The SGSN Operator Policy configuration mode enables the operator to specify a single policy with rules governing the services, facilities, and privileges available to one, multiple, or all subscribers. These policies can override standard behaviors and provide mechanisms for an operator to get around the limitations of other infrastructure elements such as DNS servers and HLRs. By configuring an operator policy, the operator fine-tunes any desired restrictions or limitations needed to control call handling per subscriber or for a group of callers within a defined IMSI range.
Important: To create and use an operator policy, you must first define the IMSI range using the
mcc command. This does not apply to the default operator policy.
The system supports up to 1000 operator policies, including the single operator policy named default. This default operator policy must be configured by the user to define limitations to be applied to any IMSIs that are not covered by any other defined operator policy.
Important: The commands or keywords/variables that are available are dependent on platform type, product version, and installed license(s).
ctxt_name: Enter a string of 1 to 79 alphanumeric characters.
grp_name: Enter a string of 1 to 63 alphanumeric characters to identify the GTPP group created with the
gtpp group command in the Context configuration mode.
For this SGSN operator policy, the following command identifies an accounting context called acctng1 and associates a GTPP server group named
roamers with defined charging gateway accounting functionality.
apn {
network-identifier apn_net_id|
operator-identifier apn_op_id} +
no {
network-identifier apn_net_id |
operator-identifier apn_op_id }
apn_net_id : Enter a string of 1 to 62 alphanumeric characters, including dots (.) and dashes (-), to define the GT-address network identifier. For releases 8.0 the maximum number of characters is 63; for releases 8.1 and higher, the maximum number of characters is 62.
apn_op_id: Enter a string of 1 to 18 alphanumeric characters including dots (.). The entry must be in the following format, where # represents a digit: : MNC###.MCC###.GPRS.
DescriptionWith this command, this SGSN operator policy instructs the system to apply APN restrictions at the SGSN-level.
apn_net_id : Enter a string of 1 to 62 alphanumeric characters, including dots (.) and dashes (-), to define the GT-address network identifier. For releases 8.0 the maximum number of characters is 63; for releases 8.1 and higher, the maximum number of characters is 62.
apn_net_id : Enter a string of 1 to 62 alphanumeric characters, including dots (.) and dashes (-), to define the GT-address network identifier. For releases 8.0 the maximum number of characters is 63; for releases 8.1 and higher, the maximum number of characters is 62.
Important: Before using this command, ensure that the appropriate LAC information has been defined with the
location-area-list command.
Restrict attaches (do not accept calls) of specified access-type and from specified location areas (defined using either the
all or
location-area-list keywords).
This keyword identifies a location area list already created with the location-area-list command. The location area list consists of one or more LACs, location area codes, where the MS is when placing the call. Using this keyword with either the
allow or
restrict keywords enables you to configure with more granularity.
list_id must be an integer between 1 and 5.
fail-code must be an integer from 2 to 111. Default is 14. Refer to the GMM failure cause codes listed below (information has been taken from section 10.5.5.14 of the 3GPP TS 124.008 v7.2.0 R7):
Important: Before using this command, ensure that the appropriate LAC information has been defined with the
location-area-list command.
attach restrict access-type gprs location-area-list instance 2
authenticate {
activate |
all-events |
attach [ access-type | attach-type | frequency | inter-rat ] |
detach |
rau |
service-request }
default authenticate {
activate |
attach |
detach |
rau |
service-request }
•
|
first - Enables/disables authentication for first activate .
|
•
|
frequency frequency - Defines 1-in-N selective authentication of subscriber events - where an event is an Attach Request, RAU, Service Request, Activate-Primary-PDP-Context Request, or Detach Request. If the frequency is set for 12, then the SGSN skips authentication for the first 11 events and authenticates on the 12th event.
|
frequency must be an integer from 1 to 16.
•
|
primary - Enables/disables authentication for every primary activate request.
|
•
|
frequency frequency - Defines 1-in-N selective authentication of subscriber events - where an event is an Attach Request, RAU, Service Request, Activate-Primary-PDP-Context Request, or Detach Request. If the frequency is set for 12, then the SGSN skips authentication for the first 11 events and authenticates on the 12th event.
|
frequency must be an integer from 1 to 16.
•
|
access-type type : Must be one of the following options:
|
•
|
attach-typetype : Must be one of the following options:
|
•
|
combined : Authenticates combined GPRS/IMSI Attaches.
|
•
|
gprs-only : Authenticates GRPS Attaches only.
|
•
|
frequency frequency - Defines 1-in-N selective authentication of subscriber events - where an event is an Attach Request, RAU, Service Request, Activate-Primary-PDP-Context Request, or Detach Request. If the frequency is set for 12, then the SGSN skips authentication for the first 11 events and authenticates on the 12th event.
|
frequency must be an integer from 1 to 16.
•
|
inter-rat: Enables authentication for Inter-RAT Attaches.
|
access-type type : must be one of the two:
•
|
frequency frequency - Defines 1-in-N selective authentication of subscriber events - where an event is an Attach Request, RAU, Service Request, Activate-Primary-PDP-Context Request, or Detach Request. If the frequency is set for 12, then the SGSN skips authentication for the first 11 events and authenticates on the 12th event.
|
frequency must be an integer from 1 to 16.
•
|
periodicity duration : Defines the length of time (number of minutes) that authentication can be skipped.
|
duration : Must be an integer from 1 to 10800.
•
|
update-type: Defines the type of RAU Request. Select one of the following:
|
•
|
periodic { access-type | frequency | periodicity }
|
•
|
ra-update { access-type | with inter-rat-local-ptmsi }
|
•
|
frequency frequency - Defines 1-in-N selective authentication of subscriber events - where an event is an attach request, RAU, service request, activate-primary-PDP-context request, or detach request. If the frequency is set for 12, then the SGN skips authentication for the first 11 events and authenticates on the 12th event. frequency must be an integer from 1 to 16.
|
•
|
periodicity duration : Defines the length of time (number of minutes) that authentication can be skipped.
|
duration : Must be an integer from 1 to 10800.
•
|
service-type: Defines the service request type. Options include:
|
Use this command with the frequency keyword to determine the support for selective execution of the re-authentication and/or P-TMSI reallocation procedure in case of a 3G service request.
DescriptionThis command defines the charging characteristics to be applied for CDR generation through SGSN operator policy.
bit_value must be an integer value from 1 through 12.
local-value behavior bit_value profile index_bit
bit_value must be a hexadecimal value between 0x0 and 0xFFF.
index_bit must be an integer value from 1 through 15.
•
|
hlr-value: Sets the operator policy to use charging characteristics settings received from HLR. This is the default preference.
|
•
|
local-value: Sets the operator policy to use charging characteristics settings from SGSN only. If no charging characteristics received from HLR then local value will be applicable.
|
DescriptionThis command has been deprecated in favor of the
accounting-context command for configuration of charging per SGSN operator policy.
To ensure that direct tunnel is supported, check the settings of the direct-tunnel commands in the SGSN APN policy configuration mode and the Radio Network Controller (release 8.0) or RNC (releases 8.1 or higher) configuration mode. Direct tunneling must be enabled at these two point to allow direct tunneling for the MS/UE.
[ no ]
dns-sgsn context ctxt_name
[ default |
no ]
encryption-algorithm-umts
•
|
uea0 - No encryption algorithm
|
no equivalent-plmn radio_access_technology {
2G |
3g |
any }
plmnid mcc_number mnc_number
plmnid mcc_number mnc_number
•
|
mcc: Specifies the mobile country code (MCC) portion of the PLMN’s ID. The number can be any integer between 100 and 999.
|
•
|
mnc: Specifies the mobile network code (MNC) portion of the PLMN’s ID. The number can be any integer between 00 and 999.
|
gmm information-in-messages access-type { {
gprs |
umts } [
network-name {
full-text name |
short-text name } | [
send-after {
attach |
rau } ] }
[ default |
no ] gmm {
information-in-messages access-type {
gprs |
umts }
•
|
gprs - General Packet Radio Service network
|
•
|
umts - Universal Mobile Telecommunications System network
|
•
|
network-name: identifies the network name in either short text or full text.
|
•
|
send-after: configures the information in message to send after attachement or Routing Area Update (RAU).
|
network-name { full-text name | short-text name }
•
|
full-text name: Indicate the network name in full text
|
•
|
short-text name: Indicate the network name in short text
|
•
|
attach: Information sent after attachment
|
•
|
rau: Information sent after routing area update
|
default gmm information-in-messages access-type gprs
[ no |
default ]
gmm retrieve-equipment-identity
•
|
imei : International Mobile Equipement Identity
|
•
|
imeisv : International Mobile Equipement Identity - Software Version
|
•
|
unciphered: This optional keyword enables the unciphered retrieval of IMEI-SV. If this option is enabled the retrieval procedure will get IMEISV (if auth is still pending, get as part of Authentication and Ciphering Response otherwise, via explicit Identification Request after Security Mode Complete).
|
•
|
then-imei: This otional keyword enables the retrieval of software version numbr before the IMEI. If this option is enabled the equipement identiry retrieval procedure will get IMEISV on secured link (after Security mode procedure via explicit Gmm Idenitification Request), and if MS is not having IMEISV(responded with NO Identity), SGSN will try to get IMEI.
|
gs_srvc_name is the name of a configured Gs service and can be from 1 to 63 alpha and/or numeric characters and is case sensitive.
ctx_name is name of the configured context of Gs service. This can be from 1 to 63 alpha and/or numeric characters and is case sensitive.
Important: A Gs service can be used with multiple SGSN and/or GPRS service.
Following command associates a Gs service instance named stargs1, which is configured in context named
star_ctx, with an SGSN operator policy:
gtp send {
imeisv |
ms-timezone |
rat |
uli }
[ remove ]
gtpu fast-path
Important: When enabled/disabled, fast-path processing will be applicable only to new subscriber who establishes a PDP context after issuing this command (enabling GTP-U fast path). No existing subscriber session will be affected by this command.
If the area-code keyword is included in the command, then only the specified area code is removed from the identified list. If the
area-code keyword is not included with the command then the entire list of LACs is removed from this operator policy.
instance must be an integer between 1 and 5.
area_code must be an integer between 1 and 65535.
* If desired, enter multiple LACs separated by a single blank space.
[ remove ]
map message update-gprs-location [
imeisv |
private-extension access-type ]
Important: This command is mandatory if an operator policy is to be used. However, you do not need to complete this command if you are using the default operator policy.
mcc mcc_num mnc mnc_num [
msin first start_num last stop_num |
plmnid id ]
+
mcc defines the mobile country code (MCC) of an IMSI.
mcc_num : Enter a 3-digit number from 100 to 999 - 000 to 099 are reserved.
mnc defines the mobile network code (MNC) of an IMSI.
mnc_num : Enter a 2 or 3-digit number from 00 to 999.
first start_num : Defines first MSIN prefix number in a range
last stop_num : Defines the last or final MSIN prefix number in a range.
mcc 310 mnc 33 plmnid 42244
length must be an integer from 1 to 6.
value must be an integer from 0 to 63.
•
|
gprs: Enables access type as GPRS.
|
•
|
umts: Enables access type as UMTS.
|
instance must be an integer from 1 through 5. The value must be an already defined instance of a LAC list created with the
location-area-list command.
code must be an integer from 8 through 112.
[ no ]
pdp-activate allow access-type {
grps |
umts }
location-area-list instance instance
•
|
gprs: Enables access type as GPRS.
|
•
|
umts: Enables access type as UMTS.
|
instance must be an integer from 1 through 5. The value must be an already defined instance of a LAC list created with the
location-area-list command.
[ no ]
pdp-activate restrict {
access-type {
grps |
umts } {
all |
location-area-list instance instance } |
secondary-activation }
•
|
gprs: Enables access type as GPRS.
|
•
|
umts: Enables access type as UMTS.
|
list_id must be an integer from 1 through 5. The value must be an already defined instance of a LAC list created with the
location-area-list command.
ptmsi-reallocate {
attach |
frequency frequency |
interval minutes |
routing-area-update |
service-request }
access-type {
gprs |
umts }
[ no |
default ]
ptmsi-reallocate {
attach |
frequency |
interval |
routing-area-update |
service-request }
access-type {
gprs |
umts }
•
|
gprs - General Packet Radio Service
|
•
|
umts - Universal Mobile Telecommunications System
|
rau-inter {
access-type |
allow access-type |
restrict access-type } { [
all ]
failure-code fail_code |
location-area-list instance instance } }
no rau-inter {
allow access-type |
restrict access-type } { [
all ]
failure-code fail_code |
location-area-list instance instance }
default rau-inter {
allow access-type |
restrict access-type } { [
all ]
failure-code fail_code |
location-area-list instance instance } }
•
|
gprs - General Packet Radio Service
|
•
|
umts - Universal Mobile Telecommunications System
|
•
|
gprs - General Packet Radio Service
|
•
|
umts - Universal Mobile Telecommunications System
|
list_id must be an integer between 1 and 5. The value must be an already defined instance of a LAC list created with the
location-area-list command.
fail-code must be an integer from 2 to 111. Refer to the GMM failure cause codes listed below (information has been taken from section 10.5.5.14 of the 3GPP TS 124.008 v7.2.0 R7):
rau-intra {
access-type |
allow access-type |
restrict access-type } { [
all ]
failure-code fail_code |
location-area-list instance instance } }
no rau-intra {
allow access-type |
restrict access-type } { [
all ]
failure-code fail_code |
location-area-list instance instance }
default rau-intra {
allow access-type |
restrict access-type } { [
all ]
failure-code fail_code |
location-area-list instance instance } }
•
|
gprs - General Packet Radio Service
|
•
|
umts - Universal Mobile Telecommunications System
|
•
|
gprs - General Packet Radio Service
|
•
|
umts - Universal Mobile Telecommunications System
|
list_id must be an integer between 1 and 5. The value must be an already defined instance of a LAC list created with the
location-area-list command.
fail-code must be an integer from 2 to 111. Refer to the GMM failure cause codes listed below (information has been taken from section 10.5.5.14 of the 3GPP TS 124.008 v7.2.0 R7):
[ no |
remove }
reuse-authentication-triplets no-limit
sgsn-address rac rac-id lac lac_id [
nri nri ]
prefer {
fallback-for-dns address {
ipv4 ip_address |
ipv6 ip_addess } |
local address {
ipv4 ip_address |
ipv6 ip_address } }
rac_id identifies foreign RAC of the peer SGSN address to be configured in the static peer SGSN address table.
rac_id must be an integer from 1 to 255.
lac_id identifies foreign LAC of the peer SGSN address to be configured in the static peer SGSN address table.
lac_id must be an integer from 1 to 65535.
nri identifies the network resource identifier stored in PTMSI (bit 17 to bit 23).
nri must be an integer from 0 to 63.
fallback-for-dns - instructs the SGSN to do a DNS query to get the address.
local - instructs the system to use the local address present in the configuration.
•
|
ipv4 - enter a valid address in IPv4 standard notation.
|
•
|
ipv6 - enter a valid address in IPv6 standard notation.
|
[ remove ]
sms-mo { {
access-type {
gprs |
umts } {
all-location-areas |
location-area-list } |
allow access-type {
gprs |
umts } |
restrict access-type {
gprs |
umts } }
instance must be an integer between 1 and 5. The value must identify an already defined LAC list created with the
location-area-list command.
code : Must be an integer from 2 to 111.
[ remove ]
sms-mt { {
access-type {
gprs |
umts } {
all-location-areas |
location-area-list } |
allow access-type {
gprs |
umts } |
restrict access-type {
gprs |
umts } }
instance must be an integer between 1 and 5. The value must identify an already defined LAC list created with the
location-area-list command.
code : Must be an integer from 2 to 111.
srns-inter (
all failure-code |
allow location-area-list instance instance |
location-area-list instance instance failure-code code |
restrict location-area-list instance instance }
no srns-inter {
allowlocation-area-list instance instance |
restrictlocation-area-list instance instance }
code : Must be an integer from 2 to 111.
instance : Must be an integer between 1 and 5 that identifies the previously defined location area list created with the
location-area-list command.
srns-intra (
all failure-code |
allow location-area-list instance instance |
location-area-list instance instance failure-code code |
restrict location-area-list instance instance }
no srns-intra {
allowlocation-area-list instance instance |
restrictlocation-area-list instance instance }
code : Must be an integer from 2 to 111.
instance : Must be an integer between 1 and 5 that identifies the previously defined location area list created with the
location-area-list command.
{ no |
default }
subscriber-control-inactivity
time : Enter an integer from 1 to 20160 (two weeks).
pdp-type can be one of the following options:
•
|
ipv4 - for an ipv4 context
|
•
|
ipv6 - for an ipv6 context
|
apn_net_id : Must be one of the APN network Ids defined with the
apn command in this SGSN operator policy configuration mode.
apn_net_id : Enter a string of 1 to 62 alphanumeric characters, including dots (.) and dashes (-), to define the network identifier. For releases 8.0 the maximum number of characters is 63; for releases 8.1 and higher, the maximum number of characters is 62.
[ no ]
zone-code zc_id lac lac_id
Removes either a specific LAC Id from the zone-code definition or if lac_id is not included in the command then the entire zone-code definition is removed from configuration.
lac_id must be an integer from 1 to 65535.
zone-code 1 lac 4132zone-code 1 lac 1234zone-code 1 lac 64321