1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Network Router
  5. OL-4387-02
  6. Configuration manual

Configuration Of Aaa Server Group Support For Proxy Services; Configuration Example For Aaa Server Group Support For Proxy Services; Packet Filtering - Cisco OL-4387-02 Configuration Manual

Router service selection gateway configuration guide
Hide thumbs
Table of Contents

Advertisement

Chapter 11
Miscellaneous SSG Features

Configuration of AAA Server Group Support for Proxy Services

To configure AAA Server Group Support for Proxy Services, use the RADIUS Server attribute. This
Service-Info vendor-specific attribute (VSA) is used to specify the remote RADIUS servers that SSG
uses to authenticate and authorize a service login for a proxy service type.
The RADIUS Server attribute has the following syntax:
Service-Info =
" SRadius-server-address ; auth-port ; acct-port ; secret-ke y[; retrans ; timeout ; deadtim e]"
For more information, refer to the

Configuration Example for AAA Server Group Support for Proxy Services

The following example shows how to configure the RADIUS Server attribute to specify the remote
RADIUS servers SSG uses for authentication and authorization of service login for a proxy service type:
Service-Info = "S192.168.1.1;1645;1646;cisco"

Packet Filtering

The Cisco 10000 series router supports per-user access control lists (ACLs) to prevent users from
accessing specific IP addresses and ports. When an ACL attribute is added to a user profile, the attribute
applies globally to all the user's traffic.
User profiles define the services and service groups to which a user is subscribed. RADIUS user profiles
contain a password, a list of subscribed services and groups, access control lists, and timeouts. User
profiles are configured on the RADIUS server or directly on the Cisco 10000 series router. The RADIUS
server or SESM downloads the user profiles to the router. For more information about RADIUS user
profiles and the attributes included in them, refer to the
feature
SSG accepts Cisco IOS ACLs and SSG ACLs. SSG ACLs take precedence over Cisco IOS ACLs when
both Cisco IOS and SSG ACLs are configured on the same SSG interface. The following Cisco-AV pair
attributes are used to specify either a Cisco IOS standard ACL or an extended ACL to be applied to either
downstream or upstream traffic:
OL-4387-02
module.
Downstream Access Control List—outacl, page 11-4
Upstream Access Control List—inacl, page 11-4
Service Selection Gateway, Release 12.2(15)B feature
Service Selection Gateway, Release 12.2(15)B
Cisco 10000 Series Router Service Selection Gateway Configuration Guide
Packet Filtering
module.
11-3

Advertisement

Table of Contents
loading

Related Manuals for Cisco OL-4387-02

Related Content for Cisco OL-4387-02

This manual is also suitable for:

10000 series

Table of Contents