Isg session timers
This presentation is the property of its rightful owner.
Sponsored Links
1 / 9

ISG Session timers PowerPoint PPT Presentation


  • 82 Views
  • Uploaded on
  • Presentation posted in: General

ISG Session timers. S.Akshaya Kumar ( [email protected] ) Network Consulting Engineer WWSP WiFi. ISG. interface GigabitEthernet 0/0.1 encapsulation dot1Q 10 ip address ... service-policy type control IP_SESSION_RULE1 ip subscriber l2-connected initiator unclassified-mac. DHCP.

Download Presentation

ISG Session timers

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Isg session timers

ISG Session timers

S.Akshaya Kumar ([email protected])

Network Consulting Engineer WWSP WiFi


Isg session timers

ISG

interface GigabitEthernet 0/0.1

encapsulation dot1Q 10

ip address ...

service-policy type control IP_SESSION_RULE1

ip subscriber l2-connected

initiator unclassified-mac

DHCP

Portal

AAA

1

Client obtains IP address independent of the ISG

2

IP Packet

2

policy-map type control IP_SESSION_RULE1

2

ISG session creation

2

class type control always event session-start

10 service-policy type service name PBHK_SRV

20 authorize aaa list IP_AUTHOR_LIST password cisco123 identifier mac-addr

30 service-policy type service name OG_SRV

40 service-policy type service name L4R_SRV

50 set-timer AUTHEN_TMR 10

Session-start event posted

3

3

PBHK service applied (*)

4a

Access-Request username = mac

4a

5

Access-Reject

6

4b

OpenGarden and L4R services applied (*)

5

6

Authentication Timer started

(*) assumes that the definition of PBHK, L4R and OpenGarden are already available on the ISG


Isg session timers

ISG

aaa author subscriber-service default SERVER_GRP1

subscriber service password servicecisco

DHCP

Portal

AAA

http://www.cisco.com

7

L4Redirect to Portal

8

class type control always event account-logon

10 authenticate aaa list IP_AUTHEN_LIST

20 service-policy type service unapply

name L4R_SRV

30 service-policy type service unapply

name OG_SRV

!

class type control BASIC_HSI_SRV_CM event service-start

10 service-policy type service identifier service-name

HTTP Redirect. User self-registers

9

CoA Req. Account Logon username, password

10a

Account-Logon event posted

10b

Access-Request username, password

11a

11a

10b

Service-start event posted

Access-Accept

service: BASIC_HSI_SRV

11b

15

11c

Access-Request BASIC_HSI_SRV, srvpwd

12a

11c

Access-Accept BASIC_HSI_SRV definition

12b

12a

Service-Name: “BASIC_HSI_SRV”

Service-Password:“servicecisco”

Attr 28: idle-timeout = 600

AVPair: “subscriber:accounting-list= IP_ACCNT_LIST”

ServiceInfo: QU;256000;D;768000;

BASIC_HSI_SRV is applied

13

Accounting-Request (Start) and Response

12b

14

15

L4R and OpenGarden services are unapplied

CoA Ack. Account Logon

10c

http://www.cisco.com

16

Simplified call flow


1 manage walk by users unauth timer

1) Manage Walk-by users - Unauth-timer

set-timername-of-timerminutes

!

class-map type control match-all UNAUTH_TIMER_CM

match timer UNAUTH_TIMER

match authen-status unauthenticated

!

policy-map type control RULE

class type control UNAUTH_TIMER_CM event timed-policy-expiry

10 service disconnect

class type control always event session-start

70 set-timer UNAUTH_TIMER 10

!


Session termination

Web Logoff

Web

Portal

Web Logoff

RADIUS CoA

Account-Logoff

ISG

ICMP/ARP keepalive failure

ISG

Keepalive failure

ICMP Keepalives used for routed sessions

ARP keepalives used for l2-connected sessions

Session Termination

IP Sessions


2 idle timer

2) Idle timer

Sets the maximum number of consecutive seconds of idle connection allowed to the user before the session terminates.

This attribute value becomes the per-user "session-timeout.“

Configuration to implement either at Broadhop (or) with CLI -local in ISG


3 web logoff timer

3) Web Logoff timer

Upon a account-logoff event, disconnect after a 10 second delay. This should ensure that the client TCP sessions close before disconnection

policy-map type control RULE

class type control always event account-logoff

10 service disconnect delay 10

!


4 keepalive with idle timer

4) KeepAlive with idle timer

Configures the allowable idle period, maximum number of attempts to connect, the interval between attempts, and the communication protocol to be used.

  • The ranges and defaults are as follows:

  •  Idle period: range is 5 to10 seconds; default is 10 seconds.

  •  Attempts: range is 3 to 10; default is 5.

  •  Interval: default is 1 to 10 seconds.

  •  Protocol: for Layer 2 connections, the default is ARP; for routed connections, the default is ICMP.

  •  Broadcast option: by default this option is disabled.

    Configuration to implement either at Broadhop (or) with CLI -local in ISG


  • Login