Gateway (NRP-SSG) feature. It includes information on the benefits of the enhancements, supported platforms, related documents, and so forth.

This document includes the following sections:

Feature Overview
Supported Platforms
New Supported Standards, MIBs, and RFCs
Prerequisites
Configuration Tasks
Monitoring and Maintaining the NRP-SSG
Configuration Examples
Command Reference

Feature Overview

The enhancements to the NRP-SSG are included in Cisco IOS Release 12.0(5)DC. The NRP-SSG is a switching solution for service providers who offer intranet, extranet, and Internet connections to subscribers using high-speed data circuit equipment (DCE) such as Asymmetric Digital Subscriber Line (ADSL) to allow simultaneous access to network services. The NRP-SSG with Web Selection works in conjunction with the Cisco Service Selection Dashboard (SSD). The Cisco SSD is an open source web-based server application that allows users to select from multiple passthrough and proxy services through a standard web browser.

Benefits

Cisco Express Forwarding

The NRP-SSG works with Cisco Express Forwarding (CEF) switching technology to provide maximum Layer 3 switching performance. Because CEF is topology-driven rather than traffic-driven, its performance is unaffected by network size or dynamics.

IOS Network Address Translation

The NRP-SSG uses IOS Network Address Translation (NAT) to map the inside IP addresses of subscribers to the outside IP addresses from the destination service networks. This replaces the SSG NAT used in Cisco IOS Release 12.0(3)DC.

VPI/VCI Indexing to Service Profile

The NRP-SSG supports virtual path identifier/virtual channel identifier (VPI/VCI) closed user groups by allowing VPI/VCIs to be bound to a given service. All users accessing the NRP-SSG through the VPI/VCI or range of VPI/VCIs will be able to access the service. You can specify whether users are allowed to access only the bound service or other additional services to which they subscribe. A closed user group service can only be selected through the VPI/VCI and not by entering the domain name in the user name of a Point-to-Point Protocol (PPP) session.

RADIUS Interim Accounting

The NRP-SSG supports intermittent RADIUS accounting updates. When a user logs on to the NRP-SSG, the NRP-SSG sends an accounting start record to the local RADIUS server. When a user logs on to a service, the NRP-SSG sends a connection start record to the local RADIUS server and to the remote RADIUS proxy server. During the time that the user is logged on to the NRP-SSG, the NRP-SSG sends accounting update records at specified intervals to the appropriate server. When a user logs off from a service, the NRP-SSG sends a connection stop record to the local RADIUS server and to the remote RADIUS proxy server. When a user logs off from the NRP-SSG, the NRP-SSG sends an accounting stop record to the local RADIUS server.

Restrictions

CEF works with Point-to-Point Protocol over Ethernet (PPPoE) only and does not work with Fast Ethernet.
NRP-SSG does not support simultaneous use of CEF and Routed Bridge Encapsulation (RBE).
VPI/VCI indexing to service profile only works for Point-to-Point Protocol over ATM (PPPoA).

Related Features and Technologies

The NRP-SSG works in conjunction with the Cisco SSD. The Cisco SSD is a specialized web server, populated by the service provider, that lists all of the potential networks (or services) a particular customer can access. Customers select and deselect services from a menu through a frames-enabled HTML browser.

Supported Platforms

Node Route Processor-Service Selection Gateway Enhancements are supported on the Cisco 6400.

New Supported Standards, MIBs, and RFCs

None

Prerequisites

Cisco Service Selection Dashboard

If you want to perform Layer 3 service selection, you must install and configure the Cisco Service Selection Dashboard as described in the Cisco Service Selection Dashboard User Guide.

Configuration Tasks

Perform the following tasks to configure the NRP-SSG enhancements. All of these tasks are optional.

Configuring RADIUS Interim Accounting
Configuring Cisco Express Forwarding
Configuring IOS Network Address Translation
Configuring VPI/VCI Indexing to Service Profile

Configuring RADIUS Interim Accounting

This task is optional. Set the interval at which accounting updates are sent to the accounting server.

Command	Purpose
Router(config-if)# ssg accounting interval seconds	Specifies the interval at which accounting updates are sent to the accounting server. The minimum interval is 60 seconds. The default interval is 120 seconds.

Verifying Interim Accounting

Use the show running-config command to verify that the accounting interval has been set correctly.

Configuring Cisco Express Forwarding

This task is optional. CEF is disabled by default. CEF only works with PPPoE.

Command	Purpose
Router(config)# ip cef	Enables global IP CEF.

Verifying Cisco Express Forwarding

Use the show running-config and show ip cef commands to verify that CEF has been enabled.

Configuring IOS Network Address Translation

This task is optional. To configure IOS Network Address Translation (NAT), you must specify an inside interface from which clients connect to the NRP-SSG and an outside interface from which services are accessed. Enter interface or subinterface configuration mode for the desired inside and outside interfaces and enter the appropriate command below.

Command	Purpose
Router(config-if)# ip nat inside	Specifies the inside interface from which clients access the NRP-SSG.
Router(config-subif)# ip nat outside	Specifies the outside interface from which services are accessed.

Verifying IOS Network Address Translation

Use the show running-config command to verify that inside and outside ports have been specified correctly. Use the show ip nat translations command to view your NAT addresses.

Configuring VPI/VCI Indexing to Service Profile

This task is optional. To configure VPI/VCI closed user groups, you must bind VPI/VCIs to a given service as described below. Closed user groups allow all users accessing the NRP-SSG through the VPI/VCI or range of VPI/VCIs to access the service. You can specify whether users are allowed to access only the bound service or other additional services to which they subscribe. A closed user group service can only be selected through the VPI/VCI and not by entering the domain name in the user name of a PPP session.

Command	Purpose
Router(config)# ssg vc-service-map service-name [interface slot-module-port] start-vpi \| start-vpi/vci [end-vpi \| end-vpi/vci] exclusive \| non-exclusive	Map VCs to service names.

Verifying VPI/VCI Indexing to Service Profile

Use the show running-config and show ssg vc-service-map command to view service name to VC mappings.

Troubleshooting Tips

???

Monitoring and Maintaining the NRP-SSG

Command	Purpose
Router# show ssg vc-service-map	Displays VC to service name mappings

Configuration Examples

RADIUS Interim Accounting

 ssg accounting interval 600

The following example RADIUS accounting records will be sent to the appropriate server every 600 seconds while the user is logged on to the NRP-SSG:

Account Update

 NAS-IP-Address = 172.16.11.1

 NAS-Port = 0

 NAS-Port-Type = Virtual

 User-Name = "cisco"

 Acct-Status-Type = Update

 Acct-Authentic = RADIUS

 Service-Type = Framed

 Acct-Session-Id = "00000000"

 Acct-Session-Time = 77

 Acct-Input-Octets = 0

 Acct-Output-Octets = 0

 Acct-Input-Packets = 0

 Acct-Output-Packets = 0

 Framed-Protocol = PPP

 Framed-IP-Address = 172.16.11.12

 Control-Info = "I0;0"

 Control-Info = "O0;0"

 Acct-Delay-Time = 0

Connection Update

 NAS-IP-Address = 172.16.11.1

 NAS-Port = 0

 NAS-Port-Type = Virtual

 User-Name = "cisco"

 Acct-Status-Type = Update

 Acct-Authentic = RADIUS

 Service-Type = Framed

 Acct-Session-Id = "00000012"

 Acct-Session-Time = 8

 Acct-Input-Octets = 0

 Acct-Output-Octets = 0

 Acct-Input-Packets = 0

 Acct-Output-Packets = 0

 Framed-Protocol = PPP

 Control-Info = "I0;0"

 Control-Info = "O0;0"

 Service-Info = "Nservice.com"

 Service-Info = "Uname"

 Service-Info = "TX"

 Acct-Delay-Time = 0

CEF

 ip cef

IOS NAT

 interface ATM0/0/0.10 multipoint

 ip address 192.168.103.12 255.255.255.0

 no ip directed-broadcast

 ip nat outside

 ip pim sparse-dense-mode

 ip pim multipoint-signalling

 map-group mapgroup1

 atm multipoint-signalling

 atm esi-address 202020202020.10

 interface Virtual-Template1

 ip unnumbered FastEthernet0/0/0

 no ip directed-broadcast

 ip nat inside

 ip mroute-cache

 keepalive 60

 peer default ip address pool pool1

 ppp authentication pap

Service Name to VC Mapping

 ssg vc-service-map public1 1/37 non-exclusive

Command Reference

This section documents new commands associated with the NRP-SSG enhancements. All other commands used with this feature are documented in the Cisco IOS Release 12.0 command reference publications.

show ssg vc-service-map
ssg accounting interval
ssg vc-service-map

show ssg vc-service-map

To display VC to service name mappings, use the show ssg vc-service-map global configuration command.

show ssg vc-service-map [vpi/vci [| {begin expression | exclude expression | include expression}] | service service-name [| {begin expression | exclude expression | include expression}]] [| {begin expression | exclude expression | include expression}]

Syntax Description

vpi/vci	(Optional) VPI/VCI value including the slash, for example, 3/33.
service	(Optional) Displays the VCs mapped to a service name.
service-name	(Optional) Service name.
begin	(Optional) Begin with the line that contains expression.
exclude	(Optional) Exclude lines that contain expression.
include	(Optional) Include lines that contain expression.
expression	(Optional) Word or phrase used to determine what lines will be shown.

Defaults

No default behavior or values.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.0(5)DC	This command was introduced.

Usage Guidelines

Use this command to display VC to service name mappings.

Examples

The following example displays the VCs mapped to the Worldwide service name:

 RouterA# show ssg vc-service-map service Worldwide

 Interface From To Service Name Type

 All 3 /33 None Worldwide non-exclusive

Related Commands

Command	Description
ssg vc-service-map	Maps VCs to service names.

ssg accounting interval

To specify the interval at which accounting updates are sent to the accounting server, use the ssg accounting interval global configuration command. To disable the accounting interval, use the no form of this command.

ssg accounting interval seconds

no ssg accounting interval seconds

Syntax Description

seconds

(60-4294967295) Number of seconds after which an accounting update will be sent to the accounting server. The minimum interval is 60 seconds.

Defaults

The accounting interval is 120 seconds by default.

Command Modes

Global configuration

Command History

Release	Modification
12.0(5)DC	This command was introduced.

Usage Guidelines

Use this command to specify the interval at which accounting updates are sent to the accounting server.

Examples

The following example specifies that the NRP-SSG will send an accounting update to the accounting server every 60 seconds:

 routerA# configure terminal

 Enter configuration commands, one per line. End with CNTL/Z.

 routerA(config)# ssg accounting interval 60

ssg vc-service-map

To map VCs to service names, use the ssg vc-service-map global configuration command. To disable VC to service name mapping, use the no form of this command.

ssg vc-service-map service-name [interface slot-module-port] start-vpi | start-vpi/vci [end-vpi | end-vpi/vci] exclusive | non-exclusive

no ssg vc-service-map service-name [interface slot-module-port] start-vpi | start-vpi/vci [end-vpi | end-vpi/vci] exclusive | non-exclusive

Syntax Description

service-name	Service name.
interface	Specifies a service name mapping for an NSP interface.
slot-module-port	Slot, module and port of the NSP interface through which the NRP will access the mapped service.
start-vpi	(0-255) VPI or start of a range of VPIs that will be mapped to the service.
start-vpi/vci	(0-255) VPI/VCI or start of a range of VPI/VCIs that will be mapped to the service.
end-vpi	(0-255) End of a range of VPIs that will be mapped to the service.
end-vpi/vci	(0-255) End of a range of VPI/VCIs that will be mapped to the service.
exclusive	Users will only be able to access the mapped service.
non-exclusive	Users will be able to access the mapped service as well as any other services to which they are subscribed. Users can log in to the NRP-SSG with a user name and password, establishing a non-PPP Termination Aggregation (PTA) session, and a PTA session to the mapped service will be established by default. If non-exclusive is specified for the service mapping, users can also establish a PTA session to another service to which they are subscribed.

Defaults

The service mapping is non-exclusive by default.

Command Modes

Global configuration

Command History

Release	Modification
12.0(5)DC	This command was introduced.

Usage Guidelines

Use this command to map VCs to service names. If you specify a VC to service name mapping as exclusive, specifying a username will log you into the mapped service. However specifying username@service will not log you in. If you specify a mapping as non-exclusive, specifying a username will log you into the mapped service. However, username@service1 will log you into service1.

Examples

The following example maps all users coming into the NRP on VPI/VCI 3/33 to the service Worldwide exclusively:

 routerA# configure terminal

 Enter configuration commands, one per line. End with CNTL/Z.

 routerA(config)# ssg vc-service-map Worldwide 3/33 exclusive

Related Commands

Command	Description
show ssg vc-service-map	Displays VC to service name mappings.

Hierarchical Navigation

Cisco IOS Software Releases 12.0 Special and Early Deployments