Global Configuration Mode Commands (L - S)

This section includes the commands license through system.

The Global Configuration Mode is used to configure basic system-wide parameters.

IMPORTANT:

The commands or keywords/variables that are available are dependent on platform type, product version, and installed license(s).

license

Configures the session license key.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
license key key_value [ -force ] session-limitno license key key_value [ -force ] session-limit
no

Removes the license key(s) installed.

key key_value

Installs the license key specified by key_value. key_value is provided by Cisco operations staff.

session-limit

Use this keyword to suppress fail-over calls from being rejected if the licensed threshold is crossed.

IMPORTANT:

This is a customer-specific command that is available for HA, PDSN, EHA, and PDIF. Please contact your local Cisco sales representative for more information.

-force

Sets the license key even if resources are not available. The system supports the dynamic resizing of demultiplexor software tasks based on the licensed session capacity and feature type. When installing a license, the system automatically attempts to resize currently functioning tasks. Warning messages are displayed if there is an issue. Though its use is not recommended, the -force keyword can be used to suppress these warning messages.

CAUTION:

Use of this option is not recommended.


Usage:

Install or update system session keys when necessary due to expiration and/or capacity needs.


Example:
license key sampleKeyValue
no license key
line

Enters the terminal display line configuration mode.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
line

Usage:

Change the terminal display configuration based upon the users own terminal characteristics.

link-aggregation

Configures system MAC address and priority for Link Aggregation. These parameters are usually changed to match the feature requirements of the remote Ethernet switch.

Platform:

ASR 5000

Product:

WiMAX, PDSN, HA, FA, GGSN, SGSN


Privilege:

Security Administrator, Administrator


Syntax
link-aggregation { system-mac { MAC_address | auto } | system-priority priority } [-noconfirm ]
{ default | no } link-aggregation { system-mac | system-priority
 } [-noconfirm ]
default

Resets the configuration to the default.

system-mac { MAC_address | auto }

Sets the system MAC address used along with the system priority to form the system ID.

MAC_address is manually entered as six groups of two hexadecimal digits separated by hyphens (for example, 01-23-45-67-89-ab).

Auto is the default and is the MAC address of the LAG master port.

system-priority priority

This command sets the system priority used by Link Aggregation Control Protocol (LACP) to form the system ID.

priority is a hexadecimal value from 0x0000 through 0xFFFF. Default is 0x8000 (32768).

-noconfirm

Executes the command without additional prompting for command confirmation.


Usage:

The system MAC address (6 bytes) and system priority (2 bytes) combine to form the system ID. A system consists of a packet processing card and its associated QGLC or XGLC traffic ports. The highest system ID priority (the lowest number) handles dynamic changes.

For additional usage and configuration information for the link aggregation feature, refer to the System Administration Guide.

IMPORTANT:

Not supported on all platforms


Example:
The following command configures the link aggregation system-priority to 10640 (0x2990):
link-aggregation system-priority 0x2990
local-policy-service

This command enables creating, configuring, or deleting a local QoS policy.

Platform:

ASR 5000

Product:

P-GW


Privilege:

Security Administrator, Administrator


Syntax
local-policy-service name [ -noconfirm ]no local-policy-service name
no

Deletes the specified local QoS policy service from the system.

name

Specifies name of the local QoS policy service as an alphanumeric string of 1 through 63 characters.

IMPORTANT:

The name must be unique across all contexts.

If the named local QoS policy service does not exist, it is created, and the CLI mode changes to the Local Policy Service Configuration Mode wherein the local QoS policy service can be configured.

If the named local QoS policy service already exists, the CLI mode changes to the Local Policy Service Configuration Mode for that local QoS policy service.

-noconfirm

Specifies that the command must execute without prompting for confirmation.


Usage:

Use this command to specify a local QoS policy service name to allow configuration of a local QoS policy service.

IMPORTANT:

This feature is license dependent. Please contact your local sales representative for more information.

A local QoS policy service can be used to control different aspects of a session, such as QoS, data usage, subscription profiles, or server usage, by means of locally defined policies.

Local QoS policies are triggered when certain events occur and the associated conditions are satisfied. For example, when a new call is initiated, the QoS to be applied for the call could be decided based on the IMSI, MSISDN, and APN.

IMPORTANT:

A maximum of 16 local QoS policy services are supported.

Entering this command results in the following prompt:

[context_name]hostname(config-local-policy-service)#

Local Policy Service Configuration Mode commands are defined in the Local Policy Service Configuration Mode Commands chapter.


Example:
The following command creates a local QoS policy service named lctest and enters the Local Policy Service Configuration Mode:
local-policy-service lctest
local-user allow-aaa-authentication

Enables or disables the use of administrative accounts other than local-user administrative accounts.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
[ default | no ] local-user
allow-aaa-authentication
default

Returns this parameter to its default setting of enabled.

no

Disables administrative user accounts other than local-user accounts.


Usage:

Local-user administrative accounts are separate from other administrative user accounts configured at the context level (Security Administrator, Administrator, Operator, and Inspector).

Context-level administrative users rely on the system’s AAA subsystems for validating user names and passwords during login. This is true for both administrative user accounts configured locally through a configuration file or on an external RADIUS server.

Since the T1.276-2003 password security mechanisms are supported only for local-user administrative accounts and not for the AAA-based administrative accounts, this command provides a mechanism for disabling AAA-based administrative accounts.

By default, AAA-based administrative accounts are allowed.


Example:
The following command forces the system to authenticate local-user accounts based only on the information in the security account file on its CompactFlash:
no local-user allow-aaa-authentication
local-user lockout-time

Configures the lockout period for local-user administrative accounts.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
local-user lockout-time timedefault local-user
lockout-time
default

Restores the parameter to its default setting.

time

Default: 60

Specifies the amount of time (in minutes) that must elapse before a previously locked-out local-user account can attempt to login again. time is an integer from 1 through 10080.


Usage:

Local-user administrative accounts can become locked for reasons such as exceeding the configured maximum number of login failures.

Once an account is locked, this parameter specifies the lockout duration. Once the amount of time configured by this parameter has elapsed, the local-user can once again attempt to login.


Example:
The following command configures a lockout time of 120 minutes (2 hours):
local-user lockout-time 120
local-user max-failed-logins

Configures the maximum number of failed login attempts a local-user can have before their account is locked out.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
local-user max-failed-logins number[ default | no ] local-user
max-failed-logins
no

Disables this functionality.

default

Restores this parameter to its default setting.

number

Default: 5

Specifies the maximum number of times a local-user could experience a login failure before their account is locked out. number is an integer from 2 through 100.


Usage:

This command configures the maximum number of failed login attempts a local-user can have before their account is locked out. For example if, this parameter is configured to “3” then after the third failed login attempt, the account would be locked.

IMPORTANT:

Local-user accounts can be configured to either enforce or reject a lockout due to the maximum number of failed login being reached. Refer to the local-user username command for more information.

Refer to the local-user lockout-time command for more information.


Example:
The following command configures a maximum of three login attempts:
local-user max-failed-logins 3
local-user password

Configures local-user administrative account password properties.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
local-user password { [ complexity { ansi-t1.276-2003 | 
none } ] [ history length number [ duration days ] ] [ max-age days ] [ min-change-char number ] [ min-change-interval days ] [ min-length number ] }no local-user password { [ history ] [ max-age ]  [ min-change-interval ] }default local-user
password { [ complexity ] [ history ]  [ max-age ] [ min-change-char ] [ min-change-interval ]  [ min-length ] }
no

Disables the specified parameter.

default

Restores the specified parameter to its default setting.

[ complexity { ansi-t1.276-2003 | none } ]

Default: ansi-t1.276-2003

Specifies the password strength as one of the following:
  • ansi-t1.276-2003: If this option is selected, the following rules are enforced:
  • Passwords may not contain the username or the reverse of the username
  • Passwords may contain no more than three of the same characters used consecutively
  • Passwords must contain at least three of the following: uppercase alpha character lowercase alpha character numeric character special character
  • none: No additional password checks are performed.
[ history length number [ duration days ] ]

Default: length is 5

Specifies the number of previous password entries kept in the history list maintained by the system. A password cannot be reused if it is one of the entries kept in the history list unless the time it was last used was more than the number of days specified by the duration keyword.

If the duration keyword is not used, the only check performed by the system is that it is not in the history list.

number is the number of entries for each account stored in the history list entered as an integer from 1 through 100. days is the number of days during which a password can not be reused entered an integer from 1 through 365.

[ max-age days ]

Default: 90

Specifies the maximum age for a password. Users logging in with a password older than the specified limit are locked out. Once the lockout period expires, at their next login attempt, they are prompted to change their password before accessing the CLI.

IMPORTANT:

Local-user accounts can be configured to either enforce or reject a lockout due to a password’s maximum age being reached. Refer to the local-user username command for more information.

days is the number of days that passwords remain valid entered as an integer from 1 through 365.

[ min-change-char number ]

Default: 2

Specifies the minimum number of characters that must be changed (in comparison to the current password) when a user changes their password.

IMPORTANT:

Changes in password length are counted as “character” changes. For example: changing a password from “password” to “passwo” is a 2-character change, changing a password from “password” to “password2” is a 1-character change, and changing a password from “password” to “apassword” is a 9-character change.

number is the number of characters entered as an integer from 0 through 16.

[ min-change-interval days ]

Default: 1

Specifies the frequency that passwords can be changed (other than first login).

days is the minimum number of days that must pass before a user can change their password. It is an integer from 1 through 365.

IMPORTANT:

If the no local-user password min-change-interval command is used, users may change their password as often as desired which could allow them to circumvent the password history function.

[ min-length number ]

Default: 8

Specifies the minimum length allowed for user-defined password.

number is the minimum number of alphanumeric characters that the password must contain, entered as an integer from 3 through 32.


Usage:

This command is used to set the property requirements for user-defined passwords and system behavior in relation to those passwords.

Information pertaining to user passwords, login failures, and password history are stored on the packet processing cards and in the software’s Shared Configuration Task (SCT).

The system uses the information in the SCT for runtime operations such as determining password ages and determining if new passwords meet the criteria specified by this command.


Example:
The following command configures a minimum password length requirement of 6 characters:
local-user password
min-length 6
The following command configures the system to store the 4 most recently used passwords per user-account in the history list:
local-user password
history length 4
local-user username

Adds or removes local-user administrative accounts.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
local-user username name [ authorization-level
 { administrator | inspector | operator | security-admin } ]  [ ecs | noecs ] [ ftp | noftp ] [ timeout-min-absolute time ] [ timeoute-min-idle time ] [ no-lockout-login-failure ]  [ no-lockout-password-aging ] password passwordno local-user username name
no

Removes a previously configured user.

name

Specifies the name of the user as an alphanumeric string of 3 through 16 characters that is case sensitive.

[ authorization-level { administrator | inspector | operator | security-admin } ]

Default: Operator

Configures the authorization level for the user as one of the following:
  • administrator: Administrator users have read-write privileges and can execute any command throughout the CLI except for a few security functions allowed only in the administrator mode. Administrators can configure or modify the system and are able to execute all system commands, including those available to the operator and inspector user. This level corresponds to the both the System Administrator and Application Administrator levels in the T1.276-2003.
  • inspector: Inspector users are limited to a small number of read-only Exec Modecommands.The bulk of these are “show” commands giving the inspector the ability to view a variety of statistics and conditions. The Inspector cannot execute show configuration commands and do not have the privilege to enter the Config Mode.
  • operator: Operator users have read-only privileges to a larger subset of the Exec Mode commands as depicted in the following figure. Operator users can execute all commands that are part of the inspector mode, plus some system monitoring, statistical, and fault management functions. Operators do not have the ability to enter the Config Mode.
  • security-admin: Security Administrator users have read-write privileges and can execute any command throughout the CLI. Security Administrators can execute all system commands, including those available to the administrator, operator, and inspector users. This level corresponds to both the System Security Administrator and Application Security Administrator levels in T1.276-2003.
[ ecs | noecs ]
Specifies whether or not the user has access to Active Charging Service configuration parameters.
  • ecs: The user has access.
  • noecs: The user does not have access.

Default: ecs

[ ftp | noftp ]

Default: ftp

Specifies whether or not the user is allowed to access the system via the File Transfer Protocol (FTP) and/or the Secure File Transfer Protocol (SFTP).
  • ftp: The user has access.
  • noftp: The user does not have access.
[ timeout-min-absolute time ]

Default: 0

Specifics the maximum session time (in minutes) for this user. time is an integer from 0 through 525600. A value of “0” indicates no limit.

IMPORTANT:

This limit applies only to the user’s CLI sessions.

[ timeout-min-idle time ]

Default: 0

Specifics the maximum idle time (in minutes) for this user. time is an integer from 0 through 525600. A value of “0” indicates no limit.

IMPORTANT:

This limit applies only to the user’s CLI sessions.

[ no-lockout-login-failure ]

Default: Disabled

Specifies that this user will never be locked out due to login attempt failures.

[ no-lockout-password-aging ]

Default: Disabled

Specifies that this user will never be locked out due to the age of their password.

password password

Specifies the initial password for this user. password must an alphanumeric string of 6 through 32 characters that is case sensitive.

IMPORTANT:

The user is requested to change their password upon their first login.


Usage:

The ability to configure administrative local-users is provided in support of the login security mechanisms specified in ANSI T1.276-2003.

Like administrative users configured at the context level, local-users can be assigned one of 4 security levels:

Local-User Level User Context Level User

Security Administrator

Administrator

Administrator

Config-Administrator

Operator

Operator

Inspector

Inspector



Local-user configuration support is handled differently from that provided for administrative users configured at the context level.

Context-level administrative users rely on the system’s AAA subsystems for validating user names and passwords during login. This is true for both administrative user accounts configured locally through a configuration file or on an external RADIUS server. Passwords for these user types are assigned once and are accessible in the configuration file.

Local-user account information (passwords, password history, lockout states, etc.) is maintained in non-volatile memory and in the software’s Shared Configuration Task (SCT). This information is maintained in a separate file – not in configuration files used by the system. As such, the configured local-user accounts are not visible with the rest of the system configuration.

Local-user and context-level administrative accounts can be used in parallel.


Example:
The following command configures a security-administrator level local-user administrative account for a user named User672 that has FTP privileges, a temporary password of abc123, and that does not lockout due to either login attempt failures or password aging:
local-user username
User672 authorization-level security-admin ftp no-lockout-login-failure
no-lockout-password-aging password abc123
The following command deletes a previously configured local-user administrative account called admin32:
no local-user username admin32
logging console

Enables the output of logged events to be displayed on the console terminal.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
[ no ] logging console
no

Disables the output of events to the console port.


Usage:

Log console output to allow for offline review during system monitoring and/or trouble shooting.

logging disable

Enables/disables the logging of the specified event ID or range of IDs.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
logging disable eventid id [ to to_id ]no logging disable
eventid id [ to to_id ]
no

Indicates the event IDs specified are to be enabled for logging.

eventid id

Specifies the event for which no logging is to occur. id must be a integer from 1 through 100000.

to to_id

Specifies the end ID of the events when a range of event ID is to be disabled from being logged. to_id must be an integer from 1 through 100000. The to_id must be equal to or larger than the id specified.


Usage:

Disable common events which may occur with a normal frequency are not of interest in monitoring the system for troubles.


Example:
The following commands disables the logging of event ID 4580 and the range of events from 4500 through 4599, respectively.
logging disable eventid
4580 4580
logging disable eventid
4500 to 4599 
The following enables the subset of disabled event IDs:
no logging disable
eventid 4500 to 4549
logging display

Configures the level of detail for information to be logged.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
logging display event-verbosity evt_level ] [ pdu-data format ] [ pdu-verbosity pdu_level ]
event-verbosity evt_level
Specifies the level of verboseness to use in logging of events as one of:
  • min
  • concise
  • full
pdu-data format
Specifies output format for packet data units when logged as one of:
  • none: outputs in raw format
  • hex; displays out in hexadecimal format
  • hex-ascii; displays output in hexadecimal and ASCII similar to a main-frame dump
pdu-verbosity pdu_level

Specifies the level of verboseness to use in logging of packet data units as an integer from 1 through 5, where 5 is the most detailed.


Usage:

Tune the level of information to be logged so as to avoid flooding a log file with information which is not useful or critical.


Example:
The following sets the logging display for events to the maximum.
logging display event-verbosity
full 
The following command sets the logging display level of detail for packet data units to level 3 and sets the output format to the main-frame style hex-ascii:
logging display pdu-data
hex-ascii pdu-verbosity 3
logging filter

Configures the logging of events to be performed in real time for the specified facility.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
logging filter runtime
facility facility level report_level  [ critical-info | no-critical-info ]
facility facility

Specifies the facility to modify the filtering of logged information. The following list displays the valid facilities for this command:

  • a10: A10 interface facility
  • a11: A11 interface facility
  • a11mgr: A11 Manager facility
  • aaa-client: Authentication, Authorization and Accounting (AAA) client facility
  • aaamgr: AAA manager logging facility
  • aaaproxy: AAA Proxy facility
  • aal2: ATM Adaptation Layer 2 (AAL2) protocol logging facility
  • acl-log: Access Control List (ACL) logging facility
  • acsctrl: Active Charging Service (ACS) Controller facility
  • acsmgr: ACS Manager facility
  • alarmctrl: Alarm Controller facility
  • alcap: Access Link Control Application Part (ALCAP) protocol logging facility
  • alcapmgr: ALCAP manager logging facility
  • all: All facilities
  • asngwmgr: Access Service Network (ASN) Gateway Manager facility
  • asnpcmgr: ASN Paging Controller Manager facility
  • bfd: Bidirectional Forwarding Detection (BFD) protocol logging facility
  • bgp: Border Gateway Protocol (BGP) facility
  • bssap+: Base Station Sub-system Application Part+ protocol facility for the login interface between the SGSN and the MSC/VLR (2.5G and 3G)
  • bssgp: Base Station Sub-system GPRS Protocol logging facility handles exchange information between the SGSN and the BSS (2.5G only)
  • callhome: Call Home application logging facility
  • cap: CAMEL Application Part (CAP) logging facility for protocol used in prepaid applications (2.5G and 3G)
  • cli: Command Line Interface (CLI) logging facility
  • credit-control: Credit Control (CC) facility
  • cscf: IMS/MMD Call Session Control Function (CSCF)
  • cscfmgr: SIP CSCF Manager facility
  • cscfnpdb: CSCF Number Portability Database (NPDB) logging facility
  • cscfttmgr: SIP CSCF Tunnel and Transport Manager facility
  • csp: Card/Slot/Port controller facility
  • css: Content Service Selection (CSS) facility
  • css-sig: CSS RADIUS Signaling facility
  • cx-diameter: Cx Diameter Messages facility
  • dcardctrl: IPSec Daughter Card Controller logging facility
  • dcardmgr: IPSec Daughter Card Manager logging facility
  • demuxmgr: Demux Manager API facility
  • dgmbmgr: Diameter Gmb Application Manager logging facility
  • dhcp: Dynamic Host Configuration Protocol (DHCP) logging facility
  • dhcpv6: DHCPv6
  • dhost: Distributed Host logging facility
  • diabase: Diabase messages facility
  • diameter: Diameter endpoint logging facility
  • diameter-acct: Diameter Accounting
  • diameter-auth: Diameter Authentication
  • diameter-dns: Diameter DNS subsystem
  • diameter-ecs: ACS Diameter signaling facility
  • diameter-hdd: Diameter Horizontal Directional Drilling (HDD) Interface facility
  • diameter-svc: Diameter Service
  • diamproxy: DiamProxy logging facility
  • dpath: IPSec Data Path facility
  • drvctrl: Driver Controller facility
  • eap-ipsec: Extensible Authentication Protocol (EAP) IPSec facility
  • eap-sta-s6a-s13-s6b-diameter: EAP/STA/S6A/S13/S6B Diameter messages facility
  • ecs-css: ACSMGR <-> Session Manager Signalling Interface facility
  • egtpc: eGTP-C logging facility
  • egtpmgr: enhanced GPRS Tunneling Protocol (eGTP) manager logging facility
  • egtpu: eGTP-U logging facility
  • epdg: evolved Packet Data (ePDG) gateway logging facility
  • evlog: Event log facility
  • famgr: Foreign Agent manager logging facility
  • firewall: Firewall logging facility
  • fng: Femto Network Gateway (FNG) logging facility
  • gmm: For 2.5G: Logs the GPRS Mobility Management (GMM) layer (above LLC layer) For 3G: Logs the access application layer (above the RANAP layer)
  • gprs-app: GPRS Application logging facility
  • gprs-ns: GPRS Network Service Protocol (layer between SGSN and the BSS) logging facility
  • gq-rx-tx-diameter: Gq/Rx/Tx Diameter messages facility
  • gss-gcdr: GTPP Storage Server GCDR facility
  • gtpc: GTP-C protocol logging facility
  • gtpcmgr: GTP-C protocol manager logging facility
  • gtpp: GTP-prime protocol logging facility
  • gtpu: GTP-U protocol logging facility
  • gtpumgr: GTP-U Demux manager
  • gx-ty-diameter: Gx/Ty Diameter messages facility
  • gy-diameter: Gy Diameter messages facility
  • hamgr: Home Agent manager logging facility
  • hat: High Availability Task (HAT) process facility
  • hdctrl: HD Controller logging facility
  • hnb-gw: HNB-GW (3G Femto GW) logging facility
  • hnbmgr: HNB-GW Demux Manager logging facility
  • hss-peer-service: Home Subscriber Server (HSS) Peer Service facility
  • igmp: Internet Group Management Protocol (IGMP)
  • ikev2: Internet Key Exchange version 2 (IKEv2)
  • ims-authorizatn: IP Multimedia Subsystem (IMS) Authorization Service facility
  • ims-sh: HSS Diameter Sh Interface Service facility
  • imsimgr: SGSN IMSI Manager facility
  • imsue: IMS User Equipment (IMSUE) facility
  • ip-arp: IP Address Resolution Protocol facility
  • ip-interface: IP interface facility
  • ip-route: IP route facility
  • ipms: Intelligent Packet Monitoring System (IPMS) logging facility
  • ipsec: IP Security logging facility
  • ipsg: IP Service Gateway interface logging facility
  • ipsgmgr: IP Services Gateway facility
  • ipsp: IP Pool Sharing Protocol logging facility
  • kvstore: Key/Value Store (KVSTORE) Store facility
  • l2tp-control: Layer 2 Tunneling Precool (L2TP) control logging facility
  • l2tp-data: L2TP data logging facility
  • l2tpdemux: L2TP Demux Manager logging facility
  • l2tpmgr: L2TP Manager logging facility
  • lagmgr: Link Aggregation Group (LAG) manager logging facility
  • li: Refer to the Lawful Intercept Interface Reference for a description of this command.
  • linkmgr: SGSN/BSS SS7 Link Manager logging facility (2.5G only)
  • llc: Logical Link Control (LLC) Protocol logging facility; for SGSN: logs the LLC layer between the GMM and the BSSGP layers for logical links between the MS and the SGSN
  • local-policy: Local Policy Service facility
  • location-service: Location Services facility
  • m3ua: M3UA Protocol logging facility
  • magmgr: Mobile Access Gateway manager logging facility
  • map: Mobile Application Part (MAP) protocol logging facility
  • megadiammgr: MegaDiameter Manager (SLF Service) logging facility
  • mme-app: Mobility Management Entity (MME) Application logging facility
  • mme-misc: MME miscellaneous logging facility
  • mmedemux: MME Demux Manager logging facility
  • mmemgr: MME Manager facility
  • mmgr: Master Manager logging facility
  • mobile-ip: Mobile IP processes
  • mobile-ip-data: Mobile IP data facility
  • mobile-ipv6: Mobile IPv6 logging facility
  • mpls: Multiprotocol Label Switching (MPLS) protocol logging facility
  • mtp2: Message Transfer Part 2 (MTP2) Service logging facility
  • mtp3: Message Transfer Part 3 (MTP3) Protocol logging facility
  • multicast-proxy: Multicast Proxy logging facility
  • npuctrl: Network Processor Unit Control facility
  • npumgr: Network Processor Unit Manager facility
  • npumgr-acl: NPUMGR ACL logging facility
  • npumgr-flow: NPUMGR FLOW logging facility
  • npumgr-fwd: NPUMGR FWD logging facility
  • npumgr-init: NPUMGR INIT logging facility
  • npumgr-port: NPUMGR PORT logging facility
  • npumgr-recovery: NPUMGR RECOVERY logging facility
  • ntfy-intf: Notification Interface logging facility [Release 12.0 and earlier versions only]
  • ogw-app: Offload Gateway (OGW) application logging facility [Release 12.0 and earlier versions only]
  • ogw-gtpc: OGW GTP-C application logging facility [Release 12.0 and earlier versions only]
  • ogw-gtpu: OGW GTP-U application logging facility [Release 12.0 and earlier versions only]
  • ogwmgr: OGW Demux Manager logging facility [Release 12.0 and earlier versions only]
  • orbs: Object Request Broker System logging facility
  • ospf: OSPF protocol logging facility
  • ospfv3: OSPFv3 protocol logging facility
  • p2p: Peer-to-Peer Detection logging facility
  • pdg: Packet Data Gateway (PDG) logging facility
  • pdgdmgr: PDG Demux Manager logging facility
  • pdif: Packet Data Interworking Function (PDIF) logging facility
  • pgw: Packet Data Network Gateway (PGW) logging facility
  • phs: Payload Header Suppression (PHS)
  • phs-control: PHS X1/X5 and X2/X6 Interface logging facility
  • phs-data: PHS Data logging facility
  • phs-eapol: PHS EAP over LAN (EAPOL) logging facility
  • phsgwmgr: PHS Gateway Manager facility
  • phspcmgr: PHS Paging Controller Manager facility
  • pmm-app: Packet Mobility Management (PMM) application logging facility
  • ppp: Point-To-Point Protocol (PPP) link and packet facilities
  • pppoe: PPP over Ethernet logging facility
  • push: VPNMGR CDR push logging facility
  • radius-acct: RADIUS accounting logging facility
  • radius-auth: RADIUS authentication logging facility
  • radius-coa: RADIUS change of authorization and radius disconnect
  • ranap: Radio Access Network Application Part (RANAP) Protocol facility logging info flow between SGSN and RNS (3G)
  • rct: Recovery Control Task logging facility
  • rdt: Redirect Task logging facility
  • resmgr: Resource Manager logging facility
  • rf-diameter: Diameter Rf interface messages facility
  • rip: Routing Information Protocol (RIP) logging facility [RIP is not supported at this time.]
  • rohc: Robust Header Compression (RoHC) facility
  • rsvp: Reservation Protocol logging facility
  • rua: RANAP User Adaptation (RUA) [3G Femto GW - RUA messages] logging facility
  • s1ap: S1 Application Protocol (S1AP) Protocol logging facility
  • sccp: Signalling Connection Control Part (SCCP) Protocol logging (connection-oriented messages between RANAP and TCAP layers).
  • sct: Shared Configuration Task logging facility
  • sctp: Stream Control Transmission Protocol (SCTP) Protocol logging facility
  • sessctrl: Session Controller logging facility
  • sessmgr: Session Manager logging facility
  • sesstrc: session trace logging facility
  • sft: Switch Fabric Task logging facility
  • sgs: SGs interface protocol logging facility
  • sgsn-app: SGSN-APP logging various SGSN “glue” interfaces (for example, between PMM, MAP, GPRS-FSM, SMS).
  • sgsn-failures: SGSN call failures (attach/activate rejects) logging facility (2.5G)
  • sgsn-gtpc: SGSN GTP-C Protocol logging control messages between the SGSN and the GGSN
  • sgsn-gtpu: SGSN GTP-U Protocol logging user data messages between the SGSN and GGSN
  • sgsn-mbms-bearer: SGSN Multimedia Broadcast/Multicast Service (MBMS) Bearer app (SMGR) logging facility
  • sgsn-misc: Used by stack manager to log binding and removing between layers
  • sgsn-system: SGSN System Components logging facility (used infrequently)
  • sgsn-test: SGSN Tests logging facility; used infrequently
  • sgtpcmgr: SGSN GTP-C Manager logging information exchange through SGTPC and the GGSN
  • sgw: Serving Gateway facility
  • sh-diameter: Sh Diameter messages facility
  • sitmain: System Initialization Task main logging facility
  • sm-app: SM Protocol logging facility
  • sms: Short Message Service (SMS) logging messages between the MS and the SMSC
  • sndcp: Sub Network Dependent Convergence Protocol (SNDCP) logging facility
  • snmp: SNMP logging facility
  • srdb: Static Rating Database
  • srp: Service Redundancy Protocol (SRP) logging facility
  • sscfnni: SSCFNNI Protocol logging facility
  • sscop: SSCOP Protocol logging facility
  • ssh-ipsec: SSH IP Security logging facility
  • ssl: Secure Socket Layer (SSL) message logging facility
  • stat: Statistics logging facility
  • system: System logging facility
  • tacacsplus: TACACS+ Protocol logging facility
  • tcap: TCAP Protocol logging facility
  • testctrl: Test Controller logging facility
  • testmgr: Test Manager logging facility
  • threshold: threshold logging facility
  • ttg: Tunnel Termination Gateway (TTG) logging facility
  • tucl: TCP/UDP Convergence Layer (TUCL) logging facility
  • udr: User Data Record (UDR) facility (used with the Charging Service)
  • user-data: User data logging facility
  • user-l3tunnel: User Layer 3 tunnel logging facility
  • usertcp-stack: User TCP Stack
  • vpn: Virtual Private Network logging facility
  • wimax-data: WiMAX DATA
  • wimax-r6: WiMAX R6
level report_level [ critical-info | no-critical-info ]
level report_level: specifies the level of information to be logged, report_level, as one of:
  • critical
  • debug
  • error
  • info
  • trace
  • unusual
  • warning

critical-info | no-critical-info: indicates if critical information is to be displayed or not. The keyword critical-info specifies that events with a category attribute of critical information are to be displayed. Examples of these types of events can be seen at bootup when system processes and tasks are being initiated. The no-critical-info keyword specifies that events with a category attribute of critical information are not to be displayed.


Usage:

This command is useful when it is necessary to get real time output of events. Event output may be cached otherwise which may make it difficult to trouble shoot problems which do not allow the last cache of events to be output prior to system problems.

CAUTION:

Issuing this command could negatively impact system performance depending on system loading, the log level, and/or the type of facility(ies) being logged.


Example:
Set real time output for the point-to-point protocol facility and all facilities, respectively, to avoid logging of excessive information.
logging filter runtime
facility ppp
logging filter runtime
facility all level warning
logging monitor

Enables or disables the monitoring of a specified user.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
[ no ] logging
monitor {ipaddr ip_address | msid ms_id | username user_name}
no

Disables the monitoring of the user specified by the options given.

ipaddr ip_address

Specifies the IP address of the user for which the monitoring filter is to be set. ip_address must entered using IPv4 dotted-decimal notation.

msid ms_id

msid ms_id: specifies the mobile subscriber ID for which the monitoring filter is to be set. ms_id must be from 7 to 16 digits.

This keyword/option can be used to specify the Mobile Subscriber ISDN (MSISDN) for GGSN calls which enables logging based on MSISDN.

username user_name

username user_name: specifies a user for which the monitoring filter is to be set. user_name must refer to a previously configured user.


Usage:

Monitor subscribers which have complaints of service availability or to monitor a test user for system verification.

CAUTION:

Issuing this command could negatively impact system performance depending on the number of subscribers for which monitoring is performed and/or the amount of data they’re passing.


Example:
The following command enables the monitoring of user user1 and mobile subscriber ID 4441235555, respectively.
logging monitor username user1
logging monitor msid 44441235555
The following disables the monitoring of user user1.
no logging monitor
username user1
logging runtime

Enables events to be filtered and logged in real time.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
logging runtime buffer
store {  all-events | filtered-events-only }
buffer store { all-events | filtered-events-only }

Determines which logs are stored in internal logging daemon runtime buffer.

  • all-events: Logging daemon runtime buffer stores all logs that come to it.
  • filtered-events-only: Logging daemon runtime buffer stores only logs that pass the runtime filter.

Usage:

Sets the filtering of logged information to log in real time.


Example:
The following command enables storage of logs that pass the runtime filter:
logging runtime buffer
store filtered-events-only
lte-policy

This command enters the LTE Policy Configuration Mode where LTE policy parameters can be configured.

Platform:

ASR 5000

Product:

MME, S-GW


Privilege:

Administrator


Syntax
lte-policy

Usage:

Enters the LTE Policy Configuration Mode.

Entering this command results in the following prompt:

[context_name]hostname(lte-policy)#

LTE Policy Configuration Mode commands are defined in the LTE Policy Configuration Mode Commands chapter.

mediation-device

This command is obsolete. Even though the CLI accepts the command no function is performed.

Platform:

ASR 5000

Product:

GGSN


Privilege:

Security Administrator, Administrator


Syntax
[ no ] mediation-device
mode { tcs }
network-overload-protection

This command configures an attach rate throttle mechanism to control the number of new connections (attaches or inter-SGSN RAUs), through the SGSN, on a per second basis.

Platform:

ASR 5000

Product:

SGSN


Privilege:

Security Administrator, Administrator


Syntax
network-overload-protection
sgsn-new-connections-per-second #_new_connections action { drop | reject
with cause { congestion | network failure } } [ queue-size
 queue_size ] [ wait-time
 wait_time ]default network-overload-protection
sgsn-new-connections-per-second
default

Using default in the command, disables this attach rate throttle feature that provides network overload protection.

sgsn-new-connections-per-second #_new_connections

Define the number of new connections to be accepted per second.

#_new_connections: Must be an integer from 50 to 5000.

action
Specifies the action to be taken by the SGSN when the attach rate exceeds the configured limit on the number of attaches. Select one of the following actions:
  • drop: Drop the new connection request.
  • reject-with-cause: Reject the new connection request. Include one of the following as the cause in the reject message:
  • congestion
  • network failure
queue-size queue_size

Defines the maximum size of the pacing queue used for buffering the packets. If configured, the queue-size should be greater than or equal to the #_new_connections value and less than or equal to the optimal value (the wait_time * #_new_connections). This validation is done in the CLI.

queue_size Must be an integer from 250 to 25000.

Default: unconfigured. The default value is the #_new_connections * wait-time. This will be the optimal value.

wait-time wait_time

Defines the maximum life-time (number of seconds) of the packets in the queue beyond which the packets are considered to be “stale”.

wait_time Must be an integer from 1 to 15

Default: 5


Usage:

Use this command to configure the rate at which the SGSN must process new connection requests. The rate is the number of new connections to be accepted per second.

With basic network overload protection, the incoming new connection rate is higher than this configured rate. When this occurs, all of the new connection requests cannot be processed. This command can also be used to configure the action to be taken when the rate limit is exceeded. The new connection requests, which cannot be processed, can be either dropped or rejected with a specific reject cause.

The SGSN’s optimized network overload protection performs attach-rate throttling to avoid overloading Gr, Gn and Gf interfaces. This is enabled with queue-size and wait-time keywords so that the IMSIMgr throttles the attach rate to values configured with these keywords.

If the SGSN receives more than the configured number of attaches in a second, then the attaches are buffered in the pacing queue and requests are only dropped when the buffer overflows due to high incoming attach rate. Messages in the queue are processed (FIFO) until they age-out when the queued message's lifetime crosses the configured wait-time. The wait-time and the attach rate decide the optimal size of the queue.

Counters for this feature are available in the show gmm-sm statistics command display in the Network Overload Protection portion of the table.


Example:
Configure the throttle rate or limit to 2500 attaches per second and to drop all requests if the limit is exceeded.
network-overload-protection
sgsn-new-connections-per-second 2500 action drop
Disables the network-overload protection feature and set the default queue size to 1000 and the wait time to 5 seconds:
default network-overload-protection
sgsn-new-connections-per-second
Set the attach rate to 500 per second, the action to drop, the wait time to 5 seconds, and the queue size to be calculated (as follows: wait_time * #_new_connections - i.e., 2500)
network-overload-protection
sgsn-new-connections-per-second 500 action drop wait-time 5
network-service-entity

This command creates a new instance of an SGSN network service entity (NSE) for either the IP environment or the Frame Relay environment.

Platform:

ASR 5000

Product:

SGSN


Privilege:

Security Administrator, Administrator


Syntax
[ no ] network-service-entity
( ip-local | peer-nsei peer_nsei_number frame-relay )
no

Deletes the network service entity definition from the system configuration.

ip-local
Configures the local endpoint for NS/IP and enters the NSE-IP configuration mode. The prompt will change to:
[local]<hostname>(nse-ip-local)#
peer-nsei peer_nsei_number frame-relay
Configures a peer NSE with frame relay connectivity. This set of keywords also provides access to the NSE-FR Configuration mode. The prompt will change to:
[local]<hostname>(nse-fr-peer-nsei-<peer_nsei_number>)#

Usage:

Use this command to access the configuration modes for either the IP or Frame Relay network service entities.


Example:
Enter the NSE for a Frame Relay configuration instance identified as 4554:
network-service-entity
peer-nsei 4554 frame-relay
network-service-entity ip

This command has been deprecated. See the replacement command network-service-entity.

ntp

Enters the Network Time Protocol (NTP) configuration mode or disables the use of NTP on the system.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
[ no ] ntp
no

Disables the use of NTP for clock synchronization. When omitted, NTP client support is enabled on the chassis. By default NTP synchronization to external servers is disabled.

IMPORTANT:

If the use of NTP is disabled the system clock may drift over a period of time. This may require manual updates to the system clock to synchronize the clock with other network elements.


Usage:

Used when it is necessary to enable or configure NTP settings. For additional information refer to the NTP Configuration Mode Commands chapter and the System Administration Guide.


Example:
The following command enters the NTP configuration mode:
ntp
The following disables the use of the network timing protocol for system clock synchronization.
no ntp
operator-policy

This command creates an operator policy and enters the operator policy configuration mode. Commands for configuration of the policies are available in the Operator Policy Configuration Mode Commands chapter.

Platform:

ASR 5000

Product:

MME, SGSN, S-GW


Privilege:

Security Administrator, Administrator


Syntax
operator-policy (
default | name policy_name } [ -noconfirm ]no operator-policy
( default | name policy_name }
-noconfirm

Indicates that the command is to execute without any additional prompt and confirmation from the user.

no

Removes the specified operator policy from the system configuration.

default

default, in this case, is the name of a specific operator policy. This default policy is used when no other defined operator policy matches the incoming IMSI.

IMPORTANT:

You should configure this default operator policy to be it available to handle IMSIs that are not matched with other defined policies.

name policy_name

Specifies the unique name of an operator policy. policy_name is entered as an alphanumeric string of 1 through 64 characters.


Usage:

Use this command to create an operator policy and to enter the operator policy configuration mode to define or modify policies.

An operator policy associates APNs, APN profiles, IMEI ranges, IMEI profiles, an APN remap table and a call-control profile to ranges of IMSIs. These profiles and tables are created and defined within their own configuration modes to generate sets of rules and instructions that can be reused and assigned to multiple policies. In this manner, an operator policy manages the application of rules governing the services, facilities and privileges available to subscribers. These policies can override standard behaviors and provide mechanisms for an operator to get around the limitations of other infrastructure elements such as DNS servers and HLRs.

The system supports up to 1,000 operator policies, including the default operator policy.

IMPORTANT:

An operator policy is the key element of the Operator Policy feature. After defining an instance of an operator policy, you must go to the SGSN Global Configuration Mode (from the Global Configuration mode) to define the IMSI range(s). This requirement does not hold if you are using a default operator policy.

To see what operator policies have already been created, return to the Exec mode and enter the show operator-policy all command.


Example:
The following command accesses the default operator policy and enters the operator policy configuration mode to view or modify the specified policy:
operator-policy default
orbem

Enters the Object Request Broker Element Manager (ORBEM) Configuration mode.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
orbem

Usage:

Set the configuration mode to allow modification of the ORBEM configuration data.

pac-standby-priority

This command has been renamed to card-standby-priority. Please refer to that command for details. Note that for backwards compatibility, the system accepts this command as valid.

port atm

Identifies a physical port on a line card that supports ATM signaling and then enters the configuration mode for the specific interface-type. For the commands to configure the port interface, see the CLI chapter ATM Port Configuration Mode.

Platform:

ASR 5000

Product:

SGSN


Privilege:

Security Administrator, Administrator


Syntax
port atm slot/port
atm

Indicates the port identified is an ATM interface port.

slot/port

To determine valid ATM slot and port numbers, use the Exec mode’s command show port table

slot: Identifies the chassis slot holding the line card that supplies ATM ports. The slot ID number can be an integer from 17 through 48.

port: Identifies the physical port that is to be configured to support ATM signaling. The ID number can be an integer from 1 through 4.


Usage:

Change the current configuration mode to Ethernet Port Configuration mode.

IMPORTANT:

This command is not supported on all platforms.


Example:
The following enters the ATM port configuration mode for ATM port 1 on the card in slot 19:
port atm 19/1
port bits

Enters the Building Integrated Timing Supply (BITS) port configuration mode by identifying the BITS port on the active or standby SPIO.

Platform:

ASR 5000

Product:

SGSN


Privilege:

Security Administrator, Administrator


Syntax
port bits slot/port
bits

Identifies the BITS port.

slot/port

slot: Identifies the chassis slot holding the SPIO. The slot ID can be either 24 (active SPIO) or 25 (standby SPIO).

port: Identifies the BITS port on the SPIO. The port ID number must be 4.


Usage:

Change the current configuration mode to BITS port configuration mode.

IMPORTANT:

This command is not supported on all platforms.


Example:
The following enters the BITS port configuration mode for the active SPIO:
port bits 24/4
port channelized

Identifies a physical port on a Channelized Line Card (CLC) that supports Frame Relay signaling and creates a Frame Relay interface. This command enters the configuration mode for the commands that configure the Frame Relay interface and the channelized port interface. For additional information, see the Channelized Port Configuration Mode Commands chapter.

Platform:

ASR 5000

Product:

SGSN


Privilege:

Security Administrator, Administrator


Syntax
port channelized slot/port
channelized

Selects the channelized frame relay interface for the selected line card and port.

slot/port

To determine valid slots and port numbers, use the Exec mode’s command show port table to find the channelized line card.

slot: Identifies the chassis slot holding the Channelized Line Card that sources Frame Relay ports. The slot ID number can be an integer from 17 through 48.

port: Identifies the physical port that is to be configured to support Frame Relay signaling. The ID number can only be 1.


Usage:

Change the current configuration mode to Channelized Port configuration mode.


Example:
The following enters the Channelized port configuration mode for port 1 on the card in slot 20:
port channelized 20/1
port ethernet

Enters the Ethernet Port Configuration mode for the identified port.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
port ethernet slot/port
ethernet

Indicates the port identified is an Ethernet interface port.

slot/port

Specifies the port for which Ethernet Port Configuration mode is being entered. The slot and port must refer to an installed card and port.


Usage:

Change the current configuration mode to Ethernet Port Configuration mode.


Example:
The following command enters the Ethernet Port Configuration mode for ethernet port 1 in slot 17:
port ethernet 17/1
port mac-address virtual-base-address

This command defines a block of 256 consecutive media access control (MAC) addresses and enables virtual MAC addressing for Ethernet line card ports. Not available for the XT2 platform.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
port mac-address virtual-base-address MAC_Addressno port mac-address
virtual-base-address
no

Disables virtual MAC addressing for Ethernet line card ports. The block of virtual MAC addresses is not saved.

MAC_Address

Specifies the beginning address of a block of 256 MAC addresses that are used for virtual MAC addressing.


Usage:

Use this command to disregard the MAC addresses assigned and stored in card firmware and assign MAC addresses for all Ethernet ports from the specified block of virtual MAC addresses. This command does not affect the MAC addresses on SPIO cards.

There are 65536 MAC addresses (00:05:47:FF:00:00 - 00:05:47:FF:FF:FF) reserved for use by customers. This range allows for the creation of 256 address blocks each containing 256 MAC addresses (for example, 00:05:47:FF:00:00, 00:05:47:FF:01:00, 00:05:47:FF:02:00, 00:05:47:FF:03:00, 00:05:47:FF:04:00, etc.).

CAUTION:

This configuration requires the configuration of a valid block of unique MAC addresses that are not used anywhere else. Use of non-unique MAC addresses can degrade and impair the operation of your network.

IMPORTANT:

This command is not supported on all platforms.


Example:
To enable virtual MAC addressing for Ethernet ports on all Ethernet line cards in the system using a block of MAC addresses starting at 00:05:47:FF:00:00, enter the following command:
port mac-address virtual-base-address 00:05:47:FF:00:00
port rs232

Enters the RS-232 Port Configuration mode for the RS-232 console port on the specified SPIO card. Not available on the XT2 platform.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
port rs232 slot 3
rs232

Indicates the port identified is an RS-232 port on a SPIO card.

slot 3

Specifies the slot of the SPIO for which RS-232 Port Configuration mode is being entered. The slot must refer to an installed SPIO card. The specified port must always be 3 for an RS-232 port.

The value for slot must be either 24 or 25.


Usage:

Change the current configuration mode to RS-232 Port Configuration mode.


Example:
The following command enters the RS-232 Port Configuration mode for the SPIO in slot 24;
port rs232 24 3
profile-id-qci-mapping

Creates a Qos Class-Identifier-Radio Access Network (QCI-RAN) ID mapping table or specifies an existing table and enters the QCI Mapping Configuration mode for the system.

Platform:

ASR 5000

Product:

HSGW


Privilege:

Administrator


Syntax
[ no ] profile-id-qci-mapping name [ -noconfrm ]
no

Removes the specified mapping table from the system

name

Creates a new or enters an existing mapping table configuration. name must be an alphanumeric string of 1 through 63 alphanumeric.

-noconfirm

Indicates that the command is to execute without any additional prompt and confirmation from the user.


Usage:

Enters the QCI-RAN ID mapping configuration mode for an existing table or for a newly defined table. This command is also used to remove an existing table.

Entering this command results in the following prompt:

[context_name]hostname(config-hsgw-association-table)#

QCI Mapping Configuration Mode commands are defined in the QCI Mapping Configuration Mode Commands chapter.

Use this command when configuring the HSGW eHRPD component.

IMPORTANT:

This command creates a mapping table available to any HSGW context configured on the system.


Example:
The following command enters the existing QCI mapping configuration mode (or creates it if it doesn’t already exist) for a mapping table named qci_table1:
profile-id-qci-mapping qci_table1
The following command will remove qci_table1 from the system:
no profile-id-qci-mapping qci_table1
ps-network

This command creates/removes an HNB-PS network configuration instance for Femto UMTS access over Iu-PS/Iu-Flex interface between Home NodeB Gateway (HNB-GW) service and PS networks elements; i.e. SGSN. This command also configures an existing HNB-CS network instance and enters the HNB-CS Network Configuration mode on a system.

Platform:

ASR 5000

Product:

HNB-GW


Privilege:

Administrator


Syntax
[ no ] ps-network ps_instance [ -noconfirm ]
no ps-network ps_instance
no

Removes the specified HNB-PS network instance from the system.

CAUTION:

Removing the HNB-PS network instance is a disruptive operation and it will affect all UEs accessing SGSN(s) in specific PS core network through the HNB-GW service.

DANGER:

If any HNB-PS Network instance is removed from system all parameters configured in that mode will be deleted and Iu-PS/Iu-Flex interface will be disabled.

ps_instance

Specifies the name of the Packet Switched Core Networks instance which needs to be associated with HNB Radio Network PLMN in HNB RN-PLMN configuration mode. If ps_instance does not refer to an existing HNB-PS instance, the new HNB-PS network instance is created.

ps_instance must be an alphanumeric string of 1 through 63 characters.

-noconfirm

Indicates that the command is to execute without any additional prompt and confirmation from the user.


Usage:

Use this command to enter the HNB-PS Network Configuration mode for an existing PS network instance or for a newly defined HNB-PS network instance. This command is also used to remove an existing HNB-PS network instance.

This configuration enables the Iu-PS/Iu-Flex interface on HNB-GW service with CS core network elements; i.e. MSC/VLR.

A maximum of 1 HNB-PS networks instance which is further limited to a maximum of 256 services (regardless of type) can be configured per system.

CAUTION:

This is a critical configuration. The HNBs can not access SGSNs in PS core network without this configuration. Any change to this configuration would lead to disruption in HNB access to PS core network.

Entering this command results in the following prompt:
[context_name]hostname(config-ps-network)#

The various parameters available for configuration of an HNB-PS network instance are defined in the HNB-PS Network Configuration Mode Commands chapter.


Example:
The following command enters the existing HNB-PS Network configuration mode (or creates it if it doesn’t already exist) for the instance named hnb-ps1:
ps-network hnb-ps1
The following command will remove HNB-PS network instance hnb-ps1 from the system without any prompt to user:
no ps-network hnb-ps1
qci-qos-mapping

Global QCI-QoS mapping tables are used to map QoS Class Identifier (QCI) values to appropriate Quality of Service (QoS) parameters.

Platform:

ASR 5000

Product:

HSGW, P-GW, S-GW


Privilege:

Administrator


Syntax
qci-qos-mapping name [ -noconfirm ]
no

Removes the specified mapping configuration from the system

name

Creates a new or enters an existing mapping configuration. name must be an alphanumeric string of 1 through 63 characters.

-noconfirm

Indicates that the command is to execute without any additional prompt and confirmation from the user.


Usage:

Enter the QCI-QoS mapping configuration mode for an existing table or for a newly defined table. This command is also used to remove an existing table.

Entering this command results in the following prompt:

[context_name]hostname(config-qci-qos-mapping)#

QCI - QoS Mapping Configuration Mode commands are defined in the QCI - QoS Mapping Configuration Mode Commands chapter.

Use this command when configuring the following eHRPD component: HSGW, P-GW, S-GW.

IMPORTANT:

This command creates a mapping configuration available to any HSGW, P-GW, S-GW context configured on the system.


Example:
The following command enters the existing QCI - QoS mapping configuration mode (or creates it if it doesn’t already exist) for a mapping configuration named qci-qos3:
qci-qos-mapping qci-qos3
qos npu inter-subscriber traffic bandwidth

Configures NPU QoS bandwidth allocations for the system.

Platform:

ASR 5000

Product:

PDSN, GGSN


Privilege:

Security Administrator, Administrator


Syntax
qos npu inter-subscriber
traffic bandwidth
gold percent silver percent bronze percent best-effort percentno qos npu inter-subscriber
traffic bandwidth
no

Removes a previous bandwidth allocation.

gold percent

Default: 10%

Specifies the maximum percentage of bandwidth to be allocated to the gold queue priority.

percent can be configured to an integer from 0 through 100.

silver percent

Default: 20%

Specifies the maximum percentage of bandwidth to be allocated to the silver queue priority.

percent can be configured to an integer from 0 through 100.

bronze percent

Default: 30%

Specifies the maximum percentage of bandwidth to be allocated to the bronze queue priority.

percent can be configured to an integer from 0 through 100.

best-effort percent

Default: 40%

Specifies the maximum percentage of bandwidth to be allocated to the best-effort queue priority.

percent can be configured to an integer from 0 through 100.


Usage:

The bandwidth of a subscriber queue is maintained by rate limiting functions which implement packet-rate limiting at the first level and bit-rate limiting at the next level.

The packet-rate limit of a queue is defined by the number of packets-per-second (PPS) permitted for queuing. Before queuing a packet on a subscriber queue, the NPU ensures that the packet falls within the limit. If the packet to be queued exceeds the packet rate limit, it is dropped.

Each subscriber queue is configured with a bit rate limit, measured in megabits-per-second (Mbps), referred to as CP-BPS (bit-per-second to CP). The CP-BPS is available as the total bandwidth for the subscriber traffic that a CP can sustain. Each subscriber queue receives an allocation of a certain percentage of the CP-BPS. The following maximum CP-BPS values are supported:
  • Lead CP (CP0) = 128 Mbps
  • Remaining CPs (CP1, CP2, CP3) = 256 Mbps

For additional information on the NPU QoS functionality, refer to the System Administration and Configuration Guide.

IMPORTANT:

This functionality is not supported for use with the PDSN at this time.


Example:
The following command configures bandwidth allocations of 20, 30, 40, and 50% for the gold, silver, bronze, and best-effort queues respectively:
qos npu inter-subscriber
traffic bandwidth gold 20 silver 30 bronze 40 best-effort 50

Upon executing this command, the priority queues will have the following packet processing card CP bandwidth allocations based on the maximum CP bandwidth specifications:

Priority Lead CP (CP 0) Bandwidth (Mbps) CP 1 through CP 3 Bandwidth (Mbps)

Gold

25.6

51.2

Silver

38.4

76.8

Bronze

51.2

102.4

Best-effort

64

128



qos npu inter-subscriber traffic bandwidth-sharing

Configures NPU QoS bandwidth sharing properties for the system.

Platform:

ASR 5000

Product:

PDSN, GGSN


Privilege:

Administrator


Syntax
qos npu inter-subscriber
traffic bandwidth-sharing { { enable | disable } { all | slot slot_num cpu cpu_num } }
enable

Enables bandwidth sharing for the specified criteria.

disable

Disables bandwidth sharing for the specified criteria.

all

Specifies that the bandwidth action is to be applied to all packet processing cards and every CPU on each packet processing card.

slot slot_num

Specifies that the bandwidth action is to be applied to a packet processing card in a specific chassis slot number.

slot_num is the slot in which a packet processing card is installed. These cards can be installed in slots 1 through 8 and 10 through 16 on the ASR 5000, or 1 through 4 and 7 through 10 on the ASR 5500.

cpu cpu_num

Specifies a specific control processor (CP) on a packet processing card for which to perform the bandwidth action.

cpu_num is an integer value from 0 to 3. 0 represents the lead CP.


Usage:

The available bandwidth of a subscriber queue can be shared equally among the other subscriber queues. Any unutilized bandwidth of a queue can be shared with the other queues equally. For example, if only one DSCP is configured and it is mapped to best-effort, that DSCP would get the bandwidth allocated to the best-effort in addition to the rest of the bandwidth allocated to the gold, silver, and bronze.

By default, the system enables sharing for all packet processing cards and their CPs.

For additional information on the NPU QoS functionality, refer to the System Administration Guide.

IMPORTANT:

This functionality is not supported for use with the PDSN at this time.


Example:
The following command disables bandwidth sharing for the fourth CP (CP 3) on a packet processing card installed in chassis slot 3:
qos npu inter-subscriber
traffic bandwidth-sharing disable slot 4 cpu 3
qos npu inter-subscriber traffic priority

Configures the DSCP-to-Priority assignments for the system.

Platform:

ASR 5000

Product:

PDSN, GGSN


Privilege:

Security Administrator, Administrator


Syntax
qos npu inter-subscriber
traffic priority { best-effort | bronze | gold | silver } assigned-to
dscp { af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | be | ef | dscp_num } }no qos npu inter-subscriber
traffic priority [ assigned-to dscp  { af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | be | ef } ]
best-effort

Specifies the best-effort queue priority.

bronze

Specifies the bronze queue priority.

gold

Specifies the gold queue priority.

silver

Specifies the silver queue priority.

afXX

Assigns the Assured Forwarding XX PHB (per-hop behavior) DSCP.

Each Assured Forwarding PHB has a corresponding DSCP value as follows:
  • af11 through af13: DSCP values 5 through 7 respectively
  • af21 through af23: DSCP values 9 through 11 respectively
  • af31 through af33: DSCP values 13 through 15 respectively
  • af41 through af43: DSCP values 17 through 19 respectively
be

Assigns the Best Effort forwarding PHB which has a corresponding DSCP value of 0.

ef

Assigns the Expedited Forwarding PHB which has a corresponding DSCP value of 23.

dscp_num

Specifies a specific DSCP value as an integer from 0 through 31.


Usage:

The differentiated services (DS) field of a packet contains six bits (0-5) that represent the differentiated service code point (DSCP) value.

Five of the bits (1-5) represent the DSCP. Therefore, up to 32 (25) DSCPs can be assigned to the various priorities. By default, they're all assigned to the lowest priority (best-effort).

For additional information on the NPU QoS functionality, refer to the System Administration Guide.

IMPORTANT:

This functionality is not supported for use with the PDSN at this time.


Example:
The following command maps the ef DSCP to the gold priority queue:
qos npu inter-subscriber
traffic priority gold assigned-to dscp ef
ran-peer-map

Creates a Radio Access Network (RAN) Peer Map and enters the RAN Peer Map Configuration Mode.

Platform:

ASR 5000

Product:

ASN-GW, PHS


Privilege:

Administrator


Syntax
[ no ] ran-peer-map name [ -noconfirm ]
no

Removes the RAN Peer Map from the system.

name

Specifies the name of the RAN Peer Map. name must be an alphanumeric string of 1 through 31 characters.


Usage:

Use this command to create a new RAN Peer Map or edit an existing one. RAN peer maps reconcile base station MAC addresses received in R6 protocol messages to the base station’s IP address.

Entering this command results in the following prompt:
[context_name]hostname(config-ran-peer-map)#

RAN Peer Map Configuration Mode commands are defined in the ASN RAN Peer Map Configuration Mode Commands chapter in this guide.


Example:
The following command creates a RAN peer map named ran12:
ran-peer-map ran12
require active-charging

This command enables/disables Active Charging Service (ACS) with or without the Category-based Content Filtering application.

Platform:

ASR 5000

Product:

ACS


Privilege:

Security Administrator, Administrator


Syntax
require active-charging [ isolated-mode ] [ content-filtering
category [ static-and-dynamic ] ] [ optimized-mode ]no require active-charging
no

Disables ACS on the system.

isolated-mode

Enables ACS and separates ACS-related resources from other sub-system resource sharing.

IMPORTANT:

In 8.1 and later releases, this keyword is not supported.

optimized-mode

Enables ACS in Optimized mode, wherein ACS functionality is managed by SessMgrs.

IMPORTANT:

In 8.0 and earlier releases and in 9.0 and later releases, this keyword is not supported.

IMPORTANT:

In Release 8.1, ACS must be configured in the Optimized mode.

IMPORTANT:

In Release 8.1, if the active-charging mode is changed from the default (non-optimized) mode to the Optimized mode, or vice-versa, the system must be rebooted for the change to take effect.

IMPORTANT:

In Release 8.3, this keyword is obsolete. With or without this keyword ACS is always enabled in the Optimized mode.

Use the require active-charging command to enable ACS in the non-optimized mode. Wherein, ACS Managers will spawn to support ACS.

Use the require active-charging optimized-mode command to enable ACS in the Optimized mode. Wherein, ACS is enabled as part of Session Managers.

content-filtering category [ static-and-dynamic ]

Enables the Category-based Content Filtering application with ACS support and creates the necessary Static Rating Database (SRDB) tasks to utilize the internal database of static/dynamic URLs.

For Dynamic Content Filtering support, the static-and-dynamic keyword must be configured to specify that the Dynamic Rater Package (model and feature files) must be distributed to rating modules on startup, recovery, etc. If not configured, by default, the static-only mode is enabled.


Usage:

Use this command to enable/disable ACS with or without Category-based Content Filtering application on the chassis.

IMPORTANT:

This command triggers the resource subsystem to switch to ACS-enabled mode and start ACS-related tasks. This CLI command must be configured before any services are configured, so that the resource subsystem can appropriately reserve adequate memory for the ACS-related tasks. After configuring this command, the configuration must be saved and the system rebooted in order to allocate the resources for ACS upon system startup.

In 8.0 and 8.1 releases, this command must be configured before configuring any services. This is to ensure that the resource subsystem can appropriately reserve adequate memory for ACS Manager tasks. If this command is configured after all the Session Manager tasks are already active, the ACS Manager tasks will not be started even if additional cards are added to the chassis—instead, the chassis must be rebooted.


Example:
In Release 8.0, the following command enables resource subsystem to configure ACS in isolated mode:
require active-charging
isoated-mode
In Release 8.1, the following command enables ACS in Optimized mode:
require active-charging
optimized-mode
In Release 8.3, the following command enables ACS in Optimized mode:
require active-charging
require cipher ssl resource-percentage

Assigns the 8 processing cores on the PSC2 card and splits the hardware acceleration resources between SSL protocol and IPSec protocol processing.

Platform:

ASR 5000

Product:

SCM (P-CSCF, A-BG)


Privilege:

Security Administrator, Administrator


Syntax
require cipher ssl
resource-percentage percentage_valuedefault require cipher
ssl resource-percentage
percentage_value

The system converts the specified resource percentage value to the nearest number of processing cores assigned to SSL processing. The system assigns the remaining processing cores to IPSec processing. This value can be within the range of 0 to 100.

For example, if 20% of the hardware acceleration resources are assigned to SSL processing, the system translates this value to INT((20*8+50)/100) = 2 processing cores assigned to SSL processing, and (8-2) = 6 processing cores assigned to IPSec processing.

default

Sets the default percentage value to 0%, assigning all 8 processing cores to IPSec processing.


Usage:

Use this command to split the 8 processing cores on the PSC2 card between SSL protocol and IPSec protocol processing.


Example:
The following command assigns 20% of the hardware acceleration resources on the PSC2 card (2 processing cores) to SSL processing, and 80% of the hardware acceleration resources (6 processing cores) to IPSec processing:
require cipher ssl
resource-percentage 20
require demux card

This command enables or disables the demux capabilities.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
[ default | no ] require
demux card
default

Disables the demux capabilities on the card.

no

Disables the demux capabilities on the card.


Usage:

Use this command configure the system to allow session recovery task placement scheme when session recovery is off.

IMPORTANT:

This command is not supported on all platforms.


Example:
The following command enables demux capabilities:
require demux card
require detailed-rohc-stats

Enables or disables context-specific Robust Header Compression (RoHC) statistics.

Platform:

ASR 5000

Product:

HSGW, PDSN


Privilege:

Administrator


Syntax
[ no ] require
detailed-rohc-stats
no

Disables statistics for RoHC calls. This is the default condition.


Usage:

Enables context-specific statistics for RoHC calls.


Example:
Enter the following command to enable context specific statistics for RoHC calls:
require detailed-rohc-stats
require diameter-proxy

This command enables or disables Diameter Proxy mode.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
require diameter-proxy { master-slave | multiple | single }no require diameter-proxy
no

Disables Diameter Proxy mode.

Default: no require diameter-proxy

master-slave

Sets the Diameter-Proxy to Master-Slave mode.

In Master-slave mode, multiple Diameter proxies run on system, one on each packet processing card where one of them acts as Master and other Diameter proxies act as Slave.

In such mode, the Master proxy relays the traffic across multiple Slave Diameter proxies.

multiple

To configure one Diameter proxy for each active packet processing card.

single

To configure one Diameter proxy for the entire chassis.


Usage:

When the Diameter Proxy mode is enabled, each proxy process is a Diameter host, instead of requiring every Diameter application user (such as, every ACSMgr and/or every SessMgr, depending on the application) to be a host.

In Master-slave mode, multiple Diameter proxies runs on system, one on each packet processing card where one of them acts as Master and other Diameter proxies act as Slave.

In such mode Master relays the traffic from an incoming connection to a specific Slave Diameter proxy.


Example:
To configure a Diameter proxy for each active packet processing card, enter the following command:
require diameter-proxy multiple
To configure a single Diameter proxy for the entire chassis, enter the following command:
require diameter-proxy single
require ecs credit-control subscriber-mode

This command configures the Diameter Credit-Control Application (DCCA) to work in per subscriber-PDN level Gy mode.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
[ no ] require
ecs credit-control subscriber-mode
no

Creates DCCA/Gy sessions per bearer/PDP-context.


Usage:

This command is applicable to all products using the Gy interface. Use this command to configure DCCA/Gy to work in per subscriber-PDN level Gy mode, wherein one Diameter session is created per subscriber PDN rather than per bearer, and only one DCCA/Gy session is created for multi-bearer PDNs.

If this command is not configured, or the no require ecs credit-control subscriber-mode command is configured, DCCA/Gy sessions are created per bearer/PDP-context, and as a result when there are multiple PDP contexts or multiple bearers in a PDN as many DCCA/Gy sessions are created.

IMPORTANT:

This command will take effect only when the system is booted/rebooted. When configured after the system comes up, the command will be accepted but will not be applied until after the system is rebooted with the saved configuration.

IMPORTANT:

This command is independent of the require active-charging command. The ecs keyword in this command is license dependent.

require session recovery

Enables session recovery when hardware or software fault occurs within system.

Platform:

ASR 5000

Product:

GGSN, ASN-GW, HA, HSGW, LNS, MME, PDG/TTG, PDIF, PDSN, P-GW, SGSN


Privilege:

Security Administrator, Administrator


Syntax
[ no ] require
session recovery
no

Disables session recovery feature after configuration file is saved and system is restarted.


Usage:

When this feature is enabled, the system attempts to recover any home agent-based Mobile IP sessions that would normally be lost due to a hardware or software fault within the system.

This functionality is available for the following call types:
  • ASN-GW services supporting simple IP, Mobile IP, and Proxy Mobile IP
  • PDSN services supporting simple IP, Mobile IP, and Proxy Mobile IP
  • HA services supporting Mobile IP and/or Proxy Mobile IP session types with or without per-user Layer 3 tunnels
  • GGSN services for IPv4 and PPP PDP contexts
  • SGSN services for all attached and/or activated subscribers
  • LNS session types
  • PDIF services supporting Simple-IP, Mobile-IP and Proxy Mobile-P
  • MME services

The default setting for this command is disabled.

The no option of this command disables this feature.

This command only works when the Session Recovery feature is enabled through a valid Session and Feature Use License Key.

IMPORTANT:

After entering this command, you must restart the system for the command takes effect. Remember to save the configuration file before issuing the reload command.

reveal disabled commands

Enables the input of commands for features that do not have license keys installed. The output of the command show cli indicates when this is enabled. This command effects all future CLI sessions. This is disabled by default.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
[ no ] reveal
disabled commands
no

Do not show disabled commands.


Usage:

When this is enabled and a disabled command is entered, a message is displayed that informs you that the required feature is not enabled and also lists the name of the feature that you need to support the command.

When this is disabled and a disabled command is entered, the CLI does not acknowledge the existence of the command and displays a message that the keyword is unrecognized.


Example:
Set the CLI to accept disabled commands and display the required feature for all future CLI sessions with the following command:
reveal disabled commands
Set the CLI to reject disabled commands and return an error message for all future CLI sessions:
no reveal disabled commands
rohc-profile

This command allows you to create an RoHC (Robust Header Compression) profile and enter the RoHC Profile Configuration Mode. This mode is used to configure RoHC Compressor and Decompressor parameters. RoHC profiles can then be assigned to specific subscriber sessions when RoHC header compression is configured.

Platform:

ASR 5000

Product:

HSGW, PDSN


Privilege:

Security Administrator, Administrator


Syntax
rohc-profile profile-name name [ -noconfirm ] [ common-options | compression-options | decompression-options ]no rohc-profile profile-name name
common-options

Configures common parameters for compressor and decompressor.

compression-options

Configures ROHC compression options.

decompression-options

Configures ROHC decompression options.

no

Remove the specified RoHC profile.

name

The name of the RoHC profile to create or remove. name must be an alphanumeric string of 1 through 63 characters.

-noconfirm

Do not prompt for additional verification when executing this command.


Usage:

Use this command to enter the RoHC Profile Configuration mode.

Entering this command results in the following prompt:

[context_name]host(config-rohcprofile-<profile_name>)#

RoHC Profile Configuration Mode commands are defined in the RoHC Profile Configuration Mode Commands chapter.


Example:
Enter the following command to create an RoHC profile named HomeUsers and enter the RoHC Configuration mode without prompting for verification:
rohc-profile profile-name HomeUsers
The following command removes the RoHC profile named HomeUsers:
no rohc-profile profile-name HomeUsers
sccp-network

This command creates or removes a Signaling Connection Control Part (SCCP) network instance which is used to define the SS7 end-to-end routing in a UMTS network. As well, this command enters the SCCP network configuration mode. The SGSN supports up to 12 SCCP network instances at one time.

Platform:

ASR 5000

Product:

SGSN, HNB-GW


Privilege:

Security Administrator, Administrator


Syntax
sccp-network sccp_net_id [ -noconfirm ]
no sccp-network sccp_net_id
no

Remove the SCCP network configuration with the specified index number from the system configuration.

sccp_net_id

This number identifies a specific SCCP network configuration.

sccp_net_id: must be an integer from 1 through 12.

-noconfirm

Indicates that the command is to execute without any additional prompt and confirmation from the user.


Usage:

Use this command to create or modify an SCCP network and enter the SCCP network configuration mode.

The SCCP network is not a standard SS7 or UMTS concept - this concept is specific to this platform.

For details about the commands and parameters needed to create and edit the SCCP Network configuration, check the SCCP Network Configuration Mode chapter.


Example:
The following command creates an SCCP network with the index number of 1:
sccp-network 1
The following command creates an SCCP network with the index number of 2 to associate with HNB-GW service for HNB access network users without any prompt.:
sccp-network 2 -noconfirm
sctp-parameter-template

This command allows you to create an SCTP parameter template and enter the SCTP Parameter Template Configuration Mode. This mode is used to configure parameters for SCTP associations.

Platform:

ASR 5000

Product:

MME


Privilege:

Administrator


Syntax
[ no ] sctp-param-template name
no

Removes the specified SCTP parameter template from the system.

name

Specifies the name of the SCTP parameter template being created or accessed. name must be an alphanumeric string of 1 through 63 characters.


Usage:

Use this command to enter the SCTP Parameter Template Configuration mode.

Entering this command results in the following prompt:

[context_name]host(sctp-param-template)#

SCTP Parameter Template Configuration Mode commands are defined in the SCTP Parameter Template Configuration Mode Commands chapter.


Example:
The following command creates a new SCTP parameter template or enters an existing template named sctp-tmpl2:
sctp-param-template
sctp-tmpl2
session trace

This command configures the type of network elements, file transfer protocol, and Trace collection entity mode to be used for the transportation of trace files collected for the subscriber session tracing on the UMTS/EPC network element(s) along with network connection parameters and timers.

Platform:

ASR 5000

Product:

GGSN, MME, P-GW, S-GW


Privilege:

Administrator


Syntax
session trace network-element  { all | mme | pgw | sgw | ggsn } [ collection-timer sec ] [ tce-mode { none | push transport
sftp path string username name { encrypted
password enc_pw | password password } } ]
no session trace network-element  { all | mme | pgw | sgw | ggsn }
no

Removes the entire session trace configuration from the system or a specific network element trace configuration.

network-element { all | mme | pgw | sgw | ggsn }

Identifies the type of service to the session trace application in order to determine the applicable interfaces.

all: Specifies that all network elements and their associated interfaces are to be made available to the session trace application.

ggsn: Specifies that the GGSN as network element and its associated interfaces is to be made available to the session trace application.

mme: Specifies that the MME as network element and its associated interfaces is to be made available to the session trace application.

pgw: Specifies that the P-GW as network element and its associated interfaces is to be made available to the session trace application.

sgw: Specifies that the S-GW as network element and its associated interfaces is to be made available to the session trace application.

collection-timer sec

Specifies the amount of time (in seconds) to wait from initial activation/data collection before data is reported to the Trace Collection Entity (TCE). sec must be an integer from 0 through 255.

tce-mode none

Specifies that session trace files are to be stored locally and must be pulled by the TCE.

tce-mode push transport sftp path string username name { encrypted password enc_pw | password password }

Specifies that session trace files are to be pushed to the Trace Collection Entity (TCE).

sftp: Specifies that Secure FTP is used to push session trace files to the TCE.

path string: Specifies the directory path on the TCE where files will be placed.

username name: Specifies the username to be used when pushing files to the TCE.

encrypted password enc_pw: Specifies the encrypted password to be used when pushing files to the TCE.

password password: Specifies the password to be used when pushing files to the TCE.


Usage:

Use this command to configure the file transfer methods and modes for subscriber session trace functionality and to how and where session trace files are sent after collection.

This configuration contains collection timer, UMTS/EPC network element, type of file transfer, and user credentials setting to send the collected trace files to the TCE.


Example:
The following command configures the collection time for session traces to 30 seconds, identifies the network element as all elements (GGSN, MME, S-GW, and P-GW), and pushes session trace files to a TCE via SFTP into a directory named /trace/agw using a username admin and a password of pw123:
session trace network-element
all collection-timer 30 tce-mode push transport sftp path /trace/agw
username admin password pw123
The following command configures the collection time for session traces to 30 seconds, identifies the network element as an MME, and pushes session trace files to a TCE via SFTP into a directory named /trace/sgw using a username admin and a password of pw123:
session trace network-element
mme collection-timer 30 tce-mode push transport sftp path /trace/mme
username admin password pw123
The following command configures the collection time for session traces to 30 seconds, identifies the network element as GGSN, and pushes session trace files to a TCE via SFTP into a directory named /trace/ggsn using a username admin and a password of pw123:
session trace network-element
ggsn collection-timer 30 tce-mode push transport sftp path /trace/ggsn
username admin password pw123
sgsn-global

This command gives access to the SGSN Global configuration mode to set parameters relevant to the SGSN and HNB-GW as a whole.

Platform:

ASR 5000

Product:

SGSN


Privilege:

Security Administrator, Administrator


Syntax
sgsn-global

Usage:

Using this command moves into SGSN Global Configuration mode. In this mode, you can set system-wide parameters on SGSN and HNB-GW to perform the following tasks:

On SGSN:
  • monitoring and managing TLLIs in the BSSGP layer.
  • defining IMSI ranges used as filters in the operator policy selection process.

Example:
Enter the SGSN Global configuration mode with the following:
sgsn-global
snmp authentication-failure-trap

Enables or disables the SNMP traps for authentication failures.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
[ no ] snmp
authentication-failure-trap
no

Disables SNMP traps for authentication failures. When omitted, SNMP traps for authentication failures will be generated.


Usage:

Disables authentication failure traps if they are not of interest. At this time the option may be changed to support trouble shooting.

By default SNMP authentication failure traps are disabled.

snmp community

Configures the SNMP v1 and v2 community strings.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax

In StarOS 12.1 and earlier releases:

snmp community string  ] [ read-only | read-write ]no snmp community string
no

The specified community string is removed from the configuration.

name string

Specifies a community string whose options are to be modified. An unencrytpted string must be an alphanumeric string of 1 through 31 characters. An encrypted string is an alphanumeric string of 1 through 80 characters.

context context_name

Default: community string applies to all contexts.

Specifies a the context to which the community string shall be applied. context_name must be an alphanumeric string of 1 through 31 characters.

read-only | read-write

Default: read-only

Specifies if access rights for the community string.

read-only: the configuration may only be viewed.

read-write: the configuration may be viewed and edited.

view view_name

Default: community string applies to all views.

Specifies the view to which the community string shall be applied. view_name must be an alphanumeric string of 1 through 31 characters.


Usage:

The community strings define the privileges of SNMP users. It may be desirable to give read-only access to front line operators.


Example:
snmp community name plain_text_string
snmp community encrypted
name encrypted_string
snmp community name
plain_text_string context sampleContext
snmp community name
plain_text_string context sampleContext view sampleView
snmp community name
plain_text_string read-write view sampleView 
no snmp community plain_text_string
snmp engine-id

Configures the SNMP engine to use for SNMP requests when SNMPv3 agents are utilized.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
snmp engine-id local id
id

Specifies the SNMPv3 engine to employ. id must be an alphanumeric string of 1 through 31 characters.


Usage:

When SNMPv3 is used for SNMP access to the chassis the engine ID can be used to quickly change which schema is used for SNMP access.

IMPORTANT:

The system can send either SNMPv1, SNMPv2c, or SNMPv3 traps to numerous target devices. However, the Web Element Manager can only process SNMP version 1 (SNMPv1) and SNMP version 2c (SNMPv2c) traps. If the SNMP target being configured is Web Element Manager application, then you must not configure this command to use.


Example:
snmp engine-id local id
snmp heartbeat

Enables the sending of periodic “heartbeat” notifications (traps).

Platform:

ASR 5000

Product:

All


Privilege:

Administrator


Syntax
snmp heartbeat { interval [ minutes ] | second-interval [ seconds ] }[ deafult | no ] snmp heartbeat
default

Returns the command to its default setting of disabled.

no

Disables the feature.

interval [ minutes ]

Default: 60

Specifies the interval time (in minutes) between notifications. minutes must be an integer from 1 through 1440.

second-interval [ seconds ]

Default: 30

Specifies the secondary interval time, in seconds, between notifications. seconds must be an integer from 10 through 50.


Usage:

Use this command to enable the sending of a heartbeat notification periodically to confirm a system is up and communicating.


Example:
The following command sets the SNMP heartbeat notification interval to 2 hours, 15 minutes and 30 seconds:
snmp heartbeat interval
135 second-interval 30
snmp history heartbeat

Enables the recording of heartbeat notifications in SNMP history.

Platform:

ASR 5000

Product:

All


Privilege:

Administrator


Syntax
[ default | no ] snmp
history heartbeat
default

Returns the command to the default setting of enabled.

no

Disables the history recording feature.


Usage:

Use this command to enable the recording of SNMP heartbeat notifications in SNMP history files.

snmp notif-threshold

Configures the number of SNMP notification that need to be generated for a given event before it is propagated to the SNMP users.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
snmp notif-threshold count [ low low_count ] [ period seconds ]no snmp notif-threshold
no

Removes all SNMP notification thresholds. All notifications will be broadcast to SNMP users.

count

Default: 100

Specifies the number of notifications that must be generated before the next notification is broadcast to SNMP users. count must be an integer from 1 through 10000.

low low_count

Default: 20

Specifies the number of notifications within the monitoring period before which any subsequent notification for each specific event. low_count must be an integer from 1 through 10000.

period seconds

Default: 300

Specifies the number of seconds of the monitoring window size before any subsequent notification may be broadcast to users. seconds must be an integer from 10 through 3600.


Usage:

Set the notification threshold to avoid a flood of events which may be the result of a single failure or maintenance activity.


Example:
snmp notif-threshold 100
snmp notif-threshold
100 period 30
snmp server

Enables the SNMP server as well the configuration of the SNMP server port.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
snmp server [ port number ]no snmp server
no

Restores the default SNMP port assignment.

port number

Default: 161

Specifies the port number to use for SNMP communications. number must be an integer from 1 to 65535.


Usage:

Set the SNMP port for communications when SNMP is enabled.

IMPORTANT:

This will result in restarting the SNMP agent when the no keyword is omitted. SNMP queries as well as notifications/traps will be blocked until the agent has restarted.


Example:
snmp server port 100
no snmp server
snmp target

Configures remote receivers for SNMP notifications.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
snmp target name ip_address [ port number ] [ non-default ] [ security-name string ] [ version { 1 | 2c | 3 | view ] [ security-level { noauth | { auth | priv-auth
privacy [ encrypted ] des privpassword } authentication [ encrypted ] { md5 | sha } authpassword } } [ informs | traps ]no snmp target name
no

Removes the specified target as a receiver of unsolicited SNMP messages (traps).

authentication { md5 | sha } authpassword
Reads the authentication type and password if the security level of the SNMP messages is set to auth or priv-auth. Authentication types are:
  • md5: Configures the hash-algorithm to implement MD5 per RFC 1321.
  • sha: Specifies that the hash protocol is Secure Hash Algorithm.
security-level { noauth | { auth | priv-auth privacy [ encrypted ] des privpassword }
Sets the security level of the SNMPv3 messages, as follows:
  • noauth: No authentication and encryption is used.
  • auth: Only authentication will be used.
  • priv-auth: Both authentication and encryption will be used.
  • privacy des privpassword: Reads the privacy type and password.
name

Specifies a logical name to use to refer to the remote receiver. name must be an alphanumeric string of 1 through 31 characters.

ip_address

Specifies the IP address of the receiver. ip_address must be specified using IPv4 dotted-decimal notation.

non-default

Specifies that this destination is only used for SNMP traps which have been specifically identified.

port number

Default: 162

Specifies the port which is to be used in communicating with the remote receivers. number must be an integer from 0 through 65535.

security-name string

Default: no community string included

Specifies the community string to use in the unsolicited messages. string must be an alphanumeric string of 1 through 31 characters.

version { 1 | 2c | 3 } | view

Default: 1

Specifies the SNMP version the target supports and consequently the version of the SNMP protocol to use for communications.

IMPORTANT:

The system can send either SNMPv1, SNMPv2c, or SNMPv3 traps to numerous target devices.However, the Web Element Manager can only process SNMP version 1 (SNMPv1) and SNMP version 2c (SNMPv2c) traps. If the SNMP target being configured is Web Element Manager application, then you must configure this command to use version 1 or version 2c.

informs | traps

Default: traps

Specifies the type of SNMP event to use to send notifications to SNPM targets. traps are unacknowledged (fire and forget) whereas informs require a response from the SNMP target.

If the notification type is set to informs, the notification is resent if no response is received within 5 seconds. The notification is resent at most two times.


Usage:

The target manages the list of remote receivers to which unsolicited messages are sent. Use this command to add /remove a monitoring system to/from a network.


Example:
snmp target sampleReceiver
1.2.3.4 security-name sampleComm
snmp target sampleReceiver
1.2.5.6 port 100
snmp target sampleReceiver
1.2.7.8 version 2c traps
no snmp target sampleReceiver
snmp trap

This command enables or disables generation of specific or all SNMP traps.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
snmp trap { enable | suppress } [ trap_name1
trap_name2 ... trap_nameN | all ]
enable

Enables or allows the generation of one or more SNMP traps by the system.

suppress

Disables the generation of one or more SNMP traps by the system.

trap_name1 trap_name2 ... trap_nameN

The name of the specific SNMP trap to enable or disable. Multiple traps can be listed for a single instance of this command.

IMPORTANT:

The system disregards character case (case insensitive) when entering trap names.

all

Default: Enable All

Specifies that all SNMP traps will be affected by the specified operation (enable or suppress).


Usage:

SNMP traps are used by the system to indicate that certain events have occurred. A complete listing of the traps supported by the system and their descriptions can be found in the SNMP MIB Reference. Additionally, a trap listing can be viewed using the following command:

snmp trap { enable | suppress } ?

By default, the system enables the generation of all traps. However, individual traps can be disabled allowing only traps of a certain type or alarm level to be generated. This command can be used to disable un-desired traps and/or re-enable previously suppressed traps.


Example:
The following command suppresses the LogMessage trap:
snmp trap suppress logmessage
The following command suppresses the CLISessEnd and CLISessStart:
snmp trap suppress
clisessend clisessstart
snmp trap-timestamps

Adds an additional system-time varbind to generated traps.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
[ no ] snmp
trap-timestamps
no

Disables the adding of timestamps to generated traps.


Usage:

The timestamp added to the generated trap reflects the current system time. The timestamp is proprietary. This functionality is disabled by default.

IMPORTANT:

If the Web Element Manager application is used as your alarm server, the application relies on the timestamp provided by enabling this command to identify duplicate traps. As a result, it is recommended that this parameter be enabled for this case.


Example:
The following command enables the inclusion of a timestamp with each generated trap:
snmp trap-timestamps
snmp user

Configures an SNMPv3 user for SNMP access.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
snmp user user_name [ [ encrypted ] password password | engine id | group grp_name | security-model model auth [ [ encrypted ] password password ] ]no snmp user user_name
no

Removes the specified user from the list of valid SNMPv3 users.

user_name

Specifies the user which is to use SNMPv3 interfaces to the system. user_name must be an alphanumeric string of 1 through 31 characters.

engine id

The SNMP engine ID. id must be an alphanumeric string of 1 through 31characters.

group grp_name

Default: undefined (not a member of any group)

Specifies the user SNMPv3 group the into which user will be added. grp_name must be an alphanumeric string of 1 to 1023 characters.

security-model model auth

Default: USM

Specifies the security model used to authenticate the user. model must be configured to the following:
  • usm: User Security Model
[ encrypted ] password password

Default: undefined

Specifies the password for authenticating the user when the security model is set to User-based Security Model (USM).

The encrypted keyword indicates the password will be received in an encrypted form. password must be an alphanumeric string of 8 through 31 characters.

The encrypted keyword is intended only for use by the chassis while saving configuration scripts. The system displays the encrypted keyword in the configuration file as a flag that the variable following the password keyword is the encrypted version of the plain text password. Only the encrypted password is saved as part of the configuration file.


Usage:

Add and remove SNMPv3 users as operations staff or automated systems are updated. The security model will be user dependant based upon the support the users system provides.

IMPORTANT:

The system can send either SNMPv1, SNMPv2c, or SNMPv3 traps to numerous target devices. However, the Web Element Manager can only process SNMP version 1 (SNMPv1) and SNMP version 2c (SNMPv2c) traps. If the SNMP target being configured is Web Element Manager application, then you must not configure this command to use.


Example:
snmp user user1
snmp user user1 security-model
2c auth
snmp user user1 group
user1 group sampleGroup security-model usm auth
no snmp user user1
ss7-routing-domain

This command creates an SS7 routing domain instance and enters the SS7 Routing Domain Configuration mode.

Platform:

ASR 5000

Product:

SGSN

HNB-GW


Privilege:

Security Administrator, Administrator


Syntax
ss7-routing-domain rd_id variant v_type [ -noconfirm ]
no ss7-routing-domain rd_id
no

Removes the specified SS7 routing domain from the system configuration.

rd_id

Identifies a specific SS7 routing domain. Once it has been created, it can be accessed for further configuration and modification by entering the rd_id without entering the variant.

rd_id must be an integer from 1 through 12.

variant v_type
Identifies the national standard to be used for call setup, routing and control, signaling. Select one of the following:
  • ansi: American National Standards Institute (U.S.A.)
  • bici: Broadband Intercarrier Interface standard
  • china: Chinese standard
  • itu: International Telecommunication Union (ITU-T) Telecommunication Standardization Sector
  • ntt: Japanese standard
  • ttc: Japanese standard
-noconfirm

Indicates that the command is to execute without any additional prompt and confirmation from the user.


Usage:

Use this command to create an SS7 routing domain configuration instance or to enter the SS7 routing domain configuration mode to edit the configuration.

A routing domain groups configuration items to facilitate the management of the SS7 connection resources for an SGSN service. An Access Gateway supports up to 12 configured SS7 routing domains at one time.

After entering this command, the prompt appears as:

[context_name]<hostname>(config-ss7-routing-domain-routing_domain_id)#

For details about the commands and parameters used to define or edit an SS7 routing domain, refer SS7 Routing Domain Configuration Mode chapter.


Example:
The following creates an SS7 routing domain with an index of 1 and the variant selection of Broadcast Intercarrier Interface (bici):
ss7-routing-domain
1 variant bici
The following command creates an SS7 routing domain instance with an index of 2 and the variant selection of Broadcast Intercarrier Interface (bici) to be associated with HNB RN-PLMN in an HNB access network:
ss7-routing-domain
1 variant bici
suspend local-user

Suspends a local-user administrative account.

Platform:

ASR 5000

Product:

All


Privilege:

Administrator


Syntax
[ no ] suspend
local-user name
no

Removes the suspended status for the specified local-user account.

name

The name of the local-user account expressed as an alphanumeric string of 3 through 16 characters that is case sensitive.


Usage:

This command allows a security administrator to suspend local-user administrative accounts.

A “suspended” user cannot login to the system. The user’s account information (passwords, password history, etc.), however, is preserved.


Example:
The following command suspends a local-user account called Inspector1:
suspend local-user Inspector1
The following command removes the suspension from a local-user account called Admin300:
no suspend local-user Admin300
system

Configures system information which is accessible via SNMP.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
system { carrier-id
mcc mcc_id mnc mnc_id | contact  who | description string | hostname host_name | location text | serial-number ser_number | sysdesc-sysoid-style
 [ default | new ] }default system { contact | location }
default

Removes the configured system contact and system location form the system.

carrier-id mcc mcc_id mnc mnc_id

IMPORTANT:

This carrier ID is not used by the GGSN.

Specifies a carrier-id that is a unique identifier for the carrier that has installed the system. When the carrier ID values are set, the carrier-id and gmt_offset attributes are included in access-request and accounting packets when using the following RADIUS dictionaries:
  • 3gpp2
  • 3gpp2-835
  • starent
  • starent-835
  • starent-vsa1
  • starent-vsa1-835
  • custom9

mcc mcc_id: The mobile country code. This must be specified as a 3-digit string from 001 through 999.

mnc mnc_id: The mobile network code. This must be specified as a 2- or 3-digit string from 01 through 999.

contact who

Default: No contact specified.

contact who: specifies the contact information for the chassis. who must be an alphanumeric string of 0 through 255 characters. The string must be embedded in double quotes (“) if spaces and special punctuation is to be used.

description string
Allows a user to describe the system for identification purposes. The system description can be comprised of a mix of alphanumeric characters, as follows:
  • %version% - software version.
  • %build% - software build number
  • %chassis% - chassis type (ST16, ASR 5000, or ASR 5500)
  • %staros% - OS type
  • %hostname% - system name
  • %release% - release number
  • %kerver% - kernel version
  • %machine% - machine hardware name
  • string - an alphanumeric string of 1 through 255 characters.
hostname host_name

hostname host_name: configures the chassis host name where host_name must be an alphanumeric string of 1 through 63 characters.

IMPORTANT:

Please note that changing the chassis host name results in the command prompt changing as well to reflect the new name. This may affect any previously scripted interfaces from an OSS or maintenance facility.

location text

Default: No location specified.

location text: specifies the system location expressed as an alphanumeric string of 0 through 255 characters. The text specified must be embedded in double quotes (“) if spaces are to be used.

Default: None.

Specifies a system identifier as an alphanumeric string of 1 through 11 characters.

sysdesc-sysoid-style [ default | new ]
Allows the user to select the SNMP return for the objects sysDescr and sysOId.
  • default - SNMP returns old style system description and old style system OID string.
  • new - SNMP returns Cisco style system description and Cisco style OID string.

Usage:

Specify system basic information which is useful back at a network operations center which uses the SNMP interfaces for management.


Example:
The following commands configure the contact information, system host name, and location text, or remove configured location and system respectively.
system contact user1@company.com
system hostname system16
system location “Clark
Street Closet\nBasement Rack 4”
The following commands remove the configured contact and location from system respectively
default system contact
default system location