Call Control Profile
Configuration Mode
Call Control
Profile configuration mode defines call-handling rules which can
be combined with other profiles – such as an APN profile
(see the APN Profile Configuration
Mode Commands chapter) – when using the Operator Policy
feature. The call control profile is a key element in the Operator
Policy feature and the profile is not valid until it is associated
with an operator policy (see the associate command
in the Operator Policy
Configuration Mode Commands chapter).
The MME and SGSN each
support a maximum of 1,000 call control profiles; only one profile
can be associated with an operator policy.
By configuring a call
control profile, the operator fine tunes any desired restrictions
or limitations needed to control call handling per subscriber or
for a group of callers across IMSI (International Mobile Subscriber
Identity) ranges.
Upon accessing this
mode, the CLI prompt be similar to the following:
[local]asr5000(config-call-control-profile-<profile_name>)#
IMPORTANT:
The commands or keywords/variables
that are available are dependent on platform type, product version,
and installed license(s).
access-restriction-data
Enables the operator
to assign a failure code to be included in reject messages if the
attach rejection is due to access restriction data (ARD) checking
in the incoming subscriber data (ISD) messages. The operator can
also disable the ARD checking behavior.
Privilege:
Security Administrator,
Administrator
Syntax
access-restriction-data { failure-code cause_code | no-check }
remove access-restriction-data
failure-code
remove
Removes the failure
code setting for the reject message that could result from ARD checking.
failure-code cause_code
cause_code:
Enter an integer from 2 through 111; default code is 13 (roaming
not allowed in this location area [LA]).
Refer to the GMM failure
cause codes listed below (from section 10.5.5.14 of the 3GPP TS 124.008
v7.2.0 R7):
- 2 - IMSI unknown in
HLR
- 3 - Illegal MS
- 6 - Illegal ME
- 7 - GPRS services
not allowed
- 8 - GPRS services
and non-GPRS services not allowed
- 9 - MSID cannot be
derived by the network
- 10 - Implicitly detached
- 11 - PLMN not allowed
- 12 - Location Area
not allowed
- 13 - Roaming not allowed
in this location area
- 14 - GPRS services
not allowed in this PLMN
- 15 - No Suitable Cells
In Location Area
- 16 -MSC temporarily
not reachable
- 17 - Network failure
- 20 - MAC failure
- 21 - Synch failure
- 22 - Congestion
- 23 - GSM authentication
unacceptable
- 40 - No PDP context
activated
- 48 to 63 - retry upon
entry into a new cell
- 95 - Semantically
incorrect message
- 96 - Invalid mandatory
information
- 97 - Message type
non-existent or not implemented
- 98 - Message type
not compatible with state
- 99 - Information element
non-existent or not implemented
- 100 - Conditional
IE error
- 101 - Message not
compatible with the protocol state
- 111 - Protocol error,
unspecified
no-check
Including this keyword
with the command disables the ARD checking behavior.
Usage:
By default, the SGSN
checks access restriction data (ARD) within incoming insert subscriber
data (ISD) messages. This enables operator to selectively restrict
subscribers in either 3G (UTRAN) or 2G (GERAN). The SGSN ARD checking
behavior occurs during the attach procedure and if a reject occurs,
the SGSN sends the subscriber an Attach Reject message with a configurable
failure cause code.
Example:
For this call control
profile, the following command disables the ARD checking function:
access-restriction-data
no-check
accounting context
Defines the name of
the accounting context and optionally associates a GTPP group with
this call control profile.
Privilege:
Security Administrator,
Administrator
Syntax
accounting context
ctxt_name [ gtpp group grp_name ]
remove accounting context
remove
Removes the accounting
configuration from this profile’s configuration.
ctxt_name
Specifies the accounting
context as an alphanumeric string of 1 through 79 characters.
gtpp group grp_name
Identifies the GTPP
group, where the GTPP related parameters have been configured in
the GTPP Group Configuration mode, to associate with this call control
profile.
grp_nameis
a string of 1 to 63 characters (any combination of letters and digits)
to identify the GTPP group created with the gtpp group command
in the Context configuration mode.
Usage:
This command can be
used to associate a predefined GTPP server group - including all
its associated configuration - with a specific call control profile.
The GTPP group would have been defined with the gtpp group command
(see the Context Configuration
Mode Commands chapter).
If the GTPP group
is not specified, then a default GTPP group in the accounting context will
be used.
If this command is
not specified, use the name of the accounting context configured
in the SGSN service configuration mode (for 3G) or the GPRS service
configuration mode (for 2G), either will automatically use a “default” GTPP
group generated in that accounting context.
If the accounting
context is specified in the GPRS service or SGSN service and in
a call control profile, the priority is given to the accounting
context of the call control profile.
Example:
For this call control
profile, the following command identifies an accounting context
called
acctng1 and
associates a GTPP server group named
roamers with
defined charging gateway accounting functionality.
accounting context
acctng1 gtpp group roamers
allocate-ptmsi-signature
Enables or disables
the allocation of a P-TMSI (Packet Temporary Mobile Subscriber Identity)
signature.
Privilege:
Security Administrator,
Administrator
Syntax
[ no | default ] allocate-ptmsi-signature
no
Disables the allocation
of the P-TMSI signature.
default
Resets the configuration
value to the default, which is to allocate the P-TMSI signature.
Usage:
Use this command to
enable or disable the allocation of the P-TMSI signature.
apn-restriction
Enables the APN restriction
feature and configures the instruction for the SGSN on the action
to take when an APN restriction value is received from the GGSN
during an Update PDP Context procedure.
Privilege:
Security Administrator,
Administrator
Syntax
apn-restriction update-policy
deactivate restriction
default apn-restriction
default
Creates a default
APN restriction configuration.
update-policy deactivate restriction
Specifies one of the
two restriction types to define the appropriate action if the APN restriction
value received conflicts with the stored value:
- least-restrictive set
the least restrictive value applicable when there are no already
active PDP context(s).
- most-restrictive
sets the most stringent restriction required by any already active
PDP context(s).
Usage:
When this feature is
enabled, the SGSN will send the maximum APN restriction value in every
CPC Request message sent to the GGSN. The SGSN expects to receive
an APN restriction value in each PDP Context received from the GGSN.
The SGSN stores and compares received APN restriction values to
check for conflicts. In the case of a conflict, the SGSN rejects the
PDP Context with appropriate messages and error codes to the MS.
If an APN restriction
value is not assigned by the GGSN, the SGSN assumes the value of “1” (least
restrictive) to allow APN restriction rules will be possible when
valid values are assigned for new PDP Context(s) from the same MS.
Example:
The following command
applies the lowest level of APN restrictions:
apn-restriction update-policy
deactivate least-restrictive
associate
Associates various
MME -specific lists and databases with this call control profile.
Privilege:
Security Administrator,
Administrator
Syntax
associate { ho-restrict-list list_name | hss-peer-service service_name [ s13-interface | s6a-interface tai-db_name }
remove associate { ho-restrict-list | hss-peer-service [ s13-interface | s6a-interface ]
remove
Remove the specified
association definition from the call control profile.
ho-restrict-list list_name
Identifies the handover
restriction list that should be associated with this call control
profile.
list_name is
a string of 1 to 64 characters (any combination of letters and digits).
hss-peer-service service_name
Associates a home
subscriber server (HSS) peer service with this call control profile.
service_name is
an existing HSS peer service expressed as a string of 1 to 63 characters
(any combination of letters and digits).
[ s13-interface | s6a-interface ]
Optionally, identify
the interface to be associated with the HSS service in this call
control profile.
The s13-interface and
the s6a-interface options
apply to the MME only.
tai-mgmt-db tai-db_name
Identifies the tracking
area identifier (TAI) database that should be associated with this
call control profile.
tai-db_name is
a string of 1 to 64 characters (any combination of letters and digits).
This configuration overrides
the S-GW selection and TAI list assignment functionality for a call
that uses an operator policy associated with this call control profile.
The TAI management object provides a TAI list for calls and provides
S-GW selection functionality if a DNS is not configured for S-GW
discovery for this operator policy or if a DNS discovery fails.
Usage:
Use this command to
associate handover restriction lists, HSS service (and interfaces),
and a TAI database with the call control profile. This ensures that
the information is available for application when a Request is received.
Repeat the command as
needed to associate each feature.
Example:
Link HO restriction
list named
HOrestrict1 with
this call control profile:
associate ho-restrict-list HOrestrict1
attach access-type
Defines attach-related
configuration parameters for this call control profile based on
the access-type (GPRS, UMTS, or both) and location area list.
IMPORTANT:
SGSN only: Before
using this command, ensure that the appropriate location area code
(LAC) information has been defined via the location-area-list command.
Privilege:
Security Administrator,
Administrator
Syntax
attach access-type { gprs | umts } { all | location-area-list
instance list_id } { failure-code code | user-device-release { before-r99
failure code code | r99-or-later
failure code code } }
default attach access-type { eps | gprs | umts } { all | location-area-list
instance list_id } { failure-code | user-device-release { before-r99 failure
code | r99-or-later failure code }
default
Restores the default
values for the for the specified parameter.
access-type type
Defines the type of
access to be allowed or restricted.
all
Instructs the SGSN
or MME to apply the command action to all location area lists. Location area
lists should already have been created with the location-area-list command.
The location area list consists of one or more LACs, location area codes,
where the MS is when placing the call.
location-area-list
instance list_id
Instructs the SGSN
to apply the command action to a specific location area list. Location area
lists should already have been created with the location-area-list command.
The location area list consists of one or more LACs, location area codes,
where the MS is when placing the call.
Using this keyword
with either the allow or restrict keywords
enables you to configure with more granularity.
list_id:
Enter an integer between 1 and 5.
failure-code code
Specify a GMM failure
cause code to identify the reason an attach did not occur. This
GMM cause code will be sent in the reject message to the MS.
Default: 14.
fail-code:
Enter an integer from 2 to 111. Refer to the GMM failure cause codes
listed below (from section 10.5.5.14 of the 3GPP TS 124.008 v7.2.0
R7):
- 2 - IMSI unknown in
HLR
- 3 - Illegal MS
- 6 - Illegal ME
- 7 - GPRS services
not allowed
- 8 - GPRS services
and non-GPRS services not allowed
- 9 - MSID cannot be
derived by the network
- 10 - Implicitly detached
- 11 - PLMN not allowed
- 12 - Location Area
not allowed
- 13 - Roaming not allowed
in this location area
- 14 - GPRS services
not allowed in this PLMN
- 15 - No Suitable Cells
In Location Area
- 16 -MSC temporarily
not reachable
- 17 - Network failure
- 20 - MAC failure
- 21 - Synch failure
- 22 - Congestion
- 23 - GSM authentication
unacceptable
- 40 - No PDP context
activated
- 48 to 63 - retry upon
entry into a new cell
- 95 - Semantically
incorrect message
- 96 - Invalid mandatory
information
- 97 - Message type
non-existent or not implemented
- 98 - Message type
not compatible with state
- 99 - Information element
non-existent or not implemented
- 100 - Conditional
IE error
- 101 - Message not
compatible with the protocol state
- 111 - Protocol error,
unspecified
user-device-release { before-r99 | r99-or-later } failure-code
code
Default: disabled
Enables the SGSN to
reject an Attach procedure based on the detected 3GPP release version of
the MS equipment and selectively send a failure cause code in the
reject message. The SGSN uses the following procedure to implement
this configuration:
- When Attach Request
is received, the SGSN checks the subscriber’s IMSI and
current location information.
- Based on the IMSI,
an operator policy and call control profile are found that relate
to this Attach Request.
- Profile is checked
for access limitations.
- Attach Request is
checked to see if the revision indicator bit is set
- if not, then the configured
common failure code for reject is sent;
- if set, then the 3GPP
release level is verified and action is taken based on the configuration
of this parameter
One of the following
options must be selected and completed:
- before-r99:
Indicates the MS would be a 3GPP release prior to R99 and an appropriate
failure code should be defined.failure-code code: Enter
an integer from 2 to 111.
- r99-or-later :
Indicates the MS would be a 3GPP Release 99 or later and an appropriate
failure code should be defined.failure-code code: Enter
an integer from 2 to 111.
Usage:
Once the IMSI of an
incoming call is known and matched with a specific operator policy, according
to the filter definition of the mcc command,
then the associated call control profile is selected to determine
how the incoming call is handled.
By default, all attaches
are allowed. If no access limitations are needed, do not use the attach command.
IMPORTANT:
Before using this
command, ensure that the appropriate LAC information has been defined with
the location-area-list command.
Use this command to
define attach limitations for the call control profile.
Use this command to
fine-tune the attach configuration specifying which calls/subscribers can
attach and which calls are restricted from attaching and what failure
code is included in the Reject message.
Attachment restrictions
can be based on any one or combination of the options, such as location
area code or access type. It is even possible to restrict all attaches.
The command can be
repeated using different keyword values to further fine-tune the attachment
configuration.
Related Commands
- Use the attach restrict command
to restrict attaches.
- Use the attach allow command
to re-enable restrictions after an attach restrict command
has been used.
Example:
The following example
sets all restrictions for access-type gprs and specified release
version to the default setting.
default attach access-type
gprs all user-device-release before-r99 failure-code
attach allow
Configures the system
to re-enable attaches that were previously restricted using the attach restrict command..
IMPORTANT:
SGSN only: Before
using this command, ensure that the appropriate location area code
(LAC) information has been defined via the location-area-list command.
Privilege:
Security Administrator,
Administrator
Syntax
[ no ] attach
allow access-type { eps | gprs | umts } location-area-list
instance list_id
no
Deletes the specified
attach configuration.
allow
Enables attaches in
the configuration after an attach restrict command
has been used.
access-type type
Defines the type of
access to be allowed.
location-area-list
instance list_id
Instructs the SGSN
to apply the command action to a specific location area list. Location area
lists should already have been created with the location-area-list command.
The location area list consists of one or more LACs, location area codes,
where the MS is when placing the call.
list_id:
Enter an integer between 1 and 5.
Usage:
Once the IMSI of an
incoming call is known and matched with a specific operator policy, according
to the filter definition of the mcc command,
then the associated call control profile is selected to determine
how the incoming call is handled.
By default, all attaches
are allowed. If no access limitations are needed, then do not use
the attach command.
IMPORTANT:
Before using this
command, ensure that the appropriate LAC information has been defined with
the location-area-list command.
Use this command to
define attach limitations for the call control profile.
Use this command to
fine-tune the attach configuration specifying which calls/subscribers can
attach and which calls are restricted from attaching and what failure
code is included in the Reject message.
Attachment restrictions
can be based on any one or combination of the options, such as location
area code or access type. It is even possible to restrict all attaches.
The command can be
repeated using different keyword values to further fine-tune the attachment
configuration.
Related Commands
- Use the attach access-type command
to define the type of access to restrict or allow.
- Use the attach restrict command
to restrict attaches.
Example:
For calls under the
purview of this call control profile, the following command allows
attaches of
all subscribers
using the GPRS access type.
attach allow access-type
gprs all
attach imei-query-type
Defines device Attach
limitations for this call control profile if an IMEI is not already
present in the Attach Request.
Privilege:
Security Administrator,
Administrator
Syntax
attach imei-query-type { imei | imei-sv | none } [ verify-equipment-identity [ allow-on-eca-timeout | deny-greylisted | deny-unknown ] + ]
remove attach imei-query-type
remove
Deletes the specified
attach configuration.
imei-query-type { imei | imei-sv | none }
Configures system behavior
during Attach procedures if an IMEI is not already present in the
Attach Request.
-
imei: Specifies
that the system is required to query the UE for its International
Mobile Equipment Identity (IMEI).
-
imei-sv: Specifies
that the system is required to query the UE for its International
Mobile Equipment Identity - Software Version (IMEI-SV).
-
none: Specifies
that the system does not need to query for IMEI or IMEI-SV.
verify-equipment-identity [ allow-on-eca-timeout | deny-greylisted | deny-unknown ]
Specifies that the identification
(IMEI or IMEI-SV) of the UE is to be performed by the Equipment
Identity Register (EIR) over the S13 interface.
- allow-on-eca-timeout:
Configures the MME to allow equipment that has timed-out on ECA
during the attach procedure.
- deny-greylisted:
Configures the MME to deny grey-listed equipment during the attach
procedure.
- deny-unknown:
Configures the MME to deny unknown equipment during the attach procedure.
Usage:
Configures system
settings related to the UE Attach procedure for the specified call control
profile
The command can be
repeated using different keyword values to further fine-tune the attachment
configuration.
Example:
The following command
configures the system to query the UE for its IMEI and to verify the
UE equipment identity with an Equipment
attach imei-query-type
imei verify-equipment-identity
attach restrict
Configures the system
to restrict attaches based on access type and location areas (either
all or specified location area list) for this call control profile.
IMPORTANT:
SGSN only: Before
using this command, ensure that the appropriate location area code
(LAC) information has been defined via the location-area-list command.
Privilege:
Security Administrator,
Administrator
Syntax
[ no ] attach
restrict access-type { eps [ emm-cause-code code | imsi-attach-fail [ emm-cause-code code ] | voice-unsupported [ emm-cause-code code ] ] | gprs | umts } { all | location-area-list
instance list_id }
no
Deletes the specified
attach configuration.
access-type type
Defines the type of
access to be allowed or restricted.
all
Instructs the system
to apply the command action to all location area lists. Location
area lists should already have been created with the location-area-list command.
The location area list consists of one or more LACs, location area codes,
where the MS is when placing the call.
location-area-list
instance list_id
Instructs the SGSN
to apply the command action to a specific location area list. Location area
lists should already have been created with the location-area-list command.
The location area list consists of one or more LACs, location area codes,
where the MS is when placing the call.
Using this keyword
with either the allow or restrict keywords
enables you to configure with more granularity.
list_id:
Enter an integer between 1 and 5.
IMPORTANT:
This keyword only applies
to the SGSN.
Usage:
Once the IMSI of an
incoming call is known and matched with a specific operator policy, according
to the filter definition of the mcc command,
then the associated call control profile is selected to determine
how the incoming call is handled.
By default, all attaches
are allowed. If no access limitations are needed, then do not use
the attach command.
IMPORTANT:
Before using this
command, ensure that the appropriate LAC information has been defined with
the location-area-list command.
Use this command to
restrict attaches for the call control profile.
Use this command to
fine-tune the attach configuration specifying which calls/subscribers can
attach and which calls are restricted from attaching and what failure
code is included in the Reject message.
Attachment restrictions
can be based on any one or combination of the options, such as location
area code or access type. It is even possible to restrict all attaches.
The command can be
repeated using different keyword values to further fine-tune the attachment
configuration.
Related Commands
- Use the attach access-type command
to define the type of access to restrict or allow.
- Use the attach allow command
to re-enable restrictions after an attach restrict command
has been used.
Example:
For calls under the
purview of this call control profile, the following command restricts
the attaches of
all subscribers
using the GPRS access type.
attach restrict access-type
gprs all
To change the attach
restriction to only restrict attaches of GPRS subscribers from specified LACs
included in location area list #2 and include failure-code
45 as the reject cause. This configuration requires two CLI commands:
attach restrict access-type
gprs location-area-list instance 2
attach access-type
gprs location-area-list instance 2 failure-code 45
In the case of a dual-access
SGSN, it is possible to also add a second definition to restrict attaches
of UMTS subscribers within the LACs included in location area list #3.
attach restrict access-type
UMTS location-area-list instance 3
Change the configuration
to allow attaches for GPRS access for all previously restricted LACs
- note that GPRS attaches would still be limited:
no attach restrict
access-type gprs all
Restrict (deny) all
GPRS attach requests (coming from any location area) and assign
a single failure code for the reject messages. This is a two command
process:
attach restrict access-type
gprs all
attach access-type grps
all failure-code 22
authenticate activate
Allows the operator
to define authentication procedures in response to a received Activate
Request.
Privilege:
Security Administrator,
Administrator
Syntax
authenticate activate [ access-type { gprs | umts } | first | frequency frequency | primary ] [ access-type { gprs | umts } ]
[ no | remove ] authenticate
activate [ access-type { gprs | umts } | first | primary ] [ access-type { gprs | umts } ] ]
no
Disables the specified
activate authentication configuration in the call control profile.
remove
Removes the specified
activate authentication configuration from the call control profile configuration
file.
access-type type
One of the following
must be selected to identify the type of network access if the access-type keyword
is included in the command:
The access-type keyword
can be included with any of the other three keywords available with
the authenticate activate command.
first
Including this keyword
enables authentication only for the first Activate Request for an
MS/UE.
frequency frequency
This keyword defines
1-in-N selective authentication for Activate Request events. If
the frequency is set for 12, then the SGSN skips authentication
for the first 11 events and authenticates on the twelfth event.
frequency must
be an integer from 1 to 16.
primary
Including this keyword
enables authentication for every primary PDP context Activate Request.
Usage:
Activate Requests are
not authenticated by default. Use this command to enable authentication
of Activate Requests.
Repeat the commands
as needed to configure desired authentication responses to Activate Request
messages for this call control profile.
Example:
Configure Request
Activate authentication for every primary PDP context for MS with GPRS
access:
authenticate activate
primary access-type gprs
authenticate all-events
Allows the operator
to quickly define authentication procedures, based on limited parameters,
for all types of events.
Privilege:
Security Administrator,
Administrator
Syntax
authenticate all-events [ access-type { gprs | umts } | frequency frequency [ access-type { gprs | umts } ] ]
[ no | remove ] authenticate
all-events [ access-type { gprs | umts } ]
no
Disables the specified
authentication configuration in the call control profile.
remove
Removes the specified
authentication configuration from the call control profile configuration
file.
access-type type
One of the following
must be selected to identify the type of network access if the access-type keyword
is included in the command:
The access-type keyword
can be included with any of the other three keywords available with
the authenticate
all-events command.
frequency frequency
This keyword defines
1-in-N selective authentication for all types of subscriber events.
If the frequency is set for 12, then the service skips authentication
for the first 11 events and authenticates on the 12th event.
frequency must
be an integer from 1 to 16.
Usage:
By default, authentication
is not performed for any subscriber events. Use this command to enable
authentication for all types of events at one time, such as but
not limited to: Activate Requests, Attach Requests, Detach Requests,
Service-Requests.
Example:
The following command
configures all authentication for all subscriber events to occur every
tenth time a specific type of event occurs (for example every tenth
time an Attach Request is received):
authenticate all-events
frequency 10
The following command
configures authentication for all Detach Requests and RAUs to occur
if the UE access-type is UMTS:
authenticate all-events
access-type umts
authenticate attach
Allows the operator
to define authentication for Attach procedures.
Privilege:
Security Administrator,
Administrator
Syntax
authenticate attach
access-type { gprs | umts }
authenticate attach
attach-type { combined | gprs-only } [ access-type { gprs | umts } | frequency frequency ]
authenticate attach
frequency frequency [ access-type { gprs | umts } ]
authenticate attach
inter-rat [ access-type { gprs | umts } | attach-type { combined | gprs-only } [ access-type { gprs | umts } | frequency frequency ] | frequency frequency [ access-type { gprs | umts } ]
[ no | remove ] authenticate
attach [ access-type { gprs | umts } | attach-type { combined | gprs-only } | inter-rat | attach-type { combined | gprs-only } ] [ access-type { gprs | umts } ] ]
no
Disables the defined
authentication procedures configured for Attach Requests from the
call control profile.
remove
Deletes the defined
authentication procedures for Attach Requests from the call control profile
configuration file.
access-type type
One of the following
must be selected to identify the type of network access if the access-type keyword
is included in the command:
attach-type
This keyword configures
the Attach authentication based on the type of attach requested. The attach-type must
be one of the following options:
- combined:
Authenticates combined GPRS/IMSI Attaches.
- gprs-only:
Authenticates GRPS Attaches only.
frequency frequency
This keyword defines
1-in-N selective authentication for this type of subscriber event
- Attach Request. If the frequency is set for 12, then the service
skips authentication for the first 11 events and authenticates on
the twelfth event.
frequency must
be an integer from 1 to 16.
inter-rat
Enables/disables
authentication for Inter-RAT Attaches.
Usage:
Authentication for
Attach is disabled by default. This command enables/disables authentication
for an Attach with a local P-TMSI or Attaches with an IMSI, which
will be authenticated to acquire the CK (cipher key) and the IK
(integrity key).
Example:
The following command
configures authentication to occur after every tenth attach event
for GPRS access.
authenticate attach
frequency 10 access-type gprs
The following command
disables authentication for Inter-RAT Attaches, use:
no authenticate attach
inter-rat
authenticate detach
Allows the operator
to enable and define authentication for Detach procedures.
Privilege:
Security Administrator,
Administrator
Syntax
authenticate detach [ access-type
umts ]
[ no | remove ] authenticate
detach [ access-type umts ]
no
Disables the defined
authentication procedures configured for Detach Requests from the
call control profile.
remove
Deletes the defined
authentication procedures for Detach Requests from the call control profile
configuration file.
Usage:
Authentication for
Detach procedures is disabled by default. This command enables/disables
authentication for a Detach Request and allows the operator to limit
authentication based on the MS/UE access-type.
Example:
The following command
configures detach authentication to occur only for UMTS attached subscribers:
authenticate detach
access-type umts
The following command
disables authentication for all Detach Requests, use:
no authenticate detach
authenticate on-first-vector
Allows the operator
to enable the SGSN to begin MS authentication immediately after
receiving the first vector from the HLR.
Privilege:
Security Administrator,
Administrator
Syntax
authenticate on-first-vector
remove authenticate
on-first-vector
remove
Removes the authenticate
on-first-vector definition from the configuration file and resets
the default behavior so that the SGSN waits to receive all vectors
before beginning authentication towards the MS.
Usage:
After an initial attach
request, some end devices restart themselves after waiting for the PDP
to be established. In such cases, the SGSN restarts and a large
number of end devices repeat their attempts to attach. The attach
requests flood the radio network, and if the devices timeout before
the PDP is established then they continue to retry, thus even more
traffic is generated.
To avoid the high traffic
levels during PDP establishment, the SGSN has been modified to reduce
the attach time, as much as possible, so that the devices can attach
and discontinue sending requests. The current enhancement is intended
to reduce the time needed to retrieve vectors over the GR interface
by allowing the operator to configure the SGSN to start authentication
towards the MS as soon as it receives the first vector from the
AuC/HLR. With the new command included in the configuration,
the SGSN begins the MS authentication process immediately after
receiving the first vector from the HLR while the SAI continues
in parallel.
Example:
Use the following
command to configure the SGSN to begin MS authentication immediately after
receiving the first vector from the AuC/HLR:
authenticate on-first-vector
Use the following
command to reset the default behavior, so that the SGSN waits to
receive all vectors requested in the SAI from the AuC/HLR
before begining authentication towards the MS:
remove authenticate
on-first-vector
authenticate rau
Enables or disables
and fine tunes authentication procedures for routing area updates
(RAUs)
Privilege:
Security Administrator,
Administrator
Syntax
authenticate rau [ access-type { gprs | umts } | frequency
frequency [ access { gprs | umts } ] | periodicity duration [ access { gprs | umts } ] | update-type { combined-update | imsi-combined-update | periodic | ra-update } [ access-type { gprs | umts } | frequency frequency | periodicity duration | with { foreign-ptmsi | inter-rat-local-ptmsi | local-ptmsi } [ access-type { gprs | umts } | frequency
frequency | periodicity duration ]
no authenticate rau [ access-type { grps | umts } | update-type { combined-update | imsi-combined-update | periodic | ra-update } [ access-type { gprs | umts } | with { foreign-ptmsi | inter-rat-local-ptmsi | local-ptmsi } [ access-type { gprs | umts } ]
remove authenticate
rau [ access-type { gprs | umts } | periodicity [ access { gprs | umts } ] | update-type { combined-update | imsi-combined-update | periodic | ra-update } [ access-type { gprs | umts } | periodicity
| with { foreign-ptmsi | inter-rat-local-ptmsi | local-ptmsi } [ access-type { gprs | umts } | periodicity ] ]
no
Disables authentication
for the RAUs specified in the configuration for the call control profile.
remove
Deletes the authentication
configuration for the RAUs from the call control profile in the configuration
file.
access-type type
One of the following
must be selected to identify the type of network access if the access-type keyword
is included in the command:
The access-type keyword
can be included with any of the other keywords available with the authenticate rau command.
frequency frequency
Defines 1-in-N selective
authentication for RAU events. If the frequency is set for 12, then the
SGSN skips authentication for the first 11 events and authenticates
on the twelfth event.
frequency must
be an integer from 1 to 16.
periodicity duration
Defines the length
of time (number of minutes) that authentication can be skipped.
duration:
Must be an integer from 1 to 10800.
update-type
Defines the type of
RAU Request. Select one of the following:
- combined-update [ access-type | with
inter-rat-local-ptmsi ]
- imsi-combined-update [ access-type | with
inter-rat-local-ptmsi ]
- periodic [ access-type | frequency | periodicity ]
- ra-update [ access-type | with
inter-rat-local-ptmsi ]
Usage:
By default, authentication
is not performed for routing area updates (RAUs). Use this command
to enable/disable authentication and to fine tune the authentication
procedure based on frequency, periods for skipping authentication
and the various types of routing area updates.
Example:
The following command
configures RAU authentication to occur after every tenth event for GPRS
access.
authenticate rau frequency
10 access-type gprs
The following command
disables authentication for RAUs based on the combined IMSI with
foreign P-TMSIs, use:
no authenticate rau
imsi-combined-update with foreign-ptmsi
The following command
deletes all authentication configuration from the call control profile for
all RAUs using GPRS access-type:
remove authenticate
rau access-type gprs
authenticate service-request
Enables or disables
and fine-tunes authentication procedures for Service Requests.
Privilege:
Security Administrator,
Administrator
Syntax
authenticate service-request [ frequency frequency | periodicity duration | service-type { data | page-response | signaling } [ frequency frequency | periodicity duration ] ]
no authenticate service-request [ service-type { data | page-response | signaling } ]
remove authenticate
service-request [ periodicity | service-type { data | page-response | signaling } [ periodicity ] ]
no
Disables authentication
for the Service Requests specified in the configuration for the
call control profile.
remove
Deletes the authentication
configuration for Service Requests from the call control profile
in the configuration file.
frequency frequency
Defines 1-in-N selective
authentication for this type of subscriber event - Service Request.
If the frequency is set for 12, then the service skips authentication
for the first 11 events and authenticates on the twelfth event.
frequency must
be an integer from 1 to 16.
periodicity duration
Defines the length
of time (number of minutes) that authentication can be skipped.
duration:
Must be an integer from 1 to 10800.
signaling-type
Defines the type of
service being requested by the Service Request. Select one of the following:
- data
- page-response
- signaling
Usage:
By default, authentication
is not performed for Service Requests. Use this command to enable/disable
authentication and to fine-tune the authentication procedure based
on frequency and periods for skipping authentication and the various
types of service. Repeat the commands as needed to configure criteria
for all service types.
Example:
The following command
configures authentication Service Requests for data service to only occur
every 5 minutes:
authenticate service-request
service-type data periodicity 5
authenticate sms
Enables or disables
and fine tunes authentication procedures for Short Message Service
(SMS).
Privilege:
Security Administrator,
Administrator
Syntax
authenticate sms [ access-type { gprs | umts } | frequency frequency [ access-type { gprs
umts } ] | sms-type { mo-sms | mt-sms } [ access-type { gprs | umts } | frequency frequency ] ]
[ no | remove ]
authenticate sms [ access-type { gprs | umts } | sms-type { mo-sms | mt-sms } [ access-type { gprs
umts } ] ]
no
Disables authentication
for the SMS Requests specified in the configuration for the call control
profile.
remove
Deletes the authentication
configuration for SMS Requests from the call control profile in the
configuration file.
access-type type
One of the following
must be selected to identify the type of network access if the access-type keyword
is included in the command:
The access-type keyword
can be included with any of the other keywords available with the authenticate sms command.
frequency frequency
Defines 1-in-N selective
authentication for SMS Requests. If the frequency is set for 12, then
the SGSN skips authentication for the first 11 events and authenticates
on the twelfth event.
frequency must
be an integer from 1 to 16.
sms-type
Enables authentication
for the following SMS types:
- mo-sms:
mobile-originated SMS
- mt-sms: mobile-terminated SMS
Usage:
By default, authentication
is not performed for short message service (SMS). Use this command
to enable/disable authentication and to fine-tune the authentication
procedure based on MS/UE access type and the frequency
for the selected SMS type. Repeat the commands as needed to configure
criteria for all service types.
Example:
The following command
configures MO-SMS authentication to occur every fifth request:
authenticate sms sms-type
mo-sms frequency 5
authenticate tau
Allows the operator
to enable/disable and fine-tune authentication for the tracking
area update (TAU) procedures.
Privilege:
Security Administrator,
Administrator
Syntax
authenticate tau [ freqency frequency | inter-rat | periodicity interval ]
no authenticate tau
inter-rat
no
Disables the TAU authentication
procedures specified in the call control profile configuration.
frequency frequency
Defines 1-in-N selective
authentication for this type of subscriber event - a tracking area update
for an inter-RAT Attach. If the frequency is set for 12, the MME
skips authentication for the first 11 events and authenticates on
the twelfth event.
frequency must
be an integer from 1 to 16.
inter-rat
Enables authentication
for TAU procedures for inter-RAT Attaches.
periodicity duration
Defines the length
of time (number of minutes) that authentication can be skipped.
duration:
Must be an integer from 1 to 10800.
Usage:
Authentication for
TAU procedures is disabled by default. This command enables/disables authentication
for a inter-RAT TAU procedures and allows the operator to limit
authentication based on the frequency of the events or elapsed intervals
between the events.
Example:
The following command
configures TAU authentication to occur when there is 15 minutes between
inter-RAT Attaches:
authenticate tau periodicity 15
The following command
disables authentication for all TAU Inter-RAT Attaches, use:
no authenticate tau
cc
Defines the charging
characteristics to be applied for CDR generation when the handling
rules are applied via the Operator Policy feature.
Privilege:
Security Administrator,
Administrator
Syntax
cc { behavior-bit
no-records bit_value | local-value
behavior bit_value profile index_bit | prefer { hlr-hss-value | local-value } }
no cc behavior-bit no-records
remove cc { behavior-bit
no-records | local-value | prefer }
no
Disables the no records
generation behavior-bit configuration for this call control profile.
remove
Removes the specified
charging characteristic configuration from this profile.
behavior-bit no-records bit_value
Default: disabled
Specifies the charging
characteristic behavior bit. no-records instructs
the system not to generate any accounting records regardless of what
may be configured elsewhere.
bit_value is
an integer from 1 through 12.
local-value behavior bit_value profile index_bit
Defaults: bit_value = 0x0,
index_bit = 8
Sets the local value
of the behavior bits and profile index for the charging characteristics when
the HLR/HSS does not provide values for these parameters.
bit_value is
a hexadecimal value between 0x0 and 0xFFF.
index_bit is
an integer value from 1 through 15.
Setting the profile
index bis selects different charging trigger profiles to be used
with the call control profile. Some of the index values are predefined
according to 3GPP standard:
- 1 for hot
billing
- 2 for flat
billing
- 4 for prepaid
billing
- 8 for normal
billing
If the HLR/HSS
provides the charging characteristics with behavior bits and profile
index and the operator prefers to ignore the HLR/HSS values,
then also configure
the prefer local-value keyword.
prefer { hlr-hss-value | local-value }
Default: hlr-hss-value
Specifies a preference
for using charging characteristics settings received from HLR or
HSS, or those set by the SGSN or MME locally with the local-value behavior command.
- hlr-hss-value sets
the call control profile to use charging characteristics settings
received from HLR or HSS. This is the default preference.
- local-value sets
the call control profile to use charging characteristics settings
from the SGSN or MME only. If no charging characteristics are received
from the HLR/HSS then local values will be applied.
Usage:
Use this command to
set the behavior for charging characteristic comings from either
an HLR/HSS or locally from an MME/SGSN.
These charging characteristics
parameters can also be set within an APN profile with the commands
of the APN Profile configuration mode. For generation of M-CDRs,
the parameters configured in this mode, Call Control Profile configuration
mode, will prevail but for generation of S-CDRs the parameters configured
in the APN Profile configuration mode will prevail.
The 12 behavior bits
(of the local-value
behavior keyword) can be used to enable or disable CDR
generation.
Example:
The following command
specifies a rule not to generate charging records (CDRs) and sets the
charging characteristics behavior bit to
2:
cc behavior-bit no-records 2
check-zone-code
Enables or disables
the zone code checking mechanism.
Privilege:
Security Administrator,
Administrator
Syntax
[ no | remove ] check-zone-code
no
Included with the
command, this keyword disables the mechanism.
remove
Included with the
command, this keyword causes the removal of the current check-zone-code configuration
and returns to the SGSN to the default where zone-code checking
is enabled.
Usage:
Use this command to
enable/disable the zone-code checking function.
Example:
Disable checking of
the zone code:
no check-zone-code
ciphering-algorithm-gprs
Defines the order
of preference of the ciphering algorithms.
Privilege:
Security Administrator,
Administrator
Syntax
ciphering-algorithm-gprs
priority priority
algorithm
remove ciphering-algorithm-gprs
priority priority
remove
Delete the priority
definition.
priority priority
Sets the order in
which the algorithm will be selected for use.
priority is
an integer from 1 to 8.
algorithm
Identifies the ciphering
algorithm to be used.
algorithm is
one of the following: gea0, gea1,
gea2, gea3.
Usage:
Define the order in
which the ciphering algorithms are chosen for use. The command can be
repeated to provide multiple definitions -- multiple priorities.
Example:
Define gea1 as the
third priority algorithm:
ciphering-algorithm-gprs
priority 3 gea1
csfb
Configures circuit-switched
fallback options. CSFB is the mechanism to move a subscriber from
LTE to a legacy technology to obtain circuit switched voice or short message.
Syntax
csfb { policy { not-allowed | not-preferred | sms-only } | sms-only }
remove csfb { policy | sms-only }
remove csfb { policy | sms-only }
sms-only:
Removes the SMS-only restriction allowing the UE to request voice
and short message service (SMS) support for circuit-switched fallback (CSFB).
policy: Removes
the configured policy
policy { not-allowed | not-preferred | sms-only }
not-allowed:
Specifies that the CSFB function is not allowed for both voice and
SMS.
not-preferred:
Specifies that the MME returns a “not-preferred” response
for CSFB services. The MME does not enforce this and a voice centric
is allowed to make CSFB calls on a not-preferred case if it chooses
to do so.
sms-only:
Specifies that the CSFB function only supports SMS.
sms-only
Specifies that the
circuit-switched fallback function only supports SMS.
IMPORTANT:
This is a legacy keyword
that remains to support earlier versions of the code. It operates identically
to the policy sms-only keyword.
Usage:
Use this command to
restrict the circuit-switched fallback function to SMS only or no support
for either voice or SMS.
Example:
The following command
enforces the SMS-only functionality for UEs requesting circuit-switched
fallback:
csfb policy sms-only
description
Allows you to enter
a relevant descriptive string.
Privilege:
Security Administrator,
Administrator
Syntax
description description
no description
description
Enter an alphanumeric
string of 1 to 100 characters. The string may include spaces, punctuation,
and case-sensitive letters if the string is enclosed in double quotation
marks ( “ ).
no
Removes the description
from the call control profile.
Usage:
Define information
that identifies this particularly call control profile.
Example:
description “call-control-profile
handling incoming from CallTell”
direct-tunnel
Allows direct tunneling
if direct tunneling is supported by the destination node.
Privilege:
Security Administrator,
Administrator
Syntax
direct-tunnel attempt-when-permitted
remove direct-tunnel
remove
Removes the configured
setting from the call control profile.
attempt-when-permitted
Enables direct tunneling
if the destination node allows it. Default: disabled.
Usage:
Use this command to
enable the Direct-Tunnel feature.
To ensure that direct
tunnel is fully configured for support by the SGSN, check the settings for
direct-tunnel in
- the APN profile -- from
the Exec mode, use command: show apn-profile <profile_name> all
- the RNC (radio network
controller) configuration -- from the Exec mode, use command: iups-service <service_name> all
IMPORTANT:
Direct tunneling must
be enabled at both of these two points to allow direct tunneling
for the MS/UE.
Example:
The following command
sets the configuration to instruct the SGSN to attempt to setup
a direct tunnel if permitted at the destination node:
direct-tunnel attempt-when-permitted
dns-ggsn
Defines the context
to be used to do DNS lookup for GGSNs.
Privilege:
Security Administrator,
Administrator
Syntax
dns-ggsn context ctxt_name
no dns-ggsn context ctxt_name
no
Removes the dns-ggsn
configuration from this call control profile.
context ctxt_name
Specifies the context
to be used to do DNS lookup for GGSNs as an alphanumeric string
of 1 through 64 characters.
Usage:
Use this command to
define the context to be used to do DNS lookup to find the GGSN address.
dns-sgsn
Identifies the context
to be used to do DNS to find an SGSN address.
Privilege:
Security Administrator,
Administrator
Syntax
[ no ] dns-sgsn
context ctxt_name
no
Removes the dns-sgsn
configuration from this call control profile.
context ctxt_name
Specifies the context
to be used to do DNS to find an SGSN address as an alphanumeric string
of 1 through 64 characters.
Usage:
Use this command to
configure the context ID for the SGSN address that will be used
to do the DNS lookup.
Example:
Configure context
sgsn1 for
DNS lookup:
dns-sgsn context sgsn1
dns-pgw
Defines the context
to be used to do DNS lookup for P-GWs.
Privilege:
Security Administrator,
Administrator
Syntax
[ remove ] dns-pgw
context ctxt_name
remove
Deletes this definition
from the call control profile.
context ctxt_name
Specifies the context
to be used to do DNS lookup for P-GWs as an alphanumeric string
of 1 through 64 characters.
Usage:
Use this command to
configure the context ID for the DNS lookup.
dns-sgw
Defines the context
to be used to do DNS lookup for S-GWs.
Privilege:
Security Administrator,
Administrator
Syntax
[ remove ] dns-sgw
context ctxt_name
remove
Deletes this definition
from the call control profile.
context ctxt_name
Specifies the context
to be used to do DNS lookup for S-GWs as an alphanumeric string
of 1 through 64 characters.
Usage:
Use this command to
configure the context ID for the DNS lookup.
encryption-algorithm-lte
Defines the priorities
for using the encryption algorithms.
Syntax
encryption-algorithm-lte
priority1 128-eea { 0 | 1 | 2 }
priority2 128-eea { 0 | 1 | 2 } priority3
128-eea { 0 | 1 | 2 }
remove encryption-algorithm-lte
remove
Deletes the priorities
definition from the call control profile configuration.
priority1 128-eea { 0 | 1 | 2 }
Enter 0, 1, or 2 at
the end of 128-eea to
define the algorithm being given first priority.
priority2 128-eea { 0 | 1 | 2 }
Enter 0, 1, or 2 at
the end of 128-eea to
define the algorithm being given second priority.
priority3 128-eea { 0 | 1 | 2 }
Enter 0, 1, or 2 at
the end of 128-eea to
define the algorithm being given third priority.
Usage:
Set the order or priority
in which the MME will select a 128-EEA algorithm for use. All three
priorities must be set or the definition is invalid. The command
can be re-entered to change the priorities without removing the
configuration.
Example:
Configure 128-EEA2
as first priority encryption algorithm:
encryption-algorithm-lte
priority1 128-eea 2 priority2 128-eea 0 priority3 128-eea 1
encryption-algorithm-umts
Defines the priorities
for using the encryption algorithms.
Privilege:
Security Administrator,
Administrator
Syntax
encryption-algorithm-umts { uea0 | uea1 | uea2 } [ then-uea# | then-uea# ]
no encryption-algorithm-lte
no
Deletes the priorities
definition from the call control profile configuration.
{ uea0 | uea1 | uea2 }
Enter one of the three
options to define the first priority algorithm.
[ then-uea# | then-uea# ]
If a second algorithm
is to be included as an option, give it second priority. Enter 0,
1, or 2 at the end of then-uea to
define the algorithm being given second priority.
then-uea#
If a third algorithm
is to be included as an option, give it third priority. Enter 0,
1, or 2 at the end of then-uea to
define the algorithm being given third priority.
Usage:
Set the order or priority
in which the SGSN will select a UEA algorithm for use. It is not necessary
to define priorities for all three priority levels. The command
can be re-entered to change the priorities without removing the
configuration.
Example:
Configure algorithm
UEA2 as the first priority encryption algorithm with no others to
be considered:
encryption-algorithm-umts uea2
end
Exits the current
configuration mode and returns to the Exec mode.
Privilege:
Security Administrator,
Administrator
Usage:
Use this command to
return to the Exec mode.
equivalent-plmn
Configures the definition
for an equivalent public land mobile network identifier (PLMN ID)
and the preferred radio access technology (RAT). This is a of PLMNs
which should be considered by the mobile as equivalent to the visited
PLMN for cell reselection and network selection. When configured,
the equivalent PLMN list will be sent to the UE in NAS ATTACH ACCEPT / TAU
ACCEPT messages (up to 15 PLMNs in each message).
Privilege:
Security Administrator,
Administrator
Syntax
equivalent-plmn radio-access-technology { 2G | 3g | 4g | any } plmnid
mcc mcc_number mnc mnc_number priority priority
no equivalent-plmn
radio-access-technology { 2G | 3g | any } plmnid
mccmcc_number mnc mnc_number
no
Removes the equivalent-PLMN
configuration from this call control profile.
radio-access-technology { 2G | 3g | 4g | any }
Identify the RAT type
of the equivalent PLMN:
- 2G: 2nd
generation
- 3G: 3rd
generation
- 4G: 4th
generation
- any: Any
RAT
plmnid mcc mcc_number mnc mnc_number
- mcc: Specifies
the mobile country code (MCC) portion of the PLMN ID. The number
can be any integer between 100 and 999.
- mnc: Specifies
the mobile network code (MNC) portion of the PLMN ID. The number
can be any 2- or 3-digit integer between 00 and 999.
priority priority
Enter an integer between
1 and 15 with the highest priority assigned to the integer of the lowest
numeric value.
Usage:
Use the command to
identify an ‘equivalent PLMN’ and assign it a
priority to define the preferred equivalent PLMN to be used. This
command can be entered multiple times to set priorities of usage.
Example:
The following command
sets up a secondary equivalent PLMN definition that allows for any RAT
with a PLMN ID of MCC121.MNC767:
equivalent-plmn radio_access_technology
any plmnid mcc 121 mnc 767 priority 2
exit
Exits the current
mode and returns to the parent configuration mode.
Privilege:
Security Administrator,
Administrator
Usage:
Use this command to
return to the parent configuration mode.
gmm information-in-messages
Provides the configuration
to include the information in messages for the GPRS mobility management
(GMM) parameters.
Privilege:
Security Administrator,
Administrator
Syntax
gmm information-in-messages
access-type { { gprs | umts } [ network-name { full-text name | short-text
name } | [ send-after { attach | rau } ] }
[ default | no ] gmm { information-in-messages
access-type { gprs | umts }
no
Disables the GMM configuration
from this call control profile.
default
Sets up a GMM configuration
with system default values.
access-type
Must select one of
the following options:
- gprs - General
Packet Radio Service network
- umts - Universal
Mobile Telecommunications System network
After selecting the
access-type, an additional parameter can be configured:
- network-name:
identifies the network name in either short text or full text.
- send-after:
configures the information in message to send after attachment or
Routing Area Update (RAU).
network-name { full-text name | short-text name }
This keyword provides
the option to add the network name to the message. The network name
will in full text or short text. Possible options are:
- full-text name: Indicate
the network name in full text
- short-text name: Indicate
the network name in short text
send-after{ attach
| rau }
This keyword configures
the information in message to send after attachment or RAU message.
Possible options are:
- attach:
Information sent after attachment
- rau: Information
sent after routing area update
Usage:
Use this command to
configure identifying information about the network that will be included
in GMM messages.
Example:
Set default settings
for calls coming from 2.5G networks:
default gmm information-in-messages
access-type gprs
gmm retrieve-equipment-identity
Configures the International
Mobile Equipment Identity (IMEI) or software version (SV) retrieval
and validation procedure.
Privilege:
Security Administrator,
Administrator
Syntax
gmm retrieve-equipment-identity { imei | imeisv [ unciphered ] [ then-imei ] } [ verify-equipment-identity [ deny-greylisted ] ]
[ no | default ] gmm
retrieve-equipment-identity
no
Disables the equipment
identity retrieval procedure configured for this call control profile.
default
Sets the default action
for equipment identity retrieval (EIR) procedure:
- retrieve-equipment-identity:
Default action is disabled - no retrieval of IMEI/IMEI-SV
- verify-equipment-identity:
Default action is disabled - no verification with Equipment Identity
Register (EIR)
equipment-identity-type
Default: disabled
Indicates the type
of equipment identification, with the possible values:
- imei: International
Mobile Equipment Identity
- imeisv:
International Mobile Equipment Identity - Software Version
imei
Indicates the equipment
identity retrieval type to International Mobile Equipment Identity (IMEI).
IMEI is a unique 15-digit number consisting of a TAC (Technical
Approval Code), a FAC (Final Assembly Code), an SNR (Serial Number),
and a check digit.
imeisv [ unciphered ] [ then-imei ]
Indicates the equipment
identity retrieval type to IMEI with software version (SV). IMEI with
SV is a unique 16-digit number consisting of a TAC (Technical Approval
Code), a FAC (Final Assembly Code), an SNR (Serial Number), and
a 2-digit software version number.
- unciphered:
This optional keyword enables the unciphered retrieval of IMEI-SV.
If this option is enabled the retrieval procedure will get IMEISV
(if auth is still pending, get as part of Authentication and Ciphering
Response otherwise, via explicit Identification Request after Security
Mode Complete).
- then-imei:
This optional keyword enables the retrieval of software version
number before the IMEI. If this option is enabled the equipment
identity retrieval procedure will get IMEISV on secured link (after
Security mode procedure via explicit GMM Identification Request),
and if MS is not having IMEISV (responded with NO Identity), SGSN
will try to get IMEI.
If no other keyword
is provided, imeisv will get IMEISV on a secured link (after a Security mode
procedure via explicit GMM Identification Request).
verify-equipment-identity [
deny-greylisted ]
Default: disabled
This keyword enables
the equipment identity validation and validates the equipment identity against
the EIR.
- deny-greylisted:
This keyword fine-tunes the configuration and enables the restriction
to the user having mobile equipment with an IMEI in the EIR grey
list.
Usage:
Use this command to
enable and configure the procedures for mobile equipment identity retrieval
and validation from the EIR identified in the MAP Service Configuration mode.
Example:
The following command
enables the SGSN to send “check IMEI” messages
to the EIR:
gmm retrieve-equipment-identity
imei verify-equipment-identity
gs-service
Associates the context
of a Gs service interface with this call control profile.
Privilege:
Security Administrator,
Administrator
Syntax
gs-service gs_srvc_name context ctx_name
no gs-service svc_name
no
Removes/disassociates
the named Gs service from the call control profile.
gs-service gs_srvc_name
Specifies the name
of a specific Gs service for which to display information. gs_srvc_name is
the name of a configured Gs service expressed as an alphanumeric
string of 1 through 63 characters that is case sensitive.
context ctx_name
Specifies the specific
context name where Gs service is configured. If this keyword is omitted,
the named Gs service must exist in the same context as the GPRS/SGSN
service.
ctx_name is
name of the configured context of Gs service expressed as an alphanumeric
string from 1 through 63 characters that is case sensitive.
Usage:
Use this command to
associate a specific Gs service interface with this GPRS service instance.
IMPORTANT:
A Gs service can be
used with multiple SGSN and/or GPRS service.
Example:
The following command
associates a Gs service instance named
stargs1,
which is configured in context named
star_ctx,
with a call control profile:
gs-service stargs1
context star_ctx
gtp send
Configures which information
elements (IE) the SGSN sends in GTP messages. These are required
by the GGSN.
Privilege:
Security Administrator,
Administrator
Syntax
gtp send { imeisv [ derive-imeisv-from-imei ] | ms-timezone | rai [use-local-plmn [network-sharing {use-selected-plmn | use-ue-plmn | use-common-plmn }]]| rat | uli [use-local-plmn [network-sharing {use-selected-plmn | use-ue-plmn | use-common-plmn }]]}
remove gtp send { imeisv | ms-timezone | rai | rat | uli }
no gtp send
remove
Removes the specified
GTP send definition from the system configuration.
no
Disables the specified
GTP send configuration.
imeisv
Instructs the SGSN
to include the IMEISV (International Mobile Equipment Identity with Software
Version) of the mobile when sending GTP messages of the type Create
PDP Context Request.
derive-imeisv-from-imei
This is a filter for
the imeisv keyword.
It allows the operator to configure the SGSN to send IMEI to the
GGSN as IMEI-SV.
This filter instructs
the SGSN to add four 1s (1111) to the final semi-octet of the CPCQ (Create
PDP Context Request) message which enables the SGSN to deduce the
IMEI-SV value from the IMEI. If this filter is used, then IMEI is
also sent as IMEI-SV when the gmm retrieve-equipment-identity command
is configured.
ms-timezone
Instructs the SGSN
to include this IE in GTP messages of the type Create PDP Request
and Update PDP Context Request. This IE specifies the offset between
universal time and local time, where the MS currently resides, in
15-minute steps.
This IE is sent by
default.
rai
Configures the SGSN
to include the Routing Area Identity (RAI) of the SGSN in the following
situations:
- 2G new SGSN RAU
- 3G new SGSN SRNS
- 2G -> 3G HO (only if
PLMN Id has changed)
- 3G -> 2G HO (only if
PLMN Id has changed)
- multiple IUPS service
RAU (only if PLMN Id has changed)
- multiple GPRS service
RAU (only if PLMN Id has changed)
- 3G new SGSN RAU (change
in behavior)
- 3G primary and secondary
PDP activation (change in behavior)
- 2G primary and secondary
PDP activation (change in behavior)
rat
Specifies which radio
access technology (RAT) is being used by the MS (GERAN, UTRAN, or
GAN). Including this keyword instructs the SGSN to include this
IE when sending GTP messages of the type Create PDP Request and
Update PDP Context Request.
This IE is sent by
default.
uli
Specifies the CGI
(MCC, MNC, etc.) and SAI of the MS where it is registered. Including this
keyword instructs the SGSN to include the IE when sending GTP messages
of the type Create PDP Request and Update PDP Context Request.
This IE is not sent
by default.
IMPORTANT:
Currently, the next
5 (five) keywords, used with keywords rai or uli, are
only available for Release 12.0.
use-local-plmn
This keyword includes
the local PLMN when network is not shared.
network-sharing
This keyword is used
to configure network-sharing.
use-selected-plmn
This keyword includes
the Selected PLMN when network is shared.
use-ue-plmn
This keyword includes
Selected PLMN for supporting UE and Common PLMN for non-supporting
UE when network is shared.
use-common-plmn
This keyword includes
the Common PLMN when network is shared.
Usage:
Use this command to
define a preferred set of information to include when GTP messages are
sent. Repeat this command multiple times to enable or disable multiple
options. This instruction will be implemented when the specific
operator policy and call control profile are applied.
The PLMN value in RAI/ULI
can be selected if 3G network-sharing is enabled.
Example:
The following command
series instructs the SGSN (1) not to send MS’ timezone
IE, and (2) to identify the MS’ radio access technology
info in the GTP messages:
no gtp send ms-timezone
gtp send rat
The next set of commands
provides examples indicating the usage of keywords to select PLMN
values in RAI/ULI.
On executing the following
command, ULI is sent and PLMN will be “use-selected-plmn” if
network-sharing is enabled. If network-sharing is not enabled, PLMN
will be “use-local-plmn”.
gtp send uli
On executing the following
command, ULI is sent and PLMN will be “use-selected-plmn” if network-sharing
is enabled. If network-sharing is not enabled, PLMN will be “use-local-plmn”.
gtp send uli use-local-plmn
On executing the following
command, ULI is sent and PLMN will be “use-selected-plmn” if network-sharing
is enabled. If network-sharing is not enabled PLMN will be “use-local-plmn”.
gtp send uli use-local-plmn
network-sharing use-selected-plmn
On executing the following
command, ULI is sent and PLMN will be “use-common-plmn” if
network-sharing is enabled. If network-sharing is not enabled PLMN
will be “use-local-plmn”.
gtp send uli use-local-plmn
network-sharing use-common-plmn
gtpp
Enables secondary
GTPP accounting for an S-GW call control profile. By default, secondary
GTPP accounting is disabled.
Privilege:
Security Administrator,
Administrator
Syntax
gtpp secondary-group group_name [ accounting
context ctx_name ]
no gtpp secondary-group
no
Disables secondary
GTPP accounting.
secondary-group group_name
Enables secondary
GTPP accounting and specifies a GTPP group name.
group_name must
be an alphanumeric string of 1 through 63 characters.
accounting context ctx_name
Specifies the specific
accounting context to be used for secondary GTPP accounting. If
this keyword is omitted, source context will be used for secondary
GTPP accounting.
ctx_name
must be an alphanumeric string of 1 through 79 characters.
Usage:
Use this command to
enable or disable secondary GTPP accounting for an S-GW call control
profile.
Example:
The following command
enables secondary GTPP accounting for an S-GW call control profile
and specifies a GTPP group named
gtpp-grp1:
gtpp secondary-group
gtpp-grp1
gtpu fast-path
Enables or disables
the network processing unit (NPU) Fast Path support for NPU processing
of GTP-U packets of user sessions at the NPU.
Privilege:
Security Administrator,
Administrator
Syntax
[ remove ]
gtpu fast-path
remove
Removes the NPU fast
path functionality configuration from the call control profile.
Usage:
Use this command to
enable/disable the NPU processed fast-path feature for
processing of GTP-U data packets received from GGSN/RNC.
This feature enhances the GTP-U packet processing by adding the
ability to fully process and forward the packets through the NPU
itself.
IMPORTANT:
When enabled/disabled,
fast-path processing will be applicable only to new subscriber who establishes
a PDP context after issuing this command (enabling GTP-U fast path).
No existing subscriber session will be affected by this command.
Example:
The following command
enables the NPU fast path processing for all new subscribers’ session
established with this call control profile:
gtpu fast-path
gw-selection
Configures the parameters
controlling the gateway selection process.
Privilege:
Security Administrator,
Administrator
Syntax
[ remove ] gw-selection { co-location | pgw weight | sgw
weight | topology }
remove gw-selection
Deletes the gw-selection
definition from the call control profile.
co-location
Selects “co-location” as
the determining factor for gateway selection. Collocation should
be configured for both P-GW and S-GW selection for collocation to
function. If a collocated PGW/SGW node cannot be found,
then topologically closest nodes are chosen next. Host names with both “topon” and “topoff” labels
will be considered in collocation.
pgw weight
Selects PDN-Gateway
as the determining factor for gateway selection.
sgw weight
Selects Serving Gateway
as the determining factor for gateway selection.
topology
Selects topology as
the determining factor for gateway selection. Topological selection
is done only during initial attach, and not used during S-GW relocation
or additional-pdn-connection.
Usage:
Use this command to
define the criteria for gateway selection.
Example:
The following command
instructs the MME to determine gateway selection on the basis of topology:
gw-selection topology
integrity-algorithm-lte
Specifies the order
of preference for using an Integrity Algorithm.
Syntax
integrity-algorithm-lte
priority1 { 128-eia0 | 128-eia1 |
128-eia2 } priority2 128-eia { 0 | 1 | 2 } priority3
128-eia { 0 | 1 | 2 }
remove integrity-algorithm-lte
remove
Deletes the priorities
definition from the call control profile configuration.
priority1 128-eia { 0 | 1 | 2 }
Enter 0, 1, or 2 at
the end of 128-eia to
define the algorithm being given first priority.
priority2 128-eia { 0 | 1 | 2 }
Enter 0, 1, or 2 at
the end of 128-eia to
define the algorithm being given second priority.
priority3 128-eia { 0 | 1 | 2 }
Enter 0, 1, or 2 at
the end of 128-eia to
define the algorithm being given third priority.
Usage:
Set the order or priority
in which the MME will select an integrity algorithm for use. All three
priorities must be set or the definition is invalid. The command
can be re-entered to change the priorities without removing the
configuration.
Example:
Configure 128-EIA0
as first priority integrity algorithm:
integrity-algorithm-lte
priority1 128-eia 0 priority2 128-eia 2 priority3 128-eia 1
integrity-algorithm-umts
Configures the order
of preference for the Integrity Algorithm used for 3G.
Privilege:
Security Administrator,
Administrator
Syntax
integrity-algorithm-umts type then_ type
default integrity-algorithm-umts
default
Specifies the default
preference based on system defaults.
type
Creates a configuration
defining an order of preference. Enter one or more of the following options
in the order of preference:
- uia1 - uia1
Algorithm
- uia2 - uia2
Algorithm
Usage:
Use this command to
determine which integrity algorithm is preferred 3G. This command is
configured in tandem with the algorithm type for encryption-algorithm-umts command.
Example:
default integrity-algorithm-umts
lcs-mo
This command enables/disables
mobile-originating Location Requests by access-type when Location
Services functionality is enabled.
Privilege:
Security Administrator,
Administrator
Syntax
lcs-mo { allow | restrict } access-type { gprs | umts }
allow
Enables mobile-originating
Location Requests. This is the default state when Location Services
are enabled.
Usage:
This command ties
Location Service functionality to a call-control profile by IMSI
so that Location Services can optionally be determined by an operator
policy for incoming calls.
Example:
Use the following
command to disable or disallow mobile-originating Location Requests within
a GPRS network:
lcs-mo restrict access-type GPRS
lcs-mt
This command enables/disables
mobile-terminating Location Requests by access-type when Location
Services functionality is enabled.
Privilege:
Security Administrator,
Administrator
Syntax
lcs-mt { allow | restrict } access-type { gprs | umts }
allow
Enables mobile-terminating
Location Requests. This is the default state when Location Services
are enabled.
Usage:
This command ties
Location Service functionality to a call-control profile by IMSI
so that Location Services can optionally be determined by an operator
policy for incoming calls.
Example:
Use the following
command to disable or disallow mobile-terminating Location Requests within
a UMTS network:
lcs-mt restrict access-type umts
lcs-ni
This command enables/disables
network-initiated Location Requests by access-type when Location
Services functionality is enabled.
Privilege:
Security Administrator,
Administrator
Syntax
lcs-ni { allow | restrict } access-type { gprs | umts }
allow
Enables network-initiated
Location Requests . This is the default state when Location Services
are enabled.
Usage:
This command ties
Location Service functionality to a call-control profile by IMSI
so that Location Services can optionally be determined by an operator
policy for incoming calls.
Example:
Use the following
command to enable or allow network-initiated Location Requests within
a UMTS network if this function has been restricted previously:
lcs-ni allow access-type umts
local-cause-code-mapping
map-cause-code
Configures the
GMM reject cause code to send to a UE for map cause ‘roaming not
allowed’.
Syntax
local-cause-code-mapping
map-cause-code roaming-not-allowed gmm-cause-code gmm-cause
remove local-cause-code-mapping
map-cause-code roaming-not-allowed
remove local-cause-code-mapping
map-cause-code roaming-not-allowed
Removes the configured
cause code mapping.
roaming-not-allowed
gmm-cause-code gmm-cause
Specifies the GPRS mobility
management (GMM) cause code to return to a UE when the UE’s
access request is rejected due to map cause ‘roaming not
allowed’. Cause code options include:
-
gprs-serv-and-non-gprs-serv-not-allowed
-
gprs-serv-not-allowed
-
gprs-serv-not-in-this-plmn
-
location-area-not-allowed
-
network-failure
-
no-suitable-cell-in-this-la
-
plmn-not-allowed
-
roaming-not-allowed-in-this-la
Usage:
This command enables
the operator to configure the exact GMM cause code to return to the
UE when a UE access request is rejected due to map-cause ‘roaming-not-allowed’.
Example:
The following command
maps
network-failure as
the GMM cause code to be included in a Access Reject sent to the
UE when the UE is denied due to map-cause ‘roaming-not-allowed’:
local-cause-code-mapping
map-cause-code roaming-not-allowed gmm-cause-code network-failure
location-area-list
Defines the location
area list to allow or restrict services in the specified location areas
identified by location area code (LAC).
Privilege:
Security Administrator,
Administrator
Syntax
location-area-list
instance instance area-code area_code [ area_code * ]
no location-area-list
instance instance[ area-code area_code ]
no
If the area-code keyword
is included in the command, then only the specified area code is
removed from the identified list. If the area-code keyword
is not included with the command, the entire list of LACs is removed
from this call control profile.
instance instance
Specifies an identification
for the specific location area list.
instance must
be an integer between 1 and 5.
area-code area_code *
This keyword defines
the location area codes (LACs) to be used by this call control profile as
a determining factor in the handling of incoming calls. Multiple
LACs can be defined in a single location-area-list.
area_code:
Enter an integer between 1 and 65535.
* If
desired, enter multiple LACs separated by a single blank space.
Usage:
Use the command multiple
times to configure multiple LAC lists or to modify the a list.
Example:
The following command
creates a location area list for a single area code:
location-area-list
instance 1 area-code 514
This command creates
a second location area list for with multiple area codes - all separated by
a single blank space:
location-area-list
instance 2 area-code 514 62552 32 1513
The next command corrects
an area code mistake (327 not 32) made in the previous configuration:
location-area-list
instance 1 area-code 514 62552 327 1513
map
Configures the optional
extensions to Mobile Application Part (MAP) messages.
Privilege:
Security Administrator,
Administrator
Syntax
[ remove ] map
message update-gprs-location [ imeisv | private-extension
access-type ]
remove
IMEI-SV is not included
in the GLU request -- this is the default behavior.
message update-gprs-location
Includes a GLU message.
This keyword-set is required.
imeisv
Specifies the International
Mobile equipment Identity-Software Version (IMEI-SV) information
to include in the GPRS Location Update (GLU) request message. SGSN
will include IMEI-SV in the message, if available. Default: disabled
private-extension access-type
Includes a specific
access-type private extension in the message.
Usage:
This command configures
optional extensions to MAP messages. The HLR should ignore these
extensions if not supported by the HLR.
Example:
map message update-gprs-location
private-extension access-type
map-service
Identifies a Mobile
Application Part (MAP) service and the context which contains it
and associates both with the call control profile.
Privilege:
Security Administrator,
Administrator
Syntax
map-service context ctxt_name service map_srvc_name
no map-service context
no
Disables use of MAP
service with this call control profile.
context ctxt_name
Specifies the name
of the context for the MAP service as an alphanumeric string of
1 through 64 characters.
service map_srvc_name
Specifies the MAP
service name as an alphanumeric string of 1 through 64 characters.
Usage:
Use this command to
enable or disable MAP service with this call control profile.
max-bearers-per-subscriber
Defines the maximum
number of bearers allowed per subscriber.
Privilege:
Security Administrator,
Administrator
Syntax
max-bearers-per-subscriber number
remove max-bearers-per-subscriber
remove
Deletes the definition
from the call control profile.
number
Identifies the maximum
number of bearers allowed per subscriber as an integer from 1 to 11.
Usage:
Use this command to
set the maximum number of bearers allowed per subscriber.
Example:
Set the maximum to
3:
max-bearers-per-subscriber 3
max-pdns-per-subscriber
Defines the maximum
number of PDNs allowed per subscriber.
Privilege:
Security Administrator,
Administrator
Syntax
max-pdns-per-subscriber number
remove max-pdns-per-subscriber
remove
Deletes the definition
from the call control profile.
number
Identifies the maximum
number of PDNs allowed per subscriber as an integer from 1 to 11.
Usage:
Use this command to
set the maximum number of PDNs allowed per subscriber.
Example:
Set the maximum to
4:
max-pdns-per-subscriber 4
min-unused-auth-vectors
Configures a specific
minimum number of unused vectors to be maintained by the SGSN.
Privilege:
Security Administrator,
Administrator
Syntax
min-unused-auth-vectors min#_vectors
remove min-unused-auth-vectors
remove
Removes the definition
from the configuration file and restores the default behavior, which does
not use the threshold.
min#_vectors
Enables and defines
a threshold for the minimum number of unused vectors that the SGSN
retains to trigger the initation of a service area identity request
(SAI) .
min#_vectors:
Enter a digit betwen 1 and 4.
Usage:
Vectors are used by
the SGSN for authentication. Use this command to enable a minimum threshold
for unused vector for this call control profile. When the unused
vector count falls below this configured threshold, then an SAI
is initiated to fill the buffer back to 5 or to the most appropriate
number based on the MAP service configuration.
Example:
Enter a command similar
to the following to set a threshold of
3:
min-unused-auth-vectors 3
Use the following command
to disable this function and restore the default behavior, which does
not use a threshold to trigger an SAI:
remove min-unused-auth-vectors
network-initiated-pdp-activation
Configures the call
control profile to perform two functions: (1) to enable or disable
network-requested PDP context activation (NRPCA) for 3G attachments
and (2) to define a failure cause code for inclusion in NRPCA-related
reject messages.
Privilege:
Security Administrator,
Administrator
Syntax
[ remove ] network-initiated-pdp-activation { allow
primary | restrict primary } access type { gprs | umts } { all | location-area-list
instance <instance> }
network-initiated-pdp-activation
primary access type { gprs | umts } { all | location-area-list
instance <instance> } failure-codecode
remove
Including this keyword
with the command, removes all configured values for the specified configuration.
allow
Allows network-initiated
PDP context activation. This keyword must be followed by other parameters
to indicate the limitations for allowing the NRPCA.
Allow is the default
for NRPCA.
restrict
Restricts network-initiated
PDP context activation. This keyword must be followed by other command
parameters to indicate the limitations for restricting the NRPCA.
primary
Specifies that only
network-initiated primary PDP context activations are to be allowed.
secondary
IMPORTANT:
The secondary keyword
is visible and can be selected, however, secondary NRPCA functionality
is in development and currently this keyword is not supported for
configuration.
all
Configures the SGSN
to allow or to restrict NRPCA for calls within all location areas.
location-area-list
instance instance
Selects a pre-defined
list of location area codes (LACs) and allows/restricts
the NRPCA procedure for calls within the listed area codes.
instance:
Enter a list ID; an integer between 1 and 5.
IMPORTANT:
Before using this
keyword, ensure that the appropriate LAC information has been defined with
the location-area-list command,
also in this configuration mode.
failure-codes code
Enter an integer from
192 to 226 to identify the GTPP failure cause code (from 3GPP TS29.060,
list below) to be included in the reject messages when NRPCA is
restricted. If a failure cause code is not defined, the default
value is 200 (service not supported).
- 192 - Non-existent
- 193 - Invalid message
format
- 194 - IMSI not known
- 195 - MS is GPRS Detached
- 196 - MS is not GPRS
Responding
- 197 - MS Refuses
- 198 - Version not supported
- 199 - No resources
available
- 200 - Service not supported
- 201 - Mandatory IE
incorrect
- 202 - Mandatory IE
missing
- 203 - Optional IE incorrect
- 204 - System failure
- 205 - Roaming restriction
- 206 - P-TMSI Signature
mismatch
- 207 - GPRS connection
suspended
- 208 - Authentication
failure
- 209 - User authentication
failed
- 210 - Context not found
- 211 - All dynamic PDP
addresses are occupied
- 212 - No memory is
available
- 213 - Relocation failure
- 214 - Unknown mandatory
extension header
- 215 - Semantic error
in the TFT operation
- 216 - Syntactic error
in the TFT operation
- 217 - Semantic errors
in packet filter(s)
- 218 - Syntactic errors
in packet filter(s)
- 219 - Missing or unknown
APN
- 220 - Unknown PDP address
or PDP type
- 221 - PDP context without
TFT already activated
- 222 - APN access denied – no
subscription
- 223 - APN Restriction
type incompatibility with currently active PDP Contexts
- 224 - MS MBMS Capabilities
Insufficient
- 225 - Invalid Correlation-ID
- 226 - MBMS Bearer Context
Superseded
Usage:
Use this command to
allow or restrict network-requested PDP context activation (NRPCA)
based on access-type and location areas. NRPCA is used when there
is downlink data at the GGSN for a subscriber, but there is no valid
context for the already-established PDP address so the GGSN initiates
an NRPCA procedure towards the SGSN.
This command can also
be used to define the failure cause code that will be included in activation
reject messages.
These commands can
be repeated to define a unique set of NRPCA parameters for each access-type
and each location area list.
The T3385-timeout and
the max-actv-retransmission timers
configure the retransmission timer and the number of retries for
PDP context activation requests. Both of these timers are set in
the SGSN service configuration mode.
The configuration for
NRPCA can be viewed via the show call-control-profile
full name profile_name. Statistics
associated with NRPCA can be seen via the show gmm-sm statistics output
and via the show
sgtpc statistics verbose output.
Example:
The following command
changes the failure code for Reject messages from 200 (service not supported)
to 205 (roaming restriction) for primary NRPCA for all GRPS access
and all LACs:
network-initiated-pdp-activation
primary access-type gprs all failure-code 205
The following command
enables network-initiated primary PDP context activation for UMTS
calls from the LACs in location-area-list 1:
network-initiated-pdp-activation
allow primary access-type umts location-area-list instance 1
The following command
restricts network-initiated primary PDP context activation for UMTS
calls from the LACs in location-area-list 2:
network-initiated-pdp-activation
restrict primary access-type umts location-area-list instance 2
override-arp-with-ggsn-arp
Enables or disables
the ability of the SGSN to override an Allocation/Retention Priority
(ARP) value with one received from a GGSN. If there is no authorized
Evolved ARP received from the GGSN, by default the SGSN continues
to use the legacy ARP included in the Quality of Service (QoS) Profile
IE.
Privilege:
Security Administrator,
Administrator
Syntax
[ remove ] override-arp-with-ggsn-arp
remove
Adding the remove keyword
to the command disables the override feature.
Usage:
Enabling this function
on the SGSN will allow the ARP sent by the GGSN, in CPCR / UPCR / UPCQ,
to be applicable as an overriding value.
Example:
Use this command to
configure the SGSN to negotiate the ARP to be used as an overriding value:
override-arp-with-ggsn-arp
pdp-activate access-type
Configures the PDP
context activation option based the type of access technology.
Privilege:
Security Administrator,
Administrator
Syntax
pdp-activate access-type { grps | umts } { all | location-area-list
instance instance } failure-code failure_code
default pdp-activate
access-type { grps | umts } { all | location-area-list
instance instance } failure-code code
default
Resets the configuration
to system default values for PDP context activation request.
{ grps | umts }
Specifies the access
technology type for PDP context activation.
- gprs: Enables
access type as GPRS.
- umts: Enables
access type as UMTS.
all
Default: allow
Configures the system
to allow the creation of all PDP context activation requests received from
MS.
location-area-list
instance instance
Specifies the location
area instance for which to create a PDP context as an integer from
1 through 5. The value must be an already defined instance of a
location area code (LAC) list created via the location-area-list command.
failure-code code
Specifies the failure
code for PDP context activation as an integer from 8 through 112. Default:
8
Usage:
Use this command to
configure this call control profile to allow GPRS/UMTS
access through PDP context activation request from MS.
Example:
The following command
configures the system to create the PDP context for requests from MS
for GPRS access with location area list instance
2 and failure-code
5:
pdp-activate access-type
gprs location-area-list 2 failure-code 5
pdp-activate allow
Configures the system
to allow the PDP context activation based on the type of access
technology.
Privilege:
Security Administrator,
Administrator
Syntax
[ no ] pdp-activate
allow access-type { grps | umts } location-area-list
instance instance
no
Removes the configured
permission to create PDP context on request of PDP context activation
from MS for an access type.
access-type { grps | umts }
Specifies the access
technology type for PDP context activation.
- gprs: Enables
access type as GPRS.
- umts: Enables
access type as UMTS.
location-area-list
instance instance
Specifies the location
area instance to create PDP context.
instance must
be an integer from 1 through 5. The value must be an already defined
instance of a location area code (LAC) list created via the location-area-list command.
Usage:
Use this command to
configure this call control profile to allow GPRS/UMTS
access through PDP context activation request from MS.
Example:
The following command
configures the system to allow the PDP context activation for GPRS
access type with location area list instance
2:
pdp-activate allow
access-type gprs location-area-list instance 2
pdp-activate restrict
Configures the system
to restrict the PDP context activation based on the type of access
technology.
Privilege:
Security Administrator,
Administrator
Syntax
[ no ] pdp-activate
restrict { { access-type { grps | umts } { all | location-area-list
instance instance } | secondary-activation { access-type { grps | umts } { all | location-area-list
instance instance } } }
no
Removes the configured
restriction on PDP context activation through this command.
access-type { grps | umts }
Specifies the access
technology type for which to restrict PDP context activation.
- gprs: Enables
access type as GPRS.
- umts: Enables
access type as UMTS.
all
Default: allow
Configures the system
to restrict all PDP context activation requests from the MS.
location-area-list
instance instance
Specifies the location
area instance to restrict PDP context activation.
list_id must
be an integer from 1 through 5. The value must be an already defined
instance of a location area code (LAC) list created with the location-area-list command.
secondary-activation
Specifies the type
of PDP context to restrict for secondary activation. This keyword
restricts the system to create the secondary PDP context on receiving
the PDP Context Activation Request from the MS.
Usage:
Use this command to
configure this call control profile to restrict GPRS/UMTS
access through PDP context activation request from MS.
Example:
The following command
configures the system to restrict the PDP context activation for request
from MS to access GPRS service with location area list instance
2:
pdp-activate restrict
access-type gprs location-area-list instance 2
peer-nri-length
Enables the SGSN to
use NRI-FQDN-based DNS resolution for non-local RAIs when selection
of the call control profile is based on the old-RAI and the PLMN
Id of the RNC where the subscriber originally attached.
Privilege:
Security Administrator,
Administrator
Syntax
peer-nri-length length
remove peer-nri-length
remove
Deletes the NRI length
configuration for the non-local RAIs and the SGSN sends RAI-FQDN-based
DNS resolution.
length
This defines the NRI
length for the peer SGSN and enables use of NRI-FQDN-based DNS resolution
for non-local RAIs. This variable allows for an integer from 1 to
10.
Usage:
IMPORTANT:
Currently, this feature
is supported for 3G subscribers only.
The command enables
the SGSN to perform DNS query with an NRI when RAU comes from an
SGSN outside the pool. The SGSN uses NRI-FQDN-based DNS resolution
for the non-local RAIs for 3G subscribers in place of RAI-FQDN-based
DNS resolution.
This functionality is
applicable in situations for either inter- or intra-PLMN when the SGSN
has not chosen a local NRI value (configured with SGSN Service commands)
other than local-pool-rai
or nb-rai
. This
means the RAI (outside pool but intra-PLMN) NRI length configured
here will be applicable even for intra-PLMN with differently configured
NRI lengths (different from the local pool).
This functionality
is not applicable to call control profiles with an associated
MSIN range as ccprofile selection is not IMSI-based. When this feature
is enabled, the selection of the ccprofile is based on the old-RAI
and the PLMN Id (if configured) of the RNC where the subscriber
originally attached.
plmn-protocol
Configures the protocol
supported by the PLMN (Public Land Mobile Network).
Privilege:
Security Administrator,
Administrator
Syntax
plmn-protocol plmnid
mcc mcc_num mnc mnc_num { s5-protocol | s8-protocol } { gtp | pmip }
remove plmn-protocol
plmnid mcc mcc_num mnc mnc_num
remove
Deletes the definition
from the call control profile configuration.
plmn-id mcc mcc_num mnc mnc_num
Identifies the PLMN
by MCC (mobile country code) and MNC (mobile network code).
mcc_num:
Enter a 3-digit integer from 100-999.
mnc_num:
Enter a 2- or 3-digit integer from 00 to 999.
s5-protocol | s8-protocol
Select which protocol – S5
or S8 – that controls the identified PLMN.
gtp | pmip
Select the protocol variant
- GTP or PMIP - that controls functionality for the identified PLMN.
Usage:
Use this command to
identify a particular PLMN and, at a higher level, its operational characteristics.
Example:
The following command
instructs the MME to use PLMN MCC423.MNC40.GPRS with PMIP under
S8 Protocol:
plmn-protocol plmnid
mcc 423 mnc 40 s8-protocol pmip
ptmsi-reallocate
Defines P-TMSI reallocation
for Attach Requests, RAU Request, and Service Requests.
Privilege:
Security Administrator,
Administrator
Syntax
ptmsi-reallocate { attach | frequency frequency | interval interval | routing-area-update [ update-type ] | service-request [ service-type ] } [ access-type { gprs | umts } ]
ptmsi-reallocate routing-area-update [ access-type { gprs | umts } | frequency frequency | update-type { combined-update | imsi-combined-update | periodic | ra-update } [ access-type { gprs | umts } | frequency frequency ] ]
ptmsi-reallocate service-request [ frequency frequency | service-type { data | page-response | signaling } [ frequency frequency ] ]
[ no | remove ] ptmsi-reallocate { attach | frequency | interval | routing-area-update [ update-type { combined-update | imsi-combined-update | periodic | ra-update } [ access-type { gprs | umts } ] ] | service-request [ service-type { data | page-response | signaling } ] } [ access-type { gprs | umts } ]
no
Disables the authentication
procedures configured for the specified P-TMSI reallocation configuration
in the call control profile.
remove
Deletes the defined
authentication procedures for the specified P-TMSI reallocation configuration
from the call control profile configuration file.
attach
Enables/disables
P-TMSI reallocation for Attach with local P-TMSI.
IMPORTANT:
IMSI or inter-SGSN
Attach is not configurable and will always be reallocated.
access-type type
One of the following
must be selected to reallocate on the basis of the type of network access:
This keyword can be
used in combination with other keywords to refine the reallocation configuration.
frequency frequency
Defines frequency of
the reallocation based on the number of messages skipped. If the frequency
is set for 1, then the SGSN skips 1 message and then reallocates
on receipt of the 2nd (alternate) request message. If the frequency
is set for 12, then the SGSN skips reallocation for 12 messages
and reallocates on receipt of the 13th request message. This keyword
can be used in combination with other keywords to refine the reallocation
configuration.
frequency must
be an integer from 1 to 50.
By default, frequency
is not defined and, therefore, reallocation is done for every request message
and none are skipped.
interval minutes
Enter an integer between
1 and 1440 to define the time interval (in minutes) for skipping
the service/RAU/attach request message procedure.
routing-area-update [ update-type ]
Enables/disables
P-TMSI reallocation for RAU (routing area update) with local P-TMSI.
To refine the reallocation configuration, include one of the optional
types of updates to limit reallocation:
- combined-update
- imsi-combined-update
- periodic
- ra-update
IMPORTANT:
Inter-SGSN RAU will
always be reallocated.
service-request [ service-type ]
Enables/disables
P-TMSI reallocation for Service Requests. To refine the Service-Request reallocation
configuration, include on of the optional service-types to limit
the reallocation:
- data
- page-response
- signaling
Usage:
By default, reallocation
is not enabled. Use this command to enable P-TMSI reallocation for
Attach Requests, RAU Request, and Service Requests. Fine-tune the
reallocation configuration according to frequency, interval, or
access-type.
Example:
The following command
configures the SGSN to perform P-TMSI reallocation upon receiving
2G Attach Requests
ptmsi-reallocate attach
access-type gprs
The following command
configures the SGSN to disable all previously defined P-TMSI reallocations
based on the combined criteria of interval and 3G requests:
no ptmsi-reallocate
interval access-type umts
ptmsi-signature-reallocate
Enables P-TMSI signature
reallocation during Attach/RAU procedures.
Privilege:
Security Administrator,
Administrator
Syntax
ptmsi-signature-reallocate { attach | frequency frequency | interval interval | ptmsi-reallocation-command | routing-area-update [ update-type ] } [ access-type { gprs | umts } | frequency frequency ]
ptmsi-signature-reallocate
routing-area-update [ access-type { gprs | umts } | frequency frequency | update-type { combined-update | imsi-combined-update | periodic | ra-update } ] [ access-type { gprs | umts } | frequency frequency ]
[ no | remove ] ptmsi-signature-reallocate { attach | frequency | interval | routing-area-update [ update-type { combined-update | imsi-combined-update | periodic | ra-update } ] } [ access-type { gprs | umts } ]
no
Disables the authentication
procedures configured for the specified P-TMSI signature reallocation
configuration in the call control profile.
remove
Deletes the defined
authentication procedures for the specified P-TMSI signature reallocation
configuration from the call control profile configuration file.
attach
Enables/disables
P-TMSI signature reallocation for Attach with local P-TMSI.
access-type type
One of the following
must be selected to reallocate on the basis of the type of network access:
This keyword can be
used in combination with other keywords to refine the reallocation configuration.
frequency frequency
Defines 1-in-N selective
reallocation. If the frequency is set for 12, then the SGSN skips reallocation
for the first 11 messages and reallocates on receipt of the twelfth
request message.
frequency must
be an integer from 1 to 50.
This keyword can be
used in combination with other keywords to refine the reallocation configuration.
interval minutes
Enter an integer between
1 and 1440 to define the time interval (in minutes) for skipping
the service/RAU/attach request message procedure
before performing a P-TMSI signature reallocation.
ptmsi-reallocation-command
Includes P-TMSI signature
reallocation as a part of the P-TMSI reallocation configuration.
routing-area-update [ update-type ]
Enables/disables
P-TMSI signature reallocation for RAU (routing area update) with
local P-TMSI. To refine the reallocation configuration, include
one of the optional types of updates to limit reallocation:
- combined-update
- imsi-combined-update
- periodic
- ra-update
Usage:
By default, P-TMSI
signature reallocation is disabled. This command allows the operator to
configure when the P-TMSI signature is reallocated.
Example:
The following command
configures the SGSN to reallocate the P-TMSI signature for every third
UMTS attach procedure:
ptmsi-signature-reallocate
attach frequency 3 access-type umts
The following command
configures the SGSN to reallocate the P-TMSI signature for every seventh
GPRS periodic RAU procedure:
ptmsi-signature-reallocate
routing-area-update uupdate-type periodic frequency 7 access-type gprs
The following command
removes all configuration instances for reallocating the P-TMSI signature
based on intervals and UMTS access:
remove ptmsi-signature-reallocate
interval access-type umts
qos
Configures the quality
of service (QoS) parameters to be applied.
Privilege:
Security Administrator,
Administrator
Syntax
qos { gn-gp | ue-ambr }
qos gn-gp { arp
high-priority priority medium-priority priority | pre-emption { capability { may-trigger-pre-emption | shall-not-trigger-pre-emption } | vulnerability { not-pre-emptable | pre-emptable }
qos ue-ambr { max-ul mbr_up max-dl mbr_dl }
remove qos { gn-gp | ue-ambr }
remove
Deletes the configuration
from the call control profile.
gn-gp
Configures Gn-Gp pre-release
8 ARP and pre-emption parameters.
arp
Maps usage of ARP
(allocation/retention policy) high-priority (H) and medium-priority (M):
- high-priority priority: Enter
an integer from 1 to 13.
- medium-priority priority: Enter
an integer from 2 to 14.
pre-emption
Defines the pre-emption/vulnerability
criteria for PDP Contexts imported from SGSN on Gn/Gp:
-
capability
- may-trigger-pre-emption:
PDP Contexts imported from Gn/Gp SGSN may preempt existing
bearers.
- shall-not-trigger-pre-emption:
PDP Contexts imported from Gn/Gp SGSN shall not preempt
existing bearers.
-
vulnerability
- not-pre-emptable:
PDP Contexts imported from Gn/Gp SGSN are not vulnerable
to pre-emption.
- pre-emptable:
PDP Contexts imported from Gn/Gp SGSN are vulnerable to
pre-emption.
ue-ambr
Configures the aggregate
maximum bit rate that will be stored on the UE (user equipment).
- max-ul mbr-up: Defines
the maximum bit rate for uplink traffic.mbr-up: Enter
a value from 0 to 1410065408.
- max-dl mbr-up: Defines the
maximum bit rate for downlink traffic.mbr-up: Enter
a value from 0 to 1410065408.
Usage:
Use this command to
configure the MME QoS parameters for the call control profile.
Example:
qos gn-gp arp high-priority
2 medium-priority 3
rau-inter
Defines an acceptable
procedure for inter-SGSN routing area updates.
Privilege:
Security Administrator,
Administrator
Syntax
rau-inter { accept
use-auth-vector } | access-type { { gprs | umts } { all | location-area-list
instance instance } { failure-code fail_code | user-device-release { before-r99 | r99-or-later } failure-code fail_code } } | allow
accept access-type { gprs | umts } location-area-list
instance instance | ignore-peer-context-id | peer-sgsn-addr-resolution-failure
failure-code fail_code | restrict
access-type { { gprs | umts } { all | location-area-list
instance instance } }
default rau-inter ( accept
use-auth-vector | access-type { { gprs | umts } { all | location-area-list
instance instance } user-device-release { before-r99 | r99-or-later } failure-code fail_code } } | failure-code fail_code | ignore-peer-context-id | peer-sgsn-addr-resolution-failure
failure-code fail_code }
no rau-inter ( accept
use-auth-vector | allow access-type { gprs | umts } location-area-list
instance instance | ignore-peer-context-id | restrict
access-type { gprs | umts } { all | location-area-list
instance instance } }
no
Including “no” as
part of the command structure disables the values already configured
for parameters specified in the command.
default
Resets the configuration
of specified parameters to system default values.
accept use-auth-vector
Sets the SGSN to accept
using the authorization vector.
allow access-type
Including this keyword
with one of the following options, configures the SGSN to allow MS/UE
with the identified access-type extension to be part of the intra-RAU
procedure.
- gprs - General
Packet Radio Service
- umts - Universal
Mobile Telecommunications System
ignore-peer-context-id
Sets the SGSN to ignore
the peer's context-ID and replace with PDP context-ID information based
on the HLR subscription.
restrict access-type
Including this keyword-set
with one of the following options, configures the SGSN to restrict
MS/UE with the identified access-type extension from the
inter-RAU procedure.
- gprs - General
Packet Radio Service
- umts - Universal
Mobile Telecommunications System
all
all - adding
this option to the keyword determines that the failure cause code
will be applicable to all location areas.
location-area-list
instance instance
list_id must
be an integer between 1 and 5. The value must be an already defined
instance of a location area code (LAC) list created with the location-area-list command.
failure-code fail-code
Specify a GSM Mobility
Management (GMM) failure cause code to identify the reason an inter
SGSN RAU does not occur. This GMM cause code will be sent in the
reject message to the MS.
fail-code must
be an integer from 2 to 111. Refer to the GMM failure cause codes
listed below (from section 10.5.5.14 of the 3GPP TS 124.008 v7.2.0
R7):
- 2 - IMSI unknown in
HLR
- 3 - Illegal MS
- 6 - Illegal ME
- 7 - GPRS services
not allowed
- 8 - GPRS services
and non-GPRS services not allowed
- 9 - MSID cannot be
derived by the network
- 10 - Implicitly detached
- 11 - PLMN not allowed
- 12 - Location Area
not allowed
- 13 - Roaming not allowed
in this location area
- 14 - GPRS services
not allowed in this PLMN
- 15 - No Suitable Cells
In Location Area
- 16 -MSC temporarily
not reachable
- 17 - Network failure
- 20 - MAC failure
- 21 - Synch failure
- 22 - Congestion
- 23 - GSM authentication
unacceptable
- 40 - No PDP context
activated
- 48 to 63 - retry upon
entry into a new cell
- 95 - Semantically
incorrect message
- 96 - Invalid mandatory
information
- 97 - Message type
non-existent or not implemented
- 98 - Message type
not compatible with state
- 99 - Information element
non-existent or not implemented
- 100 - Conditional
IE error
- 101 - Message not
compatible with the protocol state
- 111 - Protocol error,
unspecified
user-device-release { before-r99 | r99-or-later } failure-code
code
Default: Disabled
Enables the SGSN to
reject an Inter-RAU procedure based on the detected 3GPP release version
of the MS equipment and selectively send a failure cause code in
the reject message. The SGSN uses the following procedure to implement
this configuration:
- When Attach Request
is received, the SGSN checks the subscriber’s IMSI and current
location information.
- Based on the IMSI,
an operator policy and call control profile is found that relates
to this Attach Request.
- call control profile
is checked for access limitations.
- Attach Request is
checked to see if the revision indicator bit is set
- if not, then the configured
common failure code for reject is sent;
- if set, then the 3GPP
release level is verified and action is taken based on the configuration
of this parameter
One of the following
options must be selected and completed:
- before-r99:
Indicates the MS would be a 3GPP release prior to R99 and an appropriate
failure code should be defined.failure-code code: Enter
an integer from 2 to 111.
- r99-or-later:
Indicates the MS would be a 3GPP Release 99 or later and an appropriate
failure code should be defined.failure-code code: Enter
an integer from 2 to 111.
Usage:
Use this command to
configure the restrictions and function of the inter-RAU procedure.
Example:
Configure default
inter-RAU settings for Edge calls from subscribers on location-area-list no.
1:
default rau-inter allow
access-type gprs location-area-list instance 1
rau-inter-plmn
Enables or disables
restriction of all Routing Area Updates (RAUs) occurring between
different PLMNs.
Privilege:
Security Administrator,
Administrator
Syntax
rau-inter-plmn access-type { all | location-area-list
instance instance } { failure-code fail_code | user-device-release { before-r99 }
failure-code fail_code | r99-or-later
} { failure-code fail_code } }
default rau-inter-plmn
access-type { all | location-area-list instance instance} user-device-release { before-r99
failure-code | r99-or-later failure-code }
[ no ] rau-inter-plmn { restrict | allow } access-type { gprs | umts } { all | location-area-list
instance instance }
[ no ] rau-inter-plmn { allow
access-type | restrict access-type } { [ all ] failure-code fail_code | location-area-list instance instance }
default rau-inter { allow
access-type | restrict access-type } { [ all ] failure-code fail_code | location-area-list instance instance } }
no
Including “no” as
part of the command structure disables the values already configured
for parameters specified in the command.
default
Resets the configuration
of specified parameters to system default values.
allow access-type
Including this keyword-set
with one of the following options, configures the SGSN to allow MS/UE
with the identified access-type extension to be part of the intra-RAU
procedure.
- gprs - General
Packet Radio Service
- umts - Universal
Mobile Telecommunications System
restrict access-type
Including this keyword-set
with one of the following options, configures the SGSN to restrict
MS/UE with the identified access-type extension from the
inter-RAU procedure.
- gprs - General
Packet Radio Service
- umts - Universal
Mobile Telecommunications System
all
all - adding
this option to the keyword determines that the failure cause code
will be applicable to all location areas.
location-area-list
instance instance
list_id must
be an integer between 1 and 5. The value must be an already defined
instance of a LAC list created with the location-area-list command.
failure-code fail-code
Specify a GSM Mobility
Management (GMM) failure cause code to identify the reason an inter
SGSN RAU does not occur. This GMM cause code will be sent in the
reject message to the MS.
fail-code must
be an integer from 2 to 111. Refer to the GMM failure cause codes
listed below (from section 10.5.5.14 of the 3GPP TS 124.008 v7.2.0
R7):
- 2 - IMSI unknown in
HLR
- 3 - Illegal MS
- 6 - Illegal ME
- 7 - GPRS services
not allowed
- 8 - GPRS services
and non-GPRS services not allowed
- 9 - MSID cannot be
derived by the network
- 10 - Implicitly detached
- 11 - PLMN not allowed
- 12 - Location Area
not allowed
- 13 - Roaming not allowed
in this location area
- 14 - GPRS services
not allowed in this PLMN
- 15 - No Suitable Cells
In Location Area
- 16 -MSC temporarily
not reachable
- 17 - Network failure
- 20 - MAC failure
- 21 - Synch failure
- 22 - Congestion
- 23 - GSM authentication
unacceptable
- 40 - No PDP context
activated
- 48 to 63 - retry upon
entry into a new cell
- 95 - Semantically
incorrect message
- 96 - Invalid mandatory
information
- 97 - Message type
non-existent or not implemented
- 98 - Message type
not compatible with state
- 99 - Information element
non-existent or not implemented
- 100 - Conditional
IE error
- 101 - Message not
compatible with the protocol state
- 111 - Protocol error,
unspecified
user-device-release { before-r99 | r99-or-later } failure-code
code
Default: Disabled
Enables the SGSN to
reject an Inter-RAU procedure based on the detected 3GPP release version
of the MS equipment and selectively send a failure cause code in
the reject message. The SGSN uses the following procedure to implement
this configuration:
- When Attach Request
is received, the SGSN checks the subscriber’s IMSI and
current location information.
- Based on the IMSI,
an operator policy and call control profile are found that relate
to this Attach Request.
- The call control profile
is checked for access limitations.
- Attach Request is
checked to see if the revision indicator bit is set
- if not, then the configured
common failure code for reject is sent;
- if set, then the 3GPP
release level is verified and action is taken based on the configuration
of this parameter
One of the following
options must be selected and completed:
- before-r99:
Indicates the MS would be a 3GPP release prior to R99 and an appropriate
failure code should be defined.failure-code code: Enter
an integer from 2 to 111.
- r99-or-later:
Indicates the MS would be a 3GPP Release 99 or later and an appropriate
failure code should be defined.failure-code code: Enter
an integer from 2 to 111.
Usage:
Use this command to
configure the restrictions and function of the inter-RAU procedure occurring
across RNCs or BSSs where the PLMN changes. For example:
- inter-IuPS RAU, where
the two IuPSs have different PLMNs
- inter-GPRS RAU, where
the two GPRSs have different PLMNs
- inter-RAT RAU (2G >
3G), where the IuPS/GPRS services have different PLMNs
- inter-RAT-RAU (3G >
2G), where the IuPS/GPRS services have different PLMNs
Example:
default rau-inter allow
access-type gprs location-area-list instance 1
rau-intra
Defines an acceptable
procedure for intra-SGSN Routing Area Updates (RAUs).
Privilege:
Security Administrator,
Administrator
Syntax
rau-intra access-type { all | location-area-list instance instance } { failure-code fail_code | user-device-release { before-r99
} { failure-code fail_code | r99-or-later
} { failure-code fail_code } }
default rau-intra
access-type { all | location-area-list instance instance} user-device-release { before-r99
failure-code | r99-or-later failure-code }
rau-intra { allow
access-type | restrict access-type } { [ all ] failure-code fail_code | location-area-list
instance instance } }
no rau-intra { allow
access-type | restrict access-type } { [ all ] failure-code fail_code | location-area-list
instance instance }
default rau-intra { allow
access-type | restrict access-type } { [ all ] failure-code fail_code | location-area-list
instance instance } }
no
Including “no” as
part of the command structure disables the values already configured
for parameters specified in the command.
default
Resets the configuration
of specified parameters to system default values.
allow access-type
Including this keyword-set
with one of the following options, configures the SGSN to allow an
MS/UE with the identified access-type extension to be part
of the intra-RAU procedure.
- gprs - General
Packet Radio Service
- umts - Universal
Mobile Telecommunications System
restrict access-type
Including this keyword-set
with one of the following options, configures the SGSN to restrict
an MS/UE with the identified access-type extension from
the intra-RAU procedure.
- gprs - General
Packet Radio Service
- umts - Universal
Mobile Telecommunications System
all
all - adding
this option to the keyword determines that the failure cause code
will be applicable to all location areas.
location-area-list
instance instance
list_id must
be an integer between 1 and 5. The value must be an already defined
instance of a location area code (LAC) list created via the location-area-list command.
failure-code fail-code
Specify a GSM Mobility
Management (GMM) failure cause code to identify the reason an inter
SGSN RAU does not occur. This GMM cause code will be sent in the
reject message to the MS.
fail-code must
be an integer from 2 to 111. Refer to the GMM failure cause codes
listed below (from section 10.5.5.14 of the 3GPP TS 124.008 v7.2.0
R7):
- 2 - IMSI unknown in
HLR
- 3 - Illegal MS
- 6 - Illegal ME
- 7 - GPRS services
not allowed
- 8 - GPRS services
and non-GPRS services not allowed
- 9 - MSID cannot be
derived by the network
- 10 - Implicitly detached
- 11 - PLMN not allowed
- 12 - Location Area
not allowed
- 13 - Roaming not allowed
in this location area
- 14 - GPRS services
not allowed in this PLMN
- 15 - No Suitable Cells
In Location Area
- 16 -MSC temporarily
not reachable
- 17 - Network failure
- 20 - MAC failure
- 21 - Synch failure
- 22 - Congestion
- 23 - GSM authentication
unacceptable
- 40 - No PDP context
activated
- 48 to 63 - retry upon
entry into a new cell
- 95 - Semantically
incorrect message
- 96 - Invalid mandatory
information
- 97 - Message type
non-existent or not implemented
- 98 - Message type
not compatible with state
- 99 - Information element
non-existent or not implemented
- 100 - Conditional
IE error
- 101 - Message not
compatible with the protocol state
- 111 - Protocol error,
unspecified
user-device-release { before-r99 | r99-or-later } failure-code
code
Default: Disabled
Enables the SGSN to
reject an Intra-RAU procedure based on the detected 3GPP release version
of the MS equipment and selectively send a failure cause code in
the reject message. The SGSN uses the following procedure to implement
this configuration:
- When Attach Request
is received, the SGSN checks the subscriber’s IMSI and
current location information.
- Based on the IMSI,
an operator policy and call control profile are found that relate
to this Attach Request.
- Call control profile
is checked for access limitations.
- Attach Request is
checked to see if the revision indicator bit is set
- if not, then the configured
common failure code for reject is sent;
- if set, then the 3GPP
release level is verified and action is taken based on the configuration
of this parameter
One of the following
options must be selected and completed:
- before-r99:
Indicates the MS would be a 3GPP release prior to R99 and an appropriate
failure code should be defined.failure-code code: Enter
an integer from 2 to 111.
- r99-or-later:
Indicates the MS would be a 3GPP Release 99 or later and an appropriate
failure code should be defined.failure-code code: Enter
an integer from 2 to 111.
Usage:
Use this command to
configure the restrictions and function of the intra-RAU procedure.
Example:
default rau-intra allow
access-type gprs location-area-list instance 1
re-authenticate
Enables or disables
the re-authentication feature.
This
command is available in releases 8.1 and higher.
Privilege:
Security Administrator,
Administrator
Syntax
re-authenticate [ access-type { gprs | umts } ]
remove re-authenticate
remove
Including this keyword
with the command disables the feature. The feature is disabled by default.
access-type
Defines the type of
access to be allowed or restricted.
If this keyword is
not included, then both access types are allowed by default.
Usage:
Use this command to
enable or disable the re-authentication feature, which instructs
the SGSN to retry authentication with another RAND in situations
where failure of the first authentication has occurred. To address
the introduction of new SIM cards, for security reasons a systematic
"last chance" authentication retry with a fresh Authentication Vector
is needed, particularly in cases where there is an SRES mismatch
at authentication.
regional-subscription-restriction
Allows the operator
to define the cause code for subscriber rejection when it is due
to regional subscription information failure.
Privilege:
Security Administrator,
Administrator
Syntax
[ remove ]
regional-subscription-restriction [ failure-code code | user-device-release { before-r99
failure-code code | r99-or-later
failure-code code } ]
remove
This keyword causes
the configuration to be deleted from the call control profile configuration.
failure-code cause_code
cause_code: Enter
an integer from 2 to 111; default code is 13 (roaming not allowed
in this location area [LA]).
Refer to the GMM failure
cause codes listed below (from section 10.5.5.14 of the 3GPP TS 124.008
v7.2.0 R7):
- 2 - IMSI unknown in
HLR
- 3 - Illegal MS
- 6 - Illegal ME
- 7 - GPRS services
not allowed
- 8 - GPRS services
and non-GPRS services not allowed
- 9 - MSID cannot be
derived by the network
- 10 - Implicitly detached
- 11 - PLMN not allowed
- 12 - Location Area
not allowed
- 13 - Roaming not allowed
in this location area
- 14 - GPRS services
not allowed in this PLMN
- 15 - No Suitable Cells
In Location Area
- 16 - MSC temporarily
not reachable
- 17 - Network failure
- 20 - MAC failure
- 21 - Synch failure
- 22 - Congestion
- 23 - GSM authentication
unacceptable
- 40 - No PDP context
activated
- 48 to 63 - retry upon
entry into a new cell
- 95 - Semantically
incorrect message
- 96 - Invalid mandatory
information
- 97 - Message type
non-existent or not implemented
- 98 - Message type
not compatible with state
- 99 - Information element
non-existent or not implemented
- 100 - Conditional
IE error
- 101 - Message not
compatible with the protocol state
- 111 - Protocol error,
unspecified
user-device-release { before-r99 | r99-or-later } failure-code
code
Enables the SGSN to
assign a reject cause code based on the detected 3GPP release version of
the MS equipment.
One of the following
options must be selected and completed:
- before-r99:
Indicates the MS would be a 3GPP release prior to R99 and an appropriate
failure code should be defined.failure-code code: Enter
an integer from 2 to 111. Refer to the list above.
- r99-or-later:
Indicates the MS would be a 3GPP Release 99 or later and an appropriate
failure code should be defined.failure-code code: Enter
an integer from 2 to 111. Refer to the list above.
Usage:
Use this command to
define GMM reject cause codes when rejection is due to regional subscription
information failure.
Example:
The following command
sets a location area rejection message, code 12 for regional restriction
rejections:
regional-subscription-restriction
failure-code 12
reuse-authentication-triplets
Creates a configuration
entry to enable or disable the reuse of authentication triplets
in the event of a failure.
Privilege:
Security Administrator,
Administrator
Syntax
[ no | remove } reuse-authentication-triplets no-limit
no
Disables this configuration
entry and disables reuse of authentication triplets.
remove
This keyword causes
the reuse configuration to be deleted from the call control profile configuration.
This is the default
behavior. Triplets are reused.
no-limit
This keyword enables
reuse triplets as needed.
Usage:
Use this command to
enable reuse of authentication triplets.
Example:
reuse-authentication-triplets
no limit
rfsp-override
Configures RAT frequency
selection priority override parameters for this call control profile.
Privilege:
Security Administrator,
Administrator
Syntax
rfsp-override { default
value | ue-val value new-val value + }
remove rfsp-override { default | ue-val
value }
remove
Deletes the rfsp-override
configuration from the call control profile.
default
Restores the default
value assigned.
ue-val value
Assign the UE value
for the RAT frequency selection priority.
value: Enter
an integer from 1 to 256.
new-val value
Assign a new RFSP
Index value.
value: Enter
an integer from 1 to 256.
Multiple UE value/new
value combinations can be configured in a single command.
Usage:
Use this command to
configure the RAT frequency selection priority override parameter.
Multiple UE value/new
value combinations can be configured.
Example:
The following command
resets the specified RFSP Index value (1) to its default value, thereby
removing the RFSP Index override value previously configured:
rfsp-override default 1
s1-reset
Configures the behavior
of user equipment (UE) on S1-reset.
Privilege:
Security Administrator,
Administrator
Syntax
s1-reset { detach-ue | idle-mode-entry }
default s1-reset
default
Reset the profile
configuration to the system default of idle-mode-entry.
detach-ue
Upon S1-reset the
MME will detach the UE.
idle-mode-entry
Upon S1-reset the
MME will move the UE to idle-mode. This is the default setting for
this command.
Usage:
Use this command to
set the MME’s reactions to an S1-reset.
Example:
Configure the MME
to put the UE into idle-mode upon receipt of S1-reset:
s1-reset idle-mode-entry
sctp-down
Configures the behavior
towards UE (user equipment) when Stream Control Transmission Protocol
(SCTP) goes down.
Privilege:
Security Administrator,
Administrator
Syntax
sctp-down { detach-ue | idle-mode-entry }
default sctp-down
default
Reset the profile
configuration to the system default when SCTP layer goes down. The default
for this command is idle-mode-entry.
detach-ue
When SCTP goes down,
the MME will detach the UE.
idle-mode-entry
When the SCTP goes
down, the MME will move the UE to idle-mode. This is the default
for this command.
Usage:
Use this command to
set the MME’s reactions when the SCTP goes down.
Example:
Configure the MME
to put the UE into idle-mode when the SCTP layer goes down:
sctp-down idle-mode-entry
sgsn-address
Defines the IP addresses
for peer SGSNs in a static SGSN address table. These configured
addresses can be used rather than using DNS.
Privilege:
Security Administrator,
Administrator
Syntax
sgsn-address rac rac-id lac lac_id [ nri nri ] prefer { fallback-for-dns | local } address { ipv4 ip_address | ipv6 ip_address }
no sgsn-address { ipv4 ip_address | ipv6 ip_address } rac rac_id lac lac_id [ nri nri ]
no
Disables the specified
peer-SGSN address configuration.
rac rac_id
Identifies the foreign
routing area code (RAC) of the peer-SGSN address to be configured
in the static peer-SGSN address table. rac_id must
be an integer from 1 to 255.
lac lac_id
Identifies the foreign
location area code (LAC) ID of the peer-SGSN address to be configured
in the static peer-SGSN address table. lac_id must
be an integer from 1 to 65535.
nri nri
Identifies the network
resource identifier stored in the P-TMSI (bit 17 to bit 23). nri must
be an integer from 0 to 63.
IMPORTANT:
Typically, use of this
keyword is optional. However, it must be included in the command when
Flex (SGSN-Pooling) is implemented.
prefer { fallback-for-dns | local }
Indicates the preferred
source of the address to be used.
- fallback-for-dns -
Instructs the SGSN to perform a DNS query to get the IP address
of the peer-SGSN. If the DNS query fails, then the IP address configured
with this command is used.
- local -
instructs the system to use the local IP address configured with
this command.
IMPORTANT:
If the prefer command
is used to change an existing sgsn-address configuration (with the
same LAC and RAC) from fallback-for-dns to local or from local to fallback-for-dns,
the new setting overwrites the previously configured setting for
all interfaces.
address { ipv4
ip_address | ipv6 ip_address }
Specifies the IP address
of the peer SGSN. Currently, the IPv6 address option is not supported
on the S4-SGSN.
- ipv4 ip_address -
specifies a valid address in IPv4 dotted-decimal notation.
- ipv6 ip_address - specifies a valid address
in IPv6 colon-separated notation.
IMPORTANT:
The ipv6 option
is under development for future use and is not supported in this
release.
Usage:
Use this command to
save time by avoiding DNS. This command enables a local mapping by
setting the peer-SGSN IP address to be used for inter-SGSN Attach
and inter-SGSN-RAU. When configured, if the SGSN receives a RAU
or an Attach Request with a P-TMSI and an old-RAI that is not local,
the SGSN consults this table and uses the configured IP address
instead of resolving via DNS. If this table is not configured, then
IP address resolution is done using DNS.
The MCC and MNC of the
RAI are taken from the IMSI range configured in the operator policy
and the LAC and RAC are configured here in the call control profile
configuration mode.
The sgsn-address command
differs from other Call Control Profile configuration mode commands
in the following ways:
- Within the SGSN’s
call logic, all other configuration elements defined with the other
commands in this mode are used after the IMSI
is learnt. The configuration defined with this command is part of
the decision logic prior to the
IMSI being known.
- With the peer-SGSN address
configured using this sgsn-address command,
the peer-SGSN-RAI’s MCC/MNC is used as a 5 or
6-digit IMSI and the operator policy and call control profile selection
are completed.
IMPORTANT:
Typically, use of this
command is optional. However, it must be included in the configuration when
Flex (SGSN-Pooling) is implemented if (1) the SGSN functions as
a default SGSN, then configure the local-NRI of other SGSN with
this command; or if (2) another SGSN is offloading, then configure
the NB-RAI/null-NRI of the peer-SGSN with this command.
Example:
Create a local peer-SGSN
address mapping of an RAI with RAC of
123 and LAC
of
4444 and
an
IPv4 address
of
123.11.313.11 for
the peer-SGSN:
sgsn-address rac 123
lac 4444 local address ipv4 123.11.313.11
sgsn-number
Defines the SGSN’s
E.164 number to be used for interactions via the Mobile Application
Part (MAP) protocol. E.164 is an ITU-T recommendation that defines
the international public telecommunication numbering plan used in
public switched telephone networks (PSTN) and some other data networks.
Privilege:
Security Administrator,
Administrator
Syntax
sgsn-number E164_number
no sgsn-number
no
Disables the use of
this configuration definition.
E164_number
Specifies a string
of 1 to 16 digits that serve as the SGSN’s E.164 identification.
Usage:
This command configures
the current SGSN E164 contact number.
The SGSN number configured
for a call control profile is related to the SGSN number configured
in the SGSN service configuration and/or in the GPRS service
configuration. If the SGSN number is not configured as part of the
call control profile configuration, then the SGSN number defined
as part of the SGSN service or GPRS service configuration is used.
When the 3G SGSN supports
multiple PLMNs configured through different IuPS services or when
network sharing is implemented, then it may be required to use different
SGSN numbers for each PLMN. In such cases, configure the per-PLMN
SGSN number in a call control profile. SGSN number definition for
a call control profile allows emulation of a different SGSN to each
HLR per PLMN. SGSN number definitions in the call control profile
also enable the SGSN to use a different SGSN number per operator
when network sharing is implemented.
Example:
Map the E.164 number
198765432123456 for
the SGSN to this call control profile configuration:
sgsn-number 198765432123456
sgtp-service
Identifies the SGTP
service configuration to be used according to this call control profile.
Privilege:
Security Administrator,
Administrator
Syntax
sgtp-service context ctxt_name service sgtp_service_name
no sgtp-service context
context ctxt_name
Specifies the SGTP
context as an alphanumeric string of 1 through 64 characters.
service sgtp_service_name
Specifies the SGTP
service name as an alphanumeric string of 1 through 64 characters.
no
Disables use of SGTP
service.
Usage:
Use this command to
configure enabling or disabling of SGTP service for this call control profile.
Example:
sgtp-service context
sgtp1 service sgtp-srvc1
sms-mo
Configures how mobile-originated
(MO) short message service (SMS) messages are handled.
Privilege:
Security Administrator,
Administrator
Syntax
[ remove ] sms-mo { { access-type { gprs | umts } { all-location-areas |
location-area-list } | allow access-type { gprs | umts } | restrict
access-type { gprs | umts } }
remove
Deletes the specified
configuration.
access-type type
Access by SMS will
be limited to SMS coming from this network type:
allow
Allow either GPRS
or UMTS type access for SMS.
restrict
Restrict either GPRS
or UMTS type access for SMS.
location-area-list
instance instance
instance must
be an integer between 1 and 5. The value must identify an already
defined location area code (LAC) list created with the location-area-list command.
failure-code code
code: Must
be an integer from 2 to 111.
Usage:
Configure filtering
for SMS-MO messaging.
Example:
sms-mo access-type
gprs all-location-areas failure-code 100
sms-mt
This command configures
how mobile-terminated (MT) short message service (SMS) messages
are handled.
Privilege:
Security Administrator,
Administrator
Syntax
[ remove ] sms-mt { { access-type { gprs | umts } { all-location-areas |
location-area-list } | allow access-type { gprs | umts } | restrict
access-type { gprs | umts } }
remove
Deletes the specified
configuration.
access-type type
Access by SMS will
be limited to SMS coming from this network type:
allow
Allow either GPRS
or UMTS type access for SMS.
restrict
Restrict either GPRS
or UMTS type access for SMS.
location-area-list
instance instance
instance must
be an integer between 1 and 5. The value must identify an already
defined LAC list created with the location-area-list command.
failure-code code
code: Must
be an integer from 2 to 111.
Usage:
Configure filtering
for SMS-MT messaging.
Example:
sms-mt access-type
gprs all-location-areas failure-code 100
srns-inter
Defines handling parameters
for Inter-SRNS (Serving Radio Network Subsystem) relocation.
Privilege:
Security Administrator,
Administrator
Syntax
srns-inter ( all failure-code | allow
location-area-list instance instance | location-area-list
instance instance failure-code code | restrict
location-area-list instance instance }
no srns-inter { allowlocation-area-list
instance instance | restrictlocation-area-list
instance instance }
default srns-inter { all | location-area-list-instance instance }
no
Deletes the inter-SRNS
relocation configuration.
default
Resets the configuration
to default values.
all failure-code code
Define the failure
code that will apply to all inter-SRNS relocations.
code: Must
be an integer from 2 to 111.
allow location-area-list
instance instance
Identify the location
area list Id (LAC Id) that will allow services in the defined location area.
location-area-list
instance instance
instance:
Must be an integer between 1 and 5 that identifies the previously
defined location area list created with the location-area-list command.
restrict location-area-list
instance instance
Identify the location
area list Id (LAC Id) that indicates the location areas where services will
be restricted.
Usage:
This command defines
the operational parameters for inter-SRNS relocation.
Example:
The following command
allows services in areas listed in LAC list #3:
srns-inter allow location-area-list
instance 3
srns-intra
Defines handling parameters
for intra-SRNS (Serving Radio Network Subsystem) relocation.
Privilege:
Security Administrator,
Administrator
Syntax
srns-intra ( all failure-code | allow
location-area-list instance instance | location-area-list
instance instance failure-code code | restrict location-area-list
instance instance }
no srns-intra { allow
location-area-list instance instance | restrictlocation-area-list
instance instance }
default srns-intra { all | location-area-list-instance instance }
no
Deletes the intra-SRNS
relocation configuration.
default
Resets the configuration
to default values.
all failure-code code
Define the failure
code that will apply to all intra-SRNS relocations.
code: Must
be an integer from 2 to 111.
allow location-area-list
instance instance
Identify the location
area list Id (LAC Id) that will allow services in the defined location area.
location-area-list
instance instance
instance:
Must be an integer between 1 and 5 that identifies the previously
defined location area list created with the location-area-list command.
restrict location-area-list
instance instance
Identify the location
area list Id (LAC Id) of the target RNC to determine the location
areas where services will be restricted.
Usage:
This command defines
the operational parameters for intra-SRNS relocation.
Example:
The following command
restricts service in areas listed in the LAC list 1:
srns-intra restrict
location-area-list instance 1
subscriber-control-inactivity
Configures \the
subscriber-control inactivity timer. The system detects inactivity when
no PDP context is activated and starts the timer.
Privilege:
Security Administrator,
Administrator
Syntax
subscriber-control-inactivity
timeout minutes time detach { immediate | next-connection | reattach-time-period }
{ no | default } subscriber-control-inactivity
no
Deletes the timer
configuration.
default
Resets the timer configuration
to the default value of 7 days (10080 minutes).
timeout minutes time[ detach ]
Sets the number of
minutes the SGSN monitors the connection after inactivity has been detected.
When the timer expires, the subscribe will be detached.
time: Enter
an integer from 1 to 20160 (two weeks).
detach [ immediate | next-connection | reattach-time-period ]
Instructs the SGSN
to detach and can be configured to specify when the detach will
occur after inactivity is detected. To fine-tune the detach instruction,
include one of the following with the command:
Usage:
Use this command to
configure the timeout timer. After this timer times out the subscriber is
detached from the SGSN.
Example:
The following command
instructs the SGSN to monitor the connection for up to
360 minutes
after inactivity is detected, or detach immediately after inactivity
is detected:
subscriber-control-inactivity
timeout minutes 360 detach immediate
super-charger
Enables or disables
the SGSN to work with a super-charged network.
Privilege:
Security Administrator,
Administrator
Syntax
[ remove ] super-charger
remove
Disables the super-charger
functionality.
Usage:
By enabling the super
charger functionality for 2G or 3G connections controlled by an operator
policy, the SGSN changes the hand-off and location update procedures
to reduce signalling traffic management.
Example:
The following command
enables the super charger feature:
super-charger
tau
Configure parameters
for the tracking area update (TAU) procedure.
Privilege:
Security Administrator,
Administrator
Syntax
tau { imei-query-type { imei | imei-sv | none } [ verify-equipment-identity [ allow-on-eca-timeout | deny-greylisted | deny-unknown ] ] | inter-rat
security-ctxt { allow-mapped | native } }
remove tau { imei-query-type | inter-rat
security-ctxt }
remove
Deletes this TAU configuration
from the call control profile.
imei-query-type { imei | imei-sv | none }
This keyword set is specific
to the MME.
Sets the IMEI query-type
if an IMEI (International Mobile Equipment Identity) is not already
present.
-
imei: Specifies
that the MME is required to query the UE for its International Mobile
Equipment Identity (IMEI).
-
imei-sv: Specifies
that the MME is required to query the UE for its International Mobile
Equipment Identity - Software Version (IMEI-SV).
-
none: Specifies
that the MME does not need to query for IMEI or IMEI-SV.
verify-equipment-identity [ allow-on-eca-timeout | deny-greylisted | deny-unknown ]
Specifies that the identification
(IMEI or IMEI-SV) of the UE is to be performed by the Equipment
Identity Register (EIR) over the S13 interface.
-
allow-on-eca-timeout:
Configures the MME to allow equipment that has timed-out on ECA
during the attach procedure.
-
deny-greylisted:
Configures the MME to deny grey-listed equipment during the attach
procedure.
-
deny-unknown:
Configures the MME to deny unknown equipment during the attach procedure.
- :
Configures the MME to ignore the IMEI validation of the equipment
during the attach procedure in emergency cases. This keyword is
only supported in release 12.2 and higher.
inter-rat security-ctxt { allow-mapped | native }
Configure inter-RAT
parameters for TAU. This keyword provides the operator with the option
of continuing with the mapped context or creating a new native context
after an inter-RAT handover.
-
allow-mapped:
Configures inter-RAT security-context type as mapped. Mapped security
context is allowed after inter-RAT handover. This is the default
value.
-
native: Configures
inter-RAT security-context type as native only. Inter-RAT handover
will always result in a native security context.
Usage:
Use this command to
define tracking area update procedures such as inter-RAT security context
and IMEI query-type.
Example:
The following command
sets the IMEI query type to IMEI-SV:
tau imei-query-type imei-sv
verify-equipment- identity
treat-as-hplmn
Enables or disables
the MME or SGSN to treat an IMSI series as coming from the home
PLMN.
Privilege:
Security Administrator,
Administrator
Syntax
[ remove ] treat-as-hplmn
remove
Deletes this configuration
from the profile. This would disable this function and is the default.
Usage:
Use this command to
enable or disable the MME/SGSN to treat an IMSI series
as coming from the home PLMN.
Example:
The following command
disables previously configured feature:
remove treat-as-hplmn
zone-code
Configures a zone
code listing of one or more location area code (LACs) included in
the zone.
Privilege:
Security Administrator,
Administrator
Syntax
zone-code zc_id location-area-code lac
no zone-code zc_id [ location-area-code lac ]
no
Removes either a specific
LAC from the zone code list. If the location-area-code parameter
is not included in the command, then the entire zone code list definition
is removed from configuration.
zc_id
Identifies an instance
of a zone code list as an integer from 1 to 65535.
location-area-code lac
Prompts for the location
area-code(s), where the subscribers can roam, that are part of the zone. lac is an
integer from 1 to 65535.
Repeat the command
with this parameter to include up to 100 LACs in the zone code list.
Usage:
IMPORTANT:
While there is no
limit to the number of zone codes that can be created, only 10 LACs
per zone code can be defined.
Use this command to
define zone code restrictions. Regional subscription data at the
home location register (HLR) is used to determine the regional subscription
area in which the subscriber is allowed to roam. The regional subscription
data consists of a list of zone codes. A zone code is comprised
of one or more location areas (identified by a LAC) into which the subscriber
is allowed to roam. Regional subscription data, if present in the
insert subscriber data (ISD) request from the HLR, defines the subscriber's
subscription area for the addressed SGSN. It contains the complete
list (up to 10 zone codes) that apply to a subscriber in the currently visited
PLMN.
During the GPRS Location
Update procedure, the zone code list is received in the ISD request
from the HLR. The zone code list from the HLR is validated against
the configured values in the operator policy. If matched, then the
ISD is allowed to proceed. If not matched, then the ISD response
is that the Network Node Area is Restricted and the GPRS Location Update
procedure fails. If no zone codes are included in the ISD (whether
or not the zone codes are defined in the SGSN configuration), then
checking is not done.
Example:
The following command
defines multiple LACs for zone code 1:
zone-code 1 lac 413
212 113