Table Of Contents
Prerequisites for SSG Port-Bundle Host Key
Restrictions for SSG Port-Bundle Host Key
Information About SSG Port-Bundle Host Key
Benefits of SSG Port-Bundle Host Key
How to Configure SSG Port-Bundle Host Key
Configuring the SSG Port-Bundle Host Key
Verifying the SSG Port-Bundle Host Key
Monitoring and Maintaining SSG Port-Bundle Host Key
Configuration Examples for SSG Port-Bundle Host Key
SSG Port-Bundle Host Key Configuration: Example
ssg port-map destination access-list
ssg port-map destination range
SSG Port-Bundle Host Key
Note This document describes the SSG Port-Bundle Host Key feature in Cisco IOS Releases 12.2(16)B and 12.3(4)T. If you are running an earlier release of Cisco IOS software, refer to the "Service Selection Gateway" new-feature document for that release.
The SSG Port-Bundle Host Key feature enhances communication and functionality between the Service Selection Gateway (SSG) and the Cisco Subscriber Edge Services Manager (SESM) by introducing a mechanism that uses the host source IP address and source port to identify and monitor subscribers.
Feature History for the SSG Port-Bundle Host Key Feature
Finding Support Information for Platforms and Cisco IOS Software Images
Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.
Contents
•Prerequisites for SSG Port-Bundle Host Key, page 2
•Restrictions for SSG Port-Bundle Host Key, page 2
•Information About SSG Port-Bundle Host Key, page 3
•How to Configure SSG Port-Bundle Host Key, page 5
•Configuration Examples for <Phrase Based on Module Title>, page 10
•Additional References, page 10
•Command Reference, page 12
Prerequisites for SSG Port-Bundle Host Key
The SSG Port-Bundle Host Key feature requires Cisco Service Selection Dashboard (SSD) Release 3.0(1) or Cisco SESM Release 3.1(1). If you are using an earlier release of SSD, disable the SSG Port-Bundle Host Key feature using the no ssg port-map global configuration command.
A default network must be configured and routable from SSG in order for the following commands to be effective:
•destination access-list
•destination range (without an IP address specified)
You must enable Cisco Express Forwarding (CEF) on the router before SSG functionality can be enabled. You can disable CEF at the individual interface level without affecting SSG.
You must enable SSG by using the ssg enable command before you can configure the SSG Port-Bundle Host Key feature.
Restrictions for SSG Port-Bundle Host Key
The SSG Port-Bundle Host Key feature has the following restrictions:
•The SSG Port-Bundle Host Key feature must be separately enabled at the SESM and at all connected SSGs.
•The SSG Port-Bundle Host Key feature can be enabled or the port-bundle length can be changed only when there are no SSG host objects present.
•All SSG source IP addresses configured with the source ip command must be routable in the management network where the SESM resides.
•Overlapping subscriber IP addresses are supported only for hosts connected to SSG through routed point-to-point interfaces.
•Overlapping IP users cannot come in on the same SSG downlink interface.
•Overlapping IP users cannot be connected to the same service or to different services that are bound to the same uplink interface.
•For each SESM server, all connected SSGs must have the same port-bundle length.
•RFC 1483 or local bridged or routed clients cannot have overlapping IP addresses, even across different interfaces.
Information About SSG Port-Bundle Host Key
To configure the SSG Port-Bundle Host Key feature, you should understand the following concepts:
•Overview of SSG, page 3
•Host Key Mechanism, page 3
•Local Forwarding, page 4
•Benefits of SSG Port-Bundle Host Key, page 4
Overview of SSG
Service Selection Gateway (SSG) is a switching solution for service providers who offer intranet, extranet, and Internet connections to subscribers using broadband access technology such as digital subscriber lines, cable modems, or wireless to allow simultaneous access to network services.
SSG works in conjunction with the Cisco Service Selection Dashboard (SSD) or its successor product, the Cisco SESM. Together with the SESM or SSD, SSG provides subscriber authentication, service selection, and service connection capabilities to subscribers of Internet services. Subscribers interact with an SESM or SSD web application using a standard Internet browser.
Host Key Mechanism
Note All references to SESM also apply to SSD unless a clear distinction is made.
With the SSG Port-Bundle Host Key feature, SSG performs port-address translation (PAT) and network-address translation (NAT) on the HTTP traffic between the subscriber and the SESM server. When a subscriber sends an HTTP packet to the SESM server, SSG creates a port map that changes the source IP address to a configured SSG source IP address and changes the source TCP port to a port allocated by SSG. SSG assigns a bundle of ports to each subscriber because one subscriber can have several simultaneous TCP sessions when accessing a web page. The assigned host key, or combination of port bundle and SSG source IP address, uniquely identifies each subscriber. The host key is carried in RADIUS packets sent between the SESM server and SSG in the Subscriber IP vendor-specific attribute (VSA). Table 1 describes the Subscriber IP VSA. When the SESM server sends a reply to the subscriber, SSG translates the destination IP address and destination TCP port according to the port map.
For each TCP session between a subscriber and the SESM server, SSG uses one port from the port bundle as the port map. Port mappings are flagged as eligible for reuse on the basis of inactivity timers, but are not explicitly removed once assigned. The number of port bundles is limited, but you can assign multiple SSG source IP addresses to accommodate more subscribers.
SSG assigns the base port of the port bundle to a port map only if SSG has no state information for the subscriber or if the state of the subscriber has changed. When the SESM server sees the base port of a port bundle in the host key, SESM queries SSG for new subscriber state information.
Local Forwarding
When the SSG Port-Bundle Host Key feature is not configured, SSG local forwarding enables SSG to forward packets locally between any SSG hosts. When the SSG Port-Bundle Host Key feature is configured, local forwarding works only for SSG hosts that are connected to at least one common service. The hosts must be connected to a common service because if the destination host has an overlapping IP address, SSG will not know to which of the overlapping hosts to forward the traffic. In order for SSG to forward packets from one SSG host to another SSG host that has an overlapping IP address, the overlapping hosts cannot share any common services with the source host; otherwise, traffic is not guaranteed to go to the required host.
Benefits of SSG Port-Bundle Host Key
Support for Overlapped Subscriber IP Addresses Extended to Include SESM Usage
Without the SSG Port-Bundle Host Key feature, PPP users are allowed to have overlapped subscriber IP addresses, but they cannot use SSG to conduct service selection through the web-based SESM user interface.
With the SSG Port-Bundle Host Key feature, PPP users can have overlapped IP addresses while using SSG with SESM or SSD. The subscriber IP addresses are also not required to be routable within the service management network where the SESM server resides, because the host key enables support for private addressing schemes.
Cisco SESM Provisioning for Subscriber and SSG IP Addresses No Longer Required
Without the SSG Port-Bundle Host Key feature, SESM must be provisioned for subscriber and SSG IP addresses before SESM is able to send RADIUS packets to SSG or send HTTP packets to subscribers.
The SSG Port-Bundle Host Key feature eliminates the need to provision SESM in order to allow one SESM server to serve multiple SSGs and to allow one SSG to be served by multiple SESM servers.
Reliable and Just-in-Time Notification to Cisco SSD of Subscriber State Changes
Without the SSG Port-Bundle Host Key feature, SSG uses an asynchronous messaging mechanism to immediately notify the SESM server of subscriber state changes in SSG (such as session timeouts or idle timeout events).
The SSG Port-Bundle Host Key feature replaces the asynchronous messaging mechanism with an implicit and reliable notification mechanism that uses the base port of a port bundle to alert the SESM server of a state change. The SESM server can then query SSG for the true state of the subscriber and update the cached object or send the information back to the subscriber.
Support for Multiple Accounts for One Subscriber IP Address
To accommodate multiple users sharing a single PC, the SSG Port-Bundle Host Key feature supports multiple subaccounts, each with a different username under one subscriber. When the SESM server contacts SSG to log a new user in to an already logged-in account, SSG logs out the existing account and logs in the new user. In account switching, the port bundle and host object remain the same, but the content of the host object is changed according to the profile of the subaccount user.
How to Configure SSG Port-Bundle Host Key
This section contains the following procedures:
•Configuring the SSG Port-Bundle Host Key, page 5 (required)
•Verifying the SSG Port-Bundle Host Key, page 8 (optional)
•Monitoring and Maintaining SSG Port-Bundle Host Key, page 9 (optional)
Configuring the SSG Port-Bundle Host Key
To use SSG port-bundle host key functionality, you must enable the host key, specify the subscriber traffic to be port-mapped, and specify the SSG source IP addresses. You can also specify the port-bundle length. Perform this task to configure the SSG port-bundle host key functionality.
Port-Bundle Length
The port-bundle length is used to determine the number of bundles in one group and the number of ports in one bundle. By default, the port-bundle length is 4 bits. The maximum port-bundle length is 10 bits. See Table 2 for available port-bundle length values and the resulting port-per-bundle and bundle-per-group values. Increasing the port-bundle length can be useful when you see frequent error messages about running out of ports in a port bundle.
Note For each SESM server, all connected SSGs must have the same port-bundle length, which must correspond to the configured value given in the SESM server's BUNDLE_LENGTH argument. If you change the port-bundle length on an SSG, be sure to make the corresponding change in the SESM configuration.
Prerequisites
The SSG Port-Bundle Host Key feature requires Cisco SSD Release 3.0(1) or Cisco SESM Release 3.1(1).
SUMMARY STEPS
1. enable
2. configure terminal
3. ip cef
4. ssg enable
5. ssg port-map
6. destination range port-range-start to port-range-end [ip ip-address]
7. destination access-list access-list-number
8. source ip {ip-address | interface}
9. length bits
DETAILED STEPS
Verifying the SSG Port-Bundle Host Key
Perform this task to verify SSG port-bundle host key configuration and functionality.
SUMMARY STEPS
1. show running-config
2. show ssg port-map status
3. show ssg port-map status [free | reserved | inuse]
4. show ssg port-map ip ip-address port port-number
DETAILED STEPS
Step 1 To verify the SSG Port-Bundle Host Key configuration, use the show running-config command in privileged EXEC mode.
Step 2 To display a summary of all port-bundle groups, use the show ssg port-map status command with no keywords:
Router# show ssg port-map statusBundle-length = 4Bundle-groups:-IP Address Free Bundles Reserved Bundles In-use Bundles70.13.60.2 4032 0 0Step 3 Use the show ssg port-map status command with the free, reserved, or inuse keyword to display port bundles with the specified status:
Router# show ssg port-map status inuseBundle-group 70.13.60.2 has the following in-use port-bundles:-Port-bundle Subscriber Address Interface64 10.10.3.1 Virtual-Access2Step 4 To display information about a specific port bundle, use the show ssg port-map ip command:
Router# show ssg port-map ip 70.13.60.2 port 64State = IN-USESubscriber Address = 10.10.3.1Downlink Interface = Virtual-Access2Port-mappings:-Subscriber Port: 3271 Mapped Port: 1024Subscriber Port: 3272 Mapped Port: 1025Subscriber Port: 3273 Mapped Port: 1026Subscriber Port: 3274 Mapped Port: 1027Subscriber Port: 3275 Mapped Port: 1028
Monitoring and Maintaining SSG Port-Bundle Host Key
Perform this task to monitor and maintain the SSG Port-Bundle Host Key feature. The commands do not have to be entered in a particular order.
SUMMARY STEPS
1. debug ssg port-map {events | packets}
2. clear ssg connection ip-address service-name [interface]
3. clear ssg host ip-address interface
4. show ssg connection ip-address service-name [interface]
5. show ssg host [ip-address [interface] | username]
6. show ssg port-map ip ip-address port port-number
7. show ssg port-map status [free | reserved | inuse]
8. show ssg interface [interface | brief]
9. show ssg summary
DETAILED STEPS
Configuration Examples for SSG Port-Bundle Host Key
This section contains the following example:
•SSG Port-Bundle Host Key Configuration: Example, page 10
SSG Port-Bundle Host Key Configuration: Example
In the following example, packets that match the specified TCP port range or that are permitted by access list 100 will be port-mapped. Loopback interface 1 is specified as the SSG source IP address.
ssg port-mapdestination range 8080 to 10100 ip 10.13.6.100port-map destination access-list 100port-map source ip Loopback1Additional References
The following sections provide references related to the SSG Port-Bundle Host Key feature.
Related Documents
Standards
Standards TitleNo new or modified standards are supported by this feature. Support for existing standards has not been modified by this feature.
—
MIBs
RFCs
RFCs TitleNo new or modified RFCs are supported by this feature. Support for existing RFCs has not been modified by this feature.
—
Technical Assistance
Command Reference
This section documents new and replaced commands in Cisco IOS Releases 12.2(16)B and 12.3(4)T. All other commands used with this feature are documented in the Cisco IOS Release 12.3 T command reference publications.
New Commands
•destination access-list
•destination range
•length (SSG)
•show ssg interface
•show ssg summary
•source ip
•ssg port-map
Replaced Commands
destination access-list
To specify packets for port-mapping by specifying an access list to compare against the subscriber traffic, use the destination access-list command in SSG portmap configuration configuration mode. To remove this specification, use the no form of this command.
destination access-list access-list-number
no destination access-list access-list-number
Syntax Description
Defaults
SSG does not use an access list when port-mapping subscriber traffic.
Command Modes
SSG portmap configuration
Command History
Usage Guidelines
When the destination access-list command is configured, any traffic going to the default network and matching the access list will be port-mapped.
Note A default network must be configured and routable from SSG in order for this command to be effective.
You can use multiple entries of the destination access-list command. The access lists are checked against the subscriber traffic in the order in which they are defined.
Examples
In the following example, SSG will port-map packets that are permitted by access list 100:
ssg port-mapdestination access-list 100source ip Ethernet0/0/0!...!access-list 100 permit ip 10.0.0.0 0.255.255.255 host 70.13.6.100access-list 100 deny ip any anyRelated Commands
destination range
To identify packets for port-mapping by specifying the TCP port range to compare against the subscriber traffic, use the destination range command in SSG portmap configuration mode. To remove this specification, use the no form of this command.
destination range port-range-start to port-range-end [ip ip-address]
no destination range port-range-start to port-range-end [ip ip-address]
Syntax Description
Defaults
A TCP port range is not used in port-mapping subscriber traffic.
Command Modes
SSG portmap configuration
Command History
Release Modification12.2(16)B
This command was introduced. This command replaces the ssg port-map destination range command.
12.3(4)T
This command was integrated into Cisco IOS Release 12.3(4)T.
Usage Guidelines
If a destination IP address is not configured, a default network must be configured and routable from SSG in order for this command to be effective.
If the destination IP address is not configured, any traffic going to the default network with the destination port will fall into the destination port range and will be port-mapped.
You can use multiple entries of the destination range command. The port ranges are checked against the subscriber traffic in the order in which they were defined.
Examples
In the following example, SSG will port-map any packets that are going to the default network and have a destination port within the range from 8080 to 8081:
ssg port-mapdestination range 8080 to 8081Related Commands
length (SSG)
To modify the port-bundle length upon the next Service Selection Gateway (SSG) reload, use the length command in SSG portmap configuration mode. To return the port-bundle length to the default value, use the no form of this command.
length bits
no length bits
Syntax Description
Defaults
4 bits
Command Modes
SSG portmap configuration
Command History
Release Modification12.2(16)B
This command was introduced. This command replaces the ssg port-map destination range command.
12.3(4)T
This command was integrated into Cisco IOS Release 12.3(4)T.
Usage Guidelines
The port-bundle length is used to determine the number of bundles in one group and the number of ports in one bundle. By default, the port-bundle length is 4 bits. The maximum port-bundle length is 10 bits. See Table 3 for available port-bundle length values and the resulting port-per-bundle and bundle-per-group values. Increasing the port-bundle length can be useful when you see frequent error messages about running out of ports in a port bundle, but note that the new value does not take effect until SSG next reloads and Cisco Service Selection Dashboard (SSD) restarts.
Note For each Cisco SSD server, all connected SSGs must have the same port-bundle length.
Examples
The following example results in 64 ports per bundle and 1008 bundles per group:
ssg port-maplength 6Related Commands
show ssg interface
To display information about Service Selection Gateway (SSG) interfaces, use the show ssg interface command in user EXEC or privileged EXEC mode.
show ssg interface [interface | brief]
Syntax Description
interface
(Optional) Specific interface for which to display information.
brief
(Optional) Gives brief information about each of the SSG interfaces and their usage.
Command Modes
User EXEC
Privileged EXECCommand History
Release Modification12.2(16)B
This command was introduced.
12.3(4)T
This command was integrated into Cisco IOS Release 12.3(4)T.
Usage Guidelines
Use this command without any keywords or arguments to display information about all SSG interfaces.
Examples
The following example shows the show ssg interface brief command:
Router# show ssg interface briefInterface Direction bindingtype StatusATM3/0.1 Uplink Dynamic UpATM3/0.2 Downlink Static DownRelated Commands
show ssg summary
To display a summary of the Service Selection Gateway (SSG) configuration, use the show ssg summary command in user EXEC or privileged EXEC mode.
show ssg summary
Syntax Description
This command has no arguments or keywords.
Command Modes
User EXEC
Privileged EXECCommand History
Release Modification12.2(16)B
This command was introduced.
12.3(4)T
This command was integrated into Cisco IOS Release 12.3(4)T.
Usage Guidelines
Use this command to display information such as which SSG features are enabled, how many users are active, how many services are active, and what filters are active.
Examples
The following example shows the show ssg summary command:
Router# show ssg summarySSG Features Enabled:TCP Redirect: Unauthenticated, Service, Captive portal.QOS: User policing, Session Policing.Host Key: EnabledRelated Commands
source ip
To specify Service Selection Gateway (SSG) source IP addresses to which to map the destination IP addresses in subscriber traffic, use the source ip command in SSG portmap configuration mode. To remove this specification, use the no form of this command.
source ip {ip-address | interface}
no source ip {ip-address | interface}
Syntax Description
ip-address
SSG source IP address.
interface
Interface whose main IP address is used as the SSG source IP address.
Defaults
No default behavior or values.
Command Modes
SSG portmap configuration
Command History
Release Modification12.2(16)B
This command was introduced. This command replaces the ssg port-map source ip command.
12.3(4)T
This command was integrated into Cisco IOS Release 12.3(4)T.
Usage Guidelines
With the SSG Port-Bundle Host Key feature, SSG maps the destination IP addresses in subscriber traffic to specified SSG source IP addresses.
All SSG source IP addresses configured with the source ip command must be routable in the management network where the Cisco SSD or SESM resides.
If the interface for the source IP address is deleted, the port-map translations will not work correctly.
Because a subscriber can have several simultaneous TCP sessions when accessing a web page, SSG assigns a bundle of ports to each subscriber. Because the number of available port bundles is limited, you can assign multiple SSG source IP addresses (one for each group of port bundles). By default, each group has 4032 bundles, and each bundle has 16 ports. To modify the number of bundles per group and the number of ports per bundle, use the length command.
Examples
The following example shows the SSG source IP address specified with an IP address and with specific interfaces:
ssg port-mapsource ip 10.0.50.1source ip Ethernet 0/0/0ssg port-map source ip Loopback 1Related Commands
Command Descriptionlength (SSG)
Modifies the port-bundle length upon the next SSG reload.
ssg port-map
Enables the SSG port-bundle host key and enters SSG portmap configuration mode.
ssg port-map
To enable the SSG port-bundle host key and enter SSG portmap configuration mode, use the ssg port-map command in global configuration mode. To disable the port-bundle host key feature, use the no form of this command.
ssg port-map
no ssg port-map
Syntax Description
This command has no arguments or keywords.
Defaults
The Port-Bundle Host Key feature is not enabled.
Command Modes
Global configuration
Command History
Release Modification12.2(16)B
This command was introduced.
12.3(4)T
This command was integrated into Cisco IOS Release 12.3(4)T.
Usage Guidelines
This command will not take effect until the router has reloaded.
The SSG Port-Bundle Host Key feature requires Cisco Service Selection Dashboard (SSD) Release 3.0(1) or Cisco Subscriber Edge Services Manager (SESM) Release 3.1(1).
Examples
The following example shows how to enable the SSG port-bundle host key and enter SSG portmap configuration mode:
Router(config)# ssg port-mapRouter(ssg-port-map)#Related Commands
ssg port-map destination access-list
Note Effective with Cisco IOS Releases 12.2(16)B and 12.3(4)T, this command is replaced by the destination access-list command. See the destination access-list command page for more information.
To identify packets for port-mapping by specifying an access list to compare against the subscriber traffic, use the ssg port-map destination access-list command in global configuration mode. To remove this specification, use the no form of this command.
ssg port-map destination access list access-list-number
no ssg port-map destination access list access-list-number
Syntax Description
Defaults
No default behavior or values.
Command Modes
Global configuration
Command History
Usage Guidelines
When the ssg port-map destination access list command is configured, any traffic going to the default network and matching the access list will be port-mapped.
Note A default network must be configured and routable from SSG in order for this command to be effective.
You can use multiple entries of the ssg port-map destination access-list command. The access lists are checked against the subscriber traffic in the order in which they are defined.
Examples
In the following example, packets permitted by access list 100 will be port-mapped:
ssg port-map enablessg port-map destination access-list 100ssg port-map source ip Ethernet0/0/0!....!access-list 100 permit ip 10.0.0.0 0.255.255.255 host 70.13.6.100access-list 100 deny ip any anyRelated Commands
Command Descriptionssg port-map destination range
Identifies packets for port-mapping by specifying the TCP port range to compare against the subscriber traffic.
ssg port-map destination range
Note Effective with Cisco IOS Releases 12.2(16)B and 12.3(4)T, this command is replaced by the destination range command. See the destination range command page for more information.
To identify packets for port-mapping by specifying the TCP port range to compare against the subscriber traffic, use the ssg port-map destination range command in global configuration mode. To remove this specification, use the no form of this command.
ssg port-map destination range from port-number-1 to port-number-2 [ip ip-address]
no ssg port-map destination range from port-number-1 to port-number-2 [ip ip-address]
Syntax Description
Defaults
If an IP address is not specified, Service Selection Gateway (SSG) will allow any destination IP address in the subscriber traffic to be port-mapped, as long as the packets match the specified port ranges.
Command Modes
Global configuration
Command History
Usage Guidelines
If the destination IP address is not configured, a default network must be configured and routable from SSG in order for this command to be effective.
If the destination IP address is not configured, any traffic going to the default network with the destination port will fall into the destination port range and will be port mapped.
You can use multiple entries of the ssg port-map destination range command. The port ranges are checked against the subscriber traffic in the order in which they were defined.
Examples
In the following example, packets that are going to the default network and have a destination port within the range from 8080 to 8081 will be port-mapped:
Router(config)# ssg port-map destination range from 8080 to 8081Related Commands
Command Descriptionssg port-map destination access-list
Identifies packets for port-mapping by specifying an access list to compare against the subscriber traffic.
ssg port-map enable
Note Effective with Cisco IOS Releases 12.2(16)B and 12.3(4)T, this command is replaced by the ssg port-map command. See the ssg port-map command page for more information.
To enable the Service Selection Gateway (SSG) port-bundle host key, use the ssg port-map enable command in global configuration mode. To disable the SSG port-bundle host key, use the no form of this command.
ssg port-map enable
no ssg port-map enable
Syntax Description
This command has no arguments or keywords.
Defaults
SSG port-bundle host key is disabled by default.
Command Modes
Global configuration
Command History
Usage Guidelines
This command will not take effect until the router has been reloaded.
The SSG Port-Bundle Host Key feature requires Cisco Service Selection Dashboard (SSD) Release 3.0(1) or CiscoSubscriber Edge Services Manager (SESM) Release 3.1(1). If you are using an earlier release of SSD, use the no ssg port-map enable command to disable the SSG Port-Bundle Host Key feature.
Examples
The following example shows how to enable the SSG port-bundle host key:
Router(config)# ssg port-map enableRelated Commands
ssg port-map length
Note Effective with Cisco IOS Releases 12.2(16)B and 12.3(4)T, this command is replaced by the length command. See the length (SSG) command page for more information.
To modify the port-bundle length upon the next Service Selection Gateway (SSG) reload, use the ssg port-map length command in global configuration mode. To return the port-bundle length to the default value, use the no form of this command.
ssg port-map length bits
no ssg port-map length bits
Syntax Description
Defaults
4 bits
Command Modes
Global configuration
Command History
Usage Guidelines
The port-bundle length is used to determine the number of bundles in one group and the number of ports in one bundle. By default, the port-bundle length is 4 bits. The maximum port-bundle length is 10 bits. See Table 4 for available port-bundle length values and the resulting port-per-bundle and bundle-per-group values. Increasing the port-bundle length can be useful when you see frequent error messages about running out of ports in a port bundle, but note that the new value does not take effect until SSG next reloads and Cisco Service Selection Dashboard (SSD) restarts.
Note For each Cisco SSD server, all connected SSGs must have the same port-bundle length.
Examples
The following example results in 64 ports per bundle and 1008 bundles per group:
Router(config)# ssg port-map length 6Related Commands
Command Descriptionshow ssg port-map status
Displays information on port bundles, including the port-bundle length.
ssg port-map source ip
Note Effective with Cisco IOS Releases 12.2(16)B and 12.3(4)T, this command is replaced by the source ip command. See the source ip command page for more information.
To specify Service Selection Gateway (SSG) source IP addresses to which to map the destination IP addresses in subscriber traffic, use the ssg port-map source ip command in global configuration mode. To remove this specification, use the no form of this command.
ssg port-map source ip {ip-address | interface}
no ssg port-map source ip {ip-address | interface}
Syntax Description
ip-address
SSG source IP address.
interface
Interface whose main IP address is used as the SSG source IP address.
Defaults
No default behavior or values.
Command Modes
Global configuration
Command History
Usage Guidelines
With the SSG Port-Bundle Host Key feature, SSG maps the destination IP addresses in subscriber traffic to specified SSG source IP addresses.
All SSG source IP addresses configured with the ssg port-map source ip command must be routable in the management network where the Cisco SSD resides.
If the interface for the source IP address is deleted, the port-map translations will not work correctly.
Because a subscriber can have several simultaneous TCP sessions when accessing a web page, SSG assigns a bundle of ports to each subscriber. Because the number of available port bundles are limited, you can assign multiple SSG source IP addresses (one for each group of port bundles). By default, each group has 4032 bundles, and each bundle has 16 ports. To modify the number of bundles per group and the number of ports per bundle, use the ssg port-map length commandin global configuration mode.
Examples
The following example shows the SSG source IP address specified with an IP address and with specific interfaces:
Router(config)# ssg port-map source ip 10.0.50.1Router(config)# ssg port-map source ip Ethernet0/0/0Router(config)# ssg port-map source ip Loopback 1Related Commands
Copyright © 2003 Cisco Systems, Inc. All rights reserved.