[c-nsp] SSG - Session Termination

Raymond Ho raymond.wj at gmail.com
Mon Jun 5 12:37:26 EDT 2006 

Hi all,

Need some help / advise regarding some PPPoE Termination Session on the SSG, have been facing some issues with it.
Here's the scenario. Did anyone happen to face the same issue as well ?

Out of curiosity, what's the real life characteristic when "session time-out" is being applied onto the service profile ?
- User will be disconnected from that particular service ?
- Will the PPPoE session still maintain ?
- Will the Virtual-Access interface be up/down ? 

Please kindly advise if you happen to face the same issue. Thanks. =))))))

IOS: 12.3(11)T10) Enterprise SSG
Hardware: 7206VXR / NPE-G1 / PA-OC3

Issue
=====
1. User Session wasn't clear on the SSG when it was dued for idle timeout.
- Verified Radius Record, "STOP" packet was received and it was sent to the SSG.
- SSG did not terminate the session, Virtual-AccessXX Interface was still alive.
- User was unable to login from then on.
- If tcp-redirect access-list wasn't put in place, that particular user will be thrown into the splash page of the SESM.
- In order to allow to user to re-login again, a "clear interface Virtual-AccessXX" was necessary, till then interface would be shown as 'down'.
- No "STOP" Packet received at the Radius when "clear interface Virtual-AccessXX" was issued.
- Accounting start record was normal.


CPE -> DSLAM -> Router A/SSG <-> SESM & Radius

###  Below is the output on the SSG when a user is due for time-out ###  
show ssg tcp-redirect mapping
TCP remapping Host:192.168.0.10 to server:172.16.20.10 on port:8010

show ssg host user
249: 192.168.0.10 (inactive) Host name: ip_engr at service5000 

show ip cef 192.168.0.10
192.168.0.10/32, version 82603, epoch 0, attached, connected, cached adjacency to Virtual-Access59
0 packets, 0 bytes
  Flow: AS 0, mask 32
  tag information set
    local tag: 69
  via Virtual-Access59, 0 dependencies
    valid cached adjacency
    tag rewrite with Vi59, point2point, tags imposed: {}

show ip interface brief 
Virtual-Access59           10.20.30.40   YES TFTP   up                    up


-- 
Regards,
Raymond Ho
----------
PGP Key ID 478C4F42

"Winning isn't important but playing to win is the vital blood of champions..."

More information about the cisco-nsp mailing list