Table Of Contents
Prerequisites for SSG Service Profile Caching
Information About SSG Service Profile Caching
How SSG Service Profile Caching Works
Benefits of SSG Service Profile Caching
How to Configure SSG Service Profile Caching
Enabling SSG Service Profile Caching
Changing the SSG Service Profile Caching Refresh Interval
Refreshing the SSG Service Profile Cache Manually
Verifying SSG Service Profile Caching
How to Monitor and Maintain SSG Service Profile Caching
Configuration Examples for SSG Service Profile Caching
Enabling SSG Service Profile Caching: Example
Changing the SSG Service Profile Cache Refresh Interval: Example
Refreshing the SSG Service Profile Cache Manually: Example
Verifying SSG Service Profile Caching and Refresh: Example
SSG Service Profile Caching
The SSG Service Profile Caching feature enhances the authentication process for Service Selection Gateway services by allowing users to authenticate a service using the service profile cached in SSG.
When SSG Service Profile Caching is not enabled, an authentication, authorization, and accounting (AAA) transaction is required to download a service profile each time an SSG subscriber logs onto the service. The other SSG subscribers already logged onto the service also have their service parameters automatically refreshed as a result of this AAA transaction. In many cases, this automatic refresh causes unnecessary traffic in SSG and on the AAA server.
Release Modification12.2(15)B
This feature was introduced.
12.3(4)T
This feature was integrated into Cisco IOS Release 12.3(4)T
Feature History for the SSG Service Profile Caching Feature
Finding Support Information for Platforms and Cisco IOS Software Images
Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.
Contents
•Prerequisites for SSG Service Profile Caching
•Information About SSG Service Profile Caching
•Information About SSG Service Profile Caching
•How to Configure SSG Service Profile Caching
•Configuration Examples for SSG Service Profile Caching
Prerequisites for SSG Service Profile Caching
SSG must be configured. For a list of prerequisites for SSG, see the "Prerequisites" section of the Service Selection Gateway document.
Information About SSG Service Profile Caching
To configure SSG Service Profile Caching, you should understand the following concepts:
•How SSG Service Profile Caching Works
•Benefits of SSG Service Profile Caching
How SSG Service Profile Caching Works
The SSG Service Profile Caching feature creates a cache of service profiles in SSG. A service profile is downloaded from the AAA server and then stored in the SSG service profile cache as a Service-Info object. Subsequent SSG subscribers hoping to use that service are authorized by the SSG service profile cache, provided that the service profile remains in the cache.
To ensure that the service profiles in the SSG service profile cache are regularly updated, the SSG service profile cache automatically refreshes the service profiles by downloading the service profiles from the AAA server at user-configured intervals (the default is every 120 minutes). SSG service profile caches can also be refreshed at any time by user action. Service profiles that are not being used by any SSG subscriber are removed from the SSG service profile cache.
Benefits of SSG Service Profile Caching
Additional AAA Server Resources
SSG service profile caching significantly reduces the number of SSG transactions with the AAA server, thereby freeing the AAA server from processing these transactions and freeing AAA server resources for other purposes.
Additional Bandwidth for SSG and the AAA Server
Because the SSG Service Profile Caching feature eliminates traffic used for authorizing users for service logon from the AAA server, additional bandwidth for SSG and the AAA server is available.
How to Configure SSG Service Profile Caching
This section contains the following procedures:
•Enabling SSG Service Profile Caching
•Changing the SSG Service Profile Caching Refresh Interval
•Refreshing the SSG Service Profile Cache Manually
•Verifying SSG Service Profile Caching and Refresh: Example
Enabling SSG Service Profile Caching
SSG service profile caching is enabled by default. If SSG service profile caching has been disabled, it can be re-enabled using the commands described in this section.
SUMMARY STEPS
1. enable
2. configure terminal
3. use the ssg service-cache command
DETAILED STEPS
Changing the SSG Service Profile Caching Refresh Interval
An SSG service profile refreshes by getting the service profile in the SSG service profile cache from the AAA server. The SSG service profile cache has a default refresh interval of 120 minutes. Use the commands in this section to change the refresh interval.
SUMMARY STEPS
1. enable
2. configure terminal
3. ssg service-cache refresh-interval minutes
DETAILED STEPS
Refreshing the SSG Service Profile Cache Manually
An SSG service profile refreshes by getting the service profile from the AAA server. The SSG service profile cache can be refreshed manually at any time by entering the command in this section.
SUMMARY STEPS
1. enable
2. configure terminal
3. ssg service-cache refresh [service-name | all]
DETAILED STEPS
Verifying SSG Service Profile Caching
Use the commands in this section to verify the SSG Service Profile Caching feature.
SUMMARY STEPS
4. show ssg service service-name
5. show running-config
DETAILED STEPS
How to Monitor and Maintain SSG Service Profile Caching
The command in this section can be used to monitor information relevant to the SSG Service Profile Caching feature.
SUMMARY STEPS
1. use the show ssg service command
2. use the show ssg service service-name command
DETAILED STEPS
Configuration Examples for SSG Service Profile Caching
•Enabling SSG Service Profile Caching: Example
•Changing the SSG Service Profile Cache Refresh Interval: Example
•Refreshing the SSG Service Profile Cache Manually: Example
•Verifying SSG Service Profile Caching and Refresh: Example
Enabling SSG Service Profile Caching: Example
In the following example, the caching of SSG service profiles is enabled:
Router(config)#
ssg service-cache enableChanging the SSG Service Profile Cache Refresh Interval: Example
In the following example, the SSG service profile cache will refresh by getting all of the service profiles in the SSG service profile cache from the AAA server every 240 minutes:
Router(config)#
ssg service-cache refresh-interval 240Refreshing the SSG Service Profile Cache Manually: Example
Refreshing All SSG Service Profiles
In the following example, all of the service profiles in the SSG service profile cache will be retrieved from the AAA server and will replace the service profiles in the SSG service profile cache:
Router#
ssg service-cache refresh allRefreshing a Specific SSG Service Profile
In the following example, service profile service1 will be retrieved from the AAA server and will replace the current service1 profile in the SSG service profile cache:
Router#
ssg service-cache refresh service1Verifying SSG Service Profile Caching and Refresh: Example
The show ssg service command is used to verify SSG service profile caching and the time remaining until the next SSG service profile cache refresh. The "Service Refresh timeleft" output shows how much time remains until the next SSG service profile cache refresh. If this field is not displayed in the show ssg service output, SSG service profile caching is not enabled.
Router#
show ssg service passthru0------------------------ ServiceInfo Content -----------------------
Uplink IDB:Ethernet2/2 gw:0.0.0.0
Name:passthru0
Type:PASS-THROUGH
Mode:CONCURRENT
Service Session Timeout:0 seconds
Service Idle Timeout:0 seconds
Service refresh timeleft:57 minutes
<cut>Additional References
The following sections provide references related to the SSG Service Profile Caching feature.
Related Documents
Standards
Standards TitleNo new or modified standards are supported by this feature. Support for existing standards has not been modified by this feature.
—
MIBs
RFCs
RFCs TitleNo new or modified RFCs are supported by this feature. Support for existing RFCs has not been modified by this feature.
—
Technical Assistance
Command Reference
This section documents new commands. All other commands used with this feature are documented in the Cisco IOS Release 12.3 T command reference publications.
ssg service-cache
To enable the SSG Service Profile Caching feature, or to change the refresh interval for services in the service profile cache, use the ssg service-cache command in global configuration mode. To disable Service Selection Gateway (SSG) service profile caching, use the no form of this command.
ssg service-cache [refresh-interval minutes]
no ssg service-cache [refresh-interval minutes]
Syntax Description
Defaults
SSG service profile caching is enabled by default.
The default refresh interval for the SSG service profile cache is every 120 minutes.
Command Modes
Global configuration
Command History
Release Modification12.2(15)B
This command was introduced.
12.3(4)T
This command was integrated into Cisco IOS Release 12.3(4)T.
Usage Guidelines
The ssg service-cache command is used to enable SSG service profile caching. A refresh interval does not have to be specified (the default of 120 minutes will be used if no refresh interval is configured).
This command enhances the authentication process for SSG service logon by allowing users to authorize to a service using a service profile cached in SSG instead of downloading the service profile from the AAA server.
When this command is entered, all of the service profiles currently in use in SSG are immediately cached.
Examples
In the following example, SSG service profile caching is enabled:
Router(config)#
ssg service-cache enableIn the following example, the service profiles in the SSG service profile cache will be updated from the AAA server every 240 minutes:
Router#
configure terminal
Router(config)#
ssg service-cache refresh-interval 240Related Commands
ssg service-cache refresh
To trigger an update the Service Selection Gateway service profile cache with the service profiles available on the AAA server, use the ssg service-cache refresh command in privileged EXEC mode.
ssg service-cache refresh [service-name | all]
no ssg service-cache refresh [service-name | all]
Syntax Description
Defaults
The SSG service profile cache, if enabled, is refreshed at intervals based on the ssg service-cache refresh-interval configuration. If an ssg service-cache refresh-interval is not specified, the default refresh rate is every 120 minutes.
Command Modes
Privileged EXEC
Command History
Release Modification12.2(15)B
This command was introduced.
12.3(4)T
This command was integrated into Cisco IOS Release 12.3(4)T.
Usage Guidelines
This command is used to refresh the profiles in the SSG service profile cache manually from the AAA server. The service profiles in the SSG service profile cache are automatically refreshed with the profiles from the AAA server at user-configurable intervals using the ssg service-cache refresh-interval command. The user can trigger a refresh at any time by issuing this command.
If an SSG service cache refresh fails for any reason (for instance, the AAA server is unreachable or down), the service profile caching for that service is disabled. Once a user is able to download the service successfully, caching for the service begins again.
Examples
In the following example, all of the service profiles in the SSG service profile cache will be retrieved from the AAA server and will replace the service profiles in the SSG service profile cache:
Router#
ssg service-cache refresh allIn the following example, service profile service1 will be retrieved from the AAA server and will replace the current service1 profile in the SSG service profile cache:
Router#
ssg service-cache refresh service1Related Commands
Copyright © 2003 Cisco Systems, Inc. All rights reserved.