Global Configuration
Mode Commands (L - S)
This section
includes the commands license through system.
The Global Configuration
Mode is used to configure basic system-wide parameters.
IMPORTANT:
The commands or keywords/variables
that are available are dependent on platform type, product version,
and installed license(s).
license
Configures the session
license key.
Privilege:
Security Administrator,
Administrator
Syntax
license key key_value [ -force ] session-limit
no license key key_value [ -force ] session-limit
no
Removes the license
key(s) installed.
key key_value
Installs the license
key specified by key_value. key_value is
provided by Cisco operations staff.
session-limit
Use this keyword to
suppress fail-over calls from being rejected if the licensed threshold
is crossed.
IMPORTANT:
This is a customer-specific
command that is available for HA, PDSN, EHA, and PDIF. Please contact
your local Cisco sales representative for more information.
-force
Sets the license key
even if resources are not available. The system supports the dynamic resizing
of demultiplexor software tasks based on the licensed session capacity
and feature type. When installing a license, the system automatically
attempts to resize currently functioning tasks. Warning messages
are displayed if there is an issue. Though its use is not recommended,
the -force keyword
can be used to suppress these warning messages.
CAUTION:
Use of this option
is not recommended.
Usage:
Install or update
system session keys when necessary due to expiration and/or
capacity needs.
Example:
license key sampleKeyValue
no license key
line
Enters the terminal
display line configuration mode.
Privilege:
Security Administrator,
Administrator
Usage:
Change the terminal
display configuration based upon the users own terminal characteristics.
link-aggregation
Configures system
MAC address and priority for Link Aggregation. These parameters
are usually changed to match the feature requirements of the remote
Ethernet switch.
Product:
WiMAX, PDSN, HA, FA,
GGSN, SGSN
Privilege:
Security Administrator,
Administrator
Syntax
link-aggregation { system-mac { MAC_address | auto } | system-priority priority } [-noconfirm ]
{ default | no } link-aggregation { system-mac | system-priority
} [-noconfirm ]
default
Resets the configuration
to the default.
system-mac { MAC_address | auto }
Sets the system MAC
address used along with the system priority to form the system ID.
MAC_address is
manually entered as six groups of two hexadecimal digits separated
by hyphens (for example, 01-23-45-67-89-ab).
Auto is the default
and is the MAC address of the LAG master port.
system-priority priority
This command sets
the system priority used by Link Aggregation Control Protocol (LACP) to
form the system ID.
priority is
a hexadecimal value from 0x0000 through 0xFFFF. Default is 0x8000
(32768).
-noconfirm
Executes the command
without additional prompting for command confirmation.
Usage:
The system MAC address
(6 bytes) and system priority (2 bytes) combine to form the system
ID. A system consists of a packet processing card and its associated
QGLC or XGLC traffic ports. The highest system ID priority (the
lowest number) handles dynamic changes.
For additional usage
and configuration information for the link aggregation feature,
refer to the System
Administration Guide.
IMPORTANT:
Not supported on all
platforms
Example:
The following command
configures the link aggregation system-priority to 10640 (
0x2990):
link-aggregation system-priority 0x2990
local-policy-service
This command enables
creating, configuring, or deleting a local QoS policy.
Privilege:
Security Administrator,
Administrator
Syntax
local-policy-service name [ -noconfirm ]
no local-policy-service name
no
Deletes the specified
local QoS policy service from the system.
name
Specifies name of
the local QoS policy service as an alphanumeric string of 1 through
63 characters.
IMPORTANT:
The name must
be unique across all contexts.
If the named local
QoS policy service does not exist, it is created, and the CLI mode
changes to the Local Policy Service Configuration Mode wherein the
local QoS policy service can be configured.
If the named local
QoS policy service already exists, the CLI mode changes to the Local Policy
Service Configuration Mode for that local QoS policy service.
-noconfirm
Specifies that the
command must execute without prompting for confirmation.
Usage:
Use this command to
specify a local QoS policy service name to allow configuration of
a local QoS policy service.
IMPORTANT:
This feature is license
dependent. Please contact your local sales representative for more information.
A local QoS policy
service can be used to control different aspects of a session, such
as QoS, data usage, subscription profiles, or server usage, by means
of locally defined policies.
Local QoS policies
are triggered when certain events occur and the associated conditions are
satisfied. For example, when a new call is initiated, the QoS to
be applied for the call could be decided based on the IMSI, MSISDN,
and APN.
IMPORTANT:
A maximum of 16 local
QoS policy services are supported.
Entering this command
results in the following prompt:
[context_name]hostname(config-local-policy-service)#
Local Policy Service
Configuration Mode commands are defined in the Local Policy Service
Configuration Mode Commands chapter.
Example:
The following command
creates a local QoS policy service named
lctest and
enters the Local Policy Service Configuration Mode:
local-policy-service lctest
local-user allow-aaa-authentication
Enables or disables
the use of administrative accounts other than local-user administrative
accounts.
Privilege:
Security Administrator,
Administrator
Syntax
[ default | no ] local-user
allow-aaa-authentication
default
Returns this parameter
to its default setting of enabled.
no
Disables administrative
user accounts other than local-user accounts.
Usage:
Local-user administrative
accounts are separate from other administrative user accounts configured
at the context level (Security Administrator, Administrator, Operator,
and Inspector).
Context-level administrative
users rely on the system’s AAA subsystems for validating user
names and passwords during login. This is true for both administrative
user accounts configured locally through a configuration file or
on an external RADIUS server.
Since the T1.276-2003
password security mechanisms are supported only for local-user administrative
accounts and not for the AAA-based administrative accounts, this
command provides a mechanism for disabling AAA-based administrative
accounts.
By default, AAA-based
administrative accounts are allowed.
Example:
The following command
forces the system to authenticate local-user accounts based only
on the information in the security account file on its CompactFlash:
no local-user allow-aaa-authentication
local-user lockout-time
Configures the lockout
period for local-user administrative accounts.
Privilege:
Security Administrator,
Administrator
Syntax
local-user lockout-time time
default local-user
lockout-time
default
Restores the parameter
to its default setting.
time
Default: 60
Specifies the amount
of time (in minutes) that must elapse before a previously locked-out local-user
account can attempt to login again. time is
an integer from 1 through 10080.
Usage:
Local-user administrative
accounts can become locked for reasons such as exceeding the configured
maximum number of login failures.
Once an account is
locked, this parameter specifies the lockout duration. Once the
amount of time configured by this parameter has elapsed, the local-user
can once again attempt to login.
Example:
The following command
configures a lockout time of
120 minutes
(2 hours):
local-user lockout-time 120
local-user max-failed-logins
Configures the maximum
number of failed login attempts a local-user can have before their
account is locked out.
Privilege:
Security Administrator,
Administrator
Syntax
local-user max-failed-logins number
[ default | no ] local-user
max-failed-logins
no
Disables this functionality.
default
Restores this parameter
to its default setting.
number
Default: 5
Specifies the maximum
number of times a local-user could experience a login failure before their
account is locked out. number is
an integer from 2 through 100.
Usage:
This command configures
the maximum number of failed login attempts a local-user can have
before their account is locked out. For example if, this parameter
is configured to “3” then after the third failed
login attempt, the account would be locked.
IMPORTANT:
Local-user accounts
can be configured to either enforce or reject a lockout due to the maximum
number of failed login being reached. Refer to the local-user username command
for more information.
Refer to the local-user lockout-time command
for more information.
Example:
The following command
configures a maximum of three login attempts:
local-user max-failed-logins 3
local-user password
Configures local-user
administrative account password properties.
Privilege:
Security Administrator,
Administrator
Syntax
local-user password { [ complexity { ansi-t1.276-2003 |
none } ] [ history length number [ duration days ] ] [ max-age days ] [ min-change-char number ] [ min-change-interval days ] [ min-length number ] }
no local-user password { [ history ] [ max-age ] [ min-change-interval ] }
default local-user
password { [ complexity ] [ history ] [ max-age ] [ min-change-char ] [ min-change-interval ] [ min-length ] }
no
Disables the specified
parameter.
default
Restores the specified
parameter to its default setting.
[ complexity { ansi-t1.276-2003 | none } ]
Default: ansi-t1.276-2003
Specifies the password
strength as one of the following:
- ansi-t1.276-2003: If this option
is selected, the following rules are enforced:
- Passwords may not
contain the username or the reverse of the username
- Passwords may contain
no more than three of the same characters used consecutively
- Passwords must contain
at least three of the following:
uppercase alpha character
lowercase alpha character
numeric character
special character
- none: No additional
password checks are performed.
[ history length number [ duration days ] ]
Default: length is
5
Specifies the number
of previous password entries kept in the history list maintained
by the system. A password cannot be reused if it is one of the entries
kept in the history list unless the time it was last used was more
than the number of days specified by the duration keyword.
If the duration keyword
is not used, the only check performed by the system is that it is
not in the history list.
number is
the number of entries for each account stored in the history list
entered as an integer from 1 through 100. days is
the number of days during which a password can not be reused entered
an integer from 1 through 365.
[ max-age days ]
Default: 90
Specifies the maximum
age for a password. Users logging in with a password older than
the specified limit are locked out. Once the lockout period expires,
at their next login attempt, they are prompted to change their password
before accessing the CLI.
IMPORTANT:
Local-user accounts
can be configured to either enforce or reject a lockout due to a password’s
maximum age being reached. Refer to the local-user username command
for more information.
days is
the number of days that passwords remain valid entered as an integer
from 1 through 365.
[ min-change-char number ]
Default: 2
Specifies the minimum
number of characters that must be changed (in comparison to the current
password) when a user changes their password.
IMPORTANT:
Changes in password
length are counted as “character” changes. For
example: changing a password from “password” to “passwo” is
a 2-character change, changing a password from “password” to “password2” is
a 1-character change, and changing a password from “password” to “apassword” is
a 9-character change.
number is
the number of characters entered as an integer from 0 through 16.
[ min-change-interval days ]
Default: 1
Specifies the frequency
that passwords can be changed (other than first login).
days is
the minimum number of days that must pass before a user can change
their password. It is an integer from 1 through 365.
IMPORTANT:
If the no local-user password
min-change-interval command is used, users may change
their password as often as desired which could allow them to circumvent
the password history function.
[ min-length number ]
Default: 8
Specifies the minimum
length allowed for user-defined password.
number is
the minimum number of alphanumeric characters that the password
must contain, entered as an integer from 3 through 32.
Usage:
This command is used
to set the property requirements for user-defined passwords and system
behavior in relation to those passwords.
Information pertaining
to user passwords, login failures, and password history are stored on
the packet processing cards and in the software’s Shared
Configuration Task (SCT).
The system uses the
information in the SCT for runtime operations such as determining password
ages and determining if new passwords meet the criteria specified
by this command.
Example:
The following command
configures a minimum password length requirement of
6 characters:
local-user password
min-length 6
The following command
configures the system to store the
4 most recently
used passwords per user-account in the history list:
local-user password
history length 4
local-user username
Adds or removes local-user
administrative accounts.
Privilege:
Security Administrator,
Administrator
Syntax
local-user username name [ authorization-level
{ administrator | inspector | operator | security-admin } ] [ ecs | noecs ] [ ftp | noftp ] [ timeout-min-absolute time ] [ timeoute-min-idle time ] [ no-lockout-login-failure ] [ no-lockout-password-aging ] password password
no local-user username name
no
Removes a previously
configured user.
name
Specifies the name
of the user as an alphanumeric string of 3 through 16 characters
that is case sensitive.
[ authorization-level { administrator | inspector | operator | security-admin } ]
Default: Operator
Configures the authorization
level for the user as one of the following:
- administrator:
Administrator users have read-write privileges and can execute any
command throughout the CLI except for a few security functions allowed
only in the administrator mode. Administrators can configure or
modify the system and are able to execute all system commands, including
those available to the operator and inspector user. This level corresponds
to the both the System Administrator and Application Administrator
levels in the T1.276-2003.
- inspector:
Inspector users are limited to a small number of read-only Exec
Modecommands.The bulk of these are “show” commands
giving the inspector the ability to view a variety of statistics
and conditions. The Inspector cannot execute show configuration
commands and do not have the privilege to enter the Config Mode.
- operator:
Operator users have read-only privileges to a larger subset of the
Exec Mode commands as depicted in the following figure. Operator
users can execute all commands that are part of the inspector mode,
plus some system monitoring, statistical, and fault management functions.
Operators do not have the ability to enter the Config Mode.
- security-admin:
Security Administrator users have read-write privileges and can
execute any command throughout the CLI. Security Administrators can
execute all system commands, including those available to the administrator,
operator, and inspector users. This level corresponds to both the
System Security Administrator and Application Security Administrator
levels in T1.276-2003.
[ ecs | noecs ]
Specifies whether
or not the user has access to Active Charging Service configuration parameters.
- ecs: The
user has access.
- noecs: The
user does not have access.
Default: ecs
[ ftp | noftp ]
Default: ftp
Specifies whether
or not the user is allowed to access the system via the File Transfer Protocol
(FTP) and/or the Secure File Transfer Protocol (SFTP).
- ftp: The
user has access.
- noftp: The
user does not have access.
[ timeout-min-absolute time ]
Default: 0
Specifics the maximum
session time (in minutes) for this user. time is
an integer from 0 through 525600. A value of “0” indicates
no limit.
IMPORTANT:
This limit applies
only to the user’s CLI sessions.
[ timeout-min-idle time ]
Default: 0
Specifics the maximum
idle time (in minutes) for this user. time is
an integer from 0 through 525600. A value of “0” indicates
no limit.
IMPORTANT:
This limit applies
only to the user’s CLI sessions.
[ no-lockout-login-failure ]
Default: Disabled
Specifies that this
user will never be locked out due to login attempt failures.
[ no-lockout-password-aging ]
Default: Disabled
Specifies that this
user will never be locked out due to the age of their password.
password password
Specifies the initial
password for this user. password must
an alphanumeric string of 6 through 32 characters that is case sensitive.
IMPORTANT:
The user is requested
to change their password upon their first login.
Usage:
The ability to configure
administrative local-users is provided in support of the login security
mechanisms specified in ANSI T1.276-2003.
Like administrative
users configured at the context level, local-users can be assigned
one of 4 security levels:
Local-User
Level User |
Context
Level User |
Security Administrator
|
Administrator
|
Administrator
|
Config-Administrator
|
Operator
|
Operator
|
Inspector
|
Inspector
|
Local-user configuration
support is handled differently from that provided for administrative
users configured at the context level.
Context-level administrative
users rely on the system’s AAA subsystems for validating user
names and passwords during login. This is true for both administrative
user accounts configured locally through a configuration file or
on an external RADIUS server. Passwords for these user types are
assigned once and are accessible in the configuration file.
Local-user account
information (passwords, password history, lockout states, etc.)
is maintained in non-volatile memory and in the software’s
Shared Configuration Task (SCT). This information is maintained
in a separate file – not in configuration files used by
the system. As such, the configured local-user accounts are not
visible with the rest of the system configuration.
Local-user and context-level
administrative accounts can be used in parallel.
Example:
The following command
configures a security-administrator level local-user administrative account
for a user named
User672 that
has FTP privileges, a temporary password of
abc123, and
that does not lockout due to either login attempt failures or password
aging:
local-user username
User672 authorization-level security-admin ftp no-lockout-login-failure
no-lockout-password-aging password abc123
The following command
deletes a previously configured local-user administrative account called
admin32:
no local-user username admin32
logging console
Enables the output
of logged events to be displayed on the console terminal.
Privilege:
Security Administrator,
Administrator
Syntax
[ no ] logging console
no
Disables the output
of events to the console port.
Usage:
Log console output
to allow for offline review during system monitoring and/or
trouble shooting.
logging disable
Enables/disables
the logging of the specified event ID or range of IDs.
Privilege:
Security Administrator,
Administrator
Syntax
logging disable eventid id [ to to_id ]
no logging disable
eventid id [ to to_id ]
no
Indicates the event
IDs specified are to be enabled for logging.
eventid id
Specifies the event
for which no logging is to occur. id must
be a integer from 1 through 100000.
to to_id
Specifies the end
ID of the events when a range of event ID is to be disabled from
being logged. to_id must
be an integer from 1 through 100000. The to_id must
be equal to or larger than the id specified.
Usage:
Disable common events
which may occur with a normal frequency are not of interest in monitoring
the system for troubles.
Example:
The following commands
disables the logging of event ID 4580 and the range of events from 4500
through 4599, respectively.
logging disable eventid
4580 4580
logging disable eventid
4500 to 4599
The following enables
the subset of disabled event IDs:
no logging disable
eventid 4500 to 4549
logging display
Configures the level
of detail for information to be logged.
Privilege:
Security Administrator,
Administrator
Syntax
logging display event-verbosity evt_level ] [ pdu-data format ] [ pdu-verbosity pdu_level ]
event-verbosity evt_level
Specifies the level
of verboseness to use in logging of events as one of:
pdu-data format
Specifies output
format for
packet data units when logged as one of:
- none: outputs in
raw format
- hex; displays out
in hexadecimal format
- hex-ascii; displays
output in hexadecimal and ASCII similar to a main-frame dump
pdu-verbosity pdu_level
Specifies the level
of verboseness to use in logging of packet data units as an integer
from 1 through 5, where 5 is the most detailed.
Usage:
Tune the level of
information to be logged so as to avoid flooding a log file with information
which is not useful or critical.
Example:
The following sets
the logging display for events to the maximum.
logging display event-verbosity
full
The following command
sets the logging display level of detail for packet data units to
level
3 and
sets the output format to the main-frame style
hex-ascii:
logging display pdu-data
hex-ascii pdu-verbosity 3
logging filter
Configures the logging
of events to be performed in real time for the specified facility.
Privilege:
Security Administrator,
Administrator
Syntax
logging filter runtime
facility facility level report_level [ critical-info | no-critical-info ]
facility facility
Specifies the facility
to modify the filtering of logged information. The following list displays
the valid facilities for this command:
level report_level [ critical-info | no-critical-info ]
level report_level:
specifies the level of information to be logged,
report_level,
as one of:
- critical
- debug
- error
- info
- trace
- unusual
- warning
critical-info | no-critical-info:
indicates if critical information is to be displayed or not. The
keyword critical-info specifies
that events with a category attribute of critical information are
to be displayed. Examples of these types of events can be seen at
bootup when system processes and tasks are being initiated. The no-critical-info keyword
specifies that events with a category attribute of critical information are
not to be displayed.
Usage:
This command is useful
when it is necessary to get real time output of events. Event output may
be cached otherwise which may make it difficult to trouble shoot
problems which do not allow the last cache of events to be output
prior to system problems.
CAUTION:
Issuing this command
could negatively impact system performance depending on system loading,
the log level, and/or the type of facility(ies) being logged.
Example:
Set real time output
for the point-to-point protocol facility and all facilities, respectively,
to avoid logging of excessive information.
logging filter runtime
facility ppp
logging filter runtime
facility all level warning
logging monitor
Enables or disables
the monitoring of a specified user.
Privilege:
Security Administrator,
Administrator
Syntax
[ no ] logging
monitor {ipaddr ip_address | msid ms_id | username user_name}
no
Disables the monitoring
of the user specified by the options given.
ipaddr ip_address
Specifies the IP address
of the user for which the monitoring filter is to be set. ip_address must
entered using IPv4 dotted-decimal notation.
msid ms_id
msid ms_id:
specifies the mobile subscriber ID for which the monitoring filter
is to be set. ms_id must be
from 7 to 16 digits.
This
keyword/option can be used to specify the Mobile Subscriber
ISDN (MSISDN) for GGSN calls which enables logging based on MSISDN.
username user_name
username user_name:
specifies a user for which the monitoring filter is to be set. user_name must refer
to a previously configured user.
Usage:
Monitor subscribers
which have complaints of service availability or to monitor a test
user for system verification.
CAUTION:
Issuing this command
could negatively impact system performance depending on the number
of subscribers for which monitoring is performed and/or
the amount of data they’re passing.
Example:
The following command
enables the monitoring of user
user1 and
mobile subscriber ID 4441235555, respectively.
logging monitor username user1
logging monitor msid 44441235555
The following disables
the monitoring of user
user1.
no logging monitor
username user1
logging runtime
Enables events to
be filtered and logged in real time.
Privilege:
Security Administrator,
Administrator
Syntax
logging runtime buffer
store { all-events | filtered-events-only }
buffer store { all-events | filtered-events-only }
Determines which logs
are stored in internal logging daemon runtime buffer.
- all-events:
Logging daemon runtime buffer stores all logs that come to it.
- filtered-events-only:
Logging daemon runtime buffer stores only logs that pass the runtime
filter.
Usage:
Sets the filtering
of logged information to log in real time.
Example:
The following command
enables storage of logs that pass the runtime filter:
logging runtime buffer
store filtered-events-only
lte-policy
This command enters
the LTE Policy Configuration Mode where LTE policy parameters can
be configured.
Usage:
Enters the LTE Policy
Configuration Mode.
Entering this command
results in the following prompt:
[
context_name]
hostname(lte-policy)#
LTE Policy Configuration
Mode commands are defined in the LTE Policy Configuration
Mode Commands chapter.
mediation-device
This command is obsolete.
Even though the CLI accepts the command no function is performed.
Privilege:
Security Administrator,
Administrator
Syntax
[ no ] mediation-device
mode { tcs }
network-overload-protection
This command configures
an attach rate throttle mechanism to control the number of new connections
(attaches or inter-SGSN RAUs), through the SGSN, on a per second basis.
Privilege:
Security Administrator,
Administrator
Syntax
network-overload-protection
sgsn-new-connections-per-second #_new_connections action { drop | reject
with cause { congestion | network failure } } [ queue-size
queue_size ] [ wait-time
wait_time ]
default network-overload-protection
sgsn-new-connections-per-second
default
Using default in
the command, disables this attach rate throttle feature that provides
network overload protection.
sgsn-new-connections-per-second #_new_connections
Define the number
of new connections to be accepted per second.
#_new_connections: Must
be an integer from 50 to 5000.
action
Specifies the action
to be taken by the SGSN when the attach rate exceeds the configured limit
on the number of attaches. Select one of the following actions:
- drop: Drop the new
connection request.
- reject-with-cause: Reject the new connection
request. Include one of the following as the cause in the reject message:
- congestion
- network failure
queue-size queue_size
Defines
the maximum size of the pacing queue used for buffering the packets.
If configured, the queue-size should be greater than or equal to
the #_new_connections value
and less than or equal to the optimal value (the wait_time * #_new_connections).
This validation is done in the CLI.
queue_size Must
be an integer from 250 to 25000.
Default: unconfigured.
The default value is the #_new_connections * wait-time.
This will be the optimal value.
wait-time wait_time
Defines
the maximum life-time (number of seconds) of the packets in the
queue beyond which the packets are considered to be “stale”.
wait_time Must
be an integer from 1 to 15
Default: 5
Usage:
Use this command to
configure the rate at which the SGSN must process new connection requests.
The rate is the number of new connections to be accepted per second.
With basic network
overload protection, the incoming new connection rate is higher
than this configured rate. When this occurs, all of the new connection
requests cannot be processed. This command can also be used to configure
the action to be taken when the rate limit is exceeded. The new
connection requests, which cannot be processed, can be either dropped
or rejected with a specific reject cause.
The SGSN’s optimized network
overload protection performs attach-rate throttling to avoid overloading
Gr, Gn and Gf interfaces. This is enabled with queue-size and wait-time keywords
so that the IMSIMgr throttles the attach rate to values configured
with these keywords.
If the SGSN receives
more than the configured number of attaches in a second, then the attaches
are buffered in the pacing queue and requests are only dropped when
the buffer overflows due to high incoming attach rate. Messages
in the queue are processed (FIFO) until they age-out when the queued
message's lifetime crosses the configured wait-time. The wait-time
and the attach rate decide the optimal size of the queue.
Counters for this
feature are available in the show gmm-sm statistics command
display in the Network Overload Protection portion of the table.
Example:
Configure the throttle
rate or limit to 2500 attaches per second and to drop all requests
if the limit is exceeded.
network-overload-protection
sgsn-new-connections-per-second 2500 action drop
Disables the network-overload
protection feature and set the default queue size to 1000 and the
wait time to 5 seconds:
default network-overload-protection
sgsn-new-connections-per-second
Set the attach rate
to 500 per second, the action to drop, the wait time to 5 seconds,
and the queue size to be calculated (as follows:
wait_time *
#_new_connections -
i.e., 2500)
network-overload-protection
sgsn-new-connections-per-second 500 action drop wait-time 5
network-service-entity
This command creates
a new instance of an SGSN network service entity (NSE) for either
the IP environment or the Frame Relay environment.
Privilege:
Security Administrator,
Administrator
Syntax
[ no ] network-service-entity
( ip-local | peer-nsei peer_nsei_number frame-relay )
no
Deletes the network
service entity definition from the system configuration.
ip-local
Configures the local
endpoint for NS/IP and enters the NSE-IP configuration
mode. The prompt will change to:
[local]<hostname>(nse-ip-local)#
peer-nsei peer_nsei_number frame-relay
Configures a peer
NSE with frame relay connectivity. This set of keywords also provides access
to the NSE-FR Configuration mode. The prompt will change to:
[local]<hostname>(nse-fr-peer-nsei-<peer_nsei_number>)#
Usage:
Use this command to
access the configuration modes for either the IP or Frame Relay network
service entities.
Example:
Enter the NSE for
a Frame Relay configuration instance identified as 4554:
network-service-entity
peer-nsei 4554 frame-relay
network-service-entity
ip
ntp
Enters the Network
Time Protocol (NTP) configuration mode or disables the use of NTP
on the system.
Privilege:
Security Administrator,
Administrator
no
Disables the use of
NTP for clock synchronization. When omitted, NTP client support
is enabled on the chassis. By default NTP synchronization to external
servers is disabled.
IMPORTANT:
If the use of NTP
is disabled the system clock may drift over a period of time. This
may require manual updates to the system clock to synchronize the
clock with other network elements.
Usage:
Used when it is necessary
to enable or configure NTP settings. For additional information refer
to the NTP Configuration
Mode Commands chapter and the System Administration
Guide.
Example:
The following command
enters the NTP configuration mode:
ntp
The following disables
the use of the network timing protocol for system clock synchronization.
no ntp
operator-policy
This command creates
an operator policy and enters the operator policy configuration
mode. Commands for configuration of the policies are available in
the Operator Policy
Configuration Mode Commands chapter.
Privilege:
Security Administrator,
Administrator
Syntax
operator-policy (
default | name policy_name } [ -noconfirm ]
no operator-policy
( default | name policy_name }
-noconfirm
Indicates that the
command is to execute without any additional prompt and confirmation from
the user.
no
Removes the specified
operator policy from the system configuration.
default
default, in
this case, is the name of
a specific operator policy. This default policy is used when no
other defined operator policy matches the incoming IMSI.
IMPORTANT:
You should configure
this default operator policy to be it available to handle IMSIs
that are not matched with other defined policies.
name policy_name
Specifies the unique
name of an operator policy. policy_name is
entered as an alphanumeric string of 1 through 64 characters.
Usage:
Use this command to
create an operator policy and to enter the operator policy configuration
mode to define or modify policies.
An operator policy
associates APNs, APN profiles, IMEI ranges, IMEI profiles, an APN remap
table and a call-control profile to ranges of IMSIs. These profiles
and tables are created and defined within their own configuration
modes to generate sets of rules and instructions that can be reused
and assigned to multiple policies. In this manner, an operator policy
manages the application of rules governing the services, facilities
and privileges available to subscribers. These policies can override
standard behaviors and provide mechanisms for an operator to get around
the limitations of other infrastructure elements such as DNS servers
and HLRs.
The system supports
up to 1,000 operator policies, including the default operator policy.
IMPORTANT:
An operator policy
is the key element
of the Operator Policy feature. After defining an instance of an
operator policy, you must go to the SGSN Global Configuration Mode (from
the Global Configuration mode) to define the IMSI range(s). This
requirement does not hold if you are using a default operator
policy.
To see what operator
policies have already been created, return to the Exec mode and
enter the show
operator-policy all command.
Example:
The following command
accesses the default operator policy and enters the operator policy configuration
mode to view or modify the specified policy:
operator-policy default
orbem
Enters the Object
Request Broker Element Manager (ORBEM) Configuration mode.
Privilege:
Security Administrator,
Administrator
Usage:
Set the configuration
mode to allow modification of the ORBEM configuration data.
pac-standby-priority
This command has been
renamed to card-standby-priority.
Please refer to that command for details. Note that for backwards
compatibility, the system accepts this command as valid.
port atm
Identifies a physical
port on a line card that supports ATM signaling and then enters
the configuration mode for the specific interface-type. For the
commands to configure the port interface, see the CLI chapter ATM
Port Configuration Mode.
Privilege:
Security Administrator,
Administrator
Syntax
port atm slot/port
atm
Indicates the port
identified is an ATM interface port.
slot/port
To determine valid
ATM slot and port numbers, use the Exec mode’s command
show port table
slot: Identifies
the chassis slot holding the line card that supplies ATM ports.
The slot ID number can be an integer from 17 through 48.
port: Identifies
the physical port that is to be configured to support ATM signaling.
The ID number can be an integer from 1 through 4.
Usage:
Change the current
configuration mode to Ethernet Port Configuration mode.
IMPORTANT:
This command is not
supported on all platforms.
Example:
The following enters
the ATM port configuration mode for ATM port 1 on the card in slot 19:
port atm 19/1
port bits
Enters the Building
Integrated Timing Supply (BITS) port configuration mode by identifying
the BITS port on the active or standby SPIO.
Privilege:
Security Administrator,
Administrator
Syntax
port bits slot/port
bits
Identifies the BITS
port.
slot/port
slot: Identifies
the chassis slot holding the SPIO. The slot ID can be either 24
(active SPIO) or 25 (standby SPIO).
port: Identifies
the BITS port on the SPIO. The port ID number must be 4.
Usage:
Change the current
configuration mode to BITS port configuration mode.
IMPORTANT:
This command is not
supported on all platforms.
Example:
The following enters
the BITS port configuration mode for the active SPIO:
port bits 24/4
port channelized
Identifies a physical
port on a Channelized Line Card (CLC) that supports Frame Relay
signaling and creates a Frame Relay interface. This command enters
the configuration mode for the commands that configure the Frame
Relay interface and the channelized port interface. For additional
information, see the Channelized
Port Configuration Mode Commands chapter.
Privilege:
Security Administrator,
Administrator
Syntax
port channelized slot/port
channelized
Selects the channelized
frame relay interface for the selected line card and port.
slot/port
To determine valid
slots and port numbers, use the Exec mode’s command show port table to
find the channelized line card.
slot: Identifies
the chassis slot holding the Channelized Line Card that sources
Frame Relay ports. The slot ID number can be an integer from 17
through 48.
port: Identifies
the physical port that is to be configured to support Frame Relay
signaling. The ID number can only be 1.
Usage:
Change the current
configuration mode to Channelized Port configuration mode.
Example:
The following enters
the Channelized port configuration mode for port 1 on the card in
slot 20:
port channelized 20/1
port ethernet
Enters the Ethernet
Port Configuration mode for the identified port.
Privilege:
Security Administrator,
Administrator
Syntax
port ethernet slot/port
ethernet
Indicates the port
identified is an Ethernet interface port.
slot/port
Specifies the port
for which Ethernet Port Configuration mode is being entered. The
slot and port must refer to an installed card and port.
Usage:
Change the current
configuration mode to Ethernet Port Configuration mode.
Example:
The following command
enters the Ethernet Port Configuration mode for ethernet port 1
in slot 17:
port ethernet 17/1
port mac-address
virtual-base-address
This command defines
a block of 256 consecutive media access control (MAC) addresses
and enables virtual MAC addressing for Ethernet line card ports.
Not available for the XT2 platform.
Privilege:
Security Administrator,
Administrator
Syntax
port mac-address virtual-base-address MAC_Address
no port mac-address
virtual-base-address
no
Disables virtual MAC
addressing for Ethernet
line
card ports. The block of virtual MAC addresses is not saved.
MAC_Address
Specifies the beginning
address of a block of 256 MAC addresses that are used for virtual MAC
addressing.
Usage:
Use this command to
disregard the MAC addresses assigned and stored in card firmware and
assign MAC addresses for all Ethernet ports from the specified block
of virtual MAC addresses. This command does not affect the MAC addresses
on SPIO cards.
There are 65536 MAC
addresses (00:05:47:FF:00:00 - 00:05:47:FF:FF:FF) reserved for use
by customers. This range allows for the creation of 256 address
blocks each containing 256 MAC addresses (for example, 00:05:47:FF:00:00,
00:05:47:FF:01:00, 00:05:47:FF:02:00, 00:05:47:FF:03:00, 00:05:47:FF:04:00,
etc.).
CAUTION:
This configuration
requires the configuration of a valid block of unique MAC addresses
that are not used anywhere else. Use of non-unique MAC addresses
can degrade and impair the operation of your network.
IMPORTANT:
This command is not
supported on all platforms.
Example:
To enable virtual
MAC addressing for Ethernet ports on all Ethernet line cards in
the system using a block of MAC addresses starting at
00:05:47:FF:00:00, enter
the following command:
port mac-address virtual-base-address 00:05:47:FF:00:00
port rs232
Enters the RS-232
Port Configuration mode for the RS-232 console port on the specified
SPIO card. Not available on the XT2 platform.
Privilege:
Security Administrator,
Administrator
rs232
Indicates the port
identified is an RS-232 port on a SPIO card.
slot 3
Specifies the slot
of the SPIO for which RS-232 Port Configuration mode is being entered. The
slot must refer to an installed SPIO card. The specified port must
always be 3 for an RS-232 port.
The value for slot must
be either 24 or 25.
Usage:
Change the current
configuration mode to RS-232 Port Configuration mode.
Example:
The following command
enters the RS-232 Port Configuration mode for the SPIO in slot 24;
port rs232 24 3
profile-id-qci-mapping
Creates a Qos Class-Identifier-Radio
Access Network (QCI-RAN) ID mapping table or specifies an existing
table and enters the QCI Mapping Configuration mode for the system.
Syntax
[ no ] profile-id-qci-mapping name [ -noconfrm ]
no
Removes the specified
mapping table from the system
name
Creates a new or enters
an existing mapping table configuration. name must
be an alphanumeric string of 1 through 63 alphanumeric.
-noconfirm
Indicates that the
command is to execute without any additional prompt and confirmation from
the user.
Usage:
Enters the QCI-RAN
ID mapping configuration mode for an existing table or for a newly defined
table. This command is also used to remove an existing table.
Entering this command
results in the following prompt:
[context_name]hostname(config-hsgw-association-table)#
QCI Mapping Configuration
Mode commands are defined in the QCI Mapping Configuration
Mode Commands chapter.
Use
this command when configuring the HSGW eHRPD component.
IMPORTANT:
This command creates
a mapping table available to any HSGW context configured on the system.
Example:
The following command
enters the existing QCI mapping configuration mode (or creates it if
it doesn’t already exist) for a mapping table named
qci_table1:
profile-id-qci-mapping qci_table1
The following command
will remove
qci_table1 from
the system:
no profile-id-qci-mapping qci_table1
ps-network
This command creates/removes
an HNB-PS network configuration instance for Femto UMTS access over
Iu-PS/Iu-Flex interface between Home NodeB Gateway (HNB-GW) service
and PS networks elements; i.e. SGSN. This command also configures
an existing HNB-CS network instance and enters the HNB-CS Network
Configuration mode on a system.
Syntax
[ no ] ps-network ps_instance [ -noconfirm ]
no ps-network ps_instance
no
Removes the specified
HNB-PS network instance from the system.
CAUTION:
Removing the HNB-PS
network instance is a disruptive operation and it will affect all
UEs accessing SGSN(s) in specific PS core network through the HNB-GW
service.
DANGER:
If any HNB-PS Network
instance is removed from system all parameters configured in that mode
will be deleted and Iu-PS/Iu-Flex interface will be disabled.
ps_instance
Specifies the name of
the Packet Switched Core Networks instance which needs to be associated
with HNB Radio Network PLMN in HNB RN-PLMN configuration mode. If ps_instance does
not refer to an existing HNB-PS instance, the new HNB-PS network
instance is created.
ps_instance must
be an alphanumeric string of 1 through 63 characters.
-noconfirm
Indicates that the command
is to execute without any additional prompt and confirmation from
the user.
Usage:
Use this command to
enter the HNB-PS Network Configuration mode for an existing PS network
instance or for a newly defined HNB-PS network instance. This command
is also used to remove an existing HNB-PS network instance.
This configuration enables
the Iu-PS/Iu-Flex interface on HNB-GW service with CS core network
elements; i.e. MSC/VLR.
A maximum of 1 HNB-PS
networks instance which is further limited to a maximum of 256 services
(regardless of type) can be configured per system.
CAUTION:
This is a critical configuration.
The HNBs can not access SGSNs in PS core network without this configuration.
Any change to this configuration would lead to disruption in HNB
access to PS core network.
Entering this command
results in the following prompt:
[context_name]hostname(config-ps-network)#
The various parameters
available for configuration of an HNB-PS network instance are defined
in the HNB-PS Network
Configuration Mode Commands chapter.
Example:
The following command
enters the existing HNB-PS Network configuration mode (or creates
it if it doesn’t already exist) for the instance named
hnb-ps1:
ps-network hnb-ps1
The following command
will remove HNB-PS network instance
hnb-ps1 from
the system without any prompt to user:
no ps-network hnb-ps1
qci-qos-mapping
Global QCI-QoS mapping
tables are used to map QoS Class Identifier (QCI) values to appropriate
Quality of Service (QoS) parameters.
Syntax
qci-qos-mapping name [ -noconfirm ]
no
Removes the specified
mapping configuration from the system
name
Creates a new or enters
an existing mapping configuration. name must
be an alphanumeric string of 1 through 63 characters.
-noconfirm
Indicates that the
command is to execute without any additional prompt and confirmation from
the user.
Usage:
Enter the QCI-QoS
mapping configuration mode for an existing table or for a newly defined
table. This command is also used to remove an existing table.
Entering this command
results in the following prompt:
[context_name]hostname(config-qci-qos-mapping)#
QCI - QoS Mapping
Configuration Mode commands are defined in the QCI - QoS Mapping Configuration
Mode Commands chapter.
Use this command when
configuring the following eHRPD component: HSGW, P-GW, S-GW.
IMPORTANT:
This command creates
a mapping configuration available to any HSGW, P-GW, S-GW context configured
on the system.
Example:
The following command
enters the existing QCI - QoS mapping configuration mode (or creates
it if it doesn’t already exist) for a mapping configuration
named
qci-qos3:
qci-qos-mapping qci-qos3
qos npu inter-subscriber
traffic bandwidth
Configures NPU QoS
bandwidth allocations for the system.
Privilege:
Security Administrator,
Administrator
Syntax
qos npu inter-subscriber
traffic bandwidth
gold percent silver percent bronze percent best-effort percent
no qos npu inter-subscriber
traffic bandwidth
no
Removes a previous
bandwidth allocation.
gold percent
Default: 10%
Specifies the maximum
percentage of bandwidth to be allocated to the gold queue priority.
percent can
be configured to an integer from 0 through 100.
silver percent
Default: 20%
Specifies the maximum
percentage of bandwidth to be allocated to the silver queue priority.
percent can
be configured to an integer from 0 through 100.
bronze percent
Default: 30%
Specifies the maximum
percentage of bandwidth to be allocated to the bronze queue priority.
percent can
be configured to an integer from 0 through 100.
best-effort percent
Default: 40%
Specifies the maximum
percentage of bandwidth to be allocated to the best-effort queue priority.
percent can
be configured to an integer from 0 through 100.
Usage:
The bandwidth of a
subscriber queue is maintained by rate limiting functions which implement
packet-rate limiting at the first level and bit-rate limiting at
the next level.
The packet-rate limit
of a queue is defined by the number of packets-per-second (PPS) permitted
for queuing. Before queuing a packet on a subscriber queue, the
NPU ensures that the packet falls within the limit. If the packet
to be queued exceeds the packet rate limit, it is dropped.
Each subscriber queue
is configured with a bit rate limit, measured in megabits-per-second (Mbps),
referred to as CP-BPS (bit-per-second to CP). The CP-BPS is available
as the total bandwidth for the subscriber traffic that a CP can
sustain. Each subscriber queue receives an allocation of a certain
percentage of the CP-BPS. The following maximum CP-BPS values are supported:
- Lead CP (CP0) = 128
Mbps
- Remaining CPs (CP1,
CP2, CP3) = 256 Mbps
For additional information
on the NPU QoS functionality, refer to the System Administration
and Configuration Guide.
IMPORTANT:
This functionality
is not supported for use with the PDSN at this time.
Example:
The following command
configures bandwidth allocations of 20, 30, 40, and 50% for
the gold, silver, bronze, and best-effort queues respectively:
qos npu inter-subscriber
traffic bandwidth gold 20 silver 30 bronze 40 best-effort 50
Upon executing this
command, the priority queues will have the following packet processing card
CP bandwidth allocations based on the maximum CP bandwidth specifications:
Priority |
Lead
CP (CP 0) Bandwidth (Mbps) |
CP
1 through CP 3 Bandwidth (Mbps) |
Gold
|
25.6
|
51.2
|
Silver
|
38.4
|
76.8
|
Bronze
|
51.2
|
102.4
|
Best-effort
|
64
|
128
|
qos npu inter-subscriber
traffic bandwidth-sharing
Configures NPU QoS
bandwidth sharing properties for the system.
Syntax
qos npu inter-subscriber
traffic bandwidth-sharing { { enable | disable } { all | slot slot_num cpu cpu_num } }
enable
Enables bandwidth
sharing for the specified criteria.
disable
Disables bandwidth
sharing for the specified criteria.
all
Specifies that the
bandwidth action is to be applied to all packet processing cards
and every CPU on each packet processing card.
slot slot_num
Specifies that the
bandwidth action is to be applied to a packet processing card in
a specific chassis slot number.
slot_num is
the slot in which a packet processing card is installed. These cards
can be installed in slots 1 through 8 and 10 through 16 on the
ASR 5000, or 1 through 4 and 7 through 10 on the ASR 5500.
cpu cpu_num
Specifies a specific
control processor (CP) on a packet processing card for which to
perform the bandwidth action.
cpu_num is
an integer value from 0 to 3. 0 represents the lead CP.
Usage:
The available bandwidth
of a subscriber queue can be shared equally among the other subscriber
queues. Any unutilized bandwidth of a queue can be shared with the
other queues equally. For example, if only one DSCP is configured
and it is mapped to best-effort, that DSCP would get the bandwidth
allocated to the best-effort in addition to the rest of the bandwidth allocated
to the gold, silver, and bronze.
By default, the system
enables sharing for all packet processing cards and their CPs.
For additional information
on the NPU QoS functionality, refer to the System Administration
Guide.
IMPORTANT:
This functionality
is not supported for use with the PDSN at this time.
Example:
The following command
disables bandwidth sharing for the fourth CP (CP 3) on a packet processing
card installed in chassis slot 3:
qos npu inter-subscriber
traffic bandwidth-sharing disable slot 4 cpu 3
qos npu inter-subscriber
traffic priority
Configures the DSCP-to-Priority
assignments for the system.
Privilege:
Security Administrator,
Administrator
Syntax
qos npu inter-subscriber
traffic priority { best-effort | bronze | gold | silver } assigned-to
dscp { af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | be | ef | dscp_num } }
no qos npu inter-subscriber
traffic priority [ assigned-to dscp { af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | be | ef } ]
best-effort
Specifies the best-effort
queue priority.
bronze
Specifies the bronze
queue priority.
gold
Specifies the gold
queue priority.
silver
Specifies the silver
queue priority.
afXX
Assigns the Assured
Forwarding XX PHB
(per-hop behavior) DSCP.
Each Assured Forwarding
PHB has a corresponding DSCP value as follows:
- af11 through af13:
DSCP values 5 through 7 respectively
- af21 through af23:
DSCP values 9 through 11 respectively
- af31 through af33:
DSCP values 13 through 15 respectively
- af41 through af43:
DSCP values 17 through 19 respectively
be
Assigns the Best Effort
forwarding PHB which has a corresponding DSCP value of 0.
ef
Assigns the Expedited
Forwarding PHB which has a corresponding DSCP value of 23.
dscp_num
Specifies a specific
DSCP value as an integer from 0 through 31.
Usage:
The differentiated
services (DS) field of a packet contains six bits (0-5) that represent
the differentiated service code point (DSCP) value.
Five of the bits (1-5)
represent the DSCP. Therefore, up to 32 (25) DSCPs can be assigned to
the various priorities. By default, they're all assigned to the
lowest priority (best-effort).
For additional information
on the NPU QoS functionality, refer to the System Administration
Guide.
IMPORTANT:
This functionality
is not supported for use with the PDSN at this time.
Example:
The following command
maps the ef DSCP to the gold priority queue:
qos npu inter-subscriber
traffic priority gold assigned-to dscp ef
ran-peer-map
Creates a Radio Access
Network (RAN) Peer Map and enters the RAN Peer Map Configuration
Mode.
Syntax
[ no ] ran-peer-map name [ -noconfirm ]
no
Removes the RAN Peer
Map from the system.
name
Specifies the name
of the RAN Peer Map. name must
be an alphanumeric string of 1 through 31 characters.
Usage:
Use this command to
create a new RAN Peer Map or edit an existing one. RAN peer maps reconcile
base station MAC addresses received in R6 protocol messages to the
base station’s IP address.
Entering this command
results in the following prompt:
[context_name]hostname(config-ran-peer-map)#
RAN Peer Map Configuration
Mode commands are defined in the ASN RAN Peer Map Configuration
Mode Commands chapter in this guide.
Example:
The following command
creates a RAN peer map named
ran12:
ran-peer-map ran12
require active-charging
This command enables/disables
Active Charging Service (ACS)
with
or without the Category-based Content Filtering application.
Privilege:
Security Administrator,
Administrator
Syntax
require active-charging [ isolated-mode ] [ content-filtering
category [ static-and-dynamic ] ] [ optimized-mode ]
no require active-charging
no
Disables ACS on the
system.
isolated-mode
Enables ACS and separates
ACS-related resources from other sub-system resource sharing.
IMPORTANT:
In 8.1 and later releases,
this keyword is not supported.
optimized-mode
Enables ACS in Optimized
mode, wherein ACS functionality is managed by SessMgrs.
IMPORTANT:
In 8.0 and earlier
releases
and in 9.0 and later
releases, this keyword is not supported.
IMPORTANT:
In Release 8.1, ACS
must be configured in the Optimized mode.
IMPORTANT:
In Release 8.1, if
the active-charging mode is changed from the default (non-optimized) mode
to the Optimized mode, or vice-versa, the system must be rebooted
for the change to take effect.
IMPORTANT:
In Release 8.3, this
keyword is obsolete. With or without this keyword ACS is always enabled
in the Optimized mode.
Use the require active-charging command
to enable ACS in the non-optimized mode. Wherein, ACS Managers will
spawn to support ACS.
Use the require active-charging
optimized-mode command to enable ACS in the Optimized
mode. Wherein, ACS is enabled as part of Session Managers.
content-filtering category [ static-and-dynamic ]
Enables the Category-based
Content Filtering application with ACS support and creates the necessary
Static Rating Database (SRDB) tasks to utilize the internal database
of static/dynamic URLs.
For Dynamic Content
Filtering support, the static-and-dynamic keyword
must be configured to specify that the Dynamic Rater Package (model
and feature files) must be distributed to rating modules on startup,
recovery, etc. If not configured, by default, the static-only mode
is enabled.
Usage:
Use this command to
enable/disable ACS
with
or without Category-based Content Filtering application on
the chassis.
IMPORTANT:
This command triggers
the resource subsystem to switch to ACS-enabled mode and start ACS-related
tasks. This CLI command must be configured before any services are
configured, so that the resource subsystem can appropriately reserve
adequate memory for the ACS-related tasks. After configuring this
command, the configuration must be saved and the system rebooted
in order to allocate the resources for ACS upon system startup.
In 8.0 and 8.1 releases,
this command must be configured before configuring any services. This
is to ensure that the resource subsystem can appropriately reserve
adequate memory for ACS Manager tasks. If this command is configured
after all the Session Manager tasks are already active, the ACS
Manager tasks will not be started even if additional cards are added
to the chassis—instead, the chassis must be rebooted.
Example:
In Release 8.0, the
following command enables resource subsystem to configure ACS in isolated
mode:
require active-charging
isoated-mode
In Release 8.1, the
following command enables ACS in Optimized mode:
require active-charging
optimized-mode
In Release 8.3, the
following command enables ACS in Optimized mode:
require active-charging
require cipher
ssl resource-percentage
Assigns the 8 processing
cores on the PSC2 card and splits the hardware acceleration resources
between SSL protocol and IPSec protocol processing.
Product:
SCM (P-CSCF, A-BG)
Privilege:
Security Administrator,
Administrator
Syntax
require cipher ssl
resource-percentage percentage_value
default require cipher
ssl resource-percentage
percentage_value
The system converts
the specified resource percentage value to the nearest number of processing
cores assigned to SSL processing. The system assigns the remaining
processing cores to IPSec processing. This value can be within the
range of 0 to 100.
For example, if 20% of
the hardware acceleration resources are assigned to SSL processing, the
system translates this value to INT((20*8+50)/100) = 2
processing cores assigned to SSL processing, and (8-2) = 6
processing cores assigned to IPSec processing.
default
Sets the default percentage
value to 0%, assigning all 8 processing cores to IPSec processing.
Usage:
Use this command to
split the 8 processing cores on the PSC2 card between SSL protocol and
IPSec protocol processing.
Example:
The following command
assigns 20% of the hardware acceleration resources on the
PSC2 card (2 processing cores) to SSL processing, and 80% of
the hardware acceleration resources (6 processing cores) to IPSec
processing:
require cipher ssl
resource-percentage 20
require demux card
This command enables
or disables the demux capabilities.
Privilege:
Security Administrator,
Administrator
Syntax
[ default | no ] require
demux card
default
Disables the demux
capabilities on the card.
no
Disables the demux
capabilities on the card.
Usage:
Use this command configure
the system to allow session recovery task placement scheme when
session recovery is off.
IMPORTANT:
This command is not
supported on all platforms.
Example:
The following command
enables demux capabilities:
require demux card
require detailed-rohc-stats
Enables or disables
context-specific Robust Header Compression (RoHC) statistics.
Syntax
[ no ] require
detailed-rohc-stats
no
Disables statistics
for RoHC calls. This is the default condition.
Usage:
Enables context-specific
statistics for RoHC calls.
Example:
Enter the following
command to enable context specific statistics for RoHC calls:
require detailed-rohc-stats
require diameter-proxy
This command enables
or disables Diameter Proxy mode.
Privilege:
Security Administrator,
Administrator
Syntax
require diameter-proxy { master-slave | multiple | single }
no require diameter-proxy
no
Disables Diameter
Proxy mode.
Default: no require
diameter-proxy
master-slave
Sets the Diameter-Proxy
to Master-Slave mode.
In Master-slave mode,
multiple Diameter proxies run on system, one on each packet processing
card where one of them acts as Master and other Diameter proxies
act as Slave.
In such mode, the
Master proxy relays the traffic across multiple Slave Diameter proxies.
multiple
To configure one Diameter
proxy for each active packet processing card.
single
To configure one Diameter
proxy for the entire chassis.
Usage:
When the Diameter
Proxy mode is enabled, each proxy process is a Diameter host, instead of
requiring every Diameter application user (such as, every ACSMgr
and/or every SessMgr, depending on the application) to
be a host.
In Master-slave mode,
multiple Diameter proxies runs on system, one on each packet processing
card where one of them acts as Master and other Diameter proxies
act as Slave.
In such mode Master
relays the traffic from an incoming connection to a specific Slave Diameter
proxy.
Example:
To configure a Diameter
proxy for each active packet processing card, enter the following command:
require diameter-proxy multiple
To configure a single
Diameter proxy for the entire chassis, enter the following command:
require diameter-proxy single
require ecs credit-control
subscriber-mode
This command configures
the Diameter Credit-Control Application (DCCA) to work in per subscriber-PDN
level Gy mode.
Privilege:
Security Administrator,
Administrator
Syntax
[ no ] require
ecs credit-control subscriber-mode
no
Creates DCCA/Gy
sessions per bearer/PDP-context.
Usage:
This command is applicable
to all products using the Gy interface. Use this command to configure
DCCA/Gy to work in per subscriber-PDN level Gy mode, wherein
one Diameter session is created per subscriber PDN rather than per
bearer, and only one DCCA/Gy session is created for multi-bearer
PDNs.
If this command is
not configured, or the no
require ecs credit-control subscriber-mode command is
configured, DCCA/Gy sessions are created per bearer/PDP-context,
and as a result when there are multiple PDP contexts or multiple
bearers in a PDN as many DCCA/Gy sessions are created.
IMPORTANT:
This command will take
effect only when the system is booted/rebooted. When configured after
the system comes up, the command will be accepted but will not be
applied until after the system is rebooted with the saved configuration.
IMPORTANT:
This command is independent
of the require
active-charging command. The ecs keyword
in this command is license dependent.
require session
recovery
Enables session recovery
when hardware or software fault occurs within system.
Product:
GGSN, ASN-GW, HA,
HSGW, LNS
, MME, PDG/TTG,
PDIF, PDSN
, P-GW, SGSN
Privilege:
Security Administrator,
Administrator
Syntax
[ no ] require
session recovery
no
Disables session recovery
feature after configuration file is saved and system is restarted.
Usage:
When this feature
is enabled, the system attempts to recover any home agent-based
Mobile IP sessions that would normally be lost due to a hardware
or software fault within the system.
This functionality
is available for the following call types:
-
ASN-GW services supporting
simple IP, Mobile IP, and Proxy Mobile IP
- PDSN services supporting
simple IP, Mobile IP, and Proxy Mobile IP
- HA services supporting
Mobile IP and/or Proxy Mobile IP session types with or without
per-user Layer 3 tunnels
-
GGSN services for
IPv4 and PPP PDP contexts
-
SGSN services for
all attached and/or activated subscribers
- LNS session types
-
PDIF services supporting
Simple-IP, Mobile-IP and Proxy Mobile-P
-
MME services
The default setting
for this command is disabled.
The no option
of this command disables this feature.
This command only works when
the Session Recovery feature is enabled through a valid Session
and Feature Use License Key.
IMPORTANT:
After entering this
command, you must restart the system for the command takes effect. Remember
to save the configuration file before issuing the reload command.
reveal disabled
commands
Enables the input
of commands for features that do not have license keys installed.
The output of the command show cli indicates
when this is enabled. This command effects all future CLI sessions.
This is disabled by default.
Privilege:
Security Administrator,
Administrator
Syntax
[ no ] reveal
disabled commands
no
Do not show disabled
commands.
Usage:
When this is enabled
and a disabled command is entered, a message is displayed that informs
you that the required feature is not enabled and also lists the
name of the feature that you need to support the command.
When this is disabled
and a disabled command is entered, the CLI does not acknowledge the
existence of the command and displays a message that the keyword
is unrecognized.
Example:
Set the CLI to accept
disabled commands and display the required feature for all future
CLI sessions with the following command:
reveal disabled commands
Set the CLI to reject
disabled commands and return an error message for all future CLI sessions:
no reveal disabled commands
rohc-profile
This command allows
you to create an RoHC (Robust Header Compression) profile and enter
the RoHC Profile Configuration Mode. This mode is used to configure
RoHC Compressor and Decompressor parameters. RoHC profiles can then
be assigned to specific subscriber sessions when RoHC header compression
is configured.
Privilege:
Security Administrator,
Administrator
Syntax
rohc-profile profile-name name [ -noconfirm ] [ common-options | compression-options | decompression-options ]
no rohc-profile profile-name name
common-options
Configures common
parameters for compressor and decompressor.
compression-options
Configures ROHC compression
options.
decompression-options
Configures ROHC decompression
options.
no
Remove the specified
RoHC profile.
name
The name of the RoHC
profile to create or remove. name must be
an alphanumeric string of 1 through 63 characters.
-noconfirm
Do not prompt for
additional verification when executing this command.
Usage:
Use this command to
enter the RoHC Profile Configuration mode.
Entering this command
results in the following prompt:
[context_name]host(config-rohcprofile-<profile_name>)#
RoHC Profile Configuration
Mode commands are defined in the RoHC Profile Configuration
Mode Commands chapter.
Example:
Enter the following
command to create an RoHC profile named
HomeUsers and
enter the RoHC Configuration mode without prompting for verification:
rohc-profile profile-name HomeUsers
The following command
removes the RoHC profile named
HomeUsers:
no rohc-profile profile-name HomeUsers
sccp-network
This command creates
or removes a Signaling Connection Control Part (SCCP) network instance
which is used to define the SS7 end-to-end routing in a UMTS network.
As well, this command enters the SCCP network configuration mode.
The SGSN supports up to 12 SCCP network instances at one time.
Privilege:
Security Administrator,
Administrator
Syntax
sccp-network sccp_net_id [ -noconfirm ]
no sccp-network sccp_net_id
no
Remove the SCCP network
configuration with the specified index number from the system configuration.
sccp_net_id
This number identifies
a specific SCCP network configuration.
sccp_net_id: must
be an integer from 1 through 12.
-noconfirm
Indicates that the
command is to execute without any additional prompt and confirmation from
the user.
Usage:
Use this command to
create or modify an SCCP network and enter the SCCP network configuration
mode.
The SCCP network is
not a standard SS7 or UMTS concept - this concept is specific to
this platform.
For
details about the commands and parameters needed to create and edit
the SCCP Network configuration, check the SCCP Network Configuration
Mode chapter.
Example:
The following command
creates an SCCP network with the index number of
1:
sccp-network 1
The
following command creates an SCCP network with the index number
of
2 to
associate with HNB-GW service for HNB access network users without
any prompt.:
sccp-network 2 -noconfirm
sctp-parameter-template
This command
allows you to create an SCTP parameter template and enter the SCTP
Parameter Template Configuration Mode. This mode is used to configure
parameters for SCTP associations.
Syntax
[ no ] sctp-param-template name
no
Removes the specified
SCTP parameter template from the system.
name
Specifies the name
of the SCTP parameter template being created or accessed. name must
be an alphanumeric string of 1 through 63 characters.
Usage:
Use
this command to enter the SCTP Parameter Template Configuration
mode.
Entering
this command results in the following prompt:
[context_name]host(sctp-param-template)#
SCTP
Parameter Template Configuration Mode commands are defined in the SCTP Parameter Template
Configuration Mode Commands chapter.
Example:
The following command
creates a new SCTP parameter template or enters an existing template
named
sctp-tmpl2:
sctp-param-template
sctp-tmpl2
session trace
This command configures
the type of network elements, file transfer protocol, and Trace
collection entity mode to be used for the transportation of trace
files collected for the subscriber session tracing on the UMTS/EPC
network element(s) along with network connection parameters and
timers.
Product:
GGSN, MME, P-GW,
S-GW
Syntax
session trace network-element { all | mme | pgw | sgw | ggsn } [ collection-timer sec ] [ tce-mode { none | push transport
sftp path string username name { encrypted
password enc_pw | password password } } ]
no session trace network-element { all | mme | pgw | sgw | ggsn }
no
Removes the entire
session trace configuration from the system or a specific network element
trace configuration.
network-element { all | mme | pgw | sgw | ggsn }
Identifies the type
of service to the session trace application in order to determine
the applicable interfaces.
all: Specifies
that all network elements and their associated interfaces are to
be made available to the session trace application.
ggsn: Specifies
that the GGSN as network element and its associated interfaces is
to be made available to the session trace application.
mme: Specifies
that the MME as network element and its associated interfaces is
to be made available to the session trace application.
pgw: Specifies
that the P-GW as network element and its associated interfaces is
to be made available to the session trace application.
sgw: Specifies
that the S-GW as network element and its associated interfaces is
to be made available to the session trace application.
collection-timer sec
Specifies the amount
of time (in seconds) to wait from initial activation/data
collection before data is reported to the Trace Collection Entity
(TCE). sec must be
an integer from 0 through 255.
tce-mode none
Specifies that session
trace files are to be stored locally and must be pulled by the TCE.
tce-mode push transport
sftp path string username name { encrypted
password enc_pw | password password }
Specifies that session
trace files are to be pushed to the Trace Collection Entity (TCE).
sftp: Specifies
that Secure FTP is used to push session trace files to the TCE.
path string:
Specifies the directory path on the TCE where files will be placed.
username name: Specifies
the username to be used when pushing files to the TCE.
encrypted password enc_pw: Specifies
the encrypted password to be used when pushing files to the TCE.
password password:
Specifies the password to be used when pushing files to the TCE.
Usage:
Use this command to
configure the file transfer methods and modes for subscriber session trace
functionality and to how and where session trace files are sent
after collection.
This
configuration contains collection timer, UMTS/EPC network
element, type of file transfer, and user credentials setting to
send the collected trace files to the TCE.
Example:
The following command
configures the collection time for session traces to
30 seconds,
identifies the network element as all elements (GGSN, MME, S-GW,
and P-GW), and pushes session trace files to a TCE via SFTP into
a directory named
/trace/agw using
a username
admin and
a password of
pw123:
session trace network-element
all collection-timer 30 tce-mode push transport sftp path /trace/agw
username admin password pw123
The following command
configures the collection time for session traces to
30 seconds,
identifies the network element as an MME, and pushes session trace
files to a TCE via SFTP into a directory named
/trace/sgw using
a username
admin and
a password of
pw123:
session trace network-element
mme collection-timer 30 tce-mode push transport sftp path /trace/mme
username admin password pw123
The
following command configures the collection time for session traces
to
30 seconds,
identifies the network element as GGSN, and pushes session trace
files to a TCE via SFTP into a directory named
/trace/ggsn using
a username
admin and
a password of
pw123:
session trace network-element
ggsn collection-timer 30 tce-mode push transport sftp path /trace/ggsn
username admin password pw123
sgsn-global
This command gives
access to the SGSN Global configuration mode to set parameters relevant
to the SGSN and HNB-GW as a whole.
Privilege:
Security Administrator,
Administrator
Usage:
Using this command
moves into SGSN Global Configuration mode. In this mode, you can set
system-wide parameters on SGSN and HNB-GW to perform the following
tasks:
On
SGSN:
- monitoring and managing
TLLIs in the BSSGP layer.
- defining IMSI ranges
used as filters in the operator policy selection process.
Example:
Enter the SGSN Global
configuration mode with the following:
sgsn-global
snmp authentication-failure-trap
Enables or disables
the SNMP traps for authentication failures.
Privilege:
Security Administrator,
Administrator
Syntax
[ no ] snmp
authentication-failure-trap
no
Disables SNMP traps
for authentication failures. When omitted, SNMP traps for authentication
failures will be generated.
Usage:
Disables authentication
failure traps if they are not of interest. At this time the option
may be changed to support trouble shooting.
By default SNMP authentication
failure traps are disabled.
snmp community
Configures the SNMP
v1 and v2 community strings.
Privilege:
Security Administrator,
Administrator
Syntax
In StarOS 12.1 and
earlier releases:
snmp community string ] [ read-only | read-write ]
no snmp community string
no
The specified community
string is removed from the configuration.
name string
Specifies a community
string whose options are to be modified. An unencrytpted string
must be an alphanumeric string of 1 through 31 characters. An encrypted
string is an alphanumeric string of 1 through 80 characters.
context context_name
Default: community
string applies to all contexts.
Specifies a the context
to which the community string shall be applied. context_name must
be an alphanumeric string of 1 through 31 characters.
read-only | read-write
Default: read-only
Specifies if access
rights for the community string.
read-only:
the configuration may only be viewed.
read-write:
the configuration may be viewed and edited.
view view_name
Default: community
string applies to all views.
Specifies the view
to which the community string shall be applied. view_name must
be an alphanumeric string of 1 through 31 characters.
Usage:
The community strings
define the privileges of SNMP users. It may be desirable to give read-only
access to front line operators.
Example:
snmp community name plain_text_string
snmp community encrypted
name encrypted_string
snmp community name
plain_text_string context sampleContext
snmp community name
plain_text_string context sampleContext view sampleView
snmp community name
plain_text_string read-write view sampleView
no snmp community plain_text_string
snmp engine-id
Configures the SNMP
engine to use for SNMP requests when SNMPv3 agents are utilized.
Privilege:
Security Administrator,
Administrator
Syntax
snmp engine-id local id
id
Specifies the SNMPv3
engine to employ. id must
be an alphanumeric string of 1 through 31 characters.
Usage:
When SNMPv3 is used
for SNMP access to the chassis the engine ID can be used to quickly
change which schema is used for SNMP access.
IMPORTANT:
The system can send
either SNMPv1, SNMPv2c, or SNMPv3 traps to numerous target devices.
However, the Web Element Manager can only process SNMP version 1
(SNMPv1) and SNMP version 2c (SNMPv2c) traps. If the SNMP target
being configured is Web Element Manager application, then you must
not configure this command to use.
snmp heartbeat
Enables the sending
of periodic “heartbeat” notifications (traps).
Syntax
snmp heartbeat { interval [ minutes ] | second-interval [ seconds ] }
[ deafult | no ] snmp heartbeat
default
Returns the command
to its default setting of disabled.
interval [ minutes ]
Default: 60
Specifies the interval
time (in minutes) between notifications. minutes must
be an integer from 1 through 1440.
second-interval [ seconds ]
Default: 30
Specifies the secondary
interval time, in seconds, between notifications. seconds must
be an integer from 10 through 50.
Usage:
Use this command to
enable the sending of a heartbeat notification periodically to confirm a
system is up and communicating.
Example:
The following command
sets the SNMP heartbeat notification interval to 2 hours, 15 minutes
and 30 seconds:
snmp heartbeat interval
135 second-interval 30
snmp history heartbeat
Enables the recording
of heartbeat notifications in SNMP history.
Syntax
[ default | no ] snmp
history heartbeat
default
Returns the command
to the default setting of enabled.
no
Disables the history
recording feature.
Usage:
Use this command to
enable the recording of SNMP heartbeat notifications in SNMP history
files.
snmp notif-threshold
Configures the number
of SNMP notification that need to be generated for a given event
before it is propagated to the SNMP users.
Privilege:
Security Administrator,
Administrator
Syntax
snmp notif-threshold count [ low low_count ] [ period seconds ]
no snmp notif-threshold
no
Removes all SNMP notification
thresholds. All notifications will be broadcast to SNMP users.
count
Default: 100
Specifies the number
of notifications that must be generated before the next notification
is broadcast to SNMP users. count must
be an integer from 1 through 10000.
low low_count
Default: 20
Specifies the number
of notifications within the monitoring period before which any subsequent
notification for each specific event. low_count must
be an integer from 1 through 10000.
period seconds
Default: 300
Specifies the number
of seconds of the monitoring window size before any subsequent notification
may be broadcast to users. seconds must
be an integer from 10 through 3600.
Usage:
Set the notification
threshold to avoid a flood of events which may be the result of
a single failure or maintenance activity.
Example:
snmp notif-threshold 100
snmp notif-threshold
100 period 30
snmp server
Enables the SNMP server
as well the configuration of the SNMP server port.
Privilege:
Security Administrator,
Administrator
Syntax
snmp server [ port number ]
no snmp server
no
Restores the default
SNMP port assignment.
port number
Default: 161
Specifies the port
number to use for SNMP communications. number must
be an integer from 1 to 65535.
Usage:
Set the SNMP port
for communications when SNMP is enabled.
IMPORTANT:
This will result in
restarting the SNMP agent when the no keyword
is omitted. SNMP queries as well as notifications/traps
will be blocked until the agent has restarted.
Example:
snmp server port 100
no snmp server
snmp target
Configures remote
receivers for SNMP notifications.
Privilege:
Security Administrator,
Administrator
Syntax
snmp target name ip_address [ port number ] [ non-default ] [ security-name string ] [ version { 1 | 2c | 3 | view ] [ security-level { noauth | { auth | priv-auth
privacy [ encrypted ] des privpassword } authentication [ encrypted ] { md5 | sha } authpassword } } [ informs | traps ]
no snmp target name
no
Removes the specified
target as a receiver of unsolicited SNMP messages (traps).
authentication { md5 | sha } authpassword
Reads the authentication
type and password if the security level of the SNMP messages is set
to
auth or
priv-auth. Authentication
types are:
- md5: Configures
the hash-algorithm to implement MD5 per RFC 1321.
- sha: Specifies
that the hash protocol is Secure Hash Algorithm.
security-level { noauth | { auth | priv-auth
privacy [ encrypted ] des privpassword }
Sets the security
level of the SNMPv3 messages, as follows:
- noauth: No
authentication and encryption is used.
- auth: Only
authentication will be used.
- priv-auth:
Both authentication and encryption will be used.
- privacy des privpassword:
Reads the privacy type and password.
name
Specifies a logical
name to use to refer to the remote receiver. name must
be an alphanumeric string of 1 through 31 characters.
ip_address
Specifies the IP address
of the receiver. ip_address must
be specified using IPv4 dotted-decimal notation.
non-default
Specifies that this
destination is only used for SNMP traps which have been specifically identified.
port number
Default: 162
Specifies the port
which is to be used in communicating with the remote receivers. number must
be an integer from 0 through 65535.
security-name string
Default: no community
string included
Specifies the community
string to use in the unsolicited messages. string must
be an alphanumeric string of 1 through 31 characters.
version { 1 | 2c | 3 } | view
Default: 1
Specifies the SNMP
version the target supports and consequently the version of the
SNMP protocol to use for communications.
IMPORTANT:
The system can send
either SNMPv1, SNMPv2c, or SNMPv3 traps to numerous target devices.However,
the Web Element Manager can only process SNMP version 1 (SNMPv1)
and SNMP version 2c (SNMPv2c) traps. If the SNMP target being configured
is Web Element Manager application, then you must configure this
command to use version 1 or version 2c.
informs | traps
Default: traps
Specifies the type
of SNMP event to use to send notifications to SNPM targets. traps are
unacknowledged (fire and forget) whereas informs require
a response from the SNMP target.
If the notification
type is set to informs,
the notification is resent if no response is received within 5 seconds.
The notification is resent at most two times.
Usage:
The target manages
the list of remote receivers to which unsolicited messages are sent.
Use this command to add /remove a monitoring system to/from
a network.
Example:
snmp target sampleReceiver
1.2.3.4 security-name sampleComm
snmp target sampleReceiver
1.2.5.6 port 100
snmp target sampleReceiver
1.2.7.8 version 2c traps
no snmp target sampleReceiver
snmp trap
This command enables
or disables generation of specific or all SNMP traps.
Privilege:
Security Administrator,
Administrator
Syntax
snmp trap { enable | suppress } [ trap_name1
trap_name2 ... trap_nameN | all ]
enable
Enables or allows
the generation of one or more SNMP traps by the system.
suppress
Disables the generation
of one or more SNMP traps by the system.
trap_name1 trap_name2 ... trap_nameN
The name of the specific
SNMP trap to enable or disable. Multiple traps can be listed for
a single instance of this command.
IMPORTANT:
The system disregards
character case (case insensitive) when entering trap names.
all
Default: Enable All
Specifies that all
SNMP traps will be affected by the specified operation (enable or suppress).
Usage:
SNMP traps are used
by the system to indicate that certain events have occurred. A complete
listing of the traps supported by the system and their descriptions
can be found in the SNMP
MIB Reference. Additionally, a trap listing can be viewed using
the following command:
snmp trap { enable | suppress } ?
By default, the system
enables the generation of all traps. However, individual traps can
be disabled allowing only traps of a certain type or alarm level
to be generated. This command can be used to disable un-desired
traps and/or re-enable previously suppressed traps.
Example:
The following command
suppresses the LogMessage trap:
snmp trap suppress logmessage
The following command
suppresses the
CLISessEnd and
CLISessStart:
snmp trap suppress
clisessend clisessstart
snmp trap-timestamps
Adds an additional
system-time varbind to generated traps.
Privilege:
Security Administrator,
Administrator
Syntax
[ no ] snmp
trap-timestamps
no
Disables the adding
of timestamps to generated traps.
Usage:
The timestamp added
to the generated trap reflects the current system time. The timestamp is
proprietary. This functionality is disabled by default.
IMPORTANT:
If the Web Element
Manager application is used as your alarm server, the application
relies on the timestamp provided by enabling this command to identify
duplicate traps. As a result, it is recommended that this parameter
be enabled for this case.
Example:
The following command
enables the inclusion of a timestamp with each generated trap:
snmp trap-timestamps
snmp user
Configures an SNMPv3
user for SNMP access.
Privilege:
Security Administrator,
Administrator
Syntax
snmp user user_name [ [ encrypted ] password password | engine id | group grp_name | security-model model auth [ [ encrypted ] password password ] ]
no snmp user user_name
no
Removes the specified
user from the list of valid SNMPv3 users.
user_name
Specifies the user
which is to use SNMPv3 interfaces to the system. user_name must
be an alphanumeric string of 1 through 31 characters.
engine id
The SNMP engine ID. id must
be an alphanumeric string of 1 through 31characters.
group grp_name
Default: undefined
(not a member of any group)
Specifies the user
SNMPv3 group the into which user will be added. grp_name must
be an alphanumeric string of 1 to 1023 characters.
security-model model auth
Default: USM
Specifies the security
model used to authenticate the user.
model must
be configured to the following:
[ encrypted ] password password
Default: undefined
Specifies the password
for authenticating the user when the security model is set to User-based
Security Model (USM).
The encrypted keyword
indicates the password will be received in an encrypted form. password must
be an alphanumeric string of 8 through 31 characters.
The encrypted keyword
is intended only for use by the chassis while saving configuration
scripts. The system displays the encrypted keyword
in the configuration file as a flag that the variable following
the password keyword
is the encrypted version of the plain text password. Only the encrypted
password is saved as part of the configuration file.
Usage:
Add and remove SNMPv3
users as operations staff or automated systems are updated. The security
model will be user dependant based upon the support the users system
provides.
IMPORTANT:
The system can send
either SNMPv1, SNMPv2c, or SNMPv3 traps to numerous target devices.
However, the Web Element Manager can only process SNMP version 1
(SNMPv1) and SNMP version 2c (SNMPv2c) traps. If the SNMP target
being configured is Web Element Manager application, then you must
not configure this command to use.
Example:
snmp user user1
snmp user user1 security-model
2c auth
snmp user user1 group
user1 group sampleGroup security-model usm auth
no snmp user user1
ss7-routing-domain
This command creates
an SS7 routing domain instance and enters the SS7 Routing Domain
Configuration mode.
Privilege:
Security Administrator,
Administrator
Syntax
ss7-routing-domain rd_id variant v_type [ -noconfirm ]
no ss7-routing-domain rd_id
no
Removes the specified
SS7 routing domain from the system configuration.
rd_id
Identifies a specific
SS7 routing domain. Once it has been created, it can be accessed
for further configuration and modification by entering the rd_id without entering
the variant.
rd_id must
be an integer from 1 through 12.
variant v_type
Identifies the national
standard to be used for call setup, routing and control, signaling. Select
one of the following:
- ansi: American
National Standards Institute (U.S.A.)
- bici: Broadband
Intercarrier Interface standard
- china: Chinese
standard
- itu: International
Telecommunication Union (ITU-T) Telecommunication Standardization
Sector
- ntt: Japanese
standard
- ttc: Japanese
standard
-noconfirm
Indicates that the
command is to execute without any additional prompt and confirmation from
the user.
Usage:
Use this command to
create an SS7 routing domain configuration instance or to enter
the SS7 routing domain configuration mode to edit the configuration.
A routing domain groups
configuration items to facilitate the management of the SS7 connection
resources for an SGSN service. An Access Gateway supports up to
12 configured SS7 routing domains at one time.
After entering this command,
the prompt appears as:
[context_name]<hostname>(config-ss7-routing-domain-routing_domain_id)#
For details about
the commands and parameters used to define or edit an SS7 routing domain,
refer SS7 Routing Domain
Configuration Mode chapter.
Example:
The following creates
an SS7 routing domain with an index of
1 and the
variant selection of Broadcast Intercarrier Interface (
bici):
ss7-routing-domain
1 variant bici
The
following command creates an SS7 routing domain instance with an
index of
2 and
the variant selection of Broadcast Intercarrier Interface (
bici) to be
associated with HNB RN-PLMN in an HNB access network:
ss7-routing-domain
1 variant bici
suspend local-user
Suspends a local-user
administrative account.
Syntax
[ no ] suspend
local-user name
no
Removes the suspended
status for the specified local-user account.
name
The name of the local-user
account expressed as an alphanumeric string of 3 through 16 characters
that is case sensitive.
Usage:
This command allows
a security administrator to suspend local-user administrative accounts.
A “suspended” user
cannot login to the system. The user’s account information (passwords,
password history, etc.), however, is preserved.
Example:
The following command
suspends a local-user account called
Inspector1:
suspend local-user Inspector1
The following command
removes the suspension from a local-user account called
Admin300:
no suspend local-user Admin300
system
Configures system
information which is accessible via SNMP.
Privilege:
Security Administrator,
Administrator
Syntax
system { carrier-id
mcc mcc_id mnc mnc_id | contact who | description string | hostname host_name | location text | serial-number ser_number | sysdesc-sysoid-style
[ default | new ] }
default system { contact | location }
default
Removes the configured system contact and system location form
the system.
carrier-id mcc mcc_id mnc mnc_id
IMPORTANT:
This carrier ID is
not used by the GGSN.
Specifies a carrier-id
that is a unique identifier for the carrier that has installed the
system. When the carrier ID values are set, the carrier-id and gmt_offset
attributes are included in access-request and accounting packets
when using the following RADIUS dictionaries:
- 3gpp2
- 3gpp2-835
- starent
- starent-835
- starent-vsa1
- starent-vsa1-835
- custom9
mcc mcc_id:
The mobile country code. This must be specified as a 3-digit string
from 001 through 999.
mnc mnc_id:
The mobile network code. This must be specified as a 2- or 3-digit
string from 01 through 999.
contact who
Default: No contact
specified.
contact who: specifies
the contact information for the chassis. who must
be an alphanumeric string of 0 through 255 characters. The string
must be embedded in double quotes (“) if spaces and special
punctuation is to be used.
description string
Allows a user to describe
the system for identification purposes. The system description can be
comprised of a mix of alphanumeric characters, as follows:
- %version% -
software version.
- %build% -
software build number
- %chassis% -
chassis type (ST16, ASR 5000, or ASR 5500)
- %staros% -
OS type
- %hostname% -
system name
- %release% -
release number
- %kerver% -
kernel version
- %machine% -
machine hardware name
- string - an
alphanumeric string of 1 through 255 characters.
hostname host_name
hostname host_name: configures
the chassis host name where host_name must
be an alphanumeric string of 1 through 63 characters.
IMPORTANT:
Please note that changing
the chassis host name results in the command prompt changing as well
to reflect the new name. This may affect any previously scripted
interfaces from an OSS or maintenance facility.
location text
Default: No location
specified.
location text: specifies
the system location expressed as an alphanumeric string of 0 through
255 characters. The text specified must be embedded in double quotes
(“) if spaces are to be used.
Default: None.
Specifies a system
identifier as an alphanumeric string of 1 through 11 characters.
sysdesc-sysoid-style [ default | new ]
Allows the user to select
the SNMP return for the objects sysDescr and sysOId.
- default -
SNMP returns old style system description and old style system OID
string.
- new - SNMP
returns Cisco style system description and Cisco style OID string.
Usage:
Specify system basic
information which is useful back at a network operations center which
uses the SNMP interfaces for management.
Example:
The following commands
configure the contact information, system host name, and location text,
or remove configured location and system respectively.
system contact user1@company.com
system hostname system16
system location “Clark
Street Closet\nBasement Rack 4”
The following commands
remove the configured contact and location from system respectively
default system contact
default system location