Important: At least one Packet Accelerator Card (PAC) or Packet Services Card (PSC) must be made active prior to service configuration. Information and instructions for configuring PACs/PSCs to be active can be found in the Configuring System Settings chapter of the System Administration Guide.
Caution: While configuring any base-service or enhanced feature, it is highly recommended to take care of conflicting or blocked IP addresses and port numbers for binding or assigning. In association with some service steering or access control features, like Access Control List configuration, use of inappropriate port number may result in communication loss. Refer respective feature configuration document carefully before assigning any port number or IP address for communication with internal or external network.
Important: This section provides the minimum instruction set for configuring a GGSN service that allows the system to process PDP contexts. Commands that configure additional GGSN service properties are provided in the GGSN Service Configuration Mode Commands chapter of Command Line Interface Reference.
These instructions assume that you have already configured the system level configuration as described in System Administration Guide.
Step 1 Create the GGSN service, local User Datagram Protocol (UDP) port for the Gn interfaces’ IP socket, and bind it to an IP address by applying the example configuration in the GGSN Service Creation and Binding section.
Step 2 Associate the accounting context for the GGSN service and configure charging characteristic profile parameters for GGSN service by applying the example configuration in the Accounting Context and Charging Characteristics Configuration section.
Step 3 Configure the SGSN and PLMN related policy and session setup timeout for the GGSN service by applying the example configuration in the SGSN and PLMN Policy Configuration section.
Step 4 Optional. Configure the GGSN service to support network-requested PDP contexts by applying the example configuration in the Network-requested PDP Context Support Configuration section.
Step 5 Verify your GGSN configuration by following the steps in the GGSN Configuration Verification section.
Step 6 Save your configuration as described in the Verifying and Saving Your Configuration chapter.context <vpn_ctxt_name> -noconfirmggsn-service <ggsn_svc_name>context <vpn_ctxt_name>ggsn-service <ggsn_svc_name>accounting context <aaa_ctxt_name>cc profile <cc_prof_index>
• Charging characteristics behavior and profile index can be configured for multiple CC profile indexes. For more options and keywords like buckets, interval, , sgsns, tariff, volume etc., refer cc profile section in Command Line Interface Reference.
• This command works in conjunction with the cc-sgsn command located in the APN configuration mode that dictates which CCs should be used for subscriber PDP contexts. Refer to the APN Configuration section in this chapter.context <vpn_ctxt_name>ggsn-service <ggsn_svc_name>setup-timeout <dur_sec>Important: The GGSN only communicates with the SGSNs configured using this command unless a PLMN policy is enabled to allow communication with unconfigured SGSNs. PLMN policies are configured using the plmn unlisted-sgsn command.
context <vpn_ctxt_name>network-requested-pdp-context activate <ip_address> dst-context <dst_ctxt_name> imsi <imsi> apn <apn_name>network-requested-pdp-context gsn-map <ip_address>show ggsn-service name <ggsn_svc_name>}The output of this command given below is a concise listing of GGSN service parameter settings as shown in the sample output displayed. In this example, a GGSN service called ggsn1 was configured and you can observe some parameters configured as default.Important: To configure RADIUS and Diameter AAA functionality, refer AAA Interface Administration and Reference.
If the system is configured to reject the charging characteristics from the SGSN, the GGSN can be configured with its own that can be applied based on the subscriber type (visiting, roaming, or home) at the APN level (refer to the APN Configuration section of this chapter for more information). GGSN charging characteristics consist of a profile index and behavior settings (refer to the GGSN Service Configuration section of this chapter for more information). The profile indexes specify the criteria for closing accounting records based specific criteria (refer to the GGSN Service Configuration section of this chapter for more information).Important: This section provides the minimum instruction set for configuring a GTPP accounting support in a GGSN service. Commands that configure additional GTPP accounting properties are provided in the Command Line Interface Reference.
These instructions assume that you have already configured the system level configuration as described in System Administration Guide and GGSN service as described in GGSN Service Configuration section of this chapter.
Step 1 Create the GTPP group in accounting context by applying the example configuration in the GTPP Group Creation section.
Step 2
Step 3 Verify your GTPP group and accounting configuration by following the steps in the GTPP Group Configuration Verification section.
Step 4 Save your configuration as described in the Verifying and Saving Your Configuration chapter.context <vpn_ctxt_name>gtpp group <gtpp_group_name> -noconfirmcontext <vpn_ctxt_name>gtpp group <gtpp_group_name>gtpp dictionary <dictionaries>
• Command for CGF gtpp charging-agent is optional and configuring gtpp charging-agent on port 3386 may interfere with ggsn-service configured with the same ip address. Multiple interfaces can be configured within a single context if needed.
• For better performance, it is recommended to configure maximum number of CDRs as 255 with gtpp max-cdrs command.
• Operator can select transport layer protocol as TCP or UDP for Ga interface with gtpp transport-layer command.
Step 1Important: This section provides the minimum instruction set for configuring APNs in a GGSN service. Commands that configure additional APN properties are provided in APN Configuration Mode Commands chapter of Command Line Interface Reference.
Step 7
Step 8 Save your configuration as described in the Verifying and Saving Your Configuration chapter.context <vpn_ctxt_name>apn <apn_name> -noconfirmip context-name <dst_ctxt_name>
Step 1 Configure the authentication and accounting parameters by applying the example configuration in the Authentication and Accounting Configuration in APN section.
Step 2 Attach a GTPP group with APN by applying the example configuration in the GTPP Group Association to APN section.context <dst_ctxt_name>apn <apn_name>
• The authentication process varies depending on whether the PDP context is of type IP or PPP. The authentication command provides msid-auth, msi-auth, msisdn-auth, allow-noauth, chap, mschap, and pap options. For more information on type of authentication, refer authentication section in APN Configuration Mode Commands chapter of Command Line Interface Reference.context <vpn_ctxt_name>apn <apn_name>Important: Additional charging characteristics parameters are configurable as part of the GGSN service. Refer to the GGSN Service Configuration section of this chapter for more information.
context <dst_ctxt_name>apn <apn_name>
• The process used by the system to determine how the address should be allocated. For detail information on IP address allocation, refer Usage section of ip address allocation-method command in APN Configuration Mode Commands chapter of Command Line Interface Reference.
• If DHCP-Proxy and DHCP-Relay method is selected for IP address allocation, a DHCP service must be configured on the system as described in DHCP Service Configuration section and specified the name of DHCP Service by entering the dhcp service-name command as described in APN Configuration Mode Commands chapter of Command Line Interface Reference.
• If local pool is selected for IP address allocation, a local pool must be configured on the system as described in IP Address Pool Configuration on the System section and specified the name of a private IP address pool by entering the ip address pool command as described in APN Configuration Mode Commands chapter of Command Line Interface Reference.Important: Additional charging characteristics parameters are configurable as part of the GGSN service. Refer to the GGSN Service Configuration section of this chapter for more information.
context <dst_ctxt_name>apn <apn_name>If behavior bits 5 (0000 0001 0000) and 11 (0100 0000 0000) are both being assigned to profile index 5 for a home subscriber, the appropriate command is cc-home behavior 410 profile 5.context <dst_ctxt_name>apn <apn_name>virtual-apn preference <priority > apn <apn_name> {domain <domain_name > | mcc <mcc_number> mnc <mnc_number> | roaming-mode {home | visiting | roaming}
• context <dst_ctxt_name>apn <apn_name>dns {primary | secondary} {<dns_ip_address>}mobile-ip home-agent <ha_ip_address>ip source-violation {ignore | check [drop-limit <limit>]} [exclude-from-accounting]restriction-value <value>timeout {absolute | idle | qos-renegotiate} <timeout_dur>
Step 1
Step 2
• DHCP-proxy: The system acts as a proxy for client (MS) and initiates the DHCP Discovery Request on behalf of client (MS). Once it receives an allocated IP address from DHCP server in response to DHCP Discovery Request, it assigns the received IP address to the MS. This allocated address must be matched with the an address configured in an IP address pool on the system. This complete procedure is not visible to MS.
• DHCP-relay: The system acts as a relay for client (MS) and forwards the DHCP Discovery Request received from client (MS). Once it receives an allocated IP address from DHCP server in response to DHCP Discovery Request, it assigns the received IP address to the MS.Important: This section provides the minimum instruction set for configuring a DHCP service on system for DHCP-based IP allocation. For more information on commands that configure additional DHCP server parameters and working of these commands, refer DHCP Service Configuration Mode Commands chapter of Command Line Interface Reference.
These instructions assume that you have already configured the system level configuration as described in System Administration Guide and GGSN service as described in GGSN Service Configuration section of this chapter.
Step 1 Create the DHCP service in system context and bind it by applying the example configuration in the DHCP Service Creation section.
Step 2 Configure the DHCP servers and minimum and maximum allowable lease times that are accepted in responses from DHCP servers by applying the example configuration in the DHCP Server Parameter Configuration section.
Step 3 Verify your DHCP Service configuration by following the steps in the DHCP Service Configuration Verification section.
Step 4 Save your configuration as described in theVerifying and Saving Your Configuration chapter.context <dest_ctxt_name>dhcp-service <dhcp_svc_name>bind address <ip_address> [nexthop-forwarding-address <nexthop_ip_address> [mpls-label input <in_mpls_label_value> output <out_mpls_label_value1> [out_mpls_label_value2]]]
• Optional keyword nexthop-forwarding-address <nexthop_ip_address> [mpls-label input <in_mpls_label_value> output <out_mpls_label_value1> [ out_mpls_label_value2 ]] applies DHCP over MPLS traffic.context <dest_ctxt_name>dhcp-service <dhcp_svc_name>dhcp deadtime <max_time>max-retransmissions <max_number>retransmission-timeout <dur_sec>
• Multiple DHCP can be configured by entering dhcp server command multiple times. A maximum of 20 DHCP servers can be configured.
• The dhcp detect-dead-server command and max-retransmissions command work in conjunction with each other.
• The retransmission-timeout command works in conjunction with max-retransmissions command.
Step 1Important: Setting different priorities on each individual pool can cause addresses in some pools to be used more frequently.
Important: This section provides the minimum instruction set for configuring local IP address pools on the system. For more information on commands that configure additional parameters and options, refer ip pool command section in Context Configuration Mode Commands chapter of Command Line Interface Reference.
These instructions assume that you have already configured the system level configuration as described in System Administration Guide and GGSN service as described in GGSN Service Configuration section of this chapter.
Step 1 Create the IP pool for IPv4 addresses in system context by applying the example configuration in the IPv4 Pool Creation section.
Step 2
Step 3 Verify your IP pool configuration by following the steps in the IP Pool Configuration Verification section.
Step 4 Save your configuration as described in the Verifying and Saving Your Configuration chapter.context <dest_ctxt_name>context <dest_ctxt_name>Important: This section provides the minimum instruction set for configuring an FA service that allows the system to process data sessions. Commands that configure additional FA service properties are provided in the Command Line Interface Reference. Additionally, when configuring Mobile IP take into account the MIP timing considerations discussed in Mobile-IP and Proxy-MIP Timer Considerations.
These instructions assume that you have already configured the system level configuration as described in System Administration Guide and GGSN service as described in GGSN Service Configuration section of this chapter.
Step 1
Step 2 Bind the configured FA service to a local IP address interface with UDP port and specify the maximum number of subscribers that can access this service for the Pi interfaces’ IP socket by applying the example configuration in the IP Interface and UDP Port Binding for Pi Interface section.
Step 3 Configure the security parameter index (SPI) between FA service and HA by applying the example configuration in the Security Parameter Index (SPI) Configuration section.
Step 4 Specify the FA agent advertisement related parameters like lifetime, number of advertisements, and registration lifetime by applying the example configuration in the FA Agent Advertisement Parameter Configuration section.
Step 5 Configure the number of registration per subscriber, authentication procedure, and registration timeout parameters for this FA service by applying the example configuration in the Subscriber Registration, Authentication and Timeout Parameter Configuration section.
Step 6 Optional. Configure the FA service for controlling the negotiation and sending of the I-bit in revocation messages by applying the example configuration in the Revocation Message Configuration section.
Step 7 Verify your FA service configuration by following the steps in the FA Service Configuration Verification section.
Step 8 Save your configuration as described in the Verifying and Saving Your Configuration chapter.context <fa_ctxt_name> -noconfirmfa-service <fa_svc_name> -noconfirm]
• <fa_ctxt_name> is name of the context to use for FA service configuraiton. Generally FA should be configured within a destination context.
• <fa_svc_name> is name of the FA service where other parameters have to configure for FA functionality.context <fa_ctxt_name>fa-service <fa_svc_name>ip local-port <udp_port_num>
• <fa_svc_name> is name of the FA service which is created to configure FA functionality.
• <fa_ip_address> is the local IP address in IPv4/IPv6 notation for providing Pi interfae characteristics.
• <max_subs> is the maximum number of subscribers that can access this service on this interface. This can be configured to any integer value from 0 to 500,000. The default is 500,000.Important: The maximum number of subscribers supported is dependant on the session capacity license installed and the number of active PACs/PSCs installed in the system. For more information on session capacity license, refer to the Software Management Operations chapter of the System Administration Guide.
• <udp_port_num> is the UDP port number from 1 through 65535 to be used for Pi interface. Default port number is 434.
• For more information on commands/keywords that configure additional parameters and options, refer FA Service Configuration Mode Commands chapter of Command Line Interface Reference.Use the following example to configure the security parameter index (SPI) between FA service and HA:context <fa_ctxt_name>fa-service <fa_svc_name>fa-ha-spi remote-address <ha_ip_address> spi-number <spi_num> {encrypted secret <enc_secret_key> | secret <secret_key>} [description <desc_string>]
• <fa_svc_name> is name of the FA service which is created to configure FA functionality.
• <ha_ip_address> is the IP address in IPv4/IPv6 notation of HA to which this FA service will interact.
• <spi_num> specifies the SPI number which indicates a security context between the FA and the HA in accordance with RFC 2002 amd can be configured to any integer value from 256 through 4294967295.
• <enc_secret_key> specifies the encrypted shared key between the FA and the HA services. It must be from 1 to 127 alpha and/or numeric characters and is case sensitive.Important: The encrypted keyword is intended only for use by the system while saving configuration scripts. The system displays the encrypted keyword in the configuration file as a flag that the variable following the secret keyword is the encrypted version of the plain text secret. Only the encrypted secret is saved as part of the configuration file.
• <secret_key> specifies the secret shared key between the FA and the HA services. It must be from 1 to 127 alpha and/or numeric characters and is case sensitive.
• <desc_string> is the description for this SPI and must be from 1 to 31 alpha and/or numeric characters.context <fa_ctxt_name>fa-service <fa_svc_name>advertise adv-lifetime <advt_dur>advertise num-adv-sent <advt_num>advertise reg-lifetime <reg_dur>
• <fa_svc_name> is name of the FA service which is created to configure FA functionality.
• <advt_dur> is the amount of time that an FA agent advertisement remains valid in the absence of further advertisements. It is measured in seconds and can be configured to any integer value from 1 to 65535. The default is 9000.
• <advt_num> is the number of unanswered agent advertisements that the FA service allows during call setup before it rejects the session. It can be any integer value from 1 to 65535. The default is 3.
• <reg_dur> specify the longest registration lifetime that the FA service allows in any Registration Request message from the mobile node. It is measured in seconds and can be configured to any integer value from 1 to 65534. The default is 600.context <fa_ctxt_name>fa-service <fa_svc_name>multiple-reg <reg_num>reg-timeout <timeout_dur>
• <fa_svc_name> is name of the FA service which is created to configure FA functionality.
• <reg_num> is the number of simultaneous Mobile IP sessions that are to be supported for a single subscriber. It can be configured to any integer value from 1 to 3. The default value is 1.Important: The system supports multiple Mobile IP sessions per subscriber only if the subscriber’s mobile node has a static IP address. The system only allows a single Mobile IP session for mobile nodes that receive a dynamically assigned home IP address.
Important: In addition, because only a single Mobile IP or proxy-Mobile IP session is supported for IP PDP contexts, this parameter must remain at its default configuration.
• <timeout_dur> is the maximum amount of time that the FA service waits for a Registration Rely message from the HA. It is measured in seconds and can be configured to any integer value from 1 to 65535. The default value is 45.context <fa_ctxt_name>fa-service <fa_svc_name>
Step 1
Step 2Important: This feature is a license-enabled support and you may need to install a feature specific session license on your system to use some commands related to this configuration.
These instructions assume that you have already configured the system level configuration as described in System Administration Guide and GGSN service as described in GGSN Service Configuration section of this chapter.
Step 1 Configure Diameter endpoint by applying the example configuration in the Diameter Endpoint Configuration section.
Step 2 Create or modify AAA group by applying the example configuration in the AAA Group Configuration section.
Step 3 Modify GGSN service to allow authorization with HSS by applying the example configuration in the Authorization over S6b Configuration section.
Step 4 Optional. Create and associate DNS client parameters by applying the example configuration in the DNS Client Configuration section.
Step 5 Optional. Modify GGSN service to accept duplicate calls when received with same IP address by applying the example configuration in the Duplicate Call Accept Configuration section.
Step 6 Verify your S6b configuration by following the steps in the Common Gateway Access Support Configuration Verification section.
Step 7 Save your configuration as described in the Verifying and Saving Your Configuration chapter.context <ggsn_ctxt_name> -noconfirmdiameter endpoint <s6b_endpoint_name>
• <ggsn_ctxt_name> is name of the context which contains GGSN service on system.context <fa_ctxt_name>aaa group <aaa_grp_name>diameter authentication endpoint <s6b_endpoint_name>
• <s6b_endpoint_name> is name of the existing Diamtere endpoint.context <ggsn_ctxt_name>ggsn-service <ggsn_svc_name>
• <ggsn_svc_name> is name of the GGSN service which is already created on the system.context <ggsn_ctxt_name>ip name-servers <ip_address/mask>dns-client <dns_name>bind address <ip_address>resolver retransmission-interval <duration>resolver number-of-retries <retrie>cache ttl positive <ttl_value>ggsn-service <ggsn_svc_name>
• <ggsn_svc_name> is name of the GGSN service which is already created on the system.context <ggsn_ctxt_name>ggsn-service <ggsn_svc_name>
• <ggsn_svc_name> is name of the GGSN service which is already created on the system.The output from this command should look similar to the sample shown below. In this example GGSN service named GGSN1 was configured in the vpn1 context.
![]() |
Cisco Systems Inc. |
Tel: 408-526-4000 |
Fax: 408-527-0883 |