This section contains additions and changes made to the configuration commands available in Release 10.0. Topics covered in this chapter are:This section contains configuration commands that are new in Release 10.0. New commands in this version are divided into the following sections:New command added to support dynamic MPLS label on BGP. This command globally enables the MPLS BGP forwarding. By enabling this command, the BGP VPNv4 routes need not have an underlying LDP LSP to forward the IP packets.IMPORTANT: This is a license-enabled service.
With this release, Cisco Systems introduced Home-NodeB Gateway. The Home NodeB Gateway is the HNB network access concentrator used to connect the Home NodeBs (HNBs)/Femto Access Point (FAP) to access the UMTS network through HNB Access Network. It aggregates Home Node-B or Femto Access Points to a single network element and then integrates them into the Mobile Operators Voice, Data and Multimedia networks.Multiple configuration modes and commands added for this feature in Command Line Interface Reference. For more information on this product, refer HNB Gateway Administration Guide.This command configures a waiver on top of average available memory credits per session for the Fair Usage feature.fair-usage session-waiver-percent waiver_percentThis command enables configuring dynamic header field in URL.CLI (Ruledef Configuration Mode)New command added to support the S6b interface on GGSN for authorization with 3GPP AAA/HSS to provide session interoperability with P-GW and HA.IMPORTANT: This is a license-enabled command.
New command added to define the context name where a DNS client is configured. This command will associates an existing DNS client configuration with GGSN to perform DNS query for P-CSCF, if P-CSCF query request in AAA message is received from Diameter node.dns-client context dns_ctxt_nameIMPORTANT: This is a license-enabled command.
New command added to define the Fully Qualified Domain Name (FQDN) which would be used for authorization over S6b interface between GGSN and 3GPP AAA/HSS.IMPORTANT: This is a license-enabled command.
New command added to enable/disable the new call related behavior of GGSN service when duplicate sessions with same IP address request is received. This feature is required to support the interworking with P-GW and HA.IMPORTANT: This is a license-enabled command.
Configures a Fully Qualified Domain Name for this P-GW service used in messages between the P-GW and a 3GPP AAA server over the S6b interface.Configures the name of the context where lawful intercept packets are delivered to the lawful intercept server.gx-li context nameConfigures the P-GW to accept or reject requests for a static IP address if the address is already in use by another session.Creates a last route profile, which will be specified on peer server configuration to select the Last Routing Option (LRO) number while forwarding an emergency call packet to a particular peering server, and enters the Last Route Profile Criteria Configuration Mode.no cscf last-route-profile name profile_nameConfigure county names and assign them Last Routing Option (LRO) numbers to be used by the CSCF last route profile.[ no ] county-name county_name[ no ] lro-number valuelro-selection-profile name profile_nameConfigures peer Session Border Controller (SBC) addresses from where the P-CSCF/A-BG service can receive requests.[ no ] peer-sbc ip_addressEnables the P-CSCF/A-BG service to reject with a 504 response when it receives 3xx, 480, or “no response” to service request. This feature is disabled by default.Enables the Emergency-CSCF for the service and enters the Emergency-CSCF Configuration Mode. Default is disabled.[ no ] serving-cscf-list server { address address | domain domain }
{ capability value | port num { capability value } }Enables/disables functionality related to 3GPP Release 8 support. This command is disabled by default.Enables/disables alias indication functionality, a collaborative information exchange between the S-CSCF and HSS. This command is disabled by default.network-id idEnables/disables alias indication functionality, a collaborative information exchange between the CSCF and HSS. This command is disabled by default.This section contains configuration commands that have been modified in Release 10.0. Modified commands in this version are divided into the following sections:New keyword import and both added to configure the import route targets and also to configure both, import and export simultaneously.[no] ip maximum-routes ip_route_valueThis command specifies the order of fields in the EDR. The following options were added to this command:attribute attribute { [ format { MM/DD/YY-HH:MM:SS | MM/DD/YYYY-HH:MM:SS | YYYY/MM/DD-HH:MM:SS | YYYYMMDDHHMMSS | seconds } [ localtime ] | [ { bytes | pkts } { downlink | uplink } ] ] priority priority }
l
l
l insert xheader_field_name { string-constant xheader_field_value | variable { bearer { 3gpp { apn | charging-characteristics | charging-id | imei | imsi | rat-type | sgsn-address } | acr | customer-id | ggsn-address | mdn | radius-calling-station-id | session-id | sn-rulebase | subscriber-ip-address | username } [ encrypt ] | http { host | url } }no insert xheader_field_nameThis command specifies the order of fields in the EDR. The following options were added to this command:
l
l This command specifies the order of fields in the UDR. The following option was added to this command:
l
l
l
l [ no ] bearer 3gpp apn [ case-sensitive ] operator valueThis command configures Stateful Firewall and NAT Flow Recovery parameters. The optional keyword no-flow-creation was added to this command, this enables to specify not to create data session/flow-related information for downlink-initiated packets (from the Internet to the subscriber) while the firewall downlink flow-recovery timer is running, but send to subscriber.firewall flow-recovery { downlink [ [ no-flow-creation ] [ timeout timeout ] + ] | uplink [ timeout timeout ] }New keyword force-file-rotation added to force file rotation even if there are no CDRs at the specified time interval.gtpp storage-server local file {compression { gzip | none } | format { custom1 | custom2 | custom3 | custom4 | custom5 | custom6 | custom7 | custom8 } | name prefix prefix | purge-processed-files [ purge-interval purge_dur ] | rotation { cdr-count count | time-interval time [force-file-rotation] | volume size}}default gtpp storage-server local file {compression | format | name prefix | purge-processed-files | rotation { cdr-count | time-interval [force-file-rotation] | volume}}no gtpp storage-server local file rotation { purge-processed-files | rotation { cdr-count | time-interval [force-file-rotation]} }In the GTP-U Service Configuration Mode, the command address has been changed to bind address and support has been added for IPv6 addresses.[ no ] bind { ipv4-address address [ ipv6-address address ] | ipv6-address address [ ipv4-address address ] }
l
l [ no ] bearer 3gpp apn [ case-sensitive ] operator valueThis command enables/disables all/specified NAT Application Level Gateway (ALG). The following NAT ALG options were added to this command:
l pptp: Enables/disables Point-to-Point Tunneling Protocol (PPTP) NAT ALG processing.
l sip: Enables/disables Session Initiation Protocol (SIP) NAT ALG processing.This command configures Stateful Firewall and NAT Flow Recovery parameters. The optional keyword no-flow-creation was added to this command, this enables to specify not to create data session/flow-related information for downlink-initiated packets (from the Internet to the subscriber) while the firewall downlink flow-recovery timer is running, but send to subscriber.This command configures the maximum duration a flow can remain idle, in seconds, after which the system automatically terminates the flow. The alg-media keyword was added to this command. This enables configuring the Media Inactivity Timeout setting. The timeout value gets applied on the RTP and RTCP Media flows that are created for SIP/H.323 calls. The timeout value gets applied only on those flows that actually match the RTP and RTCP media pinholes that are created by the SIP/H.323 ALG.idle-timeout { alg-media | icmp | tcp | udp } idle_timeout_durationThis command enables to add/configure/delete IP address pools in a context. This command also enables to configure many-to-one and one-to-one NAT pools. The group keyword was added to the many-to-one and one-to-one NAT IP pool configuration options. This enables to bind discontigous IP address blocks in individual NAT IP pools with similar characteristics to a single NAT IP pool group.ip pool pool_name { ip_address subnet_mask | ip_address_mask_combo | range start_ip_address end_ip_address } nat-one-to-one [ alert-threshold [ { pool-free | pool-hold | pool-release | pool-used } low_thresh [ clear high_thresh ] + ] [ group-name group_name ] [ nat-binding-timer binding_timer ] [ nexthop-forwarding-address ip_address ] [ on-demand ] [ send-nat-binding-update ] [ srp-activate ] +ip pool pool_name { ip_address subnet_mask | ip_address_mask_combo | range start_ip_address end_ip_address } napt-users-per-ip-address users [ alert-threshold [ { pool-free | pool-hold | pool-release | pool-used } low_thresh [ clear high_thresh ] + ] [ group-name group_name ] [ max-chunks-per-user chunks ] [ nat-binding-timer binding_timer ] [ nexthop-forwarding-address ip_address ] [ on-demand ] [ port-chunk-size size ] [ port-chunk-threshold chunk_threshold ] [ send-nat-binding-update ] [ srp-activate ] +This command controls routing of packets to protocol analyzers. The following changes were made to this command:
l The optional keyword advanced was added to the sip keyword. This enables to route packets to the SIP ALG for processing. For SIP calls to work with NAT/Stateful Firewall, a SIP ALG is required to do payload translation of SIP packets and pin-hole (dynamic flow) creation for media packets. If the optional keyword advanced is configured, the packets matching the routing rule will be routed to SIP ALG for processing and not to the ECS SIP analyzer. If not configured, then packets will be routed to the ECS SIP analyzer for processing.
l pptp: Enables to route traffic to the PPTP analyzer.
l tftp: Enables to route traffic to the TFTP analyzer.route priority route_priority ruledef ruledef_name analyzer { dns | file-transfer | ftp-control | ftp-data | http | imap | mms | p2p | pop3 | pptp | rtcp | rtp | rtsp | sdp | secure-http | sip [ advanced ] | smtp | tftp | wsp-connection-less | wsp-connection-oriented } [ description description ]no route priority route_priorityIn the GTP-U Service Configuration Mode, the command address has been changed to bind address and support has been added for IPv6 addresses.[ no ] bind { ipv4-address address [ ipv6-address address ] | ipv6-address address [ ipv4-address address ] }
l The accounting-policy command was removed
l The egtp-service keyword now has an associated lma-service keyword to support eGTP to PMIP handovers.
l The lma-service keyword now has an associated egtp-service keyword to support PMIP to eGTP handovers.associate { egtp-service name [ lma-service name ] | lma-service name [ egtp-service name ] | qci-qos-mapping name }In the P-GW Service Configuration Mode, the authorize command has been changed to authorize-with-hss.The replaced command used the external keyword to indicate S6b connectivity to an external 3GPP AAA server. The old internal keyword specified that the system acquired subscriber authorization from an internal APN authorization configuration.The new command simply toggles the command between the external S6b authorization (command enabled) and the internal APN authorization (command disabled).In the P-GW Service Configuration Mode, the dns-pcscf context command has been changed to dns-client context.dns-client context nameIn the GTP-U Service Configuration Mode, the command address has been changed to bind address and support has been added for IPv6 addresses.[ no ] bind { ipv4-address address [ ipv6-address address ] | ipv6-address address [ ipv4-address address ] }Wildcard Extended Regular Expressions (ERE) are supported for request-uri content uri_content. For example, "sip.user[0-9]@192\\.168\\.176\\.150"cscf ifc-spt-condition name cond_name { request-uri content uri_content | session-case { originating-registered | originating-unregistered | terminating-registered | terminating-unregistered } | session-description sdp [ content sdp_data ] | sip-header hdr [ content hdr_data ] | sip-method method } [ -noconfirm ] [ condition-negated ]no cscf ifc-spt-condition name cond_nameKeyword message added to specify that MESSAGE SIP requests are to be excluded from Rf charging.Configures the function to allow anonymous and/or non-emergency registered subscribers to initiate emergency sessions. The addition of 3GPP IM CN XML body in 380 response messages can also be allowed.CLI (CSCF Proxy-CSCF Configuration Mode / CSCF Serving-CSCF Configuration Mode / CSCF SIP Proxy Configuration Mode)emergency-sessions [3gpp-ims-xml-body | anonymous [3gpp-ims-xml-body]
[non-emergency-registered] | non-emergency-registered [3gpp-ims-xml-body]]All Interrogating-CSCF functions have been moved to the Serving-CSCF exclusively in v10.0 and beyond.Policy type bridge-network added for S-CSCF bridging.nat-policy policy_name { private-address { address ip_address_mask | default | range start_ip_address end_ip_address } | bridge - network
{ address ip_address_mask | range start_ip_address end_ip_address } }no nat-policy policy_nameThe S-CSCF now supports multiple authorization schemes, but this requires disabling all authorization configured in the S-CSCF service so that it will send “Unknown” in the Sip-Authorization-Scheme AVP. This allows the HSS to dictate authorization. The following commands disable all authorization configured in the S-CSCF service to allow HSS to control authorization:CLI (CSCF Serving-CSCF Configuration Mode / CSCF SIP Proxy Configuration Mode)authentication { aka-v1 value | allow-noauth [invite | re-register | register] | allow-noipauth [invite | re-register | register] | allow-unsecure | aor-auth | md5 value }no authentication { aka-v1 | allow-noauth [invite | re-register | register] | allow-noipauth [invite | re-register | register] | allow-unsecure | aor-auth | md5 }This section contains configuration commands that have been obsoleted in Release 10.0. Obsoleted commands in this version are divided into the following sections:This section provides information on commands that are common to all products that were obsoleted in Release 10.0.
![]() |
Cisco Systems Inc. |
Tel: 408-526-4000 |
Fax: 408-527-0883 |