Purpose | ||
---|---|---|
Step 1 | ssg login transparent Router(config)# ssg login transparent | Enables SSG Transparent Autologon and enters transparent autologon configuration mode. |
Step 2 | authorization list list-name Example: Router(config-login-transparent)# authorization list list1 | (Optional) Specifies the server group to be used for authorization of SSG transparent autologon users. •If no server group is specified, SSG uses the default server group for authorization. The default server group is the list of RADIUS servers defined as 'radius-server host...'. •If a server group is specified, SSG sends a transparent authorization request to that server group. |
Step 3 | authorization pending maximum number Router(config-login-transparent)# authorization pending maximum 1200 | (Optional) Specifies the maximum number of SSG TAL access requests that can be pending. •When the number of access requests reaches the configured limit, any packets that would cause SSG to send a new RADIUS request are dropped at the CEF path, and SSG generates a syslog message. |
Step 4 | authorization rate-limit number Example: Router(config-login-transparent)# authorization rate-limit 100 | (Optional) Specifies the number of SSG new TAL authorization requests sent per second. •The rate must be based on the number of requests the AAA server can handle per second. •If the number of requests per second exceeds the configured limit, SSG logs a syslog message. The syslog message is logged only once for each time the rate limit value is reached. |
Step 5 | packet drop during-authorization Router(config-login-transparent)# packet drop during-authorization | (Optional) Specifies that packets received from the user during WA state (that is, during authrization) will be dropped. |
Step 6 | user suspect maximum number Example: Router(config-login-transparent)# user suspect maximum 1000 | (Optional) Specifies the maximum number of suspect users (SP) that can be added to the suspect user list. |
Step 7 | user suspect timeout minutes Router(config-login-transparent)# user suspect timeout 600 | (Optional) Specifies the maximum length of time a suspect user (SP) remains in the suspect user list. •The default timeout is 3600 seconds. |
Step 8 | user unidentified timeout minutes Example: Router(config-login-transparent)# user unidentified timeout 600 | (Optional) Specifies the maximum length of time a user remains in the no response (NR) state. •An unidentified user is marked NR if there is no response from the AAA server to an authorization request and the authorization request times out. •When the timeout value is reached, any new traffic received by SSG from the user triggers the transparent logon procedure. |
Step 9 | user unidentified traffic permit Router(config-login-transparent)# user unidentified traffic permit | (Optional) Specifies that packets received by an unidentified (NR) user are to be forwarded. |
Step 10 | exit Example: Router(config-login-transparent)# exit | (Optional) Returns to global configuration mode. |
Purpose | ||
---|---|---|
Step 1 | enable Router# enable | Enables privileged EXEC mode. •Enter your password if prompted. |
Step 2 | show ssg user transparent Example: Router# show ssg user transparent | Displays all users (pass-through, suspect, unidentified, or waiting for authorization) in a table of IP addresses and user types. |
Step 3 | clear ssg user transparent all Router# clear ssg user transparent all | Deletes all pass-through, suspect, unidentified, and authorizing users. |
Step 4 | show ssg user transparent authorizing [count] Example: Router# show ssg user transparent authorizing | Displays a list of users for whom authorization is in progress and are waiting for AAA response (WA users). |
Step 5 | show ssg user transparent passthrough [ipaddress | count] Router# show ssg user transparent passthrough | Displays a list of transparent (TP) users. |
Step 6 | clear ssg user transparent passthrough {all |ipaddress} Example: Router# clear ssg user transparent passthrough all | Deletes pass-through user entries. |
Step 7 | show ssg user transparent suspect [count] Router# show ssg user transparent suspect count | Displays a list of all suspect (SP) user IP addresses. |
Step 8 | clear ssg user transparent suspect {all |ipaddress} Example: Router# clear ssg user transparent suspect all | Deletes suspect (SP) user entries. |
Step 9 | show ssg user transparent unidentified [count] Router# show ssg user transparent unidentified | Displays a list of all users for whom there is no response from AAA to the authorization request (NR users). |
Step 10 | clear ssg user transparent unidentified {all |ipaddress} Example: Router# clear ssg user transparent unidentified all | Deletes users for whom there is no response from AAA to the authorization request (NR users). |
Purpose | ||
---|---|---|
Step 1 | debug ssg transparent login {errors|events}[ipaddress] Router# debug ssg transparent login | Displays transparent logon control events or errors. |
Document Title | |
---|---|
SSG commands | Cisco IOS Service Selection Gateway Command Reference, Release 12.4 |
SESM | Cisco Subscriber Edge Services Manager documentation. |
RADIUS commands | Cisco IOS Security Command Reference, Release 12.4 |
RADIUS configuration tasks | 'Configuring RADIUS' chapter in the Cisco IOS Security Configuration Guide, Release 12.4 |
Link |
---|
Technical Assistance Center (TAC) home page, containing 30,000 pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log on from this page to access even more content. |
Releases | ||
---|---|---|
SSG Transparent Autologon | 12.3(1a)BW 12.3(3)B 12.3(7)T 12.4 | The SSG Transparent Autologon feature enables Service Selection Gateway (SSG) to authenticate and authorize a user on the basis of the source IP address of packets received from the user. The following sections provide information about this feature: •Overview of SSG Transparent Autologon •SSG Transparent Autologon User-to-Service Packet Flow •States of SSG Transparent Autologon Users •Switching Between TP and Host User States •Benefits of SSG Transparent Autologon •Configuring SSG Transparent Autologon •Configuring the AAA Subscriber Profile for SSG Transparent Autologon Subscribers •Monitoring and Maintaining SSG Transparent Autologon •Troubleshooting SSG Transparent Autologon The following commands were introduced by this feature: clear ssg user transparent, show ssg user transparent, ssg login transparent, . |
Document Title | |
---|---|
Configuring SESM | Cisco Subscriber Edge Services Manager documentation. |
RADIUS commands | Cisco IOS Security Command Reference, Release 12.4 |
RADIUS configuration tasks | 'Configuring RADIUS' chapter in the Cisco IOS Security Configuration Guide, Release 12.4 |
Configuring L2TP | Cisco IOS Dial Technologies Configuration Guide, Release 12.4 Cisco IOS Dial Technologies Command Reference, Release 12.4 |
Link |
---|
Technical Assistance Center (TAC) home page, containing 30,000 pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log on from this page to access even more content. |