Policy Control Configuration Mode Commands


Policy Control Configuration Mode Commands
 
 
Policy Control Configuration mode is used to configure the Diameter dictionary, origin host, host table entry and host selection algorithm for IMS Authorization service.
 
 
apn-name-to-be-included
This command configures the APN name to be included in CCR Gx messages.
Product
GGSN, IPSG, PGW
Privilege
Security Administrator, Administrator
Syntax
apn-name-to-be-included { gn | virtual }
default apn-name-to-be-included
default
Applies the default setting for this command.
Default: gn
gn | virtual
Specifies which APN name must be sent in the Gx messages.
gn: Send the real APN name.
virtual: Send the virtual APN name if present, else send the real APN name.
Usage
Use this command to configure the APN name to be included in the CCR Gx messages to the PCRF—the real APN name or the virtual APN name.
Example
The following command configures sending the real APN name in Gx messages:
apn-name-to-be-included gn
 
custom-reauth-trigger
This command enables custom reauth event triggers.
Product
All
Privilege
Security Administrator, Administrator
Syntax
custom-reauth-trigger { none | { preservation-changed | reactivation-changed } + }
default custom-reauth-trigger
default
Configures the default setting for this command.
none
Disables all custom event triggers.
This is the default setting.
preservation-changed
Enables preservation-changed event trigger.
Important: This keyword is for use with a customer-specific implementation, and will be available only if a valid license is installed.
reactivation-changed
Enables reactivation-changed event trigger.
Important: This keyword is for use with a customer-specific implementation, and will be available only if a valid license is installed.
Usage
Use this command to enable/disable custom reauth event triggers.
It is recommended that the preservation-changed and reactivation-changed triggers both be enabled. As, when the bearer goes into preservation mode with the preservation-changed trigger, the reactivation-changed trigger must also be enabled for the bearer to get reactivated subsequently.
If only the preservation-changed trigger is enabled, and the bearer goes into preservation mode, the bearer will never get reactivated. The reactivation triggers will be ignored. If only the reactivation-changed trigger is enabled, reactivation of the already active bearer does not take place, and the reactivation triggers are ignored.
Example
The following command disables all custom event triggers:
custom-reauth-trigger none
 
diameter dictionary
Specifies the Diameter Policy Control Application dictionary for the IMS Authorization Service through Gx/Ty interface.
Product
All
Privilege
Security Administrator, Administrator
Syntax
diameter dictionary { Standard | dpca-custom1 | dpca-custom10 | dpca-custom11 | dpca-custom12 | dpca-custom13 | dpca-custom14 | dpca-custom15 | dpca-custom16 | dpca-custom17 | dpca-custom18 | dpca-custom19 | dpca-custom2 | dpca-custom20 | dpca-custom3 | dpca-custom4 | dpca-custom5 | dpca-custom6 | dpca-custom7 | dpca-custom8 | dpca-custom9 | gxa-3gpp2-standard | gxc-standard | pdsn-ty | r8-gx-standard | std-pdsn-ty | ty-plus | ty-standard }
default diameter dictionary
default
Sets the Diameter dictionary to standard for Gx or Ty interface.
dpca-custom1
Custom-defined Diameter dictionary for the Gx interface.
dpca-custom2
Custom-defined Diameter dictionary for Rel. 7 Gx interface.
dpca-custom3
Custom-defined Diameter dictionary for the Gx interface in conjunction with IP Services Gateway (IPSG).
dpca-custom4
Standard Diameter dictionary for 3GPP Rel. 7 Gx interface.
dpca-custom5
Custom-defined Diameter dictionary for Rel. 7 Gx interface.
dpca-custom6 ... dpca-custom20
Custom-defined Diameter dictionaries.
gxa-3gpp2-standard
Gxa 3GPP2 standard dictionary.
gxc-standard
Gxc standard dictionary.
pdsn-ty
Custom-defined Diameter dictionary for Ty interface.
r8-gx-standard
R8 Gx standard dictionary.
standard
Default: Enabled for Gx support in 3GPP networks.
Standard Diameter dictionary for the 3GPP Rel. 6 Gx interface.
std-pdsn-ty
Default: Enabled for Ty support in 3GPP2 networks.
Standard Diameter dictionary for Ty interface.
ty-plus
Enhanced custom-defined Diameter dictionary for Ty interface.
ty-standard
Specifies standard Diameter dictionary for Ty attributes.
Usage
Use this command to specify the Diameter dictionary for IMS Authorization Service.
Example
The following command sets the standard dictionary for Diameter Policy Control functions in 3GPP network.
diameter dictionary standard
 
diameter host-select reselect
This command controls pacing of the reselection or switching of the PCRF after a change occurs in table configuration for an IMS Authorization Service.
Default: Disabled
Product
All
Privilege
Security Administrator, Administrator
Syntax
diameter host-select reselect subscriber-limit subs_limit time-interval duration
{ default | no } diameter host-select reselect
default
Applies the default setting for this command.
Sets the PCRF reselection or switching to default state.
no
Removes the configured PCRF reselection method and disables the reselection or switching of PCRF.
subscriber-limit subs_limit
Specifies the limit of subscribers to switch or reselect the PCRF for subscribers not more than subs_limit in time duration of duration second(s).
subs_limit must be an integer from 1 through 10000000.
time-interval duration
Specifies the time duration, in seconds, to reselect PCRF for subscribers not more than subs_limit in time duration of duration second(s).
duration must be an integer from 1 through 3600.
Usage
Use this command to specify the pacing of reselection or switching of the PCRF in an IMS authorization service..
In case IMS authorization session have been opened on certain PCRF on the basis of the current selection table, and the current active table configuration is changed, the IMSA starts selection procedure for the PCRF. Existing sessions on current PCRF from earlier table is required to close and reopened on the selected PCRF from the new table. This reselection periodicity is controlled by this command and it indicates the number of subscriber sessions subs_limit to be reselected or moved in duration seconds.
For example, if this command is configured with 100 subscribers and 2 seconds, then the system reselects the PCRF for no more than 100 subscribers per 2 seconds.
Example
The following command sets the system to reselect the new PCRF for no more than 1000 subscriber in 15 seconds:
diameter host-select reselect subscriber-limit 1000 time-interval 15
 
diameter host-select row-precedence
This command adds/appends rows with precedence to a Diameter host table or MSISDN prefix range table.
Product
All
Privilege
Security Administrator, Administrator
Syntax
diameter host-select row-precedence precedence_value table { { { 1 | 2 } host host_name [ realm realm_id ] [ secondary host host_name [ realm realm_id] ] } | { prefix-table { 1 | 2 } msisdn-prefix-from msisdn_prefix_from msisdn-prefix-to msisdn_prefix_to host host_name [ realm realm_id ] [ secondary host sec_host_name [ realm sec_realm_id ] algorithm { active-standby | round-robin } ] } } [ -noconfirm ]
no diameter host-select row-precedence precedence_value table { { 1 | 2 } | prefix-table { 1 | 2 } }
no diameter host-select row-precedence precedence_value table { 1 | 2 }
Removes the row with the specified precedence from the specified Diameter host table.
diameter host-select row-precedence precedence_value table { 1 | 2 } host host_name [ realm realm_id ] [ secondary host sec_host_name [ realm sec_realm_id ] ]
This command adds/appends a row in the specified Diameter host table.
In StarOS 8.0, a maximum of 16 rows can be added to a table. In StarOS 8.1 and later, a maximum of 128 rows can be added per table.
row-precedence precedence_value: Specifies precedence of the row in the Diameter host table.
Important: In StarOS 8.1 and later, precedence_value must be an integer from 1 through 128. In StarOS 8.0 and earlier, precedence_value must be an integer from 1 through 100.
table { 1 | 2 }: Specifies the Diameter host table to add/append the primary and secondary Diameter host addresses.
host host_name: Specifies the primary host name. host_name must be an alpha and/or numeric string of 1 through 127 characters in length.
realm realm_id: Specifies the primary realm ID. realm_id must be an alpha and/or numeric string of 1 through 127 characters in length.
secondary host sec_host_name [ realm sec_realm_id ]: Specifies the secondary host name and realm ID:
host sec_host_name: Specifies the secondary host name. host_name must be an alpha and/or numeric string of 1 through 127 characters in length.
realm sec_realm_id: Specifies the secondary realm ID. realm_name must be an alpha and/or numeric string of 1 through 127 characters in length.
no diameter host-select row-precedence precedence_value table prefix-table { 1 | 2 } }
Removes the row with the specified precedence from the specified MSISDN prefix range table.
diameter host-select row-precedence precedence_value table prefix-table { 1 | 2 } msisdn-prefix-from msisdn_prefix_from msisdn-prefix-to msisdn_prefix_to host host_name [ realm realm_id ] [ secondary host sec_host_name [ realm sec_realm_id ] algorithm { active-standby | round-robin } ] [ -noconfirm ]
Use this command to configure the MSISDN prefix range based PCRF selection mechanism for Rel. 7 Gx interface support, wherein the PCEF is required to discover and select an appropriate PCRF to establish control relationship at primary PDP context activation.
This command adds a row in the specified MSISDN prefix range table. A maximum of 128 rows can be added per prefix range table.
row-precedence precedence_value: Specifies precedence of the row in the table.
Important: In StarOS 8.1 and later, precedence_value must be an integer from 1 through 128. In StarOS 8.0 and earlier, precedence_value must be an integer from 1 through 100.
prefix-table { 1 | 2 }: Specifies the MSISDN prefix range table to add the primary and/or secondary Diameter host addresses.
msisdn-prefix-from msisdn_prefix_from: For a range of MSISDNs, specifies the starting MSISDN.
msisdn-prefix-to msisdn_prefix_to: For a range of MSISDNs, specifies the ending MSISDN.
Important: To enable the Gx interface to connect to a specific PCRF for a range of MSISDNs/subscribers configure msisdn_prefix_from and msisdn_prefix_to with the starting and ending MSISDNs respectively. The MSISDN ranges must not overlap between rows. To enable the Gx interface to connect to a specific PCRF for a specific MSISDN/subscriber, configure both msisdn_prefix_from and msisdn_prefix_to with the same MSISDN.
host host_name: Specifies the primary host name. host_name must be an alpha and/or numeric string of 1 through 127 characters in length.
realm realm_id: Specifies the primary realm ID. realm_id must be an alpha and/or numeric string of 1 through 127 characters in length.
secondary host sec_host_name [ realm sec_realm_id ]: Specifies the secondary host name and realm ID: host sec_host_name: Specifies the secondary host name. sec_host_name must be an alpha and/or numeric string of 1 through 127 characters in length.
realm sec_realm_id: Specifies the secondary realm ID. sec_realm_id must be an alpha and/or numeric string of 1 through 127 characters in length.
algorithm { active-standby | round-robin }: Specifies the algorithm for selection between primary and secondary servers in the MSISDN prefix range table.
Default: active-standby
active-standby: Specifies selection of servers in the Active-Standby fashion.
round-robin: Specifies selection of servers in the Round-Robin fashion.
Important: The Round Robin algorithm for PCRF selection is effective only over a large number of PCRF selections, and not at a granular level.
-noconfirm
Specifies that the command is to execute without any additional prompt and confirmation from the user.
Usage
Use this command to add, update, or delete rows specified with a precedence from a Diameter host table or MSISDN prefix range table.
In the Rel. 7 Gx implementation, when the Gateway interworks with multiple PCRFs, the Gateway can configure the primary and secondary server based on the MSISDN-prefix range in the MSISDN prefix range table. Using this command, you can add a new prefix row into the MSISDN prefix table.
If a row with the precedence that you add already exists in a table, the existing prefix row is removed and the new row is inserted with the same precedence.
Example
The following command adds a row with precedence 12 in table 2 with primary host name as star_ims1 and secondary host name as star_ims2 to Diameter host table.
diameter host-select row-precedence 12 table 2 host star_ims1 secondary host star_ims2
 
diameter host-select table
This command selects the Diameter host table or the MSISDN prefix range table, and the algorithm to select rows from the Diameter host table.
Product
All
Privilege
Security Administrator, Administrator
Syntax
diameter host-select table { { 1 | 2 } algorithm { ip-address-modulus [ prefer-ipv4 | prefer-ipv6 ] | msisdn-modulus | round-robin } | prefix-table { 1 | 2 } }
{ default | no } diameter host-select table
default
Applies the default setting for this command.
no
Removes previous configuration.
When no table is selected, the system will not communicate with any PCRF for new sessions.
diameter host-select table { 1 | 2 } algorithm { ip-address-modulus | msisdn-modulus | round-robin }
table { 1 | 2 }: Specifies the Diameter host table to obtain the primary and secondary host name for PCRF.
algorithm { ip-address-modulus [ prefer-ipv4 | prefer-ipv6 ] | msisdn-modulus | round-robin }: Specifies the algorithm to select the row from the Diameter host table.
Default: round-robin
ip-address-modulus [ prefer-ipv4 | prefer-ipv6 ]: This algorithm divides the IP address, in binary, of the subscriber by the number of rows in the table, and the remainder is used as an index into the specified table to select the row.
msisdn-modulus: This algorithm divides the MSISDN value in binary without the leading “+” of the subscriber by the number of rows in the table, and the remainder is used as an index in the specific table to select the row.
round-robin: This algorithm rotates all rows in the active table for selection of the row in round-robin fashion. If no algorithm is specified this is the default behavior.
Important: The Round Robin algorithm is effective only over a large number of selections, and not at a granular level.
diameter host-select table prefix-table { 1 | 2 }
Specifies the MSISDN Prefix Range table to be used in case of MSISDN prefix range based PCRF discovery mechanism.
Usage
Use this command to configure the Diameter host table and row selection methods to select host name or realm for PCRF.
When this command is used to change which table the system should be using, user must re-determine which E-PDF the system should be using for each subscriber. If a different E-PDF results from the configuration change in the table, the system will wait for all of the IMS sessions for the subscriber to be no longer active and then the system either closes/opens Gx sessions with the old/new PDFs respectively, or the system deactivates the PDP contexts of the subscriber.
Here is an example of how row selection is configured for three hosts that the system will use for load-balancing. Operator can configure six rows in a table, as follows.
In the above table, the three hosts are named 1, 2, and 3. When all hosts are working, the load will be distributed among all the three hosts. If host 1 fails, then the load will be distributed between the remaining two hosts. In this scenario, the modulo 6 results of 2 and 4 will return rows that have primary hosts but no working back-up host.
In the Rel. 7 Gx implementation, the GGSN/PCEF is required to discover and select an appropriate PCRF to establish control relationship at primary PDP context activation. The ip-address-modulus, msisdn-modulus, and round-robin algorithms are supported by the GGSN/PCEF for PCRF discovery. In addition, the active/standby and round-robin algorithms are used for selection between primary and secondary servers based on the MSISDN Prefix Range Table.
Example
The following command specifies table 1 with round-robin algorithm to select the rows with host name for E-PDF in Diameter host table.
diameter host-select table 1 algorithm round-robin
 
diameter origin endpoint
This command binds the origin endpoint configured in Context Configuration mode to the IMS Authorization service for Diameter Policy Control Application (DPCA).
Product
All
Privilege
Security Administrator, Administrator
Syntax
diameter origin endpoint endpoint_name
no diameter origin
no
Removes the binding of Diameter origin endpoint with IMS Authorization service.
endpoint endpoint_name
endpoint_name is the Diameter endpoint configured in Context Configuration Mode to bind with IMS authorization service, and must be an alpha/numeric string of 1 through 63 characters in length.
Usage
Use this command to bind a configured Diameter origin endpoint to the IMS Authorization service for DPCA. This IMS authorization service searches all system contexts until it finds one with a matching Diameter origin endpoint name specified.
Example
The following command binds a configured endpoint named test to the IMS authorization service:
diameter origin endpoint test
 
diameter request-timeout
This command configures the request-timeout setting for Diameter-IMSA Gx interface.
 
Product
GGSN
Privilege
Security Administrator, Administrator
Syntax
diameter request-timeout timeout
default diameter request-timeout
default
Applies the default setting for this command.
timeout
Specifies the timeout period in seconds.
timeout must be an integer from 1 through 300.
Default: 10 seconds
Usage
Use this command to configure the request-timeout setting for Diameter-IMSA Gx interface.
Example
The following command configures the Diameter request-timeout setting to 20 seconds:
diameter request-timeout 20
 
end
Exits the current mode and returns to the Exec mode.
Product
All
Privilege
Security Administrator, Administrator
Syntax
end
Usage
Use this command to change to the Exec mode.
 
exit
Exits the current mode and returns to the parent configuration mode.
Product
All
Privilege
Security Administrator, Administrator
Syntax
exit
Usage
Use this command to return to the parent configuration mode.
 
li-secret
This command configures an Lawful Intercept shared secret key value for LI session. This value needs to be the same between PCRF and PCEF for Lawful Interception to happen.
Product
MME, P-GW, S-GW
Privilege
Security Administrator, Administrator
Syntax
[ no ] li-secret [ encrypted ] key key_value
[ no ] li-secret
no
This keywords removes the configured secret key value for LI. This is the default mode.
encrypted
This keyword displays the secret value in an encrypted format and only show configuration showsecrets will make the secret value visible.
key key_value
This keyword configures a secret key value for Lawful Intercept shared secret key.
key_value must be an alphabetic and/or numeric string of size 1 to 128 characters.
Usage
Use this command to configure a shared secret key value with or without encryption. This value needs to be the same between PCRF and PCEF (network function srvice node) for Lawful Interception to happen. It this command is not configured, by default LI secret key will be used.
The command will display the secret value in an encrypted format and only show configuration showsecrets command will make the secret value visible.
Example
Following command sets the encrypted LI secret key to a value for LI session.
li-secret encrypted keysecret_key_value
 
failure-handling
This command configures Diameter failure handling behavior.
Product
All
Privilege
Security Administrator, Administrator
Syntax
In StarOS 8.0:
failure-handling { continue | retry-and-terminate | terminate | diameter-result-code { any-error | result_code } ccfh { continue | retry-and-terminate | terminate } [ cc-request-type { initial-request | terminate-request | update-request } ] }
no failure-handling diameter-result-code { any-error | integer result_code } [ cc-request-type { initial-request | terminate-request | update-request } ]
In StarOS 8.1 and later:
failure-handling cc-request-type { any-request | initial-request | terminate-request | update-request } { diameter-result-code { any-error | result_code [ to end_result_code ] } } { continue | retry-and-terminate | terminate }
no failure-handling cc-request-type { any-request | initial-request | terminate-request | update-request } [ diameter-result-code { any-error | result_code[ to end_result_code] } ]
no
Disables previous failure-handling configuration.
continue
Specifies that in the event of a failure the user session continues. DPCA/Diameter will make periodic request and/or connection retry attempts and/or will attempt to communicate with a secondary peer depending on the peer config and session-binding setting.
retry-and-terminate
Specifies that in the event of a failure the user session continues for the duration of one retry attempt with the server. If this retry attempt also fails, the session is terminated.
terminate
Specifies that in the event of a failure the user session be terminated.
diameter-result-code { any-error | result_code [ to end_result_code ] }
Specifies failure handling behavior for any/specific result-code(s) to identify the type of failure and failure handling action for specific credit control request type.
any-error: Specifies failure handling behavior for those result-codes for which failure-handling behavior has not been specified.
result_code: Specifies a Diameter failure result code. result_code is the code returned for a failure handling action and must be an integer from 3000 through 4999.
to end_result_code: Use to specify a range of Diameter failure result codes. end_result_code must be an integer from 3000 through 4999, and must be greater than result_code.
continue | retry-and-terminate | terminate
As in StarOS 8.1 and later.
Specifies the credit control failure handling action.
continue: In the event of a failure the user session continues. DPCA/Diameter will make periodic request and/or connection retry attempts and/or will attempt to communicate with a secondary peer depending on the peer config and session-binding setting.
retry-and-terminate: In the event of a failure the user session continues for the duration of one retry attempt with the server. If this retry attempt also fails, the session is terminated.
terminate: In the event of a failure the user session is terminated.
ccfh { continue | retry-and-terminate | terminate }
As in StarOS 8.0:
Specifies the credit control failure handling (CCFH) action with or without credit control request type.
continue: In the event of a failure the user session continues. DPCA/Diameter will make periodic request and/or connection retry attempts and/or will attempt to communicate with a secondary peer depending on the peer config and session-binding setting.
retry-and-terminate: In the event of a failure the user session continues for the duration of one retry attempt with the server. If this retry attempt also fails, the session is terminated.
terminate: In the event of a failure the user session is terminated.
cc-request-type
As in StarOS 8.0:
This optional keyword defines the type of credit control request with failure result code and credit control failure handling action for a session.
any-request: Specifies the request type as any request for a new session.
initial-request: Specifies the request type as initial request for a new session.
terminate-request: Specifies the request type as terminate request for a session.
update-request: Specifies the request type as update request for an active session.
Usage
Use this command to configure the Diameter Policy Control Application (DPCA) failure handling behavior.
When an unknown rulebase comes in CCA, changing of rulebase and failure handling is managed in the following manner:
The default failure handling behavior is:
failure-handling diameter-result-code any-error ccfh terminate
Example
The following command sets the DPCA failure handling to retry-and-terminate and return a result code of 3456 for credit control request type initial-request:
As in StarOS 8.0:
failure-handling diameter-result-code 3456 ccfh retry-and-terminate cc-request-type initial-request
As in StarOS 8.1 and later:
failure-handling cc-request-type initial-request diameter-result-code 3456 retry-and-terminate
 
reauth-trigger
This command specifies the trigger events to initiate re-authorization for a subscriber in IMS authorization service.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ default ] reauth-trigger { all | { an-gw-change | bearer-loss | bearer-recovery | plmn-change | policy-failure | qos-change | rat-change | sgsn-change | tft-change | tft-delete } + }
Default
Applies the default setting for this command.
all
Sets the IMS authorization service to initiate re-authorization process for a subscriber on all events listed in this command.
an-gw-change
Sets the IMS authorization service to initiate re-authorization process for a subscriber whose access network gateway changed.
bearer-loss
Sets the IMS authorization service to initiate re-authorization process for a subscriber on loss of bearer or service.
bearer-recovery
Sets the IMS authorization service to initiate re-authorization process for a subscriber when a bearer or service recovered after loss of bearer or service.
default-bearer-qos-change
Sets the IMS authorization service to initiate re-authorization process when QoS is changed and DEFAULT_EPS_BEARER_QOS_CHANGE event triggered for the default EPS bearer context of a subscriber in LTE network.
plmn-change
Sets the IMS authorization service to initiate re-authorization process for a subscriber on change in Public Land Mobile Network (PLMN) of subscriber.
policy-failure
Sets the IMS authorization service to initiate re-authorization process for a subscriber on failure of credit and charging policy for subscriber.
qos-change
Sets the IMS authorization service to initiate re-authorization process for a subscriber on change in Quality of Service level/rating of subscriber.
rat-change
Sets the IMS authorization service to initiate re-authorization process for a subscriber on change in Radio Access Type (RAT) of subscriber node.
sgsn-change
Sets the IMS authorization service to initiate re-authorization process for a subscriber on change in SGSN for subscriber node.
tft-change
Sets the IMS authorization service to initiate re-authorization process for a subscriber on change in Traffic Flow Template (TFT) of subscriber session.
tft-delete
Sets the IMS authorization service to initiate re-authorization process for a subscriber when Traffic Flow Template (TFT) of subscriber session is deleted by a system administrative user.
Usage
Use this command to set the triggers to initiate QoS re-authorization process for a subscriber in IMS authorization service.
Example
Following command sets the re-authorization trigger to bearer-loss, so that re-authorization of subscriber session is initiated on loss of bearer.
reauth-trigger bearer-loss
 
 

Cisco Systems Inc.
Tel: 408-526-4000
Fax: 408-527-0883