S-GW Sample Configuration Files

This appendix contains sample configuration files for the S-GW. The following configurations are supported:

In each configuration example, commented lines are labeled with the number symbol (#) and variables are identified using italics within arrow brackets (<variable>).

Standalone eGTP Serving Gateway

Configuration Sample

# Configuration
file for an ASR 5000 in an eGTP S-GW role
#
# Send S-GW
licenses
configure /flash/flashconfig/<sgw_license_name>.cfg
end
#
# Set system
to not require confirmation when creating new contexts and/or
services. Config file must end with “no autoconfirm” to
return the CLI to its default setting.
#
configure
   autoconfirm
#
# Configure
ASR 5000 cards
#
# Activate
the PSCs
   card <slot_number>
      mode
active psc
      exit
   card <slot_number>
      mode
active psc
      exit
# Repeat for
the number of PSCs in the system
   end
#
# Modify the
local context for local system management
configure
   context
local
      interface <name>
         ip
address <address> <mask>
         exit
      server
ftpd
         exit
      ssh
key <key>
length <bytes>
      server
sshd
         subsystem
sftp
         exit
      server
telnetd
         exit
      subscriber
default
         exit
      administrator
<name>
encrypted password <password>
ftp
      aaa
group default
         exit
      administrator
<name>
encrypted password <password>
ftp
      ip
route <ip_addr/ip_mask> <next_hop_addr> <lcl_cntxt_intrfc_name>
      exit
   port
ethernet <slot#/port#>
      no
shutdown
      bind
interface <lcl_cntxt_intrfc_name>
local
      exit
   ntp
      enable
      server
10.2.10.2
      exit
   snmp
engine-id local <id>
   snmp
notif-threshold <count>
low <low_count>
period <seconds>
   snmp
authentication-failure-trap
   snmp
heartbeat interval <minutes>
   snmp
community <string>
read-write
   snmp
target <name> <ip_address> 
   system
contact <string>
   system
location <string>
# Ingress context
configuration
   context
<sgw_context_name>
-noconfirm
      subscriber
default
         exit
      interface
<s1u-s11_interface_name>
         ip
address <ipv4_address_primary>
         ip
address <ipv4_address_secondary>
         exit
      interface <s4_interface_name>
         ip
address <ipv4_address_primary>
         ip
address <ipv4_address_secondary>
# note alternative
IPv6 address for both interfaces:
         ipv6
address <address>
         exit
      gtpp
group default
         exit
      gtpu-service <gtpu_s1us11_ingress_service_name>
         bind
ipv4-address <s1-us11_interface_ip_address>
# note alternative
IPv6 address:
         bind
ipv6-address <s1-us11_interface_ip_address>
         exit
      gtpu-service <gtpu_s4_ingress_service_name>
         bind
ipv4-address <s4_interface_ip_address>
# note alternative
IPv6 address:
         bind
ipv6-address <s4_interface_ip_address>
         exit
      egtp-service
<egtp_s1u-s11_ingress_service_name>
         interface-type
interface-sgw-ingress
         validation-mode
default
         associate
gtpu-service <gtpu_ingress_service_name>
         gtpc
bind address <s1u-s11_interface_ip_address>
         exit
      egtp-service <egtp_s4_ingress_service_name>
         interface-type
interface-sgw-ingress
         validation-mode
default
         associate
gtpu-service <gtpu_ingress_service_name>
         gtpc
bind address <s4_interface_ip_address>
         exit
      sgw-servers
<sgw_service_name>
-noconfirm
         associate
ingress egtp-service <egtp_ingress_service_name>
         associate
egress-proto gtp egress-context <egress_context_name>
         qci-qos-mapping <map_name>
         exit
      ip
route <pgw_ip_addr/mask> <sgw_next_hop_addr> <sgw_intrfc_name>
      exit
   port
ethernet <slot_number/port_number>
      no
shutdown
      bind
interface <s1u-s11_interface_name> <sgw_context_name>
      exit
# Egress context
configuration
   context
<egress_context_name>
-noconfirm
      interface <s5s8_interface_name>
         ipv6
address <address>
            tunnel-mode
ipv6ip
               source
interface <name>
               destination
address <ipv4_or_ipv6_address>
               exit
            exit
# note alternative
IPv4 address:
         ip
address <ipv4_address>
         exit
      interface <s12_interface_name>
         ip
address <ipv4_address_primary>
         ip
address <ipv4_address_secondary>
# note alternative
IPv6 address:
         ipv6
address <address>
         exit
      gtpu-service <gtpu_s5s8_egress_service_name>
         bind
ipv4-address <s5s8_interface_ip_address>
# note alternative
IPv6 address:
         bind
ipv6-address <s5s8_interface_ip_address>
         exit
      gtpu-service <gtpu_s12_egress_service_name>
         bind
ipv4-address <s12_interface_ip_address>
# note alternative
IPv6 address:
         bind
ipv6-address <s12_interface_ip_address>
         exit
      egtp-service <egtp_s5s8_egress_service_name>
         interface-type
interface-sgw-egress
         validation-mode
default
         associate
gtpu-service <gtpu_egress_service_name>
         gtpc
bind address <s5s8_interface_ip_address>
         exit
      egtp-service <egtp_s12_egress_service_name>
         interface-type
interface-sgw-egress
         validation-mode
default
         associate
gtpu-service <gtpu_egress_service_name>
         gtpc
bind address <s12_interface_ip_address>
         exit
      ip
route <pgw_ip_addr/mask> <sgw_next_hop_addr> <sgw_intrfc_name>
      exit
   port
ethernet <slot_number/port_number>
      no
shutdown
      bind
interface <s5s8_interface_name> <sgw_context_name>
      end
configure
# Optional IPSec
IKEv2 configuration for S1-U interface
   context <ingress_context_name>
      ipsec
transform-set <name>
         exit
      ikev2-ikesa
transform-set <name>
         lifetime <seconds>
         exit
      crypto
template <name>
ikev2-dynamic
         authentication
remote pre-shared-key encrypted key <enc_key> 
         ikev2-ikesa
transform-set list <list_name> 
         payload
<payload_name>
match childsa
            ipsec
transform-set list <name>
            lifetime <seconds>
            rekey
keepalive
            exit
         peer
network <ip_address> mask
<ip_mask>
encrypted pre-shared-key <key>
         end
# QCI-QoS mapping
   qci-qos-mapping <name>
      qci
1 user-datagram dscp-marking <hex>
      qci
3 user-datagram dscp-marking <hex>
      qci
9 user-datagram dscp-marking <hex>
      end