Global Configuration
Mode Commands (A-K)
This section includes
the commands aaa
accounting-overload-protection through imei-profile.
The Global Configuration
Mode is used to configure basic system-wide parameters.
IMPORTANT:
The commands or keywords/variables
that are available are dependent on platform type, product version,
and installed license(s).
aaa accounting-overload-protection
This command configures
Overload Protection Policy for accounting requests.
Privilege:
Security Administrator,
Administrator
Syntax
aaa accounting-overload-protection
prioritize-gtpp
{ default | no } aaa
accounting-overload-protection
default
Configures the default
setting.
Default: no priority
assigned
no
Disables the Overload
Protection configuration.
prioritize-gtpp
Gives higher priority
to GTPP requests among the other outstanding requests. So while purging
the lower priority requests will be selected first.
Usage:
Use this command to
configure Overload Protection Policy for accounting requests.
Example:
The following command
prioritizes GTPP requests among the other outstanding requests:
aaa accounting-overload-protection
prioritize-gtpp
aaa default-domain
Configure global accounting
and authentication default domain for subscriber and context-level
administrative user sessions.
Privilege:
Security Administrator,
Administrator
Syntax
aaa default-domain { administrator | subscriber } domain_name
no aaa default-domain { administrator | subscriber }
no
Removes all or only
the specified configured domain.
administrator | subscriber
administrator:
Configures the default domain for context-level administrative users.
subscriber:
Configures the default domain for subscribers.
domain_name
Sets the default context.
domain_name must
be an alphanumeric string of 1 through 79 characters.
Usage:
This command configures
the default domain which is used when accounting and authentication
services are required for context-level administrative user and
subscriber sessions whose user name does not include a domain.
Example:
The following commands
configure the default domains for context-level administrative users
and subscribers, respectively:
aaa default-domain
administrator sampleAdministratorDomain
aaa default-domain
subscriber sampleSubscriberDomain
aaa domain-matching
ignore-case
This command disables
case sensitivity when performing domain matching. When this command
is enabled, the system disregard case when matching domains.
Privilege:
Security Administrator,
Administrator
Syntax
[ no ] aaa
domain-matching ignore-case
default aaa domain-matching
default
Configures ignore-case
as the domain matching method.
no
Specifies that the
system consider case when domain matching.
Usage:
Use this command to
configure the system to ignore case when matching domains.
Example:
The following command
configures the system to ignore case when matching domains:
aaa domain-matching
ignore-case
aaa domain-matching
imsi-prefix
Enables domain lookup
for session based on the International Mobile Subscriber Identity
(IMSI) prefix length. Default: Disabled
IMPORTANT:
This command is only
available in 8.3 and later releases.
Privilege:
Security Administrator,
Administrator
Syntax
aaa domain-matching
imsi-prefix prefix-length prefix_length
no aaa domain-matching
imsi-prefix
default aaa domain-matching
no
Specifies the system
must not consider imsi-prefix domain matching method.
prefix-length
Specifies the IMSI
length to be matched with the domain.
prefix_length must
be an integer from 1 through 15.
Usage:
Use this command to
configure the IMSI-prefix method of domain matching. This command
enables domain lookup for the session based on the IMSI prefix length.
If there is a domain configured with the matching IMSI prefix, the
associated configuration is used.
This feature does
not support partial matches.
Example:
The following command
configures the IMSI prefix method for domain matching setting the prefix
length to
10.
aaa domain-matching
imsi-prefix prefix-length 10
aaa large-configuration
This command enables
or disables the system to accept a large number of RADIUS configurations
to be defined and stored.
IMPORTANT:
For this command to
take affect, after entering the command the configuration must be
saved and reloaded.
When aaa large-configuration
is disabled, the following restrictions are in place:
- Only one (1) NAS IP
address can be defined per context with the radius attribute command.
- The RADIUS attribute nas-ip-address can
only be configured if the RADIUS group is default.
- Only 320 RADIUS servers
can be configured system-wide.
- Only 64 RADIUS groups
can be configured system-wide.
Privilege:
Security Administrator,
Administrator
Syntax
[ no ] aaa
large-configuration
no
Disables AAA large
configuration support.
Usage:
When aaa large-configuration
is enabled, the system provides the ability to configure multiple
NAS IP addresses in a single context to used with different radius
groups. As well, the command allows support for up to 1,600 RADIUS
server configurations and
for
a PDSN a maximum of 400 or
for a GGSN a maximum of 800 RADIUS server group configurations
system-wide.
Example:
To enable the definition
of a large number of RADIUS configurations, enter the following commands
in the following order:
In APN Configuration
mode, enter:
default aaa group
In Global Configuration
mode, enter:
aaa large-configuration
In Exec mode, use
the save configuration command
and then the reload command.
aaa last-resort
Configure global accounting
and authentication last resort domain for subscriber and context-level
administrative user sessions.
Privilege:
Security Administrator,
Administrator
Syntax
aaa last-resort context { administrator | subscriber context_name }
no aaa last-resort
context { administrator | subscriber }
no
Removes all or only
the specified previously configured authentication last resort domain name.
administrator | subscriber
administrator:
Configures the last resort domain for context-level administrative.
subscriber:
Configures the last resort domain for the subscribers.
context_name
Specifies the context
which is to be set as the last resort. context_name must
be an alphanumeric string of 1 to 79 characters.
Usage:
Set the last resort
context which is used when there is no applicable default domain (context)
and there is no domain provided with the subscriber’s or
context-level administrative user’s name for use in the
AAA functions.
Example:
The following commands
configure the last resort domains for context-level administrative user
and subscribers, respectively:
aaa last-resort administrator sampleAdministratorDomain
aaa last-resort subscriber sampleSubscriberDomain
The following command
removes the previously configured domain called
sampleAdministratorDomain:
no aaa last-resort
administrator sampleAdministratorDomain
aaa tacacs+
This command enables
or disables system-wide TACACS+ AAA (authentication, authorization
and accounting) services for administrative users. This command
is valid only if TACACS+ servers and related services have
been configured in TACACS Configuration Mode.
Privilege:
Security Administrator,
Administrator
Syntax
[ no ] aaa
tacacs+
Usage:
Enables or disables
the use of TACACS+ AAA services for administrative users.
Example:
aaa tacacs+
no aaa tacacs+
aaa username-format
Configure global accounting
and authentication user name formats for AAA (authentication, authorization
and accounting) functions. Up to six formats may be configured.
Privilege:
Security Administrator,
Administrator
Syntax
[ no ] aaa
username-format { domain | username } separator
default aaa username-format
no
Removes the specified
user name format from the configuration.
domain | username
Default: username @
domain:
indicates the left side of the string from the separator character
is a domain name and the right side is the user name.
username:
indicates the left side of the string from the separator character
is a user name and the right side is the domain name.
IMPORTANT:
The user name string
is always searched from right to left for the first occurrence of
the separator character.
separator
Specifies the character
to use to delimit the domain from the user name for global AAA functions.Permitted
characters include: @, %, -, \, #,
or /. To specify a back slash (’\’)
as the separator, you must enter a double back slash (‘\\’)
on the command line.
Usage:
Define the formats
for user name delimiting if certain domains or groups of users are
to be authenticated based upon their user name versus domain name.
Example:
aaa username-format
domain @
aaa username-format
username %
no aaa username-format
username %
active-charging
service
This command allows
you to create/configure/delete the Active Charging
Service (ACS)/Enhanced Charging Service (ECS).
Privilege:
Security Administrator,
Administrator
Syntax
active-charging service acs_service_name [ -noconfirm ]
no active-charging
service acs_service_name
no
Deletes the specified
Active Charging Service.
acs_service_name
Specifies name of
the Active Charging Service.
acs_service_name must
be the name of an Active Charging Service, and must be an alphanumeric
string of 1 through 15 characters.
If the named Active
Charging Service does not exist, it is created, and the CLI mode
changes to the ACS Configuration Mode wherein the service can be
configured. If the named Active Charging Service already exists,
the CLI mode changes to the ACS Configuration Mode.
-noconfirm
Specifies that the
command must execute without any additional prompt and confirmation from
the user.
Usage:
Use this command to
create/configure/delete an Active Charging Service
in the system. Note that, in this release, only one Active Charging
Service can be created in the system.
Use this command after
enabling ACS using the require active-charging command.
This command allows administrative users to configure the ACS functionality.
On entering this command,
the CLI prompt changes to:
[context_name]hostname(config-acs)#
Example:
The following command
creates an ACS service named
test:
active-charging service test
alarm
Enables or disables
alarming options for the SPIO card or the SSC internal alarms and
the central-office external alarms. To verify the state of the alarms,
refer to the show
alarm command.
Privilege:
Security Administrator,
Administrator
Syntax
alarm { audible | central-office }
no alarm { audible | central-office }
no
Disables the option
specified.
audible | central-office
audible:
indicates the internal audible alarm on the SPIO cards or SSCs are
to be enabled.
central-office:
indicates the central office alarms are to be enabled.
Usage:
Disable CO and audible
alarms when an existing device provides such capability.
Example:
The following commands
enable the SPIO card or SSC internal alarms and disable the central
office alarms, respectively.
alarm audible
no alarm central-office
apn-profile
Creates an instance
of an Access Point Name (APN) profile.
Privilege:
Security Administrator,
Administrator
Syntax
[ no ] apn-profile apn_profile_name
no
Deletes the APN profile
instance from the configuration.
apn_profile_name
Specifies the name
of the APN profile. Enter an alphanumeric string of 1 through 64 characters.
Usage:
Use this command to
create an instance of an APN profile and to enter the APN profile configuration
mode. An APN profile is a template which groups a set of APN-specific commands
that may be applicable to one or more APNs. See the APN Profile Configuration Mode
Commands chapter for information regarding the definition of
the rules contained within the profile and the use of the profile.
IMPORTANT:
An APN profile is a
key element of the Operator Policy feature and is only valid when associated
with at least one operator policy.
To see what APN profiles
have already been created, return to the Exec mode and enter the show apn-profile all command.
Example:
The following command
creates a configuration instance of an APN profile:
apn-profile apnprof27
apn-remap-table
Creates an instance
of an Access Point Name (APN) remap table.
Privilege:
Security Administrator,
Administrator
Syntax
[ no ] apn-remap-table apn_remap_table_name
no
Deletes the APN remap
table instance from the configuration.
apn_remap_table_name
Specifies the name
of the APN remap table. Enter an alphanumeric string of 1 through
65 characters.
Usage:
Use this command to
create an instance of an APN remap table and to enter the APN remap
table configuration mode. An APN remap table includes entries that
define how an incoming APN, or the lack on one, will be handled.
See the APN Remap Table Configuration
Mode Commands chapter for information regarding the definition
of the entries contained within the table and the use of the table.
IMPORTANT:
An APN remap table
is a key element of the Operator Policy feature and is only valid
when associated with at least one operator policy.
To see what APN remap
tables have already been created, return to the Exec mode and enter
the show apn-remap-table
all command.
Example:
The following command
creates a configuration instance of an APN remap table:
apn-remap-table pnremap-USorigins-table1
arp
Configures a system-wide
time interval for performing Address Resolution Protocol (ARP) refresh.
Privilege:
Security Administrator,
Administrator
Syntax
arp base-reachable-time time
default arp base-reachable-time
default
Restores the parameter
to its default setting.
time
Default: 30
Specifies the ARP
refresh interval (in seconds) as an integer from 30 through 86400.
Usage:
Use this command to
configure a system-wide ARP refresh interval. Once a neighbor is found,
the entry is considered valid for at least a random value between
the time/2
and the time*1.5.
Example:
The following command
configures an ARP refresh interval of 1 hour:
arp base-reachable-time 3600
autoconfirm
This command disables
or enables confirmation for certain commands. This command affects
all future CLI sessions.
IMPORTANT:
To change the behavior
for the current CLI session only, use the autoconfirm command
in the Exec Mode.
Privilege:
Security Administrator,
Administrator, Operator
Syntax
autoconfirm
no autoconfirm
Usage:
When autoconfirm is
enabled, certain commands ask you to answer yes or no to confirm that
you want to execute the command. When autoconfirm is disabled the
confirmation questions never appear. Disabling autoconfirm disables
command confirmation for all future CLI sessions.
By default autoconfirm is
enabled.
Example:
The following command
enables command confirmation for all future CLI sessions;
autoconfirm
The following command
disables command confirmation for all future CLI sessions;
no autoconfirm
autoless
This command is obsolete.
It is included in the CLI for backward compatibility with older
configuration files. When executed, this command issues a warning
and performs no function.
banner
Configures the CLI
banner which is displayed upon the start of a CLI session.
Privilege:
Security Administrator,
Administrator
Syntax
banner { charging-service | lawful-intercept | motd | pre-login } string
no banner { charging-service | lawful-intercept | motd | pre-login }
no
Removes the banner
message by setting it to be a string of zero length.
charging-service
Specifies the Active
Charging Service banner message. The banner is displayed upon initialization
of an SSH CLI session with ACS-admin privileges (whenever anyone
with the CLI privilege bit for ACS logs on).
lawful-intercept
Refer to the Lawful Intercept Configuration
Guide for a description of this parameter.
motd
Configures the CLI
banner message of the day which is displayed upon the initialization
of any CLI session.
pre-login
Configures the CLI
banner displayed before a CLI user logs in.
IMPORTANT:
This banner is displayed
only for serial port and telnet log ins. It is not supported in
ssh and, therefore, will not be displayed before ssh log ins.
string
Specifies the banner
or message to be displayed at session initialization. string may
be an alphanumeric string of 0 through 2048 characters. The string
must be enclosed in double quotation marks if the banner or message
is to include spaces.
Usage:
Set the message of
the day banner when an important system wide message is needed.
For example, in preparation for removing a chassis from service,
set the banner 1 or more days in advance to notify administrative
users of the pending maintenance.
Example:
banner motd “Have
a nice day.”
banner motd No_News_Today
no banner motd
boot delay
Configures the delay
period, in seconds, before attempting to boot the system from a
software image file residing on an external network server.
Privilege:
Security Administrator,
Administrator
Syntax
boot delay time
no boot delay
no
Deletes the setting
for the boot delay. The boot process executes immediately.
time
Specifies the amount
of time (in seconds) to delay prior to requesting the software image from
the external network server as an integer from 1 through 300.
Usage:
Useful when booting
from the network when connection delays may cause timeouts. Such as
when the Spanning Tree Protocol is used on network equipment.
IMPORTANT:
The settings for this
command are stored immediately in the boot.sys file. No changes
are made to the system configuration file.
Example:
The following sets
the boot delay to
10 seconds:
boot delay 10
boot interface
Configures Ethernet
network interfaces for obtaining a system software image during
the system boot process.
Privilege:
Security Administrator,
Administrator
Syntax
Releases prior to 12.2:
boot interface { spio-eth1 | spio-eth2 } [ medium { auto | speed medium_speed duplex medium_duplex } [ media medium_media ] ]
no boot interface
Releases after 12.2:
boot interface { local-eth1 | local-eth2 } [ medium { auto | speed medium_speed duplex medium_duplex } [ media medium_media ] ]
no boot interface
no
Removes the boot interface
configuration from the boot.sys file. Only files from the local file
system can be loaded.
spio-eth1 | spio-eth2
Specifies the network
interface to be configured where spio-eth1 is
the primary interface on the SPIO (slot 24 interface 1 or slot 25
interface 1) and spio-eth2 is
the secondary interface on the SPIO (slot 24 interface 2 or slot
25 interface 2). The interfaces are either RJ-45 ifor speeds of
10, 100, or 1000 megabits per second (Mbps), or SFP for the optical
Gigabit (1000 Mbps).
local-eth1 | local-eth2
Specifies the network
interface to be configured where local-eth1 is
the primary ethernet interface and local-eth2 is
the secondary ethernet interface.
For the ASR 5000,
the primary is interface 1 on the SPIO and the secondary is interface
2 on the SPIO. The interfaces are either RJ-45 ifor speeds of 10,
100, or 1000 megabits per second (Mbps), or SFP for optical Gigabit
(1000 Mbps).
For the ASR 5500,
the primary is port 1 (1000Base-T) on the MIO and the secondary interface
is port 2 (1000Base-T) on the MIO.
medium { auto | speed medium_speed duplex medium_duplex }
Default: auto
auto: configures
the interface to auto-negotiate the interface speed. and duplex.
speed medium_speed duplex medium_duplex:
specifies the speed to use at all times where
medium_speed must
be one of:
The keyword
duplex is
used to set the communication mode of the interface where
medium_duplex must
be one of:
media medium_media
Default: rj45
Optionally sets the
physical interface where medium_media must
be either rj45 or sfp.
Usage:
Modify the boot interface
settings to ensure the system is able to obtain a software image from
an external network server.
IMPORTANT:
The settings for this
command are stored immediately in the boot.sys file. No changes
are made to the system configuration file.
Example:
The following configures
the primary interface to auto-negotiate the speed.
boot interface spio-eth1
medium auto
boot interface local-eth1
medium auto
The following command
configures the secondary interface to a fixed gigabit speed at full duplex
using RJ45 connectors for the physical interface.
boot interface spio-eth2
medium speed 1000 duplex full media rj45
boot interface local-eth2
medium speed 1000 duplex full media rj45
The following restores
the defaults for the boot interface.
no boot interface
boot nameserver
Configures the IP
address of the DNS (Domain Name Service) server to use when looking
up hostnames in URLs for network booting.
Privilege:
Security Administrator,
Administrator
Syntax
boot nameserver ip_address
no boot nameserver
no
Removes the network
boot nameserver information from the boot.sys file.
ip_address
IPv4 dotted-decimal
address of the DNS server the system uses to lookup hostnames in URLs
for a software image from the network during the system boot process.
Usage:
Use this command to
identify the DNS server to use to lookup hostnames in a software image
URL.
IMPORTANT:
The settings for this
command are stored immediately in the boot.sys file. No changes
are made to the system configuration file.
Example:
The following configures
the system to communicate with a DNS nameserver with the IP address
of 10.2.3.4:
boot nameserver 10.2.3.4
boot networkconfig
Configures the networking
parameters for the Switch Processor I/O card network interfaces
to use when obtaining a software image from an external network
server during the system boot process.
Privilege:
Security Administrator,
Administrator
Syntax
boot networkconfig { dhcp | { { dhcp-static-fallback | static } ip
address spio24 ip_address [ spio25 ip_address ] netmask ip_mask [ gateway gw_address ] } }
no boot networkconfig
no
Removes the network
configuration information from the boot.sys file.
dhcp
Indicates that a Dynamic
Host Control Protocol (DHCP) server is used for communicating with
the external network server.
dhcp-static-fallback | static
dhcp-static-fallback:
provides static IP address fallback network option when a DHCP server
is unavailable.
static:
specifies a fixed network IP address for the external network server
that hosts the software image.
spio24 ip_address [ spio25 ip_address ] netmask ip_mask [ gateway gw_address ]
spio24 ip_address [ spio25 ip_address ]:
the IP address to use for the SPIO in slot 24 and optionally the
SPIO in slot 25 for network booting. ip_address must
be specified using IPv4 dotted-decimal notation.
netmask ip_mask:
the network mask to use in conjunction with the IP address(es) specified
for network booting. ip_mask must
be specified using IPv4 dotted-decimal notation.
gateway gw_address:
the IP address of a network gateway to use in conjunction with the
IP address(es) specified for network booting. gw_address must
be entered using IPv4 dotted-decimal notation.
IMPORTANT:
If gw_address is
not specified, the network server must be on the same LAN as the
system. Since both SPIOs must be in the same network, the netmask
and gateway settings are shared.
Usage:
Configure the network
parameters for the ports on the SPIO cards to use to communicate with
an external network server that hosts software images.
IMPORTANT:
The settings for this
command are stored immediately in the boot.sys file. No changes
are made to the system configuration file.
IMPORTANT:
When configuring static
addresses both SPIOs must have different IP addresses. Neither address
can be the same as the local context IP address.
Example:
The following configures
the system to communicate with the external network server via DHCP
with a fallback to IP address
192.168.100.10,
respectively.
boot networkconfig
dhcp-static-fallback ip address spio24 192.168.100.10 netmask 255.255.255.0
The following command
configures the system to communicate with an external network server
using the fixed (static) IP address
192.168.100.10 with
a network mask of
255.255.255.0.
boot networkconfig
static ip address spio24 192.168.100.10 netmask 255.255.255.0
The following restores
the system default for the network boot configuration options.
no boot networkconfig
boot system priority
Specifies the priority
of a boot stack entry to use when the system first initializes or
restarts. Up to 10 boot system priorities (entries in the boot.sys
file located in the /flash device in the SPC, SMC or MIO)
can be configured.
Privilege:
Security Administrator,
Administrator
Syntax
boot system priority number image image_url config config_path
no boot system priority number
no
Remove a boot stack
entry at the priority specified from the boot stack when it is no
longer used.
priority number
Specifies the priority
for the file group (consisting of an image (.bin) and its corresponding configuration
(.cfg) file) specified in the boot stack. The value must be in the
range from 1 through 100 where a priority of 1 is the highest. Up
to 10 boot system priorities (boot stack entries) can be configured.
IMPORTANT:
When performing a
software upgrade it is important that the new file group have the
highest priority (lowest value) configured.
IMPORTANT:
To ensure that higher
priority numbers remain open, use an “N-1” priority
numbering methodology, where “N” is the first
priority in the current boot stack.
image image_url
Specifies the location
of a image file to use for system startup. The URL may refer to
a local or a remote file. The URL must be formatted according to
the following format:
For the ASR 5000:
- [ file: ]{ /flash | /pcmcia1 | /hd }[ /directory ]/filename
- [ http: | tftp: ]//host[ :port ][ /directory ]/filename
IMPORTANT:
Use of the SMC hard
drive is not supported in this release.
IMPORTANT:
Do not use the following
characters when entering a string for the field names below: “/” (forward
slash), “:” (colon) or “@” (at
sign).
directory is
the directory name.
filename is
the actual file of interest.
host is
the IP address or host name of the server.
port# is
the logical port number that the communication protocol is to use.
IMPORTANT:
A file intended for
use on an ASR 5000 uses the convention xxxxx.asr5000.bin, where xxxxx
is the software build number.
IMPORTANT:
When using the TFTP,
it is advisable to use a server that supports large blocks, per
RFC 2348. This can be implemented by using the “block size
option” to ensure that the TFTP service does not restrict
the file size of the transfer to 32MB.
config config_path
Specifies the location
of a configuration file to use for system startup. This must be formatted
according to the following format:
For the ASR 5000:
- [ file: ]{ /flash | /pcmcia1 | /hd }[ /path ]/filename
IMPORTANT:
Use of the SMC hard
drive is not supported in this release.
Where path is
the directory structure to the file of interest, and filename is
the name of the configuration file. This file typically has a .cfg extension.
Usage:
This command is useful
in prioritizing boot stack entries in the boot.sys file, typically located
on the /flash device of the Active SPC, SMC, or MIO, for
automatic recovery in case of a failure of a primary boot file group.
IMPORTANT:
The configuration
file must reside on the SPC’s, SMC’s, or MIO’s
local filesystem, stored on one of its local devices (/flash,
or /pcmcia1, or /hd-raid/pcmcia1, or /pcmcia2,
or /usb1, or /hd-raid). Attempts to load the configuration
file from an external network server will result in a failure to
load that image and configuration file group, causing the system
to load the image and configuration file group with the next highest
priority in the boot stack.
IMPORTANT:
Configuration changes
do not take effect until the system is reloaded.
IMPORTANT:
The settings for this
command are stored immediately in the boot.sys file. No changes
are made to the system configuration file.
Example:
The following commands
set up two locations to obtain a boot file group from.
boot system priority
1 image tftp: //remoteABC/pub/2012jan.bin
config /flash/pub/data/2012feb.cfg
boot system priority
2 image /flash /pub/data/2002jun.bin
config /pcmcia1/pub/data/2012feb.cfg
The following removes
the current priority
1 boot
entry from the boot.sys file.
no boot system priority 1
bulkstats
Enables the collection
of bulk statistics by the system and/or enters the bulk statistic
configuration mode.
Privilege:
Security Administrator,
Administrator
Syntax
bulkstats { collection | historical | mode }
no bulkstats collection
collection
Enables the statistics
collection process. Collects a period snapshot of data, such as “here
is what the value is right now”.
historical collection
Enables the system
to collect historical bulk statistics.
If enabled, the system
keeps track of some things which require the storing of more data, such
as “the highest value that’s been seen over the
last 24 hours”.
mode
Enters the bulk statistics
configuration mode. The resulting command-line prompt will look similar
to:
[<context-name>]asr5000(config-bulkstats)#
no
Disables the collection
of bulk statistics.
Usage:
The Bulk Statistics
Configuration Code consists of commands for configuring bulk statistic
properties, such as the period of collection. Bulk Statistics
configuration mode commands are defined in the Bulk Statistics Configuration
Mode Commands chapter.
The system can be
configured to collect bulk statistics and send them to a collection
server (called a receiver). Bulk statistics are statistics that
are collected in a group or schema, for example, system statistics,
port statistics, radius statistics.
Once bulk statistics
receiver, schema, and collection properties are configured, this bulkstats command
is used to enable or disable the collection of the data.
To collect a sample
that will provide an average, for example, an average of CPU counters, the “historical” features
must be enabled with the bulkstats historical collection command.
Since bulk statistics
are collected at regular, user-defined intervals, the bulkstats force command
in the Exec Mode can be used to manually initiate the collection
of statistics at any time.
Example:
bulkstats collection
bulkstats mode
no bulkstats collection
ca-certificate
Configures and selects
an X.509 CA root certificate to enable a security gateway or SCM
to perform certificate-based peer (client) authentication. The system
supports a maximum of 16 certificates and 16 CA root certificates.
A maximum of four CA root certificates can be bound to a crypto
or ssl template.
Product:
ePDG, FNG, SCM (P-CSCF,
A-BG)
Privilege:
Administrator, Security
Administrator, Operator
Syntax
ca-certificate name name pem { data pemdata | url url }
no ca-certificate name name
no
Disables ca-certificate.
Note:
If the CA-CERT is mandatory
for the service to be up and running, then the removal of that CA-CERT
is not allowed, i.e. the following CLI command is not allowed.
no ca-certificate name name
name name
Names the CA certificate. name must
be an alphanumeric string of 1 through 128 characters.
pem
Specifies that the
Privacy-enhanced Electronic Mail (PEM) format is to be used.
data pemdata
CA certificate data
in PEM format. pemdata must
be an alphanumeric string of 1 through 4095 characters.
url url
URL of the file containing
CA certificate in PEM.
url must
be an existing URL expressed in one of the following formats:
- [file:]{/flash | /pcmcia1 | /hd-raid}[/directory]/<filename
- tftp://<host>[:<port>][/<directory>]/<filename
- ftp://[<username>[:<password>]@]<host>[:<port>][/<directory>]/<filename
- sftp://[<username>[:<password>]@]<host>[:<port>][/<directory>]/<filename
- http://[<username>[:<password>]@]<host>[:<port>][/<directory>]/<filename
When read via a file,
note that show
configuration will not contain the URL reference, but
will instead output the data via data pemdata,
such that the configuration file is self-contained.
no
Removes the named
CA certificate.
Usage:
In addition to the
X.509 certificate-based gateway authentication method and the PSK (Pre-Shared
Key) and EAP-AKA (Extensible Authentication Protocol - Authentication
and Key Agreement) peer (client) authentication methods, the FNG
and SCM support X.509 certificate-based peer authentication.
The FNG checks the
network policy on whether a FAP is authorized to provide service.
If the network policy states that all FAPs that pass device authentication
are authorized to provide service, no further authorization check
may be required. If the network policy requires that each FAP be
individually authorized for service (in the case where the FEID
is associated with a valid subscription), the FNG sends a RADIUS
Access-Request message to the AAA server. If the AAA server sends
a RADIUS Access-Accept message, the FNG proceeds with device authentication.
Otherwise, the FNG terminates the IPSec tunnel setup by sending
an IKEv2 Notification message indicating authentication failure.
The operator/administrator
is responsible for configuring the certificates through the CLI. The
system will generate an SNMP notification when the certificate is
within 30 days of expiration, and then once a day.
Example:
Use the following
command to remove a certificate named
fap1:
no ca-certificate
data fap1
ca-crl
Configures the name
and URL path of a Certificate Authority-Certificate Revocation List
(CA-CRL).
Product:
FNG
HNB-GW
PDG/TTG
PDIF
SCM (P-CSCF, A-BG)
S-GW
Syntax
ca-crl name name { der | pem } { url url }
no ca-crl name name
no
Removes the named
CA-CRL.
name
Provides a name of
the CA-CRL. name must
be an alphanumeric string of 1 through 128 characters.
der
Specifies that the
Distinguished Encoding Rules (DER) format is to be used for the
source format.
pem
Specifies that the
Privacy-enhanced Electronic Mail (PEM) format is to be used for
the source format.
url url
Specifies the URL
where the CA-CRL is to be fetched.
url must be
an existing URL expressed in one of the following formats:
- [file:]{/flash | /pcmcia1 | /hd-raid}[/directory]/<filename
- tftp://<host>[:<port>][/<directory>]/<filename
- ftp://[<username>[:<password>]@]<host>[:<port>][/<directory>]/<filename
- sftp://[<username>[:<password>]@]<host>[:<port>][/<directory>]/<filename
- http://[<username>[:<password>]@]<host>[:<port>][/<directory>]/<filename
Usage:
Use this command to
name and fetch a CA-CRL from a specified location.
Without additional
information from the CA, an issued certificate remains valid to
any verifier until it expires. To revoke certificates, the CA publishes
a CRL periodically to provide an updated list of certificates revoked,
but not yet expired. Like a certificate, a CRL is a digital document
signed by the CA. In addition to a list of serial numbers of revoked
certificates, the CRL includes attributes such as issuer name (same
as the issuer name in the certificate), signature (signed by the
issuer using the same key that signs certificates), last update
(the time this CRL was issued), and next update (the time next CRL
will be available).
Example:
The following command
fetches a CA-CRL named
list1.pem from
a
host.com/CRLs location
and names the list
CRL5:
ca-crl name CRL5 pem
url http://host.com/CRLs/list1.pem
call-control-profile
Creates an instance
of a call-control profile.
Privilege:
Security Administrator,
Administrator
Syntax
[ no ] call-control-profile cc_profile_name
no
Deletes the Call-Control
Profile instance from the configuration.
cc_profile_name
Specifies the name
of the call-control profile. Enter an alphanumeric string of 1 through
64 characters.
Usage:
Use this command to
create an instance of a call-control profile and to enter the call-control
profile configuration mode. A call-control profile is a template
which groups a set of call-handling instructions that may be applicable
to one or more incoming calls. See the Call-Control Profile
Configuration Mode Commands chapter for information regarding
the definition of the rules contained within the profile and the
use of the profile.
IMPORTANT:
A call-control profile
is a key element of the Operator Policy feature and is only valid
when associated with at least one operator policy.
To see what call-control
profiles have already been created, return to the Exec mode and enter
the show call-control-profile
all command.
Example:
The following command
creates a configuration instance of an call-control profile:
call-control-profile ccprof1
card
Enters the card configuration
mode for the card specified.
Privilege:
Security Administrator,
Administrator
number
Specifies the number
of the card for which the card configuration mode is to be entered. number must
be an integer from 1 through 48 (on the ASR 5000) or 1 through 20
(on the ASR 5500).
Usage:
Enter the configuration
mode for a specific card when changes a required.
IMPORTANT:
This command is not
supported on all platforms.
card-standby-priority
Configures the redundancy
priorities for packet processing cards by specifying the slot number
search order for a standby card when needed.
Privilege:
Security Administrator,
Administrator
Syntax
card-standby-priority slot_num [ slot_num ] [ slot_num ] ...
slot_num
Specifies the slot
of the card for the order of the standby cards. slot_num must
be in the range from 1 through 16 excluding slots 8 and 9 (on the
ASR 5000) or 1 through 10 excluding slots 5 and 6 (on the ASR 5500). slot_num may
be repeated as many times as necessary to indicate the complete
search order.
Usage:
Set the standby order
of the redundant cards when multiple standby cards are available.
Questionable hardware
should be placed lower in the priority list.
IMPORTANT:
This command replaces
the pac-standby-priority command.
IMPORTANT:
This command is not
supported on all platforms.
Example:
The following command
configures the redundancy priority to use the standby cards in slots 16,
14, and 12 in that order:
card-standby-priority
16 14 12
cdr-multi-mode
This command enables
multiple instances of CDRMOD, one per packet processing card.
Privilege:
Security Administrator,
Administrator
Syntax
[ default ] cdr-multi-mode
default
Configures this command
with its default setting.
Default: Single-CDRMOD
mode
Usage:
Use this command to enable
the multi-CDRMOD mode, wherein there will be one instance of CDRMOD
per packet processing card. All the SessMgr instances that are running
on a packet processing card will send the records to the CDRMOD
instance running on that card.
By default, CDRMOD runs
in single mode, wherein there will be only one instance of CDRMOD
running for the entire chassis. All the SessMgr instances that are
running on a packet processing card will send the records to the
CDRMOD instance.
IMPORTANT:
For changes to this command
to take effect, save the configuration and reboot the system.
IMPORTANT:
In multi-CDRMOD mode,
you should enable hard-disk usage.
certificate
Configures and selects
an X.509 Trusted Author certificate.
Product:
ACS
ePDG
FNG
PDG/TTG
PDIF
SCM (P-CSCF, A-BG)
Privilege:
Administrator, Security
Administrator, Operator
Syntax
certificate name name pem { data pemdata | url url } private-key
pem { [ encrypted ] data pemdata | url url }
no certificate name name
name name
Names the certificate. name must
be from 1 to 128 alphanumeric characters.
pem
Specifies that the
Privacy-enhanced Electronic Mail (PEM) format is to be used.
data pemdata
Certificate/private
key data in PEM format. pemdata must
be an alphanumeric string of 1 through 4095 (certificate) or 1 through
8191 (private key) characters.
url url
URL of the file containing
certificate/private key in PEM.
url must
be an existing URL expressed in one of the following formats:
- [file:]{/flash | /pcmcia1 | /hd-raid}[/directory]/<filename
- tftp://<host>[:<port>][/<directory>]/<filename
- ftp://[<username>[:<password>]@]<host>[:<port>][/<directory>]/<filename
- sftp://[<username>[:<password>]@]<host>[:<port>][/<directory>]/<filename
- http://[<username>[:<password>]@]<host>[:<port>][/<directory>]/<filename
When read via a file, show configuration will not contain the
URL reference, but instead outputs the data via data pemdata,
such that the configuration file is self-contained.
private-key
Private key data.
encrypted
Encrypted private
key data.
no
Removes the named
certificate.
Usage:
A certificate authority
or certification authority (CA) is an entity which issues digital certificates
for use by other parties. It is an example of a trusted third party.
CAs are characteristic of many public key infrastructure (PKI) schemes.
If CERT information
is configured, the system will include the CERT payload in the first IKE_AUTH
Response during the first authentication. The system stores its
own certificate for use in the first AUTH calculation. MS will not
have its own certificate from CA. Still, it will be capable of accepting
a certificate from the system and verify AUTH.
The operator/administrator
is responsible for configuring the certificates through the CLI. The
system will generate an SNMP notification when the certificate is
within 30 days of expiration, and then once a day.
Example:
Use the following
command to remove a certificate named
box1:
no certificate data box1
cli
Configures global
Command Line Interface (CLI) parameters.
Privilege:
Security Administrator,
Administrator
Syntax
cli { access { monitor-protocol | monitor-subscriber | show-configuration } { administrator | operator } } | configuration-monitor | login-failure-delay
number | max-sessions number | operator clear-subscriber-one-only | trap config-mode }
no cli { configuration-monitor | hidden | login-failure-delay
number | max-sessions | operator clear-subscriber-one-only | trap
config-mode }
default cli { access { monitor-protocol | monitor-subscriber | show-configuration } | configuration-monitor | login-failure-delay | max-sessions | operator
clear-subscriber-one-only | trap config-mode }
no
Removes the specified
option.
default
Resets the keywords
to their default values.
access { monitor-protocol | monitor-subscriber | show-configuration } { operator | administrator }
Sets access privileges
on the monitor
protocol and monitor subscriber commands:
monitor-protocol:
Selects privileges for the monitor protocol command.
monitor-subscriber:
Selects privileges for the monitor subscriber command.
show-configuration:
Selects privileges for the show-configurationcommand.
However the default access level for this command is the user with
operator privileges.
operator:
Sets the privileges for the selected command to allow use by users
with operator privileges.
administrator:
Restricts use of the selected command to administrators only.
login-failure-delay number
Specifies the time
to wait before a login failure is returned and another login may
be attempted. Default is five seconds.
max-sessions number
Sets the number of
allowed simultaneous CLI sessions on the system. If this value is
set to a number below the current number of open CLI sessions, the
open sessions will continue until closed. number must
be an integer from 2 through 100.
CAUTION:
Use caution when setting
this command. Limiting simultaneous CLI sessions prevents authorized
users from accessing the system if the maximum number allowed has
been reached. The system already limits CLI sessions based on available
resources. Additional limitation could have adverse effects.
operator clear-subscriber-one-only
Restricts Operator
to clearing only one subscriber session at a time.
trap config-mode
Enables sending an
SNMP notification (trap) when a CLI user enters the configuration mode.
Usage:
This command sets
access parameters and enables several operational parameters for
the system’s command line interface.
Example:
The following command
sets the number of allowed simultaneous CLI sessions to
5.
cli max-sessions 5
The following command
sets the command
monitor protocol to
administrator-only
cli access monitor-protocol administrator
clock
Configures system
clock timezone and what local time zone to use.
Privilege:
Security Administrator,
Administrator
Syntax
clock timezone tz [ local ]
no clock timezone
no
Resets the system
timezone to the system default UTC.
tz
Specifies the system
time zone to use as one of:
- america-buenos-aires
(GMT-3:00; Buenos Aires)
- america-caracas (GMT-4:00)
Caracas
- america-guatemala
(GMT-6:00; Guatemala, Guatemala)
- america-la_paz
(GMT-4:00; La Paz)
- america-lima (GMT-5:00;
Lima, Peru)
- america-puerto-rico
(GMT-4:00; Puerto Rico)
- america-sao-paulo
(GMT -3:00; Brazil)
- america-tijuana (GMT-8:00;
Tijuana)
- asia-almaty (GMT+6.00;
Almaty, Kazakhstan)
- asia-baghdad (GMT+3:00;
Baghdad, Russia Zone 2, Kuwait, Nairobi, Riyadh, Moscow, Tehran)
- asia-bangkok (GMT+7:00;
Bangkok)
- asia-calcutta (GMT+5:30;
Calcutta, Mumbai, New Delhi)
- asia-dhaka (GMT+6:00;
Dhaka)
- asia-hong-kong (GMT+8:00;
Hong_Kong)
- asia-irkutsk (GMT+9:30;
Irkutsk)
- asia-kabul (GMT+4:30;
Kabul)
- asia-karachi (GMT+5:00;
Karachi)
- asia-katmandu (GMT+5:45;
Kathmandu)
- asia-magadan (GMT+11:00;
Magadan)
- asia-muscat (GMT+4:00;
Abu Dhabi, UAE, Muscat, Tblisi, Volgograd, Kabul)
- asia-rangoon (GMT+6:30;
Rangoon)
- asia-seoul (GMT+9:00)
Seoul
- asia-tehran (GMT+3:30;
Tehran)
- asia-tokyo (GMT+9:00;
Tokyo, Russia Zone 8)
- atlantic-azores (GMT-2:00;
Azores)
- atlantic-cape-verde
(GMT-1:00; Cape Verde Islands)
- australia-perth (GMT+8:00)
Perth
- australia-darwin (GMT+9:30)
Northern Territory - Alice Springs, Darwin, Uluru
- australia-adelaide
(GMT+9:30) Southern Territory - Adelaide
- australia-melbourne
(GMT+10:00) Victoria - Ballarat, Melbourne
- australia-sydney (GMT+10:00)
New South Wales - Newcastle, Sydney, Wollongong
- australia-hobart (GMT+10:00)
Tasmania - Hobart, Launceston
- australia-brisbane
(GMT+10:00) Queensland - Brisbane, Cairns, Toowoomba, Townsville
- australia-lordhowe
(GMT+10:30) Lord Howe Island
- canada-newfoundland
(GMT-3:30; Newfoundland)
- canada-saskatchewan
(GMT-6:00; Saskatchewan)
- europe-central (GMT+1:00;
Paris, Berlin, Amsterdam, Brussels, Vienna, Madrid, Rome, Bern,
Stockholm, Oslo)
- europe-dublin (GMT+0:00)
Dublin, Ireland
- europe-eastern (GMT+2:00;
Russia Zone 1, Athens, Helsinki, Istanbul, Jerusalem, Harare)
- newzealand-auckland
(GMT +12:00; Auckland, Willington)
- newzealand-chatham
(GMT +12:45; Chatham)
- nuku (GMT-13:00; Nuku'alofa)
- pacific-fiji (GMT+12:00;
Wellington, Fiji, Marshall Islands)
- pacific-guam (GMT+10:00;
Brisbane, Cairns, Sydney, Guam)
- pacific-kwajalein
(GMT-12:00; Kwajalein)
- pacific-norfolk -
(GMT+11:30) Norfolk Island
- pacific-samoa (GMT-11:00;
Samoa)
- us-alaska (GMT-9:00;
Alaska)
- us-arizona (GMT-7:00;
Arizona)
- us-central (GMT-6:00;
Chicago, Mexico City, Saint Louis)
- us-eastern (GMT-5:00;
Bogota, Lima, New York City)
- us-hawaii (GMT-10:00;
Hawaii)
- us-indiana (GMT-6:00;
Indiana)
- us-mountain (GMT-7:00;
Cheyenne, Denver, Las Vegas)
- us-pacific (GMT-8:00)
San Francisco, LA, Seattle
- utc (GMT; Universal
Time Coordinated: London, Dublin, Edinburgh, Lisbon, Reykjavik,
Casablanca)
local
Indicates the timezone
specified by tz is
to be considered the local time zone for local time display and
conversion.
Usage:
Clock and timezone
management is necessary for proper accounting records. The chassis may
be set to display a different local time than that of the system
clock which allows accounting records to use the system time but
to display the proper local time for users.
Example:
clock timezone utc
clock timezone us-indiana local
no clock timezone
congestion-control
overload-disconnect
This command enables
and disables the policy for disconnecting passive calls (chassis-wide)
during an overload situation. It also configures and fine-tunes
the overload-disconnect congestion control policy for an entire
chassis.
Privilege:
Security Administrator,
Administrator
Syntax
congestion-control
overload-disconnect [ iterations-per-stage integer | percent percentage_value | threshold { license-utilization percentage_value | max-sessions-per-service-utilization percentage_value | tolerance number } ]
default congestion-control
overload-disconnect [ iterations-per-stage | percent | threshold { license-utilization | max-sessions-per-service-utilization | tolerance } ]
no congestion-control
overload-disconnect
default
When “default” and
one of the keywords is added to the command, the policy remains
in its current state and the value for the specified keyword is
reset to its default value.
When “default” and
the command are entered without keywords, the overload-disconnect policy
for congestion control is disabled.
no
Disables the overload-disconnect
policy for congestion control.
iterations-per-stage integer
Specifies the number
of calls to be disconnected during the defined number of seconds. integer is
a value from 2 through 8. The default value is 8.
percent percentage_value
Specifies the percentage
of calls to be disconnected, in stages, during an overload situation. percentage_value is
an integer from 1 through 100. The default value is 5.
threshold
license-utilization: Specifies
the license-utilization percentage threshold for overload situations.
If candidates are available, passive calls are disconnected when
this threshold is exceeded. percentage_value is
an integer from 1 through 100. The default value is 80.
max-sessions-per-service-utilization: Specifies
a percentage of the maximum sessions per service. If candidates
are available, passive calls are disconnected when this threshold
is exceeded. percentage_value is
an integer from 1 through 100. The default value is 80.
tolerance:Specifies
the percentage of calls the system disconnects below the values
set for the other two thresholds.
In
either case, a Clear Traps message is sent after the number of calls
goes below the corresponding threshold value. number is
an integer from 1 through 25. The default value is 10.
Usage:
Use this command to
set the policy for call disconnects when the chassis experiences
call overload.
To verify the congestion-control
configuration use show
congestion-control configuration from the Exec mode.
To set overload-disconnect
policies for individual subscribers., see overload-disconnect in
Subscriber Configuration Mode Commands.
Example:
The following command
sets an overload-disconnect policy for the chassis in which 5 calls would
be disconnected very 5 seconds during an overload situation.
congestion-control
overload-disconnect interations-per-stage 5
Both of the following
commands disable the overload-disconnect policy without changing the
policy configuration.
default congestion-control
overload-disconnect
or
no congestion-control
overload-disconnect
To instruct the system
to stop call disconnects when the number of calls goes down 85% of the
total allowed calls for that service, enter both of the following
commands to set the max-sessions-per-service-utilization value to
90% and the tolerance value to 5%:
congestion-control overload-disconnect threshold
max-sessions-per-service-utilization 90
congestion-control overload-disconnect threshold
tolerance 5
congestion-control
policy
Configures congestion
control policies.
Privilege:
Security Administrator,
Administrator
Syntax
congestion-control
policy { asngw-service | asnpc-service |
cscf-service | fng-service | ggsn-service | ha-service | hnbgw-service | hsgw-service | lma-service | lns-service | mipv6ha-service | pdg-service | pdif-service | pdsn-service | pdsnclosedrp-service | pgw-service | phsgw-service | phspc-service | sgsn-service | sgw-service } action { drop | none | redirect | reject }
congestion-control policy
mme-service action { drop | none | reject | report-overload { permit-emergency-sessions | reject-new-sessions | reject-non-emergency-sessions } enodeb-percentage percentage }
default congestion-control
policy { asngw-service | asnpc-service | cscf-service | epdg-service | fng-service | ggsn-service | ha-service | hnbgw-service | hsgw-service | lma-service | lns-service | mipv6ha-service | mme-service | pdg-service | pdif-service | pdsn-service | pdsnclosedrp-service | pgw-service | phsgw-service | phspc-service | sgsn-service | sgw-service }
default
Specifies the Congestion
Control policy action for the selected service to its default value.
asngw-service
Specifies the Congestion
Control policy action for the ASN-GW service.
asnpc-service
Specifies the Congestion
Control policy action for the ASN PC-LR service.
cscf-service
Specifies
the Congestion Control policy action for the CSCF service.
fng-service
Specifies
the Congestion Control policy action for the FNG service.
ggsn-service
Specifies the Congestion
Control policy action for the GGSN service.
ha-service
Specifies the Congestion
Control policy action for the HA service.
hnbgw-service
Specifies the Congestion
Control policy action for the HNB-GW service.
Supported policy actions
are:
- drop: Specifies
that the system should drop incoming packets containing new session
requests.
- none: Specifies
that the system should take no action.
- reject:
Specifies that the system processes new session request messages
and responds with a reject message.
lma-service
Specifies
the Congestion Control policy action for the LMA service
lns-service
Specifies the Congestion
Control policy action for the LNS service.
mipv6ha-service
Specifies the Congestion
Control policy action for the MIPv6-HA service.
mme-service
Sets the congestion
control policy for action to take when subscriber sessions exceeds
the defined threshold limit.
For
MME type of session/calls, redirect action
is not supported.
pdg-service
Specifies the Congestion
Control policy action for the PDG service.
pdif-service
Specifies the Congestion
Control policy action for the PDIF service.
pdsn-service
Specifies the Congestion
Control policy action for the PDSN service.
sgsn-service
Specifies the Congestion
Control policy action for the SGSN service.
action { drop | none | redirect | reject }
Specifies the policy
action:
report-overload { permit-emergency-sessions | reject-new-sessions | reject-non-emergency-sessions } enodeb-percentage percentage
IMPORTANT:
This set of keywords
is supported only by the MME.
Enables the MME to report
overload conditions to eNodeBs and take additional action to alleviate
congestion situations.
permit-emergency-sessions:
Specifies that only emergency sessions are allowed to access the
MME during the overload period.
reject-new-sessions:
Specifies that all new sessions destined for the MME will be rejected
during the overload period.
reject-non-emergency-sessions:
Specifies that all non-emergency sessions will be rejected during
the overload period.
enodeb-percentage percentage:
Configures the percentage of known eNodeBs that will receive the overload
report. percentage must
be an integer from 1 to 100.
Usage:
Congestion policies
can be configured for each service. When congestion control functionality
is enabled, these policies dictate how services respond should the
system detect that a congestion condition threshold has been crossed.
Example:
The following command
configures a congestion control policy of reject for PDSN services:
congestion-control
policy pdsn-service action reject
The following command
configures a congestion control policy of reject for MME services:
congestion-control
policy mme-service action reject
congestion-control
threshold
Configures the congestion
control threshold values that are to be monitored.
Privilege:
Security Administrator,
Administrator
Syntax
congestion-control
threshold { license-utilization percent | max-sessions-per-service-utilization percent | message-queue-utilization percent | message-queue-wait-time time | port-rx-utilization percent | port-specific { slot/port | all } [ tx-utilization percent ] [ rx-utilization percent ]port-specific-rx-utilization critical | port-specific-tx-utilization critical | port-tx-utilization percent | service-control-cpu-utilization percent | system-cpu-utilization percent | system-memory-utilization percent | tolerance percent }
default congestion-control
threshold { license-utilization | max-sessions-per-service-utilization | message-queue-utilization | message-queue-wait-time | port-rx-utilization | port-specific | tx-utilization | rx-utilization | port-tx-utilization | service-control-cpu-utilization | system-cpu-utilization | system-memory-utilization | tolerance }
no congestion-control
threshold port-specific { slot/port | all }
no congestion-control
threshold port-specific { slot/port | all } [ rx-utilization percent ] [ tx-utilization percent ]
no congestion-control
threshold port-specific-rx-utilization critical
no congestion-control
threshold port-specific-tx-utilization critical
no congestion-control
threshold { message-queue-utilization | message-queue-wait-time | port-rx-utilization percent | port-tx-utilization
percent | service-control-cpu-utilization | system-cpu-utilization | system-memory-utilization }
default congestion-control
threshold keyword
Sets the threshold
keyword to its default value.
no congestion-control
threshold port-specific { slot/port | all }
This command disables
port specific threshold monitoring on the specified port or on all ports.
slot/port:
Specifies the port for which port specific threshold monitoring
is being configured. The slot and port must refer to an installed
card and port.
all: Set
port specific threshold monitoring for all ports on all cards.
no congestion-control
threshold port-specific-rx-utilization critical
This command disables
specific receive port utilization.
no congestion-control
threshold port-specific-tx-utilization critical
This command disables
specific transmit port utilization.
license-utilization percent
Default: 100
The percent utilization
of licensed session capacity as measured in 10 second intervals.
percent can
be configured to any integer value from 0 to 100.
max-sessions-per-service-utilization percent
Default: 80
The percent utilization
of the maximum sessions allowed per service as measured in real-time.
This threshold is based on the maximum number of sessions or PDP
contexts configured for the a particular service. (Refer to the
bind command
for the PDSN
, GGSN,
SGSN, or HA services.)
percent can
be an integer from 0 through 100.
message-queue-utilization percent
Default: 80
The percent utilization
of the Demux Manager software task’s message queue as measured in
10 second intervals. The queue is capable of storing a maximum of
10000 messages.
percent can
be an integer from 0 through 100.
message-queue-wait-time time
Default: 5
The maximum time (in
seconds) messages can be held in queue as measured by packet time stamps.
time is measured
in seconds and can be an integer from 1 through 30.
IMPORTANT:
In the event that this
threshold is crossed, an SNMP trap is not triggered. The service
congestion policy invocation resulting from the crossing of this
threshold is enforced only for the packet that triggered the action.
[ no ] port-rx-utilization percent
Default: 80
The average percent
utilization of port resources for all ports by received data as
measured in 5-minute intervals.
percent can
be an integer from 0 through 100.
[ no ] port-specific { slot/port | all } [ rx-utilization percent ] [ tx-utilization percent]
Default: Disabled
Sets port-specific
thresholds. If you set port-specific thresholds, when any individual
port-specific threshold is reached, congestion control is applied
system-wide.
slot/port:
Specifies the port for which port-specific threshold monitoring
is being configured. The slot and port must refer to an installed
card and port.
all: Set
port specific threshold monitoring for all ports on all cards.
rx-utilization percent: Default
80%. The average percent utilization of port resources
for the specified port by received data as measured in 5-minute
intervals. percent must
an integer from 0 through 100.
tx-utilization percent: Default
80%. The average percent utilization of port resources
for the specified port by transmitted data as measured in 5-minute
intervals. percent must
be an integer from 0 through 100.
[ no ] port-tx-utilization percent
Default: 80
The average percent
utilization of port resources for all ports by transmitted data
as measured in 5-minute intervals.
percent can
be an integer from 0 through 100.
service-control-cpu-utilization percent
Default: 80
The average percent
utilization of CPUs on which a Demux Manager software task instance is
running as measured in 10-second intervals.
percent can
be an integer from 0 through 100.
system-cpu-utilization percent
Default: 80
The average percent
utilization for all PSC/PSC2
CPUs available to the system as measured in 10-second intervals.
percent can
be an integer from 0 through 100.
This threshold setting
can be disabled with no
congestion-control threshold system-cpu-utilization command.
In case later you want to enable the same threshold setting congestion-control
threshold system-cpu-utilization command will enable the
CPU utilization threshold to preconfigured level.
system-memory-utilization percent
Default: 80
The average percent
utilization of all CPU memory available to the system as measured
in 10-second intervals.
percent can
be an integer from 0 through 100.
tolerance percent
Default: 10
The percentage under
a configured threshold that dictates the point at which the condition
is cleared.
percent can
be an integer from 0 through 100.
Usage:
Thresholds dictate
the conditions for which congestion control is to be enabled and establish
limits for defining the state of the system (congested or clear).
These thresholds function in a similar fashion to the operation
thresholds that can be configured for the system (as described in
later in this chapter). The primary difference is that when these
thresholds are reached, not only is an SNMP trap generated (starCongestion),
but a service congestion policy is invoked as well.
The tolerance parameter
establishes the threshold at which the condition is cleared. An SNMP
trap (starCongestionClear) is generated for the clear condition,
as well.
IMPORTANT:
The MME (version 14.0
and higher) supports three levels of thresholds – critical,
major and minor – for each condition. Refer to the congestion-control threshold commands
immediately following this command for information specific to the
MME.
Example:
The following command
configures a system CPU utilization threshold of 75%.
congestion-control threshold
system-cpu-utilization 75
This setting will
remain in configuration unless you specify another threshold value
in place of 75. This threshold setting can be disabled with no congestion-control threshold
system-cpu-utilization command but cannot be removed from configuration.
Later if you want to enable the previously configured threshold
value of 75 percent,
you only need to enter the congestion-control
threshold system-cpu-utilization command without specifying
any threshold value. It will enable the CPU utilization threshold
to preconfigured level of 75 percent.
For example, no congestion-control
threshold system-cpu-utilization disables the configured
threshold setting and congestion-control
threshold system-cpu-utilization again enables the threshold
setting of 75%.
The following command
configures a threshold tolerance of 5%:
congestion-control threshold
license-utilization tolerance 5
In the above examples,
the starCongestion trap gets triggered if the license utilization
goes above 75% and the starCongestionClear trap gets triggered
if it reaches or goes below 70%.
content-filtering
category database directory
This command configures
the base directory to be used for storing all content-rating databases
that are required for Category-based Content Filtering application.
Privilege:
Security Administrator,
Administrator
Syntax
content-filtering
category database directory path directory_path
default content-filtering
category database directory path
default
Specifies the default
base directory and directory path for Category-based Content Filtering application.
directory_path
Default: /pcmcia1/cf
Specifies the base
directory and its path to store all of the full or incremental content
rating databases for the Category-based Content Filtering application.
directory_path must
be an alphanumeric string of 1 through 255 characters.
Usage:
Use this command to
specify the directory and its path to download all full or incremental category-rating
databases to be used for the Category-based Content Filtering application.
Merging of incremental
database can be done as part of the database upgrade process preformed
with upgrade
content-filtering category database command in the Executive
Mode.
Example:
The following command
configures the
/flash/cf_temp/DB as
the base directory to download all full and incremental content-rating
databases for content filtering application.
content-filtering
category database directory path /flash/cf_temp/DB
content-filtering
category database max-versions
This command configures
the number of full content-rating databases to maintain/archive
in the base directory for category-based content filtering application.
Privilege:
Security Administrator,
Administrator
Syntax
content-filtering
category database max-versions num_archive
default content-filtering
category database max-versions
default
Sets the default number
of full databases for specified directory path/location.
num_archive
Default: 2
Specifies the maximum
number of database to be archived or maintained in the specific location.
num_archive must
be an integer from 1 through 3.
Usage:
Use this command to
set the number of full content-rating database to be maintained
in the specified directory path with the base file name specified
using the content-filtering
database override file command. The specified directory path
is the location specified using the content-filtering
category database directory path command.
Example:
The following command
configures the system to maintain
3 full content-rating
databases for category-based content filtering application.
content-filtering
category database max-versions 3
content-filtering
category database override
This command specifies
the name of a file to be used by the category-rating database load
process for category-based content filtering application.
Privilege:
Security Administrator,
Administrator
Syntax
content-filtering
category database override file file_name.extension
default content-filtering
category database override file
default
Sets the default content
rating database file name; for example, optcmd.bin.
file file_name.extension
Specifies the header
of the file in the database directory path location to determine
the newest full database.
file_name must
be an alphanumeric string of up to 10 characters with an extension
of 3 characters after a period (.) as extension.
Usage:
Use this command to
configure the category-rating database file name to determine the newest
version of full database. A process called “LOAD_DATABASE” invokes
during the system startup or the database upgrade process by upgrade content-filtering
category database command in Executive Mode. This process
examines the header of each of the files in the database folder
specified by content-filtering category
directory path command in this mode.
Note that by default
system examines the header of those files only which begins with
the string “OPTCMDB” and having extension “.bin”.
Example:
The following command
configures the system to examine the header of files that begins with
CF_sta.DB only
for content filtering application.
content-filtering category
database override file CF_sta.DB
context
Enters the Context
Configuration mode or is used to add or remove a specified context.
Privilege:
Security Administrator,
Administrator
Syntax
context name [ -noconfirm ]
no context name
no
Removes the specified
context from the configuration.
name
Specifies the name
of a context to enter, add, or remove. When creating a new context,
the context name must be unique.
IMPORTANT:
When creating a new
context, the context
name specified must not conflict with the name of any
existing context or domain names.
-noconfirm
Indicates that the
command is to execute without any additional prompt and confirmation from
the user.
Usage:
Configure contexts
or remove obsolete contexts.
IMPORTANT:
A maximum of 64 contexts
may be created.
crash enable
Enables or disables
the copying of crash data to a specified location.
Privilege:
Security Administrator,
Administrator
Syntax
crash enable [ encrypted ] url crash_url [ filename-pattern pattern ] [ restrict mbyte ]
no crash enable
no
Removes the specified
context from the configuration.
IMPORTANT:
System crash information
is generated and stored in the crash list even when the no keyword
is specified. The information maintained in the crash lists is minimal
crash information when the no keyword
has been specified.
encrypted
Indicates that the
URL encrypted for security reasons.
filename-pattern pattern
The
filename-pattern is
a an alphanumeric string containing any or all of the following
variables:
- %hostname% -
The system hostname.
- %ip% -
A SPIO IP address
- %cpu% -
CPU number
- %card% -
Card number
- %time% -
POSIX timestamp in hexadecimal notation
- %filename% -
Alias for crash-%card%-%cpu%-%time-core%
- %% -
A single % sign
If no pattern is specified,
the result is the same as the pattern filename.
Use '/' characters
in the filename pattern part to store crashes in per-system subdirectories.
url crash_url
Specifies the location
to store crash files. crash_url may
refer to a local or a remote file. crash_url must
be entered using the following format:
For the ASR 5000:
- [ file: ]{/flash|/pcmcia1|/hd}[/directory]/
- tftp://{host[:port#]}[/directory]/
- [ ftp: | sftp: ]//[username[:password]@] {host}[:port#][/directory]/
IMPORTANT:
Use of the SMC hard
drive is not supported in this release.
IMPORTANT:
Do not use the following
characters when entering a string for the field names below: “/” (forward
slash), “:” (colon) or “@” (at
sign).
directory is
the directory name.
filename is
the actual file of interest.
username is
the user to be authenticated.
password is
the password to use for authentication.
host is
the IP address or host name of the server.
port# is
the logical port number that the communication protocol is to use.
restrict mbyte
Specifies a maximum
amount of memory (in megabytes) to use for storing crash files as
an integer from 1 through 128. Default: 128
The restrict keyword
is only applicable to local URLs.
Usage:
Enable crashes if
there are systems that are not stable and the crash information
will be useful for trouble shooting. The remote storage of the crash
file reduces the memory utilized on the chassis.
Example:
crash enable ftp://remoteABC/pub/crash.dmp
crash enable /flash/pub/data/crash.dmp
restrict 64
no crash enable
cs-network
This command creates/removes
an HNB-CS network configuration instance for Femto UMTS access over
Iu-CS/Iu-Flex interface between Home NodeB Gateway (HNB-GW) service
and CS networks elements; i.e. MSC/VLR. This command also
configures an existing HNB-CS network instance and enters the HNB-CS
Network Configuration mode on a system.
Syntax
cs-network cs_instance [ -noconfirm ]
no cs-network cs_instance
no
Removes the specified
HNB-CS network instance from the system.
CAUTION:
Removing the HNB-CS
network instance is a disruptive operation and it will affect all
UEs accessing MSC(s) configured in specific CS core network through
the HNB-GW service.
CAUTION:
If any HNB-CS Network
instance is removed from system all parameters configured in that mode
will be deleted and Iu-CS/Iu-Flex interface will be disabled.
cs_instance
Specifies the name of
the Circuit Switched Core Networks instance which needs to be associated
with the HNB Radio Network PLMN via the HNB RN-PLMN Configuration
mode. If cs_instance does
not refer to an existing HNB-PS network instance, the new HNB-CS
network instance is created.
cs_instance must
be an alphanumeric string of 1 through 63 characters.
-noconfirm
Indicates that the command
is to execute without any additional prompt and confirmation from
the user.
Usage:
Use this command to
enter the HNB-CS Network Configuration mode for an existing CS network
instance or for a newly defined HNB-CS network instance. This command
is also used to remove an existing HNB-CS network instance.
This configuration enables/disables
the Iu-CS/Iu-Flex interface on HNB-GW service with CS core
network elements; i.e. MSC/VLR.
A maximum of one HNB-CS
network instance per HNB-GW service instance which is further limited
to a maximum of 256 services (regardless of type) can be configured
per system.
CAUTION:
This is a critical configuration.
The HNBs cannot access MSC(s) in CS core network without this configuration.
Any change to this configuration would lead to disruption in HNB
access to CS core network.
Entering this command
results in the following prompt:
[context_name]hostname(config-cs-network)#
The various parameters
available for configuration of an HNB-CS network instance are defined
in the HNB-CS Network
Configuration Mode Commands chapter.
Example:
The following command
enters the existing HNB-CS Network configuration mode (or creates
it if it does not already exist) for the instance named
hnb-cs1:
cs-network hnb-cs1
The following command
will remove HNB-CS network instance
hnb-cs1 from
the system without any warning to operator:
no cs-network hnb-cs1
css acsmgr-selection-attempts
This is a restricted
command.
In 9.0 and later
releases this command is obsolete.
css delivery-sequence
This is a restricted
command.
In 9.0 and later
releases this command is obsolete.
css service
This is a restricted
command.
In 9.0 and later
releases this command is obsolete.
default
Restores the system
default values for the specified parameters.
Privilege:
Security Administrator,
Administrator
Syntax
default { aaa { accounting-overload-protection
domain-matching | usrname-format } | arp
base-reachable-time |autoconfirm | banner [ lawful-intercept | motd | pre-login ] | boot [ delay | interface | nameserver | networkconfig ] | bulkstats
historical collection | card-standby-priority | cdr-multi-mode | clock
timezone | cli max-sessions | congestion-control [ overload-disconnect | policy | threshold } | diameter-proxy
ram-disk | enforce { imsi-min equivalence | ip
optimize-ipid-assignment } | gtpp { compression-processes | ram-disk-limit } | high-availability
fault-detection speed | local-user { allow-aaa-authentication | lockout-time | max-failed-logins } | logging { display | filter
runtime } | network-overload-protection | operational-mode | pac-standby-priority | qos
npu inter-subscriber traffic { bandwidth | priority [ assigned-to
dscp { af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | be | ef } ] } | require { cipher ssl
resource-percentage | demux card | session recovery } | reveal
disabled commands | snmp { engine-id | heartbeat | history
heartbeat | notif-threshold } | system { contact | description | hostname | location | serial-number } | system-mac | system-priority | task { facility
sessmgr start | resource cpu-memory-low } | terminal { all | databits | flowcontrol | parity | speed | stopbits }| threshold { value } | timestamps | upgrade
limit [ time ] [ usage] }
aaa { accounting-overload-protection
domain-matching | usrname-format }
Restores the aaa behavior
to its default of disabled for the following options:
- accounting-overload-protection:
Disables OverLoad Protection Policy for Accounting Requests.
- domain-matching:
Restores the default domain matching method.
- username-format:
Restores the use of the default username format for global AAA
services
arp base-reachable-time
Restores ARP base-reachable-time
to 30 seconds.
autoconfirm
Restores the autoconfirm
behavior to its default of disabled.
banner
lawful-intercept -
Restores the system default message of the day for SSH CLI sessions.
motd - Restores
the system default message of the day banner.
pre-login - Restores
the CLI log in banner to the system default.
boot [ delay | interface | nameserver | networkconfig ]
interface | networkconfig -
Restores the default boot interface and network configuration options.
The keywords interface and networkconfig are
used to restore the default option settings for the interface and
network configuration options, respectively.
Defaulting the network
configuration boot option removes the network boot option from the boot.sys
file. It does not remove the network config options from the configuration
file which is managed separately from the boot.sys file.
delay - Removes
the boot delay setting (if any). The default for boot delay is “no
boot delay”.
nameserver -
Removes the nameserver IP address.
card-standby-priority
Resets the standby
priority of the Packet Services Cards.
cdr-multi-mode
Restores the default
value of this command to Single-CDRMOD mode.
cli max-sessions
Restores the default
value of this command to no cli max-sessions which
removes the limit on the number of allowed simultaneous CLI sessions
on the system.
clock-timezone
Restores the system’s
clock timezone to UTC.
congestion-control [ overload-disconnect | policy | threshold ]
Restores the system’s
congestion-control functionality to its default setting of disabled.
You can selectively restore other components to their default values.
diameter-proxy ram-disk
Restores the ram-disk
size to 32MB.
enforce { imsi-min
equivalence | ip optimize-ipid-assignment }
Disables the enforcement
of either option.
gtpp { compression-process | ram-disk-limit }
Restores number of
compression processes allowed to 1.
Restores the RAM disk
size to 32MB.
high-availability fault-detection
speed
Restores speed to
Norma1.
local-user { allow-aaa-authentication | lockout-time | max-failed-logins }
Enables aaa-authentication.
Restores lock-time
to 60 minutes.
Restores max-failed-logins
to 5.
logging {display | filter
runtime}
display:
sets the default level of detail to display for trace log information
to the system default.
filter runtime:
resets the filtering of logged information to log in real time.
network-overload-protection
For SGSN, disables
this attach rate throttle feature that provides network overload protection.
operational-mode
Sets the operational
mode of the chassis to the system default.
pac-standby-priority
This parameter has
been replaced by the card-standby-priority keyword.
qos npu inter-subscriber
traffic {bandwidth | priority [ assigned-to
dscp { af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | be | ef } ] }
Restores the following
NPU QoS parameters to their default values:
- gold: 10%
- silver: 20%
- bronze: 30%
- best-effort: 40%
- priority:
All DSCP values are mapped to the best-effort priority queue but
are not configured.
require { cipher
ssl resource-percentage | demux card | session recovery }
Resets the cipher
ssl resource-percentage to 0.
Disables the demux capabilities
on the demux card.
Disables the session
recovery featured.
snmp { engine-id | heartbeat | history
heartbeat |notif-threshold }
engine-id:
Restores the SNMP engine ID to the system default.
heartbeat:
Restores the SNMP heartbeat interval to 60 minutes.
history heartbeat:
Reenables the recording of heartbeat notifications in SNMP history.
notif-threshold:
Restores the SNMP notification thresholds to the system defaults.
system { contact | description | hostname | location | serial-number }
Sets the following
system parameters to their default values:
- contact: Resets
to none specified.
- description:
Resets to none specified.
- hostname:
Resets to “asr5000” or asr5500”.
- location:
Resets tro none specified.
- serial-number:
Reses to factory default.
system-mac hostname
Resets the system
MAC address to the factory default value.
system-priority hostname
Resets the system
priority to its default value.
task { facility
sessmgr start | resource cpu-memory-low }
facility sessmgr start:
Restores the default session manager start policy to Normal.
resource cpu-memory-low:
Resets the system so that when a CPU runs very low on memory (below
12MB) the most over-limit task is killed.
terminal { all | databits | flowcontrol | parity | speed | stopbits }
all: Restores
all terminal parameters to their default values.
databits:
Resets to 8 data bits.
flowcontrol:
Resets to none.
parity:
Resets to none.
speed: Resets
9600 bits/second.
stopbits:
Resets to one stop bit.
timestamps
Resets the inclusion
of timestamps in command.
upgrade limit [ time ] [ usage ]
Sets upgrade limit
values to the defaults. If the optional keywords are not specified
all values are reset to their defaults.
time: Resets
the maximum time a session may exist during a software upgrade to
the default of 120.
usage: Resets
the minimum number of sessions before closing the sessions during
a software upgrade to the system default of 100.
Usage:
Restore system defaults
to aid in trouble shooting or just prior to modifying additional configuration
options.
Example:
default banner motd
default boot
default logging display
default system hostname
default upgrade limit time
diameter-proxy
ram-disk
This command configures
the amount of extra RAM disk space in MB to be allocated to Diamproxy
task when local storage (hard disk) is enabled.
Product:
HSGW,
P-GW, S-GW
Privilege:
Security
Administrator, Administrator
Syntax
diameter-proxy ram-disk
mb space_mb
default diameter-proxy
ram-disk mb
default
Configures
the default setting.
Default:
32 MB
mb space_mb
Specifies
the storage space in MB.
space_mb must
be an integer from 10 through 256.
Usage:
Specifies
the additional storage space to be allocated to Diamproxy for file
write, in MB. The specified memory in MB is added to the existing
memory allocated to Diamproxy only if HDD storage is enabled. By
default, 32 MB is additionally allocated.
Example:
The
following command specifies that
100 MB of
additional storage space be allocated to the Diamproxy task:
diameter-proxy ram-disk
mb 100
end
Exits the current
configuration mode and returns to the Exec mode.
Privilege:
Security Administrator,
Administrator
Usage:
Use this command to
return to the Exec mode.
enforce imsi-min
equivalence
Enables the PDSN/HA
to treat IMSI and MIN as the same for identifying the PDSN/HA
session.
Privilege:
Security Administrator,
Administrator
Syntax
[ no | default ] enforce
imsi-min equivalence
default
Returns the command
to its default setting of disabled.
no
Disables the PDSN/HA
from treating IMSI and MIN as the same for identifying the PDSN/HA
session.
Usage:
Generally on an HA,
the IMSI and MIN are treated as different and hence the RRQs with 1x
and DO PDSNs are processed as different sessions. You can use this
feature to treat the IMSI and MIN with the matching lower 10-digit
as the same for identifying a session. The 10-digit MIN and the
15-digit IMSI are treated as equivalent for the purpose of matching
sessions if the lower 10 digits are the same. Any handoff from 1x
to DO or vice-versa is treated as the same session if the NAI and
HoA also match. If the NAI and/or HoA do not match, then
the duplicate IMSI session detect and terminate feature is applicable.
Generally on a PDSN,
the IMSI and MIN are treated as different and hence RP messages from
1x and DO PDSNs are processed as different sessions. You can use
this feature to treat the IMSI and MIN with the matching lower 10-digit
as the same for identifying a session. The 10-digit MIN and the
15-digit IMSI are treated as equivalent for the purpose of matching
PDSN sessions if the lower 10 digits are the same. Any handoff from
1x to DO or vice-versa is treated as the same session.
Example:
To monitor or clear
subscriber session information filtered by on IMSI/MIN
refer to the show
subscribers msid command.
IMPORTANT:
This command must
be executed at startup only and will not take effect when reconfigured
without rebooting.
Example:
The following command
enables the treatment of the IMSI and MIN as the same for identifying
the session:
enforce imsi-min equivalence
Either of the following
commands disables the treatment of the IMSI and MIN as the same for
identifying sessions:
no enforce imsi-min equivalence
default enforce imsi-min equivalence
exit
Exits the current
mode and returns to the parent configuration mode.
Privilege:
Security Administrator,
Administrator
Usage:
Use this command to
return to the parent configuration mode.
fa-spi-list
Replaces a duplicate
Foreign Agent- Security Parameter Index (FA-SPI) remote address
list applied to multiple FA services with a list name.
Privilege:
Security Administrator,
Administrator
Syntax
fa-spi-list fa_spi_list
fa_spi_list
Remote address list
name expressed as an alphanumeric string of 1 through 64 characters.
Usage:
Use this command to
Replace duplicate FA-SPI remote address list applied to multiple
FA or HA services with a list name.
Example:
The following command
configures the list FA SPI list to
fa-list2:
fa-spi-list fa-list2
global-title-translation
address-map
Creates an instance
of a Global Title Translation (GTT) address-map, a database, for
global titles (ISDN-type address) used for SCCP routing. Upon creating
the instance, the system enters global title translation address-map
configuration mode. For the commands to configure the database,
go to the Global Title
Translation Address-Map Configuration Mode Commands chapter.
Privilege:
Security
Administrator, Administrator
Syntax
global-title-translation
address-map instance instance
no global-title-translation
address-map instance instance
no
Removes the specified
GTT address-map database from the SCCP portion of the configuration.
instance
This value uniquely
identifies a specific instance of a GTT address-map.
instance must
be an integer from 1 through 4096.
Usage:
Create
a GTT address-map with a unique identifier and enter the GTT address-map configuration
mode.
Example:
global-title-translation
address-map instance 324
global-title-translation
association
Creates an instance
of a Global Title Translation (GTT) association which defines the
rules for handling global title translation. Upon creating the instance,
the system enters global title translation association configuration
mode. For the commands to configure the rules, go to the Global Title Translation
Association Configuration Mode Commands chapter.
Privilege:
Security Administrator,
Administrator
Syntax
global-title-translation
association instance instance
no global-title-translation
association instance instance
no
Removes the specified
instance of a GTT association from the SCCP portion of the configuration.
instance
This value uniquely
identifies a specific instance of a GTT association.
instance must
be an integer from 1 through 16.
Usage:
Create a GTT association
with a unique identifier and enter the GTT association configuration
mode.
Example:
global-title-translation
association instance 2
gtpp compression-process
This command configures
the maximum number of child compression processes that AAA proxy
can have.
Privilege:
Security Administrator,
Administrator
Syntax
gtpp compression-process max_number
default gtpp compression-process
default
Restores the system
to the default settings for the number of child compression processes allowed.
max_number
Specifies the maximum
number of child processes. The default is 1
max_number: must
be an integer from 1 through 4.
Usage:
This command configures
the maximum number of child compression processes that AAA proxy
can have only if hard disk storage is enabled.
Example:
gtpp compression-process 3
gtpp ram-disk-limit
This command configures
additional storage space to be allocated for writing files.
Privilege:
Security Administrator,
Administrator
Syntax
gtpp ram-disk-limit
mb mega_bytes
default gtpp ram-disk-limit
default
Restores the system
to the default settings of 32 MB of storage.
mb mega_bytes
Specifies the number
of megabytes of storage allocated for files.
mega_bytes: must
be an integer from 10 through 256. The default is 32 MB.
Usage:
The memory specified
with this command would be added to the existing memory allocated
to the AAA proxy only if hard disk storage is enabled.
Example:
gtpp ram-disk-limit
mb 256
gtpp single-source
Configures the system
to reserve a CPU for performing a proxy function for accounting.
Privilege:
Security Administrator,
Administrator
Syntax
gtpp single-source [ centralized-lrsn-creation | private-extensions ]
no gtpp single-source
centralized-lrsn-creation
Defines Log Record
Sequence Number (LRSN) generation at proxy. The AAA proxy will generate
the LRSN for all CDR types generated by either the GGSN or the SGSN.
Default: disabled
private-extensions
This optional keyword
enables the proprietary use of customer-specific GTPP extensions.
If private-extensions is
not configured, all customer specific private extensions related
to GTPP message transfer with CGF and recovery through GSS are disabled.
IMPORTANT:
In order for the customer-specific
extensions to work properly, the gtpp max-pdu-size command
in the Context Configuration Mode should be set to 65400 and the gtpp server command’s max value
should be set to “1”.
no
Disables GTPP single-sourcing.
This is the default setting.
CAUTION:
Entering this command
while PDP contexts are in process could cause the loss of pending CDRs.
The configuration must be saved and the chassis reloaded for this
option to take effect.
Usage:
When GTPP single-sourcing
is enabled, the system’s AAA proxy function generates requests
to the accounting server using a single UDP source port number,
instead of having each AAA Manager generate independent requests
with unique UDP source port numbers. This is accomplished by the
AAA Managers forwarding their GTPP PDUs to the AAA Proxy function that
runs on a reserved packet processing card CPU. Since a packet processing
card CPU is being reserved, fewer Session Managers and AAA Managers
will be started on that card.
CAUTION:
This command must
be entered prior to the configuration of other services. Specifying
it later may return an error due to a lack of CPU availability.
Example:
The following command
enables GTPP single-sourcing with the use of private GTPP extensions:
gtpp single-source
private-extensions
The following command
disables GTPP single-sourcing:
no gtpp single-source
ha-spi-list
Replaces a duplicate
Home Agent-Security Parameters Index (HA-SPI) remote address list
applied to multiple HA services with a list name.
Privilege:
Security Administrator,
Administrator
Syntax
ha-spi-list ha_spi_list
ha_spi_list
Remote address list
name expressed as an alphanumeric string of 1 through 64 characters.
Usage:
Use this command to
Replace duplicate HA-SPI remote address list applied to multiple HA
services with a list name.
Example:
The following command
configures the list HA SPI list to
ha-list2:
ha-spi-list ha-list2
hd raid
Provides access to
a the HD RAID Configuration mode in order to manage parameters supporting
local storage of data records.
Privilege:
Security Administrator,
Administrator
Usage:
Enters the HD RAID
configuration mode.
Entering this command
results in the following prompt:
[context_name]hostname(config-hd-raid)#
HD RAID Configuration
Mode commands are defined in the HD RAID Configuration Mode Commands chapter.
Example:
The following command
opens the HD RAID Configuration mode:
hd raid
hd storage-policy
Provides access to
the local hard drive configuration mode in order to manage parameters
supporting local storage of records.
Product:
GGSN, SGSN, HSGW, P-GW, S-GW
Syntax
[ no ] hd
storage-policy name
no
Removes a configured
HD storage policy from the system.
storage-policy name
Specifies a name for
an HD storage policy and then enters the HD Storage Policy Configuration
Mode. name must
be an alphanumeric string of 1 through 63 characters.
Usage:
Creates a new policy
or specifies an existing policy and enters the HD Storage Policy Configuration
Mode.
Entering this command
results in the following prompt:
[context_name]hostname(config-hd-storage-policy)#
HD Storage Policy
Configuration Mode commands are defined in the HD Storage Policy Configuration
Mode Commands chapter.
Example:
The following command
creates an HD storage policy named
policy3 and
enters the HD Storage Policy Configuration Mode:
hd storage-policy policy3
high-availability
Configures the speed
for detection of packet processing card task failures.
Privilege:
Security Administrator,
Administrator
Syntax
high-availability fault-detection
speed { aggressive | normal }
default high-availability
fault-detection speed
{ aggressive | normal }
Default:
normal
- aggressive:
Initiates packet processing card failover without performing additional
checks.
- normal:
Initiates packet processing card failover after additional checks
are performed.
Usage:
Use this command to
increase the fault detection speed for faster switchovers after
a packet processing card task failure.
Setting fault detection
speed to aggressive will trigger packet processing card failover
as soon as possible if a potential failure is detected. Aggressive
mode will reduce the duration of subscriber outages caused by a
failed packet processing card if session recovery is enabled.
Aggressive mode also
bypasses most information gathering steps and logs that can be used to
determine the root cause of the failure.
In normal mode, additional
checks are performed before triggering a packet processing card
failover to ensure that the card has actually failed. In aggressive
mode these checks are bypassed so that session recovery can start
as soon as possible. These additional checks reduce the likelihood
of a false positive failure.
Example:
The following command
sets the fault detection speed for packet processing card tasks
to
aggressive:
high-availability
fault-detection speed aggressive
hybrid-mode
Enables an ASR 5000
chassis to run a mix of Packet Services Cards (PSCs) and PSC Type
A (PSCAs). When enabled, PSCAs will boot and be compatible with
the PSCs as long as encryption services are disabled. The default
is to run the chassis in non-hybrid mode; PSCAs will not boot when
inserted in the chassis.
Privilege:
Security Administrator,
Administrator
Syntax
[ no ] hybrid-mode [force]
no
Returns the chassis
to non-hybrid mode. PSCAs will not boot.
force
Always updates the
configuration, even if the encryption services could not be disabled. However,
the PSC and PSCA cards will continue to be incompatible until encryption
services are manually disabled.
Usage:
To allow a chassis
to run in PSC/PSCA hybrid-mode with encryption services
disabled you must configure hybrid-mode
force once.
To go from hybrid mode
to non-hybrid mode, you must enter the no hybrid-mode force command.
Non-hybrid chassis mode allows encryption services to be started
through the appropriate CLI commands. However, all PSCAs in the
chassis will be disabled.
For additional information,
see the ASR 5000
Installation Guide.
Example:
The following command
enables the chassis to run a mix of PSCs and PSCAs without encryption
services:
hydrid-mode force
imei-profile
Creates an instance
of an International Mobile Equipment Identity (IMEI) profile.
Privilege:
Security Administrator,
Administrator
Syntax
[ no ] imei-profile imei_profile_name
no
Deletes the IMEI profile
instance from the configuration.
imei_profile_name
Specifies the name
of the IMEI profile as an alphanumeric string of 1 through 64 characters.
Usage:
Use this command to
create an instance of an IMEI profile and to enter the IMEI Profile Configuration
mode. An IMEI profile is a template which groups a set of device
instructions, such as blacklisting, that may be applicable to one
or more calling devices. See the IMEI Profile Configuration
Mode Commands chapter for information regarding the definition
of the rules contained within the profile and the use of the profile.
IMPORTANT:
An IMEI profile is
a key element of the Operator Policy feature and is only valid when associated
with at least one operator policy.
To see what IMEI profiles
have already been created, return to the Exec mode and enter the show imei-profile all command.
Example:
The following command
creates a configuration instance of an IMEI profile:
imei-profile imeiprof1