Add On
Package
|
Enable Add
On Package
|
FALSE
|
Enables
addition of the Add On Packages
|
Bandwidth
Management
|
|
Level of BWC enforcement on networking flows of P2P and IM
applications.
|
SCE to use Default Service BWCs.
|
Specifies the level of BWC enforcement on networking flows of
P2P and IM applications.
|
Use Global
Bandwidth Management in Virtual Links Mode
|
FALSE
|
Specifies
whether to use the Global Bandwidth Management in Virtual Links Mode.
|
Classification
|
Apply this
order of priority between different criteria for service classification
|
Zone >
Flavor > Protocol > Init-Side
|
Specifies
the order of priority between different criteria for service classification.
Values are:
- Flavor > Protocol >
Zone > Init-Side
- Zone > Flavor >
Protocol > Init-Side
|
Character '/' denotes
absence of Params part in URL
|
TRUE
|
Specifies that the
character '/' is taken as default value when Params field is left empty.
|
ClickStream
Event recognition
|
TRUE
|
Specifies
whether to recognize ClickStream Events.
|
Enable
sending ‘404, Page Not Found’ upon blocking
|
FALSE
|
Specifies
whether to send ‘404, Page Not Found’ upon blocking.
|
Guruguru
detailed inspection mode enabled
|
FALSE
|
The
Guruguru protocol is used by the Guruguru file-sharing application popular in
Japan. Cisco SCA BB provides two inspection modes for classification of this
protocol:
- Default—Suitable for
networks where little Guruguru traffic is expected. This mode is usual in all
countries except Japan.
- Detailed—Suitable for
networks where Guruguru traffic is expected to be common. This mode is used in
Japanese networks only.
|
Kuro
detailed inspection mode enabled
|
FALSE
|
The Kuro
protocol is used by the Kuro file-sharing application popular in Japan. Cisco
SCA BB provides two inspection modes for classification of this protocol:
- Default—Suitable for
networks where little Kuro traffic is expected. This is usual in all countries
except Japan.
- Detailed—Suitable for
networks where Kuro traffic is expected to be common. This mode is used in
Japanese networks only.
|
Number of
HTTP GET detections
|
1
|
Specifies
the number of HTTP GET detections. The Cisco SCE classifies the HTTP based on
the number of GET requests configured.
Range is 1
to 65535, and the default value is 1.
Note
| Since
the Deep HTTP Inspection feature examines all packets in a single HTTP stream
until the configured number of requests has been found, any value higher than 1
may impact the performance of the Cisco SCE.
|
|
Soribada
detailed inspection mode enabled
|
FALSE
|
The Soribada
protocol is used by the Soribada file-sharing application popular in Japan.
Cisco SCA BB provides two inspection modes for classification of this protocol:
- Default—Suitable for
networks where little Soribada traffic is expected. This is usual in all
countries except Japan.
- Detailed—Suitable for
networks where Soribada traffic is expected to be common. This mode is used in
Japanese networks only.
|
TCP
destination port signatures
|
1720:H323
|
TCP
destination port numbers for signatures that require a port hint for correct
classification.
Valid
values are comma-separated items, each item in the form
<port-number>:<signature-name>.
Applicable
signature names are: H323, Radius Access, Radius Accounting, and DHCP.
|
UDP
destination port signatures
|
67:DHCP,
68:DHCP, 1812:Radius Access, 1645:Radius Access, 1813:Radius Accounting,
1646:Radius Accounting
|
UDP
destination port numbers for signatures that require a port hint for correct
classification.
Valid
values are comma-separated items, each item in the form
<port-number>:<signature-name>.
Applicable
signature names are: H323, Radius Access, Radius Accounting, and DHCP.
|
UDP ports
for which flow should be opened on the first IPv6 packet
|
5060, 5061,
69, 546, 547, 2427, 2727, 9201, 9200, 123, 1900, 5190, 10000
|
Enhanced flow-open mode is disabled on the specified UDP ports
to allow classification according to the first IPv6 packet of the flow.
Effective with Cisco SCE Release 4.0.0, you can use a maximum of 21 unique
ports for IPv4 and IPv6 addresses on the Cisco SCE 8000 devices.
Enhanced flow-open mode is
disabled on the specified UDP ports to allow the classification according to
the first IPv6 packet of the flow. You can use a maximum of 38 unique ports for
IPv4 and IPv6 addresses on the Cisco SCE 10000 devices.
|
UDP ports
for which flow should be opened on the first packet
|
5060, 5061,
67, 68, 69, 1812, 1813, 1645, 1646, 2427, 2727, 9201, 9200, 123, 1900, 5190,
10000
|
Enhanced flow-open mode is disabled on the specified UDP ports
to allow the classification according to the first packet of the flow.
Effective with Cisco SCE Release 4.0.0, you can use a maximum of 21 unique
ports for IPv4 and IPv6 addresses on the Cisco SCE 8000 devices.
Enhanced flow-open mode is
disabled on the specified UDP ports to allow the classification according to
the first packet of the flow. You can use a maximum of 38 unique ports for IPv4
and IPv6 addresses on the Cisco SCE 10000 devices.
|
UDP source
port signatures
|
1812:Radius
Access, 1645:Radius Access, 1813:Radius Accounting, 1646:Radius Accounting
|
UDP source
port numbers for signatures that require a port hint for correct
classification.
Valid
values are comma-separated items, each item in the form
<port-number>:<signature-name>.
Applicable
signature names are: H323, Radius Access, Radius Accounting, and DHCP.
|
V-Share
detailed inspection mode enabled
|
FALSE
|
The V-Share
protocol is used by the V-Share file-sharing application popular in Japan.
Cisco SCA BB provides two inspection modes for classification of this protocol:
- Default—Suitable for
networks where little V-Share traffic is expected. This mode is usual in all
countries except Japan.
- Detailed—Suitable for
networks where V-Share traffic is expected to be common. This mode is used in
Japanese networks only.
|
Winny
detailed inspection mode enabled
|
FALSE
|
The Winny
P2P protocol is used by the Winny file-sharing application popular in Japan.
Cisco SCA BB provides two inspection modes for classification of this protocol:
- Default—Suitable for
networks where little Winny traffic is expected. This is usual in all countries
except Japan.
- Detailed—Suitable for
networks where Winny traffic is expected to be common. This mode is used in
Japanese networks only.
|
WinnyP
aggressive classification enabled
|
FALSE
|
—
|
WinnyP
classification enabled
|
FALSE
|
—
|
Malicious
Traffic
|
Malicious
Traffic RDRs enabled
|
TRUE
|
Specifies
whether to generate Malicious Traffic RDRs.
|
Number of
seconds between Malicious Traffic RDRs on the same attack
|
60
|
A
Malicious Traffic RDR is generated when an attack is detected. Malicious
Traffic RDRs are then generated periodically, at user-configured intervals, for
the duration of the attack.
|
TCP port
that should remain open for Subscriber Notification
|
80
|
You can
choose to block flows that are part of any detected network attack, but this
may hinder subscriber notification of the attack.
The
specified TCP port is not blocked to allow notification of the attack to be
sent to the subscriber.
|
Multi
Stage Classification
|
Blocking
|
FALSE
|
Specifies
whether to block the sub services under the main service.
|
Enable
|
TRUE
|
Specifies
whether to enable the sub service classification of a service.
Multi
stage classification describes the application level services that can be
enabled or disabled. By default sub service classification of the services is
enabled.
For
example, Google talk service contains Google talk file transfer, Google talk
Networking, Google talk VoIP as sub services.
|
Policy
Check
|
Ongoing
policy check mode enabled
|
TRUE
|
Specifies
whether policy changes affect flows that are already open.
|
Time to
bypass between policy checks (seconds)
|
30
|
Maximum
time (in seconds) that may pass before policy changes affect flows that are
already open.
|
Quota
Management
|
Grace
period before first breach (seconds)
|
2
|
The time
(in seconds) to wait after a quota limit is breached before the breach action
is performed.
Policy
servers should use this period to provision quota to a subscriber that just
logged in.
|
Length of
the time frame for quota replenish scatter (minutes)
|
0
|
The size
of the window across which to scatter the periodic quota replenishment
randomly.
|
Time to
bypass between policy checks for quota limited flows
|
30
|
Maximum
time (in seconds) that may pass before a quota breach affects flows that are
already open.
|
Volume to
bypass between policy checks for quota limited flows
|
0
|
Maximum
flow volume (in bytes) that may pass before a quota breach affects flows that
are already open.
A value
of zero means that unlimited volume may pass.
|
Redirection
|
Adds
original host to redirection URL
|
FALSE
|
Specifies
whether to add the original host to the redirection URL.
|
Adds
original URL to redirect URL
|
FALSE
|
Specifies
whether to add the original URL to the redirection URL.
|
Maximum
redirect URL Length
|
500
|
Specifies
the maximum length of the redirect URL.
|
Redirect
subscriber ID format
|
Complete
- n=<user>@<realm>
|
Specifies
the redirect subscriber ID format to be configured.
Valid
Options are:
- Complete -
n=<user>@<realm> (default)
- User only - n=<user>
- Realm only -
r=<realm>
- Separately
-n<user>&r=<realm>
If the
subscriber name does not match the format of <user>@<realm>, the
full subscriber name is appended to the URL, regardless of the redirect
subscriber format configured.
|
Reporting
|
Extract
Full User Agent details
|
FALSE
|
Specifies
whether to extract full user agent details.
|
Flow
Accounting RDRs enabled
|
FALSE
|
Specifies
whether to generate Flow Accounting RDRs.
|
Flow
Accounting RDRs interval for each Service (in seconds)
|
60
|
Specifies
the interval at which the Flow Accounting RDRs are generated for each service.
|
Flow
Accounting RDRs limit per second
|
100
|
Specifies
the limit of Flow Accounting RDRs to be generated each second.
|
Hide
Subscriber IP and ID in RDRs
|
FALSE
|
Specifies
whether to hide the IP address and Subscriber ID in the following RDRs:
- Transaction RDR
- Transaction Usage RDR
- HTTP Transaction Usage RDR
- RTSP Transaction Usage RDR
- VoIP Transaction Usage RDR
- Video
Transaction Usage RDR
-
Blocking RDR
- Flow
Start RDR
- Flow
End RDR
- Flow
Ongoing RDR
- Media
Flow RDR
- Spam
RDR
See the
Cisco Service Control for Broadband Reference Guide for details on the RDRs.
|
Media
Flow RDRs enabled
|
TRUE
|
Specifies
whether to generate Media Flow RDRs.
|
Minimal
volume for generating HTTP Transaction Usage RDR (bytes)
|
0
|
Specifies
the minimum volume for generating HTTP Transaction Usage RDR.
|
Minimal
volume for generating RTSP Transaction Usage RDR (bytes)
|
0
|
Specifies
the minimum volume for generating RTSP Transaction Usage RDR.
|
Minimal
volume for generating Video Transaction Usage RDR (bytes)
|
1024000
|
Specifies
the minimum volume for generating Video Transaction Usage RDRs.
|
Video
Transaction Usage RDRs enabled
|
TRUE
|
Specifies
whether to generate Video Transaction Usage RDRs.
|
Enable
VSA Fields for Subscriber, HTTP Transaction, and Video Transaction RDRs
|
FALSE
|
Specifies
whether to generate VSA fields for Subscriber, HTTP Transaction, and Video
Transaction RDRs.
|
Subscriber Accounting RDR
enabled
|
|
|