Feedback
Table Of Contents
Related Features and Technologies
Supported Standards, MIBs, and RFCs
Monitoring and Maintaining SSG Autologoff
SSG Autologoff Using ICMP Ping
SSG Autologoff
Feature History
This document describes the SSG Autologoff feature in Cisco IOS Release 12.2(4)B. It includes the following sections:
•
Supported Standards, MIBs, and RFCs
•
Feature Overview
The SSG Autologoff feature enables the Cisco Service Selection Gateway (SSG) to verify connectivity with each host at configured intervals. If SSG detects that the host is not reachable from SSG, then it automatically initiates the logoff for that host.
SSG
SSG is a switching solution for service providers who offer intranet, extranet, and Internet connections to subscribers using broadband access technology such as digital subscriber lines, cable modems, or wireless to allow simultaneous access to network services.
SSG works in conjunction with the Cisco Service Selection Dashboard (SSD) or its successor product, the Cisco Subscriber Edge Services Manager (SESM). Together with the SESM or SSD, SSG provides subscriber authentication, service selection, and service connection capabilities to subscribers of Internet services. Subscribers interact with an SESM or SSD web application using a standard Internet browser.
SSG acts as a central control point for Layer 2 and Layer 3 services. These can include services available through ATM virtual circuits (VCs), virtual private dial-up networks (VPDNs), or normal routing methods.
SSG communicates with the authentication, authorization, and accounting (AAA) management network where RADIUS, Dynamic Host Configuration Protocol (DHCP), and Simple Network Management Protocol (SNMP) servers reside and with the Internet service provider (ISP) network, which may connect to the Internet, corporate networks, and value-added services.
A licensed version of SSG works with SESM or SSD to present to subscribers a menu of network services that can be selected from a single graphical user interface (GUI). This functionality improves flexibility and convenience for subscribers and enables service providers to bill subscribers for connect time and services used, rather than charging a flat rate.
For more information about SSG, refer to the Service Selection Gateway feature module in the "New SSG Features in Release 12.2(4)B" area of Cisco.com.
SSG Autologoff
When SSG automatic logoff (autologoff) is configured, the SSG checks the status of the connection with each host at configured intervals. If SSG finds that a host is not reachable, SSG automatically initiates the logoff of that host. SSG has two methods of checking the connectivity of hosts: ARP ping and ICMP ping.
ARP Ping
The ARP is an Internet protocol used to map IP addresses to MAC addresses in directly connected devices. A router that uses ARP will broadcast ARP requests for IP address information. When an IP address is successfully associated with a MAC address, the router stores the information in the ARP cache.
When SSG autologoff is configured to use ARP ping, SSG periodically checks the ARP cache tables. If a table entry for a host is found, SSG forces ARP to refresh the entry and checks the entry again after a configured interval. If a table entry is not found, SSG initiates autologoff for the host. However, if any data traffic to or from the host occurred during the interval, SSG does not ping the host because the reachability of the host during that interval was established by the data traffic.
Note
ARP request packets are smaller than ICMP ping packets, so it is recommended that you configure SSG autologoff to use ARP ping in scenarios where hosts are directly connected.
ICMP Ping
The ICMP is a network-layer Internet protocol that reports errors and provides other information relevant to IP packet processing. An ICMP ping is the echo message and echo-reply message used to check for connectivity between devices.
When SSG autologoff is configured to use the ICMP ping mechanism, SSG pings the host to check connectivity until an ICMP response (successful ping) is obtained or the allowable number of tries is used up. If all the tries are used up and the ping was unsuccessful, then SSG initiates logoff for that host. This pinging is done once every configured interval. As with ARP ping, if there was found to be any data traffic to or from the host was found during the interval, SSG will not ping the host because reachability was established by the data traffic.
ICMP ping will work in all types of deployment scenarios and supports overlapping IP users.
Benefits
The SSG Autologoff feature enables service providers that use SSG to offer subscribers per-minute billing plans for services. SSG autologoff also prevents subscribers from being charged for services that they are not able to access.
Restrictions
The following restrictions apply to the SSG Autologoff feature:
•
•
•
•
•
Related Features and Technologies
•
•
Related Documents
For more information about SSG, see the following document:
•
For information about other supported SSG features, see the following documents:
•
•
•
•
•
•
•
•
For information on configuring SSD and SESM, see the following documents:
•
•
•
Supported Platforms
•
•
•
Availability of Cisco IOS Software Images
Platform support for particular Cisco IOS software releases is dependent on the availability of the software images for those platforms. Software images for some platforms may be deferred, delayed, or changed without prior notice. For updated information about platform support and availability of software images for each Cisco IOS software release, refer to the online release notes or Cisco Feature Navigator.
Supported Standards, MIBs, and RFCs
Standards
No new standards are supported by this feature.
MIBs
No new MIBs are supported by this feature.
To obtain lists of supported MIBs by platform and Cisco IOS release, and to download MIB modules, go to the Cisco MIB website on Cisco.com at the following URL:
http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
RFCs
No new RFCs are supported by this feature.
Prerequisites
The tasks in this feature assume that you know how to configure SSG, ARP, and ICMP.
Configuration Tasks
See the following sections for configuration tasks for the SSG Autologoff feature. Each task in the list is identified as either required or optional.
•
•
Configuring SSG Autologoff
To configure SSG autologoff, use one of the following commands in global configuration mode:
Verifying SSG Autologoff
Use the show running-config command to verify the configuration of SSG autologoff.
Monitoring and Maintaining SSG Autologoff
To monitor SSG autologoff, use the following command in EXEC mode:
Router# debug ssg ctrl-events
Displays all event messages for control modules, including autologoff events.
Configuration Examples
This section provides the following configuration examples:
•
•
SSG Autologoff Using ARP Ping
The following example shows how to enable SSG autologoff. SSG will use ARP ping to detect connectivity to hosts.
ssg auto-logoff arp interval 60SSG Autologoff Using ICMP Ping
The following example shows how to enable SSG autologoff. SSG will use ICMP ping to detect connectivity to hosts.
ssg auto-logoff icmp interval 60 timeout 300 packets 3Command Reference
This section documents new commands. All other commands used with this feature are documented in the Service Selection Gateway feature module for Cisco IOS Release 12.2(4)B or the Cisco IOS Release12.2 command reference publications.
ssg auto-logoff arp
To configure Service Selection Gateway (SSG) to automatically log off hosts that have lost connectivity with SSG and to use the Address Resolution Protocol (ARP) ping mechanism to detect connectivity, use the ssg auto-logoff arp command in global configuration mode. To disable SSG autologoff, use the no form of this command.
ssg auto-logoff arp [interval seconds]
no auto-logoff arp
Syntax Description
Defaults
SSG autologoff is not enabled.
Default interval = 30 seconds.
Command Modes
Global configuration
Command History
Usage Guidelines
When the ssg auto-logoff arp command is configured, SSG will use the ARP ping mechanism to detect connectivity to hosts.
Note
ARP request packets are smaller than Internet Control Message Protocol (ICMP) ping packets, so it is recommended that you configure SSG autologoff to use ARP ping in scenarios in which hosts are directly connected.
ICMP ping can be used in all types of deployment scenarios. See the ssg auto-logoff icmp command reference page for more information about SSG autologoff using ICMP ping.
ARP ping will work only on hosts that have a MAC address. So, for example, ARP ping will not work for PPP users because they do not have a MAC table entry.
ARP ping does not support overlapping IP addresses.
SSG autologoff that uses the ARP ping mechanism will not work for hosts with static ARP entries.
You can use only one method of SSG autologoff at a time: ARP ping or ICMP ping. If you configure SSG to use ARP ping after ICMP ping has been configured, the ICMP ping function will become disabled.
Examples
The following example shows how to enable SSG autologoff. SSG will use ARP ping to detect connectivity to hosts.
Router(config)# ssg auto-logoff arp interval 60Related Commands
Configures the SSG to automatically log off hosts that have lost connectivity with SSG and to use the ICMP ping mechanism to detect connectivity.
ssg auto-logoff icmp
To configure Service Selection Gateway (SSG) to automatically log off hosts that have lost connectivity with SSG and to use the Internet Control Message Protocol (ICMP) ping mechanism to detect connectivity, use the ssg auto-logoff icmp command in global configuration mode. To disable SSG autologoff, use the no form of this command.
ssg auto-logoff icmp [timeout milliseconds] [packets number] [interval seconds]
no auto-logoff icmp
Syntax Description
Defaults
SSG autologoff is not enabled.
Default interval = 30 seconds.
Default timeout = 500 milliseconds.
Default packets = 2 packets.
Command Modes
Global configuration
Command History
Usage Guidelines
When the ssg auto-logoff icmp command is specified, SSG will use the ICMP ping mechanism to detect connectivity to hosts.
Note
ICMP ping supports overlapping IP addresses.
If a user is not reachable, a configured number of packets (p) will be sent, and each packet will be timed out (t). The user will be logged off in p*t milliseconds after the first pinging attempt. If p*t milliseconds is greater than the configured pinging interval, then the time taken to log off the host after connectivity is lost will be greater than the configured autologoff interval. If parameters are configured this way, the following warning will be issued: "Hosts will be auto-logged off (p*t) msecs after connectivity is lost." When the pinging interval is less than p*t, the timeout process for a host that has become unreachable will be invoked when the pinging to that host is still in place. However, because the timeout process will check the status of the host object and find that it is in a pinging state, the host will not be pinned again.
You can use only one method of SSG autologoff at a time: Address Resolution Protocol (ARP) ping or ICMP ping. If you configure SSG to use ARP ping after ICMP ping has been configured, the ICMP ping function will become disabled.
Default values will be applied if a value of zero is configured for any parameters.
The ssg auto-logoff arp command will configure SSG to use the ARP ping mechanism to detect connectivity to hosts. ARP ping should be used only in deployment scenarios in which all hosts are directly connected to the SSG through a broadcast interface such as an Ethernet interface or a bridged interface such as a routed bridge encapsulation or an integrated routing and bridging interface.
ARP request packets are smaller than ICMP ping packets, so it is recommended that you configure SSG autologoff to use ARP ping in scenarios in which hosts are directly connected. For more information about SSG autologoff that uses ARP ping, see the ssg auto-logoff arp command reference page.
Examples
The following example shows how to enable SSG autologoff. SSG will use ICMP ping to detect connectivity to hosts.
Router(config)# ssg auto-logoff icmp interval 60 timeout 300 packets 3Related Commands
Configures the SSG to automatically log off hosts that have lost connectivity with SSG and to use the ARP ping mechanism to detect connectivity.
Glossary
ARP—Address Resolution Protocol. Internet protocol used to map an IP address to a MAC address.
DHCP—Dynamic Host Configuration Protocol. Protocol that provides a mechanism for allocating IP addresses dynamically so that addresses can be reused when hosts no longer need them.
ICMP—Internet Control Message Protocol. Network-layer Internet protocol that reports errors and provides other information relevant to IP packet processing.
SESM—Subscriber Edge Services Manager. Successor product to the Cisco SSD. SESM is part of a Cisco solution that allows subscribers of digital subscriber lines (DSL), cable, wireless, and dial-up to simultaneously access multiple services.
SNMP—Simple Network Management Protocol. Network management protocol used almost exclusively in TCP/IP networks. SNMP provides a means of monitoring and controlling network devices and managing configurations, statistics collection, performance, and security.
SSD—Service Selection Dashboard. The SSD server is a customizable web-based application that works with the Cisco SSG to allow end customers to log in to and disconnect from proxy and pass-through services through a standard Web browser.
SSG—Service Selection Gateway.
VPDN—virtual private dial-up network. A VPDN is a network that extends remote access to a private network using a shared infrastructure.
