PDSN Service Configuration Mode Commands


PDSN Service Configuration Mode Commands
 
 
The PDSN Service Configuration Mode is used to create and manage PDSN service instances for the current context.
 
 
aaa 3gpp2-service-option
Specifies the value for the 3gpp2-service option.
Product
PDSN
Privilege
Security Administrator, Administrator
Syntax
aaa 3gpp2-service-option number
no aaa 3gpp2-service-optionnumber
no
Disables the aaa 3gpp2-service option configuration.
Usage
Allows the configuration of a default service option value to be sent in accounting when service option values are not received from PCF. The PDSN will default the service option value to the configured value if the value is not specified by the PCF.
Example
The following command sets the service option to be 40:
aaa 3gpp2-service-option 40
 
access-flow traffic-validation
if access-flow traffic-validation is enabled for the service and the subscriber then the flows are checked against the filter rules. If the packets does not match the filter rules, and N violations occur in K seconds, the rp connection is downgraded to best-effort flow, if it is not already a best-effort flow
Product
PDSN
Privilege
Security Administrator, Administrator
Syntax
access-flow traffic-validation threshold violations limit interval seconds
[no | default] access-flow traffic-validation
[no | default]
Disable traffic validation for the service.
threshold { [violations limit] [interval seconds]}
violations limit: Sets the parameters that determine traffic access violations. This is determined by setting the maximum number of violations within a set time period. must be an integer from 1 through 100000.
interval seconds: Sets the time interval, in seconds. must be an integer from 1 through 100000.
Usage
Use this command to enable traffic validation for the current PDSN service.
Example
The following command enables traffic validation for the current PDSN service and sets the limit allowed to 100 violations within 5 seconds:
access-flow traffic-validation threshold violations 100 interval 5
 
access-network
Configures access network parameters.
Product
PDSN
Privilege
Security Administrator, Administrator
Syntax
access-network { accounting identifier | realm realm_name }
accounting identifier
Configures accounting for the access-network. This value must be a string from 1 to 128 characters in length.
realm realm_name
Configures the realm for the access-network. realm_name must be a string from 1 to 128 characters in length.
Usage
Use this command to configure access-network parameters for accounting and realms.
Example
The following command creates an access-network realm named realm2.
access-network realm realm2
 
airlink bad-sequence-number
Configures PDSN behavior for airlink related parameters.
Product
PDSN
Privilege
Security Administrator, Administrator
airlink bad-sequence-number {accept | deny [use-deny-code {poorly-formed-request | unsupported-vendor-id}]}[no | default] airlink bad-sequence-number
[no | default]
Disables the deny of bad-sequence number and accept it.
It is the default behavior.
accept
Accepts the A11 RRQ messages that have an Airlink Sequence number less than or equal to a previously received sequence number.
It is the default behavior.
deny
Rejects the A11 RRQ messages that have an Airlink Sequence number less than or equal to a previously received sequence number.
It uses poorly-formed-request option by default to deny a request.
use-deny-code {poorly-formed-request | unsupported-vendor-id}
These are optional keywords that used with deny sub-command to deny the A11 RRQ messages that have either an unsupported vendor Id or A11 Requests with bad/poor formation.
unsupported-vendor-id denies request on the basis of vendor Id.
poorly-formed-request will deny the A11 request on the basis of request formation or structure. It is the default deny code for deny sub-command.
Usage
This command is used to configure the airlink parameters for A11 RRQs. .
When configured it denies the A11 RRQ messages that have an Airlink Sequence number less than or equal to a previously received sequence number.
Example
The following command would configure the system to deny all A11 RRQ messages having unsupported vendor Id or bad structure of message, including those having arilink sequence number less than or equal to a previously received sequence number:
airlink bad-sequence-number deny
 
allow alt-ppp
Allows proprietary modified versions of PPP type sessions to connect this PDSN service.
Product
PDSN
Privilege
Security Administrator, Administrator
Syntax
allow alt-ppp
no allow alt-ppp
no
Disables the allowed alternate PPP feature.
Usage
This command is used to deviate from standard PPP protocol and use a proprietary modified version of PPP with a pre-defined non-negotiable PPP parameters.
It is a vendor-specific licensed feature command.
 
always-on-indication
Enables/disables the inclusion of 3GPP2 Always On Indicators in messages to the PCF.
Product
PDSN
Privilege
Security Administrator, Administrator
Syntax
always-on-indication
no always-on-indication
no
Disables the sending of 3GPP2 Always On Indication messages.
Usage
This command is available when the 3GPP2 Always-On RP Extensions feature-use license is installed.
When enabled, this command causes the PDSN service to include the Always On Indicators in the Normal Vendor Specific Extension (NVSE) part of an A11 Session Update message to the PCF. The indicator will only be sent for those subscriber sessions in which Always On functionality is enabled as determined after a successful authentication: the 3GPP2-Always-On attribute is set to a value of 1 (Active) for subscribers configured on a AAA server, or the always-on parameter is set for locally configured subscribers.
This functionality is enabled by default.
 
authentication
Configures the PDSN service authentication parameters.
Product
PDSN
Privilege
Security Administrator, Administrator
Syntax
authentication { { [ allow-noauth ] [ chap chap_priority ] [ mschap mschap_priority ] [ pap pap_priority ] } | msid-auth }
allow-noauth
Default: Disabled
This option configures the system to provide subscribers with network access even though they have not been authenticated. This command issued by itself would cause the system to not attempt to authenticate subscribers.
When the allow-noauth option is used in conjunction with commands specifying other authentication protocols and priorities to use, then if attempts to use those protocols fail, the system will treat the allow-noauth option as the lowest priority.
If no authentication is allowed, then NAI construct will be implemented in order to provide accounting records for the subscriber.
chap chap_priority
Default: 1
This option configures the system to attempt to use the Challenge Handshake Authentication Protocol (CHAP) to authenticate the subscriber.
A chap_priority must be specified in conjunction with this option. Priorities specify which authentication protocol should be attempted first, second, third and so on.
chap_priority must be an integer from 1 through 1000. The lower the integer, the higher the preference. CHAP is enabled by default as the highest preference.
mschap mschap_priority
Default: Disabled
This option configures the system to attempt to use the Microsoft Challenge Handshake Authentication Protocol (MSCHAP) to authenticate the subscriber.
A mschap_priority must be specified in conjunction with this option. Priorities specify which authentication protocol should be attempted first, second, third and so on.
mschap_priority must be an integer from 1 through 1000. The lower the integer, the higher the preference.
pap pap_priority
Default: 2
This option configures the system to attempt to use the Password Authentication Protocol (PAP) to authenticate the subscriber.
A pap_priority must be specified in conjunction with this option. Priorities specify which authentication protocol should be attempted first, second, third and so on.
pap_priority must be an integer from 1 through 1000. The lower the integer, the higher the preference. PAP is enabled by default as the second highest preference.
msid-auth
Default: Disabled
This option configures the system to attempt to authenticate the subscriber based on their Mobile Station Identity (MSID).
Usage
Use to specify how the PDSN service should handle authentication and what protocols to use. The flexibility is given to configure this option to accommodate the fact that not every mobile will implement the same authentication protocols.
The chassis is shipped from the factory with the authentication options set as follows:
Important: At least one of the keywords must be used to complete the command.
Example
The following command would configure the system to allow no authentication for subscribers and would perform accounting using the default NAI-construct of username@domain:
authentication allow-noauth
The following command would configure the system to attempt subscriber authentication first using CHAP, then MSCHAP, and finally PAP. If the allow-noauth command was also issued, if all attempts to authenticate the subscriber using these protocols fail, then the subscriber would be allowed access:
authentication chap 1 mschap 2 pap 3
 
bind
Binds the PDSN service to a logical IP interface serving as the R-P interface. Specifies the maximum number of subscribers that can access this service over the interface.
Product
PDSN
Privilege
Security Administrator, Administrator
Syntax
bind address address [ max-subscribers count ]
no bind address address max-subscribers max#
no
Removes a previously configured binding.
address
Specifies the IP address (address) of the interface configured as the R-P interface. address is specified in dotted decimal notation.
max-subscribers count
Default: 500000
Specifies the maximum number of subscribers that can access this service on this interface.
count can be configured to any integer value between 0 and 500,000.
Important: The maximum number of subscribers supported is dependant on the license key and the number of active PACs/PSCs installed in the system. A fully loaded system with 13 active PACs/PSCs can support 500,000 total subscribers. Refer to the license key command for additional information.
Usage
Associate or tie the PDSN service to a specific logical IP address. The logical IP address or interface takes on the characteristics of an R-P interface. Only one interface can be bound to a service. The interface should be configured prior to issuing this command.
This command also sets a limit as to the number of simultaneous subscribers sessions that can be facilitated by the service/interface at any given time.
When configuring the max-subscribers option, be sure to consider the following:
Taking these factors into account and distributing your subscriber session across all available interfaces will allow you to configure your interfaces to optimally handle sessions without degraded performance.
Example
The following command would bind the logical IP interface with the address of 192.168.3.1 to the PDSN service and specifies that a maximum of 600 simultaneous subscriber sessions can be facilitated by the interface/service at any given time.
bind address 192.168.3.1 max-subscribers 600
The following command disables a binding that was previously configured:
no bind address
 
bcmcs
Sets the BCMCS group username and password for RADIUS access.
Product
PDSN
Privilege
Security Administrator, Administrator
Syntax
bcmcs [ custom | flow-id value { header-compression rohc { rohc-profile name name } }| grpusrname group_name | [ encrypted ] grppasswd group_passwd | ptt {destination-context disconnect-dscp-label rohc-profile-name}]
custom
Customise the BCMCS configuration.
flow-id value
Set the BCMCS flow-id. This value must be a hex string between 0x1000 and 0xFFFFFFFF.
Making this entry opens a new mode: bcmcs-flow-id.
header-compression rohc Configure ROHC parameters.
rohc-profile name name: Configure ROHC parameters name, name should be string of size 1 to 63.
grpusrname group_name
Sets the BCMCS group name for RADIUS access requests. This value must be a string from 1 to 127 characters in length.
[ encrypted ] grppasswd group_passwd
Set the BCMCS group password for RADIUS access requests. This value must be a string from 1 to 63 characters in length.
Password can be encrypted or clear.
ptt {destination-context dest_name | disconnect-dscp-label dscp-label_value| mtu | rohc-profile-name profile_name }
destination-context: Specify the intended destination context name. This value must be string of 1 to 79 characters in length.
disconnect-dscp-label: Configures the DSCP label to be present in the In Call Signalling packet based on which In Call Signalling and Media Flows will be disconnected. This value must be a Hexadecimal number between 0x0 and 0xF.
mtu: Configures maximum transmission unit, This value must be ranging from 100 to 2000. Default is 1500.
rohc-profile-name: Profile name of the ROHC compresser and decompressor. This value should be a string of 1 to 63.
Usage
Use this command to set the BCMCS group username and password for RADIUS access requests.
Example
bcmcs grpusername group_namebcmcs grppasswd group_password
 
data-available-indicator
Enable sending Data Available Indicator extension in R-P Registration Reply.
Product
PDSN
Privilege
Security Administrator, Administrator
Syntax
data-available-indicator
no data-available-indicator
no
Default: Disabled
Disable the sending of the Data Available Indicator extension in R-P Registration Reply.
Usage
Use this command to enable or disable the sending of the Data Available Indicator extension in R-P Registration Reply
Example
Use the following command to enable sending the Data Available Indicator extension in R-P Registration Reply:
data-available-indicator
Use the following command to disable sending the Data Available Indicator extension in R-P Registration Reply:
no data-available-indicator
 
data-over-signaling
Enable the data-over-signaling marking feature for A10 packets.
Product
PDSN
Privilege
Security Administrator, Administrator
Syntax
data-over-signaling
no data-over signaling
no
Default: Enabled
Disable the data-over signaling feature for A10 packets.
Usage
Use this command to enable or disable the data-over signaling feature for A10 packets.
Important: This is a customer-specific command.
Example
no data-over-signaling
 
default
Sets / Restores default value assigned for specified parameter.
Product
PDSN
Privilege
Security Administrator, Administrator
Syntax
default { authentication | gre { checksum | checksum-verify | protocol-type | sequence-numbers } | inter-pdsn-handoff mobility-event-indicator | ip {local-port | source-violation {drop-limit | period | reneg-limit}} | lifetime | max-retransmissions | pcf-monitor | policy { overload | service-option } | registration-accept handoff session-disconnect-in-progress | registration-deny { handoff connection-setup-record-absent | max-deny-reply-limit | new-call { connection-setup-record-absent | reverse-tunnel-unavailable } | session-already-active | session-already-closed | session-already-dormant | terminate-session-on-error | use-zero-gre-key | session-already-closed | terminate-session-on-error | registration-discard { bad-extension | gre-key-change } | registration-update wait-timeout | retransmission-timeout | service-option | setup-timeout }
registration-update wait-timeout
Sets the PDSN service to not wait before sending Registration-Update when PPP is terminated for an active RP session.
authentication
Sets/restores the authentication setting to their defaults which are as follows:
gre { checksum | checksum-verify | protocol-type | sequence-numbers }
checksum: Disables the introduction of the checksum field in outgoing GRE packets.
checksum-verify: Disables verification of the GRE checksum (if present) in incoming GRE packets.
protocol-type: Restores the GRE protocol type the default protocol-type any
sequence-numbers: Restores the GRE sequence number parameters to the default sequence-numbers enabled
inter-pdsn-handoff mobility-event-indicator
Disables support for the Mobile Event Indicator during inter-PDSN handoffs.
ip local-port
Restores the ip local-port setting to its default value of 699.
ip source-violation {drop-limit | period | reneg-limit}
Sets the source violation parameters to the defaults or sets the defaults to the specified value as follows;
drop-limit: Sets the number of source violations within a detection period before forcing a call disconnect to the default: 10.
period : Sets the length of time, in seconds, for a source violation detection period to last to the default: 120 seconds.
reneg-limit : Sets the number of source violations within a detection period before forcing a PPP renegotiation to the default: 5.
lifetime
Restores the lifetime setting to its default: 1800 seconds.
max-retransmissions
Restores the max-retransmissions setting to its default: 5.
pcf-monitor
Restores the PCF monitoring settings to the defaults.
Default interval: 900
Default num-retry: 5
Default timeout: 5
policy { overload | service-option }
Restores the policy overload and/or policy service-option setting to its default values as follows:
registration-accept handoff session-disconnect-in-progress
Resets the PDSN to deny registration requests when a handoff disconnect is still in progress.
registration-deny { handoff connection-setup-record-absent | max-deny-reply-limit | new-call { connection-setup-record-absent | reverse-tunnel-unavailable } | session-already-active | session-already-closed | session-already-dormant | terminate-session-on-error | use-zero-gre-key
handoff connection-setup-record-absent
connection-setup-record-absent Accept handoff R-P sessions that do not have an Airlink Connection Setup record in the A11 Registration Request.
max-deny-reply-limit: Resets the maximum number of retries of erroneous registration request message from PCF for a session before PDSN terminates the session. to the default. Default is 3.
new-call connection-setup-record-absent: Configures the PDSN not to reject calls that do not have the airlink connection setup record in the RRQ.
new-call reverse-tunnel-unavailable: Configures the PDSN not to reject calls if the GRE key for a user collides with that of another user.
session-already-active: disables the PDSN from denying RP renew and dereg requests for active R-P sessions.
session-already-closed: disables the PDSN from denying RP renew and dereg requests for absent R-P sessions.
session-already-dormant: disables the PDSN from denying RP renew and dereg requests for dormant R-P sessions.
terminate-session-on-error: Disables the PDSN from terminating a session if an erroneous registration request message is received for the session.
use-zero-gre-key: Configures the PDSN not to set the GRE key to zero (0) when denying a new R-P session.
registration-discard { bad-extension | gre-key-change }
bad-extension: Set the PDSn so that it does not immediately discard registration requests that have multiple vendor information elements of the same type.
gre-key-change: Sets the PDSN so that it does not discard Registration Requests that have a GRE key that is different than the one for the existing IMSI session.
handoff connection-setup-record-absent:Sets the PDSN so that it does not discard A11 Handoff requests that do not contain the Airlink Setup record.
registration-update wait-timeout
Sets the PDSN service to not wait before sending Registration-Update when PPP is terminated for an active RP session.
retransmission-timeout
Restores the retransmission-timeout setting to its default: 3 seconds.
service-option
Restores the service-option setting to its default list of service options as follows:
setup-timeout
Restore the maximum amount of time allowed for setting up a session to the default of 60 seconds.
Usage
After the system has been modified from its default values, this command is used to set/restore specific parameters to their default values.
Example
The following command is used to return the lifetime parameter to it’s default value:
default lifetime
 
default subscriber
Specifies the name of a subscriber profile configured within the same context as the PDSN service from which to base the handling of all other subscriber sessions handled by the PDSN service.
Product
PDSN
Privilege
Security Administrator, Administrator
Syntax
default subscriberprofile_name
no default subscriberprofile_name
profile_name
Specifies the name of the configured subscriber profile. profile_name can be between 1 and 63 alpha and/or number characters and is case sensitive.
Usage
Each subscriber profile specifies “rules” such as permissions, PPP settings, and timeout values.
By default, the PDSN service will use the information configured for the subscriber named default within the same context. This command allows for multiple PDSN services within the same context to apply different “rules” to sessions they process. Each set of rules can be configured under a different subscriber name which is pointed to by this command.
Use the no default subscriber profile_name command to delete the configured default subscriber.
Example
To configure the PDSN service to apply the rules configured for a subscriber named user1 to every other subscriber session it processes, enter the following command:
default subscriber user1
 
dormant-transition
Configures the PDSN behavior to terminate A10 session, when the PDSN receives the A11-RRQ (Type 4) before the session for the original MN is established completely.
Product
PDSN
Privilege
Security Administrator, Administrator
Syntax
[no | default] dormant-transition initial-session-setup
no
Terminates the A10 session, when PDSN receives the A11-RRQ (Type 4) before the original session established completely.
default
Keeps the A10 session live in case of A11-RRQ (Type 4) is received before the original session is established completely.
Usage
When the status of A10 session goes to dormant before the session for the original MN is established completely, the different MN may possibly send the A11-RRQ (Type 4) to the PDSN and PPP renegotiation may start.
This command is used to terminate the A10 session when the PDSN receives the A11-RRQ (Type 4) before the session for original MN is established completely.
Example
Following command is used to release the A10 session in case of receiving A11-RRQ (Type 4) before the original session is established completely:
no dormant-transition initial-session-setup
 
end
Exits the PDSN service configuration mode and returns to the Exec mode.
Product
PDSN
Privilege
Security Administrator, Administrator
Syntax
end
Usage
Change the mode back to the Exec mode.
 
exit
Exits the PDSN service configuration mode and returns to the context configuration mode.
Product
PDSN
Privilege
Security Administrator, Administrator
Syntax
exit
Usage
Return to the context configuration mode.
 
fragment
It enables/disables fragmentation of PPP data.
Product
PDSN
Privilege
Security Administrator, Administrator
Syntax
fragment ppp-data
[ no | default ] fragment ppp-data
no
Disables the fragmentation of ppp data.
default
Default enables ppp data fragmentation.
Usage
This command is to indicate to the RP module to NOT fragment PPP payloads being sent to the PCF, if the total packet size (PPP+GRE+IP) exceeds 1500 bytes.
Disabling fragmentation may cause the sessmgr to perform outer IP fragmentation of the outgoing packet, if the resulting packet exceeds the MED MTU.
 
gre
Configures Generic Routing Encapsulation (GRE) parameters for the A10 protocol within the PDSN service.
Product
PDSN
Privilege
Security Administrator, Administrator
Syntax
gre { checksum | checksum-verify | flow control | ip-header-dscp value { all-control-packets | setup-packets-only } | flow-control-timeout { seconds | msec milliseconds } action { resume-session | disconnect-session } | protocol-type { any | byte-stream | ppp } | reorder-timeout milliseconds | sequence-mode { none | reorder } | segmentation | sequence-numbers | threegppp2-ext-header qos-marking }
no gre { checksum | checksum-verify | flow-control | ip-header-dscp | segmentation | sequence-numbers | threegppp2-ext-headers qos-marking }
default gre { checksum | checksum-verify | flow-control | ip-header-dscp | protocol-type | segmentation | sequence-mode | sequence-numbers | threegppp2-ext-headers qos-marking }
no
Disables the specified functionality.
default
Restores the specified parameter to its default setting.
checksum
Default: disabled
Enables the introduction of the checksum field in outgoing GRE packets.
checksum-verify
Default: disabled
Enables verification of the GRE checksum (if present) in incoming GRE packets.
ip-header-dscp value { all-control-packets | setup-packets-only }
Default: Disabled
Used to configure the QoS Differentiated Services Code Point (DSCP) marking for GRE packets.
value : Represents the DSCP setting. It represents the first six most-significant bits of the ToS field. It can be configured to any hex value from 0x0 through 0x3F.
all-control-packets : Dictates that the DSCP marking is to be provided in all GRE control packets.
setup-packets-only : Dictates that the DSCP marking is to be provided only in GRE setup packets.
flow-control [action {disconnect-session | resume-session}] [timeout { seconds | msec milliseconds }]
Default: no gre flow-control
Enables 3GPP2 GRE flow control which causes the PDSN to send flow control enabled Normal Vendor Specific Extensions (NVSE) in A11 RRPs.
action {disconnect-session | resume-session}:
Specifies the action to be taken when timeout is reached:
disconnect-session (default): Ends the session and releases the call.
resume-session: Switches flow control to XON and resumes delivery of packets to the RAN.
timeout { seconds | msec milliseconds }
Sets the amount of time wait for an XON indicator from the RAN (after receiving an XOFF). Also sets the action to be taken if the timeout limit is reached.
Default: 10 seconds, disconnect-session
seconds: Specifies the amount of time in seconds before the timeout is reached. seconds must be an integer from 1 through 1000.
msec milliseconds: Specifies the amount of time in milliseconds before the timeout is reached. milliseconds must be an integer from 1 through 1000000.
protocol-type { any | byte-stream | ppp }
Specifies the protocol used fro GRE encapsulation that is acceptable to
any: Specifies that the PDSN service will accept GRE packets encapsulated using any protocol.
byte-stream: Specifies that the PDSN service will accept GRE packets only encapsulated using byte stream. Using byte stream encapsulation, PPP packets are framed at different intervals and sent.
ppp: Specifies that the PDSN service will accept GRE packets only encapsulated using the Point-to-Point Protocol (PPP). Using PPP encapsulation, PPP packets are framed at regular intervals and sent.
reorder-timeout
Default: 100
Configures max number of milliseconds to wait before processing reordered out-of-sequence GRE packets. milliseconds must be an integer from 0 through 5000.
segmentation
Default: disabled
Enables GRE Segmentation for the PDSN service.
sequence-mode { none | reorder}
Default: none
Configures handling of incoming out-of-sequence GRE packets.
none: Specifies that sequence numbers in packets are ignored and all arriving packets are processed in the order they arrive.
reorder: Specifies that out of sequence packets are stored in a sequencing queue until one of the conditions is met:
sequence-numbers
Enables insertion of GRE sequence numbers in data that is about to be transmitted over the A10 interface. Data coming into the system containing sequence numbers but that is out of sequence is not re-sequenced.
threegppp2-ext-headers qos-marking
When threegppp2-ext-headers qos-marking is enabled and the PCF negotiates capability in the A11 RRQ, the PDSN will include the qos optional data attribute in the GRE 3gpp2 extension header.
The no keyword, enables qos-marking in the gre header based on the tos value in the header.
Usage
The gre protocol-type command can be used to prevent the PDSN service from servicing PCFs that use a specific form of encapsulation.
Use the no gre sequence-numbers command to disable the inclusion of GRE sequence numbers in the A10 data path.
The chassis is shipped from the factory with the authentication options set as follows:
Example
Use this command to configure the PDSN service to exclude byte stream encapsulated GRE traffic:
gre protocol-type ppp
 
inter-pdsn-handoff mobility-event-indicator
Configures the PDSN to support the Mobility Event Identifier (MEI) during inter-PDSN handoffs. The presence of the Mobility Event Indicator (MEI) and Access Network Identifier (ANID) elements in a A11 handoff request represents an Inter-PDSN handoff.
Product
PDSN
Privilege
Security Administrator, Administrator
Syntax
inter-pdsn-handoff mobility-event-indicator
no inter-pdsn-handoff mobility-event-indicator
no
Disables support for the MEI during inter-PDSN handoffs.
Usage
Use this command to configure support for the MEI during inter-PDSN handoffs.
Example
Use the following command to enable support for the MEI during inter-PDSN handoffs:
inter-pdsn-handoff mobility-event-indicator
 
ip header-compression rohc
This command enters PDSN Service ROHC Configuration Mode. The ROHC configuration mode lets you configure ROHC parameters that PDSN conveys to the PCF in the initial A11 RRP message before PPP authentication.
By default, ROHC is disabled for a PDSN service.
Product
PDSN
Privilege
Security Administrator, Administrator
Syntax
ip header-compression rohc
default ip header-compression rohc
no ip header-compression rohc
default
Set all PDSN Service ROHC Configuration Mode values back to the defaults and disable ROHC for this PDSN service.
no
Disable IP header compression for this PDSN Service.
Usage
Use this command to enter the PDSN Service ROHC Configuration Mode or disbale ROHC for the current PDSN service.
Example
The following command enters PDSN Service ROHC Configuration Mode:
ip header-compression rohc
The following command disables ROHC for the current PDSN service and sets all of the values for commands in PDSN Service ROHC Configuration Mode back to their default settings:
default ip header-compression rohc
 
ip local-port
Configures the local User Datagram Protocol (UDP) port for the R-P interfaces’ IP socket.
Product
PDSN
Privilege
Security Administrator, Administrator
Syntax
ip local-portnumber
number
Default: 699
Specifies the UDP port number.
number can be any integer value between 1 and 65535.
Usage
Specify the UDP port that should be used for communications between the Packet Control Function (PCF) and the PDSN.
Important: The UDP port setting on the PCF must match the local-port setting for the PDSN service on the system in order for the two devices to communicate.
Example
Use the following command to specify a UDP port of 3950 for the PDSN service to use to communicate with the PCF on the R-P interface:
ip local-port 3950
 
ip source-violation
Sets the parameters for IP source validation. Source validation is useful if packet spoofing is suspected or for verifying packet routing and labeling within the network.
Source validation requires the source address of received packets to match the IP address assigned to the subscriber (either statically or dynamically) during the session.
Product
PDSN, PDIF
Privilege
Security Administrator, Administrator
Syntax
ip source-violation { clear-on-valid-packet | drop-limit num | period secs | reneg-limit num }
no ip source-violation clear-on-valid-packet
clear-on-valid-packet
Default: disabled
Configures the service to reset the reneg-limit and drop-limit counters after receipt of a properly addressed packet.
drop-limit num
Default: 10
Sets the number of allowed source violations within a detection period before forcing a call disconnect. If num is not specified, the value is set to the default.
num can be any integer value from 1 to 1000000.
period secs
Default: 120
The length of time, in seconds, for a source violation detection period to last. drop-limit and reneg-limit counters are decremented each time this value is reached.
The counters are decremented in this manner: reneg-limit counter is reduced by one (1) each time the period value is reached until the counter is zero (0); drop-limit counter is halved each time the period value is reached until the counter is zero (0). If secs is not specified, the value is set to the default.
secs can be any integer value from 1 to1000000.
reneg-limit num
Default: 5
Sets the number of allowed source violations within a detection period before forcing a PPP renegotiation. If num is not specified, the value is set to the default.
num can be any integer value from 1 to 1000000.
Usage
This function is intended to allow the operator to configure a network to prevent problems such as when a user gets handed back and forth between two PDIFs PDSNs a number of times during a handoff scenario.
This function operates in the following manner:
When a subscriber packet is received with a source address violation, the system increments both the IP source-violation reneg-limit and drop-limit counters and starts the timer for the IP-source violation period. Every subsequent packet received with a bad source address during the IP-source violation period causes the reneg-limit and drop-limit counters to increment.
For example, if reneg-limit is set to 5, then the system allows 5 packets with a bad source address (source violations), but on the 5th packet, it re-negotiates PPP.
If the drop-limit is set to 10, the above process of receiving 5 source violations and renegotiating PPP occurs only once. After the second 5 source violations, the call is dropped. The period timer continues to count throughout this process.
If the configured source-violation period is exceeded at any time before the call is dropped, the reneg-limit counter is checked. If the reneg-limit counter is greater than zero (0), the reneg-limit is decremented by 1. If the reneg-limit counter equals zero, the drop-limit is decremented by half.
Example
The following command sets the drop limit to 15 and leaves the other values at their defaults:
ip source-violation drop-limit 15
 
lifetime
Specifies the time that an A10 connection can exist before its registration is considered expired.
Product
PDSN
Privilege
Security Administrator, Administrator
Syntax
lifetime time
no lifetime
no lifetime
Specifies that an A10 connection can exist for an infinite amount of time.
time
Default: 1800
Specifies the time that an A10 connection can exist before its registration is considered expired.
time is measured in seconds and can be configured to any integer value between 1 and 65534.
Usage
Set a limit to the amount of time that a subscriber session can remain up whether or not the session is active or dormant. If the lifetime timer expires before the subscriber terminates the session, their connection will be terminated automatically.
Use the no lifetime command to delete a previously configured lifetime setting. If after deleting the lifetime setting you desire to return the lifetime parameter to its default setting, use the default lifetime command.
Example
The following command specifies a time of 3600 seconds (1 hour) for subscriber sessions on this PDSN service:
lifetime 3600
 
max-retransmissions
Configures the maximum number of times the PDSN service will attempt to communicate with a PCF before it marks it as unreachable.
Product
PDSN
Privilege
Security Administrator, Administrator
Syntax
max-retransmissions count
count
Specifies the maximum number of times the PDSN service will attempt to communicate with a PCF before it marks it as unreachable.
count can be configured to any integer value between 1 and 1,000,000.
Usage
If the value configured for the max-retransmissions is reached the call will be dropped.
The chassis is shipped from the factory with the Internet maximum number of retransmissions set to 5.
Example
The following command configures the maximum number of retransmissions for the PDSN service to 3:
max-retransmissions 3
 
mobile-ip foreign-agent context
For Mobile IP support, specifies the context in which the FA service(s) are configured.
Product
PDSN
Privilege
Security Administrator, Administrator
Syntax
mobile-ip foreign-agent context context_name [fa-service name]
no mobile-ip foreign-agent context context_name [fa-service name]
context_name
Specifies the name of the previously configured context that facilitates the FA service(s).
context_name must be between 1 and 79 alpha or numeric characters and is case sensitive.
[fa-service name]
This optional keyword allows you to link the PDSN service to a particular FA service in the specified context. name is the name of the FA service to link to.
Usage
FA services on the system can be configured either in the same or different contexts from those facilitating PDSN services. When they are configured in separate contexts, this command configured with a PDSN service instructs the PDSN service to route traffic to the context facilitating the FA service.
Use the no mobile-ip foreign-agent context to delete a previously configured destination context.
Example
The following command instructs the PDSN service to use the context named FA-destination for FA functionality:
mobile-ip foreign-agent context fa-destination
 
msid length
Specifies the allowed configurable Mobile Station IDentifier (MSID) length.
Product
PDSN
Privilege
Security Administrator, Administrator
Syntax
[ default ] msid length [ min min_length ] max max_length
default
Specifies the default length of MSID (10 to 15) as per standard.
min min_length
Specifies the minimum length for MSID.
min_length is any Integer value between 10 to 15, but should be less than max_length specified with max.
max max_length
Specifies the maximum length for MSID.
max_length is any Integer value between 10 to 15, but should be more than min_length specified with min.
Usage
MSID length can be configured either in the standard length or different customized length form. This command is used to specify the allowed length of MSID.
Example
The following command specifies an MSID length between 12 and 15:
msid length min 12 max 15
 
nai-construction
Specifies a domain alias that will be used to represent the context which the PDSN service should use for AAA functionality.
Product
PDSN
Privilege
Security Administrator, Administrator
Syntax
nai-construction domain alias
no nai-construction domain
domain alias
alias represents the “domain” name that you would like to associate with the context in which AAA functionality is configured. alias can be between 1 and 79 alpha and/or numeric characters and is case-sensitive.
Usage
Enabling NAI will be constructed for the subscriber in the event that their mobile station (MS) does not negotiate CHAP, PAP, or MSCHAP. If this option is selected, no further attempts will be made to authenticate the user. Instead, the constructed NAI will be used for accounting purposes.
The context specified by this command would be used to provide the communication with the RADIUS accounting server.
Use the no nai-constructed domain command to deleted a configured alias.
Important: This command should only be used if the PDSN service is configured to allow no authentication using the authentication allow-noauth command.
Additionally, the aaa constructed-nai command in the Context Configuration mode can be used to configure a password for constructed NAIs.
Example
The following command configured a domain alias of aaa_context for the PDSN service to use when an NAI is constructed for a subscriber session:
nai-construction domain aaa_context
 
new-call conflict
Enable or disable to send A11-RUPD to current PCF, when system receives the A11-RRQ(Type1) from new PCF during the session exists.
Product
PDSN
Privilege
Security Administrator, Administrator
Syntax
new-call conflict terminate-session-old-pcf [no | default] new-call conflict terminate-session-old-pcf
no
Disable to send A11-RUPD to current PCF, when system receives the A11-RRQ(Type1) from new PCF during the session exists.
default
Enable to send A11-RUPD to current PCF, when system receives the A11-RRQ(Type1) from new PCF during the session exists.
Usage
This configuration supports to enable or disable to send A11-RUPD to current PCF, when the system receives the A11-RRQ(Type1) from new PCF during the session exists.
If the configuration is no new-call conflict terminate-session-old-pcf system will not send registration update to old PCF on receiving a new call (A11-RRQ(Type1)) request for an existing active/dormant session. The default behavior is to send registration updates.
Example
The following command configured a system to send a registration update on receiving an A11-RRQ (Type 1) request for an existing active/dormant session:
new-call conflict terminate-session-old-pcf
 
pcf-monitor
When this is enabled, the PDSN monitors all the PCFs that have sessions associated with it. The PDSN stops monitoring a PCF if it is determined to be down. Once a PCF is determined to be down, the PDSN tears down all sessions that correspond to the PCF and generates AAA Accounting Stop messages. All the PCFs that are connected to the PDSN service are monitored.
Product
PDSN
Privilege
Security Administrator, Administrator
Syntax
pcf-monitor [ interval seconds | max-inactivity-time seconds | num-retry num | timeout seconds ]
no pcf-monitor
pcf-monitor
Entering the command with no keywords enables the PCF monitoring function with all parameters set to the defaults.
no
Disables the pcf monitoring function.
interval seconds
Default: 900 seconds
Sets the amount of time to wait between ping request messages.
seconds must be an integer in the range from 60 through 3600.
max-inactivity-time seconds
Default: 120 seconds
The maximum amount of time (seconds) with no A10 traffic from a PCF before the ICMP-ping mechanism is triggered.
seconds must be an integer from 1 through 3600.
num-retry num
Default: 5
Sets the number of times that the PDSN retries to ping the PCF. When num-retry for a given PCF has been exhausted with no response, sessions that correspond to the non-responsive PCF are terminated and Accounting Stop records for each terminated session are generated.
num must be an integer in the range from 0 through 100.
timeout seconds
Default: 5 seconds
The amount of time to wait for a response before retrying.
seconds must be in the range from 1 through 10.
Usage
Use this command to enable the PDSN service to monitor the PCFs that have sessions associated with the PDSN service.
Example
The following command enables PCF monitoring with parameters set to the defaults:
pcf-monitoring
The following command enables PCF monitoring and sets the timeout to 10 seconds:
pcf-monitor timeout 10
The following command disables pcf-monitoring:
no pcf-monitor
 
pcf-session-id-change restart-ppp
This feature manages current session and PPP renegotiation on GRE-key change without any change in PCF/PANID/CANID. This command disables or enables the PPP renegotiation restart on receiving an RP registration request from the current PCF with GRE key (PCF session Id) change. With this command the PDSN aborts and restarts the call causing PPP renegotiation.
This is enabled by default.
Product
PDSN
Privilege
Security Administrator, Administrator
Syntax
[no | default] pcf-session-id-change restart-ppp
no
Disables the pcf-session-id-change restart-ppp function.
With this option PDSN does not restart the PPP renegotiation on GRE key change from current PCF in an RP registration request, unless it indicates change in PCF/PANID/CANID.
default
Set the pcf-session-id-change function to the default state on enabled.
Usage
GRE key (PCF session ID) is sued to identify the data packet for a session and is negotiated through the A11 signaling messages between PCF and PDSN. By default PDSN aborts and restart the PPP renegotiation on receipt of any RP registration request with change in GRE key or PCF session Id.
With use of no pcf-session-id-change restart-ppp command PDSN is configured to disable the restart of call or PPP renegotiation on receipt of any RP registration request with changed GRE key, unless it has any PCF/ANID/CANID change. PDSN silently switches the GRE key for the session, retaining the existing PPP session.
Example
The following command disables the PPP renegotiation restart action on receipt of any RP RRQ with changed GRE key from same PCF/PANID/CANID.
no pcf-session-id-change restart-ppp
 
pdsn type0-tft attempt-inner-match
Configures a type0 traffic flow template (tft) to a type1 traffic flow template.
Product
PDSN
Privilege
Security Administrator, Administrator
Syntax
pdsn type0-tft attempt-inner-match
no pdsn type0-tft attempt-inner-match
no
Disables the type0 tft match.
Usage
This CLI is used make PDSN match inner IP packets for an AIMS call. When enabled, the PDSN tries to match a type-0 tft to match both outer and inner packet, so that MN can use a Type-0 filter for HoA traffic which are tunneled.
This is disabled by default.
Example
The following command enables type0 tft:
pdsn type0-tft attempt-inner-match
 
peer-pcf
Configures settings for any PCF that has a connection with this PDSN.
Product
PDSN
Privilege
Security Administrator, Administrator
Syntax
peer-pcf ip_address bcmcs_framing { hdlc-like | segment-based }
ip_address
ip_address must be specified using the standard IPv4 dotted decimal notation or colon notation for IPv6.
bcmcs_framing { hdlc-like | segment-based }
Specifies the type of bcmcs_framing to use for this PCF connection.
Usage
Use this command to configure the settings for any PCF that is connected to this PDSN. You can also specify bcmcs framing settings to use for the connection.
Example
The following command configures the peer-pcf for an IP address of 131.2.3.4:
peer-pcf 131.2.3.4
 
policy
Configures PDSN service policies.
Product
PDSN
Privilege
Security Administrator, Administrator
Syntax
policy overload { redirect address [ weight weight_num ] [ address2 [ weight weight_num ] ... address16 [ weight weight_num ] ] } | { reject [ use-reject-code { admin-prohibited | insufficient-resources } ] }
policy msid-match msid_with_wildcards { redirect address [ weight weight_num ] [ address2 [ weight weight_num ] ... address16 [ weight weight_num ] ] }
policy pcf-zone-match zone_number { redirect address [ weight weight_num ] [ address2 [ weight weight_num ] ... address16 [ weight weight_num ] ] }
no policy { msid-match msid_with_wildcards | overload [ redirect address ] | pcf-zone-match zone_number | rrq mei-from-current-pcf {suppress-ppp-restart} | service-option | unknown-cvse enforce }
no policy { overload [ redirect address [ address2...address16 ] ] | rrq mei-from-current-pcf {suppress-ppp-restart} | service-option | unknown-cvse enforce }
Deletes a previously set policy or removes a redirect IP address.
overload: This keyword without any options deletes the complete overload policy from the PDSN service.
overload redirect address [ address2 ... address16 ]: deletes up to 16 IP addresses from the overload redirect policy. The IP addresses must be expressed in IP v4 dotted decimal notation
rrq mei-from-current-pcf suppress-ppp-restart: suppresses the PPP restart, when RRQ containing MEI comes from the current PCF. This is disabled by default.
service-option: Resets the PDSN service to accept calls that do not contain the service option(s) configured using the service option command.
unknown-cvse enforce: When unknown-cvse policy is enforced, PDSN will deny RRQs with unknown CVSEs (unknown vendor id, unknown app type or unknown app subtype) with an error code.
When disabled, PDSN will process the CVSE like an NVSE. If an unknown vendor-id, app-type or app-subtype is encountered during the processing of a CVSE, the entire CVSE will be ignored and rest of the RRQ will be processed.
policy overload { redirect address [ weight weight_num ] [ address2 [ weight weight_num ] ... address16 [ weight weight_num ] ] } | { reject [ use-reject-code { admin-prohibited | insufficient-resources } ] }
Specifies how a PDSN service should handle an overload condition.
redirect: This option enables a redirect policy for overloading conditions. When a redirect policy is invoked, the PDSN service rejects new sessions with an A11 Registration Reply Code of 88H (unknown PDSN address) and provides the IP address of an alternate PDSN. This command can be issued multiple times.
address: The IP address of an alternate PDSN expressed in IP v4 dotted decimal notation. Up to 16 IP addresses can be specified either in one command or by issuing the redirect command multiple times. If you try to add more than 16 IP addresses to the redirect policy the CLI issues an error message. If you specify an IP address and weight that already exists in the redirect policy the new values override the existing values.
weight weight_num: When multiple addresses are specified, they are selected in a weighted round-robin scheme. Entries with higher weights are more likely to be chosen. If a weight is not specified the entry is automatically assigned a weight of 1. weight_num must be an integer from 1 through 10.
reject: This option will cause any overload traffic to be rejected. The PDSN will send an A11 Registration Reply Code of 82H (insufficient resources).
use-reject-code admin-prohibited: When this keyword is specified and traffic is rejected, the error code admin prohibited is returned instead of the error code insufficient resources. This is the default behavior.
use-reject-code insufficient-resources: When this keyword is specified and traffic is rejected, the error code insufficient resources is returned instead of the error code admin prohibited.
policy msid-match msid_with_wildcards { redirect address [ weight weight_num ] [ address2 [ weight weight_num ] ... address16 [ weight weight_num ] ] }
Specifies how a PDSN service should handle an incoming call that matches a list of wildcard MSIDs.
msid_with_wildcards: An MSID in which up to 16 digits have been replaced with the wildcard ‘$’. This defines the list of possible matches for incoming calls.
redirect: This option enables a redirect policy for overloading conditions. When a redirect policy is invoked, the PDSN service rejects new sessions with an A11 Registration Reply Code of 88H (unknown PDSN address) and provides the IP address of an alternate PDSN. This command can be issued multiple times.
address: The IP address of an alternate PDSN expressed in IP v4 dotted decimal notation. Up to 16 IP addresses can be specified either in one command or by issuing the redirect command multiple times. If you try to add more than 16 IP addresses to the redirect policy the CLI issues an error message. If you specify an IP address and weight that already exists in the redirect policy the new values override the existing values.
weight weight_num: When multiple addresses are specified, they are selected in a weighted round-robin scheme. Entries with higher weights are more likely to be chosen. If a weight is not specified the entry is automatically assigned a weight of 1. weight_num must be an integer from 1 through 10.
policy pcf-zone-match zone_number { redirect address [ weight weight_num ] [ address2 [ weight weight_num ] ... address16 [ weight weight_num ] ] }
Specifies how a PDSN service should handle an incoming call that matches a predefined zone number.
zone_number: An integer between 1 and 32 that defines the zone incoming calls must match for redirection.
redirect: This option enables a redirect policy for overloading conditions. When a redirect policy is invoked, the PDSN service rejects new sessions with an A11 Registration Reply Code of 88H (unknown PDSN address) and provides the IP address of an alternate PDSN. This command can be issued multiple times.
address: The IP address of an alternate PDSN expressed in IP v4 dotted decimal notation. Up to 16 IP addresses can be specified either in one command or by issuing the redirect command multiple times. If you try to add more than 16 IP addresses to the redirect policy the CLI issues an error message. If you specify an IP address and weight that already exists in the redirect policy the new values override the existing values.
weight weight_num: When multiple addresses are specified, they are selected in a weighted round-robin scheme. Entries with higher weights are more likely to be chosen. If a weight is not specified the entry is automatically assigned a weight of 1. weight_num must be an integer from 1 through 10.
Usage
Policies can be implemented to dictate PDSN service behavior for various conditions such as overloading.
The system invokes the overload policy if the number of calls currently being processed exceeds the licensed limit for the maximum number of sessions supported by the system.
The system automatically invokes the overload policy when an on-line software upgrade is started.
Use the no policy { overload | service-option } command to delete a previously configured policy. If after deleting the policy setting you desire to return the policy parameter to its default setting, use the default policy command.
The chassis is shipped from the factory with the policy options set as follows:
Caution: Incorrect configuration of the policy msid-match and policy pcf-zone-match keywords could result in sessions failing to be established. For example, if PDSN1 is configured to redirect sessions to PDSN2 while PDSN2 is configured to redirect sessions to PDSN1, a loop is created in which all sessions would fail to be connected. In addition, sessions will not be established if the PDSN to which the sessions are being redirected is unavailable.
Example
The following command configures the PDSN service to redirect traffic to two different destinations with weights of 1 and 10 respectively:
policy overload redirect 192.168.1.100 weight 1 192.168.1.200 weight 10
 
ppp
Sets PPP tunneling parameters for subscribers in the current PDSN service.
Product
PDSN
Privilege
Security Administrator, Administrator
Syntax
ppp { tunnel-context context_name | tunnel-type { l2tp | l2tp-secure | none } }
no ppp tunnel-context
no
Clears the configured tunnel context entry.
tunnel-context context_name
The name of the context that has a LAC service configured to handle all tunnels from this PDSN service.
tunnel-type { l2tp | l2tp-secure | none }
l2tp: Force all subscriber sessions in this PDSN service to use L2TP tunneling.
l2tp-secure: Force all subscriber sessions in this PDSN service to use L2TP tunneling and use IPSEC to ensure a secure connection.
none: Do not force L2TP tunneling. This is the default.
Important: If the context specified by the ppp tunnel-context context_name command does not have a LAC service configured and tunnel-type is set to l2tp or l2tp-secure, the call is rejected.
Important: If the PPP tunnel context has not been set or has been cleared with the no ppp tunnel-context command and tunnel-type is set to l2tp or l2tp-secure, the context where the current PDSN service resides is used. If that context does not have a LAC service configured the call is rejected.
Usage
Use this command to enable or disable forced L2TP tunneling for all subscribers using this PDSN service. Also use this command to define which context defines the L2TP tunneling parameters.
Example
To set the tunnel context to the context named context1 and enable forced L2TP tunneling, use the following commands;
ppp tunnel-context context1ppp tunnel-type l2tp
To enable forced L2TP tunneling with IPSEC security, use the following commands;
ppp tunnel-type l2tp-secure
To disable forced tunneling, use the following command;
ppp tunnel-type none
To clear the setting for the tunnel context, use the following command;
no ppp tunnel-context
 
qos-profile-id-mapping
This command creates the customized QoS profile identifier to QoS mapping for IMS authorization support through a Ty interface at the PDSN service level.
Product
PDSN, HA
Privilege
Security Administrator, Administrator
Syntax
qos-profile-id-mapping profile-id id_num { description desc | downlink-bw dl_bw | drop-rate drop_percentage | latency latency_duration | qos-class {class-A | class-B | class-C | class-D | class-E | calss-F } uplink-bw ul_bw }+
[ default | no ] qos-profile-id-mapping profile-id id_num
default
Configures the specified QoS profile ID for QoS mapping with default values in this PDSN service.
no
Removes the configured QoS profile ID mapping in this PDSN service.
profile-id id_num
Specifies the profile identifier for QoS parameters to be used as the customized profile ID or modifies the QoS parameters in a profile ID (id_num) coming from RAN.
id_num must be an integer between 0 and 65535.
description desc
Specifies the user defined description for profile identifier.
desc must be an alpha and/or numeric string between 1 and 32 characters.
downlink-bw dl_bw
Default: 32
Specifies the downlink (towards the MN) data traffic bandwidth in kilo-bits per second for this QoS profile.
dl_bw must be an integer value between 0 and 100000.
drop-rate drop_percentage
Default: 0
Specifies the permitted packet drop rate in percentage for traffic flow to this QoS profile.
drop_percentage must be an integer value between 0 and 100.
latency latency_duration
Default: 1000
Specifies the permitted latency duration in milli-seconds for this QoS profile.
latency_duration must be an integer value between 0 and 1000.
qos-class {class-A | class-B | class-C | class-D | class-E | class-F }
Default: Class-C
Specifies the type of QoS class associated with this QoS profile
class-A: Specifies the A type of QoS class.
class-B: Specifies the B type of QoS class.
class-C: Specifies the C type of QoS class.
class-D: Specifies the D type of QoS class.
class-E: Specifies the E type of QoS class.
class-F: Specifies the F type of QoS class.
uplink-bw ul_bw
Default: 32
Specifies the uplink (from the MN) data traffic bandwidth in kilo-bits per second for this QoS profile.
ul_bw must be an integer value between 0 and 100000.
+
More than one of the above keywords can be entered within a single command.
Usage
Use this command to define the values associated with the profile ID on the PDSN. This profile ID is used during the mapping to and from the authorized QoS to the QoS parameters for the A10 link. This mapping is required because the PDSN only knows the profile IDs and not the actual configured values for the profile ID in the RAN. Also this configuration allows the use of custom profile IDs for the subscribers.
If no values are defined with a QoS profile ID, the values from matching QoS profile ID from RAN will be applicable to the subscriber traffic.
Example
The following command sets the downlink bandwidth to 32 kbps, latency duration as 1000 ms, uplink bandwidth to 32 kbps, and QoS class to Class-C for the QoS profile ID 11 in a PDSN service:
default qos-profile-id-mapping profile-id 11
 
qos update
Use this command to set QoS update parameters for policy mismatches or wait timeouts.
Product
PDSN
Privilege
Security Administrator, Administrator
Syntax
qos-update [ policy-mismatch | wait-timeout seconds action [ drop-packets | disconnect-session | downgrade-to-best-effort ] ]
policy-mismatch
PDSN raises a TFT violation if there is a QoS policy mismatch.
wait-timeout action [ drop-packets | disconnect-session | downgrade-to-best-effort ]
Sets the wait time for A11 RRQ for QoS changes. seconds must be an integer from 1 through 1000.
action: configures the action on the wait-timeout
disconnect-session: Drops the call if the A11 RRQ has not been received for the QoS update. This includes all of the IP flows for the session.
downgrade-to-best-effort: Drops packets if the A11 RRQ has not been received for the QoS update. Sends the forward traffic over best effort (flow FF or FE if available).
drop-packets: Drops packets if the A11 RRQ has not been received for the QoS update.
Usage
This command provides a PDSN service level configurable to configure an action, if the PCF ignores the QoS Update request from PDSN. It sets the amount of time to wait and the action to take, if no RRQ is received before the timeout. The action can be to drop packets for the flow, disconnect the session or to downgrade to best effort.
Example
qos-update policy mismatch
The following command sets wait-timeout to 60 seconds and invokes downgrade-to-best-effort if the A11 RRQ has not been received for the QoS update:
qos-update wait-timeout 60 action downgrade-to-best-effort
 
registration-accept
When the PDSN is tearing down a session and the MN moves over to a new PCF and initiates a new session, the PDSN by default does not accept the handoff until it tears down the old session. This command allows the PDSN to accept registration requests when a handoff disconnect is in progress.
Product
PDSN
Privilege
Security Administrator, Administrator
Syntax
registration-accept handoff session-disconnect-in-progress
no registration-accept handoff session-disconnect-in-progress
no
Disable accepting of registration requests when a handoff disconnect is still in progress.
Usage
Use this command to allow the PDSN service to accept registration requests when a handoff disconnect is still in progress.
Example
registration-accept handoff session-disconnect-in-progress
 
registration-ack-deny terminate-session-on-error
Configure the PDSN service to terminate an A11 session when a Registration ACK received from the PCF has an error status.
Product
PDSN
Privilege
Security Administrator, Administrator
Syntax
registration-ack-deny terminate-session-on-error
no registration-ack-deny terminate-session-on-error
no
Disable terminating A11 sessions on a Registration ACK error from the PCF.
Usage
Use this command to enable the PDSN service to terminate A11 sessions on a Registration ACK error from the PCF.
Example
Use the following command to enable this functionality in the PDSN:
registration-ack-deny terminate-session-on-error
 
registration-deny
Configures parameters related to registration rejection.
Product
PDSN
Privilege
Security Administrator, Administrator
Syntax
registration-deny { handoff connection-setup-record-absent [ use-deny-code { poorly-formed-request | reason-unspecified } | max-deny-reply-limit num | mismatched-coa-source-address | new-call { connection-setup-record-absent | reverse-tunnel-unavailable } | session-already-active | session-already-closed | session-already-dormant | terminate-session-on-error | use-zero-gre-key
no registration-deny { handoff connection-setup-record-absent | max-deny-reply-limit | mismatched-coa-source-address | new-call { connection-setup-record-absent | reverse-tunnel-unavailable } | session-already-active | session-already-closed | session-already-dormant | terminate-session-on-error | use-zero-gre-key
no
Disables the specified option.
handoff connection-setup-record-absent [ use-deny-code { poorly-formed-request | reason-unspecified
This command configures the handoff behavior.
connection-setup-record-absent [ use-deny-code { poorly-formed-request | reason-unspecified }: When enabled the PDSN denies or discards handoff R-P sessions that do not have an Airlink Connection Setup record in the A11 Registration Request. Default is disabled. Default PDSN behavior is to accept such requests.
[ use-deny-code { poorly-formed-request | reason-unspecified }: Sets the specified Registration Deny Code when denying a handoff because of a missing connection setup record.
max-deny-reply-limit num
Default: 3
Configures max number of retries of erroneous registration request message from PCF for a session before PDSN terminates the session. num can be from 1 to 10.
mismatched-coa-source-address
Default: disabled
Denies RP requests which have a care-of-address field that is different from the request source address.
new-call { connection-setup-record-absent [ use-deny-code { poorly-formed-request | reason-unspecified } | reverse-tunnel-unavailable }
connection-setup-record-absent: Configures the PDSN to reject calls that do not have the airlink connection setup record in the RRQ.
use-deny-code { poorly-formed-request | reason-unspecified } When rejecting calls that do not have the airlink setup record, use the the specified deny code.
reverse-tunnel-unavailable: Configures the PDSN to reject calls if the GRE key for a user collides with that of another user.
session-already-active
PDSN denies Registration requests for sessions that are already active with the error code “poorly formed request” .
session-already-closed
PDSN denies RP renew and dereg requests with error code 0x8E for absent R-P sessions.
session-already-dormant
PDSN denies Registration requests for sessions that are already dormant with the error code “poorly formed request” .
terminate-session-on-error
Default: Disabled.
Configures PDSN to terminate session if erroneous registration request message is received for the session.
use-zero-gre-key
Configures the PDSN to set the GRE key to zero (0) when denying a new R-P session.
Usage
Use this command to configure parameters relating to the rejection of registration requests.
Example
To reject calls that do not have the airlink setup record in the RRQ, enter the following command:
registration-deny new-call connection-setup-record-absent
To reject calls if the GRE key collides with that of another user, enter the following command:
registration-deny new-call reverse-tunnel-unavailable
To set the GRE key to 0 (zero) when a new R-P session is denied, enter the following command:
registration-deny new-call use-zero-gre-key
 
registration-discard
Configures the PDSN service to discard any Registration Request message containing multiple information elements of the same type or a different GRE key for existing IMSI session.
Product
PDSN
Privilege
Security Administrator, Administrator
Syntax
registration-discard { bad-extension | gre-key-change | handoff connection-setup-record-absent }
no registration-discard { bad-extension | gre-key-change | handoff connection-setup-record-absent }
no
Disables the discarding of Registration request messages containing multiple information elements or different GRE keys.
bad-extension
Default: Disabled
Configures the PDSN to discard Registration Request message containing multiple information elements of same type.
gre-key-change
Default: Disabled
Configures PDSN to discard Registration Request message containing different GRE key for existing IMSI session. Default is disable
handoff connection-setup-record-absent
Default: Disabled
When enabled, discards A11 Handoff requests that do not contain the Airlink Setup record.
Usage
Use this command to configure the PDSN service to discard and Registration Requests that contain multiple information elements of the same type or discard Registration Requests that contain GRE keys that have different GRE keys for the existing IMSI session.
Example
To configure the PDSN service to discard of Registration Requests that have multiple information elements of the same type, enter the following command:
registration-discard bad-extension
To configure the PDSN service to discard registration Requests that contain a GRE key that is different than the existing one for the existing IMSI session, enter the following command:
registration-discard gre-key-change
 
registration-update
Configures registration update related parameters for the PDSN.
Product
PDSN
Privilege
Security Administrator, Administrator
Syntax
registration-update { pdsn-code-nvse | wait-timeout secs }
no registration-update { pdsn-code-nvse | wait-timeout secs }
no
If this option is used with the pdsn-code-nvse keyword, then pdsn-code-nvse configuration is disabled.
If this option is used with the wait-timeout keyword, a separate A11 timer is not used. The PDSN waits for the ppp retransmit-timeout and then sends the A11 Update. If a value is provided, then the "ppp retransmit-timeout" is ignored and a separate A11 timeout is started immediately upon sending the LCP Term-Ack. The A11 Update is then sent when the timer expires.
A value of 0 sends the A11 Update immediately after sending the LCP Term-Ack.
pdsn-code-nvse
Adds the PDSN code NVSE in all A11 registration update messages.
secs
The number of seconds to wait. secs must be an integer in the range from 0 through 16.
wait-timeout
After the Mobile Node terminates a PPP session between the PDSN and the Mobile Node, the PDSN service waits for the specified time period to receive an A11 RRQ from the PCF before it sends out a Registration-Update to clear the Session from the PCF.
Usage
Use this command to configure registration update related
The wait-tiimeout keyword configures the PDSN to wait the specified amount of time before sending out a Registration-Update to clear the Session from the PCF.
Example
Use the following command to set the registration wait-timeout to 16 seconds:
registration-update wait-timeout 16
 
retransmission-timeout
Configures the maximum allowable time for the PDSN service to wait for a response from the PCF before it a) attempts to communicate with the PCF again (if the system is configured to retry the PCF) or b) marks the PCF as unreachable.
Product
PDSN
Privilege
Security Administrator, Administrator
Syntax
retransmission-timeout time
no retransmission-timeout
time
Specifies the maximum allowable time for the PDSN service to wait for a response from the PCF before it a) attempts to communicate with the PCF again (if the system is configured to retry the PCF) or b) marks the PCF as unreachable.
time is measured in seconds and can be configured to any integer value between 1 and 1,000,000.
Usage
Use the retransmission timeout command in conjunction with the max-retransmissions command in order to configure the PDSN services behavior when it does not receive a response from a particular PCF.
Use the no retransmission-timeout command to delete a previously configured timeout value. If after deleting the lifetime setting you desire to return the lifetime parameter to its default setting, use the default retransmission-timeout command.
The chassis is shipped from the factory with the retransmission timeout set to 3 seconds.
Example
The following command configures a retransmission timeout value of 5 seconds:
retransmission-timeout 5
The following command deletes a previously configured retransmission-timeout setting:
no retransmission-timeout
 
sdb-indication
Configures parameters pertaining to Short Data Burst (SDB) functionality.
Product
PDSN
Privilege
Security Administrator, Administrator
Syntax
sdb-indication { echo-request | server-address ipaddress/mask packet-length-range min min_range max max_range }
no sdb-indication { echo-request | server-address ipaddress/mask }
no
Disables short-databurst indication.
echo-request
Default: Disabled
Enables the inclusion of the SDB indicator in the LCP Echo Request message(s).
server-address ipaddress/mask
Configures the IP address of the PTT server.
ipaddress is the IP address expressed in dotted decimal notation.
mask is the number of mask bits.
packet-length-range min min_range max max_range
Configures the packet length associated with the specified server.
min min_range configures the minimum packet length as an integer value between 1 and 65535.
max max_range configures the maximum packet length as an integer value between 1 and 65535.
Usage
This command controls the use of Short Data Burst functionality between the PDSN, PCF, and Push-to-Talk (PTT) servers.
Important: This command is for use with a customer-specific implementation and requires a valid Short Data Burst feature-use license to be installed.
Example
The following command configures a PTT server address of 192.168.1.200 with a mask of 16, a minimum packet size of 200, and a maximum packet size of 400:
sdb-indication server-address 192.168.1.200/16 packet-length-range min 200 max 400
 
service-option
If the service option policy is enabled, this command specifies the service options supported by the PDSN service.
Product
PDSN
Privilege
Security Administrator, Administrator
Syntax
service-option number
no service-option number
number
Default: 7, 15, 22, 23, 24, 25, 33, 59, 67
Specifies a specific Service Option (SO) number that this PDSN service is allowed to support.
number can be configured to any integer value between 1 and 1000.
Usage
Use the service option command in conjunction with the policy service option enforce command to configure specific SO numbers that are supported. If a particular SO number is not configured, then any subscriber session received with that SO number will be rejected and an A11 Registration Reply Code of 86 (poorly formed request) will be sent.
By default, PDSN services are configured to support the following service option numbers:
Important: Option 67 is used for auxiliary connections for Rev-A calls. PPP encapsulation of data packets does not flow over this service option connection. ROHC can be performed without PPP for this service option.
Use the no service-option number command to delete a previously configured service option. If after deleting the service option setting you desire to return the service option parameter to its default setting, use the default service-option command.
Example
The following command enables a service option of 12:
service-option 12
The following command disables the default service option 59 :
no service-option 59
 
setup-timeout
The maximum amount of time allowed for session setup.
Product
PDSN
Privilege
Security Administrator, Administrator
Syntax
setup-timeout seconds
seconds
Default: 60 seconds
The maximum amount of time, in seconds, to allow for setup of a session. seconds must be an integer from 1 through 1000000
Usage
Use this command to set the maximum amount of time allowed for setting up a session.
Example
Use the following command to set the maximum time allowed for setting up a session to 300 seconds:
setup-timeout 300
 
simple-ip allow
This command is used to disable or re-enable SImple-IP sessions from making a connection before authorization takes place.
Product
PDSN
Privilege
Security Administrator, Administrator
Syntax
[no|default] simple-ip allow
no
When a session attempts PPP authentication, it is assumed that it is a Simple-IP session and it is disconnected before the user is authenticated (RADIUS or local authentication). Also, if allow-noauth is enabled and PPP authentication is not performed, after IPCP the session is disconnected if it is discovered that it is a Simple-IP session.
default
Reset this command to allow Simple-IP sessions to connect.
Usage
Use this command to prevent Simple-IP sessions from connecting to a PDSN service.
Example
The following command configures the PDSN service so that it will reject any Simple-IP sessions:
no simple-ip allow
The following command configures the PDSN service to allow Simple-IP sessions:
simple-ip allow
 
spi
Configures the security parameter index (SPI) between the PDSN service and the PCF. This command also configures the redirection of call based on PCF zone.
Product
PDSN
Privilege
Security Administrator, Administrator
Syntax
spi remote-address { pcf_ip_address | ip_addr_mask_combo } spi-number number { encrypted secret enc_secret | secret secret } [ description string ] [ hash-algorithm { md5 | rfc2002-md5 } ] [ replay-protection { nonce | timestamp } ] [ timestamp-tolerance tolerance ] [ zone zone_id ]
no spi remote-address pcf_ip_address spi-number number
remote-address { pcf_ip_address | ip_addr_mask_combo }
pcf_ip_address: Specifies the IP address of the PCF. pcf_ip_address is an IP address expressed in IP v4 dotted decimal notation.
ip_addr_mask_combo: Specifies the IP address of the PCF and specifies the IP address network mask bits. ip_addr_mask_combo must be specified using the form ‘IP Address/Mask Bits’ where the IP address must either be an IPv4 address expressed in dotted decimal notation or an IPv6 address expressed in colon notation and the mask bits are a numeric value which is the number of bits in the subnet mask.
spi-number number
Specifies the SPI (number) which indicates a security context between the PCF and the PDSN in accordance with IOS 4.1 and RFC 2002.
number can be configured to any integer value between 256 and 4294967295.
encrypted secret enc_secret | secret secret
Configures the shared-secret between the PDSN service and the PCF. The secret can be either encrypted or non-encrypted.
encrypted secret enc_secret: Specifies the encrypted shared key (enc_secret) between the PCF and the PDSN service. enc_secret must be between 1 and 254 alpha and/or numeric characters and is case sensitive.
secret secret: Specifies the shared key (secret) between the PCF and the PDSN services. secret must be between 1 and 127 alpha and/or numeric characters and is case sensitive.
The encrypted keyword is intended only for use by the chassis while saving configuration scripts. The system displays the encrypted keyword in the configuration file as a flag that the variable following the secret keyword is the encrypted version of the plain text secret key. Only the encrypted secret key is saved as part of the configuration file.
description string
This is a description for the SPI. string must be an alpha and or numeric string of from 1 through 31 characters.
hash-algorithm { md5 | rfc2002-md5 }
Default: md5
Specifies the hash-algorithm used between the PDSN service and the PCF.
md5: Configures the hash-algorithm to implement MD5 per RFC 1321.
rfc2002-md5: Configures the hash-algorithm to implement keyed-MD5 per RFC 2002.
replay-protection { nonce | timestamp }
Default: timestamp
Specifies the replay-protection scheme that should be implemented by the PDSN service.
nonce: Configures replay protection to be implemented using NONCE per RFC 2002.
timestamp: Configures replay protection to be implemented using timestamps per RFC 2002.
timestamp-tolerance tolerance
Default: 60
Specifies the allowable difference (tolerance) in timestamps that is acceptable. If the difference is exceeded, then the session will be rejected. If this is set to 0, then time stamp tolerance checking is disabled at the receiving end.
tolerance is measured in seconds and can be configured to any integer value between 0 and 65535.
zone zone_id
Specifies the different PCF zones to configure in PDSN service. Mapping of a zone-number to a set of PDSNs can be done per PDSN service basis.
zone_id must be an integer value between 1 and 32. A maximum of 32 PCF zones can be configured for a PDSN service.
Usage
An SPI is a security mechanism configured and shared by the PCF and the PDSN service. Please refer to IOS 4.1 and RFC 2002 for additional information.
Multiple SPIs can be configured if the PDSN service is communicating with multiple PCFs.
Important: The SPI configuration on the PCF must match the SPI configuration for the PDSN service on the system in order for the two devices to communicate properly.
Use the no version of this command to delete a previously configured SPI.
This command used with zone zone_id redirects all calls on the basis of PCF zone to the specific PDSN on the basis of parameters configured at policy pcf-zone-match command.
Example
The following command configures the PDSN service to use an SPI of 256 when communicating with a PCF with the IP address 192.168.0.2. The key that would be shared between the PCF and the PDSN service is q397F65.
spi remote-address 192.168.0.2 spi-number 256 secret q397F65
The following command deletes the configured SPI of 400 for an PCF with an IP address of 172.100.3.200:
no spi remote-address 172.100.3.200 spi-number 400
The following command creates the configured SPI of 400 for an PCF with an IP address of 172.100.3.200 and zone id as 11:
spi remote-address 172.100.3.200 spi-number 400 zone 11
 
spi zone
Configures the security parameter index (SPI) between the PDSN service and the PCF with mapping between a zone number to a set of PDSNs per PDSN service to redirect call on the basis of PCF zone.
Product
PDSN
Privilege
Security Administrator, Administrator
Syntax
spi zone zone_id
no spi zone zone_id
zone zone_id
Default: 60
Specifies the different PCF zones to configure in PDSN service. Mapping of a zone-number to a set of PDSNs can be done per PDSN service basis.
zone_id must be an integer value between 1 and 32. A maximum of 32 PCF zones can be configured for a PDSN service.
Usage
An SPI is a security mechanism configured and shared by the PCF and the PDSN service. Please refer to IOS 4.1 and RFC 2002 for additional information.
Multiple SPIs can be configured if the PDSN service is communicating with multiple PCFs.
This PCF zone option is used for call redirection on the basis of PCF zone. When a new call arrives the PDSN, it checks whether the PCF, from which the call arrived, belongs to a particular zone. If
Important: The SPI configuration on the PCF must match the SPI configuration for the PDSN service on the system in order for the two devices to communicate properly.
Use the no version of this command to delete a previously configured SPI.
Example
The following command configures the PDSN service to use an SPI of 256 when communicating with a PCF with the IP address 192.168.0.2. The key that would be shared between the PCF and the PDSN service is q397F65.
spi remote-address 192.168.0.2 spi-number 256 secret q397F65
The following command deletes the configured SPI of 400 for an PCF with an IP address of 172.100.3.200:
no spi remote-address 172.100.3.200 spi-number 400
 
threshold a11-rrp-failure
Set an alarm or alert based on the number of A11 Registration Response failures for the PDSN service.
Product
PDSN
Privilege
Security Administrator, Administrator
Syntax
threshold a11-rrp-failure high_thresh [ clear low_thresh ]
no threshold a11-rrp-failure
no
Deletes the alert or alarm.
high_thresh
Default: 0
The high threshold number of A11 Registration Response failures that must be met or exceeded within the polling interval to generate an alert or alarm. It can be configured to any integer value between 0 and 100000.
clear low_thresh
Default:0
The low threshold number of A11 Registration Response failures that must be met or exceeded within the polling interval to clear an alert or alarm. It can be configured to any integer value between 0 and 100000.
Important: This value is ignored for the Alert model. In addition, if this value is not configured for the Alarm model, the system assumes it is identical to the high threshold.
Usage
Use this command to set an alert or an alarm when the number of A11 Registration Response failures is equal to or greater than a specified number.
Alerts or alarms are triggered for the number of A11 Registration Response failures based on the following rules:
Enter condition: Actual number of A11 Registration Response failures > High Threshold
Clear condition: Actual number of A11 Registration Response failures £ Low Threshold
Example
The following command configures a number of A11 Registration Response failures threshold of 1000 and a low threshold of 500 for a system using the Alarm thresholding model:
threshold a11-rrp-failure 1000 clear 500
 
threshold a11-rrq-msg-discard
Set an alarm or alert based on the number of Discarded A11 Registration Requests for the PDSN service.
Product
PDSN
Privilege
Security Administrator, Administrator
Syntax
threshold a11-rrq-msg-discard high_thresh [ clear low_thresh ]
no threshold a11-rrq-msg-discard
no
Deletes the alert or alarm.
high_thresh
Default: 0
The high threshold number of Discarded A11 Registration Requests that must be met or exceeded within the polling interval to generate an alert or alarm. It can be configured to any integer value between 0 and 100000.
clear low_thresh
Default:0
The low threshold number of Discarded A11 Registration Requests that must be met or exceeded within the polling interval to clear an alert or alarm. It can be configured to any integer value between 0 and 100000.
Important: This value is ignored for the Alert model. In addition, if this value is not configured for the Alarm model, the system assumes it is identical to the high threshold.
Usage
Use this command to set an alert or an alarm when the number of Discarded A11 Registration Requests is equal to or greater than a specified number.
Alerts or alarms are triggered for the number of Discarded A11 Registration Requests based on the following rules:
Enter condition: Actual number of Discarded A11 Registration Requests > High Threshold
Clear condition: Actual number of Discarded A11 Registration Requests £ Low Threshold
Example
The following command configures a number of Discarded A11 Registration Requests threshold of 1000 and a low threshold of 500 for a system using the Alarm thresholding model:
threshold a11-rrq-msg-discard 1000 clear 500
 
tft-validation wait-timeout
This command configures the TFT validation wait timeout value for QoS changes. The QoS update timer triggers automatic QoS updates based on dynamic policies.
Product
PDSN
Privilege
Security Administrator, Administrator
Syntax
tft-validation wait-timeout seconds
no tft-validation wait-timeout seconds
no
Removes the wait-timeout timer.
Usage
Configures the TFT validation wait time value for A11 RRQ for QoS changes. seconds must be an integer from 1 through 65535.
Example
Use the following command to set the TFT validation wait-timeout to 5 seconds:
tft-validation wait-timeout 5
 
threshold a11-rac-msg-discard
Set an alarm or alert based on the number of Discarded A11 Registration Acknowledgements for the PDSN service.
Product
PDSN
Privilege
Security Administrator, Administrator
Syntax
threshold a11-rac-msg-discard high_thresh [ clear low_thresh ]
no threshold a11-rac-msg-discard
no
Deletes the alert or alarm.
high_thresh
Default: 0
The high threshold number of Discarded A11 Registration Acknowledgements that must be met or exceeded within the polling interval to generate an alert or alarm. It can be configured to any integer value between 0 and 100000.
clear low_thresh
Default:0
The low threshold number of Discarded A11 Registration Acknowledgements that must be met or exceeded within the polling interval to clear an alert or alarm. It can be configured to any integer value between 0 and 100000.
Important: This value is ignored for the Alert model. In addition, if this value is not configured for the Alarm model, the system assumes it is identical to the high threshold.
Usage
Use this command to set an alert or an alarm when the number of Discarded A11 Registration Acknowledgements is equal to or greater than a specified number.
Alerts or alarms are triggered for the number of Discarded A11 Registration Acknowledgements based on the following rules:
Enter condition: Actual number of Discarded A11 Registration Acknowledgements > High Threshold
Clear condition: Actual number of Discarded A11 Registration Acknowledgements £ Low Threshold
Example
The following command configures a number of Discarded A11 Registration Acknowledgements threshold of 1000 and a low threshold of 500 for a system using the Alarm thresholding model:
threshold a11-rac-msg-discard 1000 clear 500
 
threshold all-ppp-send-discard
Set an alarm or alert for the PDSN service based on the number of packets that the PPP protocol processing layer internally discarded on transmit for any reason.
Product
PDSN
Privilege
Security Administrator, Administrator
Syntax
threshold all-ppp-send-discard high_thresh [clear low_thresh]
no threshold all-ppp-send-discard
no
Deletes the alert or alarm.
high_thresh
Default: 0
The high threshold number of discarded PPP send packets that must be met or exceeded within the polling interval to generate an alert or alarm. It can be configured to any integer value between 0 and 100000.
clear low_thresh
Default:0
The low threshold number of discarded PPP send packets that must be met or exceeded within the polling interval to clear an alert or alarm. It can be configured to any integer value between 0 and 100000.
Important: This value is ignored for the Alert model. In addition, if this value is not configured for the Alarm model, the system assumes it is identical to the high threshold.
Usage
Use this command to set an alert or an alarm when the number of discarded PPP send packets is equal to or greater than a specified number.
Alerts or alarms are triggered for the number of discarded PPP send packets is based on the following rules:
Enter condition: Actual number of discarded PPP send packets > High Threshold
Clear condition: Actual number of discarded PPP send packets £ Low Threshold
Example
The following command configures a number of discarded PPP send packets threshold of 1000 and a low threshold of 500 for a system using the Alarm thresholding model:
threshold all-ppp-send-discard 1000 clear 500
 
threshold init-rrq-rcvd-rate
Set an alarm or alert based on the average number of calls setup per second for the context.
Product
PDSN
Privilege
Security Administrator, Administrator
Syntax
threshold init-rrq-rcvd-rate high_thresh [ clear low_thresh ]
no threshold init-rrq-rcvd-rate
no
Deletes the alert or alarm.
high_thresh
Default: 0
The high threshold average number of calls setup per second must be met or exceeded within the polling interval to generate an alert or alarm. It can be configured to any integer value between 0 and 1000000.
clear low_thresh
Default:0
The low threshold average number of calls setup per second that must be met or exceeded within the polling interval to clear an alert or alarm. It can be configured to any integer value between 0 and 1000000.
Important: This value is ignored for the Alert model. In addition, if this value is not configured for the Alarm model, the system assumes it is identical to the high threshold.
Usage
Use this command to set an alert or an alarm when the average number of calls setup per second is equal to or greater than a specified number of calls per second.
Alerts or alarms are triggered for the number of calls setup per second based on the following rules:
Enter condition: Actual number of calls setup per second > High Threshold
Clear condition: Actual number of calls setup per second £ Low Threshold
Example
The following command configures a number of calls setup per second threshold of 1000 and a low threshold of 500 for a system using the Alarm thresholding model:
threshold init-rrq-rcvd-rate 1000 clear 500
 
 

Cisco Systems Inc.
Tel: 408-526-4000
Fax: 408-527-0883