Diameter Endpoint Configuration Mode Commands


Diameter Endpoint Configuration Mode Commands
 
 
Diameter Endpoint Configuration Mode is accessed from the Context Configuration Mode. The base Diameter protocol operation is configured in the Diameter Endpoint Configuration Mode.
 
Important: The commands or keywords/variables that are available are dependent on platform type, product version, and installed license(s).
 
cea-timeout
This command configures the Capabilities-Exchange-Answer (CEA) message timeout duration for Diameter sessions.
Product
All
Privilege
Security Administrator, Administrator
Syntax
cea-timeout timeout
default cea-timeout
default
Configures the default CEA timeout setting.
Default: 30 seconds
timeout
Specifies the timeout duration, in seconds, to make the system wait for this duration for CEA message.
timeout must be an integer from 1 through 120.
Usage
Use this command to configure the CEA timer, i.e., how long to wait for the Capabilities-Exchange-Answer message.
Example
The following command sets the Diameter CEA timeout to 16 seconds:
cea-timeout 16
 
connection retry-timeout
This command configures the Diameter Connection Retry Timeout parameter.
Product
All
Privilege
Security Administrator, Administrator
Syntax
connection retry-timeout timeout
default connection retry-timeout
default
Configures the default Connection Retry Timeout setting.
Default: 30 seconds
timeout
Specifies the connection retry timeout duration, in seconds, and must be an integer from 1 through 3600.
Usage
Use this command to configure the Diameter Connection Retry Timeout parameter.
Example
The following command sets the Diameter Connection Retry Timer to 120 seconds:
connection retry-timeout 120
 
connection timeout
This command configures the Diameter Connection Timeout parameter.
Product
All
Privilege
Security Administrator, Administrator
Syntax
connection timeout timeout
default connection timeout
default
Configures the default Diameter Connection Timeout setting.
Default: 30 seconds
connection timeout timeout
timeout specifies the connection timeout duration, in seconds, and must be an integer from 1 through 30.
Usage
Use this command to configure the Diameter Connection Timeout parameter.
Example
The following command sets Diameter connection timeout to 16 seconds:
connection timeout 16
 
device-watchdog-request
This command manages transport failure algorithm and configures the number of Device Watchdog Requests (DWRs) that will be sent before a connection is closed.
Product
All
Privilege
Security Administrator, Administrator
Syntax
device-watchdog-request max-retries retry_count
default device-watchdog-request max-retries
default
Configures the default setting.
Default: 1
retry_count
Specifies the maximum number of DWRs, and must be an integer from 1 through 10.
Usage
Use this command to configure the number of DWRs to be sent before closing the connection from a Diameter endpoint.
Example
The following command sets the DWRs to 3:
device-watchdog-request max-retries 3
 
dpa-timeout
This command configures the Disconnect-Peer-Answer (DPA) message timeout duration for Diameter session.
Product
All
Privilege
Security Administrator, Administrator
Syntax
dpa-timeout timeout
default dpa-timeout
default
Configures the default DPA message timeout setting.
Default: 30 seconds
timeout
Specifies the DPA message timeout duration, in seconds, and must be an integer from 1 through 60.
Usage
Use this command to set the timer for DPA message timeout during Diameter connection session. This makes the system wait for this duration for DPA message.
Example
The following command sets the Diameter DPA timeout to 16 seconds:
dpa-timeout 16
 
end
This command returns the CLI prompt to the Exec mode.
Product
All
Privilege
Security Administrator, Administrator
Syntax
end
Usage
Use this command to change to the Exec mode.
 
exit
This command exits the Diameter Endpoint Configuration mode and returns to the parent configuration mode.
Product
All
Privilege
Security Administrator, Administrator
Syntax
exit
Usage
Use this command to return to the parent configuration mode.
 
max-outstanding
This command specifies the maximum number of Diameter messages that any application can send to any one peer, awaiting responses.
Product
All
Privilege
Security Administrator, Administrator
Syntax
max-outstanding messages
{ default | no } max-outstanding
no
Disables the maximum outstanding messages configuration.
default
Configures the default setting.
Default: 256
messages
Specifies the maximum outstanding peer transmit window size setting, and must be an integer from 1 through 4096.
Usage
Use this command to set the unanswered Diameter messages that any application may send to any one peer, awaiting responses. An application will not send any more Diameter messages to that peer until it has disposed of at least one of those queued messages. It disposes a message by either receiving a valid response or by discarding the message due to no response.
Example
The following command sets the Diameter maximum outstanding messages setting to 1024:
max-outstanding 1024
 
origin address
 
This command has been deprecated. See the origin host and origin realm commands.
 
origin host
This command sets the origin host for the Diameter endpoint.
Product
All
Privilege
Security Administrator, Administrator
Syntax
origin host host_name address ip_address [ port port_number ] [ accept-incoming-connections ] [ address ip_address_secondary ]
no origin host host_name address ip_address [ port port_number ]
no
Removes the origin host configuration.
host_name
Specifies the host name to bind the Diameter endpoint.
host_name must be the local Diameter host name, and must be a string of 1 through 255 characters in length.
address ip_address
Specifies the IP address to bind the Diameter endpoint. This address must be one of the addresses of a chassis interface configured within the context in which Diameter is configured.
ip_address must either be an IPv4 address expressed in dotted decimal notation, or an IPv6 address expressed in colon notation.
port port_number
Specifies the port number for the Diameter endpoint (on inbound connections).
port_number must be an integer from 1 through 65535.
accept-incoming-connections
Specifies to accept inbound connection requests for the specified host.
address ip_address_secondary
Specifies the secondary bind address for the Diameter endpoint. This address must be one of the addresses of a chassis interface configured within the context in which Diameter is configured.
ip_address_secondary must either be an IPv4 address expressed in dotted decimal notation, or an IPv6 address expressed in colon notation.
Usage
Use this command to set the bind address for the Diameter endpoint.
Diameter agent on chassis listens to standard TCP port 3868 and also supports the acceptance of any incoming TCP connection from external server.
The command origin host host-name must be entered exactly once. Alternatively, the origin host host-name address ip_address [ port port_number ] command may be entered one or more times. The host names should be unique across all endpoints within the context. The address values or address/port combinations should be unique across all endpoints within the context.
Example
The following command sets the origin host name to test and the IP address to 1.1.1.1:
origin host test address 1.1.1.1
 
origin realm
This command configures the realm to use in conjunction with the origin host.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] origin realm realm_name
no
Removes the origin realm configuration.
realm_name
Specifies the realm to bind the Diameter endpoint. The realm is the Diameter identity. The originator’s realm must be present in all Diameter messages. The origin realm can typically be a company or service name.
realm_name must be an alpha and/or numeric string of 1 through 127 characters in length.
Usage
Use this command to set the realm for the Diameter endpoint.
Diameter agent on chassis listens to standard TCP port 3868 and also supports the acceptance of any incoming TCP connection from external server.
Example
The following command sets the origin realm to companyx:
origin realm companyx
 
peer
This command specifies a peer address for the Diameter endpoint.
Product
All
Privilege
Security Administrator, Administrator
Syntax
peer peer_name [ realm realm_name ] { address ip_address [ [ port port_number ] [ connect-on-application-access ] [ send-dpr-before-disconnect disconnect-cause disconnect_cause ] [ sctp ] ] + | fqdn fqdn [ [ port port_number ] [ send-dpr-before-disconnect disconnect-cause disconnect_cause ] ] }
no peer peer_name [ realm realm_name ]
no
Removes the specified peer configuration.
peer_name
Specifies the peer’s name.
peer_name must be an alpha and/or numeric string of 1 through 63 characters in length, and allows punctuation characters.
realm realm_name
Specifies the realm of this peer.
realm_name must be an alpha and/or numeric string of 1 through 127 characters in length. The realm name can be a company or service name.
address ip_address
Specifies the Diameter peer IP address. This address must be the IP address of the device the chassis is communicating with.
ip_address can either be an IPv4 address expressed in dotted decimal notation, or an IPv6 address expressed in colon notation.
fqdn fqdn
Specifies the Diameter peer fully qualified domain name (FQDN).
fqdn must be an alpha and/or numeric string of 1 through 127 characters in length.
port port_number
Specifies the port number for this Diameter peer.
port_number must be an integer from 1 through 65535.
connect-on-application-access
Specifies to activate peer on first application access.
send-dpr-before-disconnect
Specifies to send Disconnect-Peer-Request (DPR).
disconnect-cause
Specifies to send Disconnect-Peer-Request to the specified peer with the specified disconnect reason. The disconnect cause must be an integer from 0 through 2, for one of the following:
sctp
To use Stream Control Transmission Protocol (SCTP) for this peer.
+
Indicates that more than one of the previous keywords can be entered within a single command.
Usage
Use this command to add a peer to the Diameter endpoint.
Example
The following command adds the peer named test with IP address 1.1.1.1 using port 126:
peer test address 1.1.1.1 port 126
 
response-timeout
This command configures the Response Timeout parameter.
Product
All
Privilege
Security Administrator, Administrator
Syntax
response-timeout timeout
default response-timeout
default
Configures the default Response Timeout setting.
Default: 60 seconds
timeout
Specifies the response timeout duration, in seconds, and must be an integer from 1 through 300.
Usage
Use this command to configure the Response Timeout parameter.
Example
The following command sets the response timeout to 100 seconds:
response-timeout 100
 
route-entry
This command creates an entry in the route table for Diameter peer.
Product
All
Privilege
Security Administrator, Administrator
Syntax
route-entry { [ host host_name ] [ peer peer_id [ weight priority ] ] [ realm realm_name { application credit-control peer peer_id [ weight value ] | peer peer_id [ weight value ] } ] }
no route-entry { [ host host_name ] [ peer peer_id ] [ realm realm_name { application credit-control peer peer_id | peer peer_id } ] }
no
Disables the specified route-entry table configuration.
host host_name
Specifies the Diameter server’s host name.
host_name must be an alpha and/or numeric string of 1 through 63 characters in length.
realm realm_name
Specifies the realm name. The realm may typically be a company or service name.
realm_name must be an alpha and/or numeric string of 1 through 127 characters in length.
application credit-control
Specifies the credit control application, i.e. DCCA or RADIUS.
peer peer_id
Specifies the peer ID of Diameter endpoint route.
peer_id must be an alpha and/or numeric string of 1 through 63 characters in length.
weight priority
Default: 10
Specifies the priority for a peer in the route table.
The peer with the highest weight is used. If multiple peers have the highest weight, selection is by round-robin mechanism.
priority must be an integer from 0 through 255.
Usage
Use this command to create a route table for Diameter application.
When a Diameter client starts to establish a session with a realm/application, the system searches the route table for the best match. If an entry has no host specified, then the entry is considered to match the requested value. Similarly, if an entry has no realm or application specified, then the entry is considered to match any such requested value. The best match algorithm is to prefer specific matches for whatever was requested, i.e., either realm/application or host/realm/application. If there are no such matches, then system looks for route table entries that have wildcards.
Example
The following command creates a route entry with the host name dcca_host1 and peer ID dcca_peer with priority weight of 10:
route-entry host dcca_host1 peer dcca_peer weight 10
 
route-failure
This command controls how action after failure or recovery after failure is performed for the route table.
Product
GGSN, ECS
Privilege
Security Administrator, Administrator
Syntax
route-failure { deadtime seconds | recovery-threshold percent percentage | result-code result_code | threshold counter }
default route-failure { deadtime | recovery-threshold | threshold }
no route-failure result-code result_code
no
Disables the route-failure configuration.
default
Configures the default setting for the specified parameter.
deadtime seconds
Specifies the time duration, in seconds, for which system keeps the route FAILED status. When this time expires, the system changes the status to AVAILABLE.
seconds must be the deadtime duration, in seconds, and must be an integer from 1 through 86400.
Default: 60 seconds
recovery-threshold percent percentage
Specifies how to reset the failure counter when provisionally changing the status from FAILED to AVAILABLE.
For example, if a failure counter of 16 caused the status to change to FAILED. After the configured deadtime expires, the status changes to AVAILABLE. If this keyword is configured with 75 percent, the failure counter will be reset to 12, i.e., 75 percent of 16.
percentage must be the value in percentage of the counter which caused FAILED, and must be an integer from 1 through 99.
Default: 90 percent
result-code result_code
Configures which answer messages are to be treated as failures, in addition to requests that time out.
Up to 16 different result codes can be specified.
result_code must be an integer from 0 through 4,294,967,295.
Default: N/A
threshold counter
Configures the number of errors that causes the status to become FAILED.
counter must be an integer from 0 through 4,294,967,295.
The error counter begins at zero, and whenever there is a good response it decrements (but not below zero) or increments (but not above this threshold) whenever there is a good response.
Default: 16
Usage
Use this command to control how failure/recovery is performed for the route table. After a session is established, it is possible for the session to encounter errors or Diameter redirection messages that cause the Diameter protocol to re-use the route table to switch to a different route.
Each Diameter client within the chassis maintains counters relating to the status of each of its connections to different hosts (when the destination is realm/application without a specific host, the host name is kept as “”, i.e., blank).
Moreover, those counters are further divided according to which peer is used to reach each host. Each Diameter client maintains a status of each peer-to-host combination. Under normal good conditions the status will be AVAILABLE, while error conditions might cause the status to be FAILED.
Only combinations that are AVAILABLE will be used. If none are AVAILABLE, then system attempts the secondary peer if failover is configured and system can find an AVAILABLE combination there. If nothing is AVAILABLE, system uses a FAILED combination.
Example
The following command configures the time duration for route failure to 90 seconds:
route-failure deadtime 90
 
tls
This command enables/disables the Transport Layer Security (TLS) support between a Diameter client and Diameter server node.
Product
ECS
Privilege
Security Administrator, Administrator
Syntax
tls { certificate certificate | password password | privatekey private_key }
default tls
default
Configures the default setting.
Default: Disables the TLS support at Diameter endpoint.
certificate certificate
Specifies the certificate for TLS support.
certificate must be an encrypted certificate, and must be an alpha and/or numeric string of 700 through 900 characters in length.
password password
Specifies the password for TLS support.
password must be an encrypted password, and must be an alpha and/or numeric string of 6 through 50 characters in length.
privatekey private_key
Specifies the private key for TLS support.
private_key must be an encrypted key, and must be an alpha and/or numeric string of 900 through 1500 characters in length.
Usage
Use this command to configure TLS support between a Diameter client and Diameter server node. By default, TLS is disabled.
Important: Both the Diameter client and server must be configured with TLS enabled or TLS disabled; otherwise, the Diameter connection will be rejected.
Example
The following commands enable the TLS between a Diameter client and Diameter server node:
tls certificate "-----BEGIN CERTIFICATE-----\nMIICGDCCAYECAgEBMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNVBAYTAlVTMRMwEQYD\nVQQKEwpSVEZNLCBJbmMuMRkwFwYDVQQLExBXaWRnZXRzIERpdmlzaW9uMRgwFgYD\nVQQDEw9UZXN0IENBMjAwMTA1MTcwHhcNMDEwNTE3MTYxMDU5WhcNMDQwMzA2MTYx\nMDU5WjBRMQswCQYDVQQGEwJVUzETMBEGA1UEChMKUlRGTSwgSW5jLjEZMBcGA1UE\nCxMQV2lkZ2V0cyBEaXZpc2lvbjESMBAGA1UEAxMJbG9jYWxob3N0MIGfMA0GCSqG\nSIb3DQEBAQUAA4GNADCBiQKBgQCiWhMjNOPlPLNW4DJFBiL2fFEIkHuRor0pKw25\nJ0ZYHW93lHQ4yxA6afQr99ayRjMY0D26pH41f0qjDgO4OXskBsaYOFzapSZtQMbT\n97OCZ7aHtK8z0ZGNW/cslu+1oOLomgRxJomIFgW1RyUUkQP1n0hemtUdCLOLlO7Q\nCPqZLQIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAIumUwl1OoWuyN2xfoBHYAs+lRLY\nKmFLoI5+iMcGxWIsksmA+b0FLRAN43wmhPnums8eXgYbDCrKLv2xWcvKDP3mps7m\nAMivwtu/eFpYz6J8Mo1fsV4Ys08A/uPXkT23jyKo2hMu8mywkqXCXYF2e+7pEeBr\ndsbmkWK5NgoMl8eM\n-----END CERTIFICATE-----\n"
tls privatekey "-----BEGIN RSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\nDEK-Info: DES-EDE3-CBC,5772A2A7BE34B611\n\n1yJ+xAn4MudcIfXXy7ElYngJ9EohIh8yvcyVLmE4kVd0xeaL/Bqhvk25BjYCK5d9\nk1K8cjgnKEBjbC++0xtJxFSbUhwoKTLwn+sBoJDcFzMKkmJXXDbSTOaNr1sVwiAR\nSnB4lhUcHguYoV5zlRJn53ft7t1mjB6RwGH+d1Zx6t95OqM1lnKqwekwmotVAWHj\nncu3N8qhmoPMppmzEv0fOo2/pK2WohcJykSeN5zBrZCUxoO0NBNEZkFUcVjR+KsA\n1ZeI1mU60szqg+AoU/XtFcow8RtG1QZKQbbXzyfbwaG+6LqkHaWYKHQEI1546yWK\nus1HJ734uUkZoyyyazG6PiGCYV2u/aY0i3qdmyDqTvmVIvve7E4glBrtDS9h7D40\nnPShIvOatoPzIK4Y0QSvrI3G1vTsIZT3IOZto4AWuOkLNfYS2ce7prOreF0KjhV0\n3tggw9pHdDmTjHTiIkXqheZxZ7TVu+pddZW+CuB62I8lCBGPW7os1f21e3eOD/oY\nYPCI44aJvgP+zUORuZBWqaSJ0AAIuVW9S83Yzkz/tlSFHViOebyd8Cug4TlxK1VI\nq6hbSafh4C8ma7YzlvqjMzqFifcIolcbx+1A6ot0UiayJTUra4d6Uc4Rbc9RIiG0\njfDWC6aii9YkAgRl9WqSd31yASge/HDqVXFwR48qdlYQ57rcHviqxyrwRDnfw/lX\nMf6LPiDKEco4MKej7SR2kK2c2AgxUzpGZeAY6ePyhxbdhA0eY21nDeFd/RbwSc5s\neTiCCMr41OB4hfBFXKDKqsM3K7klhoz6D5WsgE6u3lDoTdz76xOSTg==\n-----END RSA PRIVATE KEY-----\n"
tls password password_for_TLS
 
use-proxy
This command enables/disables Diameter proxy for the Diameter endpoint.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] use-proxy
no
Disables Diameter proxy for the current endpoint.
This command at endpoint level will actually equip an application to use Diameter proxy to route all its messages to external peer.
Usage
By default, the use-proxy configuration is disabled.
This command equips an application to use Diameter proxy to route all its messages to external peer. The proxy acts as an application gateway for Diameter. It gets the configuration information at process startup and decides which Diameter peer has to be contacted for each application. It establishes the peer connection upon finding no peer connection already exists.
Each proxy task will automatically select one of the host names configured with the origin host CLI command. Multiple proxy tasks will not use the same host names, so there should be at least as many host names as proxy tasks. Otherwise, some proxy tasks will not be able to perform Diameter functionality. The chassis automatically selects which proxy tasks are used by which managers (i.e., ACSMgrs/SessMgrs), without verifying whether the proxy task is able to perform Diameter functionality.
To be able to run this command, the Diameter proxy must be enabled. In the Global Configuration Mode, see the require diameter-proxy CLI command.
Example
The following command enables Diameter proxy for the current endpoint:
use-proxy
The following command disables Diameter proxy for the current endpoint:
no use-proxy
 
watchdog-timeout
This command configures the Watchdog Timeout parameter.
Product
All
Privilege
Security Administrator, Administrator
Syntax
watchdog-timeout timeout
{ default | no } watchdog-timeout
no
Disables the watchdog timeout configuration.
default
Configures the default watchdog timeout setting.
Default: 30 seconds
timeout
Specifies the timeout duration, in seconds, and must be an integer from 6 through 30.
Usage
Use this command to configure the Watchdog Timeout parameter for the Diameter endpoint. If this timer expires before getting a response from the destination, other route to the same destination is tried, as long as the retry count setting has not been exceeded (see the device-watchdog-request CLI command) and as long as the response timer has not expired (see the response-timeout CLI command).
Example
The following command sets the watchdog timeout setting to 15 seconds:
watchdog-timeout 15
 
 

Cisco Systems Inc.
Tel: 408-526-4000
Fax: 408-527-0883