The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
The Cisco Service Control Subscriber Manager SCE-Sniffer RADIUS Login Event Generator (LEG) is a software module that receives Raw Data Record (RDR) messages containing RADIUS information from Service Control Engine (SCE) devices configured with a RADIUS sniffer service. The SCE-Sniffer RADIUS LEG is an extension of the Cisco Service Control Subscriber Manager software and runs as part of the Cisco Service Control Subscriber Manager process.
The Cisco SCE device analyzes RADIUS traffic that traverses it (1) and reports the RADIUS transactions to the LEG using the RDR protocol (2). The LEG associates the RDR data to subscriber properties (name, subscriber IP, domain, and policies) and triggers a login or logout operation to the Cisco Service Control Subscriber Manager (3) as shown in Figure 23-1.
Figure 23-1 Cisco SCE-Sniffer RADIUS LEG Operation
This implementation of the Cisco SCE-Sniffer RADIUS LEG supports RFC 2865 (RADIUS Protocol) and RFC 2866 (RADIUS Accounting).
The LEG uses the following packet types:
The LEG uses the following attributes:
To associate policies to the subscribers, configure the LEG with the attribute that contains the policy information. The Vendor-Specific attribute (Attribute no. 26) can be used to associate policies to the subscribers in addition to all other RADIUS attributes of type string or integer.
To determine the subscriber ID, configure the LEG with the attribute that contains the subscriber ID information. The Vendor-Specific attribute (Attribute no. 26) can be used to determine the subscriber ID in addition to all other RADIUS attributes of type string. By default, the User-Name (Attribute no. 1) is configured to hold the Subscriber ID.
When a subscriber logs in through the SCE-Sniffer RADIUS LEG, that subscriber is mapped to an appropriate package ID based on the mapping defined in the SCE-Sniffer RADIUS LEG configuration file. If the Cisco SCMS Quota Manager is used to define quota for each subscriber, at some point of time, the subscriber may move to a penalty package based on the usage, as defined in the Quota Manager configuration.
RADIUS LEG does not change the package ID if the subscriber is in a penalty package.
To use this feature, you must add the list of penalty packages to the SCE-Sniffer RADIUS LEG configuration file by using the ignore_policy_list parameter. For details on the ignore_policy_list parameter, see the “Configuring the General Settings” section.
If the penalty packages are added to the configuration file, the Subscriber Manager checks whether the subscriber is in any of the penalty package defined in the ignore policy list. If the subscriber is in any of the penalty package, the Subscriber Manager will not update the new package and continue with the existing penalty package until the penalty period is over.
If you have configured the default_policy parameter, do not use the same value in the ignore_policy_list parameter.