Exec Modes Commands (D-S)


Exec Modes Commands (D-S)
 
 
This chapter contains the commands in the Exec Mode from debug to sgsn offload.
 
debug
The following commands send information to the logging facility for review:
 
debug ip
Enables/disables the debug options for IP debugging. If logging is enabled, results are sent to the logging system.
Product
All
Privilege
Security Administrator, Administrator, Operator
Syntax
debug ip { arp | interface | route }
no debug ip { arp | interface | route }
no
Indicates the IP debugging is to be disabled for the IP interfaces/function specified.
arp | interface name | route
Specifies which IP interfaces/function to debug.
arp: indicates debug is to be enabled for the address resolution protocol.
interface: indicates debug is to be enabled for the IP interfaces.
route: indicates debug is to be enabled for the route selection and updates.
Usage
The debug IP command is valuable when troubleshooting network problems between nodes. The debugging is stopped by using the no keyword.
Caution: Issuing this command could negatively impact system performance depending on system configuration and/or loading.
Example
The following commands enable/disable debugging for ARP.
debug ip arpno debug ip arp
The following enables disables debugging for IP interfaces.
debug ip interface
no debug ip interface
The following enables/disables debugging for routing.
debug ip routeno debug ip route
 
debug ip bgp
This command enables BGP debug flags. If logging is enabled, results are sent to the logging system.
Product
HA
Privilege
Security Administrator, Administrator, Operator
Syntax
debugipbgp {all | event | filters | fsm | keepalives | updates { inbound | outbound } }
no debugipbgp { all | event | filters | fsm | keepalives | updates { inbound | outbound } }
no
Disable the specified BGP debug flags.
all
Enable all BGP debug flags.
event
Enable debugging of all BGP protocol events.
filters
Enable debugging of all BGP filters.
fsm
Enable debugging of BGP Finite State Machine
keepalives
Enable debugging of all BGP keepalives.
updates {inbound | outbound}
Enable debugging of BGP updates.
inbound: Debug all BGP inbound updates.
outbound: Debug all BGP outbound updates.
Usage
Use this command to enable or disable BGP debug flags.
Example
The following command disables all BGP debug flags enabled by any of the debug ip bgp commands:
no debug ip bgp all
The following command enables all BGP debug flags:
debug ip bgp all
 
debug ip ospf all
This command enables all OSPF debug flags. If logging is enabled, results are sent to the logging system.
Product
PDSN, HA, GGSN
Privilege
Security Administrator, Administrator, Operator
Syntax
debugipospf all
no debugipospf all
no
Disable all OSPF debug flags.
Usage
Use this command to enable or disable all OSPF debug flags.
Example
The following command disables all OPSF debug flags enabled by any of the debug ip ospf commands:
no debug ip ospf all
The following command enables all OSPF debug flags:
debug ip ospf all
 
debug ip ospf event
This command enables debugging of OSPF protocol events. If logging is enabled, results are sent to the logging system. If no keywords are specified, all events are enabled for debugging.
Product
PDSN, HA, GGSN
Privilege
Security Administrator, Administrator, Operator
Syntax
debug ip ospf event [ abr | asbr | vl | lsa | os | router ]
no debug ip ospf event [ abr | asbr | vl | lsa | os | router ]
no
Disable debugging the specified OSPF event. If no keywords are specified, all events are disabled.
abr
Specifies debugging of ABR events.
asbr
Specifies debugging of ASBR events.
vl
Specifies debugging of VL events.
lsa
Specifies debugging of link state advertisement (LSA) events.
os
Specifies debugging of OS events.
router
Specifies debugging of router events.
Usage
Use this command to output debug information for OSPF events.
Example
To enable all event debug information, enter the following command;
debug ip ospf event
To disable all event debug information, enter the following command;
no debug ip ospf event
 
debug ip ospf ism
This command enables OSPF Interface State Machine (ISM) troubleshooting, based on ISM information type. If no keywords are specified all ISM information types are enabled. If logging is enabled, results are sent to the logging system.
Product
PDSN, HA, GGSN
Privilege
Security Administrator, Administrator, Operator
Syntax
debugip spfism [ events | status | timers ]
no debugipospfism [ events | status | timers ]
no
Disable debugging the specified ISM information. If no keywords are specified, all information is disabled.
events
Enable debugging ISM event information.
status
Enable debugging ISM status information.
timers
Enable debugging ISM timer information.
Usage
Use this command to output ISM debug information.
Example
To enable all ISM debug information, enter the following command;
debug ip ospf ism
To disable all ISM debug information, enter the following command;
no debug ip ospf ism
 
debug ip ospf lsa
This command enables troubleshooting on OSPF Link State Advertisements (LSAs), based on the specific LSA option. If no keywords are specified, all options are enabled. If logging is enabled, results are sent to the logging system.
Product
PDSN, HA, GGSN
Privilege
Security Administrator, Administrator, Operator
Syntax
debugipospflsa [ flooding | generate | install | refresh | maxage | refresh ]
no debugipospflsa [ flooding | generate | install | refresh | maxage | refresh ]
no
Disables the specified LSA debug information. If no keyword is specified, all LSA debug information is disabled.
flooding
Enable LSA flooding information.
generate
Enable LSA generation information.
install
Enable LSA install information.
maxage
Enable LSA maxage information in seconds. The maxage is equal to 3600 seconds.
refresh
Enable LSA refresh information.
Usage
Use this command to output debug information for LSAs.
Example
To enable all LSA debug information, enter the following command;
debug ip ospf lsa
To disable all LSA debug information, enter the following command;
no debug ip ospf lsa
 
debug ip ospf nsm
This command enables troubleshooting OSPF Neighbor State Machines (NSMs), based on the specific NSM information type. If no keyword is specified, all NSM information types are enabled. If logging is enabled, results are sent to the logging system.
Product
PDSN, HA, GGSN
Privilege
Security Administrator, Administrator, Operator
Syntax
debugipospfnsm [ status | events | timers ]
nodebugipospfnsm [ status | events | timers ]
no
Disables the debugging the specified NSM information type. If no keyword is specified, all information types are disabled.
events
Enables debugging NSM event information.
status
Enables debugging NSM status information.
timers
Enables debugging NSM timer information.
Usage
Use this command to output debug information for OSPF NSMs
Example
To enable all NSM debug information, enter the following command;
debug ip ospf nsm
To disable all NSM debug information, enter the following command;
no debug ip ospf nsm
 
debug ip ospf packet
This command enables troubleshooting of specific OSPF packet information. If logging is enabled, results are sent to the logging system.
Product
PDSN, HA, GGSN
Privilege
Security Administrator, Administrator, Operator
Syntax
debugipospfpacket { all | dd | hello | ls-ack | ls-request | ls-update } [ send | recv ] [ detail ]
nodebugipospfpacket { all | dd | hello | ls-ack | ls-request | ls-update } [ send | recv ] [ detail ]
no
Disable debugging of the specified packet information.
all
Enable debugging all OSPF packet information.
dd
Enable debugging database descriptions.
hello
Enable debugging hello packets.
ls-ack
Enable debugging link state acknowledgements.
ls-request
Enable debugging link state requests.
ls-update
Enable debugging link state updates.
send
Enable debugging only on sent packets.
recv
Enable debugging only on received packets.
detail
Enable detailed information in the debug output.
Usage
Use this command to output specific OSPF packet information.
Example
To enable all packet debug information, enter the following command;
debug ip ospf packet all
To disable all route debug information, enter the following command;
no debug ip ospf packet all
 
debug ip ospf route
This command sets the route calculation method to use in debugging OSPF routes. If no route calculation method is specified, all methods are enabled. If logging is enabled, results are sent to the logging system.
Product
PDSN, HA, GGSN
Privilege
Security Administrator, Administrator, Operator
Syntax
debugipospfroute [ ase | ia | install | spf ]
nodebugipospfroute [ ase | ia | install | spf ]
no
Disables debugging of route information. If no keyword is specified all information types are disabled.
ase
Enables debugging information on external route calculations.
ia
Enables debugging information on Inter-Area route calculations.
install
Enables debugging information on route installation.
spf
Enables debugging information on SPF route calculations.
Usage
Use this command to output debug information for OSPF routes.
Example
To enable all route debug information, enter the following command;
debug ip ospf route
To disable all route debug information, enter the following command;
no debug ip ospf route
 
debug ip ospf router
This command sets the debug option for OSPF router information. If no keyword is specified, all router information is enabled. If logging is enabled, results are sent to the logging system.
Product
PDSN, HA, GGSN
Privilege
Security Administrator, Administrator, Operator
Syntax
debug ip ospf router [ interface | redistribute ]
no debug ip ospf router [ interface | redistribute ]
no
Disables the specified router debug information. If no keyword is specified, all router information is disabled.
interface
Enables router interface information.
redistribute
Enables router redistribute information.
Usage
Use this command to output debug information for the OSPF router.
Example
To enable all router debug information, enter the following command;
debug ip ospf router
To disable all router debug information, enter the following command;
no debug ip ospf router
 
default terminal
Restores the system default value for the terminal options.
Product
All
Privilege
Security Administrator, Administrator, Operator, Inspector
Syntax
default terminal { length | width }
length | width
length: reset the terminal length to the system default.
width: restores the system default terminal width.
Usage
Restore the default terminal settings when the current paging and display wraps inappropriately or pages to soon.
Example
The following sets the default length then width in two commands.
default terminal length
default terminal width
 
delete
Removes the specified file(s) permanently from the local.
Product
All
Privilege
Security Administrator, Administrator
Syntax
deletefilepath [ -noconfirm ]
filepath
Specifies the location of the file to delete. The path must be formatted according to the following format:
Specifies the source of the copy. url may refer to a local or a remote file. url must be entered using one of the following formats:
Important: Use of the SMC hard drive is not supported in this release.
directory is the directory name
filename is the actual file of interest
-noconfirm
Indicates that the command is to execute without any additional prompt and confirmation from the user.
Important: Use of the -noconfirm option should be done with extra care to ensure the file is specified accurately as there is no method of recovering a file that has been deleted.
Usage
Deleting files is a maintenance activity which may be part of periodic routine procedures to reduce system space utilization.
Example
The following removes files from the local /flash/pub directory.
delete /flash/pub/june03.cfg
 
dhcp force
Tests the lease-renewal for DHCP-assigned IP addresses for a particular subscriber.
Product
GGSN, ASN-GW
Privilege
Security Administrator, Administrator, Operator
Syntax
dhcp force lease-renewal { callidid | imsiimsi [ nsapinsapi ] | msidmsid }
callid id
Clears the call specified by call_id. The call ID must be specified as a 4-byte hexadecimal number.
imsi msid
Disconnects the subscriber with the specified msid. The IMSI (International Mobile Subscriber Identity) ID is a 50-bit field which identifies the subscriber’s home country and carrier. Wildcard characters $ and * are allowed. The * wildcard matches multiple characters and the $ wildcard matches a single character. If you do not want the wildcard characters interpreted as a wildcard enclose them in single quotes ( ‘ ). For example; ‘$’.
nsapi nsapi
A specific Network Service Access Point Identifier (NSAPI).
nsapi is an integer value from 5 to 15.
msid id
Disconnects the mobile user identified by ms_id. ms_id must be from 7 to 16 digits specified as an IMSI, MIN, or RMI. Wildcard characters $ and * are allowed. The * wildcard matches multiple characters and the $ wildcard matches a single character. If you do not want the wildcard characters interpreted as a wildcard enclose them in single quotes ( ‘ ). For example; ‘$’.
Usage
Use this command tests a forced IP address lease renewal for a specific subscriber.
Example
The following command tests DHCP lease renewal for a subscriber with an MSID of 1234567:
dhcp force lease-renewal msid 1234567
 
dhcp test
Tests DHCP functions for a particular DHCP service.
Product
GGSN, ASN-GW
Privilege
Security Administrator, Administrator, Operator
Syntax
dhcp test dhcp-servicesvc_name [ all | serverip_address ]
dhcp-service svc_name
The name of the DHCP service. It can be from 1 to 63 alpha and/or numeric characters in length and is case sensitive.
all
Tests DHCP functionality for all servers.
server ip_address
Tests DHCP functionality for the server.
ip_address is the IP address of the DHCP server in dotted-decimal notation.
Usage
Once DHCP functionality is configured on the system, this command can be used to verify that it is configured properly and that it can successfully communicate with the DHCP server.
Executing this command causes the system to request and allocate an IP address and then release it.
If a specific DHCP server is not specified, then each server configured in the service is tested.
Example
The following command tests the systems ability to get an IP address from all servers a DHCP service called DHCP-Gi is configured to communicate with:
dhcp test dhcp-service DHCP-Gi all
The following displays a sample of this command’s output showing a successful DHCP test.
DHCP test status for service <DHCP-Gi>: Server address: 192.168.16.2 Status: Tested Lease address: 192.168.16.144 Lease Duration: 600 secs.
 
diameter disable endpoint
This command disables a diameter peer without removing the peer’s configuration.
Product
PDIF, SCM
Privilege
Security Administrator, Administrator
Syntax
diameter disable endpoint endpoint_name peer peer_id
endpoint endpoint_name
Specifies the endpoint in which the peer is configured.
endpoint_name must be the endpoint name, and must be a string of 1 through 63 characters in length.
peer peer_id
Specifies the peer to be disabled.
peer_id must be the diameter peer host name, and must be a string of 1 through 63 characters in length.
Usage
Use this command to administratively disable a diameter peer without removing the peer configuration. This command will tear down all connections on the specified peer (by sending a DPR if the configuration demands the same at peer level configuration). The peer will remain in disabled state until it is enabled again. Also see the diameter enable endpoint command.
Example
This command disables the diameter peer peer12:
diameter disable endpoint endpoint1 peer peer12
 
diameter enable endpoint
This command enables a diameter peer that is disabled.
Product
PDIF, SCM
Privilege
Security Administrator, Administrator
Syntax
diameter enable endpoint endpoint_name peer peer_id
endpoint endpoint_name
Specifies the endpoint in which the peer is configured.
endpoint_name must be the endpoint name, and must be a string of 1 through 63 characters in length.
peer peer_id
Specifies the peer to be enabled.
peer_id must be the diameter peer host name, and must be a string of 1 through 63 characters in length.
Usage
Use this command to administratively enable a diameter peer. Also see the diameter disable endpoint command.
Example
This command enables the diameter peer peer12:
diameter enable endpoint endpoint1 peer peer12
 
diameter reset connection
This command resets individual TCP/SCTP connections.
Product
All
Privilege
Security Administrator, Administrator, Operator, Inspector
Syntax
diameter reset connection { endpoint endpoint_name peer peer_id }
endpoint endpoint_name
Resets connection to the specified endpoint.
endpoint_name must be the endpoint name, and must be an alpha and/or numeric string of 1 through 63 characters in length.
peer peer_id
Resets connection to the specified peer.
peer_id must be the Diameter peer host name, and must be an alpha and/or numeric string of 1 through 63 characters in length.
Usage
Use this command to reset the TCP/SCTP connections for the specified endpoint/peer. With this command, the connection will be closed temporarily after DPR/DPA. If there is any traffic to be sent to the particular peer, then the connection will be re-established.
This command overrides the endpoint configured in any other configuration mode.
This command is applicable only when the specified peer is enabled.
Example
This command resets connection to the specified endpoint:
diameter reset connection endpoint <endpoint_name>
 
diameter reset route failure
This command resets the failed route status of Diameter destination-host combination via peer to AVAILABLE status.
Product
All
Privilege
Security Administrator, Administrator, Operator, Inspector
Syntax
diameter reset route failure [ endpoint endpoint_name ] [ host host_name ] [ peer peer_id ]
endpoint endpoint_name
Resets paths to the specified endpoint.
endpoint_name must be a string of 1 through 63 characters in length.
host host_name
Resets the FAILED status of all Diameter destination-host combination routes via peer for every Diameter client within the chassis having a specific host name to AVAILABLE.
host_name must be the Diameter host name, and must be a string of 1 through 63 characters in length.
peer peer_id
Resets the FAILED status of all Diameter destination-host combination routes via a peer having specific peer-Id for every Diameter client within the chassis to AVAILABLE.
peer_id must be the Diameter peer host name, and must be a string of 1through 63 characters in length.
Usage
Use this command to reset the FAILED status of all Diameter destination-host combination routes via peer for every Diameter client within the chassis to AVAILABLE status.
This command also resets the failure counts used to determine the AVAILABLE/FAILED status of destination-host combination.
When executed from local context, this command matches all contexts. If an optional keyword is not supplied, a wildcard is used for the value.
The status of every matching combination of destination-host via peer for every matching Diameter client within the chassis will be reset to AVAILABLE. The failure counts that are used to determine AVAILABLE/FAILED status will also be reset.
Also see the route-entry and route-failure CLI commands in the Diameter Endpoint Configuration Mode.
Default value: N/A
Example
The following command resets the FAILED status of all Diameter destination-host combination routes via peer for every Diameter client within the chassis for specified endpoint name to AVAILABLE.
diameter reset route failure endpoint endpoint_name
 
directory
Lists the files in a specified location.
Product
All
Privilege
Security Administrator, Administrator
Syntax
directoryfilepath [ -size ] [ -reverse ] [ -time ]
filepath
Specifies the directory path to list the contained files. The path must be formatted according to the following format:
Specifies the source of the copy. url may refer to a local or a remote file. url must be entered using one of the following formats:
Important: Use of the SMC hard drive is not supported in this release.
directory is the directory name
filename is the actual file of interest
-size
Indicates the size of each file should be displayed in the output.
-reverse
Indicates the order of files listed should be in descending order (z-aZ-A9-0). Default is to sort in ascending order (0-9A-Za-z).
-time
Indicates the last modification timestamp of each file should be displayed in the output.
Usage
Lists such things as log and crash files from multiple nodes within the network.
The optional arguments may be specified individually or in any combination.
Example
The following command will list the files in the local /flash/pub directory sorted in reverse order.
directory /flash/pub -reverse
 
disable
Prevents the system from making requests of a selected RADIUS server.
Product
All
Privilege
Security Administrator, Administrator
Syntax
disable radius [ accounting | charging [ accounting ] ] server address [ port num ] [ group name ]
accounting | charging | charging accounting
Specifies the type of RADIUS server to disable.
server address
Identifies the RADIUS server by IP address.
address is specified using the standard IPv4 or IPv6 dotted decimal notation.
port num
Default: 1812 (authentication) 1813 (accounting)
Specifies the port number of the RADIUS server being disabled.
num must be the configured port number of the RADIUS server being disabled and be 0 to 65535 numeric characters in length.
group name
Default: default
Specifies the RADIUS group to which the server belongs. Use this option in the event that the RADIUS server belongs to multiple groups and you only want to disable the server within the specific group.
name must be the name of a configured RADIUS Server group and be 1 to 63 characters in length.
Usage
Use this command to gracefully stop the system from making requests of a specific RADIUS server.
Example
The following command disables a RADIUS accounting server with an IP address of 1.2.3.4, the default accounting server port number, and that resides in the “Group5” server group:
disable radius accounting server 1.2.3.4 group Group5
 
dns-client
This command performs DNS query on the basis of specified DNS client name, DNS query domain name, and type of query criteria.
Product
All
Privilege
Security Administrator, Administrator, Operator, Inspector
Syntax
dns-client dns_client_name [ query-type { A | AAAA | NAPTR | SRV }] query-name query_domain_name
dns-client dns_client_name
Defines the name of the DNS client whose cache and/or statistics are to be queried. dns_client_name is an existing DNS client and must be from alpha and/or numeric string of 1 through 64 characters.
query-type { A | NAPTR | SRV } ]
Default: A
This keyword specifies that the type of query to perform for the defined DNS client is to be displayed.
A: Filters DNS results based on domain IPv4 address records (A records). This is the defualt query type.
AAAA: Filters DNS results based on domain IPv6 address records (AAAA records)..
NAPTR: Filters DNS results based on Naming Authority Pointer records (NAPTR).
SRV: Filters DNS results based on service host records (SRV records).
query-name query_domain_name
This keyword filters the DNS results based on the query domain name.
query_domain_name must be from 1 to 255 characters in length. query_domain_name is the domain name used to perform the DNS query and is different from the actual domain name which is resolved. For example, to resolve the SIP server for service.com, the query name is _sip._udp.service.com and the query type is SRV.
Usage
Use this command to perform DNS query on the basis of DNS Client name and filters the query results based on query type and query name. This command also populates the result into DNS Cache. This command used the current context to DNS request.
Example
The following command displays statistics for a DNS client named test_dns with query type for IP address as A and query name as domain1.com:
dns-client test_dns query-type A query-name domain1.com
 
enable
Allows the system to start making requests of a selected RADIUS server.
Product
All
Privilege
Security Administrator, Administrator
Syntax
enable radius [ accounting | charging | [ accounting ] ] server address [ port num ] [ group name ]
accounting | charging | charging accounting
Specifies the type of RADIUS server to enable.
server address
Identifies the RADIUS server by IP address.
address is specified using the standard IPv4 or IPv6 dotted decimal notation.
port num
Default: 1812 (authentication) 1813 (accounting)
Specifies the port number of the RADIUS server being enabled.
num must be the configured port number of the RADIUS server being enabled and must be 0 to 65535 numeric characters in length.
group name
Default: default
Specifies the RADIUS group to which the server belongs. Use this option in the event that the RADIUS server belongs to multiple groups and you only want to disable the server within the specific group.
name must be the name of a configured RADIUS Server group and be 1 to 63 characters in length.
Usage
Use this command to allow the system to start making requests of a specific RADIUS server.
Example
The following command enables a RADIUS accounting server with an IP address of 1.2.3.4, the default accounting server port number, and that resides in the “Group5” server group:
enable radius accounting server 1.2.3.4 group Group5
 
exit
Exits the current CLI session.
Product
All
Privilege
Security Administrator, Administrator, Operator, Inspector
Syntax
exit
Usage
Use this command to close the current CLI session.
 
filesystem format
Used to format the PCMCIA card or the Compact Flash on the SMC.
Product
All
Privilege
Security Administrator, Administrator
Syntax
ASR 5000:
filesystem format { /flash | /pcmcia1 | /hd } [ othersmc ]
{/flash | /pcmcia1 | /pcmcia2} or { /flash | /pcmcia1 | /hd }
Format the file system on the specified device.
Important: Use of the SMC hard drive is not supported in this release.
[ othersmc ]
Format the file system on the standby SMC.
Usage
Clear all directories and files from the PCMCIA card(s) and/or the Compact Flash and re-establish the file system.
Example
The following command formats the PCMCIA card located in slot 1 on the SMC:
filesystem format /pcmcia1
 
filesystem repair
Used to repair the file system on a PCMCIA card or the Compact Flash on the SMC.
Product
All
Privilege
Security Administrator, Administrator
Syntax
ASR 5000:
filesystem repair {/flash | /pcmcia1 | /hd } [checkonly] [ othersmc ]
{/flash | /pcmcia1 | /pcmcia2 } or {/flash | /pcmcia1 | /hd }
Repair the file system on the specified device.
Important: Use of the SMC hard drive is not supported in this release.
[ checkonly ]
Check, but do not repair, the file system.
[ othersmc ]
Repair the file system on the standby SMC.
Usage
Repair the file system on a PCMCIA card or the Compact Flash.
Example
The following command repairs the file system on the PCMCIA card located in slot 1 on the SMC:
filesystem format /pcmcia1
 
gtpc test echo
Tests the ability of a GGSN service to exchange GTP-C echo request messages with the specified SGSN(s).
Product
GGSN
Privilege
Security Administrator, Administrator, Operator
Syntax
gtpc test echo src-addressgn_address { all | sgsn-address ip_address}
src-address gn_address
Specifies the IP address of a Gn interface configured on the system.
gn_address must be expressed in dotted decimal notation.
Important: The IP address of the system’s Gn interface must be bound to a configured GGSN service prior to executing this command.
all
Specifies that GTP-C echo requests will be sent to all SGSNs that currently have sessions with the GGSN service.
sgsn-address ip_address
Specifies that GTP-C echo requests will be sent to a specific SGSN.
ip_address is the address of the SGSN to send the requests to and must be expressed in dotted decimal notation.
Usage
This command tests the GGSN’s ability to exchange GPRS Tunneling Protocol control plane (GTP-C) packets with the specified SGSNs which can be useful troubleshooting and/or monitoring.
This command must be executed from within the context in which the GGSN service is configured.
Refer also to the gtpu test command.
Example
The following command issues GTP-C echo packets from a GGSN service bound to address 192.168.157.32 to an SGSN with an address of 192.168.157.2:
gtpc test echo src-address 192.168.157.32 sgsn-address 192.168.157.2
The following displays a sample of this command’s output.
GTPC test echo--------------SGSN: 192.168.157.2 Tx/Rx: 1/1 RTT(ms): 1 (COMPLETE) Recovery: 202 (0xCA)
 
gtpp interim now
Check points current GTPP accounting messages and identifies which types of interim CDRs are to be generated and sent to the external charging/storage servers (e.g., a CFG or a GSS). The impact of this command is immediate.
Product
GGSN, SGSN
Privilege
Security Administrator, Administrator, Operator
Syntax
gtpp interim now [active-charging egcdr|apnapn_name| callidcall_id|cdr-types { gcdr | mcdr | scdr } |dhcp-serverip_address|gprs-servicesvc_name| ggsn-servicesvc_name| imsiimsi[ ip-addresssub_address[ usernamename] now | nsapinsapi[ ip-addresssub-address[ usernamename] | usernamename] ] | ip-addresssub_address[ usernamename]| ip-poolpool_name|mccmcc_numbermncmnc_number|msisdnmsisdn_num|sgsn-addressip_address|sgsn-servicesvc_name|usernamename]+
active-charging
This feature is specific to the GGSN and is documented separately. See .
apn apn_name
Initiates GTPP interim accounting for all PDP contexts accessing the specified APN.
apn_name can be from 1 to 62, case sensitive, alphanumeric characters.
callid call_id
Identifies a specific call.
call_id must be followed by an 8-digit HEX number.
cdr-types { mcdr | scdr }
Specifies the CDR types to be generated by the SGSN:
This keyword is specific to the SGSN.
gcdr - Instructs the GGSN to only generate G-CDRs.
mcdr - Instructs the SGSN to only generate M-CDRs
scdr - Instructs the SGSN to only generate S-CDRs.
dhcp-server ip_address
Identifies the DHCP server where the IP address (defined with the ip address keyword) was allocated. Must be followed by the IP address of the DHCP server.
ip_address: Must be specified using dotted decimal notation.
ggsn-address ip_address
This keyword is specific to the GGSN.
Specifies the IP address of the interface to the GGSN.
ip_address: Must be specified using dotted decimal notation.
ggsn-service svc_name
This keyword is specific to the GGSN.
Initiates GTPP interim accounting for all PDP contexts currently being facilitated by the specified GGSN service.
svc_name can be from 1 to 63 , case sensitive, alphanumeric characters.
gprs-service svc_name
This keyword is specific to the SGSN.
Initiates GTPP interim accounting for all PDP contexts currently being facilitated by the specified GPRS service.
This keyword is specific to the SGSN.
svc_name can be from 1 to 63 , case sensitive, alphanumeric characters.. Must be an already defined GPRS service name.
imsi imsi [ ip-address sub_address [ username name ] | nsapi nsapi [ ip-address sub-address [ username name ] | username name ] ]
Initiates GTPP interim accounting for a specific International Mobile Subscriber Identity (IMSI) number. The request could be further filtered using any of the following keywords:
ip-address: Interim accounting will be performed for the address specified by sub_address. The command can be further filtered by specifying a specific username ( name ) with that address.
nsapi: Interim accounting will be performed for a specific Network Service Access Point Identifier (NSAPI). nsapi is an integer value from 5 to 15. The command can be further filtered by specifying a specific ip address (sub_address) and/or a username ( name ) with that address, or just a specific username.
ip-address sub_address [ username name ]
Initiates GTPP interim accounting for the address specified.
sub_address is the IP address of the subscriber and must be expressed in dotted decimal notation.
The command can be further filtered by specifying username with that address.
name is the subscriber’s name and can be a sequence of characters and/or wildcard characters ('$' and '*') from 1 to 127 characters in length. The * wildcard matches multiple characters and the $ wildcard matches a single character. If you do not want the wildcard characters interpreted as wildcard enclose them in single quotes ( ‘). For example; ‘$’.
ip-pool pool_name
This keyword is applicable to the GGSN only.
Initiates GTPP interim accounting for all PDP contexts that were allocated IP addresses from the specified pool.
pool_name can be from 1 to 31 alpha and/or numeric characters and is case sensitive.
mcc mcc_number mnc mnc_number
mcc_number Specifies the mobile country code (MCC) portion of the PLMN’s identifier and can be configured to any 3-digit integer value between 100 and 999.
mnc_number Specifies the mobile network code (MNC) portion of the PLMN’s identifier and can be configured to any 2 or 3 digit integer value between 00 and 999.
msisdn msisdn_num
This keyword configures the SGSN to include the Mobile Subscribers Integrated Services Digital Network identifier in generated CDRs (M-CDRs and/or the S-CDRs).
This keyword is applicable for SGSN only.
msisdn_number - Must be followed by a valid MSISDN number, consisting of of 1 to 15 digits.
sgsn-address ip_address
This keyword is specific to the GGSN.
Initiates GTPP interim accounting for all PDP contexts currently being facilitated by the specified SGSN.
ip_address is the IP address of the SGSN and must be expressed in dotted decimal notation.
sgsn-service svc_name
Initiates GTPP interim accounting for all PDP contexts currently being facilitated by the specified SGSN service.
This keyword is specific to the SGSN.
svc_name can be from 1 to 63 , case sensitive, alphanumeric characters.. Must be an already defined SGSN service name.
username name
Initiates GTPP interim accounting for all PDP contexts for the subscriber specified.
name is the subscriber’s name and can be from 1 to 127 alpha and/or numeric characters and is case sensitive.
+
More than one of the above keywords can be entered within a single command.
Usage
This command causes GTPP accounting CDRs to immediately be generated for all active sessions that are in the current context. If executed within the local context, CDRs will be generated for all active sessions regardless of context.
The sending of the CDRs is paced so as not to overload the accounting server.
Example
The following command causes CDRs to immediately be generated:
gtpp interim now
 
gtpp interim now active-charging egcdr
Check points current GTPP accounting messages for active charging immediately.
Product
GGSN
Privilege
Security Administrator, Administrator, Operator
Syntax
gtpp interim now active-charging egcdr [ callid call_id | imsi imsi | msid msid | rulebase rbase_name | session-id sess_id | username name ]
callid call_id
Initiates GTPP interim accounting for a session with the specific call ID. call_id must be an 8-digit hexadecimal number.
imsi imsi
Initiates GTPP interim accounting for a specific International Mobile Subscriber Identity (IMSI) number. imsi must be a sequence of hexadecimal digits and wildcard characters - $ matches a single character and * matches multiple characters
msid msid
Initiates GTPP interim accounting for a specific Mobile Station Identifier (MSID) number. msid must be a sequence of up to 24 digits and wildcard characters - $ matches a single character and * matches multiple characters
rulebase rbase_name
Initiates GTPP interim accounting for sessions that use the named active charging rulebase. rbase_name must be an alpha and/or numeric string of from 1 through 24 characters.
session-id sess_id
Initiates GTPP interim accounting for a specific active charging session. sess_id must be the name of a current active charging session.
username name
Initiates GTPP interim accounting for all PDP contexts for the subscriber specified.
name is the subscriber’s name and can be from 1 to 127 alpha and/or numeric characters and is case sensitive.
Usage
This command causes GTPP accounting eG-CDRs to immediately be generated for active charging sessions that meet the specified criteria.
The sending of the CDRs is paced so as not to overload the accounting server.
Example
The following command causes eG-CDRs to immediately be generated for active charging sessions using the rulebase named rulbase1:
gtpp interim now active-charging egcdr rulebase rulebase1
 
gtpp storage-server commit
Causes the GTPP storage server to save all buffered packets to the hard drive.
Product
GGSN
Privilege
Security Administrator, Administrator, Operator
Syntax
gtpp storage-server commit now
Usage
Upon execution, this command is relayed by the system to the GTPP Storage Server (GSS) causing the GSS to save all buffered packets to the hard drive. It also causes the GSS to delete all CDRs that have been acknowledged by the CGF. The deleted CDRs are saved in a separate file.
Note that this command must be executed from within the context in which the GSS is configured.
Refer to the gtpp storage-server command in the Context Configuration Mode for more information.
 
gtpp test
Tests the system’s ability to communicate with configured CGF(s).
Product
GGSN
Privilege
Operator, Config-Administrator, Administrator
Syntax
gtpp test [ accounting { all | cgf-servercgf_address } ] | [ storage-server [ address ip-addr portudp-port ] ]
all
Tests all CGFs configured within the given context.
cgf-server cgf_address
Tests a specific CGF configured within the given context.
ip_address is the IP address of the CGF expressed in dotted decimal notation.
storage-server [address ip-address port udp-port]
Test the connectivity and provide round trip time for the echo request sent to GTPP Storage-Server configured in the requested context.
ip_address is the IP address of the GSS expressed in dotted decimal notation and udp-port is the port defined for GTPP Storage Server.
Usage
This command is used to verify the configuration of and test the system’s ability to communicate with one or all configured GSS/CGFs for monitoring or troubleshooting purposes.
When executed, this command causes the system to send GTPP echo packets to the specified GSS/CGF(s). The command’s response will display whether the GSS/CGF is active or unreachable.
Example
The following command tests communication with a CGF having an IP address of 192.168.1.5:
gtpp test accounting cgf-server 192.168.1.5
The following command tests communication with a GSS configured in requested context
gtpp test storage-server
The following command verify communication with a GSS, having IP address 192.156.12.10 and port 50000, without configuring it in a context
gtpp test storage-server address 192.156.12.10 port 50000
 
gtpu test echo
Tests the ability of a GGSN service to exchange GTP-U echo request messages with the specified SGSN(s).
Product
GGSN
Privilege
Operator, Config-Administrator, Administrator
Syntax
gtpu test echo src-address gn_address { all | sgsn-address ip_address }
src-address gn_address
Specifies the IP address of a Gn interface configured on the system.
gn_address must be expressed in dotted decimal notation.
Important: The IP address of the system’s Gn interface must be bound to a configured GGSN service prior to executing this command.
all
Specifies that GTP-U echo requests will be sent to all SGSNs that currently have sessions with the GGSN service.
sgsn-address ip_address
Specifies that GTP-U echo requests will be sent to a specific SGSN.
ip_address is the address of the SGSN to send the requests to and must be expressed in dotted decimal notation.
Usage
This command tests the GGSN’s ability to exchange GPRS Tunneling Protocol user plane (GTP-U) packets with the specified SGSNs which can be useful troubleshooting and/or monitoring.
This command must be executed from within the context in which the GGSN service is configured.
Refer also to the gtpc test command.
Example
The following command issues GTP-U echo packets from a GGSN service bound to address 192.168.157.43 to an SGSN with an address of 192.168.1.52:
gtpu test echo src-address 192.168.157.43 sgsn-address 192.168.157.2
The following displays a sample of this command’s output.
GTPU test echo--------------SGSN: 192.168.157.2 Tx/Rx: 1/1 RTT(ms): 24 (COMPLETE)
 
gtpv0 test echo
Tests the ability of a GGSN service to exchange GTPv0 echo request messages with the specified SGSN(s).
Product
GGSN
Privilege
Security Administrator, Administrator, Operator
Syntax
gtpv0 test echo src-address gn_address { all | sgsn-address ip_address }
src-address gn_address
Specifies the IP address of a Gn interface configured on the system.
gn_address must be expressed in dotted decimal notation.
Important: The IP address of the system’s Gn interface must be bound to a configured GGSN service prior to executing this command.
all
Specifies that GTPv0 echo requests will be sent to all SGSNs that currently have sessions with the GGSN service.
sgsn-address ip_address
Specifies that GTPv0 echo requests will be sent to a specific SGSN.
ip_address is the address of the SGSN to send the requests to and must be expressed in dotted decimal notation.
Usage
This command tests the GGSN’s ability to exchange GPRS Tunneling Protocol version 0 (GTPv0) packets with the specified SGSNs which can be useful troubleshooting and/or monitoring.
This command must be executed from within the context in which the GGSN service is configured.
Refer also to the gtpc test and gtpu test commands.
Example
The following command issues GTPv0 echo packets from a GGSN service bound to address 192.168.1.33 to an SGSN with an address of 192.168.1.42:
gtpv0 test echo src-address 192.168.1.33 sgsn-address 192.168.1.42
The following displays a sample of this command’s output.
GTPv0 test echo--------------SGSN: 192.168.157.2 Tx/Rx: 1/1 RTT(ms): 14 (COMPLETE) Recovery: 210 (0xD2)
 
hd raid
Performs the RAID management operations on the ASR 5000 hard drive.
Product
All
Privilege
Security Administrator, Administrator
Syntax
hd raid { check | { create { local1 | remote1 } [ -force ] [ -noconfirm ] } | { overwrite { local1 | remote1 } [ -force ] [ -noconfirm ] } | { select { local1 | remote1 } [ -force ] [ -noconfirm ] } | { insert { local1 | remote1 } [ -force ] [ -noconfirm ] } | { remove { local1 | remote1 } [ -force ] [ -noconfirm ] } }
check
Starts a background check on RAID disks unless the RAID is running in degraded mode.
-noconfirm: instructs system not to display “are you sure” prompts.. -force: instructs the system to enforce the action and override warnings.
create local1 | remote1
Overwrites the specified disk to create a new RAID that could run in degraded mode.on the specified drive:
local1: specifies the RAID is to be established on the primary SMC. remote1: specifies the RAID is to be established on the backup SMC.
-noconfirm: instructs system not to display “are you sure” prompts.. -force: instructs the system to enforce the action and override warnings.
overwrite local1 | remote1
Overwrites the specified disk and adds it to the current running RAID to construct a fully mirrored array.
local1: specifies the primary SMC is to be added to the current RAID. remote1: specifies the backup SMC is to be added to the current RAID.
-noconfirm: instructs system not to display “are you sure” prompts.. -force: instructs the system to enforce the action and override warnings.
select local1 | remote1
Selects the specified disk to assemble a RAID when two unrelated RAID disks are present in the system. The resulting RAID runs in degraded mode.
local1: specifies the primary SMC is to assemble the RAID. remote1: specifies the backup SMC is to assemble the RAID.
-noconfirm: instructs system not to display “are you sure” prompts.. -force: instructs the system to enforce the action and override warnings.
insert local1 | remote1
Inserts the specified disk to the running RAID causing it to recover from degraded mode.
local1: specifies the primary SMC is to be inserted into the RAID. remote1: specifies the backup SMC is to be inserted into the RAID.
-noconfirm: instructs system not to display “are you sure” prompts.. -force: instructs the system to enforce the action and override warnings.
remove local1 | remote1
Removes the specified disk from the running RAID causing it to run in degraded mode or to fail.
local1: specifies the primary SMC is to be removed from the RAID. remote1: specifies the backup SMC is to be removed from the RAID.
-noconfirm: instructs system not to display “are you sure” prompts.. -force: instructs the system to enforce the action and override warnings.
Usage
All commands need confirmation unless the -noconfirm is included in the command. If the result will bring down a running RAID, you have to force the command using -force.
RAID commands are needed to intervene in the following situations:
In an automated system, the policies created with this CLI address the possibility of a manually partitioned disk, a disk resulting from a different version of software, a partially constructed disk, or the case of two unrelated disks in the system.
To reduce administrator intervention, a set of policies can be configured to set the default action using the commands in the HD RAID configuration mode. These hd raid commands are described in the HD RAID Configuration Mode chapter of the Command Line Interface Reference.
Example
The following instructs the system to setup a RAID on the primary SMC hard drive.
hd raid create local1 -force
 
host
Used to resolve the IP address or logical host name information via DNS query.
Product
All
Privilege
Security Administrator, Administrator, Operator
Syntax
host { host_name | host_ip_address }
host_name | host_ip_address
Specifies host for which IP information is to be displayed.
host_name: specifies the logical host name for which the IP address is to be displayed (via DNS lookup).
host_ip_address: specifies the IP address for which the associated logical host name(s) are to be displayed (via reverse DNS lookup).
Usage
Verify DNS information which affects connections and packet routing.
Example
The following will resolve the host information for remoteABC and 1.2.3.4.
host remoteABChost 1.2.3.4
 
interface sent gratuitous-arp
Use this command to configure the system to allow the manual generation of G-ARPs in case of a failure during inter-node online upgrade. If the chassis is not active, an error message displays.
Product
All
Privilege
Security Administrator, Administrator, Operator, or Inspector with li-administrator permissions
Syntax
interface name send gratuitous-arp ip-address
Usage
This command generates a G-ARP for the IP-ADDR specified and sends it out for the interface.
Example
The following generate a G-ARP for IP address 192.168.100.10.
interface interface_1 send gratuitous-arp 192.168.100.10
 
lawful-intercept
This command provisions/de-provisions the lawful interception of data for the specified subscriber session.
Product
PDSN, HA, LNS, GGSN, PDIF, SGSN, ASN-GW
Privilege
Security Administrator, or Administrator, Operator, or Inspector with li-administrator permissions
Syntax
lawful-intercept { { [ imei imei_value ] [ imsi imsi_value ] [ ip-addr intercept_ip_addr ] [ msid ms_id ] [ msisdn msisdn_value ] [ username subscriber_name ] + } [ active-only ] [ allow-multiple-match ] [ calltype call_type ] [ intercept-id li_id ] [ li-context ctxt_name ] { content-delivery { none | udp-unack-format-1 dest-addr df_ip_address dest-port df_port_no } event-delivery { none | udp-unack-format-1 | udp-ack-format-1 dest-addr df_ip_address dest-port df_port_no } } }
no lawful-intercept [ all ] { [ imei imei_value ] [ imsi imsi_value ] [ ip-addr intercept_ip_addr ] [ msid ms_id ] [ msisdn msisdn_value ] [ username subscriber_name ] + } [ calltype call_type ] [content-delivery {none | udp-unack-format-1 dest-addr df_ip_address dest-port df_port_no} event-delivery [none | udp-ack-format | udp-unack-format] dest-addr ip_address dest-port port_no
no
De-provisions a previously configured lawful-intercept.
all
De-provisions all previously configured lawful-intercept warrant information. This Keyword is used to clear all warrant information in a single command no lawful-intercept all.
imei imei_value
Specifies the unique International Mobile Equipment Identifier (IMEI) which identifies the targeted device being used for a subscriber session to be intercepted.
imei_value: consists of 1 to 16 digits.
imsi imsi_value
Specifies the international mobile subscriber identity (IMSI) of the subscriber session to be intercepted.
imsi_value is an integer value from 1 to 15 characters.
ip-addr intercept_ip_addr
Specifies the IP address assigned for the subscriber session or to the mobile station to be targeted for interception.
intercept_ip_addr must be an IPv4/IPv6 address in desired notation.
msid ms_id
Specifies the mobile station identification (MSID) number, assigned by the home service provider, to be intercepted.
ms_id must be from 7 to 16 digits specified as an IMSI, MIN, or RMI.
msisdn msisdn_value
Specifies the unique mobile subscriber ISDN (telephone) number.
msisdn_value: consists of 1 to 15 digits.
username subscriber_name
Specifies the previously configured NAI username of the subscriber to be intercepted.
subscriber_name is an alphanumeric string of 1 to 127 characters.
Use of this keyword is not supported by the SGSN during LI provisioning or de-provisioning.
+
Indicates that multiple keywords can be specified in a single command entry. When the “+” appears in the syntax, any of the keywords that appear prior to the “+” can be entered in any order.
This functionality is not supported by the SGSN during LI provisioning or de-provisioning.
active-only
Dictates that the interception applies only to calls currently in progress and not those that have not started.
Use of this keyword is not supported by the SGSN during LI provisioning or de-provisioning.
allow-multiple-match
When used, interception is provided for up to 10 subscribers matching the specified criteria. This feature is disabled by default.
Use of this keyword is not supported by the SGSN during LI provisioning.
calltype call_type
The type of call for the specified subscriber session. call_type must be one of the following:
Note that specifying call type is not mandatory while provisioning on SGSN and GGSN targets for any type of event and content delivery format.
content-delivery
Specifies the format in which the intercepted data contentdata content comprised of GTPU messages CC information is to be delivered to the DF.
event-delivery
Specifies the format in which intercepted control messagescontrol messages (such as attach/detach or RAU messages) IRI event messages are to be delivered to the DF.
intercept-id li_id
This is an arbitrary identification number, assigned by the provisioner, to identify this intercept definition.
li_id must be an integer from 1 to 4294967295.
li-context ctxt_name
Identifies the destination context for intercepted packets. This keyword is mandatory if provisioning is done in a different context.
ctxt_name must be an alpha/numeric string of 1 to 79 characters that specifies the name of an existing context.
none
Indicates that the intercepted data, specified as either delivery-type (content or event), is not to be sent to the DF.
Entering none automatically activates the active-only provisioning method.
udp-unack-format-1
Dictates that the specified information type (content or event) is to be delivered using the udp-unack-format-1 which does not support acknowledgement messages for delivered information.
udp-ack-format-1
Dictates that the event information type is to be delivered using the udp-ack-format-1 which supports acknowledgement messages for delivered information.
dest-addr df_ip_address
The IP address of the DF to which the system sends intercepted data. df_ip_addressmust be an IPv4/IPv6 address in desired notation.
dest-port df_port_no
The port of the DF to which the system sends intercepted data. df_port_no can be any integer value from 1 to 65535.
Usage
Use this command to initiate a lawful Intercept of data for a subscriber. This command is not available to system accounts that do not have li-administrator privileges.
Important: You must log in to the system through a Secure Shell (SSH) using a system account that has li-administrator privileges to use this command. For details on using the Lawful Intercept capability of the system, refer to the System Administration and Configuration Guide.
Example
To lawfully intercept data from a subscriber session with an MSID of 0000100048, assign an intercept ID of 102, set the destination address to 192.168.100.10 and the destination port to 100, enter the following command:
lawful-intercept msid 0000100048 intercept-id 102 content-delivery udp-unack-format-1 dest-addr 192.168.100.10 dest-port 100 event-delivery none
 
lawful-intercept packet-cable
This command provisions/de-provisions the LI Call Content interception for PDSN or CSCF session.
Product
PDSN, SCM
Privilege
Security Administrator, or Administrator, Operator, or Inspector with li-administrator permissions
Syntax
lawful-intercept packet-cable {content-delivery {df-setup content id df_cont_id calltype {cscf | pdsn } dest-addr df_ip_address dest-port df_port_no li-context li_ctxt_name | intercept-request content id intercept_cont_id calltype {cscf | pdsn } filter-spec src-ip-addr src_ip_address} | event-delivery username subscriber_name intercept id intercept_id]}
no lawful-intercept packet-cable {content-delivery content id df_cont_id calltype {cscf | pdsn } | event-delivery username subscriber_name calltype {cscf | pdsn}}
no
De-provisions a previously configured lawful-intercept.
df-setup content id df_cont_id
Specifies the DF setup and content identifier for subscriber to be intercepted.
df_cont_id must be an integer from 1 to 4294967295.
intercept-request content id intercept_cont_id
This is an arbitrary identification number, assigned by the provisioner, to identify this intercept definition.
intercept_cont_id must be an integer from 1 to 4294967295.
calltype {cscf | pdsn}
The type of call for the specified subscriber session.
pdsn: specifies the CDMA 2000 networks subscriber session.
cscf: specifies the SCM/IMS networks subscriber session.
content-delivery
Specifies the format in which the intercepted data content is to be delivered to the DF.
event-delivery
Specifies the format in which intercepted control messages IRI event messages are to be delivered to the DF.
username subscriber_name
Specifies the previously configured NAI username of the subscriber to be intercepted.
subscriber_name is an alphanumeric string of 1 to 127 characters.
li-context li_ctxt_name
Identifies the destination context for intercepted packets. This keyword is mandatory if provisioning is done in a different context.
ctxt_name must be an alpha/numeric string of 1 to 79 characters that specifies the name of an existing context.
dest-addr df_ip_address
The IP address of the DF to which the system sends intercepted data. df_ip_address must be an IPv4/IPv6 address in desired notation.
dest-port df_port_no
The port of the DF to which the system sends intercepted data. df_port_no can be any integer value from 1 to 65535.
filter-spec src-ip-addr src_ip_address
The IP address of the source filter from which the system retrieves intercepted data. src_ip_address must be an IPv4/IPv6 address in desired notation.
Usage
Use this command to initiate a packet-cable lawful Intercept for a PDSN or CSCF subscriber. This command is not available to system accounts that do not have li-administrator privileges.
Important: You must log in to the system through a Secure Shell (SSH) using a system account that has li-administrator privileges to use this command. For details on using the Lawful Intercept capability of the system, refer to the System Administration and Configuration Guide.
Example
Following command enables the LI Call Content interception for CSCF with with DF setup having content id 10203 with destination address 1.2.3.4, port 2300 and LI context li_cscf1:
lawful-intercept packet-cable content-delivery df-setup content id 10203 calltype cscf dest-addr 1.2.3.4 dest-port 2300 li-context li_cscf1
 
lawful-intercept ssdf
This command is used to configure and provision the SSDF generic interface for LI Call Content interception during CSCF session in IMS network.
Product
SCM
Privilege
Security Administrator, or Administrator, Operator, or Inspector with li-administrator permissions
Syntax
lawful-intercept ssdf dest-addr df_ip_address dest-port df_port_no serial-number sr_num version vr_num [li-context li_ctxt_name]
[no] lawful-intercept ssdf [li-context li_ctxt_name] dest-addr df_ip_address dest-port df_port_no
no
De-provisions a previously configured lawful-intercept.
dest-addr df_ip_address
The IP address of the DF to which the system sends intercepted data. df_ip_address must be an IPv4/IPv6 address in desired notation.
dest-port df_port_no
The port of the DF to which the system sends intercepted data. df_port_no can be any integer value from 1 to 65535.
li-context li_ctxt_name
Identifies the destination context for intercepted packets. This keyword is mandatory if provisioning is done in a different context.
ctxt_name must be an alpha/numeric string of 1 to 79 characters that specifies the name of an existing context.
serial-number sr_num
Identifies the Serial Number of the Access Function (AF) for validation which is to be provisioned on SSDF interface.
sr_num must be an ASCII string of 1 to 79 characters that represents the serial number of the access function equipment..
version sr_num
Identifies the software version of the software running on the Access Function (AF) for validation which is to be provisioned on SSDF interface.
ver_num must be an ASCII string of 1 to 79 characters that represents the software version running on the access function equipment..
Usage
Use this command to configure/provision the SSDF generic interface for lawful Intercept on a CSCF function. This command is not available to system accounts that do not have li-administrator privileges.
Important: You must log in to the system through a Secure Shell (SSH) using a system account that has li-administrator privileges to use this command. For details on using the Lawful Intercept capability of the system, refer to the System Administration and Configuration Guide.
Example
Following command configures the SSDF interface with AF number 10203 software version 2 with destination address 1.2.3.4, port 2300 and LI context li_cscf1:
lawful-intercept ssdf dest-address 1.2.3.4 dest-port 2300 serial-number10203 version2 li-context li_cscf1
 
logging active
Enables/disables logging for active internal log files.
Product
All
Privilege
Security Administrator, Administrator, Operator
Syntax
logging active [ copy runtime filters ] [ event-verbosityevent_level] [ pdu-dataformat ] [ pdu-verbositypdu_level ]
no logging active
no
Indicates the internal logging is to be disabled.
copy runtime filters
When this command is issued, it makes a copy of the runtime filters and makes that copy the filters for the current logging session.
event-verbosity event_level
Specifies the level of verboseness to use in logging of events as one of:
pdu-data format
Specifies output format for packet data units when logged as one of:
pdu-verbosity pdu_level
Specifies the level of verboseness to use in logging of packet data units as a value from 1 to 5 where 5 is the most detailed.
Usage
Adjust the active logging levels when excessive log file sizes are being generated or, conversely, not enough information is being sent to the active log files for adequate troubleshooting support. The no keyword is used to disable internal logging.
Important: A maximum of 50,000 events may be stored in each log. Enabling more events for logging may cause the log to be filled in a much shorter time period. This may reduce the effectiveness of the log data as a shorter time period of event data may make troubleshooting more difficult.
Important: Once a log has reached the 50,000 event limit the oldest events will be discarded as new log entries are created.
Example
The following sets the active logging for events to the maximum.
logging active event-verbosity full
The following command sets the active logging for packet data units to level 3 and sets the output format to the main-frame style hex-ascii.
logging active pdu-data hex-ascii pdu-verbosity 3
The following disables internal logging.
no logging active
 
logging filter
Sets the logging filtering options for all or individual facilities.
Product
All
Privilege
Security Administrator, Administrator, Operator
Syntax
logging filter active facilityfacilitylevelseverity_level [ critical-info | no-critical-info ]
active
Indicates only active processes are to have logging options set.
facility facility
Specifies the facility to modify the filtering of logged information for as one of:
a10: A10 interface facility
a11: A11 interface facility
a11mgr: A11 Manager facility
aaa-client: AAA client facility
aaamgr: AAA manager logging facility
aaaproxy: AAA Proxy facility
acl-log: Access Control List logging facility
acsctrl: Active Charging Service (ACS) Controller facility
acsmgr: Active Charging Service (ACS) Manager facility
alarmctrl: Alarm Controller facility
all: All facilities
asf: Voice Application Server Framework logging facility
asfprt: ASF Protocol Task (SIP) logging facility
asngwmgr: ASN Gateway Manager facility
asnlrmgr: ASN Paging/Location-Registry Manager facility
bgp: Border Gateway Protocol (BGP) facility
cli: CLI logging facility
cscf: IMS/MMD CSCF
cscfmgr: SIP CSCF Manager facility
csp: Card Slot Port controller facility
css: Content Service Selection (CSS) facility
css-sig: Content Service Selection (CSS) RADIUS Signaling facility
dcardctrl: IPSEC Daughtercard Controller logging facility (not used at this time)
dcardmgr: IPSEC Daughtercard Manager logging facility (Not used at this time)
dhcp: DHCP facility (GGSN product only)
dhost: Distributed Host logging facility
diameter: Diameter endpoint logging facility
diameter-acct: Diameter Accounting
diameter-auth: Diameter Authentication
diameter-ecs: ECS Diameter signaling facility
diameter-svc: Diameter Service
diamproxy: DiamProxy logging facility
dpath: IPSEC Data Path facility
drvctrl: Driver Controller facility
egtpc: eGTP-C logging facility
egtpmgr: eGTP manager logging facility
egtpu: eGTP-U logging facility
evlog: Event log facility
famgr: Foreign Agent manager logging facility
firewall: Firewall logging facility
gss-gcdr: GTPP Storage Server GCDR facility
gtpc: GTP-C protocol logging facility (GGSN product only)
gtpcmgr: GTP-C protocol Manager logging facility (GGSN product only)
gtpp: GTP-PRIME protocol logging facility (GGSN product only)
gtpu: GTP-U protocol logging facility (GGSN product only)
h248prt: H.248 Protocol logging facility
hamgr: Home Agent manager logging facility
hat: High Availability Task (HAT) process facility
ims-authorizatn: IMS Authorization Service facility
ip-arp: IP Address Resolution Protocol facility
ip-interface: IP interface facility
ip-route: IP route facility
ipsec: IP Security logging facility
ipsgmgr: IP Services Gateway facility
ipsp: IP Pool Sharing Protocol logging facility
l2tp-control: L2TP control logging facility
l2tp-data: L2TP data logging facility
l2tpdemux: L2TP Demux Manager logging facility
l2tpmgr: L2TP Manager logging facility
li: Lawful intercept facility (Logs are visible only to system accounts with li-administrator privileges.)
magmgr: Mobile Access Gateway manager logging facility
mme-app: Mobility Management Entity Application logging facility
mmedemux: Mobility Management Entity Demux Manager logging facility
mme-hss: Mobility Management Entity logging facility
mme-misc: Mobility Management Entity Miscellaneous logging facility
mobile-ip: Mobile IP processes
mobile-ip-data: Mobile IP data facility
mobile-ipv6: Mobile IPv6 logging facility
multicast-proxy: Multicast Proxy logging facility
nas: Network Access Signaling logging facility
netwstrg: Network Storage facility
npuctrl: Network Processor Unit Control facility
npumgr: Network Processor Unit Manager facility
nsctrl: Charging Service Controller facility (supported in conjunction with ECSv1)
nsmgr: Charging Service Manager facility
nsproc: Charging Service process facility
orbs: Object Request Broker System logging facility
ospf: OSPF logging facility
pdg: PDG logging facility
pgw: PDN Gateway logging facility
ppp: PPP link and packet facilities
radius-acct: RADIUS accounting logging facility
radius-auth: RADIUS authentication logging facility
radius-coa: RADIUS change of authorization and radius disconnect
rct: Recovery Control Task logging facility
rdt: Redirect Task logging facility
resmgr: Resource Manager logging facility
rip: RIP logging facility (RIP is not supported at this time.)
rohc: RObust Header Compression facility
rsvp: Reservation Protocol logging facility
sct: Shared Configuration Task logging facility
sessctrl: Session Controller logging facility
sessmgr: Session Manager logging facility
sft: Switch Fabric Task logging facility
sgw: Serving Gateway logging facility
sipcdprt: Sip Call Distributor facility
sitmain: System Initialization Task main logging facility
snmp: SNMP logging facility
srdb: Static Rating Database
srp: Service Redundancy Protocol (SRP) logging facility
ssh-ipsec: SSH IP Security logging facility stat: Statistics logging facility
system: System logging facility
tacacsplus: TACACS+ Protocol logging facility
threshold: threshold logging facility
ttg: TTG logging facility
udr: User detail record facility (used with the Charging Service)
user-data: User data logging facility
user-l3tunnel: User layer-3 tunnel logging facility
vpn: Virtual Private Network logging facility
wimax-data: WiMAX DATA
wimax-r6: WiMAX R6
level severity_level
Specifies the level of information to be logged from the following list which is ordered from highest to lowest:
critical-info | no-critical-info
Default: critical-info enabled.
critical-info: specifies that events with a category attribute of critical information are to be displayed. Examples of these types of events can be seen at bootup when system processes and tasks are being initiated.
no-critical-info: specifies that events with a category attribute of critical information are not to be displayed.
Usage
Apply filters for logged data to collect only that data which is of interest.
Important: A maximum of 50,000 events may be stored in each log. Enabling more events for logging may cause the log to be filled in a much shorter time period. This may reduce the effectiveness of the log data as a shorter time period of event data may make troubleshooting more difficult.
Important: Once a log has reached the 50,000 event limit the oldest events will be discarded as new log entries are created.
Caution: Issuing this command could negatively impact system performance depending on the amount of system activity at the time of execution and/or the type of facility(ies) being logged.
Example
The following are selected examples used to illustrate the various options. Not all facilities will be explicitly shown as each follows the same syntax for options.
The following sets the level to log only warning information for all facilities.
logging filter active facility all level warning
The following enables the logging of critical information for the SNMP facility while setting the level to error.
logging filter active facility snmp level error critical-info
 
logging trace
Enables/disables the logging of trace information for specific calls, mobiles, or network addresses.
Product
All
Privilege
Security Administrator, Administrator, Operator
Syntax
logging trace { callidcall_id | ipaddrip_address | msidms_id | usernameuser_name }
no logging trace { callidcall_id | ipaddrip_address | msidms_id | usernameuser_name }
no
Indicates the logging of trace information is to be disabled.
callid call_id | ipaddr ip_address | msid ms_id | username user_name
callid call_id: specifies the exact call instance ID which is to have trace data logged. call_id is specified as a 4-byte hexadecimal number.
ipaddr ip_address: specifies the IP address for which trace information is to be logged. ip_address must be specified using the standard IPv4 dotted decimal notation.
msid ms_id: specifies the mobile subscriber ID for which trace information is to be logged. ms_id must be from 7 to 16 digits specified as an IMSI, MIN, or RMI.
username user_name: specifies a user who is to have trace information logged. user_name must refer to a previously configured user.
Usage
A trace log is useful in troubleshooting subscriber problems as well as for system verification by using a test subscriber. The no keyword is used to stop the logging of trace information.
Important: A maximum of 50,000 events may be stored in each log. Enabling more events for logging may cause the log to be filled in a much shorter time period. This may reduce the effectiveness of the log data as a shorter time period of event data may make troubleshooting more difficult.
Important: Once a log has reached the 50,000 event limit the oldest events will be discarded as new log entries are created.
Caution: Issuing this command could negatively impact system performance depending on the number of subscribers connected and the amount of data being passed.
Example
The following commands enables/disables trace information for user user1.
logging trace username user1no logging trace username user1
The following commands will enable/disable trace information logging for the user assigned IP address 1.2.3.4.
logging trace ipaddr 1.2.3.4no logging trace ipaddr 1.2.3.4
The following enables/disables logging of trace information for call ID FE80AA12.
logging trace callid fe80aa12no logging trace callid fe80aa12
 
logs checkpoint
Performs check pointing operations on log data. Check pointing identifies logged data as previously viewed or marked. Check pointing results in log information since the last check point being displayed only, i.e., check pointed log data is not available for viewing.
Individual logs may have up to 50,000 events in the active log. Check pointing the logs will then result in at most 50,000 events being in the inactive log files. This gives a maximum of 100,000 events in total which are available for each facility logged.
Product
All
Privilege
Security Administrator, Administrator, Operator
Syntax
logs checkpoint
Usage
Check point log data to a set the log contents to a well know point prior to special activities taking place. This command may also be a part of periodic regular maintenance to manage log data.
The check pointing of logs moves the current log data to the inactive logs. Only the most recently check pointed data is retained in the inactive logs. A subsequent check pointing of the logs will result in the prior check pointed inactive log data being cleared and replaced with the newly check pointed data.
The check pointing of log data moves the active log data to be retained as the inactive log data. This results in the active log data, if displayed, having no data earlier than the point in time when the check pointing occurred.
Important: Check pointing of logs should be done periodically to avoid the logs becoming full. Logs which have 50,000 events logged will discard the oldest events first when new events are to be logged.
Example
logs checkpoint
 
mkdir
Creates a new directory in the local file system or in remote locations as specified.
Product
All
Privilege
Security Administrator, Administrator
Syntax
mkdirfilepath
filepath
Specifies the directory path to create. The path must be formatted as follows:
Specifies the source of the copy. url may refer to a local or a remote file. url must be entered using one of the following formats:
[file: ]{ /flash | /pcmcia1 | /hd }[ /directory ]/file_name
Important: Use of the SMC hard drive is not supported in this release.
directory is the directory name
filename is the actual file of interest
Usage
Create new directories as part of periodic maintenance activities to better organize stored files.
Example
The following creates the directory /flash/pub in the local flash storage.
mkdir /flash/pub
 
monitor protocol
Enters the system’s protocol monitoring utility.
Product
All
Privilege
Security Administrator, Administrator, Operator
Syntax
monitor protocol
Usage
Useful for troubleshooting, this command provides a tool for monitoring protocol transactions between the system and other network nodes including the mobile station(s).
The following protocols can be monitored:
 
 
Once the protocol has been selected, the utility monitors and displays every relative protocol message transaction.
Protocol monitoring is performed on a context-by-context-basis. Therefore, the messages displayed are only those that are transmitted/received within the system context from which the utility was executed.
Caution: Protocol monitoring can be intrusive to subscriber sessions and could impact system performance. Therefore, it should only be used as a troubleshooting tool.
Example
The following command opens the protocol monitoring utility:
monitor protocol
The following displays a sample of this command's output with verbosity level 2 for GTPC:
*** Verbosity Level ( 2) ***INBOUND>>>>> 04:39:58:808 Eventid:47000(3)GTPC Rx PDU, from 192.168.35.3:2123 to 192.168.35.1:2123 (190)TEID: 0x00000000, Message type: GTP_CREATE_PDP_CONTEXT_REQ_MSG (0x10)INFORMATION ELEMENTS FOLLOW: IMSI: 40427000000001ROUTING AREA IDENTITY (RAI) FOLLOWS: MCC: 333 MNC: 444 LAC:0 RAC:0ROUTING AREA IDENTITY (RAI) ENDS: Recovery: 0x01 (1) Selection Mode: 0x1 (MS provided APN, subscription not verified (Sent by MS)) Tunnel ID Data I: 0x00000400 Tunnel ID Control I: 0x00000400 NSAPI: 0x05 (5) Charging Characteristics: 0x0800 (Normal) End User Address: Organisation=IETF, PDP Type=IPv4, Address=10.0.0.1 Access Point Name: starent.comPROTOCOL CONFIG. OPTIONS FOLLOW: Protocol id: 0xC021 (LCP) Protocol length: 0x0E (14) Protocol contents: 0103000E05063D38509B0304C023 Protocol id: 0xC021 (LCP) Protocol length: 0x0E (14) Protocol contents: 0203000E05063D38509B0304C023 Protocol id: 0xC023 (PAP) Protocol length: 0x12 (18) Protocol contents: 01040012086E626E73757365720461626364PROTOCOL CONFIG. OPTIONS END. GSN Address I: 0xC0A82303 (192.168.35.3) GSN Address II: 0xC0A82303 (192.168.35.3) MSISDN: 9876543210 QOS Profile: 0x0122720D7396404886074048 USER LOCATION INFORMATION: 111-22-33333-44444 IMEI(SV): 8888888866666622INFORMATION ELEMENTS END.
The following displays a sample of this command's output with verbosity level 3 for the Session Initiation Protocol (SIP):
INBOUND>>>>> 23:11:16:593 Eventid:59039(3)SIP PDU Rx from : 192.168.32.140:5060 to : 192.168.32.120:5060 (868)Message Type : RequestMethod : INVITERequest URI : tel : 987654321From : tel : 123456789To : tel : +91987654321;user=phoneCall-Id : 21@192.168.32.140Transport Protocol : UDPContact : 123456789@192.168.32.140Route Information: 123@192.168.32.140 123@192.168.32.141SDP InformationSDP Version : 0Orgin IP Address : 192.168.30.150Destination Address : 192.168.30.150Media 0Media Type : audioProtocol : RTP/AVPPort : 46506Media Format : ITU-T G.711 PCMUPacketization period : 20 msec<<<<OUTBOUND 23:11:16:659 Eventid:59040(3)SIP PDU Rx from : 192.168.32.120:5060 (868) to : 192.168.32.140:5060Response Message Type : 100 TryingFrom : tel : 123456789To : tel : +91987654321Call-Id : 21@192.168.32.140Transport Protocol : UDPNo Message Body
 
monitor subscriber
Enables the system’s subscriber monitoring utility.
Product
All
Privilege
Security Administrator, Administrator, Operator
Syntax
monitor subscriber [ asn-peer-address bs_peer_address | callid call_id | imsi imsi_value | ipaddr ip_address | ipv6addr ipv6_address | ipsg-peer-address ipsg_peer_address | msid ms_id | msisdn msisdn | next-call | pcf pcf_address | pdif-peer-address pdif_peer_address | peer-fa peer_fa_address | peer-lac lac_peer_address | sgsn-address sgsn_address | type { 1xrtt | asngw | asnpc | closedrp | evdorev0 | evdoreva | interrogating-cscf | ggsn [ Next-Call By APN ] | ha | ipsg | lns | mme | pdif | proxy-cscf | rfc3261-proxy | serving-cscf } next-call | type bcmcs { next-call | next-service-request} | username user_name| Next-Call By APN ]
asn-peer-address bs_peer_address
Specifies the peer ASN Base Station IP address. Must be followed by IPv4 address in dotted decimal notation.
callid call_id
Specifies the call identification number assigned to the subscriber session by the system to be monitored.
call_id is specified as a 4-byte hexadecimal number.
imsi imsi_value
Specifies the International Mobile Subscriber Identity (IMSI) of the subscriber session to be monitored.
imsi_value is an integer value from 1 to 15 characters.
ipaddr ip_address
Specifies the IP address of the subscriber session to be monitored.
ip_address must be specified using dotted decimal notation.
ipv6addr ipv6_address
Specifies the IPv6 address of the subscriber session to be monitored.
ipv6_address must be an IPv6 IP address entered using colon ( : ) separated
notation.
ipsg-peer-address ipsg_peer_address
Specifies the peer IPSG IP address. Must be followed by IPv4 address in dotted decimal notation.
msid ms_id
Specifies the mobile subscriber identification number to be monitored.
ms_id must be from 7 to 16 digits specified as an IMSI, MIN, or RMI.
msisdn msisdn
Specifies the Mobile Subscriber ISDN number to be monitored.
msisdn must be from 7 to 16 digits specified as an IMSI, MIN, or RMI.
next-call
Specifies that the system will monitor the next incoming subscriber session.
pcf pcf_address
Specifies the PCF IP address. Must be followed by IPv4 address in dotted decimal notation.
pdif-peer-address pdif_peer_address
Specifies the peer PDIF IP address. Must be followed by IPv4 address in dotted decimal notation.
peer-fa peer_fa_address
Specifies the peer FA IP address. Must be followed by IPv4 address in dotted decimal notation.
peer-lac lac_peer_address
Specifies the peer LAC IP address. Must be followed by IPv4 address in dotted decimal notation.
sgsn-address sgsn_address
Specifies the SGSN IP address. Must be followed by IPv4 address in dotted decimal notation.
type { 1xrtt | asngw | asnpc | evdorev0 | evdoreva | interrogating-cscf | ggsn [ Next-Call By APN ] | ha | ipsg | lns | mme | openrp | | pdif || proxy-cscf | rfc3261-proxy | serving-cscf } next-call
Allows monitoring for specific subscriber types established in the system when next call occurs.
1xrtt: Displays logs for cdma2000 1xRTT call session subscriber
asngw: Displays logs for ASN GW call session subscriber
asnpc: Displays logs for ASN PC/LR call session subscriber
evdorev0: Displays logs for cdma2000 EVDO Rev0 call session subscriber
evdoreva: Displays logs for cdma2000 EVDO RevA call session subscriber
interrogating-cscf: Displays logs for Interrogating CSCF subscriber
ggsn: Displays logs for UMTS GGSN call session subscriber
Next-Call By APN: Display logs for next call on APN basis, where APN name can be any of Gi or Gn apn.
ha: Displays logs for Home Agent call session subscriber
ipsg: Displays logs for IPSG call session subscriber
lns: Displays logs for LNS call session subscriber
mme: Displays logs for MME session subscribers.
openrp: Displays logs for OpenRP subscriber
pdif: Displays logs for PDIF call session subscriber
proxy-cscf: Displays logs for Proxy CSCF subscriber
rfc3261-proxy-cscf: Displays logs for non-ims-proxy (RFC-3261 proxy) subscriber
serving-cscf: Displays logs for Serving CSCF subscriber
type bcmcs {next-call | next-service-request}
Specifies the type of BCMCS call for the subscriber.
username user_name
Specifies the username of the subscriber to be monitored.
user_name refers to a previously configured user.
Usage
The monitor subscriber utility provides a useful tool for monitoring information about and the activity of either a single subscriber or all subscribers with active sessions within a given context.
The following items can be monitored:
Once the criteria has been selected, the utility will monitor and display every relative piece of information on the subscriber(s).
Important: Option Y for performing multi-call traces is only supported for use with the GGSN. This option is available when monitoring is performed using the “Next-Call” option. It allows you monitor up to 11 primary PDP contexts for a single subscriber.
Subscriber monitoring is performed on a context-by-context-basis. Therefore, the information displayed will be only that which is collected within the system context from which the utility was executed.
Caution: Subscriber monitoring can be intrusive to subscriber sessions and could impact system performance. Therefore, it should only be used as a troubleshooting tool.
Example
The following command enables monitoring for user user1.
monitor subscriber username user1
The following command will enable monitoring for the user assigned IP address 1.2.3.4.
monitor subscriber ip-address 1.2.3.4
The following enables monitoring for call ID FE80AA12.
monitor subscriber callid fe80aa12
 
newcall policy
Configures new call policies for busy-out conditions.
Product
PDSN, GGSN, MME, HA, LNS, P-CSCF, ASN GW, ASN PC/LR
Privilege
Security Administrator, Administrator, Operator
Syntax
newcall policy {asngw-service asnpc-service} {all | name service_name} reject
newcall policy cscf-service { all | nameservice_name } { redirecttarget_ip_address [ weight weight_num ] [ target_ipaddress2 [ weight weight_num ] ... target_ip_address16 [ weight weight_num ] | reject }
newcall policy { fa-service | lns-service | mipv6ha-service } { all | name service_name } reject
newcall policy { ha-service | pdsn-service} { all | name service_name } { redirect target_ip_address [ weight weight_num ] [ target_ipaddress2 [ weight weight_num ] ... target_ip_address16 [ weight weight_num ] | reject }
newcall policy ggsn-service { apn nameapn_name | all | name ggsn-service-name } reject
no newcall policy { fa-service | ggsn-service | ha-service | mipv6ha-service | pdsn-service| lns-service } { all | name service_name }
newcall policy mme-service {all | nameservice_name } reject
nonewcallpolicy { ha-service | pdsn-service } { all | nameservice_name } redirect target_ip_address [ weightweight_num ] [ target_ip_address2 [ weight weight_num ] ... target_ip_address16 [ weightweight_num ]
no newcall policy ggsn-service { apnnameapn_name | all | name ggsn-service-name } reject
no newcall policy { asngw-service | asnpc-service } { all | name service_name }
no newcall policy mme-service { all | name service_name}
no
Disables the new call policy for all or specified service of a service type.
newcall policy { asngw-service | asnpc-service } { all | name service_name } reject
Creates a new call policy to reject the calls based on the specified ASN GW or ASN PC/LR service name or all services of this type.
asngw-service: Specifies the type of service as ASN GW for which new call policy is configured.
asnpc-service: Specifies the type of service as ASN PC/LR for which new call policy is configured.
name service_name: Specifies the name of the service for which new call policy is configured. service_name is name of a configured ASN GW or ASN PC/LR service.
reject: Specifies that the policy rejects new incoming calls. Depending on the type of service that the policy is applied to, the reason codes are reported as part of the reply to indicate the rejection. For ASN GW and ASN PC/LR service rejection code is 81H (Registration Denied - administratively prohibited).
newcall policy { cscf-service | fa-service | lns-service | mipv6ha-service } { all | name service_name } reject
Creates a new call policy that rejects calls based on the specified access point name.
no newcall policy { cscf-service | fa-service | ggsn-service| ha-service | mipv6ha-service | pdsn-service | } { all | name service_name }
Removes a previously configured new call policy for the specified service
no newcall policy { ha-service | pdsn-service } { all | name service_name } redirect target_ip_address [ weight weight_num ] [ target_ip_address2 [ weight weight_num ] ... target_ip_address16 [ weight weight_num ]
Deletes up to 16 IP addresses from the redirect policy. The IP addresses must be expressed in IP v4 dotted decimal notation
cscf-service | fa-service | ggsn-service| ha-service | lns-service | mipv6ha-service | pdsn-service | }
Specifies the type of service for which to configure a new call policy. The following services are supported:
cscf-service: A Call/Session Control Function service
fa-service: A Foreign Agent service
ggsn-service: A Gateway GPRS Support Node service
ha-service: A Home Agent service
lns-service: An L2TP Network Server service
mipv6ha-service: A Mobile IPv6 Home Agent service
pdsn-service: A Packet Data Serving Node service
{ all | name service_name }
Specifies a filter for the new call policy. Whether the new call policy will be applied to all configured services or a specific one.
all: Specifies that the new call policy will be applied to all instances of the selected service type.
name: service_name: Specifies the name of a specific instance of the selected service type. service_name can be between 1 and 63 alpha and/or numeric characters and is case sensitive.
redirect target_ip_address [ weight weight_num ] [ target_ip_address2 [ weight weight_num ] ... target_ip_address16 [ weight weight_num ]
Configures the busy-out action. When a redirect policy is invoked, the service rejects new sessions and provides the IP address of an alternate destination. This command can be issued multiple times.
address: The IP address of an alternate destination expressed in IP v4 dotted decimal notation. Up to 16 IP addresses can be specified either in one command or by issuing the redirect command multiple times. If you try to add more than 16 IP addresses to the redirect policy the CLI issues an error message. If you specify an IP address and weight that already exists in the redirect policy the new values override the existing values.
weight weight_num: When multiple addresses are specified, they are selected in a weighted round-robin scheme. Entries with higher weights are more likely to be chosen. If a weight is not specified the entry is automatically assigned a weight of 1. weight_num must be an integer from 1 through 10.
Depending on the type of service that the policy is applied to, the following reason codes are reported as part of the reply:
ha service: 88H (Registration Denied - unknown home agent address)
pdsn service: 88H (Registration Denied - unknown PDSN address)
Important: The redirect option is not supported for use with FA and GGSN services.
newcall policy mme-service} {all | name service_name} reject
Creates a new call policy to reject the calls based on the specified MME service name or all MME services on the system.
name service_name: Specifies the name of the MME service for which new call policy is configured. service_name is name of a configured MME service.
reject: Specifies that the policy rejects new incoming calls. Depending on the type of service that the policy is applied to, the reason codes are reported as part of the reply to indicate the rejection. For MME service rejection code is 81H (Registration Denied - administratively prohibited).
reject
Specifies that the policy rejects new incoming calls. Depending on the type of service that the policy is applied to, the following reason codes are reported as part of the reply to indicate the rejection:
asngw service: 81H (Registration Denied - administratively prohibited)
fa service: 41H (administratively prohibited)
Important: When the newcall policy is set to reject for the FA service, the Busy Bit is set in the Agent Advertisement. Any further RRQs will be rejected with this code value.
ggsn service: C7H (Rejected - no resources available)
ha service: 81H (Registration Denied - administratively prohibited)
mipv6ha-service: 81H (Registration Denied - administratively prohibited)
mme service: 81H (Registration Denied - administratively prohibited)
pdsn service: 81H (Registration Denied - administratively prohibited)
Usage
This command is used to busy-out specific system services prior to planned maintenance or for troubleshooting.
Example
The following command creates a new call policy to re-direct all new calls for all PDSN services to a device having an IP address of 192.168.1.23:
newcall policy pdsn-service all redirect 192.168.1.23
The following command creates a new call policy to reject all new calls for a GGSN service called ggsn1:
newcall policy ggsn-service name ggsn1 reject
The following command creates a new call policy to reject all new calls for an MME service called MME1:
newcall policy mme-service name MME1 reject
 
password change
Provides a mechanism for local-user administrative users to change their passwords.
Product
All
Privilege
All local-user administrative levels except as noted below
Syntax
password change [ local-user name ]
local-user name
Specifies the name of the local-user administrative user for which to change the password.
name can be from 3 to 16 alpha and/or numeric characters in length and is case sensitive.
Important: This keyword is only available to local-users with an authorization level of security-administrator.
Usage
This command provides a mechanism for local-user administrative users to change their passwords. In addition, it also provides a mechanism for security-administrator local-users to change the password for other local-user accounts.
If the local-user keyword is not entered, the system prompts the user for their current password and for the new password. New passwords take effect at the next login. Users that have had their password changed by a security-administrator are prompted to change their passwords at their next login.
New passwords must meet the criteria dictated by the local-user password command options in the Global Configuration Mode.
Important: The system does not allow the changing of passwords unless the time limit specified by the local-user password min-change-interval has been reached.
Example
The following command, executed by a security-administrator, resets the password for a local-user name operator12:
password change local-user operator12
 
ping
Verifies ability to communicate with a remote node in the network by passing data packets between and measuring the response.
Product
All
Privilege
Security Administrator, Administrator, Operator, Inspector
Important: Inspector privileges are granted for all variables except count. To initiate a ping count, you must have a minimum privilege level of Operator.
Syntax
pinghost_ip_address[ broadcast ] [ countnum_packets ] [ patternpacket_pattern ] [ sizeoctet_count ] [ src { src_host_name | src_host_ip_address } ] [ | { grepgrep_options | more } ]
host_ip_address
Identifies the remote node to which the ability to communicate with is to be verified.
host_ip_address: specifies the remote node using the node’s assigned IP address specified using the standard IPv4 dotted decimal notation.
broadcast
Sends ping packets to broadcast addresses.
count num_packets
Default: 5
Specifies the number of packets to send to the remote host for verification. num_packets must be within the range 1 through 10000.
pattern packet_pattern
Default: each octet of the packet is encoded with the octet number of the packet.
Specifies a pattern to use to fill the internet control message protocol packets with. packet_pattern must be specified in hexadecimal format with a value in the range hexadecimal 0x0000 through 0xFFFF. packet_pattern must begin with a ‘0x’ followed by up to 4 hexadecimal digits.
size octet_count
Default: 56
Specifies the number of bytes each IP datagram. octet_count must be a value in the range 40 through 18432.
src { src_host_name | src_host_ip_address }
Default: originating system’s IP address
Specifies an IP address to use in the packets as the source node.
src_host_name: specifies the source node using the node’s logical host name which must be resolved via DNS lookup.
src_host_ip_address: specifies the source node using the node’s assigned IP address specified using the standard IPv4 dotted decimal notation.
grep grep_options | more
Indicates the output of the command is to be piped (sent) to the command specified. A command to send output to must be specified.
For details on the usage of grep and more, refer to the Regulating a Command’s Output section of the Command Line Interface Overview chapter in Command Line Interface Reference.
Usage
This command is useful in verifying network routing and if a remote node is able to respond at the IP layer.
Example
The following command is the most basic and will report the results of trying to communication with remote node remoteABC.
ping remoteABC
The following will verify communication with the remote node 1.2.3.4 using 1000 packets.
ping 1.2.3.4 count 1000
The following verifies communication with remote node remoteABC while making it appears as though the source is remote node with IP address 1.2.3.4.
ping remoteABC src 1.2.3.4
Important: It is important to note that the responses from the remote host to the ping packets will be rerouted to the host specified as the source.
 
ping6
Ping options for IPv6 addresses
Product
All
Privilege
Security Administrator, Administrator, Operator, Inspector
Syntax
ping6 { hostname | ipv6 address } [ count num ] [ flood ] [ pattern val ] [ size val ] [ src val ] [ interface string ]
hostname
Name of the host to be pinged.
ipv6 address
IPv6 address of host to be pinged.
countnum
Sets the number of ping packets to be sent. num must be an integer between 1 - 10,000.
flood
Configures ping6 to send packets as quickly as possible, or 100 per second, whichever is faster.
pattern val
Specifies hex pattern to fill ICMP packets. val is in the range 0x0 - 0ffff
size val
Size of ICMP datagram in bytes. val is an integer from 40 - 18432. Default is 56.
src val
Specifies the source IP address.
interface string
Specifies the originating source interface name.
Usage
Ping command for IPv6. Note that the command is just “ping6, and not “pingv6.”
Example
Use this command to ping the IPv6 address 2001:0db8:85a3:0000:0000:8a2e:0370:7334ping6 2001:0db8:85a3:0000:0000:8a2e:0370:7334
 
port
Performs a manual switchover to an available redundant/standby line card or SPIO port.
Default: none.
Product
All
Privilege
Security Administrator, Administrator, Operator
Syntax
port switch to slot#/port#
slot#
Identifies the physical chassis slot where the line card or SPIO card is installed.
port#
Identifies the physical port on the line card or SPIO to automatically switch to.
Usage
This command is used to specify the redundant port on a Line Card (LC). When port redundancy is enabled, if an external network device or cable failure occurs that causes a link down failure on the port, then the redundant port is used.
Important: This command is not supported on all platforms.
Example
port switch to 17/1
 
ppp echo-test
Verifies the point-to-point link by sending link control protocol packets to the targeted users. This command will not
Product
PDSN, GGSN
Privilege
Security Administrator, Administrator, Operator
Syntax
ppp echo-test { callidcall_id | imsiimsi_id | ipaddrip_address | msidms_id | usernameuser_name } [ num_packets ] [ | { grepgrep_options | more } ]
callid call_id
Specifies the exact call instance ID which is to have its PPP link verified. call_id is specified as a 4-byte hexadecimal number.
imsi imsi_id
Specifies the International Mobile Subscriber Identifier (IMSI) which is to have its PPP link verified.
ipaddr ip_address
Specifies the IP address which is to have its PPP link verified. ip_address must be specified using the standard IPv4 dotted decimal notation.
msid ms_id
Specifies the mobile subscriber ID which is to have its PPP link verified. ms_id must be from 7 to 16 digits specified as an MIN, or RMI.
username user_name
Specifies a user which is to have its PPP link verified. user_name must refer to a previously configured user.
num_packets
Default 1
Specifies the number of test packets to generate. num_packets must be a value in the range from 1 through 1000000.
grep grep_options | more
Indicates the output of the command is to be piped (sent) to the command specified. A command to send output to must be specified.
For details on the usage of grep and more, refer to the Regulating a Command’s Output section of the Command Line Interface Overview chapter in Command Line Interface Reference.
Usage
Use the echo test to verify the point-to-point protocol communications.
Caution: Issuing this command could negatively impact system performance depending on the number of subscribers using the same name and/or if the number of packets used in the test is large.
Example
The following command tests the PPP link to user user1.
ppp echo-test username user1
The following command tests the PPP link to the user assigned IP address 1.2.3.4.
ppp echo-test ipaddr 1.2.3.4
The following tests the PPP link associated with call ID FE80AA12.
ppp echo-test callid fe80aa12
 
radius interim
Check points current RADIUS accounting messages immediately
Product
PDSN, GGSN, ASN-GW
Privilege
Security Administrator, Administrator, Operator
Syntax
radius interim accounting now
Usage
The interim command may be part of a regiment of periodic activities to maintain the chassis.
This command may also be useful in preparation for system monitoring or troubleshooting to set the list of messages to be displayed at a well known time.
 
radius test
Verifies the RADIUS servers functions for accounting and authentication.
Product
PDSN, GGSN, ASN-GW
Privilege
Security Administrator, Administrator, Operator
Syntax
radius test { accounting | authentication | probeauthenticationserverip_addrportport_no [ usernameusernamepasswordpassword ] } { all |[ on ] | off ]| radius groupgroup_name user_name | serverserver_nameportserver_port } user_name password
accounting
Test accounting server functionality.
authentication
Test authentication server functionality.
all | radius group group_name user_name | server server_name port server_port
all: indicates all configured servers are to be tested.
server server_name port server_port: indicates only the server specified as server_name and server_port is to be tested. The server must have been previously configured.
radius group group_name user_name: tests all configured authentication servers in a specific RADIUS group for specific user. Must be followed by the RADIUS group name and user name.
group_name will be a string of size 1 to 63 character and specifies the name of server group configured in specific context for authentication/accounting.
on/off
Allows the user to turn radius test accounting on or off.
user_name
Specifies the RADIUS user who is to be verified. The user must have been previously configured.
password
Specifies the RADIUS user who is to have authentication verified. password is only applicable when the authentication keyword is specified.
Usage
Test the RADIUS accounting for troubleshooting the system for specific users or to verify all the system RADIUS accounting functions.
Example
The following verifies all RADIUS servers.
radius test accounting all
radius test authentication all
The following verifies the RADIUS accounting and authentication for user user1 for the sampleServer.
radius test accounting server sampleServer port 5000 user1
radius test authentication server sampleServer port 5000 user1 dummyPwd
The following commands will verify the RADIUS accounting and authentication for RADIUS server group star1 for the current context:
radius test accounting server sampleServer port 5000 user1
radius test authentication server sampleServer port 5000 user1 dummyPwd
radius test authentication all
The following verifies the RADIUS authentication server group star1 for user user1.
radius test authentication radius group star1 user1
The following displays a sample of the output:
Authentication from authentication server 192.168.65.1, port 1812Authentication Success: Access-Accept receivedRound-trip time for response was 29.8 ms
The following activates radius test authentication:
radius test accounting on group abc server 134.141.12.1 port 1111.
 
reload
Invokes a full system reboot.
Product
All
Privilege
Security Administrator, Administrator
Syntax
reload [ -noconfirm ]
-noconfirm
Execute the command without any additional prompts or confirmation from the user.
Usage
The system performs a hardware reset and reloads the highest priority boot image and configuration file specified in the boot.sys file. Refer to the boot system priority command in the Global Configuration Mode for additional information on configuring boot images, configuration files and priorities.
Important: To avoid the abrupt termination of subscriber sessions, it is recommended that a new call policy be configured and executed prior to invoking the reload command. This sets busy-out conditions for the system and allows active sessions to terminate gracefully. Refer to the newcall command in the Exec Mode for additional information.
Caution: Issuing this command causes the system to become unavailable for session processing until the reboot process is complete.
Example
The following command performs a hardware reset on the system:
reload
 
rename
Changes the name of an existing local file.
Product
All
Privilege
Security Administrator, Administrator
Syntax
renamefrom_filepath to_filepath [ -noconfirm ]
from_filepath
Specifies the path to the file/directory to be renamed. The path must be formatted according to the following format:
Specifies the source of the copy. url may refer to a local or a remote file. url must be entered using one of the following formats:
[file: ]{ /flash | /pcmcia1 | /hd }[ /directory ]/file_name
Important: Use of the SMC hard drive is not supported in this release.
directory is the directory name
filename is the actual file of interest
to_filepath
Specifies the new name of file/directory. The path must be formatted according to the following formats:
Specifies the source of the copy. url may refer to a local or a remote file. url must be entered using one of the following formats:
[file: ]{ /flash | /pcmcia1 | /hd }[ /directory ]/file_name
Important: Use of the SMC hard drive is not supported in this release.
directory is the directory name
filename is the actual file of interest
-noconfirm
Indicates that the command is to execute without any additional prompt and confirmation from the user.
Important: Extreme caution should be taken when using the -noconfirm option. The paths to the source and the destination should be verified prior to performing the command.
Usage
Rename files as part of regular system maintenance in conjunction with the delete command.
Example
The following renames the directory /pub in the local PCMCIA1 device.
rename /pcmcia1/pub /pcmcia1/pub_old
 
reveal disabled commands
Enables the input of commands for features that do not have license keys installed. The output of the command show cli indicates when this is enabled. This command effects the current CLI session only. This is disabled by default.
Product
All
Privilege
Security Administrator, Administrator, Operator
Syntax
reveal disabled commands
no reveal disabled commands
no
Do not show disabled commands.
Usage
When this is enabled and a disabled command is entered, a message is displayed that informs you that the required feature is not enabled and also lists the name of the feature that you need to support the command.
When this is disabled and a disabled command is entered, the CLI does not acknowledge the existence of the command and displays a message that the keyword is unrecognized.
Example
Set the CLI to accept disabled commands and display the required feature for the current CLI session with the following command:
reveal disabled commands
Set the CLI to reject disabled commands and return an error message for the current CLI session:
no reveal disabled commands
 
rlogin
Attempts to connect to a remote host.
Product
All
Privilege
Security Administrator, Administrator, Operator
Syntax
rlogin { host_name | host_ip_address } [ useruser_name ]
host_name | host_ip_address
Identifies the remote node to attempt to connect to.
host_name: specifies the remote node using the node’s logical host name which must be resolved via DNS lookup.
host_ip_address: specifies the remote node using the node’s assigned IP address specified using the standard IPv4 dotted decimal notation.
user user_name
Specifies a user name to attempt to connect as. user_name must be from to 1023 alpha and/or numeric characters.
Usage
Connect to remote network elements using rlogin.
Important: rlogin is not a secure method of connecting to a remote host. ssh should be used whenever possible for security reasons.
Example
The following connects to remote host remoteABC as user user1.
rlogin remoteABC user user1
The following connects to remote host 1.2.3.4 without any default user.
rlogin 1.2.3.4
 
rmdir
Removes (deletes) a local directory.
Product
All
Privilege
Security Administrator, Administrator
Syntax
rmdirpath [ force ]
path
Specifies the directory path to remove. The must be formatted according to the following formats:
Specifies the source of the copy. url may refer to a local or a remote file. url must be entered using one of the following formats:
directory is the directory name
filename is the actual file of interest
force
Over-rides any warnings to force deletion of the directory and any files contained therein.
Important: Use of the force keyword should be done with care to ensure the directory is specified accurately as there is no method to recover a directory which has been removed.
Usage
Remove old directories as part of regular maintenance.
Example
The following removes the local directory /pcmcia1/pub.
rmdir /pcmcia1/pub
 
rotate-hd-file
This command rotates the current temp file manually.
Product
SGW, PGW, HSGW
Privilege
Security Administrator, Administrator
Syntax
rotate-hd-file diameter [ name policy_name ]
[ name policy_name ]
Specifies the hd-storage policy name. policy_name must be and existing HD Storage Policy name and must be an alpha and/or numeric string of 0 through 63 characters in length.
Usage
Use this command to manually rotate the Diameter HD stored files.
Example
The following command rotates Diameter files in the HD storage drive for files stored using the HD storage policy named CDR1:
rotate-hd-file diameter name CDR1
 
save configuration
Saves the current contexts configuration to a local or remote location.
Product
All
Privilege
Security Administrator, Administrator
Syntax
save configuration url [ -redundant ] [ -noconfirm ] [ showsecrets ] [ verbose ]
url
Default: saves to the location of the active configuration currently loaded.
Specifies the location to store the configuration file(s). url may refer to a local or a remote file. url must be entered using one of the following formats:
Specifies the source of the copy. url may refer to a local or a remote file. url must be entered using one of the following formats:
[file: ]{ /flash | /pcmcia1 | /hd }[ /directory ]/file_name
tftp://{ host[ :port# ] }[ /directory ]/file_name
[ ftp: | sftp: ]//[ username[ :password ]@ ]{ host } [ :port# ][ /directory ]/file_name
directory is the directory name.
filename is the actual file of interest.
Important: Configuration files should be named with a .cfg extension.
username is the user to be authenticated.
password is the password to use for authentication.
host is the IP address or host name of the server.
Important: hostname can only be used if the networkconfig parameter is configured for DHCP and the DHCP server returns a valid nameserver.
port# is the logical port number that the communication protocol is to use.
-redundant
This keyword directs the system to save the CLI configuration file to the local device, defined by the url variable, and then automatically copy that same file to the like device on the standby processing card, if available.
Important: This keyword will only work for local devices that are located on both the active and standby processing cards. For example, if you save the file to the /pcmcia1 device on the active processing card, that same type of device (card in Slot 1 of the standby processing card) must be available. Otherwise, a failure message is displayed. If saving the file to an external network (non-local) device, the system disregards this keyword.
Important: This keyword does not synchronize the local file system. If you have added, modified, or deleted other files or directories to or from a local device for the active processing card, then you must synchronize the local file system on both SMC cards.
-noconfirm
Indicates that the command is to execute without any additional prompt and confirmation from the user.
Important: Caution should be exercised when using the -noconfirm option as this may cause the accidental over-write of data if the URL refers to an existing file.
showsecrets
This keyword causes the CLI configuration file to be saved with all passwords in plain text, rather than their default encrypted format.
verbose
Indicates the output should provide as much information as possible. If this option is not specified then the output will be the standard level which is the concise mode.
Usage
Backup the current configuration as part of periodic maintenance activities in case of emergencies.
Important: The saving of a configuration does not save the boot options as configured via the global configuration mode boot commands.
Example
The following saves the configuration data to the local file /flash/pub/juneconfig.cfg with no confirmation from the user:
save configuration /flash/pub/juneconfig.cfg -noconfirm
The following saves the configuration data to remote hoist remoteABC as /pub/juneconfig.cfg:
save configuration tftp://remoteABC/pub/juneconfig.cfg
 
save logs
Saves the current log file to a local or remote location.
Product
All
Privilege
Security Administrator, Administrator
Syntax
save logs { url } [ active ] [ inactive ] [ callidcall_id] [ event-verbosityevt_verboseness] [ facilityfacility] [ levelseverity_level] [ pdu-datapdu_format] [ pdu-verbositypdu_verboseness] [ sincefrom_date_time [ untilto_date_time] ] [ | { grepgrep_options| more } ]
url
Specifies the location to store the log file(s). url may refer to a local or a remote file. url must be entered using one of the following formats:
Specifies the source of the copy. url may refer to a local or a remote file. url must be entered using one of the following formats:
 
Important: Use of the SMC hard drive is not supported in this release.
directory is the directory name.
filename is the actual file of interest.
username is the user to be authenticated.
password is the password to use for authentication.
host is the IP address or host name of the server.
Important: hostname can only be used if the networkconfig parameter is configured for DHCP and the DHCP server returns a valid nameserver.
port# is the logical port number that the communication protocol is to use.
active
Indicates output is to display data from active logs.
inactive
Indicates output is to display data from inactive logs.
callid call_id
Specifies a call ID for which log information is to be displayed. call_id must be specified as a 4-byte hexadecimal number.
event-verbosity evt_verboseness
Specifies the level of verboseness to use in displaying of event data as one of:
facility facility
Specifies the facility to modify the filtering of logged information for as one of:
a10: A10 interface facility
a11: A11 interface facility
a11mgr: A11 Manager facility
aaa-client: AAA client facility
aaamgr: AAA manager logging facility
aaaproxy: AAA Proxy facility
acl-log: Access Control List logging facility
acsctrl: Active Charging Service (ACS) Controller facility
acsmgr: Active Charging Service (ACS) Manager facility
alarmctrl: Alarm Controller facility
all: All facilities
asf: Voice Application Server Framework logging facility
asfprt: ASF Protocol Task (SIP) logging facility
asngwmgr: ASN Gateway Manager facility
asnpcmgr: ASN Paging/Location-Registry Manager facility
bgp: Border Gateway Protocol (BGP) facility
cli: CLI logging facility
cscf: IMS/MMD CSCF
cscfmgr: SIP CSCF Manager facility
csp: Card Slot Port controller facility
css: Content Service Selection (CSS) facility
css-sig: Content Service Selection (CSS) RADIUS Signaling facility
dcardctrl: IPSEC Daughtercard Controller logging facility (not used at this time)
dcardmgr: IPSEC Daughtercard Manager logging facility (Not used at this time)
dhcp: DHCP facility (GGSN product only)
dhost: Distributed Host logging facility
diameter: Diameter endpoint logging facility
diameter-acct: Diameter Accounting
diameter-auth: Diameter Authentication
diameter-ecs: ECS Diameter signaling facility
diameter-svc: Diameter Service
diamproxy: DiamProxy logging facility
dpath: IPSEC Data Path facility
drvctrl: Driver Controller facility
evlog: Event log facility
famgr: Foreign Agent manager logging facility
firewall: Firewall logging facility
gss-gcdr: GTPP Storage Server GCDR facility
gtpc: GTP-C protocol logging facility (GGSN product only)
gtpcmgr: GTP-C protocol Manager logging facility (GGSN product only)
gtpp: GTP-PRIME protocol logging facility (GGSN product only)
gtpu: GTP-U protocol logging facility (GGSN product only)
hamgr: Home Agent manager logging facility
hat: High Availability Task (HAT) process facility
ims-authorizatn: IMS Authorization Service facility
ip-arp: IP Address Resolution Protocol facility
ip-interface: IP interface facility
ip-route: IP route facility
ipsec: IP Security logging facility
ipsgmgr: IP Services Gateway facility
ipsp: IP Pool Sharing Protocol logging facility
l2tp-control: L2TP control logging facility
l2tp-data: L2TP data logging facility
l2tpdemux: L2TP Demux Manager logging facility
l2tpmgr: L2TP Manager logging facility
li: Lawful intercept facility (Logs are visible only to system accounts with li-administrator privileges.)
mobile-ip: Mobile IP processes
mobile-ip-data: Mobile IP data facility
multicast-proxy: Multicast Proxy logging facility
netwstrg: Network Storage facility
npuctrl: Network Processor Unit Control facility
npumgr: Network Processor Unit Manager facility
nsctrl: Charging Service Controller facility (supported in conjunction with ECSv1)
nsmgr: Charging Service Manager facility
nsproc: Charging Service process facility
orbs: Object Request Broker System logging facility
ospf: OSPF logging facility
ppp: PPP link and packet facilities
radius-acct: RADIUS accounting logging facility
radius-auth: RADIUS authentication logging facility
radius-coa: RADIUS change of authorization and radius disconnect
rct: Recovery Control Task logging facility
rdt: Redirect Task logging facility
resmgr: Resource Manager logging facility
rip: RIP logging facility (RIP is not supported at this time.)
rohc: RObust Header Compression facility
rsvp: Reservation Protocol logging facility
sct: Shared Configuration Task logging facility
sessctrl: Session Controller logging facility
sessmgr: Session Manager logging facility
sft: Switch Fabric Task logging facility
sipcdprt: Sip Call Distributor facility
sitmain: System Initialization Task main logging facility
snmp: SNMP logging facility
srdb: Static Rating Database
srp: Service Redundancy Protocol (SRP) logging facility
ssh-ipsec: SSH IP Security logging facility stat: Statistics logging facility
system: System logging facility
tacacsplus: TACACS+ Protocol logging facility
threshold: threshold logging facility
udr: User detail record facility (used with the Charging Service)
user-data: User data logging facility
user-l3tunnel: User layer-3 tunnel logging facility
vpn: Virtual Private Network logging facility
wimax-data: WiMAX DATA
wimax-r6: WiMAX R6
level severity_level
Specifies the level of information to be logged, severity_level, from the following list which is ordered from highest to lowest:
pdu-data pdu_format
Specifies output format for the display of packet data units as one of:
pdu-verbosity pdu_verboseness
Specifies the level of verboseness to use in displaying of packet data units as a value from 1 to 5 where 5 is the most detailed.
since from_date_time [ until to_date_time ]
Default: no limit.
since from_date_time: indicates only the log information which has been collected more recently than from_date_time is to be displayed.
until to_date_time: indicates no log information more recent than to_date_time is to be displayed. until defaults to current time when omitted.
from_date_time and to_date_time must be formatted as YYYY:MM:DD:HH:mm or YYYY:MM:DD:HH:mm:ss. Where YYYY is a 4-digit year, MM is a 2-digit month in the range 01 through 12, DD is a 2-digit day in the range 01 through 31, HH is a 2-digit hour in the range 00 through 23, mm is a 2-digit minute in the range 00 through 59, and ss is a 2 digit second in the range 00 through 59.
to_date_time must be a time which is more recent than from_date_time.
The use of the until keyword allows for a time range of log information while only using the since keyword will display all information up to the current time.
grep grep_options | more
Indicates the output of the command is to be piped (sent) to the command specified. A command to send output to must be specified.
For details on the usage of grep and more, refer to the Regulating a Command’s Output section of the Command Line Interface Overview chapter in Command Line Interface Reference.
Usage
Backup the current log file as part of periodic maintenance activities.
Example
The following saves the log to the local file /flash/pub/junelogs.logs with no confirmation from the user:
save logs /flash/pub/junelogs.logs -noconfirm
The following saves the configuration data to remote host remoteABC as /pub/junelogs.logs:
save logs tftp://remoteABC/pub/junelogs.logs
 
session trace subscriber
This command enable disables the subscriber session trace functionality based on a specified subscriber device or ID on one or all instance of session on a specified EPS network elements.
Product
MME, P-GW, S-GW
Privilege
Operator
Syntax
session trace subscriber network-element {mme | pgw | sgw} {imei id} {imsi id} {interface {all | interface}} trace-ref id collection-entity ip_address
no session trace subscriber [network-element {mme | pgw | sgw}] [trace-ref id]
no
Disables the entire session trace or for a specific network element and/or trace reference.
network-element { mme | pgw | sgw }
Identifies the network element that, in turn, identifies the interfaces where the session trace is to occur. Specific interfaces can be specified using the interface keyword described below.
mme: Specifies that the session trace is to occur on one or all interfaces on the MME.
pgw: Specifies that the session trace is to occur on one or all interfaces on the P-GW.
sgw: Specifies that the session trace is to occur on one or all interfaces on the S-GW.
imei id
Specifies the International Mobile Equipment Identification number of the subscribers UE. id must be the 8 digit TAC (Type Allocation Code) and 6 digit serial number. Only the first 14 digits of the IMEI/IMEISV are used to find the equipment ID.
imsi id
Specifies the International Mobile Subscriber Identification (IMSI). id must be the 3 digit MCC (Mobile Country Code), 2 or 3 digit MNC (Mobile Network Code), and the MSIN (Mobile Subscriber Identification Number). The total should not exceed 15 digits.
interface { all | interface }
Specifies the interfaces where the session trace application will collect data.
all: Specifies that all interfaces associated with the selected network element
interface: Specifies the interface type where the session trace application will collect trace data. The following interfaces are applicable for the network element type:
s1mme: Specifies that the interface where the trace will be performed is the S1-MME interface between the MME and the eNodeB.
s3: Specifies that the interface where the trace will be performed is the S3 interface between the MME and an SGSN.
s6a: Specifies that the interface where the trace will be performed is the S6a interface between the MME and the HSS.
s10: Specifies that the interface where the trace will be performed is the S10 interface between the MME and another MME.
s11: Specifies that the interface where the trace will be performed is the S11 interface between the MME and the S-GW.
gx: Specifies that the interface where the trace will be performed is the Gx interface between the P-GW and the PCRF.
s2a: Specifies that the interface where the trace will be performed is the S2a interface between the P-GW and the HSGW.
s2b: Specifies that the interface where the trace will be performed is the S2b interface between the P-GW and an ePDG.
s2c: Specifies that the interface where the trace will be performed is the S2c interface between the P-GW and a trusted, non-3GPP access device.
s5: Specifies that the interface where the trace will be performed is the S5 interface between the P-GW and the S-GW.
s6b: Specifies that the interface where the trace will be performed is the S6b interface between the P-GW and the 3GPP AAA server.
s8b: Specifies that the interface where the trace will be performed is the S8b interface between the P-GW and the S-GW.
sgi: Specifies that the interface where the trace will be performed is the SGi interface between the P-GW and the PDN.
gxc: Specifies that the interface where the trace will be performed is the Gxc interface between the S-GW and the PCRF.
s11: Specifies that the interface where the trace will be performed is the S11 interface between the S-GW and the MME.
s4: Specifies that the interface where the trace will be performed is the S4 interface between the S-GW and an SGSN.
s5: Specifies that the interface where the trace will be performed is the S5 interface between the S-GW and the P-GW.
s8b: Specifies that the interface where the trace will be performed is the S8b interface between the S-GW and the P-GW.
trace-ref id
Specifies the trace reference for the trace being initiated. id must be the MCC (3 digits), followed by the MNC (3 digits), then the trace ID number (3 byte octet string).
collection-entity ip_address
Specifies the IP address of the collection entity where session trace data is pushed. ip_address must be a valid IPv4 address and is specified in dotted decimal notation.
Usage
Use this command to initiate a session trace for a specified subscriber device or ID on one or all interfaces on a specified network element.
Important: Session trace configuration is performed in the Global Configuration Mode using the session trace command. Refer to the Global Configration Mode Commands chapter in this reference for more information.
Example
The following command initiates a session trace on a P-GW S5 interface for a subscriber with an IMSI of 322233123456789 and sets the trace reference as 322233987654 and the collection entity IP address as 1.2.3.4:
session trace subscriber network-element pgw imsi 322233123456789 interface s5 trace-ref 322233987654 collection-entity 1.2.3.4
The following command initiates a session trace on an MME S6a interface for a subscriber with an IMSI of 322233123456789 and sets the trace reference as 322233987654 and the collection entity IP address as 1.2.3.4:
session trace subscriber network-element mme imsi 322233123456789 interface s6a trace-ref 322233987654 collection-entity 1.2.3.4
 
setup
Enters the system setup wizard which guides the user through a series of questions regarding the system basic configuration options such as initial context-level administrative users, host name, etc.
Product
All
Privilege
Security Administrator, Administrator
Syntax
setup
Usage
The setup wizard provides a user friendly interface for initial system configuration.
Important: If the configuration script generated by the setup wizard is applied when an existing configuration is in use the options which are common to both are updated and all remaining options are left unchanged.
Example
setup
 
sgsn imsimgr
Enters commands to manage the SGSN IMSIMgr audits.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
sgsn imsimgr { add-record imsi sessmgr instance sessmgr# | audit-with sessmgr { all | instance sessmgr# } | remove-record imsi }
add-record imsi
Adds a record for an IMSI to the IMSI manager’s audit table and associates a specific Session Manager (SessMgr) with the IMSIMgr for the IMSI audit..
imsi - enter up to 15 digits. An IMSI consists of the 3-digit MCC (mobile country code) + the 2- or 3-digit MNC (mobile network code) + the MSIN (mobile station identification number) for the remaining 10 or 9 digits (depending on the length of the MNC).
sessmgr instance sessmgr#
Identifies a specific Session Manager (SessMgr) to associate with the IMSIMgr for the IMSI audit.
sessmgr# - enter up to 4 digits, 0 to 4095.
audit-with sessmgr { all | instance sessmgr# }
Initiate an IMSI audit with a specific Session Manager (SessMgr) or with all SessMgrs.
sessmgr# - enter up to 4 digits, 0 to 4095.
remove-record
Delete a specific IMSI from the IMSI audit table.
imsi - enter up to 15 digits. An IMSI consists of the 3-digit MCC (mobile country code) + the 2- or 3-digit MNC (mobile network code) + the MSIN (mobile station identification number) for the remaining 10 or 9 digits (depending on the length of the MNC).
Usage
Use this command to manage the IMSIMgr’s audit functions. Associate one or multiple SessMgrs with the IMSIMgr for the audits.
Example
sgsn imsimgr audit-with sessmgr instance 245
 
sgsn offload
This command configures the offloading procedure and actually starts and stops the offloading of subscribers which is part of the SGSN’s Gb flex load redistribution functionality.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
sgsn offload gprs-service srvc_name { activating | connecting } [ nri-value | stop | t3312-timeout seconds]
srvc_name
A unique string of 1 to 63 alphanumeric characters that identifies a specific GPRS service.
activating
Instructs the SGSN to offload any subscribers sending an ‘activate request’ message.
connecting
Instructs the SGSN to offload any subscribers sending either an ‘attach request’ or a ‘RAU request’ message.
nri-value nri-value
Instructs the SGSN to check the P-TMSI and use the SGSN matching the configured NRI value to offload subscribers
nri-value:
stop
Instructs the SGSN to stop offloading subscribers from the pool area.
t3312-timeout seconds
Configures the timer for sending period RAUs to the MS. Default is 4 seconds.
seconds: Must be an integer from 2 to 60.
Usage
Use this command to configured the offloading of subscribers which is a part of the SGSN’s load redistribution operation. This command can be used anytime an SGSN is to be taken out of service.
Example
The following command instructs the SGSN to notify all MS to detach and reattach.
sgsn offload gprs-service srvc_name activating nri-value nri_value
 
shutdown
Terminates all processes within the chassis.
Product
All
Privilege
Security Administrator, Administrator
Syntax
shutdown [ -noconfirm ]
-noconfirm
Execute the command without any additional prompts or confirmation from the user.
Usage
The system performs a hardware reset and reloads the highest priority boot image and configuration file specified in the boot.sys file. Refer to the boot system priority command in the Global Configuration Mode for additional information on configuring boot images, configuration files and priorities.
Important: To avoid the abrupt termination of subscriber sessions, it is recommended that a new call policy be configured and executed prior to invoking the shutdown command. This sets busy-out conditions for the system and allows active sessions to terminate gracefully. Refer to the newcall command in the Exec Mode for additional information.
Caution: Issuing this command causes the system to become unavailable for session processing until the reboot process is complete.
Example
The following command performs a hardware reset on the system:
shutdown
 
sleep
Pauses the CLI interface.
Product
All
Privilege
Security Administrator, Administrator, Operator, Inspector
Syntax
sleepseconds
seconds
Specifies the number of seconds to pause. The number of seconds must be a value in the range from 1 through 3600.
Usage
Sleep is a command delay which is only useful when creating command line interface scripts such as predefined configuration files/scripts.
Example
The following will cause the CLI to pause for 30 seconds.
sleep 30
 
srp initiate-switchover
This command changes the device status on the primary and backup HA or GGSN systems configured for Interchassis Session Recovery support.
Product
HA, GGSN PDIF
Privilege
Security Administrator, Administrator, Operator, Inspector
Syntax
srp initiate-switchover [ post-processing-timeout | reset-route-modifier | timeoutseconds ][ -noconfirm ]
post-processing-timeout
Specifies the timeout value in seconds to initiate the post-switchover process. The value must be an integer from 0 through 3600.
reset-route-modifier
During a switchover, reset the route-modifier to the initial value.
timeout seconds
Default: 300
Specifies the number of seconds before a forced switchover occurs. seconds must be a value in the range from 0 through 65535.
-noconfirm
Indicates that the command is to execute without any additional prompt and confirmation from the user.
Usage
This command executes a forced switchover from active to inactive. The command must be executed on the active system and switches the active system to the inactive state and the inactive system to an active state.
Example
The following initiates a switchover in 30 seconds.
srp initiate-switchover timeout 30
 
srp reset-auth-probe-fail
This command resets the auth probe monitor failure information.
Product
HA, GGSN
Privilege
Security Administrator, Administrator, Operator, Inspector
Syntax
srp reset-auth-probe-fail
Usage
This command resets the auth probe monitor failure information to 0.
 
srp terminate-post-process
This command forcibly terminates the post-switchover of primary and backup HA or GGSN systems configured for Interchassis Session Recovery (ICSR) support.
Product
HA, GGSN
Privilege
Security Administrator, Administrator, Operator, Inspector
Syntax
srp terminate-post-process [ -noconfirm ]
-noconfirm
Indicates that the command is to execute without any additional prompt and confirmation from the user.
Usage
Use this command to force the termination of post-switchover process.
Example
srp terminate-post-process
 
srp validate-configuration
Initiates a configuration validation check from the ACTIVE chassis.
Product
HA, GGSN PDIF
Privilege
Security Administrator, Administrator
Syntax
srp validate-configuration
Usage
Validates the configuration for an active chassis.
 
ssh
Connects to a remote host using a secure interface.
Product
All
Privilege
Security Administrator, Administrator, Operator
Syntax
ssh { host_name | host_ip_address } [ portport_num ] [ useruser_name ]
host_name | host_ip_address
Identifies the remote node to attempt to connect to.
host_name: specifies the remote node using the node’s logical host name which must be resolved via DNS lookup.
host_ip_address: specifies the remote node using the node’s assigned IP address specified using the standard IPv4 dotted decimal notation.
port port_num
Specifies a specific port to connect to where port_num must be a value in the range 1025 through 10000.
user user_name
Specifies a user name to attempt to connect as.
Usage
SSH connects to a remote network element using a secure interface.
Example
The following connects to remote host remoteABC as user user1.
ssh remoteABC user user1
The following connects to remote host 1.2.3.4 without any default user.
ssh 1.2.3.4
The following connects to remote host 1.2.3.4 via port 2047 without any default user.
ssh 1.2.3.4 port 2047
 
start crypto security-association
Initiates IKE negotiations.
Product
PDSN, HA, GGSN
Privilege
Security Administrator, Administrator, Operator, Inspector
Syntax
start crypto security-associationcryptomap
cryptomap
This is the name of the crypto map policy to use when starting the IKE negotiations. cryptomap must be the name of an existing crypto map entered as an alpha and/or numeric string of from 1 to 127 characters.
Usage
Use this command to start IKE negotiations for IPSEC.
Example
The following command starts the IKE negotiations using the parameters set in the crypto map named crytpomap1:
start crypto security-association cryptomap1
 
 

Cisco Systems Inc.
Tel: 408-526-4000
Fax: 408-527-0883