IMPORTANT:
Configuring the System as a Standalone eGTP P-GW
Information Required
Required Local Context Configuration Information
Required Information | Description |
---|---|
Management Interface
Configuration
|
|
Interface name
|
An identification string
between 1 and 79 characters (alpha and/or numeric) by which
the interface will be recognized by the system.
Multiple names are
needed if multiple interfaces will be configured.
|
IP address and subnet
|
IPv4 addresses assigned
to the interface.
Multiple addresses
and subnets are needed if multiple interfaces will be configured.
|
Physical port number
|
The physical port to
which the interface will be bound. Ports are identified by the chassis
slot number where the line card resides followed by the number of
the physical connector on the card. For example, port 17/1 identifies
connector number 1 on the card in slot 17.
A single physical port
can facilitate multiple interfaces.
|
Gateway IP address
|
Used when configuring
static IP routes from the management interface(s) to a specific
network.
|
Security administrator name
|
The name or names of
the security administrator with full rights to the system.
|
Security administrator password
|
Open or encrypted passwords
can be used.
|
Remote access type(s)
|
The type of remote
access that will be used to access the system such as telnetd, sshd,
and/or ftpd.
|
Required P-GW Context Configuration Information
Required Information | Description |
---|---|
P-GW context name
|
An identification string
from 1 to 79 characters (alpha and/or numeric) by which
the P-GW context will be recognized by the system.
|
Accounting policy name
|
An identification string
from 1 to 63 characters (alpha and/or numeric) by which
the accounting policy will be recognized by the system. The accounting
policy is used to set parameters for the Rf (off-line charging) interface.
|
S5/S8 Interface
Configuration (To/from S-GW)
|
|
Interface name
|
An identification string
between 1 and 79 characters (alpha and/or numeric) by which
the interface will be recognized by the system.
Multiple names are
needed if multiple interfaces will be configured.
|
IP address and subnet
|
IPv4 or IPv6 addresses
assigned to the interface.
Multiple addresses
and subnets are needed if multiple interfaces will be configured.
|
Physical port number
|
The physical port to
which the interface will be bound. Ports are identified by the chassis
slot number where the line card resides followed by the number of
the physical connector on the card. For example, port 17/1 identifies
connector number 1 on the card in slot 17.
A single physical port
can facilitate multiple interfaces.
|
Gateway IP address
|
Used when configuring
static IP routes from the interface(s) to a specific network.
|
GTP-U Service Configuration
|
|
GTP-U service name
|
An identification string
from 1 to 63 characters (alpha and/or numeric) by which
the GTP-U service will be recognized by the system.
|
IP address
|
S5/S8 interface
IPv4 address.
|
P-GW Service Configuration
|
|
P-GW service name
|
An identification string
from 1 to 63 characters (alpha and/or numeric) by which
the P-GW service will be recognized by the system.
Multiple names are
needed if multiple P-GW services will be used.
|
PLMN ID
|
MCC number: The mobile
country code (MCC) portion of the PLMN’s identifier (an
integer value between 100 and 999).
MNC number: The mobile
network code (MNC) portion of the PLMN’s identifier (a
2 or 3 digit integer value between 00 and 999).
|
eGTP Service Configuration
|
|
eGTP Service Name
|
An identification string
from 1 to 63 characters (alpha and/or numeric) by which
the eGTP service will be recognized by the system.
|
Required PDN Context Configuration Information
Required Information | Description |
---|---|
PDN context name
|
An identification string
from 1 to 79 characters (alpha and/or numeric) by which
the PDN context is recognized by the system.
|
IP Address Pool Configuration
|
|
IPv4 address pool
name and range
|
An identification
string between 1 and 31 characters (alpha and/or numeric)
by which the IPv4 pool is recognized by the system.
Multiple names are
needed if multiple pools will be configured.
A range of IPv4 addresses
defined by a starting address and an ending address.
|
IPv6 address pool
name and range
|
An identification
string between 1 and 31 characters (alpha and/or numeric)
by which the IPv6 pool is recognized by the system.
Multiple names are
needed if multiple pools will be configured.
A range of IPv6 addresses
defined by a starting address and an ending address.
|
Access Control List
Configuration
|
|
IPv4 access list name
|
An identification
string between 1 and 47 characters (alpha and/or numeric)
by which the IPv4 access list is recognized by the system.
Multiple names are
needed if multiple lists will be configured.
|
IPv6 access list name
|
An identification
string between 1 and 79 characters (alpha and/or numeric)
by which the IPv6 access list is recognized by the system.
Multiple names are
needed if multiple lists will be configured.
|
Deny/permit
type
|
|
Readdress or redirect type
|
|
SGi Interface Configuration
(To/from IPv4 PDN)
|
|
Interface name
|
An identification string
between 1 and 79 characters (alpha and/or numeric) by which
the interface is recognized by the system.
Multiple names are
needed if multiple interfaces will be configured.
|
IP address and subnet
|
IPv4 addresses assigned
to the interface.
Multiple addresses
and subnets are needed if multiple interfaces will be configured.
|
Physical port number
|
The physical port to
which the interface will be bound. Ports are identified by the chassis
slot number where the line card resides followed by the number of
the physical connector on the card. For example, port 17/1 identifies
connector number 1 on the card in slot 17.
A single physical port
can facilitate multiple interfaces.
|
Gateway IP address
|
Used when configuring
static IP routes from the interface(s) to a specific network.
|
SGi Interface Configuration
(To/from IPv6 PDN)
|
|
Interface name
|
An identification string
between 1 and 79 characters (alpha and/or numeric) by which
the interface is recognized by the system.
Multiple names are
needed if multiple interfaces will be configured.
|
IP address and subnet
|
IPv6 addresses assigned
to the interface.
Multiple addresses
and subnets are needed if multiple interfaces will be configured.
|
Physical port number
|
The physical port to
which the interface will be bound. Ports are identified by the chassis
slot number where the line card resides followed by the number of
the physical connector on the card. For example, port 17/1 identifies
connector number 1 on the card in slot 17.
A single physical port
can facilitate multiple interfaces.
|
Gateway IP address
|
Used when configuring
static IP routes from the interface(s) to a specific network.
|
Required AAA Context Configuration Information
Required Information | Description |
---|---|
Gx Interface Configuration
(to PCRF)
|
|
Interface name
|
An identification string
between 1 and 79 characters (alpha and/or numeric) by which
the interface is recognized by the system.
Multiple names are
needed if multiple interfaces will be configured.
|
IP address and subnet
|
IPv4 or IPv6 addresses
assigned to the interface.
Multiple addresses
and subnets are needed if multiple interfaces will be configured.
|
Physical port number
|
The physical port to
which the interface will be bound. Ports are identified by the chassis
slot number where the line card resides followed by the number of
the physical connector on the card. For example, port 17/1 identifies
connector number 1 on the card in slot 17.
A single physical port
can facilitate multiple interfaces.
|
Gateway IP address
|
Used when configuring
static IP routes from the interface(s) to a specific network.
|
Gx Diameter Endpoint
Configuration
|
|
End point name
|
An identification string
from 1 to 63 characters (alpha and/or numeric) by which
the Gx Diameter endpoint configuration is recognized by the system.
|
Origin realm name
|
An identification string
between 1 through 127 characters.
The realm is the Diameter
identity. The originator’s realm is present in all Diameter
messages and is typically the company or service name.
|
Origin host name
|
An identification string
from 1 to 255 characters (alpha and/or numeric) by which
the Gx origin host is recognized by the system.
|
Origin host address
|
The IP address of the
Gx interface.
|
Peer name
|
The Gx endpoint name
described above.
|
Peer realm name
|
The Gx origin realm
name described above.
|
Peer address and port number
|
The IP address and
port number of the PCRF.
|
Route-entry peer
|
The Gx endpoint name
described above.
|
Gy Interface Configuration
(to on-line charging server)
|
|
Interface name
|
An identification string
between 1 and 79 characters (alpha and/or numeric) by which
the interface is recognized by the system.
Multiple names are
needed if multiple interfaces will be configured.
|
IP address and subnet
|
IPv4 or IPv6 addresses
assigned to the interface.
Multiple addresses
and subnets are needed if multiple interfaces will be configured.
|
Physical port number
|
The physical port to
which the interface will be bound. Ports are identified by the chassis
slot number where the line card resides followed by the number of
the physical connector on the card. For example, port 17/1 identifies
connector number 1 on the card in slot 17.
A single physical port
can facilitate multiple interfaces.
|
Gateway IP address
|
Used when configuring
static IP routes from the interface(s) to a specific network.
|
Gy Diameter Endpoint
Configuration
|
|
End point name
|
An identification string
from 1 to 63 characters (alpha and/or numeric) by which
the Gy Diameter endpoint configuration is recognized by the system.
|
Origin realm name
|
An identification string
between 1 through 127 characters.
The realm is the Diameter
identity. The originator’s realm is present in all Diameter
messages and is typically the company or service name.
|
Origin host name
|
An identification string
from 1 to 255 characters (alpha and/or numeric) by which
the Gy origin host is recognized by the system.
|
Origin host address
|
The IP address of the
Gy interface.
|
Peer name
|
The Gy endpoint name
described above.
|
Peer realm name
|
The Gy origin realm
name described above.
|
Peer address and port number
|
The IP address and
port number of the OCS.
|
Route-entry peer
|
The Gy endpoint name
described above.
|
Gz Interface Configuration
(to off-line charging server)
|
|
Interface name
|
An identification string
between 1 and 79 characters (alpha and/or numeric) by which
the interface is recognized by the system.
Multiple names are
needed if multiple interfaces will be configured.
|
IP address and subnet
|
IPv4 addresses assigned
to the interface.
Multiple addresses
and subnets are needed if multiple interfaces will be configured.
|
Physical port number
|
The physical port to
which the interface will be bound. Ports are identified by the chassis
slot number where the line card resides followed by the number of
the physical connector on the card. For example, port 17/1 identifies
connector number 1 on the card in slot 17.
A single physical port
can facilitate multiple interfaces.
|
Gateway IP address
|
Used when configuring
static IP routes from the interface(s) to a specific network.
|
Rf Interface Configuration
(to off-line charging server)
|
|
Interface name
|
An identification string
between 1 and 79 characters (alpha and/or numeric) by which
the interface is recognized by the system.
Multiple names are
needed if multiple interfaces will be configured.
|
IP address and subnet
|
IPv4 or IPv6 addresses
assigned to the interface.
Multiple addresses
and subnets are needed if multiple interfaces will be configured.
|
Physical port number
|
The physical port to
which the interface will be bound. Ports are identified by the chassis
slot number where the line card resides followed by the number of
the physical connector on the card. For example, port 17/1 identifies
connector number 1 on the card in slot 17.
A single physical port
can facilitate multiple interfaces.
|
Gateway IP address
|
Used when configuring
static IP routes from the interface(s) to a specific network.
|
Rf Diameter Endpoint
Configuration
|
|
End point name
|
An identification string
from 1 to 63 characters (alpha and/or numeric) by which
the Rf Diameter endpoint configuration is recognized by the system.
|
Origin realm name
|
An identification string
between 1 through 127 characters.
The realm is the Diameter
identity. The originator’s realm is present in all Diameter
messages and is typically the company or service name.
|
Origin host name
|
An identification string
from 1 to 255 characters (alpha and/or numeric) by which
the Rf origin host is recognized by the system.
|
Origin host address
|
The IP address of the
Rf interface.
|
Peer name
|
The Rf endpoint name
described above.
|
Peer realm name
|
The Rf origin realm
name described above.
|
Peer address and port number
|
The IP address and
port number of the OFCS.
|
Route-entry peer
|
The Rf endpoint name
described above.
|
How This Configuration Works
Modifying the Local Context
configure
context
local
interface <lcl_cntxt_intrfc_name>
ip
address <ip_address> <ip_mask>
exit
server
ftpd
exit
server
telnetd
exit
subscriber
default
exit
administrator
<name>
encrypted password <password>
ftp
ip
route <ip_addr/ip_mask> <next_hop_addr> <lcl_cntxt_intrfc_name>
exit
port
ethernet <slot#/port#>
no
shutdown
bind
interface <lcl_cntxt_intrfc_name>
local
end
Creating and Configuring an eGTP P-GW Context
configure
gtpp
single-source
context
<pgw_context_name>
-noconfirm
interface <s5s8_interface_name>
ip
address <ipv4_address>
exit
gtpp
group default
gtpp
charging-agent address <gz_ipv4_address>
gtpp
echo-interval <seconds>
gtpp
attribute diagnostics
gtpp
attribute local-record-sequence-number
gtpp
attribute node-id-suffix <string>
gtpp
dictionary <name>
gtpp
server <ipv4_address> priority
<num>
gtpp
server <ipv4_address> priority
<num>
node-alive enable
exit
policy
accounting <rf_policy_name>
-noconfirm
accounting-level {level_type}
accounting-event-trigger
interim-timeout action stop-start
operator-string <string>
cc
profile <index>
interval <seconds>
exit
exit
subscriber
default
exit
port
ethernet <slot_number/port_number>
no
shutdown
bind
interface <s5s8_interface_name> <pgw_context_name>
end
Creating and Configuring APNs in the P-GW Context
configure
context
<pgw_context_name>
-noconfirm
apn
<name>
accounting-mode
radius-diameter
associate
accounting-policy <rf_policy_name>
ims-auth-service <gx_ims_service_name>
aaa
group <rf-radius_group_name>
dns
primary <ipv4_address>
dns
secondary <ipv4_address>
ip
access-group <name> in
ip
access-group <name> out
mediation-device
context-name <pgw_context_name>
ip
context-name <pdn_context_name>
ipv6
access-group <name> in
ipv6
access-group <name> out
active-charging
rulebase <name>
end
configure
context
<pgw_context_name>
-noconfirm
apn
<name>
bearer-control-mode
mixed
selection-mode
sent-by-ms
accounting-mode
gtpp
gtpp
group default accounting-context <aaa_context_name>
ims-auth-service <gx_ims_service_name>
ip
access-group <name> in
ip
access-group <name> out
ip
context-name <pdn_context_name>
active-charging
rulebase <gz_rulebase_name>
end
Creating and Configuring AAA Groups in the P-GW Context
configure
context
<pgw_context_name>
-noconfirm
aaa
group <rf-radius_group_name>
radius
attribute nas-identifier <id>
radius
accounting interim interval <seconds>
radius
dictionary <name>
radius
mediation-device accounting server <address>
key <key>
diameter
authentication dictionary <name>
diameter
accounting dictionary <name>
diameter
accounting endpoint <rf_cfg_name>
diameter
accounting server <rf_cfg_name>
priority <num>
exit
aaa
group default
radius
attribute nas-ip-address address <ipv4_address>
radius
accounting interim interval <seconds>
diameter
authentication dictionary <name>
diameter
accounting dictionary <name>
diameter
accounting endpoint <rf_cfg_name>
diameter
accounting server <rf_cfg_name>
priority <num>
Creating and Configuring an eGTP Service
Creating and Configuring a GTP-U Service
P-GW PDN Context Configuration
configure
context
<pdn_context_name>
-noconfirm
interface <sgi_ipv4_interface_name>
ip
address <ipv4_address>
exit
interface <sgi_ipv6_interface_name>
ip
address <ipv6_address>
exit
ip
pool <name>
range <start_address
end_address> public <priority>
ipv6
pool <name>
range <start_address
end_address> public <priority>
subscriber
default
exit
ip
access-list <name>
redirect
css service <name> any
permit
any
exit
ipv6
access-list <name>
redirect
css service <name> any
permit
any
exit
aaa
group default
exit
exit
port
ethernet <slot_number/port_number>
no
shutdown
bind
interface <sgi_ipv4_interface_name> <pdn_context_name>
exit
port
ethernet <slot_number/port_number>
no
shutdown
bind
interface <sgi_ipv6_interface_name> <pdn_context_name>
end
Active Charging Service Configuration
configure
require
active-charging optimized-mode
active-charging
service <name>
ruledef <name>
<rule_definition>
.
.
<rule_definition>
exit
ruledef
default
ip
any-match = TRUE
exit
ruledef icmp-pkts
icmp
any-match = TRUE
exit
ruledef qci3
icmp
any-match = TRUE
exit
ruledef static
icmp
any-match = TRUE
exit
charging-action <name>
<action>
.
.
<action>
exit
charging-action icmp
billing-action
egcdr
exit
charging-action qci3
content-id <id>
billing-action
egcdr
qos-class-identifier <id>
allocation-retention-priority <priority>
tft-packet-filter qci3
exit
charging-action static
service-identifier <id>
billing-action
egcdr
qos-class-identifier <id>
allocation-retention-priority <priority>
tft-packet-filter qci3
exit
rulebase
default
exit
rulebase <name>
<rule_base>
.
.
<rule_base>
exit
rulebase <gx_rulebase_name>
dynamic-rule
order first-if-tied
egcdr
tariff minute <minute> hour
<hour>(optional)
billing-records
egcdr
action
priority 5 dynamic-only
ruledef qci3 charging-action qci3
action
priority 100 ruledef static charging-action static
action
priority 500 ruledef default
charging-action icmp
action
priority 570 ruledef icmp-pkts charging-action icmp
egcdr
threshold interval <interval>
egcdr
threshold volume total <bytes>
end
Creating and Configuring the AAA Context
configure
context
<aaa_context_name>
-noconfirm
interface <gx_interface_name>
ipv6
address <address>
exit
interface <gy_interface_name>
ipv6
address <address>
exit
interface <gz_interface_name>
ip
address <ipv4_address>
exit
interface <rf_interface_name>
ip
address <ipv4_address>
exit
subscriber
default
exit
ims-auth-service <gx_ims_service_name>
p-cscf
discovery table <#> algorithm
round-robin
p-cscf
table <#>
row-precedence <#>
ipv6-address <pcrf_ipv6_adr>
policy-control
diameter
origin endpoint <gx_cfg_name>
diameter
dictionary <name>
diameter
host-select table <#>
algorithm round-robin
diameter
host-select row-precedence <#>
table <#>
host <gx_cfg_name>
exit
exit
diameter
endpoint <gx_cfg_name>
origin
realm <realm_name>
origin
host <name>
address <aaa_ctx_ipv6_address>
peer
<gx_cfg_name>
realm <name>
address <pcrf_ipv4_or_ipv6_addr>
route-entry
peer <gx_cfg_name>
exit
diameter
endpoint <gy_cfg_name>
origin
realm <realm_name>
origin
host <name>
address <gy_ipv6_address>
connection
retry-timeout <seconds>
peer
<gy_cfg_name>
realm <name>
address <ocs_ipv4_or_ipv6_addr>
route-entry
peer <gy_cfg_name>
exit
diameter
endpoint <rf_cfg_name>
use-proxy
origin
realm <realm_name>
origin
host <name>
address <rf_ipv4_address>
peer
<rf_cfg_name>
realm <name>
address <ofcs_ipv4_or_ipv6_addr>
route-entry
peer <rf_cfg_name>
exit
exit
port
ethernet <slot_number/port_number>
no
shutdown
bind
interface <gx_interface_name> <aaa_context_name>
exit
port
ethernet <slot_number/port_number>
no
shutdown
bind
interface <gy_interface_name> <aaa_context_name>
exit
port
ethernet <slot_number/port_number>
no
shutdown
bind
interface <gz_interface_name> <aaa_context_name>
exit
port
ethernet <slot_number/port_number>
no
shutdown
bind
interface <rf_interface_name> <aaa_context_name>
end
Configuring QCI-QoS Mapping
configure
qci-qos-mapping <name>
qci
1 user-datagram dscp-marking <hex>
qci
3 user-datagram dscp-marking <hex>
qci
9 user-datagram dscp-marking <hex>
exit
IMPORTANT:
DHCP Service Creation
DHCP Server Parameter Configuration
configure
context <dest_ctxt_name>
dhcp-service <dhcp_svc_name>
dhcp
server <ip_address> [priority
<priority>
dhcp
server selection-algorithm {first-server | round-robin}
lease-duration
min <minimum_dur>
max <max_dur>
dhcp
deadtime <max_time>
dhcp
detect-dead-server consecutive-failures <max_number>
max-retransmissions <max_number>
retransmission-timeout <dur_sec>
end
show dhcp service all
This command produces
an output similar to that displayed below where DHCP name is dhcp1:Service name: dhcp1Context: ispBind: DoneLocal IP Address: 150.150.150.150Next Hop Address: 192.179.91.3 MPLS-label: Input: 5000 Output: 1566 1899Service Status: StartedRetransmission Timeout: 3000
(milli-secs)Max Retransmissions: 2Lease Time: 600 (secs)Minimum Lease Duration: 600 (secs)Maximum Lease Duration: 86400 (secs)DHCP Dead Time: 120 (secs)DHCP Dead consecutive
Failure:5DHCP T1 Threshold Timer: 50DHCP T2 Threshold Timer: 88DHCP Client Identifier: Not
UsedDHCP Algorithm: Round RobinDHCP Servers configured: Address: 150.150.150.150 Priority: 1DHCP server rapid-commit:
disabledDHCP client rapid-commit:
disabledDHCP chaddr validation:
enabled
show dhcp service status
Configuring the System as a Standalone PMIP P-GW Supporting an eHRPD Network
Information Required
Required Local Context Configuration Information
Required Information | Description |
---|---|
Management Interface
Configuration
|
|
Interface name
|
An identification string
between 1 and 79 characters (alpha and/or numeric) by which
the interface will be recognized by the system.
Multiple names are
needed if multiple interfaces will be configured.
|
IP address and subnet
|
IPv4 addresses assigned
to the interface.
Multiple addresses
and subnets are needed if multiple interfaces will be configured.
|
Physical port number
|
The physical port to
which the interface will be bound. Ports are identified by the chassis
slot number where the line card resides followed by the number of
the physical connector on the card. For example, port 17/1 identifies
connector number 1 on the card in slot 17.
A single physical port
can facilitate multiple interfaces.
|
Gateway IP address
|
Used when configuring
static IP routes from the management interface(s) to a specific
network.
|
Security administrator name
|
The name or names of
the security administrator with full rights to the system.
|
Security administrator password
|
Open or encrypted passwords
can be used.
|
Remote access type(s)
|
The type of remote
access that will be used to access the system such as telnetd, sshd,
and/or ftpd.
|
Required P-GW Context Configuration Information
Required Information | Description |
---|---|
P-GW context name
|
An identification string
from 1 to 79 characters (alpha and/or numeric) by which
the P-GW context will be recognized by the system.
|
Accounting policy name
|
An identification string
from 1 to 63 characters (alpha and/or numeric) by which
the accounting policy will be recognized by the system. The accounting
policy is used to set parameters for the Rf (off-line charging) interface.
|
S2a Interface Configuration
(To/from HSGW)
|
|
Interface name
|
An identification string
between 1 and 79 characters (alpha and/or numeric) by which
the interface will be recognized by the system.
Multiple names are
needed if multiple interfaces will be configured.
|
IP address and subnet
|
IPv6 addresses assigned
to the interface.
Multiple addresses
and subnets are needed if multiple interfaces will be configured.
|
Physical port number
|
The physical port to
which the interface will be bound. Ports are identified by the chassis
slot number where the line card resides followed by the number of
the physical connector on the card. For example, port 17/1 identifies
connector number 1 on the card in slot 17.
A single physical port
can facilitate multiple interfaces.
|
Gateway IP address
|
Used when configuring
static IP routes from the interface(s) to a specific network.
|
P-GW Service Configuration
|
|
P-GW service name
|
An identification string
from 1 to 63 characters (alpha and/or numeric) by which
the P-GW service will be recognized by the system.
Multiple names are
needed if multiple P-GW services will be used.
|
PLMN ID
|
MCC number: The mobile
country code (MCC) portion of the PLMN’s identifier (an
integer value between 100 and 999).
MNC number: The mobile
network code (MNC) portion of the PLMN’s identifier (a
2 or 3 digit integer value between 00 and 999).
|
LMA Service Configuration
|
|
LMA Service Name
|
An identification string
from 1 to 63 characters (alpha and/or numeric) by which
the LMA service will be recognized by the system.
|
Required PDN Context Configuration Information
Required Information | Description |
---|---|
P-GW context name
|
An identification string
from 1 to 79 characters (alpha and/or numeric) by which
the P-GW context is recognized by the system.
|
IP Address Pool Configuration
|
|
IPv4 address pool
name and range
|
An identification
string between 1 and 31 characters (alpha and/or numeric)
by which the IPv4 pool is recognized by the system.
Multiple names are
needed if multiple pools will be configured.
A range of IPv4 addresses
defined by a starting address and an ending address.
|
IPv6 address pool
name and range
|
An identification
string between 1 and 31 characters (alpha and/or numeric)
by which the IPv6 pool is recognized by the system.
Multiple names are
needed if multiple pools will be configured.
A range of IPv6 addresses
defined by a starting address and an ending address.
|
Access Control List
Configuration
|
|
IPv4 access list name
|
An identification
string between 1 and 47 characters (alpha and/or numeric)
by which the IPv4 access list is recognized by the system.
Multiple names are
needed if multiple lists will be configured.
|
IPv6 access list name
|
An identification
string between 1 and 79 characters (alpha and/or numeric)
by which the IPv6 access list is recognized by the system.
Multiple names are
needed if multiple lists will be configured.
|
Deny/permit
type
|
|
Readdress or redirect type
|
|
SGi Interface Configuration
(To/from IPv4 PDN)
|
|
Interface name
|
An identification string
between 1 and 79 characters (alpha and/or numeric) by which
the interface is recognized by the system.
Multiple names are
needed if multiple interfaces will be configured.
|
IP address and subnet
|
IPv4 addresses assigned
to the interface.
Multiple addresses
and subnets are needed if multiple interfaces will be configured.
|
Physical port number
|
The physical port to
which the interface will be bound. Ports are identified by the chassis
slot number where the line card resides followed by the number of
the physical connector on the card. For example, port 17/1 identifies
connector number 1 on the card in slot 17.
A single physical port
can facilitate multiple interfaces.
|
Gateway IP address
|
Used when configuring
static IP routes from the interface(s) to a specific network.
|
SGi Interface Configuration
(To/from IPv6 PDN)
|
|
Interface name
|
An identification string
between 1 and 79 characters (alpha and/or numeric) by which
the interface is recognized by the system.
Multiple names are
needed if multiple interfaces will be configured.
|
IP address and subnet
|
IPv6 addresses assigned
to the interface.
Multiple addresses
and subnets are needed if multiple interfaces will be configured.
|
Physical port number
|
The physical port to
which the interface will be bound. Ports are identified by the chassis
slot number where the line card resides followed by the number of
the physical connector on the card. For example, port 17/1 identifies
connector number 1 on the card in slot 17.
A single physical port
can facilitate multiple interfaces.
|
Gateway IP address
|
Used when configuring
static IP routes from the interface(s) to a specific network.
|
Required AAA Context Configuration Information
Required Information | Description |
---|---|
Gx Interface Configuration
(to PCRF)
|
|
Interface name
|
An identification string
between 1 and 79 characters (alpha and/or numeric) by which
the interface is recognized by the system.
Multiple names are
needed if multiple interfaces will be configured.
|
IP address and subnet
|
IPv4 or IPv6 addresses
assigned to the interface.
Multiple addresses
and subnets are needed if multiple interfaces will be configured.
|
Physical port number
|
The physical port to
which the interface will be bound. Ports are identified by the chassis
slot number where the line card resides followed by the number of
the physical connector on the card. For example, port 17/1 identifies
connector number 1 on the card in slot 17.
A single physical port
can facilitate multiple interfaces.
|
Gateway IP address
|
Used when configuring
static IP routes from the interface(s) to a specific network.
|
Gx Diameter Endpoint
Configuration
|
|
End point name
|
An identification string
from 1 to 63 characters (alpha and/or numeric) by which
the Gx Diameter endpoint configuration is recognized by the system.
|
Origin realm name
|
An identification string
between 1 through 127 characters.
The realm is the Diameter
identity. The originator’s realm is present in all Diameter
messages and is typically the company or service name.
|
Origin host name
|
An identification string
from 1 to 255 characters (alpha and/or numeric) by which
the Gx origin host is recognized by the system.
|
Origin host address
|
The IP address of the
Gx interface.
|
Peer name
|
The Gx endpoint name
described above.
|
Peer realm name
|
The Gx origin realm
name described above.
|
Peer address and port number
|
The IP address and
port number of the PCRF.
|
Route-entry peer
|
The Gx endpoint name
described above.
|
S6b Interface Configuration
(to 3GPP AAA server)
|
|
Interface name
|
An identification string
between 1 and 79 characters (alpha and/or numeric) by which
the interface is recognized by the system.
Multiple names are
needed if multiple interfaces will be configured.
|
IP address and subnet
|
IPv4 or IPv6 addresses
assigned to the interface.
Multiple addresses
and subnets are needed if multiple interfaces will be configured.
|
Physical port number
|
The physical port to
which the interface will be bound. Ports are identified by the chassis
slot number where the line card resides followed by the number of
the physical connector on the card. For example, port 17/1 identifies
connector number 1 on the card in slot 17.
A single physical port
can facilitate multiple interfaces.
|
Gateway IP address
|
Used when configuring
static IP routes from the interface(s) to a specific network.
|
S6b Diameter Endpoint
Configuration
|
|
End point name
|
An identification string
from 1 to 63 characters (alpha and/or numeric) by which
the S6b Diameter endpoint configuration is recognized by the system.
|
Origin realm name
|
An identification string
between 1 through 127 characters.
The realm is the Diameter
identity. The originator’s realm is present in all Diameter
messages and is typically the company or service name.
|
Origin host name
|
An identification string
from 1 to 255 characters (alpha and/or numeric) by which
the S6b origin host is recognized by the system.
|
Origin host address
|
The IP address of the
S6b interface.
|
Peer name
|
The S6b endpoint name
described above.
|
Peer realm name
|
The S6b origin realm
name described above.
|
Peer address and port number
|
The IP address and
port number of the AAA server.
|
Route-entry peer
|
The S6b endpoint name
described above.
|
Rf Interface Configuration
(to off-line charging server)
|
|
Interface name
|
An identification string
between 1 and 79 characters (alpha and/or numeric) by which
the interface is recognized by the system.
Multiple names are
needed if multiple interfaces will be configured.
|
IP address and subnet
|
IPv4 or IPv6 addresses
assigned to the interface.
Multiple addresses
and subnets are needed if multiple interfaces will be configured.
|
Physical port number
|
The physical port to
which the interface will be bound. Ports are identified by the chassis
slot number where the line card resides followed by the number of
the physical connector on the card. For example, port 17/1 identifies
connector number 1 on the card in slot 17.
A single physical port
can facilitate multiple interfaces.
|
Gateway IP address
|
Used when configuring
static IP routes from the management interface(s) to a specific
network.
|
Rf Diameter Endpoint
Configuration
|
|
End point name
|
An identification string
from 1 to 63 characters (alpha and/or numeric) by which
the Rf Diameter endpoint configuration is recognized by the system.
|
Origin realm name
|
An identification string
between 1 through 127 characters.
The realm is the Diameter
identity. The originator’s realm is present in all Diameter
messages and is typically the company or service name.
|
Origin host name
|
An identification string
from 1 to 255 characters (alpha and/or numeric) by which
the Rf origin host is recognized by the system.
|
Origin host address
|
The IP address of the
Rf interface.
|
Peer name
|
The Rf endpoint name
described above.
|
Peer realm name
|
The Rf origin realm
name described above.
|
Peer address and port number
|
The IP address and
port number of the OFCS.
|
Route-entry peer
|
The Rf endpoint name
described above.
|
Gy Interface Configuration
(to on-line charging server)
|
|
Interface name
|
An identification string
between 1 and 79 characters (alpha and/or numeric) by which
the interface is recognized by the system.
Multiple names are
needed if multiple interfaces will be configured.
|
IP address and subnet
|
IPv4 or IPv6 addresses
assigned to the interface.
Multiple addresses
and subnets are needed if multiple interfaces will be configured.
|
Physical port number
|
The physical port to
which the interface will be bound. Ports are identified by the chassis
slot number where the line card resides followed by the number of
the physical connector on the card. For example, port 17/1 identifies
connector number 1 on the card in slot 17.
A single physical port
can facilitate multiple interfaces.
|
Gateway IP address
|
Used when configuring
static IP routes from the interface(s) to a specific network.
|
Gy Diameter Endpoint
Configuration
|
|
End point name
|
An identification string
from 1 to 63 characters (alpha and/or numeric) by which
the Gy Diameter endpoint configuration is recognized by the system.
|
Origin realm name
|
An identification string
between 1 through 127 characters.
The realm is the Diameter
identity. The originator’s realm is present in all Diameter
messages and is typically the company or service name.
|
Origin host name
|
An identification string
from 1 to 255 characters (alpha and/or numeric) by which
the Gy origin host is recognized by the system.
|
Origin host address
|
The IP address of the
Gy interface.
|
Peer name
|
The Gy endpoint name
described above.
|
Peer realm name
|
The Gy origin realm
name described above.
|
Peer address and port number
|
The IP address and
port number of the OCS.
|
Route-entry peer
|
The Gy endpoint name
described above.
|
How This Configuration Works
Modifying the Local Context
configure
context
local
interface <lcl_cntxt_intrfc_name>
ip
address <ip_address> <ip_mask>
exit
server
ftpd
exit
server
telnetd
exit
subscriber
default
exit
administrator
<name>
encrypted password <password>
ftp
ip
route <ip_addr/ip_mask> <next_hop_addr> <lcl_cntxt_intrfc_name>
exit
port
ethernet <slot#/port#>
no
shutdown
bind
interface <lcl_cntxt_intrfc_name>
local
end
Creating and Configuring a P-MIP P-GW Context
configure
context
<pgw_context_name>
-noconfirm
interface
<s2a_interface_name> tunnel
ipv6
address <address>
tunnel-mode
ipv6ip
source
interface <name>
destination
address <ipv4
or ipv6 address>
exit
exit
policy
accounting <rf_policy_name>
-noconfirm
accounting-level {level_type}
accounting-event-trigger
interim-timeout action stop-start
operator-string <string>
cc
profile <index>
interval <seconds>
exit
subscriber
default
exit
exit
port
ethernet <slot_number/port_number>
no
shutdown
bind
interface <s2a_interface_name> <pgw_context_name>
end
Creating and Configuring APNs in the P-GW Context
configure
context
<pgw_context_name>
-noconfirm
apn
<name>
accounting-mode
radius-diameter
associate
accounting-policy <rf_policy_name>
ims-auth-service <gx_ims_service_name>
aaa
group <rf-radius_group_name>
dns
primary <ipv4_address>
dns
secondary <ipv4_address>
ip
access-group <name> in
ip
access-group <name> out
mediation-device
context-name <pgw_context_name>
ip
context-name <pdn_context_name>
ipv6
access-group <name> in
ipv6
access-group <name> out
active-charging
rulebase <name>
Creating and Configuring AAA Groups in the P-GW Context
configure
context
<pgw_context_name>
-noconfirm
aaa
group <rf-radius_group_name>
radius
attribute nas-identifier <id>
radius
accounting interim interval <seconds>
radius
dictionary <name>
radius
mediation-device accounting server <address>
key <key>
diameter
authentication dictionary <name>
diameter
accounting dictionary <name>
diameter
authentication endpoint <s6b_cfg_name>
diameter
accounting endpoint <rf_cfg_name>
diameter
authentication server <s6b_cfg_name>
priority <num>
diameter
accounting server <rf_cfg_name>
priority <num>
exit
aaa
group default
radius
attribute nas-ip-address address <ipv4_address>
radius
accounting interim interval <seconds>
diameter
authentication dictionary <name>
diameter
accounting dictionary <name>
diameter
authentication endpoint <s6b_cfg_name>
diameter
accounting endpoint <rf_cfg_name>
diameter
authentication server <s6b_cfg_name>
priority <num>
diameter
accounting server <rf_cfg_name>
priority <num>
Configuring the P-GW Service
configure
context <pgw_context_name>
pgw-service
<pgw_service_name>
-noconfirm
associate
lma-service <lma_service_name>
associate
qci-qos-mapping <name>
authorize
external
fqdn
host <domain_name>
realm <realm_name>
plmn
id mcc <id>
mnc <id>
end
P-GW PDN Context Configuration
configure
context
<pdn_context_name>
-noconfirm
ip
pool <name>
range <start_address
end_address> public <priority>
ipv6
pool <name>
range <start_address
end_address> public <priority>
subscriber
default
exit
ip
access-list <name>
redirect
css service <name> any
permit
any
exit
ipv6
access-list <name>
redirect
css service <name> any
permit
any
exit
aaa
group default
exit
exit
port
ethernet <slot_number/port_number>
no
shutdown
bind
interface <pdn_sgi_ipv4_interface_name> <pdn_context_name>
exit
port
ethernet <slot_number/port_number>
no
shutdown
bind
interface <pdn_sgi_ipv6_interface_name> <pdn_context_name>
end
Active Charging Service Configuration
configure
require
active-charging optimized-mode
active-charging
service <name>
ruledef <name>
<rule_definition>
.
.
<rule_definition>
exit
ruledef <name>
<rule_definition>
.
.
<rule_definition>
exit
charging-action <name>
<action>
.
.
<action>
exit
charging-action <name>
<action>
.
.
<action>
exit
rulebase
default
exit
rulebase <name>
<rule_base>
.
.
<rule_base>
end
Creating and Configuring the AAA Context
configure
context
<aaa_context_name>
-noconfirm
interface <s6b_interface_name>
ip
address <ipv4_address>
exit
interface <gx_interface_name>
ipv6
address <address>
exit
interface <rf_interface_name>
ip
address <ipv4_address>
exit
interface <gy_interface_name>
ipv6
address <address>
exit
subscriber
default
exit
ims-auth-service <gx_ims_service_name>
p-cscf
discovery table <#> algorithm
round-robin
p-cscf
table <#>
row-precedence <#>
ipv6-address <pcrf_adr>
policy-control
diameter
origin endpoint <gx_cfg_name>
diameter
dictionary <name>
diameter
host-select table <#>
algorithm round-robin
diameter
host-select row-precedence <#>
table <#>
host <gx_cfg_name>
exit
exit
diameter
endpoint <s6b_cfg_name>
origin
realm <realm_name>
origin
host <name>
address <aaa_ctx_ipv4_address>
peer
<s6b_cfg_name>
realm <name>
address <aaa_ip_addr>
route-entry
peer <s6b_cfg_name>
exit
diameter
endpoint <gx_cfg_name>
origin
realm <realm_name>
origin
host <name>
address <aaa_context_ip_address>
peer
<gx_cfg_name>
realm <name>
address <pcrf_ipv6_addr>
route-entry
peer <gx_cfg_name>
exit
diameter
endpoint <rf_cfg_name>
origin
realm <realm_name>
origin
host <name>
address <aaa_ip_address>
peer
<rf_cfg_name>
realm <name>
address <ofcs_ip_addr>
route-entry
peer <rf_cfg_name>
exit
diameter
endpoint <gy_cfg_name>
use-proxy
origin
realm <realm_name>
origin
host <name>
address <aaa_ip_address>
connection
retry-timeout <seconds>
peer
<gy_cfg_name>
realm <name>
address <ocs_ip_addr>
route-entry
peer <gy_cfg_name>
exit
exit
port
ethernet <slot_number/port_number>
no
shutdown
bind
interface <s6b_interface_name> <aaa_context_name>
exit
port
ethernet <slot_number/port_number>
no
shutdown
bind
interface <gx_interface_name> <aaa_context_name>
exit
port
ethernet <slot_number/port_number>
no
shutdown
bind
interface <gy_interface_name> <aaa_context_name>
exit
port
ethernet <slot_number/port_number>
no
shutdown
bind
interface <rf_interface_name> <aaa_context_name>
end
Configuring QCI-QoS Mapping
configure
qci-qos-mapping <name>
qci
1 user-datagram dscp-marking <hex>
qci
3 user-datagram dscp-marking <hex>
qci
9 user-datagram dscp-marking <hex>
exit
Configuring Optional Features on the P-GW
Configuring ACL-based Node-to-Node IP Security on the S5 Interface
Creating and Configuring a Crypto Access Control List
configure
context
<pgw_context_name>
-noconfirm
ip
access-list <acl_name>
permit
tcp host <source_host_address>
host <dest_host_address>
end
Creating and Configuring an IPSec Transform Set
configure
context
<pgw_context_name>
-noconfirm
ipsec
transform-set <ipsec_transform-set_name>
encryption
aes-cbc-128
group
none
hmac
sha1-96
mode
tunnel
end
Creating and Configuring an IKEv2 Transform Set
configure
context
<pgw_context_name>
-noconfirm
ikev2-ikesa
transform-set <ikev2_transform-set_name>
encryption
aes-cbc-128
group
2
hmac
sha1-96
lifetime <sec>
prf
sha1
end
Creating and Configuring a Crypto Map
configure
context <pgw_context_name>
crypto
map <crypto_map_name> ikev2-ipv4
match
address <acl_name>
peer <ipv4_address>
authentication
local pre-shared-key key <text>
authentication
remote pre-shared-key key <text>
ikev2-ikesa
transform-set list <name1>
. . . name6>
payload
<name>
match ipv4
lifetime <seconds>
ipsec
transform-set list <name1>
. . . <name4>
exit
exit
interface <s5_intf_name>
ip
address <ipv4_address>
crypto-map <crypto_map_name>
exit
exit
port
ethernet <slot_number/port_number>
no
shutdown
bind
interface <s5_intf_name> <pgw_context_name>
end
Configuring Dynamic Node-to-Node IP Security on the S5 Interface
Creating and Configuring an IPSec Transform Set
configure
context
<pgw_context_name>
-noconfirm
ipsec
transform-set <ipsec_transform-set_name>
encryption
aes-cbc-128
group
none
hmac
sha1-96
mode
tunnel
end
Creating and Configuring an IKEv2 Transform Set
configure
context
<pgw_context_name>
-noconfirm
ikev2-ikesa
transform-set <ikev2_transform-set_name>
encryption
aes-cbc-128
group
2
hmac
sha1-96
lifetime <sec>
prf
sha1
end
Creating and Configuring a Crypto Template
configure
context
<pgw_context_name>
-noconfirm
crypto
template <crypto_template_name>
ikev2-dynamic
ikev2-ikesa
transform-set list <name1>
. . . <name6>
ikev2-ikesa
rekey
payload
<name>
match childsa match ipv4
ipsec
transform-set list <name1>
. . . <name4>
rekey
end
Binding the S5 IP Address to the Crypto Template
configure
context
<pgw_ingress_context_name> -noconfirm
gtpu-service <gtpu_ingress_service_name>
bind
ipv4-address <s5_interface_ip_address>
crypto-template <sgw_s5_crypto_template>
exit
egtp-service <egtp_ingress_service_name>
interface-type
interface-pgw-ingress
associate
gtpu-service <gtpu_ingress_service_name>
gtpc
bind ipv4-address <s5_interface_ip_address>
exit
pgw-service
<pgw_service_name>
-noconfirm
plmn
id mcc <id>
mnc <id>
primary
associate
egtp-service <egtp_ingress_service_name>
end
Configuring Local QoS Policy
Creating and Configuring a Local QoS Policy
configure
local-policy-service <name> -noconfirm
ruledef <ruledef_name> -noconfirm
condition
priority <priority> <variable> match <string_value>
condition
priority <priority> <variable> match <int_value>
condition
priority <priority> <variable> nomatch <regex>
exit
actiondef <actiondef_name> -noconfirm
action
priority <priority> <action_name>
<arguments>
action
priority <priority> <action_name>
<arguments>
exit
actiondef <actiondef_name> -noconfirm
action
priority <priority> <action_name>
<arguments>
action
priority <priority> <action_name>
<arguments>
exit
eventbase <eventbase_name> -noconfirm
rule
priority <priority> event <list_of_events> ruledef <ruledef_name> actiondef <actiondef_name>
end
Binding a Local QoS Policy
Configuring X.509 Certificate-based Peer Authentication
IMPORTANT:
configure
certificate
name <cert_name>
pem url <cert_pem_url>
private-key pem url <private_key_url>
ca-certificate
name <ca_cert_name> pem
url <ca_cert_url>
end
configure
context
<pgw_context_name>
-noconfirm
crypto
template <crypto_template_name>
ikev2-dynamic
certificate
name <cert_name>
ca-certificate
list ca-cert-name <ca_cert_name>
authentication
local certificate
authentication
remote certificate
end