Intelligent Services Gateway Configuration Guide, Cisco IOS XE Release 2
Configuring ISG Accounting
Download this chapter
Configuring ISG AccountingConfiguring ISG Accounting
Download the complete book
Intelligent Services Gateway Configuration Guide, Cisco IOS XE Release 2Intelligent Services Gateway Configuration Guide, Cisco IOS XE Release 2 (PDF - 2 MB)
give_us_feedback

Contents

Configuring ISG Accounting

Last Updated: June 12, 2011

Intelligent Services Gateway (ISG) is a Cisco IOS XE software feature set that provides a structured framework in which edge devices can deliver flexible and scalable services to subscribers. This module describes how to configure ISG accounting, including per-session accounting or per-flow accounting, broadcast accounting, and postpaid tariff switching.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the Feature Information Table at the end of this document.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Restrictions for ISG Accounting

ISG accounting supports only the RADIUS protocol.

If authentication, authorization, and accounting (AAA) broadcast accounting is used in conjunction with periodic accounting, you cannot configure different accounting periods for different accounting groups.

Information About ISG Accounting

Overview of ISG Accounting

ISG supports per-session, per-service, and per-flow accounting. Per-session accounting is the aggregate of all the flow traffic for a session. Per-session accounting can be enabled in a user profile. Per-service accounting can be enabled in a service profile or service policy map.

Per-flow accounting, which accounts for a subset of session traffic as defined by a traffic class, is enabled in a service profile or service policy map. When per-flow accounting is configured, the Parent-Session-ID vendor-specific attribute (VSA) is included in accounting records so that per-session and per-flow accounting records can be correlated in the RADIUS server.

When accounting is configured in a user profile, the service name attribute is not included in accounting records.

Session accounting is enabled if the aaa accounting network default command is configured and a AAA method list is specified. (It is recommended that you use a named method list rather than the default method list.) Flow accounting is disabled by default and will take place only if a AAA method list is specified in the service profile or service policy map. ISG accounting sends Accounting-Start, interim, and Accounting-Stop records to the specified AAA method list.

Per-service accounting allows RADIUS to track when services become active and stop within a subscriber session. Per-service accounting is the aggregate of all flow traffic for the duration of the service. Using this feature, the router includes all activated services for the session in a single accounting start message. When per-service accounting is configured, the service name and Parent-Session-ID attributes are included in accounting records.

ISG Accounting Messages on ANCP Ports

Accounting messages sent by ISG for sessions on an Access Node Control Protocol (ANCP) port contain the following AAA attributes: nas-tx-speed, nas-tx-speed-bps, nas-rx-speed, and nas-rx-speed-bps. ISG retrieves the values for these attributes from the Digital Subscriber Line Access Multiplexer (DSLAM) ANCP notification sent to ISG or from the Quality of Service (QoS) policy configured on the interface.

When an ANCP port is in an UP state, the attribute values are taken from the DSLAM ANCP notification sent to ISG. If the ANCP port state changes to a DOWN state, the ANCP accounting messages will continue to contain the AAA attributes sent in the DSLAM notification.

If the ANCP-port state has never been set to the UP state, ISG can retrieve the nas-tx-speed, nas-tx-speed-bps, nas-rx-speed, and nas-rx-speed-bps AAA attributes from the QoS policy on that interface.

In order to retrieve the AAA attributes from the QoS policy, the policy must be configured prior to the configuration of the ANCP neighbor, otherwise ISG uses the previous values (if any) for the AAA attributes when a session is established.

If the QoS policy values are changed, ISG continue to use the previous values until the ANCP neighbor is removed and reconfigured.

ISG Accounting Records

ISG accounting uses the RADIUS protocol to facilitate interaction between ISG and an external RADIUS-based AAA or mediation server. ISG sends accounting records with the associated attributes to the AAA accounting method list when the following events occur: account logon, account logoff, service logon, and service logoff. The accounting server can be configured to interpret the records to generate bills for postpaid sessions.

Account Logon and Logoff

ISG sends a RADIUS Accounting-Request record to the specified AAA method list when a subscriber logs onto or off of ISG. The Acct-Status-Type attribute included in the Accounting-Request record indicates if the record marks the start (commencement) of the subscriber session or the stop (termination) of the session.

When the aaa accounting command is enabled with the system, default, start-stop, and groupkeywords, accounting records are sent to the AAA server. When a subscriber logs on, ISG sends an Accounting-Start record to the AAA server. When a subscriber logs off, ISG sends an Accounting-Stop record.

Service Logon and Logoff

ISG sends a RADIUS Accounting-Start record to the AAA server when a service is activated for a subscriber, and it sends an Accounting-Stop record when a service is deactivated. The record contains a different accounting session ID from the accounting session ID of the parent session.

The Acct-Status-Type attribute included in the Accounting-Request record indicates whether the record marks the start or the end of the service. The name of the service is included in accounting records for service logon and logoff.

Accounting records may be sent for events other than account and service logon and logoff. See the "Configuring Accounting" chapter of the Cisco IOS Security Configuration Guide, Release 12.2, for more information.

Interim ISG Accounting Updates

ISG supports interim (intermittent) RADIUS accounting updates, which work the same way as “watchdog” RADIUS accounting. Accounting updates are sent between the times that ISG sends Accounting-Start and Accounting-Stop records.

ISG supports two types of interim accounting: accounting updates for new information (such as a new IP address) and periodic accounting, in which accounting records are sent at a configurable interval.

Interim accounting for new information can be enabled or disabled globally. Periodic accounting can be enabled for specific contexts, such as globally, in user profiles, and in services.

Broadcast Accounting

ISG supports AAA broadcast accounting, which is the ability to send user accounting records to multiple RADIUS servers. AAA broadcast accounting provides service providers with geographical redundancy for RADIUS servers, and provides accounting records to partners in wholesale models. For information about configuring AAA broadcast accounting, see the “Configuring Accounting ” chapter in the “Authentication, Authorization, and Accounting” part of the Cisco IOS XE Security Configuration Guide .

ISG Postpaid Tariff Switching

ISG postpaid tariff switching allows changes in tariffs during the lifetime of a connection. This feature applies to time-based or volume-based postpaid sessions in which the tariff changes at certain times of the day.

Typically, a service provider would use postpaid tariff switching to offer different tariffs to a subscriber while the subscriber is still connected; for example, changing a subscriber to a less expensive tariff during off-peak hours.

To handle tariff switches for postpaid connections, the accounting packets log the usage information during the various tariff-switch intervals. The service profile contains a weekly tariff-switch plan detailing the times of day at which tariff changes occur. ISG monitors the usage at every tariff-switch point and records this information in interim accounting records. The billing server monitors all interim accounting updates and obtains the information about the traffic sent at each tariff rate.


Note
Tariff switching is not required for time-based billing services. Because the billing server knows the service logon time stamp and logoff time stamp, it can calculate the various tariffs that apply during that time.

How to Configure ISG Accounting

Enabling ISG Per-Session Accounting

Per-session accounting can be configured in the following configuration sources:

  • User profile on a AAA server

This procedure contains the following sections:

Prerequisites

ISG sends accounting records to the authentication, authorization, and accounting (AAA) method list specified in the user profile, service profile, or service policy map. The tasks in this section assume that you have configured a AAA method list by using the aaa accounting command. See the Cisco IOS Security Command Reference for more information.

AAA servers must be configured to support ISG accounting.

Enabling Per-Session Accounting in a User Profile on a AAA Server

Use the attributes in this procedure to enable per-session accounting in a user profile on a AAA server. When accounting is configured in the user profile instead of the service profile, the Service Name attribute does not appear in the accounting.

SUMMARY STEPS

1.    Cisco-Avpair="accounting-list=accounting-mlist-name "

2.    IETF RADIUS attribute Acct-Interim-Interval (attribute 85)


DETAILED STEPS
Step 1   Cisco-Avpair="accounting-list=accounting-mlist-name "

Add the Accounting attribute to the user profile. This attribute enables accounting and specifies the AAA method list to which accounting updates will be sent.

Step 2   IETF RADIUS attribute Acct-Interim-Interval (attribute 85)

(Optional) Add the Acct-Interim-Interval (attribute 85) to the user profile. This attribute specifies the number of seconds between interim updates.

What to Do Next

You may want to configure a method of activating the service policy map or service profile; for example, control policies can be used to activate services. For more information about methods of service activation, see the module "Configuring ISG Subscriber Services".

Troubleshooting Tips

The following commands can be used to troubleshoot ISG accounting:

  • debug aaa accounting
  • debug radius [brief]
  • debug subscriber feature name accounting {event | error | detail}

Enabling ISG Per-Flow Accounting

ISG per-flow accounting can be configured in the following configuration sources:

  • Service profile on a AAA server
  • Service policy map on the ISG device

This procedure contains the following sections:

Prerequisites

ISG sends accounting records to the authentication, authorization, and accounting (AAA) method list specified in the user profile, service profile, or service policy map. The tasks in this section assume that you have configured a AAA method list by using the aaa accounting command. See the Cisco IOS Security Command Reference for more information.

AAA servers must be configured to support ISG accounting.

Enabling Per-Flow Accounting in a Service Profile on the AAA Server

Perform this task to configure per-flow accounting in a service profile on the AAA server.

Before You Begin

This task assumes that you have defined IP access lists for specifying traffic.


SUMMARY STEPS

1.    Cisco-AVpair = "ip:traffic-class={in | out} access-group [acl-number | name acl-name ] [priority n ]"

2.    Cisco-Avpair="accounting-list=accounting-mlist-name "

3.    IETF RADIUS attribute Acct-Interim-Interval (attribute 85)


DETAILED STEPS
Step 1   Cisco-AVpair = "ip:traffic-class={in | out} access-group [acl-number | name acl-name ] [priority n ]"

Add the ISG Traffic Class attribute to the service profile. This attribute specifies input and output traffic to which the service will apply. Both an input and output traffic classifier can be added to a service profile.

Step 2   Cisco-Avpair="accounting-list=accounting-mlist-name "

Add the Accounting attribute to the service profile on the AAA server. This attribute enables accounting and specifies the AAA method list to which accounting updates will be sent. The AAA method list must be configured.

Note    If this attribute is configured in a service profile that does not include a traffic class, accounting is performed on the session rather than on the flow.
Step 3   IETF RADIUS attribute Acct-Interim-Interval (attribute 85)

(Optional) Add the IETF RADIUS attribute Acct-Interim-Interval (attribute 85) to the service profile on the AAA server. This attribute specifies the number of seconds between interim updates.

Enabling Per-Flow Accounting in a Service Policy Map on the Router

Perform this task to enable accounting in a local service policy map for a specific flow.

Before You Begin

This task assumes that you have defined a traffic class map and associated IP access lists. See the module "Configuring ISG Subscriber Services" for more information about configuring traffic classes.


SUMMARY STEPS

1.    enable

2.    configure terminal

3.    policy-map type service policy-map-name

4.    class type traffic class-map-name

5.    accounting aaa list AAA-method-list

6.    exit


DETAILED STEPS
 Command or ActionPurpose
Step 1 enable


Example:

Router> enable

 

Enables privileged EXEC mode.

  • Enter your password if prompted.
 
Step 2 configure terminal


Example:

Router# configure terminal

 

Enters global configuration mode.

 
Step 3 policy-map type service policy-map-name


Example:

Router(config)# policy-map type service service1

 

Creates or defines a service policy map, which is used to define an ISG service and enters service policy-map configuration mode.

 
Step 4 class type traffic class-map-name


Example:

Router(config-service-policymap)# class type traffic firstclass

 

Associates a previously configured traffic class with the policy map and enters

 
Step 5 accounting aaa list AAA-method-list


Example:

Router(config-control-policymap-class-traffic)# accounting aaa list list1

 

Enables accounting and specifies the AAA method list to which accounting updates will be sent.

  • The AAA method list must be configured.
 
Step 6 exit


Example:

Router(config-control-policymap-class-traffic)# exit

 

Returns to service policy-map configuration mode.

 

Troubleshooting Tips

The following commands can be used to troubleshoot ISG accounting:

  • debug aaa accounting
  • debug radius [brief]
  • debug subscriber feature name accounting {event | error | detail}

What to Do Next

You may want to configure a method of activating the service policy map or service profile; for example, control policies can be used to activate services. For more information about methods of service activation, see the module "Configuring ISG Subscriber Services".

Enabling ISG Per-Service Accounting

Per-service accounting can be configured in the following configuration sources:

  • Service profile on a AAA server
  • Service policy map on the ISG device

This procedure contains the following sections:

Prerequisites

ISG sends accounting records to the authentication, authorization, and accounting (AAA) method list specified in the user profile, service profile, or service policy map. The tasks in this section assume that you have configured a AAA method list by using the aaa accounting command. See the Cisco IOS Security Command Reference for more information.

AAA servers must be configured to support ISG accounting.

Enabling Per-Service Accounting on the ISG

Use the following procedure to enable per-service accounting on the ISG.

SUMMARY STEPS

1.    enable

2.    configure terminal

3.    subscriber service session-accounting

4.    exit


DETAILED STEPS
 Command or ActionPurpose
Step 1 enable


Example:

Router> enable

 

Enables privileged EXEC mode. Enter your password if prompted.

 
Step 2 configure terminal


Example:

Router# configure terminal

 

Enters global configuration mode.

 
Step 3 subscriber service session-accounting

Example:

Router(config)# subscriber service session-accounting

 

Enables subscriber services accounting.

  • All started services are included in the session accounting start message.
 
Step 4 exit


Example:

Router(config)# exit

 

Exits global configuration mode.

 

Configuring RADIUS for Service Activation and Deactivation

Configure Cisco VSA 250 and VSA 252 in the service profile on RADIUS to dynamically activate and deactivate services. RADIUS uses VSA 250 in Access-Accept and VSA 252 in CoA messages. These VSAs have the following syntax:

252 0b "service(parameter1=value,parameter2=value,...)"
250 "service(parameter1=value,parameter1=value,...)"

When deactivating a service, RADIUS sends the same information in VSA 252 that was used for service activation, except that service deactivation uses 0c in the VSA instead of the 0b parameter used for service activation. VSA 252 has the following syntax for service deactivation:

252 0xC "service(parameter1=value,parameter2=value,...)"

Enabling Per-Service Accounting in a Service Profile on a AAA Server

Use the attributes in this procedure to enable per-service accounting in a service profile on a AAA server. Note that for per-service accounting, the traffic class attribute should not be included in the service profile.

SUMMARY STEPS

1.    Cisco-Avpair="accounting-list=accounting_mlist_name "

2.    IETF RADIUS attribute Acct-Interim-Interval (attribute 85)


DETAILED STEPS
Step 1   Cisco-Avpair="accounting-list=accounting_mlist_name "

Add the Accounting attribute to the service profile. This attribute enables accounting and specifies the AAA method list to which accounting updates will be sent.

Step 2   IETF RADIUS attribute Acct-Interim-Interval (attribute 85)

(Optional) Add the Acct-Interim-Interval (attribute 85) to the service profile. This attribute specifies the number of seconds between interim updates.

Enabling Per-Service Accounting in a Service Policy Map on the Router

To configure per-service accounting in a service policy map on the router, you must configure an empty traffic class map (a traffic class map that does not specify an access list) and enable accounting within the empty traffic class in a service policy map. Perform this task to enable per-service accounting in a service policy map.

SUMMARY STEPS

1.    enable

2.    configure terminal

3.    class-map type traffic match-any class-map-name

4.    exit

5.    policy-map type service policy-map-name

6.    class type traffic class-map-name

7.    accounting aaa list AAA-method-list

8.    exit


DETAILED STEPS
 Command or ActionPurpose
Step 1 enable


Example:

Router> enable

 

Enables privileged EXEC mode.

  • Enter your password if prompted.
 
Step 2 configure terminal


Example:

Router# configure terminal

 

Enters global configuration mode.

 
Step 3 class-map type traffic match-any class-map-name


Example:

Router(config)# class-map type traffic match-any empty_class

 

Creates or modifies a traffic class map, which is used for matching packets to a specified ISG traffic class, and enters traffic class map configuration mode.

  • For per-session accounting, create an empty traffic class map, that is, a traffic class map that does not specify an access list for matching traffic.
 
Step 4 exit


Example:

Router(config-traffic-classmap)# exit

 

Exit traffic class map configuration mode.

 
Step 5 policy-map type service policy-map-name


Example:

Router(config)# policy-map type service polmap1

 

Creates or defines a service policy map, which is used to define an ISG service and enters service policy-map configuration mode.

 
Step 6 class type traffic class-map-name


Example:

Router(config-service-policymap)# class type traffic empty_class

 

Specifies a named traffic class whose policy you want to create or change and enters service policy traffic class configuration mode.

  • In this step, reference the empty traffic class map that you created in Step 3.
 
Step 7 accounting aaa list AAA-method-list


Example:

Router(config-service-policymap-class-traffic)# accounting aaa list list1

 

Enables accounting and specifies the AAA method list to which accounting updates will be sent.

 
Step 8 exit


Example:

Router(config-service-policymap-class-traffic)# exit

 

Returns to service policy-map configuration mode.

 

What to Do Next

You may want to configure a method of activating the service policy map or service profile; for example, control policies can be used to activate services. For more information about methods of service activation, see the module "Configuring ISG Subscriber Services".

Troubleshooting Tips

The following commands can be used to troubleshoot ISG accounting:

  • debug aaa accounting
  • debug radius [brief]
  • debug subscriber feature name accounting {event | error | detail}

Configuring ISG Postpaid Tariff Switching

ISG postpaid tariff switching can be configured in the service profile on a AAA server.

If you include a traffic class in the service profile, postpaid tariff switching will apply to the specified flow. If you do not configure a traffic class, postpaid tariff switching will apply to the session. Perform this task to configure per-session or per-flow postpaid tariff switching.

Before You Begin

ISG per-session or per-flow accounting must be configured in order for postpaid tariff switching to work.


SUMMARY STEPS

1.    Cisco-AVpair = “PPWhh:mm:ss:d”

2.    Cisco-AVpair = "ip:traffic-class={in | out} access-group [acl-number | name acl-name ] [priority n ]"


DETAILED STEPS
Step 1   Cisco-AVpair = “PPWhh:mm:ss:d”

Add the Post Paid VSA to the service profile. This attribute specifies the weekly tariff-switch points for postpaid tariff switching. The syntax description follows:

hh :mm:ss:d--Weekly tariff-switch time.

  • hh = hour of day <0-23>
  • mm = minutes <0-59>
  • ss = seconds <0-59>
  • d = bitmap format for the days of week. Each weekday is represented by one bit, as follows:

00000001 = Monday

00000010 = Tuesday

00000100 = Wednesday

00001000 = Thursday

00010000 = Friday

00100000 = Saturday

01000000 = Sunday

Step 2   Cisco-AVpair = "ip:traffic-class={in | out} access-group [acl-number | name acl-name ] [priority n ]"

Add the ISG Traffic Class attribute to the service profile. This attribute specifies input and output traffic to which the service will apply. Both an input and output traffic classifier can be added to a service profile.

What to Do Next

You may want to configure a method of activating the service policy map or service profile; for example, control policies can be used to activate services. For more information about methods of service activation, see the module "Configuring ISG Subscriber Services".

Verifying ISG Accounting and Postpaid Tariff Switching

Perform the following tasks to verify ISG accounting and postpaid tariff switching configuration:

Display Information About a Subscriber Session

Use the show subscriber session command to display information about an ISG subscriber session.

SUMMARY STEPS

1.    enable

2.    show subscriber session [detailed] [identifier identifier | uid session-id| username name]


DETAILED STEPS
 Command or ActionPurpose
Step 1 enable


Example:

Router> enable

 

Enables privileged EXEC mode.

  • Enter your password if prompted.
 
Step 2 show subscriber session [detailed] [identifier identifier | uid session-id| username name]


Example:

Router# show subscriber session

 

Displays ISG subscriber session information.

 

Examples

This section contains examples of output for the show subscriber session command.

show subscriber session Output When ISG Accounting Is Applied to a Flow

In the following example, ISG accounting is configured in a service profile that specifies a traffic class, which means that accounting will be performed on the flow and not the parent session. In this example, 157 is the unique ID of the traffic class.

Router# show subscriber session uid 157 detailed
Subscriber session handle: E5000092, state: connected, service: Ltm Internal
Unique Session ID: 157
Identifier:
SIP subscriber access type(s): Traffic-Class
Root SIP Handle: 2B000011, PID: 76
Current SIP options: Req Fwding/Req Fwded
Session Up-time: 3 minutes, 45 seconds, Last Changed: 3 minutes, 45 seconds
AAA unique ID: 0
Switch handle: F300015F
Session inbound features:
Feature: Service accounting
 Service: video1
 Method List: remote-local
 Outbound direction:

Packets = 84, Bytes = 33600

Feature: Policing
 Upstream Params:
Average rate = 8000, Normal burst = 1500, Excess burst = 3000
Config level = Service
Session outbound features:
Feature: Service accounting
 Service: video1
 Method List: remote-local
 Outbound direction:
        Packets = 84, Bytes = 33600
Feature: Policing
 Dnstream Params:
Average rate = 64000, Normal burst = 12000, Excess burst = 24000
Config level = Service
Configuration sources associated with this session:

Service: video1, Active Time = 3 minutes, 46 seconds

show subscriber session Output When ISG Accounting Is Applied to a Session

The following example shows sample output for the show subscriber session command for a session rather than a flow.

Router# show subscriber session uid 730 detailed
Subscriber session handle: 3800009A, state: connected, service: Local Term
Unique Session ID: 730
Identifier: igq2acct
SIP subscriber access type(s): IP-Interface/Account-Logon-CH
Root SIP Handle: A600000E, PID: 75
Child SIP Handle: F9000018, PID: 73
Current SIP options: Req Fwding/Req Fwded
Session Up-time: 3 minutes, 57 seconds, Last Changed: 2 minutes, 59 seconds
AAA unique ID: 81
Switch handle: 890003A0
Interface: ATM6/0.1
Policy information:
  Authentication status: authen
  Config downloaded for session policy:
  From Access-Type: Account-Logon-CH, Client: SM, Event: Got More Keys
    Profile name: apply-config-only, 2 references
      ssg-account-info     "SAfoo"
  Rules, actions and conditions executed:
    subscriber rule-map rule1
      condition always event any-event
        action 1 authenticate
Session inbound features:
Feature: Session accounting
 Method List: foo
 Outbound direction:
        Packets = 10, Bytes = 1000
Session outbound features:
Feature: Session accounting
 Method List: foo
 Outbound direction:
        Packets = 10, Bytes = 1000
Configuration sources associated with this session:

Interface: ATM6/0.1, Active Time = 3 minutes, 58 seconds

Display AAA Subscriber Sessions

Use the show aaa sessions command to display information about AAA subscriber sessions.

SUMMARY STEPS

1.    enable

2.    show aaa sessions


DETAILED STEPS
 Command or ActionPurpose
Step 1 enable


Example:

Router> enable

 

Enables privileged EXEC mode.

  • Enter your password if prompted.
 
Step 2 show aaa sessions


Example:

Router# show aaa sessions

 

Displays AAA subscriber session information.

 

Examples

This example shows sample output for the show aaa sessions command:

Router# show aaa sessions
Total sessions since last reload: 141
Session Id: 167
   Unique Id: 151
   User Name: *not available*
   IP Address: 192.168.0.1
   Idle Time: 0
   CT Call Handle: 0

Display AAA Information for Subscribers

Use the show aaa user command to display information about AAA subscribers.

SUMMARY STEPS

1.    enable

2.    show aaa user {all| unique id}


DETAILED STEPS
 Command or ActionPurpose
Step 1 enable


Example:

Router> enable

 

Enables privileged EXEC mode.

  • Enter your password if prompted.
 
Step 2 show aaa user {all| unique id}


Example:

Router# show aaa users all

 

Displays AAA subscriber information for all users or a specified user.

  • Valid values for the user ID keyword are 1- 4294967295.
 

Examples

This section contains examples of output for the show aaa user command:

Output for a Specific User
Unique id 151 is currently in use.
Accounting:
  log=0x20C201
  Events recorded :
    CALL START
    NET UP
    IPCP_PASS
    INTERIM START
    VPDN NET UP
  update method(s) :
    PERIODIC
  update interval = 60
Outstanding Stop Records : 0

Dynamic attribute list:

1A1CABE8 0 00000001 connect-progress(68) 4 Call Up
    1A1CABF8 0 00000001 pre-session-time(294) 4 0(0)
    1A1CAC08 0 00000001 nas-tx-speed(421) 4 423630024(194014C8)
    1A1CAC18 0 00000001 nas-rx-speed(71) 4 139317740(84DD1EC)
    1A1CAC28 0 00000001 elapsed_time(364) 4 46122(B42A)
    1A1CAC50 0 00000001 bytes_in(135) 4 11434660(AE7AA4)
    1A1CAC60 0 00000001 bytes_out(274) 4 0(0)
    1A1CAC70 0 00000001 pre-bytes-in(290) 4 0(0)
    1A1CAC80 0 00000001 pre-bytes-out(291) 4 0(0)
    1A1CAC90 0 00000001 paks_in(136) 4 92215(16837)
    1A1CADF0 0 00000001 paks_out(275) 4 0(0)
    1A1CAE00 0 00000001 pre-paks-in(292) 4 0(0)
    1A1CAE10 0 00000001 pre-paks-out(293) 4 0(0)
  No data for type EXEC
  No data for type CONN
  NET: Username=(n/a)
    Session Id=000000A7 Unique Id=00000097
    Start Sent=1 Stop Only=N
    stop_has_been_sent=N
    Method List=189F046C : Name = CAR_mlist
    Attribute list:
      1A1CADF0 0 00000001 session-id(361) 4 167(A7)
1A1CAE00 0 00000001 protocol(297) 4 ip
      1A1CAE10 0 00000001 addr(8) 4 192.168.0.1
      1A1CAE20 0 00000001 Framed-Protocol(101) 4 PPP
      1A1CAE30 0 00000009 clid-mac-addr(37) 6 00 00 04 00 00 2A 
--------  
  No data for type CMD
  No data for type SYSTEM
  No data for type RM CALL
  No data for type RM VPDN
  No data for type AUTH PROXY
  No data for type 8
  No data for type CALL
  No data for type VPDN-TUNNEL
  No data for type VPDN-TUNNEL-LINK
  No data for type 12
  No data for type IPSEC-TUNNEL
  No data for type RESOURCE
  No data for type 15
Debg: No data available
Radi: No data available
Interface:
  TTY Num = -1
  Stop Received = 0
  Byte/Packet Counts till Call Start:
Start Bytes In = 0             Start Bytes Out = 0         
    Start Paks  In = 0             Start Paks  Out = 0         
  Byte/Packet Counts till Service Up:
    Pre Bytes In = 0             Pre Bytes Out = 0         
    Pre Paks  In = 0             Pre Paks  Out = 0         
  Cumulative Byte/Packet Counts :
    Bytes In = 11434660      Bytes Out = 0         
    Paks  In = 92215         Paks  Out = 0         
  StartTime = 12:02:40 IST Oct 16 2007
  AuthenTime = 12:02:40 IST Oct 16 2007
  Component = IEDGE_ACCOUNTING
Authen: service=NONE type=NONE method=RADIUS
Kerb: No data available
Meth: No data available
Preauth: No Preauth data.
General:  
  Unique Id = 00000097
  Session Id = 000000A7
  Attribute List:
    1A1CADF0 0 00000001 port-type(198) 4 PPPoE over VLAN
    1A1CAE00 0 00000009 interface(194) 7 4/0/0/2
PerU: No data available
Output for All Users
Router# show aaa user all   
--------------------------------------------------
Unique id 151 is currently in use.
Accounting:
  log=0x20C201
  Events recorded :
    CALL START
    NET UP
    IPCP_PASS
    INTERIM START
    VPDN NET UP
  update method(s) :
    PERIODIC
  update interval = 60
Outstanding Stop Records : 0
  Dynamic attribute list:
    1A1CABE8 0 00000001 connect-progress(68) 4 Call Up
    1A1CABF8 0 00000001 pre-session-time(294) 4 0(0)
    1A1CAC08 0 00000001 nas-tx-speed(421) 4 423630024(194014C8)
    1A1CAC18 0 00000001 nas-rx-speed(71) 4 139317740(84DD1EC)
    1A1CAC28 0 00000001 elapsed_time(364) 4 46122(B42A)
    1A1CAC50 0 00000001 bytes_in(135) 4 11434660(AE7AA4)
    1A1CAC60 0 00000001 bytes_out(274) 4 0(0)
    1A1CAC70 0 00000001 pre-bytes-in(290) 4 0(0)
    1A1CAC80 0 00000001 pre-bytes-out(291) 4 0(0)
    1A1CAC90 0 00000001 paks_in(136) 4 92215(16837)
    1A1CADF0 0 00000001 paks_out(275) 4 0(0)
    1A1CAE00 0 00000001 pre-paks-in(292) 4 0(0)
    1A1CAE10 0 00000001 pre-paks-out(293) 4 0(0)
  No data for type EXEC
  No data for type CONN
  NET: Username=(n/a)
    Session Id=000000A7 Unique Id=00000097
    Start Sent=1 Stop Only=N
    stop_has_been_sent=N
    Method List=189F046C : Name = CAR_mlist
    Attribute list:
      1A1CADF0 0 00000001 session-id(361) 4 167(A7)
1A1CAE00 0 00000001 protocol(297) 4 ip
      1A1CAE10 0 00000001 addr(8) 4 192.168.0.1
      1A1CAE20 0 00000001 Framed-Protocol(101) 4 PPP
      1A1CAE30 0 00000009 clid-mac-addr(37) 6 00 00 04 00 00 2A 
--------  
  No data for type CMD
  No data for type SYSTEM
  No data for type RM CALL
  No data for type RM VPDN
  No data for type AUTH PROXY
  No data for type 8
  No data for type CALL
  No data for type VPDN-TUNNEL
  No data for type VPDN-TUNNEL-LINK
  No data for type 12
  No data for type IPSEC-TUNNEL
  No data for type RESOURCE
  No data for type 15
Debg: No data available
Radi: No data available
Interface:
  TTY Num = -1
  Stop Received = 0
  Byte/Packet Counts till Call Start:
Start Bytes In = 0             Start Bytes Out = 0         
    Start Paks  In = 0             Start Paks  Out = 0         
  Byte/Packet Counts till Service Up:
    Pre Bytes In = 0             Pre Bytes Out = 0         
    Pre Paks  In = 0             Pre Paks  Out = 0         
  Cumulative Byte/Packet Counts :
    Bytes In = 11434660      Bytes Out = 0         
    Paks  In = 92215         Paks  Out = 0         
  StartTime = 12:02:40 IST Oct 16 2007
  AuthenTime = 12:02:40 IST Oct 16 2007
  Component = IEDGE_ACCOUNTING
Authen: service=NONE type=NONE method=RADIUS
Kerb: No data available
Meth: No data available
Preauth: No Preauth data.
General:  
  Unique Id = 00000097
  Session Id = 000000A7
  Attribute List:
    1A1CADF0 0 00000001 port-type(198) 4 PPPoE over VLAN
    1A1CAE00 0 00000009 interface(194) 7 4/0/0/2
PerU: No data available

Display Information About ISG Postpaid Tariff Switching

Use the show sss sessioncommand to display information about ISG postpaid tariff switching.

SUMMARY STEPS

1.    enable

2.    show sss session [all]


DETAILED STEPS
 Command or ActionPurpose
Step 1 enable


Example:

Router> enable

 

Enables privileged EXEC mode.

  • Enter your password if prompted.
 
Step 2 show sss session [all]


Example:

Router# show sss session

 

Displays Subscriber Service Switch session status.

 

Configuration Examples for ISG Accounting

Per-Flow Accounting Examples

Per-Flow Accounting Configured in a Local Service Policy Map

The following example shows per-flow accounting configured in a service policy map for a service called “video1”:

class-map type traffic match-any video1
 match access-group output 101
 match access-group input 100
policy-map type service video1
 class type traffic video1

accounting aaa list mlist1

Per-Flow Accounting Configured in a Service Profile on the AAA Server

The following example shows per-flow accounting configured in a remote service profile for a service called “video1”:

video1        Password = "cisco"
   Cisco-AVpair = "traffic-class=input access-group 101 priority 20",
   Cisco-AVpair = "traffic-class=output access-group 112 priority 20",
   Cisco-Avpair = "accounting-list=remote-local",
   Service-Info = "QU;8000",

Service-Info = "QD;64000"

Per-Service Accounting Example

The following configuration example allows multiple services in a single Access-Accept message and enables session accounting for the services. The example also enables RADIUS to authorize the subscriber to access the services. 

subscriber service multiple-accept
subscriber service session-accounting
subscriber authorization enable

vpdn enable

Per-Service Accounting on ISG Example

The following example shows how to configure per-service accounting in a service policy map on the ISG device:

class-map type traffic match-any classmap1
policy-map type service polmap1
class type traffic classmap1
accounting aaa list mlist1

ISG Postpaid Tariff Switching Examples

The following example shows the configuration of a postpaid tariff switch each day of the week at midnight: 

Cisco-AVpair = "PPW00:00:00:127"

The following example shows the configuration of a postpaid tariff switch Monday through Friday at 8:00 p.m.: 

Cisco-AVpair = "PPW20:00:00:31"

The following example shows the configuration of a postpaid tariff switch Monday through Friday at 6:00 a.m.: 

Cisco-AVpair = "PPW06:00:00:31"

Additional References

Related Documents

Related Topic

Document Title

Cisco IOS commands

Cisco IOS Master Commands List, All Releases

ISG commands

Cisco IOS Intelligent Services Gateway Command Reference

AAA configuration tasks

"Authentication, Authorization, and Accounting (AAA)” section in the Cisco IOS XE Security Configuration Guide

AAA commands

"Authentication, Authorization, and Accounting (AAA)" section in the Cisco IOS XE Security Command Reference

Configuring ISG Subscriber Services

"Configuring ISG Subscriber Services" section in the Cisco IOS XE Intelligent Services Gateway Configuration Guide

Standards

Standard

Title

None

--

MIBs

MIB

MIBs Link

No new or modified MIBs are supported by this feature, and support for existing MIBs has not been modified by this feature.

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs

RFCs

RFC

Title

None

--

Technical Assistance

Description

Link

The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.

To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.

Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.

http://www.cisco.com/cisco/web/support/index.html

Feature Information for ISG Accounting

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Table 1 Feature Information for ISG Accounting

Feature Name

Releases

Feature Configuration Information

ISG: Accounting: Per Session, Service, and Flow

Cisco IOS XE Release 2.2

ISG accounting provides the means to bill for account or service usage. ISG accounting uses the RADIUS protocol to facilitate interaction between ISG and an external RADIUS-based AAA or mediation server.

ISG: Accounting: Postpaid

Cisco IOS XE Release 2.2

ISG accounting provides the means to bill for account or service usage. ISG sends accounting start and stop records for sessions and services to an accounting server for postpaid billing. The accounting server interprets the records to generate bills.

ISG: Accounting: Tariff Switching

Cisco IOS XE Release 2.2

ISG accounting provides the means to bill for account or service usage. Where billing rates change at fixed times and sessions are active across the boundary at which the rates change, ISG will provide accounting data to the billing server indicating the boundary.

ISG: Accounting: Per-Service Accounting

Cisco IOS XE Release 2.4

ISG accounting provides the means to bill for account or service usage. ISG accounting uses the RADIUS protocol to facilitate interaction between ISG and an external RADIUS-based AAA or mediation server.

Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R)

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.