Cisco Cisco IOS Software Release 12.2(16)B
![Cisco](https://files.manualsbrain.com/attachments/7380d0050044647c30f5c24bbbf5d0c0b6d9bb84/common/fit/150/50/faa183d287233c52228cfea3dbc2a127fe780f60564fcb0955d9c3d1cd23/brand_logo.png)
98
Release Notes for Cisco 7000 Family for Cisco IOS Release 12.2 B
OL-1907-12
Important Notes
RADIUS Authentication for PPP Users
User authentication is attempted by SSG using RADIUS
protocol. To configure SSG to intercept user PPP
authentication requests, you must configure PPP
authentication. You do not need to specify RADIUS as the
authentication protocol.
protocol. To configure SSG to intercept user PPP
authentication requests, you must configure PPP
authentication. You do not need to specify RADIUS as the
authentication protocol.
Router(config)# aaa authentication ppp default
local
Router(config)# aaa authorization network default
group radius
In the preceding configuration, SSG still sends an
authentication request to the RADIUS server for a PPP
user, even though a local authentication is specified in the
CLI.
authentication request to the RADIUS server for a PPP
user, even though a local authentication is specified in the
CLI.
User authentication is done by Cisco IOS PPP leveraging AAA
RADIUS protocol for authenticating all PPP users. Using
12.2(2)B configuration, PPP will attempt to find the user
configuration on the router itself.
RADIUS protocol for authenticating all PPP users. Using
12.2(2)B configuration, PPP will attempt to find the user
configuration on the router itself.
You must issue the following command in global configuration
mode for authentication to be attempted:
mode for authentication to be attempted:
Router(config)# aaa authentication ppp default group
radius
Replaced command: debug http-redirect
The debug ssg http-redirect command is available.
The debug ssg http-redirect command is not available and has
been replaced by the debug ssg tcp-redirect options command to
debug issues related to redirection.
been replaced by the debug ssg tcp-redirect options command to
debug issues related to redirection.
Virtual Route-Forwarding (VRF) Support for GRE tunnels
SSG does not leverage Cisco IOS CEF and does not
create CEF tables.
create CEF tables.
SSG leverages Cisco IOS CEF for data forwarding. This
necessitates the use of CEF tables for data path switching. SSG
creates and maintains a CEF table on each service (uplink)
interface or subinterface. This is a VRF scalability issue, whereby
the number of CEF tables that SSG can create and support is
limited by VRF scalability on a given platform or NRP card. For
example, if GRE tunnels are configured on the service side, SSG
attempts to create a CEF table per GRE tunnel, which, due to
memory resource limitation on the router, may prevent SSG from
creating CEF tables.
necessitates the use of CEF tables for data path switching. SSG
creates and maintains a CEF table on each service (uplink)
interface or subinterface. This is a VRF scalability issue, whereby
the number of CEF tables that SSG can create and support is
limited by VRF scalability on a given platform or NRP card. For
example, if GRE tunnels are configured on the service side, SSG
attempts to create a CEF table per GRE tunnel, which, due to
memory resource limitation on the router, may prevent SSG from
creating CEF tables.
Table 24
Differences Between CIsco IOS Release 12.2(2)B and Cisco IOS Release 12.2(4)B (continued)
Cisco IOS Release 12.2(2)B
Cisco IOS Release 12.2(4)B