Standalone eGTP Serving Gateway
Configuration Sample
# Configuration
file for an ASR 5000 in an eGTP S-GW role
#
# Send S-GW
licenses
configure /flash/flashconfig/<sgw_license_name>.cfg
end
#
# Set system
to not require confirmation when creating new contexts and/or
services. Config file must end with “no autoconfirm” to
return the CLI to its default setting.
#
configure
autoconfirm
#
# Configure
ASR 5000 cards
#
# Activate
the PSCs
card <slot_number>
mode
active psc
exit
card <slot_number>
mode
active psc
exit
# Repeat for
the number of PSCs in the system
end
#
# Modify the
local context for local system management
configure
context
local
interface <name>
ip
address <address> <mask>
exit
server
ftpd
exit
ssh
key <key>
length <bytes>
server
sshd
subsystem
sftp
exit
server
telnetd
exit
subscriber
default
exit
administrator
<name>
encrypted password <password>
ftp
aaa
group default
exit
administrator
<name>
encrypted password <password>
ftp
ip
route <ip_addr/ip_mask> <next_hop_addr> <lcl_cntxt_intrfc_name>
exit
port
ethernet <slot#/port#>
no
shutdown
bind
interface <lcl_cntxt_intrfc_name>
local
exit
ntp
enable
server
10.2.10.2
exit
snmp
engine-id local <id>
snmp
notif-threshold <count>
low <low_count>
period <seconds>
snmp
authentication-failure-trap
snmp
heartbeat interval <minutes>
snmp
community <string>
read-write
snmp
target <name> <ip_address>
system
contact <string>
system
location <string>
# Ingress context
configuration
context
<sgw_context_name>
-noconfirm
subscriber
default
exit
interface
<s1u-s11_interface_name>
ip
address <ipv4_address_primary>
ip
address <ipv4_address_secondary>
exit
interface <s4_interface_name>
ip
address <ipv4_address_primary>
ip
address <ipv4_address_secondary>
# note alternative
IPv6 address for both interfaces:
ipv6
address <address>
exit
gtpp
group default
exit
gtpu-service <gtpu_s1us11_ingress_service_name>
bind
ipv4-address <s1-us11_interface_ip_address>
# note alternative
IPv6 address:
bind
ipv6-address <s1-us11_interface_ip_address>
exit
gtpu-service <gtpu_s4_ingress_service_name>
bind
ipv4-address <s4_interface_ip_address>
# note alternative
IPv6 address:
bind
ipv6-address <s4_interface_ip_address>
exit
egtp-service
<egtp_s1u-s11_ingress_service_name>
interface-type
interface-sgw-ingress
validation-mode
default
associate
gtpu-service <gtpu_ingress_service_name>
gtpc
bind address <s1u-s11_interface_ip_address>
exit
egtp-service <egtp_s4_ingress_service_name>
interface-type
interface-sgw-ingress
validation-mode
default
associate
gtpu-service <gtpu_ingress_service_name>
gtpc
bind address <s4_interface_ip_address>
exit
sgw-servers
<sgw_service_name>
-noconfirm
associate
ingress egtp-service <egtp_ingress_service_name>
associate
egress-proto gtp egress-context <egress_context_name>
qci-qos-mapping <map_name>
exit
ip
route <pgw_ip_addr/mask> <sgw_next_hop_addr> <sgw_intrfc_name>
exit
port
ethernet <slot_number/port_number>
no
shutdown
bind
interface <s1u-s11_interface_name> <sgw_context_name>
exit
# Egress context
configuration
context
<egress_context_name>
-noconfirm
interface <s5s8_interface_name>
ipv6
address <address>
tunnel-mode
ipv6ip
source
interface <name>
destination
address <ipv4_or_ipv6_address>
exit
exit
# note alternative
IPv4 address:
ip
address <ipv4_address>
exit
interface <s12_interface_name>
ip
address <ipv4_address_primary>
ip
address <ipv4_address_secondary>
# note alternative
IPv6 address:
ipv6
address <address>
exit
gtpu-service <gtpu_s5s8_egress_service_name>
bind
ipv4-address <s5s8_interface_ip_address>
# note alternative
IPv6 address:
bind
ipv6-address <s5s8_interface_ip_address>
exit
gtpu-service <gtpu_s12_egress_service_name>
bind
ipv4-address <s12_interface_ip_address>
# note alternative
IPv6 address:
bind
ipv6-address <s12_interface_ip_address>
exit
egtp-service <egtp_s5s8_egress_service_name>
interface-type
interface-sgw-egress
validation-mode
default
associate
gtpu-service <gtpu_egress_service_name>
gtpc
bind address <s5s8_interface_ip_address>
exit
egtp-service <egtp_s12_egress_service_name>
interface-type
interface-sgw-egress
validation-mode
default
associate
gtpu-service <gtpu_egress_service_name>
gtpc
bind address <s12_interface_ip_address>
exit
ip
route <pgw_ip_addr/mask> <sgw_next_hop_addr> <sgw_intrfc_name>
exit
port
ethernet <slot_number/port_number>
no
shutdown
bind
interface <s5s8_interface_name> <sgw_context_name>
end
configure
# Optional IPSec
IKEv2 configuration for S1-U interface
context <ingress_context_name>
ipsec
transform-set <name>
exit
ikev2-ikesa
transform-set <name>
lifetime <seconds>
exit
crypto
template <name>
ikev2-dynamic
authentication
remote pre-shared-key encrypted key <enc_key>
ikev2-ikesa
transform-set list <list_name>
payload
<payload_name>
match childsa
ipsec
transform-set list <name>
lifetime <seconds>
rekey
keepalive
exit
peer
network <ip_address> mask
<ip_mask>
encrypted pre-shared-key <key>
end
# QCI-QoS mapping
qci-qos-mapping <name>
qci
1 user-datagram dscp-marking <hex>
qci
3 user-datagram dscp-marking <hex>
qci
9 user-datagram dscp-marking <hex>
end