Global Configuration Mode Commands (A-K)

This section includes the commands aaa accounting-overload-protection through imei-profile.

The Global Configuration Mode is used to configure basic system-wide parameters.

IMPORTANT:

The commands or keywords/variables that are available are dependent on platform type, product version, and installed license(s).

aaa accounting-overload-protection

This command configures Overload Protection Policy for accounting requests.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
aaa accounting-overload-protection
prioritize-gtpp
{ default | no } aaa
accounting-overload-protection
default

Configures the default setting.

Default: no priority assigned

no

Disables the Overload Protection configuration.

prioritize-gtpp

Gives higher priority to GTPP requests among the other outstanding requests. So while purging the lower priority requests will be selected first.


Usage:

Use this command to configure Overload Protection Policy for accounting requests.


Example:
The following command prioritizes GTPP requests among the other outstanding requests:
aaa accounting-overload-protection
prioritize-gtpp
aaa default-domain

Configure global accounting and authentication default domain for subscriber and context-level administrative user sessions.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
aaa default-domain { administrator | subscriber } domain_nameno aaa default-domain { administrator | subscriber }
no

Removes all or only the specified configured domain.

administrator | subscriber

administrator: Configures the default domain for context-level administrative users.

subscriber: Configures the default domain for subscribers.

domain_name

Sets the default context.

domain_name must be an alphanumeric string of 1 through 79 characters.


Usage:

This command configures the default domain which is used when accounting and authentication services are required for context-level administrative user and subscriber sessions whose user name does not include a domain.


Example:
The following commands configure the default domains for context-level administrative users and subscribers, respectively:
aaa default-domain
administrator sampleAdministratorDomain
aaa default-domain
subscriber sampleSubscriberDomain
aaa domain-matching ignore-case

This command disables case sensitivity when performing domain matching. When this command is enabled, the system disregard case when matching domains.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
[ no ] aaa
domain-matching ignore-case
default aaa domain-matching
default

Configures ignore-case as the domain matching method.

no

Specifies that the system consider case when domain matching.


Usage:

Use this command to configure the system to ignore case when matching domains.


Example:
The following command configures the system to ignore case when matching domains:
aaa domain-matching
ignore-case
aaa domain-matching imsi-prefix

Enables domain lookup for session based on the International Mobile Subscriber Identity (IMSI) prefix length. Default: Disabled

IMPORTANT:

This command is only available in 8.3 and later releases.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
aaa domain-matching
imsi-prefix prefix-length prefix_length
no aaa domain-matching
imsi-prefix
default aaa domain-matching
no

Specifies the system must not consider imsi-prefix domain matching method.

prefix-length

Specifies the IMSI length to be matched with the domain.

prefix_length must be an integer from 1 through 15.


Usage:

Use this command to configure the IMSI-prefix method of domain matching. This command enables domain lookup for the session based on the IMSI prefix length. If there is a domain configured with the matching IMSI prefix, the associated configuration is used.

This feature does not support partial matches.


Example:
The following command configures the IMSI prefix method for domain matching setting the prefix length to 10.
aaa domain-matching
imsi-prefix prefix-length 10
aaa large-configuration

This command enables or disables the system to accept a large number of RADIUS configurations to be defined and stored.

IMPORTANT:

For this command to take affect, after entering the command the configuration must be saved and reloaded.

When aaa large-configuration is disabled, the following restrictions are in place:
  • Only one (1) NAS IP address can be defined per context with the radius attribute command.
  • The RADIUS attribute nas-ip-address can only be configured if the RADIUS group is default.
  • Only 320 RADIUS servers can be configured system-wide.
  • Only 64 RADIUS groups can be configured system-wide.
Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
[ no ] aaa
large-configuration
no

Disables AAA large configuration support.


Usage:

When aaa large-configuration is enabled, the system provides the ability to configure multiple NAS IP addresses in a single context to used with different radius groups. As well, the command allows support for up to 1,600 RADIUS server configurations and for a PDSN a maximum of 400 or for a GGSN a maximum of 800 RADIUS server group configurations system-wide.


Example:

To enable the definition of a large number of RADIUS configurations, enter the following commands in the following order:

In APN Configuration mode, enter:
default aaa group
In Global Configuration mode, enter:
aaa large-configuration

In Exec mode, use the save configuration command and then the reload command.

aaa last-resort

Configure global accounting and authentication last resort domain for subscriber and context-level administrative user sessions.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
aaa last-resort context { administrator | subscriber context_name }no aaa last-resort
context { administrator | subscriber }
no

Removes all or only the specified previously configured authentication last resort domain name.

administrator | subscriber

administrator: Configures the last resort domain for context-level administrative.

subscriber: Configures the last resort domain for the subscribers.

context_name

Specifies the context which is to be set as the last resort. context_name must be an alphanumeric string of 1 to 79 characters.


Usage:

Set the last resort context which is used when there is no applicable default domain (context) and there is no domain provided with the subscriber’s or context-level administrative user’s name for use in the AAA functions.


Example:
The following commands configure the last resort domains for context-level administrative user and subscribers, respectively:
aaa last-resort administrator sampleAdministratorDomain 

aaa last-resort subscriber sampleSubscriberDomain 
The following command removes the previously configured domain called sampleAdministratorDomain:
no aaa last-resort
administrator sampleAdministratorDomain
aaa tacacs+

This command enables or disables system-wide TACACS+ AAA (authentication, authorization and accounting) services for administrative users. This command is valid only if TACACS+ servers and related services have been configured in TACACS Configuration Mode.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
[ no ] aaa
tacacs+ 

Usage:

Enables or disables the use of TACACS+ AAA services for administrative users.


Example:
aaa tacacs+
no aaa tacacs+ 
aaa username-format

Configure global accounting and authentication user name formats for AAA (authentication, authorization and accounting) functions. Up to six formats may be configured.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
[ no ] aaa
username-format { domain | username } separatordefault aaa username-format 
no

Removes the specified user name format from the configuration.

domain | username

Default: username @

domain: indicates the left side of the string from the separator character is a domain name and the right side is the user name.

username: indicates the left side of the string from the separator character is a user name and the right side is the domain name.

IMPORTANT:

The user name string is always searched from right to left for the first occurrence of the separator character.

separator

Specifies the character to use to delimit the domain from the user name for global AAA functions.Permitted characters include: @, %, -, \, #, or /. To specify a back slash (’\’) as the separator, you must enter a double back slash (‘\\’) on the command line.


Usage:

Define the formats for user name delimiting if certain domains or groups of users are to be authenticated based upon their user name versus domain name.


Example:
aaa username-format
domain @
aaa username-format
username %
no aaa username-format
username %
active-charging service

This command allows you to create/configure/delete the Active Charging Service (ACS)/Enhanced Charging Service (ECS).

Platform:

ASR 5000

Product:

ACS


Privilege:

Security Administrator, Administrator


Syntax
active-charging service acs_service_name [ -noconfirm ]no active-charging
service acs_service_name
no

Deletes the specified Active Charging Service.

acs_service_name

Specifies name of the Active Charging Service.

acs_service_name must be the name of an Active Charging Service, and must be an alphanumeric string of 1 through 15 characters.

If the named Active Charging Service does not exist, it is created, and the CLI mode changes to the ACS Configuration Mode wherein the service can be configured. If the named Active Charging Service already exists, the CLI mode changes to the ACS Configuration Mode.

-noconfirm

Specifies that the command must execute without any additional prompt and confirmation from the user.


Usage:

Use this command to create/configure/delete an Active Charging Service in the system. Note that, in this release, only one Active Charging Service can be created in the system.

Use this command after enabling ACS using the require active-charging command. This command allows administrative users to configure the ACS functionality.

On entering this command, the CLI prompt changes to:

[context_name]hostname(config-acs)#


Example:
The following command creates an ACS service named test:
active-charging service test
alarm

Enables or disables alarming options for the SPIO card or the SSC internal alarms and the central-office external alarms. To verify the state of the alarms, refer to the show alarm command.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
alarm { audible | central-office  }
no alarm { audible | central-office  }
no

Disables the option specified.

audible | central-office

audible: indicates the internal audible alarm on the SPIO cards or SSCs are to be enabled.

central-office: indicates the central office alarms are to be enabled.


Usage:

Disable CO and audible alarms when an existing device provides such capability.


Example:
The following commands enable the SPIO card or SSC internal alarms and disable the central office alarms, respectively.
alarm audible
no alarm central-office
apn-profile

Creates an instance of an Access Point Name (APN) profile.

Platform:

ASR 5000

Product:

MME, SGSN


Privilege:

Security Administrator, Administrator


Syntax
[ no ] apn-profile apn_profile_name
no

Deletes the APN profile instance from the configuration.

apn_profile_name

Specifies the name of the APN profile. Enter an alphanumeric string of 1 through 64 characters.


Usage:

Use this command to create an instance of an APN profile and to enter the APN profile configuration mode. An APN profile is a template which groups a set of APN-specific commands that may be applicable to one or more APNs. See the APN Profile Configuration Mode Commands chapter for information regarding the definition of the rules contained within the profile and the use of the profile.

IMPORTANT:

An APN profile is a key element of the Operator Policy feature and is only valid when associated with at least one operator policy.

To see what APN profiles have already been created, return to the Exec mode and enter the show apn-profile all command.


Example:
The following command creates a configuration instance of an APN profile:
apn-profile apnprof27
apn-remap-table

Creates an instance of an Access Point Name (APN) remap table.

Platform:

ASR 5000

Product:

MME, SGSN


Privilege:

Security Administrator, Administrator


Syntax
[ no ] apn-remap-table apn_remap_table_name
no

Deletes the APN remap table instance from the configuration.

apn_remap_table_name

Specifies the name of the APN remap table. Enter an alphanumeric string of 1 through 65 characters.


Usage:

Use this command to create an instance of an APN remap table and to enter the APN remap table configuration mode. An APN remap table includes entries that define how an incoming APN, or the lack on one, will be handled. See the APN Remap Table Configuration Mode Commands chapter for information regarding the definition of the entries contained within the table and the use of the table.

IMPORTANT:

An APN remap table is a key element of the Operator Policy feature and is only valid when associated with at least one operator policy.

To see what APN remap tables have already been created, return to the Exec mode and enter the show apn-remap-table all command.


Example:
The following command creates a configuration instance of an APN remap table:
apn-remap-table pnremap-USorigins-table1
arp

Configures a system-wide time interval for performing Address Resolution Protocol (ARP) refresh.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
arp base-reachable-time timedefault arp base-reachable-time
default

Restores the parameter to its default setting.

time

Default: 30

Specifies the ARP refresh interval (in seconds) as an integer from 30 through 86400.


Usage:

Use this command to configure a system-wide ARP refresh interval. Once a neighbor is found, the entry is considered valid for at least a random value between the time/2 and the time*1.5.


Example:
The following command configures an ARP refresh interval of 1 hour:
arp base-reachable-time 3600
autoconfirm

This command disables or enables confirmation for certain commands. This command affects all future CLI sessions.

IMPORTANT:

To change the behavior for the current CLI session only, use the autoconfirm command in the Exec Mode.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator, Operator


Syntax
autoconfirmno autoconfirm

Usage:

When autoconfirm is enabled, certain commands ask you to answer yes or no to confirm that you want to execute the command. When autoconfirm is disabled the confirmation questions never appear. Disabling autoconfirm disables command confirmation for all future CLI sessions.

By default autoconfirm is enabled.


Example:
The following command enables command confirmation for all future CLI sessions;
autoconfirm
The following command disables command confirmation for all future CLI sessions;
no autoconfirm
autoless

This command is obsolete. It is included in the CLI for backward compatibility with older configuration files. When executed, this command issues a warning and performs no function.

banner

Configures the CLI banner which is displayed upon the start of a CLI session.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
banner { charging-service | lawful-intercept | motd | pre-login } stringno banner { charging-service | lawful-intercept | motd | pre-login }
no

Removes the banner message by setting it to be a string of zero length.

charging-service

Specifies the Active Charging Service banner message. The banner is displayed upon initialization of an SSH CLI session with ACS-admin privileges (whenever anyone with the CLI privilege bit for ACS logs on).

lawful-intercept

Refer to the Lawful Intercept Configuration Guide for a description of this parameter.

motd

Configures the CLI banner message of the day which is displayed upon the initialization of any CLI session.

pre-login

Configures the CLI banner displayed before a CLI user logs in.

IMPORTANT:

This banner is displayed only for serial port and telnet log ins. It is not supported in ssh and, therefore, will not be displayed before ssh log ins.

string

Specifies the banner or message to be displayed at session initialization. string may be an alphanumeric string of 0 through 2048 characters. The string must be enclosed in double quotation marks if the banner or message is to include spaces.


Usage:

Set the message of the day banner when an important system wide message is needed. For example, in preparation for removing a chassis from service, set the banner 1 or more days in advance to notify administrative users of the pending maintenance.


Example:
banner motd “Have
a nice day.”
banner motd No_News_Today
no banner motd
boot delay

Configures the delay period, in seconds, before attempting to boot the system from a software image file residing on an external network server.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
boot delay timeno boot delay
no

Deletes the setting for the boot delay. The boot process executes immediately.

time

Specifies the amount of time (in seconds) to delay prior to requesting the software image from the external network server as an integer from 1 through 300.


Usage:

Useful when booting from the network when connection delays may cause timeouts. Such as when the Spanning Tree Protocol is used on network equipment.

IMPORTANT:

The settings for this command are stored immediately in the boot.sys file. No changes are made to the system configuration file.


Example:
The following sets the boot delay to 10 seconds:
boot delay 10
boot interface

Configures Ethernet network interfaces for obtaining a system software image during the system boot process.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
Releases prior to 12.2:
boot interface { spio-eth1 | spio-eth2 } [ medium { auto | speed medium_speed duplex medium_duplex } [ media medium_media ] ]no boot interface
Releases after 12.2:
boot interface { local-eth1 | local-eth2 } [ medium { auto | speed medium_speed duplex medium_duplex } [ media medium_media ] ]no boot interface
no

Removes the boot interface configuration from the boot.sys file. Only files from the local file system can be loaded.

spio-eth1 | spio-eth2

Specifies the network interface to be configured where spio-eth1 is the primary interface on the SPIO (slot 24 interface 1 or slot 25 interface 1) and spio-eth2 is the secondary interface on the SPIO (slot 24 interface 2 or slot 25 interface 2). The interfaces are either RJ-45 ifor speeds of 10, 100, or 1000 megabits per second (Mbps), or SFP for the optical Gigabit (1000 Mbps).

local-eth1 | local-eth2

Specifies the network interface to be configured where local-eth1 is the primary ethernet interface and local-eth2 is the secondary ethernet interface.

For the ASR 5000, the primary is interface 1 on the SPIO and the secondary is interface 2 on the SPIO. The interfaces are either RJ-45 ifor speeds of 10, 100, or 1000 megabits per second (Mbps), or SFP for optical Gigabit (1000 Mbps).

For the ASR 5500, the primary is port 1 (1000Base-T) on the MIO and the secondary interface is port 2 (1000Base-T) on the MIO.

medium { auto | speed medium_speed duplex medium_duplex }

Default: auto

auto: configures the interface to auto-negotiate the interface speed. and duplex.

speed medium_speed duplex medium_duplex: specifies the speed to use at all times where medium_speed must be one of:
  • 10
  • 100
  • 1000
The keyword duplex is used to set the communication mode of the interface where medium_duplex must be one of:
  • full
  • half
media medium_media

Default: rj45

Optionally sets the physical interface where medium_media must be either rj45 or sfp.


Usage:

Modify the boot interface settings to ensure the system is able to obtain a software image from an external network server.

IMPORTANT:

The settings for this command are stored immediately in the boot.sys file. No changes are made to the system configuration file.


Example:
The following configures the primary interface to auto-negotiate the speed.
boot interface spio-eth1
medium auto
boot interface local-eth1
medium auto
The following command configures the secondary interface to a fixed gigabit speed at full duplex using RJ45 connectors for the physical interface.
boot interface spio-eth2
medium speed 1000 duplex full media rj45
boot interface local-eth2
medium speed 1000 duplex full media rj45
The following restores the defaults for the boot interface.
no boot interface
boot nameserver

Configures the IP address of the DNS (Domain Name Service) server to use when looking up hostnames in URLs for network booting.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
boot nameserver ip_addressno boot nameserver
no

Removes the network boot nameserver information from the boot.sys file.

ip_address

IPv4 dotted-decimal address of the DNS server the system uses to lookup hostnames in URLs for a software image from the network during the system boot process.


Usage:

Use this command to identify the DNS server to use to lookup hostnames in a software image URL.

IMPORTANT:

The settings for this command are stored immediately in the boot.sys file. No changes are made to the system configuration file.


Example:
The following configures the system to communicate with a DNS nameserver with the IP address of 10.2.3.4:
boot nameserver 10.2.3.4
boot networkconfig

Configures the networking parameters for the Switch Processor I/O card network interfaces to use when obtaining a software image from an external network server during the system boot process.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
boot networkconfig { dhcp | { { dhcp-static-fallback | static } ip
address spio24 ip_address [ spio25 ip_address ] netmask ip_mask [ gateway gw_address ] } }no boot networkconfig
no

Removes the network configuration information from the boot.sys file.

dhcp

Indicates that a Dynamic Host Control Protocol (DHCP) server is used for communicating with the external network server.

dhcp-static-fallback | static

dhcp-static-fallback: provides static IP address fallback network option when a DHCP server is unavailable.

static: specifies a fixed network IP address for the external network server that hosts the software image.

spio24 ip_address [ spio25 ip_address ] netmask ip_mask [ gateway gw_address ]

spio24 ip_address [ spio25 ip_address ]: the IP address to use for the SPIO in slot 24 and optionally the SPIO in slot 25 for network booting. ip_address must be specified using IPv4 dotted-decimal notation.

netmask ip_mask: the network mask to use in conjunction with the IP address(es) specified for network booting. ip_mask must be specified using IPv4 dotted-decimal notation.

gateway gw_address: the IP address of a network gateway to use in conjunction with the IP address(es) specified for network booting. gw_address must be entered using IPv4 dotted-decimal notation.

IMPORTANT:

If gw_address is not specified, the network server must be on the same LAN as the system. Since both SPIOs must be in the same network, the netmask and gateway settings are shared.


Usage:

Configure the network parameters for the ports on the SPIO cards to use to communicate with an external network server that hosts software images.

IMPORTANT:

The settings for this command are stored immediately in the boot.sys file. No changes are made to the system configuration file.

IMPORTANT:

When configuring static addresses both SPIOs must have different IP addresses. Neither address can be the same as the local context IP address.


Example:
The following configures the system to communicate with the external network server via DHCP with a fallback to IP address 192.168.100.10, respectively.
boot networkconfig
dhcp-static-fallback ip address spio24 192.168.100.10 netmask 255.255.255.0
The following command configures the system to communicate with an external network server using the fixed (static) IP address 192.168.100.10 with a network mask of 255.255.255.0.
boot networkconfig
static ip address spio24 192.168.100.10 netmask 255.255.255.0 
The following restores the system default for the network boot configuration options.
no boot networkconfig
boot system priority

Specifies the priority of a boot stack entry to use when the system first initializes or restarts. Up to 10 boot system priorities (entries in the boot.sys file located in the /flash device in the SPC, SMC or MIO) can be configured.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
boot system priority number image image_url config config_pathno boot system priority number
no

Remove a boot stack entry at the priority specified from the boot stack when it is no longer used.

priority number

Specifies the priority for the file group (consisting of an image (.bin) and its corresponding configuration (.cfg) file) specified in the boot stack. The value must be in the range from 1 through 100 where a priority of 1 is the highest. Up to 10 boot system priorities (boot stack entries) can be configured.

IMPORTANT:

When performing a software upgrade it is important that the new file group have the highest priority (lowest value) configured.

IMPORTANT:

To ensure that higher priority numbers remain open, use an “N-1” priority numbering methodology, where “N” is the first priority in the current boot stack.

image image_url

Specifies the location of a image file to use for system startup. The URL may refer to a local or a remote file. The URL must be formatted according to the following format:

For the ASR 5000:
  • [ file: ]{ /flash | /pcmcia1 | /hd }[ /directory ]/filename
  • [ http: | tftp: ]//host[ :port ][ /directory ]/filename

IMPORTANT:

Use of the SMC hard drive is not supported in this release.

IMPORTANT:

Do not use the following characters when entering a string for the field names below: “/” (forward slash), “:” (colon) or “@” (at sign).

directory is the directory name.

filename is the actual file of interest.

host is the IP address or host name of the server.

port# is the logical port number that the communication protocol is to use.

IMPORTANT:

A file intended for use on an ASR 5000 uses the convention xxxxx.asr5000.bin, where xxxxx is the software build number.

IMPORTANT:

When using the TFTP, it is advisable to use a server that supports large blocks, per RFC 2348. This can be implemented by using the “block size option” to ensure that the TFTP service does not restrict the file size of the transfer to 32MB.

config config_path

Specifies the location of a configuration file to use for system startup. This must be formatted according to the following format:

For the ASR 5000:
  • [ file: ]{ /flash | /pcmcia1 | /hd }[ /path ]/filename

IMPORTANT:

Use of the SMC hard drive is not supported in this release.

Where path is the directory structure to the file of interest, and filename is the name of the configuration file. This file typically has a .cfg extension.


Usage:

This command is useful in prioritizing boot stack entries in the boot.sys file, typically located on the /flash device of the Active SPC, SMC, or MIO, for automatic recovery in case of a failure of a primary boot file group.

IMPORTANT:

The configuration file must reside on the SPC’s, SMC’s, or MIO’s local filesystem, stored on one of its local devices (/flash, or /pcmcia1, or /hd-raid/pcmcia1, or /pcmcia2, or /usb1, or /hd-raid). Attempts to load the configuration file from an external network server will result in a failure to load that image and configuration file group, causing the system to load the image and configuration file group with the next highest priority in the boot stack.

IMPORTANT:

Configuration changes do not take effect until the system is reloaded.

IMPORTANT:

The settings for this command are stored immediately in the boot.sys file. No changes are made to the system configuration file.


Example:
The following commands set up two locations to obtain a boot file group from.
boot system priority
1 image tftp: //remoteABC/pub/2012jan.bin
config /flash/pub/data/2012feb.cfg
boot system priority
2 image /flash /pub/data/2002jun.bin
config /pcmcia1/pub/data/2012feb.cfg
The following removes the current priority 1 boot entry from the boot.sys file.
no boot system priority 1
bulkstats

Enables the collection of bulk statistics by the system and/or enters the bulk statistic configuration mode.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
bulkstats { collection | historical | mode }no bulkstats collection
collection

Enables the statistics collection process. Collects a period snapshot of data, such as “here is what the value is right now”.

historical collection

Enables the system to collect historical bulk statistics.

If enabled, the system keeps track of some things which require the storing of more data, such as “the highest value that’s been seen over the last 24 hours”.

mode
Enters the bulk statistics configuration mode. The resulting command-line prompt will look similar to:
[<context-name>]asr5000(config-bulkstats)#
no

Disables the collection of bulk statistics.


Usage:

The Bulk Statistics Configuration Code consists of commands for configuring bulk statistic properties, such as the period of collection. Bulk Statistics configuration mode commands are defined in the Bulk Statistics Configuration Mode Commands chapter.

The system can be configured to collect bulk statistics and send them to a collection server (called a receiver). Bulk statistics are statistics that are collected in a group or schema, for example, system statistics, port statistics, radius statistics.

Once bulk statistics receiver, schema, and collection properties are configured, this bulkstats command is used to enable or disable the collection of the data.

To collect a sample that will provide an average, for example, an average of CPU counters, the “historical” features must be enabled with the bulkstats historical collection command.

Since bulk statistics are collected at regular, user-defined intervals, the bulkstats force command in the Exec Mode can be used to manually initiate the collection of statistics at any time.


Example:
bulkstats collection
bulkstats mode
no bulkstats collection
ca-certificate

Configures and selects an X.509 CA root certificate to enable a security gateway or SCM to perform certificate-based peer (client) authentication. The system supports a maximum of 16 certificates and 16 CA root certificates. A maximum of four CA root certificates can be bound to a crypto or ssl template.

Platform:

ASR 5000

Product:

ePDG, FNG, SCM (P-CSCF, A-BG)


Privilege:

Administrator, Security Administrator, Operator


Syntax
ca-certificate name name pem { data pemdata | url url }no ca-certificate name name

no

Disables ca-certificate.

Note:

If the CA-CERT is mandatory for the service to be up and running, then the removal of that CA-CERT is not allowed, i.e. the following CLI command is not allowed.
no ca-certificate  name name

name name

Names the CA certificate. name must be an alphanumeric string of 1 through 128 characters.

pem

Specifies that the Privacy-enhanced Electronic Mail (PEM) format is to be used.

data pemdata

CA certificate data in PEM format. pemdata must be an alphanumeric string of 1 through 4095 characters.

url url
URL of the file containing CA certificate in PEM. url must be an existing URL expressed in one of the following formats:
  • [file:]{/flash | /pcmcia1 | /hd-raid}[/directory]/<filename
  • tftp://<host>[:<port>][/<directory>]/<filename
  • ftp://[<username>[:<password>]@]<host>[:<port>][/<directory>]/<filename
  • sftp://[<username>[:<password>]@]<host>[:<port>][/<directory>]/<filename
  • http://[<username>[:<password>]@]<host>[:<port>][/<directory>]/<filename

When read via a file, note that show configuration will not contain the URL reference, but will instead output the data via data pemdata, such that the configuration file is self-contained.

no

Removes the named CA certificate.


Usage:

In addition to the X.509 certificate-based gateway authentication method and the PSK (Pre-Shared Key) and EAP-AKA (Extensible Authentication Protocol - Authentication and Key Agreement) peer (client) authentication methods, the FNG and SCM support X.509 certificate-based peer authentication.

The FNG checks the network policy on whether a FAP is authorized to provide service. If the network policy states that all FAPs that pass device authentication are authorized to provide service, no further authorization check may be required. If the network policy requires that each FAP be individually authorized for service (in the case where the FEID is associated with a valid subscription), the FNG sends a RADIUS Access-Request message to the AAA server. If the AAA server sends a RADIUS Access-Accept message, the FNG proceeds with device authentication. Otherwise, the FNG terminates the IPSec tunnel setup by sending an IKEv2 Notification message indicating authentication failure.

The operator/administrator is responsible for configuring the certificates through the CLI. The system will generate an SNMP notification when the certificate is within 30 days of expiration, and then once a day.


Example:
Use the following command to remove a certificate named fap1:
no ca-certificate
data fap1
ca-crl

Configures the name and URL path of a Certificate Authority-Certificate Revocation List (CA-CRL).

Platform:

ASR 5000

Product:

FNG

HNB-GW

PDG/TTG

PDIF

SCM (P-CSCF, A-BG)

S-GW


Privilege:

Operator


Syntax
ca-crl name name { der | pem } { url url }no ca-crl name name
no

Removes the named CA-CRL.

name

Provides a name of the CA-CRL. name must be an alphanumeric string of 1 through 128 characters.

der

Specifies that the Distinguished Encoding Rules (DER) format is to be used for the source format.

pem

Specifies that the Privacy-enhanced Electronic Mail (PEM) format is to be used for the source format.

url url
Specifies the URL where the CA-CRL is to be fetched. url must be an existing URL expressed in one of the following formats:
  • [file:]{/flash | /pcmcia1 | /hd-raid}[/directory]/<filename
  • tftp://<host>[:<port>][/<directory>]/<filename
  • ftp://[<username>[:<password>]@]<host>[:<port>][/<directory>]/<filename
  • sftp://[<username>[:<password>]@]<host>[:<port>][/<directory>]/<filename
  • http://[<username>[:<password>]@]<host>[:<port>][/<directory>]/<filename

Usage:

Use this command to name and fetch a CA-CRL from a specified location.

Without additional information from the CA, an issued certificate remains valid to any verifier until it expires. To revoke certificates, the CA publishes a CRL periodically to provide an updated list of certificates revoked, but not yet expired. Like a certificate, a CRL is a digital document signed by the CA. In addition to a list of serial numbers of revoked certificates, the CRL includes attributes such as issuer name (same as the issuer name in the certificate), signature (signed by the issuer using the same key that signs certificates), last update (the time this CRL was issued), and next update (the time next CRL will be available).


Example:
The following command fetches a CA-CRL named list1.pem from a host.com/CRLs location and names the list CRL5:
ca-crl name CRL5 pem
url http://host.com/CRLs/list1.pem
call-control-profile

Creates an instance of a call-control profile.

Platform:

ASR 5000

Product:

MME, SGSN


Privilege:

Security Administrator, Administrator


Syntax
[ no ] call-control-profile cc_profile_name
no

Deletes the Call-Control Profile instance from the configuration.

cc_profile_name

Specifies the name of the call-control profile. Enter an alphanumeric string of 1 through 64 characters.


Usage:

Use this command to create an instance of a call-control profile and to enter the call-control profile configuration mode. A call-control profile is a template which groups a set of call-handling instructions that may be applicable to one or more incoming calls. See the Call-Control Profile Configuration Mode Commands chapter for information regarding the definition of the rules contained within the profile and the use of the profile.

IMPORTANT:

A call-control profile is a key element of the Operator Policy feature and is only valid when associated with at least one operator policy.

To see what call-control profiles have already been created, return to the Exec mode and enter the show call-control-profile all command.


Example:
The following command creates a configuration instance of an call-control profile:
call-control-profile ccprof1
card

Enters the card configuration mode for the card specified.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
card number
number

Specifies the number of the card for which the card configuration mode is to be entered. number must be an integer from 1 through 48 (on the ASR 5000) or 1 through 20 (on the ASR 5500).


Usage:

Enter the configuration mode for a specific card when changes a required.

IMPORTANT:

This command is not supported on all platforms.


Example:
card 8
card-standby-priority

Configures the redundancy priorities for packet processing cards by specifying the slot number search order for a standby card when needed.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
card-standby-priority slot_num [ slot_num ] [ slot_num ] ...
slot_num

Specifies the slot of the card for the order of the standby cards. slot_num must be in the range from 1 through 16 excluding slots 8 and 9 (on the ASR 5000) or 1 through 10 excluding slots 5 and 6 (on the ASR 5500). slot_num may be repeated as many times as necessary to indicate the complete search order.


Usage:

Set the standby order of the redundant cards when multiple standby cards are available.

Questionable hardware should be placed lower in the priority list.

IMPORTANT:

This command replaces the pac-standby-priority command.

IMPORTANT:

This command is not supported on all platforms.


Example:
The following command configures the redundancy priority to use the standby cards in slots 16, 14, and 12 in that order:
card-standby-priority
16 14 12
cdr-multi-mode

This command enables multiple instances of CDRMOD, one per packet processing card.

Platform:

ASR 5000

Product:

ACS


Privilege:

Security Administrator, Administrator


Syntax
[ default ] cdr-multi-mode
default

Configures this command with its default setting.

Default: Single-CDRMOD mode


Usage:

Use this command to enable the multi-CDRMOD mode, wherein there will be one instance of CDRMOD per packet processing card. All the SessMgr instances that are running on a packet processing card will send the records to the CDRMOD instance running on that card.

By default, CDRMOD runs in single mode, wherein there will be only one instance of CDRMOD running for the entire chassis. All the SessMgr instances that are running on a packet processing card will send the records to the CDRMOD instance.

IMPORTANT:

For changes to this command to take effect, save the configuration and reboot the system.

IMPORTANT:

In multi-CDRMOD mode, you should enable hard-disk usage.

certificate

Configures and selects an X.509 Trusted Author certificate.

Platform:

ASR 5000

Product:

ACS

ePDG

FNG

PDG/TTG

PDIF

SCM (P-CSCF, A-BG)


Privilege:

Administrator, Security Administrator, Operator


Syntax
certificate name name pem { data pemdata | url url } private-key
pem { [ encrypted ] data pemdata | url url }
no certificate name name

no

Disables certificate.

name name

Names the certificate. name must be from 1 to 128 alphanumeric characters.

pem

Specifies that the Privacy-enhanced Electronic Mail (PEM) format is to be used.

data pemdata

Certificate/private key data in PEM format. pemdata must be an alphanumeric string of 1 through 4095 (certificate) or 1 through 8191 (private key) characters.

url url
URL of the file containing certificate/private key in PEM. url must be an existing URL expressed in one of the following formats:
  • [file:]{/flash | /pcmcia1 | /hd-raid}[/directory]/<filename
  • tftp://<host>[:<port>][/<directory>]/<filename
  • ftp://[<username>[:<password>]@]<host>[:<port>][/<directory>]/<filename
  • sftp://[<username>[:<password>]@]<host>[:<port>][/<directory>]/<filename
  • http://[<username>[:<password>]@]<host>[:<port>][/<directory>]/<filename

When read via a file, show configuration will not contain the URL reference, but instead outputs the data via data pemdata, such that the configuration file is self-contained.

private-key

Private key data.

encrypted

Encrypted private key data.

no

Removes the named certificate.


Usage:

A certificate authority or certification authority (CA) is an entity which issues digital certificates for use by other parties. It is an example of a trusted third party. CAs are characteristic of many public key infrastructure (PKI) schemes.

If CERT information is configured, the system will include the CERT payload in the first IKE_AUTH Response during the first authentication. The system stores its own certificate for use in the first AUTH calculation. MS will not have its own certificate from CA. Still, it will be capable of accepting a certificate from the system and verify AUTH.

The operator/administrator is responsible for configuring the certificates through the CLI. The system will generate an SNMP notification when the certificate is within 30 days of expiration, and then once a day.


Example:
Use the following command to remove a certificate named box1:
no certificate data box1
cli

Configures global Command Line Interface (CLI) parameters.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
cli { access { monitor-protocol | monitor-subscriber | show-configuration } { administrator | operator } } | configuration-monitor  | login-failure-delay
number | max-sessions number | operator clear-subscriber-one-only    | trap config-mode }no cli { configuration-monitor | hidden | login-failure-delay
number | max-sessions | operator clear-subscriber-one-only | trap
config-mode }default cli { access { monitor-protocol | monitor-subscriber | show-configuration } | configuration-monitor | login-failure-delay | max-sessions | operator
clear-subscriber-one-only | trap config-mode }
no

Removes the specified option.

default

Resets the keywords to their default values.

access { monitor-protocol | monitor-subscriber | show-configuration } { operator | administrator }

Sets access privileges on the monitor protocol and monitor subscriber commands:

monitor-protocol: Selects privileges for the monitor protocol command.

monitor-subscriber: Selects privileges for the monitor subscriber command.

show-configuration: Selects privileges for the show-configurationcommand. However the default access level for this command is the user with operator privileges.

operator: Sets the privileges for the selected command to allow use by users with operator privileges.

administrator: Restricts use of the selected command to administrators only.

login-failure-delay number

Specifies the time to wait before a login failure is returned and another login may be attempted. Default is five seconds.

max-sessions number

Sets the number of allowed simultaneous CLI sessions on the system. If this value is set to a number below the current number of open CLI sessions, the open sessions will continue until closed. number must be an integer from 2 through 100.

CAUTION:

Use caution when setting this command. Limiting simultaneous CLI sessions prevents authorized users from accessing the system if the maximum number allowed has been reached. The system already limits CLI sessions based on available resources. Additional limitation could have adverse effects.

operator clear-subscriber-one-only

Restricts Operator to clearing only one subscriber session at a time.

trap config-mode

Enables sending an SNMP notification (trap) when a CLI user enters the configuration mode.


Usage:

This command sets access parameters and enables several operational parameters for the system’s command line interface.


Example:
The following command sets the number of allowed simultaneous CLI sessions to 5.
cli max-sessions 5
The following command sets the command monitor protocol to administrator-only
cli access monitor-protocol administrator
clock

Configures system clock timezone and what local time zone to use.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
clock timezone tz [ local ]no clock timezone
no

Resets the system timezone to the system default UTC.

tz
Specifies the system time zone to use as one of:
  • america-buenos-aires (GMT-3:00; Buenos Aires)
  • america-caracas (GMT-4:00) Caracas
  • america-guatemala (GMT-6:00; Guatemala, Guatemala)
  • america-la_paz (GMT-4:00; La Paz)
  • america-lima (GMT-5:00; Lima, Peru)
  • america-puerto-rico (GMT-4:00; Puerto Rico)
  • america-sao-paulo (GMT -3:00; Brazil)
  • america-tijuana (GMT-8:00; Tijuana)
  • asia-almaty (GMT+6.00; Almaty, Kazakhstan)
  • asia-baghdad (GMT+3:00; Baghdad, Russia Zone 2, Kuwait, Nairobi, Riyadh, Moscow, Tehran)
  • asia-bangkok (GMT+7:00; Bangkok)
  • asia-calcutta (GMT+5:30; Calcutta, Mumbai, New Delhi)
  • asia-dhaka (GMT+6:00; Dhaka)
  • asia-hong-kong (GMT+8:00; Hong_Kong)
  • asia-irkutsk (GMT+9:30; Irkutsk)
  • asia-kabul (GMT+4:30; Kabul)
  • asia-karachi (GMT+5:00; Karachi)
  • asia-katmandu (GMT+5:45; Kathmandu)
  • asia-magadan (GMT+11:00; Magadan)
  • asia-muscat (GMT+4:00; Abu Dhabi, UAE, Muscat, Tblisi, Volgograd, Kabul)
  • asia-rangoon (GMT+6:30; Rangoon)
  • asia-seoul (GMT+9:00) Seoul
  • asia-tehran (GMT+3:30; Tehran)
  • asia-tokyo (GMT+9:00; Tokyo, Russia Zone 8)
  • atlantic-azores (GMT-2:00; Azores)
  • atlantic-cape-verde (GMT-1:00; Cape Verde Islands)
  • australia-perth (GMT+8:00) Perth
  • australia-darwin (GMT+9:30) Northern Territory - Alice Springs, Darwin, Uluru
  • australia-adelaide (GMT+9:30) Southern Territory - Adelaide
  • australia-melbourne (GMT+10:00) Victoria - Ballarat, Melbourne
  • australia-sydney (GMT+10:00) New South Wales - Newcastle, Sydney, Wollongong
  • australia-hobart (GMT+10:00) Tasmania - Hobart, Launceston
  • australia-brisbane (GMT+10:00) Queensland - Brisbane, Cairns, Toowoomba, Townsville
  • australia-lordhowe (GMT+10:30) Lord Howe Island
  • canada-newfoundland (GMT-3:30; Newfoundland)
  • canada-saskatchewan (GMT-6:00; Saskatchewan)
  • europe-central (GMT+1:00; Paris, Berlin, Amsterdam, Brussels, Vienna, Madrid, Rome, Bern, Stockholm, Oslo)
  • europe-dublin (GMT+0:00) Dublin, Ireland
  • europe-eastern (GMT+2:00; Russia Zone 1, Athens, Helsinki, Istanbul, Jerusalem, Harare)
  • newzealand-auckland (GMT +12:00; Auckland, Willington)
  • newzealand-chatham (GMT +12:45; Chatham)
  • nuku (GMT-13:00; Nuku'alofa)
  • pacific-fiji (GMT+12:00; Wellington, Fiji, Marshall Islands)
  • pacific-guam (GMT+10:00; Brisbane, Cairns, Sydney, Guam)
  • pacific-kwajalein (GMT-12:00; Kwajalein)
  • pacific-norfolk - (GMT+11:30) Norfolk Island
  • pacific-samoa (GMT-11:00; Samoa)
  • us-alaska (GMT-9:00; Alaska)
  • us-arizona (GMT-7:00; Arizona)
  • us-central (GMT-6:00; Chicago, Mexico City, Saint Louis)
  • us-eastern (GMT-5:00; Bogota, Lima, New York City)
  • us-hawaii (GMT-10:00; Hawaii)
  • us-indiana (GMT-6:00; Indiana)
  • us-mountain (GMT-7:00; Cheyenne, Denver, Las Vegas)
  • us-pacific (GMT-8:00) San Francisco, LA, Seattle
  • utc (GMT; Universal Time Coordinated: London, Dublin, Edinburgh, Lisbon, Reykjavik, Casablanca)
local

Indicates the timezone specified by tz is to be considered the local time zone for local time display and conversion.


Usage:

Clock and timezone management is necessary for proper accounting records. The chassis may be set to display a different local time than that of the system clock which allows accounting records to use the system time but to display the proper local time for users.


Example:
clock timezone utc 
clock timezone us-indiana local
no clock timezone
congestion-control overload-disconnect

This command enables and disables the policy for disconnecting passive calls (chassis-wide) during an overload situation. It also configures and fine-tunes the overload-disconnect congestion control policy for an entire chassis.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
congestion-control
overload-disconnect  [ iterations-per-stage integer | percent percentage_value | threshold { license-utilization percentage_value | max-sessions-per-service-utilization percentage_value | tolerance number } ]default congestion-control
overload-disconnect [ iterations-per-stage | percent | threshold { license-utilization | max-sessions-per-service-utilization | tolerance } ]no congestion-control
overload-disconnect
default

When “default” and one of the keywords is added to the command, the policy remains in its current state and the value for the specified keyword is reset to its default value.

When “default” and the command are entered without keywords, the overload-disconnect policy for congestion control is disabled.

no

Disables the overload-disconnect policy for congestion control.

iterations-per-stage integer

Specifies the number of calls to be disconnected during the defined number of seconds. integer is a value from 2 through 8. The default value is 8.

percent percentage_value

Specifies the percentage of calls to be disconnected, in stages, during an overload situation. percentage_value is an integer from 1 through 100. The default value is 5.

threshold

license-utilization: Specifies the license-utilization percentage threshold for overload situations. If candidates are available, passive calls are disconnected when this threshold is exceeded. percentage_value is an integer from 1 through 100. The default value is 80.

max-sessions-per-service-utilization: Specifies a percentage of the maximum sessions per service. If candidates are available, passive calls are disconnected when this threshold is exceeded. percentage_value is an integer from 1 through 100. The default value is 80.

tolerance:Specifies the percentage of calls the system disconnects below the values set for the other two thresholds. In either case, a Clear Traps message is sent after the number of calls goes below the corresponding threshold value. number is an integer from 1 through 25. The default value is 10.


Usage:

Use this command to set the policy for call disconnects when the chassis experiences call overload.

To verify the congestion-control configuration use show congestion-control configuration from the Exec mode.

To set overload-disconnect policies for individual subscribers., see overload-disconnect in Subscriber Configuration Mode Commands.


Example:
The following command sets an overload-disconnect policy for the chassis in which 5 calls would be disconnected very 5 seconds during an overload situation.
congestion-control
overload-disconnect interations-per-stage 5
Both of the following commands disable the overload-disconnect policy without changing the policy configuration.
default congestion-control
overload-disconnect
or
no congestion-control
overload-disconnect
To instruct the system to stop call disconnects when the number of calls goes down 85% of the total allowed calls for that service, enter both of the following commands to set the max-sessions-per-service-utilization value to 90% and the tolerance value to 5%:
congestion-control overload-disconnect threshold
max-sessions-per-service-utilization 90
congestion-control overload-disconnect threshold
tolerance 5
congestion-control policy

Configures congestion control policies.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
congestion-control
policy { asngw-service | asnpc-service | 
cscf-service | fng-service | ggsn-service | ha-service | hnbgw-service | hsgw-service | lma-service | lns-service | mipv6ha-service | pdg-service | pdif-service | pdsn-service | pdsnclosedrp-service | pgw-service | phsgw-service | phspc-service | sgsn-service | sgw-service } action { drop | none | redirect | reject }congestion-control policy
mme-service action { drop | none | reject | report-overload { permit-emergency-sessions | reject-new-sessions |  reject-non-emergency-sessions } enodeb-percentage percentage }default congestion-control
policy { asngw-service | asnpc-service | cscf-service | epdg-service | fng-service | ggsn-service | ha-service | hnbgw-service | hsgw-service | lma-service | lns-service | mipv6ha-service | mme-service | pdg-service | pdif-service | pdsn-service | pdsnclosedrp-service | pgw-service | phsgw-service | phspc-service | sgsn-service | sgw-service }
default

Specifies the Congestion Control policy action for the selected service to its default value.

asngw-service

Specifies the Congestion Control policy action for the ASN-GW service.

asnpc-service

Specifies the Congestion Control policy action for the ASN PC-LR service.

cscf-service

Specifies the Congestion Control policy action for the CSCF service.

fng-service

Specifies the Congestion Control policy action for the FNG service.

ggsn-service

Specifies the Congestion Control policy action for the GGSN service.

ha-service

Specifies the Congestion Control policy action for the HA service.

hnbgw-service

Specifies the Congestion Control policy action for the HNB-GW service.

Supported policy actions are:

  • drop: Specifies that the system should drop incoming packets containing new session requests.
  • none: Specifies that the system should take no action.
  • reject: Specifies that the system processes new session request messages and responds with a reject message.
lma-service

Specifies the Congestion Control policy action for the LMA service

lns-service

Specifies the Congestion Control policy action for the LNS service.

mipv6ha-service

Specifies the Congestion Control policy action for the MIPv6-HA service.

mme-service

Sets the congestion control policy for action to take when subscriber sessions exceeds the defined threshold limit.

For MME type of session/calls, redirect action is not supported.

pdg-service

Specifies the Congestion Control policy action for the PDG service.

pdif-service

Specifies the Congestion Control policy action for the PDIF service.

pdsn-service

Specifies the Congestion Control policy action for the PDSN service.

sgsn-service

Specifies the Congestion Control policy action for the SGSN service.

action { drop | none | redirect | reject }

Specifies the policy action:

  • drop: Specifies that the system should drop incoming packets containing new session requests. (PDSN, GGSN, ASN GW, LMA, MME, and ASN PC and HA only)
  • none: Specifies that the system should take no action. This is the default for PDIF-service.
  • redirect: Specifies that the system should redirect new session requests to an alternate device. (PDSN and HA only)

    IMPORTANT:

    If this option is used, the IP address of the alternate device must be configured using the policy overload redirect command that is part of the service configuration. Note that this option can not be used in conjunction with GGSN and MME services.

  • reject: Specifies that the system processes new session request messages and responds with a reject message. (For PDSN and HA, the reply code is 130, “insufficient resources”. For the GGSN, the reply code is 199, “no resources available”.)
report-overload { permit-emergency-sessions | reject-new-sessions | reject-non-emergency-sessions } enodeb-percentage percentage

IMPORTANT:

This set of keywords is supported only by the MME.

Enables the MME to report overload conditions to eNodeBs and take additional action to alleviate congestion situations.

permit-emergency-sessions: Specifies that only emergency sessions are allowed to access the MME during the overload period.

reject-new-sessions: Specifies that all new sessions destined for the MME will be rejected during the overload period.

reject-non-emergency-sessions: Specifies that all non-emergency sessions will be rejected during the overload period.

enodeb-percentage percentage: Configures the percentage of known eNodeBs that will receive the overload report. percentage must be an integer from 1 to 100.


Usage:

Congestion policies can be configured for each service. When congestion control functionality is enabled, these policies dictate how services respond should the system detect that a congestion condition threshold has been crossed.


Example:
The following command configures a congestion control policy of reject for PDSN services:
congestion-control
policy pdsn-service action reject
The following command configures a congestion control policy of reject for MME services:
congestion-control
policy mme-service action reject
congestion-control threshold

Configures the congestion control threshold values that are to be monitored.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
congestion-control
threshold { license-utilization percent | max-sessions-per-service-utilization percent |  message-queue-utilization percent |  message-queue-wait-time time | port-rx-utilization percent | port-specific { slot/port | all } [ tx-utilization percent ] [ rx-utilization percent ]port-specific-rx-utilization critical | port-specific-tx-utilization critical   | port-tx-utilization percent |  service-control-cpu-utilization percent | system-cpu-utilization percent | system-memory-utilization percent | tolerance percent }default congestion-control
threshold { license-utilization | max-sessions-per-service-utilization | message-queue-utilization | message-queue-wait-time | port-rx-utilization | port-specific | tx-utilization | rx-utilization | port-tx-utilization | service-control-cpu-utilization | system-cpu-utilization | system-memory-utilization | tolerance }no congestion-control
threshold port-specific { slot/port | all }no congestion-control
threshold port-specific { slot/port | all } [ rx-utilization percent ] [ tx-utilization percent ]no congestion-control
threshold port-specific-rx-utilization criticalno congestion-control
threshold port-specific-tx-utilization criticalno congestion-control
threshold { message-queue-utilization | message-queue-wait-time | port-rx-utilization percent | port-tx-utilization
percent | service-control-cpu-utilization | system-cpu-utilization | system-memory-utilization }
default congestion-control threshold keyword

Sets the threshold keyword to its default value.

no congestion-control threshold port-specific { slot/port | all }

This command disables port specific threshold monitoring on the specified port or on all ports.

slot/port: Specifies the port for which port specific threshold monitoring is being configured. The slot and port must refer to an installed card and port.

all: Set port specific threshold monitoring for all ports on all cards.

no congestion-control threshold port-specific-rx-utilization critical

This command disables specific receive port utilization.

no congestion-control threshold port-specific-tx-utilization critical

This command disables specific transmit port utilization.

license-utilization percent

Default: 100

The percent utilization of licensed session capacity as measured in 10 second intervals.

percent can be configured to any integer value from 0 to 100.

max-sessions-per-service-utilization percent

Default: 80

The percent utilization of the maximum sessions allowed per service as measured in real-time. This threshold is based on the maximum number of sessions or PDP contexts configured for the a particular service. (Refer to the bind command for the PDSN, GGSN, SGSN, or HA services.)

percent can be an integer from 0 through 100.

message-queue-utilization percent

Default: 80

The percent utilization of the Demux Manager software task’s message queue as measured in 10 second intervals. The queue is capable of storing a maximum of 10000 messages.

percent can be an integer from 0 through 100.

message-queue-wait-time time

Default: 5

The maximum time (in seconds) messages can be held in queue as measured by packet time stamps.

time is measured in seconds and can be an integer from 1 through 30.

IMPORTANT:

In the event that this threshold is crossed, an SNMP trap is not triggered. The service congestion policy invocation resulting from the crossing of this threshold is enforced only for the packet that triggered the action.

[ no ] port-rx-utilization percent

Default: 80

The average percent utilization of port resources for all ports by received data as measured in 5-minute intervals.

percent can be an integer from 0 through 100.

[ no ] port-specific { slot/port | all } [ rx-utilization percent ] [ tx-utilization percent]

Default: Disabled

Sets port-specific thresholds. If you set port-specific thresholds, when any individual port-specific threshold is reached, congestion control is applied system-wide.

slot/port: Specifies the port for which port-specific threshold monitoring is being configured. The slot and port must refer to an installed card and port.

all: Set port specific threshold monitoring for all ports on all cards.

rx-utilization percent: Default 80%. The average percent utilization of port resources for the specified port by received data as measured in 5-minute intervals. percent must an integer from 0 through 100.

tx-utilization percent: Default 80%. The average percent utilization of port resources for the specified port by transmitted data as measured in 5-minute intervals. percent must be an integer from 0 through 100.

[ no ] port-tx-utilization percent

Default: 80

The average percent utilization of port resources for all ports by transmitted data as measured in 5-minute intervals.

percent can be an integer from 0 through 100.

service-control-cpu-utilization percent

Default: 80

The average percent utilization of CPUs on which a Demux Manager software task instance is running as measured in 10-second intervals.

percent can be an integer from 0 through 100.

system-cpu-utilization percent

Default: 80

The average percent utilization for all PSC/PSC2 CPUs available to the system as measured in 10-second intervals.

percent can be an integer from 0 through 100.

This threshold setting can be disabled with no congestion-control threshold system-cpu-utilization command. In case later you want to enable the same threshold setting congestion-control threshold system-cpu-utilization command will enable the CPU utilization threshold to preconfigured level.

system-memory-utilization percent

Default: 80

The average percent utilization of all CPU memory available to the system as measured in 10-second intervals.

percent can be an integer from 0 through 100.

tolerance percent

Default: 10

The percentage under a configured threshold that dictates the point at which the condition is cleared.

percent can be an integer from 0 through 100.


Usage:

Thresholds dictate the conditions for which congestion control is to be enabled and establish limits for defining the state of the system (congested or clear). These thresholds function in a similar fashion to the operation thresholds that can be configured for the system (as described in later in this chapter). The primary difference is that when these thresholds are reached, not only is an SNMP trap generated (starCongestion), but a service congestion policy is invoked as well.

The tolerance parameter establishes the threshold at which the condition is cleared. An SNMP trap (starCongestionClear) is generated for the clear condition, as well.

IMPORTANT:

The MME (version 14.0 and higher) supports three levels of thresholds – critical, major and minor – for each condition. Refer to the congestion-control threshold commands immediately following this command for information specific to the MME.


Example:
The following command configures a system CPU utilization threshold of 75%.
congestion-control threshold
system-cpu-utilization 75

This setting will remain in configuration unless you specify another threshold value in place of 75. This threshold setting can be disabled with no congestion-control threshold system-cpu-utilization command but cannot be removed from configuration. Later if you want to enable the previously configured threshold value of 75 percent, you only need to enter the congestion-control threshold system-cpu-utilization command without specifying any threshold value. It will enable the CPU utilization threshold to preconfigured level of 75 percent.

For example, no congestion-control threshold system-cpu-utilization disables the configured threshold setting and congestion-control threshold system-cpu-utilization again enables the threshold setting of 75%.

The following command configures a threshold tolerance of 5%:
congestion-control threshold
license-utilization tolerance 5

In the above examples, the starCongestion trap gets triggered if the license utilization goes above 75% and the starCongestionClear trap gets triggered if it reaches or goes below 70%.

content-filtering category database directory

This command configures the base directory to be used for storing all content-rating databases that are required for Category-based Content Filtering application.

Platform:

ASR 5000

Product:

CF


Privilege:

Security Administrator, Administrator


Syntax
content-filtering
category database directory path directory_pathdefault content-filtering
category database directory path
default

Specifies the default base directory and directory path for Category-based Content Filtering application.

directory_path

Default: /pcmcia1/cf

Specifies the base directory and its path to store all of the full or incremental content rating databases for the Category-based Content Filtering application.

directory_path must be an alphanumeric string of 1 through 255 characters.


Usage:

Use this command to specify the directory and its path to download all full or incremental category-rating databases to be used for the Category-based Content Filtering application.

Merging of incremental database can be done as part of the database upgrade process preformed with upgrade content-filtering category database command in the Executive Mode.


Example:
The following command configures the /flash/cf_temp/DB as the base directory to download all full and incremental content-rating databases for content filtering application.
content-filtering
category database directory path /flash/cf_temp/DB
content-filtering category database max-versions

This command configures the number of full content-rating databases to maintain/archive in the base directory for category-based content filtering application.

Platform:

ASR 5000

Product:

CF


Privilege:

Security Administrator, Administrator


Syntax
content-filtering
category database max-versions num_archivedefault content-filtering
category database max-versions
default

Sets the default number of full databases for specified directory path/location.

num_archive

Default: 2

Specifies the maximum number of database to be archived or maintained in the specific location.

num_archive must be an integer from 1 through 3.


Usage:

Use this command to set the number of full content-rating database to be maintained in the specified directory path with the base file name specified using the content-filtering database override file command. The specified directory path is the location specified using the content-filtering category database directory path command.


Example:
The following command configures the system to maintain 3 full content-rating databases for category-based content filtering application.
content-filtering
category database max-versions 3
content-filtering category database override

This command specifies the name of a file to be used by the category-rating database load process for category-based content filtering application.

Platform:

ASR 5000

Product:

CF


Privilege:

Security Administrator, Administrator


Syntax
content-filtering
category database override file file_name.extensiondefault content-filtering
category database override file
default

Sets the default content rating database file name; for example, optcmd.bin.

file file_name.extension

Specifies the header of the file in the database directory path location to determine the newest full database.

file_name must be an alphanumeric string of up to 10 characters with an extension of 3 characters after a period (.) as extension.


Usage:

Use this command to configure the category-rating database file name to determine the newest version of full database. A process called “LOAD_DATABASE” invokes during the system startup or the database upgrade process by upgrade content-filtering category database command in Executive Mode. This process examines the header of each of the files in the database folder specified by content-filtering category directory path command in this mode.

Note that by default system examines the header of those files only which begins with the string “OPTCMDB” and having extension “.bin”.


Example:
The following command configures the system to examine the header of files that begins with CF_sta.DB only for content filtering application.
content-filtering category
database override file CF_sta.DB
context

Enters the Context Configuration mode or is used to add or remove a specified context.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
context name [ -noconfirm ]no context name
no

Removes the specified context from the configuration.

name

Specifies the name of a context to enter, add, or remove. When creating a new context, the context name must be unique.

IMPORTANT:

When creating a new context, the context name specified must not conflict with the name of any existing context or domain names.

-noconfirm

Indicates that the command is to execute without any additional prompt and confirmation from the user.


Usage:

Configure contexts or remove obsolete contexts.

IMPORTANT:

A maximum of 64 contexts may be created.


Example:
context sampleContext
no context sampleContext
crash enable

Enables or disables the copying of crash data to a specified location.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
crash enable [ encrypted ] url crash_url [ filename-pattern pattern ] [ restrict mbyte ]no crash enable
no

Removes the specified context from the configuration.

IMPORTANT:

System crash information is generated and stored in the crash list even when the no keyword is specified. The information maintained in the crash lists is minimal crash information when the no keyword has been specified.

encrypted

Indicates that the URL encrypted for security reasons.

filename-pattern pattern
The filename-pattern is a an alphanumeric string containing any or all of the following variables:
  • %hostname% - The system hostname.
  • %ip% - A SPIO IP address
  • %cpu% - CPU number
  • %card% - Card number
  • %time% - POSIX timestamp in hexadecimal notation
  • %filename% - Alias for crash-%card%-%cpu%-%time-core%
  • %% - A single % sign

If no pattern is specified, the result is the same as the pattern filename.

Use '/' characters in the filename pattern part to store crashes in per-system subdirectories.

url crash_url

Specifies the location to store crash files. crash_url may refer to a local or a remote file. crash_url must be entered using the following format:

For the ASR 5000:
  • [ file: ]{/flash|/pcmcia1|/hd}[/directory]/
  • tftp://{host[:port#]}[/directory]/
  • [ ftp: | sftp: ]//[username[:password]@] {host}[:port#][/directory]/

IMPORTANT:

Use of the SMC hard drive is not supported in this release.

IMPORTANT:

Do not use the following characters when entering a string for the field names below: “/” (forward slash), “:” (colon) or “@” (at sign).

directory is the directory name.

filename is the actual file of interest.

username is the user to be authenticated.

password is the password to use for authentication.

host is the IP address or host name of the server.

port# is the logical port number that the communication protocol is to use.

restrict mbyte

Specifies a maximum amount of memory (in megabytes) to use for storing crash files as an integer from 1 through 128. Default: 128

The restrict keyword is only applicable to local URLs.


Usage:

Enable crashes if there are systems that are not stable and the crash information will be useful for trouble shooting. The remote storage of the crash file reduces the memory utilized on the chassis.


Example:
crash enable ftp://remoteABC/pub/crash.dmp
crash enable /flash/pub/data/crash.dmp
restrict 64
no crash enable
cs-network

This command creates/removes an HNB-CS network configuration instance for Femto UMTS access over Iu-CS/Iu-Flex interface between Home NodeB Gateway (HNB-GW) service and CS networks elements; i.e. MSC/VLR. This command also configures an existing HNB-CS network instance and enters the HNB-CS Network Configuration mode on a system.

Platform:

ASR 5000

Product:

HNB-GW


Privilege:

Administrator


Syntax
cs-network cs_instance [ -noconfirm ]
no cs-network cs_instance
no

Removes the specified HNB-CS network instance from the system.

CAUTION:

Removing the HNB-CS network instance is a disruptive operation and it will affect all UEs accessing MSC(s) configured in specific CS core network through the HNB-GW service.

CAUTION:

If any HNB-CS Network instance is removed from system all parameters configured in that mode will be deleted and Iu-CS/Iu-Flex interface will be disabled.

cs_instance

Specifies the name of the Circuit Switched Core Networks instance which needs to be associated with the HNB Radio Network PLMN via the HNB RN-PLMN Configuration mode. If cs_instance does not refer to an existing HNB-PS network instance, the new HNB-CS network instance is created.

cs_instance must be an alphanumeric string of 1 through 63 characters.

-noconfirm

Indicates that the command is to execute without any additional prompt and confirmation from the user.


Usage:

Use this command to enter the HNB-CS Network Configuration mode for an existing CS network instance or for a newly defined HNB-CS network instance. This command is also used to remove an existing HNB-CS network instance.

This configuration enables/disables the Iu-CS/Iu-Flex interface on HNB-GW service with CS core network elements; i.e. MSC/VLR.

A maximum of one HNB-CS network instance per HNB-GW service instance which is further limited to a maximum of 256 services (regardless of type) can be configured per system.

CAUTION:

This is a critical configuration. The HNBs cannot access MSC(s) in CS core network without this configuration. Any change to this configuration would lead to disruption in HNB access to CS core network.

Entering this command results in the following prompt:
[context_name]hostname(config-cs-network)#

The various parameters available for configuration of an HNB-CS network instance are defined in the HNB-CS Network Configuration Mode Commands chapter.


Example:
The following command enters the existing HNB-CS Network configuration mode (or creates it if it does not already exist) for the instance named hnb-cs1:
cs-network hnb-cs1
The following command will remove HNB-CS network instance hnb-cs1 from the system without any warning to operator:
no cs-network hnb-cs1
css acsmgr-selection-attempts

This is a restricted command. In 9.0 and later releases this command is obsolete.

css delivery-sequence

This is a restricted command. In 9.0 and later releases this command is obsolete.

css service

This is a restricted command. In 9.0 and later releases this command is obsolete.

default

Restores the system default values for the specified parameters.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
default { aaa { accounting-overload-protection
 domain-matching | usrname-format } | arp
base-reachable-time |autoconfirm | banner [ lawful-intercept | motd | pre-login ] | boot [ delay | interface | nameserver | networkconfig ] | bulkstats
historical collection | card-standby-priority | cdr-multi-mode | clock
timezone | cli max-sessions | congestion-control [ overload-disconnect | policy | threshold } | diameter-proxy
ram-disk | enforce { imsi-min equivalence | ip
optimize-ipid-assignment } | gtpp { compression-processes | ram-disk-limit } | high-availability
fault-detection speed | local-user { allow-aaa-authentication | lockout-time | max-failed-logins } | logging { display | filter
runtime } | network-overload-protection | operational-mode | pac-standby-priority | qos
npu inter-subscriber traffic { bandwidth | priority [ assigned-to
dscp { af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | be | ef } ] } | require { cipher ssl
resource-percentage | demux card | session recovery } | reveal
disabled commands | snmp { engine-id | heartbeat | history
heartbeat | notif-threshold } | system { contact | description | hostname | location | serial-number } | system-mac | system-priority | task { facility
sessmgr start | resource cpu-memory-low } | terminal { all | databits | flowcontrol | parity | speed | stopbits }| threshold { value } | timestamps | upgrade
limit [ time ] [ usage] }
aaa { accounting-overload-protection domain-matching | usrname-format }
Restores the aaa behavior to its default of disabled for the following options:
  • accounting-overload-protection: Disables OverLoad Protection Policy for Accounting Requests.
  • domain-matching: Restores the default domain matching method.
  • username-format: Restores the use of the default username format for global AAA services
arp base-reachable-time

Restores ARP base-reachable-time to 30 seconds.

autoconfirm

Restores the autoconfirm behavior to its default of disabled.

banner

lawful-intercept - Restores the system default message of the day for SSH CLI sessions.

motd - Restores the system default message of the day banner.

pre-login - Restores the CLI log in banner to the system default.

boot [ delay | interface | nameserver | networkconfig ]

interface | networkconfig - Restores the default boot interface and network configuration options. The keywords interface and networkconfig are used to restore the default option settings for the interface and network configuration options, respectively.

Defaulting the network configuration boot option removes the network boot option from the boot.sys file. It does not remove the network config options from the configuration file which is managed separately from the boot.sys file.

delay - Removes the boot delay setting (if any). The default for boot delay is “no boot delay”.

nameserver - Removes the nameserver IP address.

card-standby-priority

Resets the standby priority of the Packet Services Cards.

cdr-multi-mode

Restores the default value of this command to Single-CDRMOD mode.

cli max-sessions

Restores the default value of this command to no cli max-sessions which removes the limit on the number of allowed simultaneous CLI sessions on the system.

clock-timezone

Restores the system’s clock timezone to UTC.

congestion-control [ overload-disconnect | policy | threshold ]

Restores the system’s congestion-control functionality to its default setting of disabled. You can selectively restore other components to their default values.

diameter-proxy ram-disk

Restores the ram-disk size to 32MB.

enforce { imsi-min equivalence | ip optimize-ipid-assignment }

Disables the enforcement of either option.

gtpp { compression-process | ram-disk-limit }

Restores number of compression processes allowed to 1.

Restores the RAM disk size to 32MB.

high-availability fault-detection speed

Restores speed to Norma1.

local-user { allow-aaa-authentication | lockout-time | max-failed-logins }

Enables aaa-authentication.

Restores lock-time to 60 minutes.

Restores max-failed-logins to 5.

logging {display | filter runtime}

display: sets the default level of detail to display for trace log information to the system default.

filter runtime: resets the filtering of logged information to log in real time.

network-overload-protection

For SGSN, disables this attach rate throttle feature that provides network overload protection.

operational-mode

Sets the operational mode of the chassis to the system default.

pac-standby-priority

This parameter has been replaced by the card-standby-priority keyword.

qos npu inter-subscriber traffic {bandwidth | priority [ assigned-to dscp { af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | be | ef } ] }
Restores the following NPU QoS parameters to their default values:
  • bandwidth:
  • gold: 10%
  • silver: 20%
  • bronze: 30%
  • best-effort: 40%
  • priority: All DSCP values are mapped to the best-effort priority queue but are not configured.
require { cipher ssl resource-percentage | demux card | session recovery }

Resets the cipher ssl resource-percentage to 0.

Disables the demux capabilities on the demux card.

Disables the session recovery featured.

snmp { engine-id | heartbeat | history heartbeat |notif-threshold }

engine-id: Restores the SNMP engine ID to the system default.

heartbeat: Restores the SNMP heartbeat interval to 60 minutes.

history heartbeat: Reenables the recording of heartbeat notifications in SNMP history.

notif-threshold: Restores the SNMP notification thresholds to the system defaults.

system { contact | description | hostname | location | serial-number }
Sets the following system parameters to their default values:
  • contact: Resets to none specified.
  • description: Resets to none specified.
  • hostname: Resets to “asr5000” or asr5500”.
  • location: Resets tro none specified.
  • serial-number: Reses to factory default.
system-mac hostname

Resets the system MAC address to the factory default value.

system-priority hostname

Resets the system priority to its default value.

task { facility sessmgr start | resource cpu-memory-low }

facility sessmgr start: Restores the default session manager start policy to Normal.

resource cpu-memory-low: Resets the system so that when a CPU runs very low on memory (below 12MB) the most over-limit task is killed.

terminal { all | databits | flowcontrol | parity | speed | stopbits }

all: Restores all terminal parameters to their default values.

databits: Resets to 8 data bits.

flowcontrol: Resets to none.

parity: Resets to none.

speed: Resets 9600 bits/second.

stopbits: Resets to one stop bit.

threshold { value }
Restores thresholding values to their default setting. The possible values are:
  • 10sec-cpu-utilization: CPU utilization using a 10 sec average.
  • aaa-acct-archive-queue-size<1..3>: AAA accounting archive queue threshold settings.
  • aaa-acct-archive-size: AAA accounting archive size.
  • aaa-acct-failure: AAA accounting failure threshold settings
  • aaa-acct-failure-rate: AAA accounting failure rate threshold settings
  • aaa-auth-failure: AAA authentication failure threshold settings
  • aaa-auth-failure-rate: AAA authentication failure rate threshold settings
  • aaa-retry-rate: AAA retry rate threshold settings
  • aaamgr-request-queue: AAA manager internal request queue threshold settings
  • asngw-auth-failure: ASN-GW Auth Failure related threshold
  • asngw-handoff-denial: ASN-GW handoff denial threshold
  • asngw-max-eap-retry: ASN-GW maximum EAP retry threshold
  • asngw-network-entry-denial: ASN-GW Network entry denial threshold
  • asngw-session-setup-timeout: ASN-GW session setup timeout threshold
  • asngw-session-timeout: ASN-GW session timeout threshold
  • asnpc-idle-mode-timeout: ASN-PC idle mode timeout threshold
  • asnpc-im-entry-denial: ASN-PC IM entry denial threshold
  • asnpc-lu-denial: ASN-PC lu denial threshold
  • asnpc-session-setup-timeout: ASN-PC session setup timeout threshold
  • bgp-routes: bgp routes threshold
  • call-reject-no-resource: Calls rejected due to no resources threshold settings
  • call-setup: Calls setup threshold settings
  • call-setup-failure: Call setup failure threshold settings
  • card-temperature-near-power-off-limit: Threshold for the gap between the current card temperature and the power off limit
  • cdr-file-space: CDR file space threshold
  • contfilt-block: Content Filtering Blocks threshold settings
  • contfilt-rating: Content Filtering Ratings threshold settings
  • cpu-available-memory: CPU available memory threshold settings
  • cpu-load: PSC/PSC2 CPU load (5-minute average)
  • cpu-memory-usage: Percentage of total CPU memory usage
  • cpu-orbs-critical: ORBs process CPU usage critical level
  • cpu-orbs-warn: PORBs process CPU usage warning level
  • cpu-session-throughput: CPU session throughput threshold settings
  • cpu-utilization: CPU utilization threshold settings
  • dcca-bad-answers: Diameter Bad Answers threshold settings
  • dcca-protocol-error: Diameter Protocol Error threshold settings
  • dcca-rating-failed: Diameter Rating Failed threshold settings
  • dcca-unknown-rating-group: Diameter Unknown Rating Group threshold settings
  • diameter: Diameter threshold settings
  • dns-learnt-ip-max-entries: DNS IP maximum entries threshold
  • dns-lookup-failure: DNS Lookup Failure threshold
  • edr-file-space: EDR file space threshold
  • edr-udr-dropped-flow-control: EDR-UDRs Dropped due to flow control
  • fng-current-active-sessions: Femto Network Gateway (FNG) current active sessions threshold
  • fng-current-sessions: FNG current sessions threshold
  • fw-deny-rule: Stateful Firewall Deny Rule threshold
  • fw-dos-attack: Stateful Firewall Dos-Attacks threshold
  • fw-drop-packet: Stateful Firewall Drop Packets threshold
  • fw-no-rule: Stateful Firewall No-Rule threshold
  • license: Session license threshold settings
  • mgmt-cpu-memory-usage: Management (SMC) CPU memory usage threshold
  • mgmt-cpu-utilization: Management (SMC) CPU utilization threshold (most recent 5-minute average)
  • mme-attach-failure: MME Attach Failure related threshold
  • mme-auth-failure: MME Auth Failure related threshold
  • model: Thresholding model settings
  • monitoring: Threshold monitoring configuration settings
  • nat-port-chunks-usage: Port chunk utilization threshold
  • npu-utilization: NPU utilization threshold (most recent 5-minute average)
  • packets-filtered-dropped: Filtered/dropped packet threshold settings
  • packets-forwarded-to-cpu: Forwarded packet threshold settings
  • pdg-current-active-sessions:PDG current active sessions threshold
  • pdg-current-sessions: PDG current sessions threshold
  • pdif-current-active-sessions: Threshold monitoring for only the currently-active PDIF sessions.
  • pdif-current-sessions: Threshold monitoring for all current PDIF sessions.
  • per-service-asngw-sessions: The number of sessions per ASN-GW service
  • per-service-ggsn-sessions: The number of GGSN sessions per GGSN service
  • per-service-gprs-pdp-sessions: The number of PDP contexts per GPRS service
  • per-service-gprs-sessions: The number of GPRS sessions per GPRS service
  • per-service-ha-sessions: The number of HA sessions per HA service
  • per-service-lns-sessions: The number of LNS sessions per LNS service
  • per-service-pdsn-sessions: The number of PDSN sessions per PDSN service
  • per-service-sgsn-pdp-sessions: The number of PDP contexts per SGSN service
  • per-service-sgsn-sessions: The number of SGSN sessions per SGSN service
  • phsgw-eapol-auth-failure: Personal Handy Phone Gateway (PHSGW) EAPOL authentication failure threshold
  • phsgw-handoff-denial: PHSGW handoff denial threshold
  • phsgw-max-eap-retry: PHSGW maximum EAP retry threshold
  • phsgw-max-eapol-retry: PHSGW max EAPOL retry threshold
  • phsgw-network-entry-denial: PHSGW Network entry denial threshold
  • phsgw-session-setup-timeout: PHSGW session setup timeout threshold
  • phsgw-session-timeout: PHSGW session timeout threshold
  • phspc-session-setup-timeout: PHSPC session setup timeout threshold
  • phspc-sleep-mode-timeout: PHSPC sleep mode timeout threshold
  • phspc-sm-entry-denial: PHSPC sm entry denial threshold
  • poll: Threshold polling interval configuration settings
  • ppp-setup-fail-rate: PPP setup failure rate threshold
  • rp-setup-fail-rate: RP setup failure rate threshold
  • storage-utilization: Mass storage (flash memory) utilization
  • subscriber: subscriber related thresholds
  • system-capacity: Percentage usage of system resources
  • total-asngw-sessions: Total ASN-GW sessions threshold
  • total-ggsn-sessions: Total GGSN sessions for all GGSN services in the system
  • total-gprs-pdp-sessions: Total PDP contexts for all GPRS services in the system
  • total-gprs-sessions: Total GPRS sessions per for all GPRS services in the system
  • total-ha-sessions: Total HA sessions for all HA services in the system
  • total-hnbgw-hnb-sessions: Total 3G Home NodeBGateway (HNBGW) HNB sessions for all HNB services in the system
  • total-hnbgw-iu-sessions: Total HNBGW Iu sessions in the system
  • total-hnbgw-ue-sessions: Total HNBGW UE sessions in the system
  • total-hsgw-sessions: Total HRPD Serving Gateway (HSGW) sessions for all HSGW services in the system
  • total-lma-sessions: Total Local Mobility Anchor (LMA) sessions for all LMA services in the system
  • total-lns-sessions: Total L2TP Network Server (LNS) sessions for all LNS services in the system
  • total-mme-sessions: Total Mobility Management Entity (MME) sessions for all MME services in the system
  • total-pdsn-sessions: Total PDSN sessions for all PDSN services in the system
  • total-pgw-sessions: Total Packet Data Network Gateway (PGW) sessions for all PGW services in the system
  • total-saegw-sessions: Total PDP contexts for all SAEGW services in the system
  • total-sgsn-pdp-sessions: Total PDP contexts for all SGSN services in the system
  • total-sgsn-sessions: Total SGSN sessions for all SGSN services in the system
  • total-sgw-sessions: Total Serving gateway (SGW) sessions for all SGW services in the system
  • tpo-dns-failure: Traffic Performance Optimization (TPO) DNS FAILURE threshold
  • tpo-low-compression-gain: TPO LOW compression gain threshold
  • tpo-rto-timeout: TPO retransmission timeout (RTO) threshold
timestamps

Resets the inclusion of timestamps in command.

upgrade limit [ time ] [ usage ]

Sets upgrade limit values to the defaults. If the optional keywords are not specified all values are reset to their defaults.

time: Resets the maximum time a session may exist during a software upgrade to the default of 120.

usage: Resets the minimum number of sessions before closing the sessions during a software upgrade to the system default of 100.


Usage:

Restore system defaults to aid in trouble shooting or just prior to modifying additional configuration options.


Example:
default banner motd
default boot
default logging display
default system hostname
default upgrade limit time
diameter-proxy ram-disk

This command configures the amount of extra RAM disk space in MB to be allocated to Diamproxy task when local storage (hard disk) is enabled.

Platform:

ASR 5000

Product:

HSGW, P-GW, S-GW


Privilege:

Security Administrator, Administrator


Syntax
diameter-proxy ram-disk
mb space_mbdefault diameter-proxy
ram-disk mb
default

Configures the default setting.

Default: 32 MB

mb space_mb

Specifies the storage space in MB.

space_mb must be an integer from 10 through 256.


Usage:

Specifies the additional storage space to be allocated to Diamproxy for file write, in MB. The specified memory in MB is added to the existing memory allocated to Diamproxy only if HDD storage is enabled. By default, 32 MB is additionally allocated.


Example:
The following command specifies that 100 MB of additional storage space be allocated to the Diamproxy task:
diameter-proxy ram-disk
mb 100
end

Exits the current configuration mode and returns to the Exec mode.

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
end

Usage:

Use this command to return to the Exec mode.

enforce imsi-min equivalence

Enables the PDSN/HA to treat IMSI and MIN as the same for identifying the PDSN/HA session.

Platform:

ASR 5000

Product:

PDSN, HA


Privilege:

Security Administrator, Administrator


Syntax
[ no | default ] enforce
imsi-min equivalence
default

Returns the command to its default setting of disabled.

no

Disables the PDSN/HA from treating IMSI and MIN as the same for identifying the PDSN/HA session.


Usage:

Generally on an HA, the IMSI and MIN are treated as different and hence the RRQs with 1x and DO PDSNs are processed as different sessions. You can use this feature to treat the IMSI and MIN with the matching lower 10-digit as the same for identifying a session. The 10-digit MIN and the 15-digit IMSI are treated as equivalent for the purpose of matching sessions if the lower 10 digits are the same. Any handoff from 1x to DO or vice-versa is treated as the same session if the NAI and HoA also match. If the NAI and/or HoA do not match, then the duplicate IMSI session detect and terminate feature is applicable.

Generally on a PDSN, the IMSI and MIN are treated as different and hence RP messages from 1x and DO PDSNs are processed as different sessions. You can use this feature to treat the IMSI and MIN with the matching lower 10-digit as the same for identifying a session. The 10-digit MIN and the 15-digit IMSI are treated as equivalent for the purpose of matching PDSN sessions if the lower 10 digits are the same. Any handoff from 1x to DO or vice-versa is treated as the same session.


Example:

To monitor or clear subscriber session information filtered by on IMSI/MIN refer to the show subscribers msid command.

IMPORTANT:

This command must be executed at startup only and will not take effect when reconfigured without rebooting.


Example:
The following command enables the treatment of the IMSI and MIN as the same for identifying the session:
enforce imsi-min equivalence
Either of the following commands disables the treatment of the IMSI and MIN as the same for identifying sessions:
no enforce imsi-min equivalence
default enforce imsi-min equivalence
exit

Exits the current mode and returns to the parent configuration mode.

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
exit

Usage:

Use this command to return to the parent configuration mode.

fa-spi-list

Replaces a duplicate Foreign Agent- Security Parameter Index (FA-SPI) remote address list applied to multiple FA services with a list name.

Platform:

ASR 5000

Product:

PDSN, FA


Privilege:

Security Administrator, Administrator


Syntax
fa-spi-list fa_spi_list
fa_spi_list

Remote address list name expressed as an alphanumeric string of 1 through 64 characters.


Usage:

Use this command to Replace duplicate FA-SPI remote address list applied to multiple FA or HA services with a list name.


Example:
The following command configures the list FA SPI list to fa-list2:
fa-spi-list fa-list2
global-title-translation address-map

Creates an instance of a Global Title Translation (GTT) address-map, a database, for global titles (ISDN-type address) used for SCCP routing. Upon creating the instance, the system enters global title translation address-map configuration mode. For the commands to configure the database, go to the Global Title Translation Address-Map Configuration Mode Commands chapter.

Platform:

ASR 5000

Product:

SGSN


Privilege:

Security Administrator, Administrator


Syntax
global-title-translation
address-map instance instanceno global-title-translation
address-map instance instance
no

Removes the specified GTT address-map database from the SCCP portion of the configuration.

instance

This value uniquely identifies a specific instance of a GTT address-map.

instance must be an integer from 1 through 4096.


Usage:

Create a GTT address-map with a unique identifier and enter the GTT address-map configuration mode.


Example:
global-title-translation
address-map instance 324
global-title-translation association

Creates an instance of a Global Title Translation (GTT) association which defines the rules for handling global title translation. Upon creating the instance, the system enters global title translation association configuration mode. For the commands to configure the rules, go to the Global Title Translation Association Configuration Mode Commands chapter.

Platform:

ASR 5000

Product:

SGSN


Privilege:

Security Administrator, Administrator


Syntax
global-title-translation
association instance  instanceno global-title-translation
association instance  instance
no

Removes the specified instance of a GTT association from the SCCP portion of the configuration.

instance

This value uniquely identifies a specific instance of a GTT association.

instance must be an integer from 1 through 16.


Usage:

Create a GTT association with a unique identifier and enter the GTT association configuration mode.


Example:
global-title-translation
association instance 2
gtpp compression-process

This command configures the maximum number of child compression processes that AAA proxy can have.

Platform:

ASR 5000

Product:

GGSN, SGSN


Privilege:

Security Administrator, Administrator


Syntax
gtpp compression-process max_numberdefault gtpp compression-process
default

Restores the system to the default settings for the number of child compression processes allowed.

max_number

Specifies the maximum number of child processes. The default is 1

max_number: must be an integer from 1 through 4.


Usage:

This command configures the maximum number of child compression processes that AAA proxy can have only if hard disk storage is enabled.


Example:
gtpp compression-process 3
gtpp ram-disk-limit

This command configures additional storage space to be allocated for writing files.

Platform:

ASR 5000

Product:

GGSN, SGSN


Privilege:

Security Administrator, Administrator


Syntax
gtpp ram-disk-limit
mb mega_bytesdefault gtpp ram-disk-limit
default

Restores the system to the default settings of 32 MB of storage.

mb mega_bytes

Specifies the number of megabytes of storage allocated for files.

mega_bytes: must be an integer from 10 through 256. The default is 32 MB.


Usage:

The memory specified with this command would be added to the existing memory allocated to the AAA proxy only if hard disk storage is enabled.


Example:
gtpp ram-disk-limit
mb 256
gtpp single-source

Configures the system to reserve a CPU for performing a proxy function for accounting.

Platform:

ASR 5000

Product:

GGSN, SGSN, P-GW


Privilege:

Security Administrator, Administrator


Syntax
gtpp single-source [ centralized-lrsn-creation | private-extensions ]no gtpp single-source
centralized-lrsn-creation

Defines Log Record Sequence Number (LRSN) generation at proxy. The AAA proxy will generate the LRSN for all CDR types generated by either the GGSN or the SGSN.

Default: disabled

private-extensions

This optional keyword enables the proprietary use of customer-specific GTPP extensions.

If private-extensions is not configured, all customer specific private extensions related to GTPP message transfer with CGF and recovery through GSS are disabled.

IMPORTANT:

In order for the customer-specific extensions to work properly, the gtpp max-pdu-size command in the Context Configuration Mode should be set to 65400 and the gtpp server command’s max value should be set to “1”.

no

Disables GTPP single-sourcing. This is the default setting.

CAUTION:

Entering this command while PDP contexts are in process could cause the loss of pending CDRs. The configuration must be saved and the chassis reloaded for this option to take effect.


Usage:

When GTPP single-sourcing is enabled, the system’s AAA proxy function generates requests to the accounting server using a single UDP source port number, instead of having each AAA Manager generate independent requests with unique UDP source port numbers. This is accomplished by the AAA Managers forwarding their GTPP PDUs to the AAA Proxy function that runs on a reserved packet processing card CPU. Since a packet processing card CPU is being reserved, fewer Session Managers and AAA Managers will be started on that card.

CAUTION:

This command must be entered prior to the configuration of other services. Specifying it later may return an error due to a lack of CPU availability.


Example:
The following command enables GTPP single-sourcing with the use of private GTPP extensions:
gtpp single-source
private-extensions
The following command disables GTPP single-sourcing:
no gtpp single-source
ha-spi-list

Replaces a duplicate Home Agent-Security Parameters Index (HA-SPI) remote address list applied to multiple HA services with a list name.

Platform:

ASR 5000

Product:

PDSN, HA


Privilege:

Security Administrator, Administrator


Syntax
ha-spi-list ha_spi_list
ha_spi_list

Remote address list name expressed as an alphanumeric string of 1 through 64 characters.


Usage:

Use this command to Replace duplicate HA-SPI remote address list applied to multiple HA services with a list name.


Example:
The following command configures the list HA SPI list to ha-list2:
ha-spi-list ha-list2
hd raid

Provides access to a the HD RAID Configuration mode in order to manage parameters supporting local storage of data records.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
hd raid

Usage:

Enters the HD RAID configuration mode.

Entering this command results in the following prompt:

[context_name]hostname(config-hd-raid)#

HD RAID Configuration Mode commands are defined in the HD RAID Configuration Mode Commands chapter.


Example:
The following command opens the HD RAID Configuration mode:
hd raid
hd storage-policy

Provides access to the local hard drive configuration mode in order to manage parameters supporting local storage of records.

Platform:

ASR 5000

Product:

GGSN, SGSN, HSGW, P-GW, S-GW


Privilege:

Administrator


Syntax
[ no ] hd
storage-policy name
no

Removes a configured HD storage policy from the system.

storage-policy name

Specifies a name for an HD storage policy and then enters the HD Storage Policy Configuration Mode. name must be an alphanumeric string of 1 through 63 characters.


Usage:

Creates a new policy or specifies an existing policy and enters the HD Storage Policy Configuration Mode.

Entering this command results in the following prompt:

[context_name]hostname(config-hd-storage-policy)#

HD Storage Policy Configuration Mode commands are defined in the HD Storage Policy Configuration Mode Commands chapter.


Example:
The following command creates an HD storage policy named policy3 and enters the HD Storage Policy Configuration Mode:
hd storage-policy policy3
high-availability

Configures the speed for detection of packet processing card task failures.

Platform:

ASR 5000

Product:

PDSN, GGSN, ASN GW


Privilege:

Security Administrator, Administrator


Syntax
high-availability fault-detection
speed { aggressive | normal }default high-availability
fault-detection speed
{ aggressive | normal }
Default: normal
  • aggressive: Initiates packet processing card failover without performing additional checks.
  • normal: Initiates packet processing card failover after additional checks are performed.

Usage:

Use this command to increase the fault detection speed for faster switchovers after a packet processing card task failure.

Setting fault detection speed to aggressive will trigger packet processing card failover as soon as possible if a potential failure is detected. Aggressive mode will reduce the duration of subscriber outages caused by a failed packet processing card if session recovery is enabled.

Aggressive mode also bypasses most information gathering steps and logs that can be used to determine the root cause of the failure.

In normal mode, additional checks are performed before triggering a packet processing card failover to ensure that the card has actually failed. In aggressive mode these checks are bypassed so that session recovery can start as soon as possible. These additional checks reduce the likelihood of a false positive failure.


Example:
The following command sets the fault detection speed for packet processing card tasks to aggressive:
high-availability
fault-detection speed aggressive
hybrid-mode

Enables an ASR 5000 chassis to run a mix of Packet Services Cards (PSCs) and PSC Type A (PSCAs). When enabled, PSCAs will boot and be compatible with the PSCs as long as encryption services are disabled. The default is to run the chassis in non-hybrid mode; PSCAs will not boot when inserted in the chassis.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
[ no ] hybrid-mode [force]
no

Returns the chassis to non-hybrid mode. PSCAs will not boot.

force

Always updates the configuration, even if the encryption services could not be disabled. However, the PSC and PSCA cards will continue to be incompatible until encryption services are manually disabled.


Usage:

To allow a chassis to run in PSC/PSCA hybrid-mode with encryption services disabled you must configure hybrid-mode force once.

To go from hybrid mode to non-hybrid mode, you must enter the no hybrid-mode force command. Non-hybrid chassis mode allows encryption services to be started through the appropriate CLI commands. However, all PSCAs in the chassis will be disabled.

For additional information, see the ASR 5000 Installation Guide.


Example:
The following command enables the chassis to run a mix of PSCs and PSCAs without encryption services:
hydrid-mode force
imei-profile

Creates an instance of an International Mobile Equipment Identity (IMEI) profile.

Platform:

ASR 5000

Product:

SGSN


Privilege:

Security Administrator, Administrator


Syntax
[ no ] imei-profile imei_profile_name
no

Deletes the IMEI profile instance from the configuration.

imei_profile_name

Specifies the name of the IMEI profile as an alphanumeric string of 1 through 64 characters.


Usage:

Use this command to create an instance of an IMEI profile and to enter the IMEI Profile Configuration mode. An IMEI profile is a template which groups a set of device instructions, such as blacklisting, that may be applicable to one or more calling devices. See the IMEI Profile Configuration Mode Commands chapter for information regarding the definition of the rules contained within the profile and the use of the profile.

IMPORTANT:

An IMEI profile is a key element of the Operator Policy feature and is only valid when associated with at least one operator policy.

To see what IMEI profiles have already been created, return to the Exec mode and enter the show imei-profile all command.


Example:
The following command creates a configuration instance of an IMEI profile:
imei-profile imeiprof1