Important: This appendix will be added to the CLI Reference when the product releases. Use this appendix in conjunction with the latest release of the Command Line Interface Reference.
Specifies the accounting policy to associate with the HSGW service. name must be an existing accounting policy and be from 1 to 63 alpha and/or numeric characters.
Associates the HSGW service with QCI to QoS mapping parameters. name must be an existing QCI-QoS mapping configuration and be from 1 to 63 alpha and/ornumeric characters.
Important: The maximum number of subscribers supported is dependant on the license key installed and the number of active PSCs in the system. A fully loaded system with 13 active PSCs can support 3,000,000 total subscribers. Refer to the license key command and the Usage section (below) for additional information.
When configuring the max-subscribers option, be sure to consider the following:
The following command would bind the logical IP interface with the address of 112.334.556.778 to the HSGW service and specifies that a maximum of
200,000 simultaneous subscriber sessions can be facilitated by the interface/service at any given time:
Specifies the context in which the DNS client is configured. name must be an existing context and be from 1 to 63 alpha and/or numeric characters.
Specifies an FQGDN for the HSGW. domain_name must be from 1 to 256 alpha and/or numeric characters.
•
|
resume-session: Switches flow control to XON and resumes delivery of packets to the RAN.
|
msecs: Specifies the amount of time in milliseconds before the timeout is reached.
msecs must be an integer from 1 through 1000000.
ip-header-dscp value { all-control-packets | setup-packets-only }
•
|
value: Represents the DSCP setting. It represents the first six most-significant bits of the ToS field. It can be configured to any hex value from 0x0 through 0x3F.
|
•
|
all-control-packets : Dictates that the DSCP marking is to be provided in all GRE control packets.
|
•
|
setup-packets-only : Dictates that the DSCP marking is to be provided only in GRE setup packets.
|
none: Specifies that sequence numbers in packets are ignored and all arriving packets are processed in the order they arrive.
reorder: Specifies that out of sequence packets are stored in a sequencing queue until one of the conditions is met:
The no keyword, enables qos-marking in the GRE header based on the tos value in the header.
Use the no gre sequence-numbers command to disable the inclusion of GRE sequence numbers in the A10 data path. More Usage....
header-compression rohc: Removes the RoHC configuration from this service.
ip source-violation clear-on-valid-packet: Disables the ability of the service to reset the reneg-limit and drop-limit counters after receipt of a properly addressed packet.
number can be any integer value between 1 and 65535.
num can be any integer value from 1 to 1000000.
secs must be an integer value from 1 to1000000.
num can be any integer value from 1 to 1000000.
Header Compression RoHC: Use this command to specify that sessions using this service will have Robust Header Compression applied and configure parameters supporting RoHC.
[context_name]
hostname(config-ip-header-compression-rohc)#
Local Port: Specify the UDP port that should be used for communications between the Packet Control Function (PCF) and the HSGW.
Important: The UDP port setting on the PCF must match the local-port setting for the HSGW service on the system in order for the two devices to communicate.
Source Violation: This function is intended to allow the operator to configure a network to prevent problems such as when a user gets handed back and forth between two HSGWs a number of times during a handoff scenario.
The following command sets the drop limit to 15 and leaves the other values at their defaults:
time is measured in seconds and can be configured to any integer value between 1 and 65534.
The following command specifies a time of 3600 seconds (1 hour) for subscriber sessions on this HSGW service:
count can be configured to any integer value between 1 and 1000000.
context context_name [ mag-service service_name ]
context_name must be an existing context and be from 1 to 79 alpha and/or numeric characters.
service_name must be an existing Mag service and be from 1 to 63 alpha and/or numeric characters.
The following command identifies the MAG context MAG1 as the context through which MIPv6 sessions are to be routed and further narrows the route by specifying the service name (
mag_serv3):
mcc number: Specifies the mobile country code (MCC) portion of the PLMN’s identifier.
number is the PLMN MCC identifier and must be an integer value between 100 and 999.
mnc number: Specifies the mobile network code (MNC) portion of the PLMN’s identifier.
number is the PLMN MNC identifier and can be configured to any 2 or 3 digit integer value between 00 and 999.
policy overload { redirect address [ weight weight_num ] [ address2 [ weight weight_num ] ... address16 [ weight weight_num ] ] | reject [ use reject-code { admin-prohibite | insufficient-resources } ] }
redirect address [ weight weight_num ] [ address2 [ weight weight_num ] ... address16 [ weight weight_num ] ]
address: The IP address of an alternate HSGW expressed in IPv4 dotted decimal notation. Up to 16 IP addresses can be specified either in one command or by issuing the redirect command multiple times. If you try to add more than 16 IP addresses to the redirect policy the CLI issues an error message. If you specify an IP address and weight that already exists in the redirect policy the new values override the existing values.
weight weight_num: When multiple addresses are specified, they are selected in a weighted round-robin scheme. Entries with higher weights are more likely to be chosen. If a weight is not specified, the entry is automatically assigned a weight of 1 (default).
weight_num must be an integer value from 1 through 10.
use-reject-code admin-prohibited: When this keyword is specified and traffic is rejected, the error code admin prohibited is returned instead of the error code “insufficient resources”. This is the default behavior.
use-reject-code insufficient-resources: When this keyword is specified and traffic is rejected, the error code “insufficient resources” is returned instead of the error code admin prohibited.
Use the no policy overload command to delete a previously configured policy. If after deleting the policy setting you desire to return the policy parameter to its default setting, use the
default policy command.
Specifies the name of the table to be associated with this service. name must be an existing Profile ID - QCI Mapping table and be from 1 to 63 alpha and/or numeric characters in length.
time must be an integer value between 1 and 1000000.
Use the retransmission timeout command in conjunction with the max-retransmissions command in order to configure the HSGW services behavior when it does not receive a response from a particular PCF.
spi remote-address {pcf_ip_address | ip_addr_mask_combo } spi-number number { encrypted secret enc_secret | secret secret } [ description string ] [ hash-algorithm { md5 | rfc2002-md5 } ] [ replay-protection { nonce | timestamp } ] [ timestamp-tolerance tolerance ] [ zone zone_id ]
{ pcf_ip_address | ip_addr_mask_combo }
pcf_ip_address: Specifies the IP address of the ePCF.
pcf_ip_address is an IP address expressed in IPv4 dotted decimal notation or IPv6 colon separated notation.
ip_addr_mask_combo: Specifies the IP address of the PCF and specifies the IP address network mask bits.
ip_addr_mask_combo must be specified using the form ‘IP Address/Mask Bits’ where the IP address must either be an IPv4 address expressed in dotted decimal notation or an IPv6 address expressed in colon separated notation and the mask bits are a numeric value which is the number of bits in the subnet mask.
Specifies the SPI (number) which indicates a security context between the PCF and the HSGW.
number can be configured to any integer value between 256 and 4294967295.
encrypted secret enc_secret | secret secret
encrypted secret enc_secret: Specifies the encrypted shared key (
enc_secret) between the PCF and the HSGW service.
enc_secret must be between 1 and 254 alpha and/or numeric characters and is case sensitive.
secret secret: Specifies the shared key (secret) between the PCF and the HSGW services.
secret must be between 1 and 127 alpha and/or numeric characters and is case sensitive.
The encrypted keyword is intended only for use by the chassis while saving configuration scripts. The system displays the
encrypted keyword in the configuration file as a flag that the variable following the
secret keyword is the encrypted version of the plain text secret key. Only the encrypted secret key is saved as part of the configuration file.
This is a description for the SPI. string must be an alpha and/or numeric string from 1 through 31 characters.
md5: Configures the hash-algorithm to implement MD5.
rfc2002-md5: Configures the hash-algorithm to implement keyed-MD5.
nonce: Configures replay protection to be implemented using NONCE.
timestamp: Configures replay protection to be implemented using timestamps.
Specifies the allowable difference (tolerance) in timestamps that is acceptable. If the difference is exceeded, then the session will be rejected. If this is set to 0, then time stamp tolerance checking is disabled at the receiving end.
tolerance is measured in seconds and can be configured to any integer value between 0 and 65535.
zone_id must be an integer value between 1 and 32. A maximum of 32 PCF zones can be configured for a HSGW service.
Important: The SPI configuration on the PCF must match the SPI configuration for the HSGW service on the system in order for the two devices to communicate properly.
This command used with the zone keyword redirects all calls on the basis of PCF zone to the specific HSGW on the basis of parameters configured using the
policy pcf-zone-match command.
The following command configures the HSGW service to use an SPI of 256 when communicating with a PCF with the IP address
192.168.0.2. The key that would be shared between the PCF and the HSGW service is
q397F65.
The following command creates the configured SPI of 400 for an PCF with an IP address of
172.100.3.200 and zone id as
11: