Call Control Profile Configuration Mode

Call Control Profile configuration mode defines call-handling rules which can be combined with other profiles – such as an APN profile (see the APN Profile Configuration Mode Commands chapter) – when using the Operator Policy feature. The call control profile is a key element in the Operator Policy feature and the profile is not valid until it is associated with an operator policy (see the associate command in the Operator Policy Configuration Mode Commands chapter).

The MME and SGSN each support a maximum of 1,000 call control profiles; only one profile can be associated with an operator policy.

By configuring a call control profile, the operator fine tunes any desired restrictions or limitations needed to control call handling per subscriber or for a group of callers across IMSI (International Mobile Subscriber Identity) ranges.

Upon accessing this mode, the CLI prompt be similar to the following:
[local]asr5000(config-call-control-profile-<profile_name>)#

IMPORTANT:

The commands or keywords/variables that are available are dependent on platform type, product version, and installed license(s).

access-restriction-data

Enables the operator to assign a failure code to be included in reject messages if the attach rejection is due to access restriction data (ARD) checking in the incoming subscriber data (ISD) messages. The operator can also disable the ARD checking behavior.

Platform:

ASR 5000

Product:

SGSN


Privilege:

Security Administrator, Administrator


Syntax
access-restriction-data { failure-code cause_code | no-check }remove access-restriction-data
failure-code
remove

Removes the failure code setting for the reject message that could result from ARD checking.

failure-code cause_code

cause_code: Enter an integer from 2 through 111; default code is 13 (roaming not allowed in this location area [LA]).

Refer to the GMM failure cause codes listed below (from section 10.5.5.14 of the 3GPP TS 124.008 v7.2.0 R7):

  • 2 - IMSI unknown in HLR
  • 3 - Illegal MS
  • 6 - Illegal ME
  • 7 - GPRS services not allowed
  • 8 - GPRS services and non-GPRS services not allowed
  • 9 - MSID cannot be derived by the network
  • 10 - Implicitly detached
  • 11 - PLMN not allowed
  • 12 - Location Area not allowed
  • 13 - Roaming not allowed in this location area
  • 14 - GPRS services not allowed in this PLMN
  • 15 - No Suitable Cells In Location Area
  • 16 -MSC temporarily not reachable
  • 17 - Network failure
  • 20 - MAC failure
  • 21 - Synch failure
  • 22 - Congestion
  • 23 - GSM authentication unacceptable
  • 40 - No PDP context activated
  • 48 to 63 - retry upon entry into a new cell
  • 95 - Semantically incorrect message
  • 96 - Invalid mandatory information
  • 97 - Message type non-existent or not implemented
  • 98 - Message type not compatible with state
  • 99 - Information element non-existent or not implemented
  • 100 - Conditional IE error
  • 101 - Message not compatible with the protocol state
  • 111 - Protocol error, unspecified
no-check

Including this keyword with the command disables the ARD checking behavior.


Usage:

By default, the SGSN checks access restriction data (ARD) within incoming insert subscriber data (ISD) messages. This enables operator to selectively restrict subscribers in either 3G (UTRAN) or 2G (GERAN). The SGSN ARD checking behavior occurs during the attach procedure and if a reject occurs, the SGSN sends the subscriber an Attach Reject message with a configurable failure cause code.


Example:
For this call control profile, the following command disables the ARD checking function:
access-restriction-data
no-check
accounting context

Defines the name of the accounting context and optionally associates a GTPP group with this call control profile.

Platform:

ASR 5000

Product:

S-GW, SGSN


Privilege:

Security Administrator, Administrator


Syntax
accounting context
 ctxt_name [ gtpp group grp_name ] remove accounting context
remove

Removes the accounting configuration from this profile’s configuration.

ctxt_name

Specifies the accounting context as an alphanumeric string of 1 through 79 characters.

gtpp group grp_name

Identifies the GTPP group, where the GTPP related parameters have been configured in the GTPP Group Configuration mode, to associate with this call control profile.

grp_nameis a string of 1 to 63 characters (any combination of letters and digits) to identify the GTPP group created with the gtpp group command in the Context configuration mode.


Usage:

This command can be used to associate a predefined GTPP server group - including all its associated configuration - with a specific call control profile. The GTPP group would have been defined with the gtpp group command (see the Context Configuration Mode Commands chapter).

If the GTPP group is not specified, then a default GTPP group in the accounting context will be used.

If this command is not specified, use the name of the accounting context configured in the SGSN service configuration mode (for 3G) or the GPRS service configuration mode (for 2G), either will automatically use a “default” GTPP group generated in that accounting context.

If the accounting context is specified in the GPRS service or SGSN service and in a call control profile, the priority is given to the accounting context of the call control profile.


Example:
For this call control profile, the following command identifies an accounting context called acctng1 and associates a GTPP server group named roamers with defined charging gateway accounting functionality.
accounting context
acctng1 gtpp group roamers
allocate-ptmsi-signature

Enables or disables the allocation of a P-TMSI (Packet Temporary Mobile Subscriber Identity) signature.

Platform:

ASR 5000

Product:

SGSN


Privilege:

Security Administrator, Administrator


Syntax
[ no | default ] allocate-ptmsi-signature
no

Disables the allocation of the P-TMSI signature.

default

Resets the configuration value to the default, which is to allocate the P-TMSI signature.


Usage:

Use this command to enable or disable the allocation of the P-TMSI signature.


Example:
allocate-ptmsi-signature
apn-restriction

Enables the APN restriction feature and configures the instruction for the SGSN on the action to take when an APN restriction value is received from the GGSN during an Update PDP Context procedure.

Platform:

ASR 5000

Product:

SGSN


Privilege:

Security Administrator, Administrator


Syntax
apn-restriction update-policy
deactivate restrictiondefault apn-restriction
default

Creates a default APN restriction configuration.

update-policy deactivate restriction

Specifies one of the two restriction types to define the appropriate action if the APN restriction value received conflicts with the stored value:

  • least-restrictive set the least restrictive value applicable when there are no already active PDP context(s).
  • most-restrictive sets the most stringent restriction required by any already active PDP context(s).

Usage:

When this feature is enabled, the SGSN will send the maximum APN restriction value in every CPC Request message sent to the GGSN. The SGSN expects to receive an APN restriction value in each PDP Context received from the GGSN. The SGSN stores and compares received APN restriction values to check for conflicts. In the case of a conflict, the SGSN rejects the PDP Context with appropriate messages and error codes to the MS.

If an APN restriction value is not assigned by the GGSN, the SGSN assumes the value of “1” (least restrictive) to allow APN restriction rules will be possible when valid values are assigned for new PDP Context(s) from the same MS.


Example:
The following command applies the lowest level of APN restrictions:
apn-restriction update-policy
deactivate least-restrictive
associate

Associates various MME -specific lists and databases with this call control profile.

Platform:

ASR 5000

Product:

MME


Privilege:

Security Administrator, Administrator


Syntax
associate { ho-restrict-list list_name | hss-peer-service service_name [ s13-interface | s6a-interface tai-db_name }remove associate { ho-restrict-list | hss-peer-service [ s13-interface | s6a-interface ]
remove

Remove the specified association definition from the call control profile.

ho-restrict-list list_name

Identifies the handover restriction list that should be associated with this call control profile.

list_name is a string of 1 to 64 characters (any combination of letters and digits).

hss-peer-service service_name

Associates a home subscriber server (HSS) peer service with this call control profile.

service_name is an existing HSS peer service expressed as a string of 1 to 63 characters (any combination of letters and digits).

[ s13-interface | s6a-interface ]

Optionally, identify the interface to be associated with the HSS service in this call control profile.

The s13-interface and the s6a-interface options apply to the MME only.

tai-mgmt-db tai-db_name

Identifies the tracking area identifier (TAI) database that should be associated with this call control profile.

tai-db_name is a string of 1 to 64 characters (any combination of letters and digits).

This configuration overrides the S-GW selection and TAI list assignment functionality for a call that uses an operator policy associated with this call control profile. The TAI management object provides a TAI list for calls and provides S-GW selection functionality if a DNS is not configured for S-GW discovery for this operator policy or if a DNS discovery fails.


Usage:

Use this command to associate handover restriction lists, HSS service (and interfaces), and a TAI database with the call control profile. This ensures that the information is available for application when a Request is received.

Repeat the command as needed to associate each feature.


Example:
Link HO restriction list named HOrestrict1 with this call control profile:
associate ho-restrict-list HOrestrict1
attach access-type

Defines attach-related configuration parameters for this call control profile based on the access-type (GPRS, UMTS, or both) and location area list.

IMPORTANT:

SGSN only: Before using this command, ensure that the appropriate location area code (LAC) information has been defined via the location-area-list command.

Platform:

ASR 5000

Product:

MME, SGSN


Privilege:

Security Administrator, Administrator


Syntax
attach access-type { gprs | umts } { all | location-area-list
instance list_id } { failure-code code | user-device-release { before-r99
failure code code | r99-or-later
failure code code } } default attach access-type { eps | gprs | umts } { all | location-area-list
instance list_id } { failure-code | user-device-release { before-r99 failure
code | r99-or-later failure code } 
default

Restores the default values for the for the specified parameter.

access-type type

Defines the type of access to be allowed or restricted.

  • gprs
  • umts
all

Instructs the SGSN or MME to apply the command action to all location area lists. Location area lists should already have been created with the location-area-list command. The location area list consists of one or more LACs, location area codes, where the MS is when placing the call.

location-area-list instance list_id

Instructs the SGSN to apply the command action to a specific location area list. Location area lists should already have been created with the location-area-list command. The location area list consists of one or more LACs, location area codes, where the MS is when placing the call.

Using this keyword with either the allow or restrict keywords enables you to configure with more granularity.

list_id: Enter an integer between 1 and 5.

failure-code code

Specify a GMM failure cause code to identify the reason an attach did not occur. This GMM cause code will be sent in the reject message to the MS.

Default: 14.

fail-code: Enter an integer from 2 to 111. Refer to the GMM failure cause codes listed below (from section 10.5.5.14 of the 3GPP TS 124.008 v7.2.0 R7):

  • 2 - IMSI unknown in HLR
  • 3 - Illegal MS
  • 6 - Illegal ME
  • 7 - GPRS services not allowed
  • 8 - GPRS services and non-GPRS services not allowed
  • 9 - MSID cannot be derived by the network
  • 10 - Implicitly detached
  • 11 - PLMN not allowed
  • 12 - Location Area not allowed
  • 13 - Roaming not allowed in this location area
  • 14 - GPRS services not allowed in this PLMN
  • 15 - No Suitable Cells In Location Area
  • 16 -MSC temporarily not reachable
  • 17 - Network failure
  • 20 - MAC failure
  • 21 - Synch failure
  • 22 - Congestion
  • 23 - GSM authentication unacceptable
  • 40 - No PDP context activated
  • 48 to 63 - retry upon entry into a new cell
  • 95 - Semantically incorrect message
  • 96 - Invalid mandatory information
  • 97 - Message type non-existent or not implemented
  • 98 - Message type not compatible with state
  • 99 - Information element non-existent or not implemented
  • 100 - Conditional IE error
  • 101 - Message not compatible with the protocol state
  • 111 - Protocol error, unspecified
user-device-release { before-r99 | r99-or-later } failure-code code

Default: disabled

Enables the SGSN to reject an Attach procedure based on the detected 3GPP release version of the MS equipment and selectively send a failure cause code in the reject message. The SGSN uses the following procedure to implement this configuration:

  1. When Attach Request is received, the SGSN checks the subscriber’s IMSI and current location information.
  2. Based on the IMSI, an operator policy and call control profile are found that relate to this Attach Request.
  3. Profile is checked for access limitations.
  4. Attach Request is checked to see if the revision indicator bit is set
    • if not, then the configured common failure code for reject is sent;
    • if set, then the 3GPP release level is verified and action is taken based on the configuration of this parameter

One of the following options must be selected and completed:

  • before-r99: Indicates the MS would be a 3GPP release prior to R99 and an appropriate failure code should be defined.failure-code code: Enter an integer from 2 to 111.
  • r99-or-later : Indicates the MS would be a 3GPP Release 99 or later and an appropriate failure code should be defined.failure-code code: Enter an integer from 2 to 111.

Usage:

Once the IMSI of an incoming call is known and matched with a specific operator policy, according to the filter definition of the mcc command, then the associated call control profile is selected to determine how the incoming call is handled.

By default, all attaches are allowed. If no access limitations are needed, do not use the attach command.

IMPORTANT:

Before using this command, ensure that the appropriate LAC information has been defined with the location-area-list command.

Use this command to define attach limitations for the call control profile.

Use this command to fine-tune the attach configuration specifying which calls/subscribers can attach and which calls are restricted from attaching and what failure code is included in the Reject message.

Attachment restrictions can be based on any one or combination of the options, such as location area code or access type. It is even possible to restrict all attaches.

The command can be repeated using different keyword values to further fine-tune the attachment configuration.

Related Commands

  • Use the attach restrict command to restrict attaches.
  • Use the attach allow command to re-enable restrictions after an attach restrict command has been used.

Example:
The following example sets all restrictions for access-type gprs and specified release version to the default setting.
default attach access-type
gprs all user-device-release before-r99 failure-code
attach allow

Configures the system to re-enable attaches that were previously restricted using the attach restrict command..

IMPORTANT:

SGSN only: Before using this command, ensure that the appropriate location area code (LAC) information has been defined via the location-area-list command.

Platform:

ASR 5000

Product:

MME, SGSN


Privilege:

Security Administrator, Administrator


Syntax
[ no ] attach
allow access-type { eps | gprs | umts } location-area-list
instance list_id
no

Deletes the specified attach configuration.

allow

Enables attaches in the configuration after an attach restrict command has been used.

access-type type

Defines the type of access to be allowed.

  • eps
  • gprs
  • umts
location-area-list instance list_id

Instructs the SGSN to apply the command action to a specific location area list. Location area lists should already have been created with the location-area-list command. The location area list consists of one or more LACs, location area codes, where the MS is when placing the call.

list_id: Enter an integer between 1 and 5.


Usage:

Once the IMSI of an incoming call is known and matched with a specific operator policy, according to the filter definition of the mcc command, then the associated call control profile is selected to determine how the incoming call is handled.

By default, all attaches are allowed. If no access limitations are needed, then do not use the attach command.

IMPORTANT:

Before using this command, ensure that the appropriate LAC information has been defined with the location-area-list command.

Use this command to define attach limitations for the call control profile.

Use this command to fine-tune the attach configuration specifying which calls/subscribers can attach and which calls are restricted from attaching and what failure code is included in the Reject message.

Attachment restrictions can be based on any one or combination of the options, such as location area code or access type. It is even possible to restrict all attaches.

The command can be repeated using different keyword values to further fine-tune the attachment configuration.

Related Commands

  • Use the attach access-type command to define the type of access to restrict or allow.
  • Use the attach restrict command to restrict attaches.

Example:
For calls under the purview of this call control profile, the following command allows attaches of all subscribers using the GPRS access type.
attach allow access-type
gprs all
attach imei-query-type

Defines device Attach limitations for this call control profile if an IMEI is not already present in the Attach Request.

Platform:

ASR 5000

Product:

MME, SGSN


Privilege:

Security Administrator, Administrator


Syntax
attach imei-query-type { imei | imei-sv | none } [ verify-equipment-identity [ allow-on-eca-timeout | deny-greylisted | deny-unknown ] + ] remove attach imei-query-type
remove

Deletes the specified attach configuration.

imei-query-type { imei | imei-sv | none }

Configures system behavior during Attach procedures if an IMEI is not already present in the Attach Request.

  • imei: Specifies that the system is required to query the UE for its International Mobile Equipment Identity (IMEI).
  • imei-sv: Specifies that the system is required to query the UE for its International Mobile Equipment Identity - Software Version (IMEI-SV).
  • none: Specifies that the system does not need to query for IMEI or IMEI-SV.
verify-equipment-identity [ allow-on-eca-timeout | deny-greylisted | deny-unknown ]

Specifies that the identification (IMEI or IMEI-SV) of the UE is to be performed by the Equipment Identity Register (EIR) over the S13 interface.

  • allow-on-eca-timeout: Configures the MME to allow equipment that has timed-out on ECA during the attach procedure.
  • deny-greylisted: Configures the MME to deny grey-listed equipment during the attach procedure.
  • deny-unknown: Configures the MME to deny unknown equipment during the attach procedure.

Usage:

Configures system settings related to the UE Attach procedure for the specified call control profile

The command can be repeated using different keyword values to further fine-tune the attachment configuration.


Example:
The following command configures the system to query the UE for its IMEI and to verify the UE equipment identity with an Equipment
attach imei-query-type
imei verify-equipment-identity
attach restrict

Configures the system to restrict attaches based on access type and location areas (either all or specified location area list) for this call control profile.

IMPORTANT:

SGSN only: Before using this command, ensure that the appropriate location area code (LAC) information has been defined via the location-area-list command.

Platform:

ASR 5000

Product:

MME, SGSN


Privilege:

Security Administrator, Administrator


Syntax
[ no ] attach
restrict access-type { eps [ emm-cause-code code | imsi-attach-fail [ emm-cause-code code ] | voice-unsupported [ emm-cause-code code  ] ] | gprs | umts } { all | location-area-list
instance list_id }
no

Deletes the specified attach configuration.

access-type type

Defines the type of access to be allowed or restricted.

  • eps
  • gprs
  • umts
all

Instructs the system to apply the command action to all location area lists. Location area lists should already have been created with the location-area-list command. The location area list consists of one or more LACs, location area codes, where the MS is when placing the call.

location-area-list instance list_id

Instructs the SGSN to apply the command action to a specific location area list. Location area lists should already have been created with the location-area-list command. The location area list consists of one or more LACs, location area codes, where the MS is when placing the call.

Using this keyword with either the allow or restrict keywords enables you to configure with more granularity.

list_id: Enter an integer between 1 and 5.

IMPORTANT:

This keyword only applies to the SGSN.


Usage:

Once the IMSI of an incoming call is known and matched with a specific operator policy, according to the filter definition of the mcc command, then the associated call control profile is selected to determine how the incoming call is handled.

By default, all attaches are allowed. If no access limitations are needed, then do not use the attach command.

IMPORTANT:

Before using this command, ensure that the appropriate LAC information has been defined with the location-area-list command.

Use this command to restrict attaches for the call control profile.

Use this command to fine-tune the attach configuration specifying which calls/subscribers can attach and which calls are restricted from attaching and what failure code is included in the Reject message.

Attachment restrictions can be based on any one or combination of the options, such as location area code or access type. It is even possible to restrict all attaches.

The command can be repeated using different keyword values to further fine-tune the attachment configuration.

Related Commands

  • Use the attach access-type command to define the type of access to restrict or allow.
  • Use the attach allow command to re-enable restrictions after an attach restrict command has been used.

Example:
For calls under the purview of this call control profile, the following command restricts the attaches of all subscribers using the GPRS access type.
attach restrict access-type
gprs all
To change the attach restriction to only restrict attaches of GPRS subscribers from specified LACs included in location area list #2 and include failure-code 45 as the reject cause. This configuration requires two CLI commands:
attach restrict access-type
gprs location-area-list instance 2
attach access-type
gprs location-area-list instance 2 failure-code 45
In the case of a dual-access SGSN, it is possible to also add a second definition to restrict attaches of UMTS subscribers within the LACs included in location area list #3.
attach restrict access-type
UMTS location-area-list instance 3 
Change the configuration to allow attaches for GPRS access for all previously restricted LACs - note that GPRS attaches would still be limited:
no attach restrict
access-type gprs all
Restrict (deny) all GPRS attach requests (coming from any location area) and assign a single failure code for the reject messages. This is a two command process:
attach restrict access-type
gprs all
attach access-type grps
all failure-code 22
authenticate activate

Allows the operator to define authentication procedures in response to a received Activate Request.

Platform:

ASR 5000

Product:

SGSN


Privilege:

Security Administrator, Administrator


Syntax
authenticate activate [ access-type { gprs | umts } | first | frequency frequency  | primary ] [ access-type { gprs | umts } ][ no | remove ] authenticate
activate [ access-type { gprs | umts } | first | primary ] [ access-type { gprs | umts } ] ]
no

Disables the specified activate authentication configuration in the call control profile.

remove

Removes the specified activate authentication configuration from the call control profile configuration file.

access-type type

One of the following must be selected to identify the type of network access if the access-type keyword is included in the command:

  • gprs
  • umts

The access-type keyword can be included with any of the other three keywords available with the authenticate activate command.

first

Including this keyword enables authentication only for the first Activate Request for an MS/UE.

frequency frequency

This keyword defines 1-in-N selective authentication for Activate Request events. If the frequency is set for 12, then the SGSN skips authentication for the first 11 events and authenticates on the twelfth event.

frequency must be an integer from 1 to 16.

primary

Including this keyword enables authentication for every primary PDP context Activate Request.


Usage:

Activate Requests are not authenticated by default. Use this command to enable authentication of Activate Requests.

Repeat the commands as needed to configure desired authentication responses to Activate Request messages for this call control profile.


Example:
Configure Request Activate authentication for every primary PDP context for MS with GPRS access:
authenticate activate
primary access-type gprs
authenticate all-events

Allows the operator to quickly define authentication procedures, based on limited parameters, for all types of events.

Platform:

ASR 5000

Product:

MME, SGSN


Privilege:

Security Administrator, Administrator


Syntax
authenticate all-events [ access-type { gprs | umts } | frequency frequency [ access-type { gprs | umts } ] ][ no | remove ] authenticate
all-events [ access-type { gprs | umts } ]
no

Disables the specified authentication configuration in the call control profile.

remove

Removes the specified authentication configuration from the call control profile configuration file.

access-type type

One of the following must be selected to identify the type of network access if the access-type keyword is included in the command:

  • gprs
  • umts

The access-type keyword can be included with any of the other three keywords available with the authenticate all-events command.

frequency frequency

This keyword defines 1-in-N selective authentication for all types of subscriber events. If the frequency is set for 12, then the service skips authentication for the first 11 events and authenticates on the 12th event.

frequency must be an integer from 1 to 16.


Usage:

By default, authentication is not performed for any subscriber events. Use this command to enable authentication for all types of events at one time, such as but not limited to: Activate Requests, Attach Requests, Detach Requests, Service-Requests.


Example:
The following command configures all authentication for all subscriber events to occur every tenth time a specific type of event occurs (for example every tenth time an Attach Request is received):
authenticate all-events
frequency 10
The following command configures authentication for all Detach Requests and RAUs to occur if the UE access-type is UMTS:
authenticate all-events
access-type umts
authenticate attach

Allows the operator to define authentication for Attach procedures.

Platform:

ASR 5000

Product:

MME, SGSN


Privilege:

Security Administrator, Administrator


Syntax
authenticate attach
access-type { gprs | umts }authenticate attach
attach-type { combined | gprs-only } [ access-type { gprs | umts } | frequency frequency ] authenticate attach
frequency  frequency [ access-type { gprs | umts } ]authenticate attach
inter-rat [ access-type { gprs | umts } | attach-type { combined | gprs-only } [ access-type { gprs | umts } | frequency frequency ] | frequency  frequency [ access-type { gprs | umts } ][ no | remove ] authenticate
attach [ access-type { gprs | umts } | attach-type { combined | gprs-only } | inter-rat | attach-type { combined | gprs-only } ] [ access-type { gprs | umts } ]  ]
no

Disables the defined authentication procedures configured for Attach Requests from the call control profile.

remove

Deletes the defined authentication procedures for Attach Requests from the call control profile configuration file.

access-type type

One of the following must be selected to identify the type of network access if the access-type keyword is included in the command:

  • gprs
  • umts
attach-type

This keyword configures the Attach authentication based on the type of attach requested. The attach-type must be one of the following options:

  • combined: Authenticates combined GPRS/IMSI Attaches.
  • gprs-only: Authenticates GRPS Attaches only.
frequency frequency

This keyword defines 1-in-N selective authentication for this type of subscriber event - Attach Request. If the frequency is set for 12, then the service skips authentication for the first 11 events and authenticates on the twelfth event.

frequency must be an integer from 1 to 16.

inter-rat

Enables/disables authentication for Inter-RAT Attaches.


Usage:

Authentication for Attach is disabled by default. This command enables/disables authentication for an Attach with a local P-TMSI or Attaches with an IMSI, which will be authenticated to acquire the CK (cipher key) and the IK (integrity key).


Example:
The following command configures authentication to occur after every tenth attach event for GPRS access.
authenticate attach
frequency 10 access-type gprs
The following command disables authentication for Inter-RAT Attaches, use:
no authenticate attach
inter-rat
authenticate detach

Allows the operator to enable and define authentication for Detach procedures.

Platform:

ASR 5000

Product:

SGSN


Privilege:

Security Administrator, Administrator


Syntax
authenticate detach [ access-type
umts ] [ no | remove ] authenticate
detach [ access-type umts ] 
no

Disables the defined authentication procedures configured for Detach Requests from the call control profile.

remove

Deletes the defined authentication procedures for Detach Requests from the call control profile configuration file.


Usage:

Authentication for Detach procedures is disabled by default. This command enables/disables authentication for a Detach Request and allows the operator to limit authentication based on the MS/UE access-type.


Example:
The following command configures detach authentication to occur only for UMTS attached subscribers:
authenticate detach
access-type umts
The following command disables authentication for all Detach Requests, use:
no authenticate detach
authenticate on-first-vector

Allows the operator to enable the SGSN to begin MS authentication immediately after receiving the first vector from the HLR.

Platform:

ASR 5000

Product:

SGSN


Privilege:

Security Administrator, Administrator


Syntax
authenticate on-first-vectorremove authenticate
on-first-vector
remove

Removes the authenticate on-first-vector definition from the configuration file and resets the default behavior so that the SGSN waits to receive all vectors before beginning authentication towards the MS.


Usage:

After an initial attach request, some end devices restart themselves after waiting for the PDP to be established. In such cases, the SGSN restarts and a large number of end devices repeat their attempts to attach. The attach requests flood the radio network, and if the devices timeout before the PDP is established then they continue to retry, thus even more traffic is generated.

To avoid the high traffic levels during PDP establishment, the SGSN has been modified to reduce the attach time, as much as possible, so that the devices can attach and discontinue sending requests. The current enhancement is intended to reduce the time needed to retrieve vectors over the GR interface by allowing the operator to configure the SGSN to start authentication towards the MS as soon as it receives the first vector from the AuC/HLR. With the new command included in the configuration, the SGSN begins the MS authentication process immediately after receiving the first vector from the HLR while the SAI continues in parallel.


Example:
Use the following command to configure the SGSN to begin MS authentication immediately after receiving the first vector from the AuC/HLR:
authenticate on-first-vector
Use the following command to reset the default behavior, so that the SGSN waits to receive all vectors requested in the SAI from the AuC/HLR before begining authentication towards the MS:
remove authenticate
on-first-vector
authenticate rau

Enables or disables and fine tunes authentication procedures for routing area updates (RAUs)

Platform:

ASR 5000

Product:

SGSN


Privilege:

Security Administrator, Administrator


Syntax
authenticate rau [ access-type { gprs | umts } | frequency
 frequency [ access { gprs | umts } ] | periodicity duration [ access { gprs | umts } ] | update-type { combined-update | imsi-combined-update | periodic | ra-update } [ access-type { gprs | umts } | frequency frequency | periodicity duration | with { foreign-ptmsi | inter-rat-local-ptmsi | local-ptmsi } [ access-type { gprs | umts } | frequency
 frequency | periodicity duration ]  no authenticate rau [ access-type { grps | umts } | update-type { combined-update | imsi-combined-update | periodic | ra-update } [ access-type { gprs | umts } | with { foreign-ptmsi | inter-rat-local-ptmsi | local-ptmsi } [ access-type { gprs | umts } ] remove authenticate
rau [ access-type { gprs | umts } | periodicity [ access { gprs | umts } ] | update-type { combined-update | imsi-combined-update | periodic | ra-update } [ access-type { gprs | umts }  | periodicity
 | with { foreign-ptmsi | inter-rat-local-ptmsi | local-ptmsi } [ access-type { gprs | umts } | periodicity ] ]  
no

Disables authentication for the RAUs specified in the configuration for the call control profile.

remove

Deletes the authentication configuration for the RAUs from the call control profile in the configuration file.

access-type type

One of the following must be selected to identify the type of network access if the access-type keyword is included in the command:

  • gprs
  • umts

The access-type keyword can be included with any of the other keywords available with the authenticate rau command.

frequency frequency

Defines 1-in-N selective authentication for RAU events. If the frequency is set for 12, then the SGSN skips authentication for the first 11 events and authenticates on the twelfth event.

frequency must be an integer from 1 to 16.

periodicity duration

Defines the length of time (number of minutes) that authentication can be skipped.

duration: Must be an integer from 1 to 10800.

update-type

Defines the type of RAU Request. Select one of the following:

  • combined-update [ access-type | with inter-rat-local-ptmsi ]
  • imsi-combined-update [ access-type | with inter-rat-local-ptmsi ]
  • periodic [ access-type | frequency | periodicity ]
  • ra-update [ access-type | with inter-rat-local-ptmsi ]

Usage:

By default, authentication is not performed for routing area updates (RAUs). Use this command to enable/disable authentication and to fine tune the authentication procedure based on frequency, periods for skipping authentication and the various types of routing area updates.


Example:
The following command configures RAU authentication to occur after every tenth event for GPRS access.
authenticate rau frequency
10 access-type gprs
The following command disables authentication for RAUs based on the combined IMSI with foreign P-TMSIs, use:
no authenticate rau
imsi-combined-update with foreign-ptmsi
The following command deletes all authentication configuration from the call control profile for all RAUs using GPRS access-type:
remove authenticate
rau access-type gprs
authenticate service-request

Enables or disables and fine-tunes authentication procedures for Service Requests.

Platform:

ASR 5000

Product:

MME, SGSN


Privilege:

Security Administrator, Administrator


Syntax
authenticate service-request [ frequency frequency | periodicity duration | service-type { data | page-response | signaling } [ frequency frequency | periodicity  duration ] ]no authenticate service-request [ service-type { data | page-response | signaling } ] remove authenticate
service-request [ periodicity  | service-type { data | page-response | signaling } [ periodicity ] ]
no

Disables authentication for the Service Requests specified in the configuration for the call control profile.

remove

Deletes the authentication configuration for Service Requests from the call control profile in the configuration file.

frequency frequency

Defines 1-in-N selective authentication for this type of subscriber event - Service Request. If the frequency is set for 12, then the service skips authentication for the first 11 events and authenticates on the twelfth event.

frequency must be an integer from 1 to 16.

periodicity duration

Defines the length of time (number of minutes) that authentication can be skipped.

duration: Must be an integer from 1 to 10800.

signaling-type

Defines the type of service being requested by the Service Request. Select one of the following:

  • data
  • page-response
  • signaling

Usage:

By default, authentication is not performed for Service Requests. Use this command to enable/disable authentication and to fine-tune the authentication procedure based on frequency and periods for skipping authentication and the various types of service. Repeat the commands as needed to configure criteria for all service types.


Example:
The following command configures authentication Service Requests for data service to only occur every 5 minutes:
authenticate service-request
service-type data periodicity 5
authenticate sms

Enables or disables and fine tunes authentication procedures for Short Message Service (SMS).

Platform:

ASR 5000

Product:

SGSN


Privilege:

Security Administrator, Administrator


Syntax
authenticate sms [ access-type { gprs | umts } | frequency frequency [ access-type { gprs
 umts } ] | sms-type { mo-sms | mt-sms } [ access-type { gprs | umts } |  frequency frequency ] ][ no | remove ] 
authenticate sms [ access-type { gprs | umts } | sms-type { mo-sms | mt-sms } [ access-type { gprs
 umts } ] ]
no

Disables authentication for the SMS Requests specified in the configuration for the call control profile.

remove

Deletes the authentication configuration for SMS Requests from the call control profile in the configuration file.

access-type type

One of the following must be selected to identify the type of network access if the access-type keyword is included in the command:

  • gprs
  • umts

The access-type keyword can be included with any of the other keywords available with the authenticate sms command.

frequency frequency

Defines 1-in-N selective authentication for SMS Requests. If the frequency is set for 12, then the SGSN skips authentication for the first 11 events and authenticates on the twelfth event.

frequency must be an integer from 1 to 16.

sms-type

Enables authentication for the following SMS types:

  • mo-sms: mobile-originated SMS
  • mt-sms: mobile-terminated SMS

Usage:

By default, authentication is not performed for short message service (SMS). Use this command to enable/disable authentication and to fine-tune the authentication procedure based on MS/UE access type and the frequency for the selected SMS type. Repeat the commands as needed to configure criteria for all service types.


Example:
The following command configures MO-SMS authentication to occur every fifth request:
authenticate sms sms-type
mo-sms frequency 5
authenticate tau

Allows the operator to enable/disable and fine-tune authentication for the tracking area update (TAU) procedures.

Platform:

ASR 5000

Product:

MME


Privilege:

Security Administrator, Administrator


Syntax
authenticate tau [ freqency frequency | inter-rat | periodicity interval ] no authenticate tau
inter-rat
no

Disables the TAU authentication procedures specified in the call control profile configuration.

frequency frequency

Defines 1-in-N selective authentication for this type of subscriber event - a tracking area update for an inter-RAT Attach. If the frequency is set for 12, the MME skips authentication for the first 11 events and authenticates on the twelfth event.

frequency must be an integer from 1 to 16.

inter-rat

Enables authentication for TAU procedures for inter-RAT Attaches.

periodicity duration

Defines the length of time (number of minutes) that authentication can be skipped.

duration: Must be an integer from 1 to 10800.


Usage:

Authentication for TAU procedures is disabled by default. This command enables/disables authentication for a inter-RAT TAU procedures and allows the operator to limit authentication based on the frequency of the events or elapsed intervals between the events.


Example:
The following command configures TAU authentication to occur when there is 15 minutes between inter-RAT Attaches:
authenticate tau periodicity 15
The following command disables authentication for all TAU Inter-RAT Attaches, use:
no authenticate tau
cc

Defines the charging characteristics to be applied for CDR generation when the handling rules are applied via the Operator Policy feature.

Platform:

ASR 5000

Product:

, S-GW, SGSN


Privilege:

Security Administrator, Administrator


Syntax
cc { behavior-bit
no-records bit_value | local-value
behavior bit_value profile index_bit | prefer { hlr-hss-value | local-value } }no cc behavior-bit no-recordsremove cc { behavior-bit
no-records | local-value | prefer }
no

Disables the no records generation behavior-bit configuration for this call control profile.

remove

Removes the specified charging characteristic configuration from this profile.

behavior-bit no-records bit_value

Default: disabled

Specifies the charging characteristic behavior bit. no-records instructs the system not to generate any accounting records regardless of what may be configured elsewhere.

bit_value is an integer from 1 through 12.

local-value behavior bit_value profile index_bit

Defaults: bit_value = 0x0, index_bit = 8

Sets the local value of the behavior bits and profile index for the charging characteristics when the HLR/HSS does not provide values for these parameters.

bit_value is a hexadecimal value between 0x0 and 0xFFF.

index_bit is an integer value from 1 through 15.

Setting the profile index bis selects different charging trigger profiles to be used with the call control profile. Some of the index values are predefined according to 3GPP standard:

  • 1 for hot billing
  • 2 for flat billing
  • 4 for prepaid billing
  • 8 for normal billing

If the HLR/HSS provides the charging characteristics with behavior bits and profile index and the operator prefers to ignore the HLR/HSS values, then also configure the prefer local-value keyword.

prefer { hlr-hss-value | local-value }

Default: hlr-hss-value

Specifies a preference for using charging characteristics settings received from HLR or HSS, or those set by the SGSN or MME locally with the local-value behavior command.

  • hlr-hss-value sets the call control profile to use charging characteristics settings received from HLR or HSS. This is the default preference.
  • local-value sets the call control profile to use charging characteristics settings from the SGSN or MME only. If no charging characteristics are received from the HLR/HSS then local values will be applied.

Usage:

Use this command to set the behavior for charging characteristic comings from either an HLR/HSS or locally from an MME/SGSN.

These charging characteristics parameters can also be set within an APN profile with the commands of the APN Profile configuration mode. For generation of M-CDRs, the parameters configured in this mode, Call Control Profile configuration mode, will prevail but for generation of S-CDRs the parameters configured in the APN Profile configuration mode will prevail.

The 12 behavior bits (of the local-value behavior keyword) can be used to enable or disable CDR generation.


Example:
The following command specifies a rule not to generate charging records (CDRs) and sets the charging characteristics behavior bit to 2:
cc behavior-bit no-records 2
check-zone-code

Enables or disables the zone code checking mechanism.

Platform:

ASR 5000

Product:

SGSN


Privilege:

Security Administrator, Administrator


Syntax
[ no | remove ] check-zone-code 
no

Included with the command, this keyword disables the mechanism.

remove

Included with the command, this keyword causes the removal of the current check-zone-code configuration and returns to the SGSN to the default where zone-code checking is enabled.


Usage:

Use this command to enable/disable the zone-code checking function.


Example:
Disable checking of the zone code:
no check-zone-code
ciphering-algorithm-gprs

Defines the order of preference of the ciphering algorithms.

Platform:

ASR 5000

Product:

SGSN


Privilege:

Security Administrator, Administrator


Syntax
ciphering-algorithm-gprs
priority priority
algorithmremove ciphering-algorithm-gprs
priority priority 
remove

Delete the priority definition.

priority priority

Sets the order in which the algorithm will be selected for use.

priority is an integer from 1 to 8.

algorithm

Identifies the ciphering algorithm to be used.

algorithm is one of the following: gea0, gea1, gea2, gea3.


Usage:

Define the order in which the ciphering algorithms are chosen for use. The command can be repeated to provide multiple definitions -- multiple priorities.


Example:
Define gea1 as the third priority algorithm:
ciphering-algorithm-gprs
priority 3 gea1
csfb

Configures circuit-switched fallback options. CSFB is the mechanism to move a subscriber from LTE to a legacy technology to obtain circuit switched voice or short message.

Platform:

ASR 5000

Product:

MME


Privilege:

Administrator


Syntax
csfb { policy { not-allowed | not-preferred | sms-only } | sms-only }remove csfb { policy | sms-only }
remove csfb { policy | sms-only }

sms-only: Removes the SMS-only restriction allowing the UE to request voice and short message service (SMS) support for circuit-switched fallback (CSFB).

policy: Removes the configured policy

policy { not-allowed | not-preferred | sms-only }

not-allowed: Specifies that the CSFB function is not allowed for both voice and SMS.

not-preferred: Specifies that the MME returns a “not-preferred” response for CSFB services. The MME does not enforce this and a voice centric is allowed to make CSFB calls on a not-preferred case if it chooses to do so.

sms-only: Specifies that the CSFB function only supports SMS.

sms-only

Specifies that the circuit-switched fallback function only supports SMS.

IMPORTANT:

This is a legacy keyword that remains to support earlier versions of the code. It operates identically to the policy sms-only keyword.


Usage:

Use this command to restrict the circuit-switched fallback function to SMS only or no support for either voice or SMS.


Example:
The following command enforces the SMS-only functionality for UEs requesting circuit-switched fallback:
csfb policy sms-only
description

Allows you to enter a relevant descriptive string.

Platform:

ASR 5000

Product:

MME, S-GW, SGSN


Privilege:

Security Administrator, Administrator


Syntax
description descriptionno description
description

Enter an alphanumeric string of 1 to 100 characters. The string may include spaces, punctuation, and case-sensitive letters if the string is enclosed in double quotation marks ( “ ).

no

Removes the description from the call control profile.


Usage:

Define information that identifies this particularly call control profile.


Example:
description “call-control-profile
handling incoming from CallTell”
direct-tunnel

Allows direct tunneling if direct tunneling is supported by the destination node.

Platform:

ASR 5000

Product:

SGSN


Privilege:

Security Administrator, Administrator


Syntax
direct-tunnel attempt-when-permittedremove direct-tunnel
remove

Removes the configured setting from the call control profile.

attempt-when-permitted

Enables direct tunneling if the destination node allows it. Default: disabled.


Usage:

Use this command to enable the Direct-Tunnel feature.

To ensure that direct tunnel is fully configured for support by the SGSN, check the settings for direct-tunnel in
  • the APN profile -- from the Exec mode, use command: show apn-profile <profile_name> all
  • the RNC (radio network controller) configuration -- from the Exec mode, use command: iups-service <service_name> all

IMPORTANT:

Direct tunneling must be enabled at both of these two points to allow direct tunneling for the MS/UE.


Example:
The following command sets the configuration to instruct the SGSN to attempt to setup a direct tunnel if permitted at the destination node:
direct-tunnel attempt-when-permitted
dns-ggsn

Defines the context to be used to do DNS lookup for GGSNs.

Platform:

ASR 5000

Product:

SGSN


Privilege:

Security Administrator, Administrator


Syntax
dns-ggsn context ctxt_nameno dns-ggsn context ctxt_name
no

Removes the dns-ggsn configuration from this call control profile.

context ctxt_name

Specifies the context to be used to do DNS lookup for GGSNs as an alphanumeric string of 1 through 64 characters.


Usage:

Use this command to define the context to be used to do DNS lookup to find the GGSN address.


Example:
dns-ggsn context sgsn1
dns-sgsn

Identifies the context to be used to do DNS to find an SGSN address.

Platform:

ASR 5000

Product:

SGSN


Privilege:

Security Administrator, Administrator


Syntax
[ no ] dns-sgsn
context ctxt_name
no

Removes the dns-sgsn configuration from this call control profile.

context ctxt_name

Specifies the context to be used to do DNS to find an SGSN address as an alphanumeric string of 1 through 64 characters.


Usage:

Use this command to configure the context ID for the SGSN address that will be used to do the DNS lookup.


Example:
Configure context sgsn1 for DNS lookup:
dns-sgsn context sgsn1
dns-pgw

Defines the context to be used to do DNS lookup for P-GWs.

Platform:

ASR 5000

Product:

MME


Privilege:

Security Administrator, Administrator


Syntax
[ remove ] dns-pgw
context ctxt_name
remove

Deletes this definition from the call control profile.

context ctxt_name

Specifies the context to be used to do DNS lookup for P-GWs as an alphanumeric string of 1 through 64 characters.


Usage:

Use this command to configure the context ID for the DNS lookup.


Example:
dns-pgw context pgw1
dns-sgw

Defines the context to be used to do DNS lookup for S-GWs.

Platform:

ASR 5000

Product:

MME


Privilege:

Security Administrator, Administrator


Syntax
[ remove ] dns-sgw
context ctxt_name
remove

Deletes this definition from the call control profile.

context ctxt_name

Specifies the context to be used to do DNS lookup for S-GWs as an alphanumeric string of 1 through 64 characters.


Usage:

Use this command to configure the context ID for the DNS lookup.


Example:
dns-sgw context sgw1
encryption-algorithm-lte

Defines the priorities for using the encryption algorithms.

Platform:

ASR 5000

Product:

MME


Privilege:

Administrator


Syntax
encryption-algorithm-lte
priority1 128-eea { 0 | 1 | 2 } 
priority2 128-eea { 0 | 1 | 2 } priority3
128-eea { 0 | 1 | 2 }remove encryption-algorithm-lte
remove

Deletes the priorities definition from the call control profile configuration.

priority1 128-eea { 0 | 1 | 2 }

Enter 0, 1, or 2 at the end of 128-eea to define the algorithm being given first priority.

priority2 128-eea { 0 | 1 | 2 }

Enter 0, 1, or 2 at the end of 128-eea to define the algorithm being given second priority.

priority3 128-eea { 0 | 1 | 2 }

Enter 0, 1, or 2 at the end of 128-eea to define the algorithm being given third priority.


Usage:

Set the order or priority in which the MME will select a 128-EEA algorithm for use. All three priorities must be set or the definition is invalid. The command can be re-entered to change the priorities without removing the configuration.


Example:
Configure 128-EEA2 as first priority encryption algorithm:
encryption-algorithm-lte
priority1 128-eea 2 priority2 128-eea 0 priority3 128-eea 1
encryption-algorithm-umts

Defines the priorities for using the encryption algorithms.

Platform:

ASR 5000

Product:

SGSN


Privilege:

Security Administrator, Administrator


Syntax
encryption-algorithm-umts {  uea0 | uea1 | uea2 } [ then-uea# | then-uea# ]  no encryption-algorithm-lte
no

Deletes the priorities definition from the call control profile configuration.

{ uea0 | uea1 | uea2 }

Enter one of the three options to define the first priority algorithm.

[ then-uea# | then-uea# ]

If a second algorithm is to be included as an option, give it second priority. Enter 0, 1, or 2 at the end of then-uea to define the algorithm being given second priority.

then-uea#

If a third algorithm is to be included as an option, give it third priority. Enter 0, 1, or 2 at the end of then-uea to define the algorithm being given third priority.


Usage:

Set the order or priority in which the SGSN will select a UEA algorithm for use. It is not necessary to define priorities for all three priority levels. The command can be re-entered to change the priorities without removing the configuration.


Example:
Configure algorithm UEA2 as the first priority encryption algorithm with no others to be considered:
encryption-algorithm-umts uea2
end

Exits the current configuration mode and returns to the Exec mode.

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
end

Usage:

Use this command to return to the Exec mode.

equivalent-plmn

Configures the definition for an equivalent public land mobile network identifier (PLMN ID) and the preferred radio access technology (RAT). This is a of PLMNs which should be considered by the mobile as equivalent to the visited PLMN for cell reselection and network selection. When configured, the equivalent PLMN list will be sent to the UE in NAS ATTACH ACCEPT / TAU ACCEPT messages (up to 15 PLMNs in each message).

Platform:

ASR 5000

Product:

MME, SGSN


Privilege:

Security Administrator, Administrator


Syntax
equivalent-plmn radio-access-technology { 2G | 3g | 4g | any } plmnid
mcc mcc_number mnc mnc_number priority priorityno equivalent-plmn
radio-access-technology { 2G | 3g | any } plmnid
mccmcc_number mnc mnc_number
no

Removes the equivalent-PLMN configuration from this call control profile.

radio-access-technology { 2G | 3g | 4g | any }

Identify the RAT type of the equivalent PLMN:

  • 2G: 2nd generation
  • 3G: 3rd generation
  • 4G: 4th generation
  • any: Any RAT
plmnid mcc mcc_number mnc mnc_number
  • mcc: Specifies the mobile country code (MCC) portion of the PLMN ID. The number can be any integer between 100 and 999.
  • mnc: Specifies the mobile network code (MNC) portion of the PLMN ID. The number can be any 2- or 3-digit integer between 00 and 999.
priority priority

Enter an integer between 1 and 15 with the highest priority assigned to the integer of the lowest numeric value.


Usage:

Use the command to identify an ‘equivalent PLMN’ and assign it a priority to define the preferred equivalent PLMN to be used. This command can be entered multiple times to set priorities of usage.


Example:
The following command sets up a secondary equivalent PLMN definition that allows for any RAT with a PLMN ID of MCC121.MNC767:
equivalent-plmn radio_access_technology
any plmnid mcc 121 mnc 767 priority 2
exit

Exits the current mode and returns to the parent configuration mode.

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
exit

Usage:

Use this command to return to the parent configuration mode.

gmm information-in-messages

Provides the configuration to include the information in messages for the GPRS mobility management (GMM) parameters.

Platform:

ASR 5000

Product:

SGSN


Privilege:

Security Administrator, Administrator


Syntax
gmm information-in-messages
access-type { { gprs | umts } [ network-name { full-text name | short-text
 name } | [ send-after { attach | rau } ] }[ default | no ] gmm { information-in-messages
access-type  { gprs | umts }
no

Disables the GMM configuration from this call control profile.

default

Sets up a GMM configuration with system default values.

access-type

Must select one of the following options:

  • gprs - General Packet Radio Service network
  • umts - Universal Mobile Telecommunications System network

After selecting the access-type, an additional parameter can be configured:

  • network-name: identifies the network name in either short text or full text.
  • send-after: configures the information in message to send after attachment or Routing Area Update (RAU).
network-name { full-text name | short-text name }

This keyword provides the option to add the network name to the message. The network name will in full text or short text. Possible options are:

  • full-text name: Indicate the network name in full text
  • short-text name: Indicate the network name in short text
send-after{ attach | rau }

This keyword configures the information in message to send after attachment or RAU message. Possible options are:

  • attach: Information sent after attachment
  • rau: Information sent after routing area update

Usage:

Use this command to configure identifying information about the network that will be included in GMM messages.


Example:
Set default settings for calls coming from 2.5G networks:
default gmm information-in-messages
access-type gprs
gmm retrieve-equipment-identity

Configures the International Mobile Equipment Identity (IMEI) or software version (SV) retrieval and validation procedure.

Platform:

ASR 5000

Product:

SGSN


Privilege:

Security Administrator, Administrator


Syntax
gmm retrieve-equipment-identity { imei | imeisv [ unciphered ] [ then-imei ] } [ verify-equipment-identity [ deny-greylisted ] ][ no | default ] gmm
retrieve-equipment-identity
no

Disables the equipment identity retrieval procedure configured for this call control profile.

default

Sets the default action for equipment identity retrieval (EIR) procedure:

  • retrieve-equipment-identity: Default action is disabled - no retrieval of IMEI/IMEI-SV
  • verify-equipment-identity: Default action is disabled - no verification with Equipment Identity Register (EIR)
equipment-identity-type

Default: disabled

Indicates the type of equipment identification, with the possible values:

  • imei: International Mobile Equipment Identity
  • imeisv: International Mobile Equipment Identity - Software Version
imei

Indicates the equipment identity retrieval type to International Mobile Equipment Identity (IMEI). IMEI is a unique 15-digit number consisting of a TAC (Technical Approval Code), a FAC (Final Assembly Code), an SNR (Serial Number), and a check digit.

imeisv [ unciphered ] [ then-imei ]

Indicates the equipment identity retrieval type to IMEI with software version (SV). IMEI with SV is a unique 16-digit number consisting of a TAC (Technical Approval Code), a FAC (Final Assembly Code), an SNR (Serial Number), and a 2-digit software version number.

  • unciphered: This optional keyword enables the unciphered retrieval of IMEI-SV. If this option is enabled the retrieval procedure will get IMEISV (if auth is still pending, get as part of Authentication and Ciphering Response otherwise, via explicit Identification Request after Security Mode Complete).
  • then-imei: This optional keyword enables the retrieval of software version number before the IMEI. If this option is enabled the equipment identity retrieval procedure will get IMEISV on secured link (after Security mode procedure via explicit GMM Identification Request), and if MS is not having IMEISV (responded with NO Identity), SGSN will try to get IMEI.

If no other keyword is provided, imeisv will get IMEISV on a secured link (after a Security mode procedure via explicit GMM Identification Request).

verify-equipment-identity [ deny-greylisted ]

Default: disabled

This keyword enables the equipment identity validation and validates the equipment identity against the EIR.

  • deny-greylisted: This keyword fine-tunes the configuration and enables the restriction to the user having mobile equipment with an IMEI in the EIR grey list.

Usage:

Use this command to enable and configure the procedures for mobile equipment identity retrieval and validation from the EIR identified in the MAP Service Configuration mode.


Example:
The following command enables the SGSN to send “check IMEI” messages to the EIR:
gmm retrieve-equipment-identity
imei verify-equipment-identity
gs-service

Associates the context of a Gs service interface with this call control profile.

Platform:

ASR 5000

Product:

SGSN


Privilege:

Security Administrator, Administrator


Syntax
gs-service gs_srvc_name context ctx_nameno gs-service svc_name
no

Removes/disassociates the named Gs service from the call control profile.

gs-service gs_srvc_name

Specifies the name of a specific Gs service for which to display information. gs_srvc_name is the name of a configured Gs service expressed as an alphanumeric string of 1 through 63 characters that is case sensitive.

context ctx_name

Specifies the specific context name where Gs service is configured. If this keyword is omitted, the named Gs service must exist in the same context as the GPRS/SGSN service.

ctx_name is name of the configured context of Gs service expressed as an alphanumeric string from 1 through 63 characters that is case sensitive.


Usage:

Use this command to associate a specific Gs service interface with this GPRS service instance.

IMPORTANT:

A Gs service can be used with multiple SGSN and/or GPRS service.


Example:
The following command associates a Gs service instance named stargs1, which is configured in context named star_ctx, with a call control profile:
gs-service stargs1
context star_ctx
gtp send

Configures which information elements (IE) the SGSN sends in GTP messages. These are required by the GGSN.

Platform:

ASR 5000

Product:

SGSN


Privilege:

Security Administrator, Administrator


Syntax
gtp send { imeisv [ derive-imeisv-from-imei ] | ms-timezone | rai [use-local-plmn [network-sharing {use-selected-plmn | use-ue-plmn | use-common-plmn }]]| rat | uli [use-local-plmn [network-sharing {use-selected-plmn | use-ue-plmn | use-common-plmn }]]}remove gtp send { imeisv | ms-timezone | rai | rat | uli }no gtp send
remove

Removes the specified GTP send definition from the system configuration.

no

Disables the specified GTP send configuration.

imeisv

Instructs the SGSN to include the IMEISV (International Mobile Equipment Identity with Software Version) of the mobile when sending GTP messages of the type Create PDP Context Request.

derive-imeisv-from-imei

This is a filter for the imeisv keyword. It allows the operator to configure the SGSN to send IMEI to the GGSN as IMEI-SV.

This filter instructs the SGSN to add four 1s (1111) to the final semi-octet of the CPCQ (Create PDP Context Request) message which enables the SGSN to deduce the IMEI-SV value from the IMEI. If this filter is used, then IMEI is also sent as IMEI-SV when the gmm retrieve-equipment-identity command is configured.

ms-timezone

Instructs the SGSN to include this IE in GTP messages of the type Create PDP Request and Update PDP Context Request. This IE specifies the offset between universal time and local time, where the MS currently resides, in 15-minute steps.

This IE is sent by default.

rai

Configures the SGSN to include the Routing Area Identity (RAI) of the SGSN in the following situations:

  • 2G new SGSN RAU
  • 3G new SGSN SRNS
  • 2G -> 3G HO (only if PLMN Id has changed)
  • 3G -> 2G HO (only if PLMN Id has changed)
  • multiple IUPS service RAU (only if PLMN Id has changed)
  • multiple GPRS service RAU (only if PLMN Id has changed)
  • 3G new SGSN RAU (change in behavior)
  • 3G primary and secondary PDP activation (change in behavior)
  • 2G primary and secondary PDP activation (change in behavior)
rat

Specifies which radio access technology (RAT) is being used by the MS (GERAN, UTRAN, or GAN). Including this keyword instructs the SGSN to include this IE when sending GTP messages of the type Create PDP Request and Update PDP Context Request.

This IE is sent by default.

uli

Specifies the CGI (MCC, MNC, etc.) and SAI of the MS where it is registered. Including this keyword instructs the SGSN to include the IE when sending GTP messages of the type Create PDP Request and Update PDP Context Request.

This IE is not sent by default.

IMPORTANT:

Currently, the next 5 (five) keywords, used with keywords rai or uli, are only available for Release 12.0.

use-local-plmn

This keyword includes the local PLMN when network is not shared.

network-sharing

This keyword is used to configure network-sharing.

use-selected-plmn

This keyword includes the Selected PLMN when network is shared.

use-ue-plmn

This keyword includes Selected PLMN for supporting UE and Common PLMN for non-supporting UE when network is shared.

use-common-plmn

This keyword includes the Common PLMN when network is shared.


Usage:

Use this command to define a preferred set of information to include when GTP messages are sent. Repeat this command multiple times to enable or disable multiple options. This instruction will be implemented when the specific operator policy and call control profile are applied.

The PLMN value in RAI/ULI can be selected if 3G network-sharing is enabled.


Example:
The following command series instructs the SGSN (1) not to send MS’ timezone IE, and (2) to identify the MS’ radio access technology info in the GTP messages:
no gtp send ms-timezone
gtp send rat

The next set of commands provides examples indicating the usage of keywords to select PLMN values in RAI/ULI.

On executing the following command, ULI is sent and PLMN will be “use-selected-plmn” if network-sharing is enabled. If network-sharing is not enabled, PLMN will be “use-local-plmn”.
gtp send uli
On executing the following command, ULI is sent and PLMN will be “use-selected-plmn” if network-sharing is enabled. If network-sharing is not enabled, PLMN will be “use-local-plmn”.
gtp send uli use-local-plmn
On executing the following command, ULI is sent and PLMN will be “use-selected-plmn” if network-sharing is enabled. If network-sharing is not enabled PLMN will be “use-local-plmn”.
gtp send uli use-local-plmn
network-sharing use-selected-plmn
On executing the following command, ULI is sent and PLMN will be “use-common-plmn” if network-sharing is enabled. If network-sharing is not enabled PLMN will be “use-local-plmn”.
gtp send uli use-local-plmn
network-sharing use-common-plmn
gtpp

Enables secondary GTPP accounting for an S-GW call control profile. By default, secondary GTPP accounting is disabled.

Platform:

ASR 5000

Product:

S-GW


Privilege:

Security Administrator, Administrator


Syntax
gtpp secondary-group group_name [ accounting
context ctx_name ]no gtpp secondary-group
no

Disables secondary GTPP accounting.

secondary-group group_name

Enables secondary GTPP accounting and specifies a GTPP group name.

group_name must be an alphanumeric string of 1 through 63 characters.

accounting context ctx_name

Specifies the specific accounting context to be used for secondary GTPP accounting. If this keyword is omitted, source context will be used for secondary GTPP accounting.

ctx_name must be an alphanumeric string of 1 through 79 characters.


Usage:

Use this command to enable or disable secondary GTPP accounting for an S-GW call control profile.


Example:
The following command enables secondary GTPP accounting for an S-GW call control profile and specifies a GTPP group named gtpp-grp1:
gtpp secondary-group
gtpp-grp1
gtpu fast-path

Enables or disables the network processing unit (NPU) Fast Path support for NPU processing of GTP-U packets of user sessions at the NPU.

Platform:

ASR 5000

Product:

SGSN


Privilege:

Security Administrator, Administrator


Syntax
[ remove ] 
gtpu  fast-path
remove

Removes the NPU fast path functionality configuration from the call control profile.


Usage:

Use this command to enable/disable the NPU processed fast-path feature for processing of GTP-U data packets received from GGSN/RNC. This feature enhances the GTP-U packet processing by adding the ability to fully process and forward the packets through the NPU itself.

IMPORTANT:

When enabled/disabled, fast-path processing will be applicable only to new subscriber who establishes a PDP context after issuing this command (enabling GTP-U fast path). No existing subscriber session will be affected by this command.


Example:
The following command enables the NPU fast path processing for all new subscribers’ session established with this call control profile:
gtpu  fast-path
gw-selection

Configures the parameters controlling the gateway selection process.

Platform:

ASR 5000

Product:

MME


Privilege:

Security Administrator, Administrator


Syntax
[ remove ] gw-selection { co-location  | pgw weight | sgw
weight | topology }
remove gw-selection

Deletes the gw-selection definition from the call control profile.

co-location

Selects “co-location” as the determining factor for gateway selection. Collocation should be configured for both P-GW and S-GW selection for collocation to function. If a collocated PGW/SGW node cannot be found, then topologically closest nodes are chosen next. Host names with both “topon” and “topoff” labels will be considered in collocation.

pgw weight

Selects PDN-Gateway as the determining factor for gateway selection.

sgw weight

Selects Serving Gateway as the determining factor for gateway selection.

topology

Selects topology as the determining factor for gateway selection. Topological selection is done only during initial attach, and not used during S-GW relocation or additional-pdn-connection.


Usage:

Use this command to define the criteria for gateway selection.


Example:
The following command instructs the MME to determine gateway selection on the basis of topology:
gw-selection topology
integrity-algorithm-lte

Specifies the order of preference for using an Integrity Algorithm.

Platform:

ASR 5000

Product:

MME


Privilege:

Administrator


Syntax
integrity-algorithm-lte
priority1 { 128-eia0 |  128-eia1  | 
128-eia2 }  priority2 128-eia { 0 | 1 | 2 } priority3
128-eia { 0 | 1 | 2 }remove integrity-algorithm-lte
remove

Deletes the priorities definition from the call control profile configuration.

priority1 128-eia { 0 | 1 | 2 }

Enter 0, 1, or 2 at the end of 128-eia to define the algorithm being given first priority.

priority2 128-eia { 0 | 1 | 2 }

Enter 0, 1, or 2 at the end of 128-eia to define the algorithm being given second priority.

priority3 128-eia { 0 | 1 | 2 }

Enter 0, 1, or 2 at the end of 128-eia to define the algorithm being given third priority.


Usage:

Set the order or priority in which the MME will select an integrity algorithm for use. All three priorities must be set or the definition is invalid. The command can be re-entered to change the priorities without removing the configuration.


Example:
Configure 128-EIA0 as first priority integrity algorithm:
integrity-algorithm-lte
priority1 128-eia 0  priority2 128-eia 2 priority3 128-eia 1
integrity-algorithm-umts

Configures the order of preference for the Integrity Algorithm used for 3G.

Platform:

ASR 5000

Product:

SGSN


Privilege:

Security Administrator, Administrator


Syntax
integrity-algorithm-umts type then_ typedefault integrity-algorithm-umts
default

Specifies the default preference based on system defaults.

type

Creates a configuration defining an order of preference. Enter one or more of the following options in the order of preference:

  • uia1 - uia1 Algorithm
  • uia2 - uia2 Algorithm

Usage:

Use this command to determine which integrity algorithm is preferred 3G. This command is configured in tandem with the algorithm type for encryption-algorithm-umts command.


Example:
default integrity-algorithm-umts
lcs-mo

This command enables/disables mobile-originating Location Requests by access-type when Location Services functionality is enabled.

Platform:

ASR 5000

Product:

SGSN


Privilege:

Security Administrator, Administrator


Syntax
lcs-mo { allow | restrict } access-type { gprs | umts } 
allow

Enables mobile-originating Location Requests. This is the default state when Location Services are enabled.


Usage:

This command ties Location Service functionality to a call-control profile by IMSI so that Location Services can optionally be determined by an operator policy for incoming calls.


Example:
Use the following command to disable or disallow mobile-originating Location Requests within a GPRS network:
lcs-mo restrict access-type GPRS
lcs-mt

This command enables/disables mobile-terminating Location Requests by access-type when Location Services functionality is enabled.

Platform:

ASR 5000

Product:

SGSN


Privilege:

Security Administrator, Administrator


Syntax
lcs-mt { allow | restrict } access-type { gprs | umts } 
allow

Enables mobile-terminating Location Requests. This is the default state when Location Services are enabled.


Usage:

This command ties Location Service functionality to a call-control profile by IMSI so that Location Services can optionally be determined by an operator policy for incoming calls.


Example:
Use the following command to disable or disallow mobile-terminating Location Requests within a UMTS network:
lcs-mt restrict access-type umts
lcs-ni

This command enables/disables network-initiated Location Requests by access-type when Location Services functionality is enabled.

Platform:

ASR 5000

Product:

SGSN


Privilege:

Security Administrator, Administrator


Syntax
lcs-ni { allow | restrict } access-type { gprs | umts } 
allow

Enables network-initiated Location Requests . This is the default state when Location Services are enabled.


Usage:

This command ties Location Service functionality to a call-control profile by IMSI so that Location Services can optionally be determined by an operator policy for incoming calls.


Example:
Use the following command to enable or allow network-initiated Location Requests within a UMTS network if this function has been restricted previously:
lcs-ni allow access-type umts
local-cause-code-mapping map-cause-code

Configures the GMM reject cause code to send to a UE for map cause ‘roaming not allowed’.

Platform:

ASR 5000

Product:

SGSN


Privilege:

Administrator


Syntax
local-cause-code-mapping
map-cause-code roaming-not-allowed gmm-cause-code gmm-cause
remove local-cause-code-mapping
map-cause-code roaming-not-allowed 
remove local-cause-code-mapping map-cause-code roaming-not-allowed

Removes the configured cause code mapping.

roaming-not-allowed gmm-cause-code gmm-cause

Specifies the GPRS mobility management (GMM) cause code to return to a UE when the UE’s access request is rejected due to map cause ‘roaming not allowed’. Cause code options include:

  • gprs-serv-and-non-gprs-serv-not-allowed
  • gprs-serv-not-allowed
  • gprs-serv-not-in-this-plmn
  • location-area-not-allowed
  • network-failure
  • no-suitable-cell-in-this-la
  • plmn-not-allowed
  • roaming-not-allowed-in-this-la

Usage:

This command enables the operator to configure the exact GMM cause code to return to the UE when a UE access request is rejected due to map-cause ‘roaming-not-allowed’.


Example:
The following command maps network-failure as the GMM cause code to be included in a Access Reject sent to the UE when the UE is denied due to map-cause ‘roaming-not-allowed’:
local-cause-code-mapping
map-cause-code roaming-not-allowed gmm-cause-code network-failure
location-area-list

Defines the location area list to allow or restrict services in the specified location areas identified by location area code (LAC).

Platform:

ASR 5000

Product:

SGSN


Privilege:

Security Administrator, Administrator


Syntax
location-area-list
instance instance area-code  area_code [ area_code * ]no location-area-list
instance instance[ area-code area_code ]
no

If the area-code keyword is included in the command, then only the specified area code is removed from the identified list. If the area-code keyword is not included with the command, the entire list of LACs is removed from this call control profile.

instance instance

Specifies an identification for the specific location area list.

instance must be an integer between 1 and 5.

area-code area_code *

This keyword defines the location area codes (LACs) to be used by this call control profile as a determining factor in the handling of incoming calls. Multiple LACs can be defined in a single location-area-list.

area_code: Enter an integer between 1 and 65535.

* If desired, enter multiple LACs separated by a single blank space.


Usage:

Use the command multiple times to configure multiple LAC lists or to modify the a list.


Example:
The following command creates a location area list for a single area code:
location-area-list
instance 1 area-code 514 
This command creates a second location area list for with multiple area codes - all separated by a single blank space:
location-area-list
instance 2 area-code 514 62552 32 1513
The next command corrects an area code mistake (327 not 32) made in the previous configuration:
location-area-list
instance 1 area-code 514 62552 327 1513
map

Configures the optional extensions to Mobile Application Part (MAP) messages.

Platform:

ASR 5000

Product:

SGSN


Privilege:

Security Administrator, Administrator


Syntax
[ remove ] map
message update-gprs-location [ imeisv | private-extension
access-type ]
remove

IMEI-SV is not included in the GLU request -- this is the default behavior.

message update-gprs-location

Includes a GLU message. This keyword-set is required.

imeisv

Specifies the International Mobile equipment Identity-Software Version (IMEI-SV) information to include in the GPRS Location Update (GLU) request message. SGSN will include IMEI-SV in the message, if available. Default: disabled

private-extension access-type

Includes a specific access-type private extension in the message.


Usage:

This command configures optional extensions to MAP messages. The HLR should ignore these extensions if not supported by the HLR.


Example:
map message update-gprs-location
private-extension access-type
map-service

Identifies a Mobile Application Part (MAP) service and the context which contains it and associates both with the call control profile.

Platform:

ASR 5000

Product:

SGSN


Privilege:

Security Administrator, Administrator


Syntax
map-service context ctxt_name service map_srvc_nameno map-service context
no

Disables use of MAP service with this call control profile.

context ctxt_name

Specifies the name of the context for the MAP service as an alphanumeric string of 1 through 64 characters.

service map_srvc_name

Specifies the MAP service name as an alphanumeric string of 1 through 64 characters.


Usage:

Use this command to enable or disable MAP service with this call control profile.


Example:
no map-service context
max-bearers-per-subscriber

Defines the maximum number of bearers allowed per subscriber.

Platform:

ASR 5000

Product:

MME


Privilege:

Security Administrator, Administrator


Syntax
max-bearers-per-subscriber numberremove max-bearers-per-subscriber
remove

Deletes the definition from the call control profile.

number

Identifies the maximum number of bearers allowed per subscriber as an integer from 1 to 11.


Usage:

Use this command to set the maximum number of bearers allowed per subscriber.


Example:
Set the maximum to 3:
max-bearers-per-subscriber 3
max-pdns-per-subscriber

Defines the maximum number of PDNs allowed per subscriber.

Platform:

ASR 5000

Product:

MME


Privilege:

Security Administrator, Administrator


Syntax
max-pdns-per-subscriber numberremove max-pdns-per-subscriber
remove

Deletes the definition from the call control profile.

number

Identifies the maximum number of PDNs allowed per subscriber as an integer from 1 to 11.


Usage:

Use this command to set the maximum number of PDNs allowed per subscriber.


Example:
Set the maximum to 4:
max-pdns-per-subscriber 4
min-unused-auth-vectors

Configures a specific minimum number of unused vectors to be maintained by the SGSN.

Platform:

ASR 5000

Product:

SGSN


Privilege:

Security Administrator, Administrator


Syntax
min-unused-auth-vectors min#_vectorsremove min-unused-auth-vectors 
remove

Removes the definition from the configuration file and restores the default behavior, which does not use the threshold.

min#_vectors

Enables and defines a threshold for the minimum number of unused vectors that the SGSN retains to trigger the initation of a service area identity request (SAI) .

min#_vectors: Enter a digit betwen 1 and 4.


Usage:

Vectors are used by the SGSN for authentication. Use this command to enable a minimum threshold for unused vector for this call control profile. When the unused vector count falls below this configured threshold, then an SAI is initiated to fill the buffer back to 5 or to the most appropriate number based on the MAP service configuration.


Example:
Enter a command similar to the following to set a threshold of 3:
min-unused-auth-vectors 3
Use the following command to disable this function and restore the default behavior, which does not use a threshold to trigger an SAI:
remove min-unused-auth-vectors
network-initiated-pdp-activation

Configures the call control profile to perform two functions: (1) to enable or disable network-requested PDP context activation (NRPCA) for 3G attachments and (2) to define a failure cause code for inclusion in NRPCA-related reject messages.

Platform:

ASR 5000

Product:

SGSN


Privilege:

Security Administrator, Administrator


Syntax
[ remove ] network-initiated-pdp-activation { allow
 primary  | restrict primary } access type { gprs | umts } { all | location-area-list
instance <instance> }network-initiated-pdp-activation
primary access type { gprs | umts } { all | location-area-list
instance <instance>  } failure-codecode
remove

Including this keyword with the command, removes all configured values for the specified configuration.

allow

Allows network-initiated PDP context activation. This keyword must be followed by other parameters to indicate the limitations for allowing the NRPCA.

Allow is the default for NRPCA.

restrict

Restricts network-initiated PDP context activation. This keyword must be followed by other command parameters to indicate the limitations for restricting the NRPCA.

primary

Specifies that only network-initiated primary PDP context activations are to be allowed.

secondary

IMPORTANT:

The secondary keyword is visible and can be selected, however, secondary NRPCA functionality is in development and currently this keyword is not supported for configuration.

all

Configures the SGSN to allow or to restrict NRPCA for calls within all location areas.

location-area-list instance instance

Selects a pre-defined list of location area codes (LACs) and allows/restricts the NRPCA procedure for calls within the listed area codes.

instance: Enter a list ID; an integer between 1 and 5.

IMPORTANT:

Before using this keyword, ensure that the appropriate LAC information has been defined with the location-area-list command, also in this configuration mode.

failure-codes code

Enter an integer from 192 to 226 to identify the GTPP failure cause code (from 3GPP TS29.060, list below) to be included in the reject messages when NRPCA is restricted. If a failure cause code is not defined, the default value is 200 (service not supported).

  • 192 - Non-existent
  • 193 - Invalid message format
  • 194 - IMSI not known
  • 195 - MS is GPRS Detached
  • 196 - MS is not GPRS Responding
  • 197 - MS Refuses
  • 198 - Version not supported
  • 199 - No resources available
  • 200 - Service not supported
  • 201 - Mandatory IE incorrect
  • 202 - Mandatory IE missing
  • 203 - Optional IE incorrect
  • 204 - System failure
  • 205 - Roaming restriction
  • 206 - P-TMSI Signature mismatch
  • 207 - GPRS connection suspended
  • 208 - Authentication failure
  • 209 - User authentication failed
  • 210 - Context not found
  • 211 - All dynamic PDP addresses are occupied
  • 212 - No memory is available
  • 213 - Relocation failure
  • 214 - Unknown mandatory extension header
  • 215 - Semantic error in the TFT operation
  • 216 - Syntactic error in the TFT operation
  • 217 - Semantic errors in packet filter(s)
  • 218 - Syntactic errors in packet filter(s)
  • 219 - Missing or unknown APN
  • 220 - Unknown PDP address or PDP type
  • 221 - PDP context without TFT already activated
  • 222 - APN access denied – no subscription
  • 223 - APN Restriction type incompatibility with currently active PDP Contexts
  • 224 - MS MBMS Capabilities Insufficient
  • 225 - Invalid Correlation-ID
  • 226 - MBMS Bearer Context Superseded

Usage:

Use this command to allow or restrict network-requested PDP context activation (NRPCA) based on access-type and location areas. NRPCA is used when there is downlink data at the GGSN for a subscriber, but there is no valid context for the already-established PDP address so the GGSN initiates an NRPCA procedure towards the SGSN.

This command can also be used to define the failure cause code that will be included in activation reject messages.

These commands can be repeated to define a unique set of NRPCA parameters for each access-type and each location area list.

The T3385-timeout and the max-actv-retransmission timers configure the retransmission timer and the number of retries for PDP context activation requests. Both of these timers are set in the SGSN service configuration mode.

The configuration for NRPCA can be viewed via the show call-control-profile full name profile_name. Statistics associated with NRPCA can be seen via the show gmm-sm statistics output and via the show sgtpc statistics verbose output.


Example:
The following command changes the failure code for Reject messages from 200 (service not supported) to 205 (roaming restriction) for primary NRPCA for all GRPS access and all LACs:
network-initiated-pdp-activation
primary access-type gprs all failure-code 205
The following command enables network-initiated primary PDP context activation for UMTS calls from the LACs in location-area-list 1:
network-initiated-pdp-activation
allow primary access-type umts location-area-list instance 1
The following command restricts network-initiated primary PDP context activation for UMTS calls from the LACs in location-area-list 2:
network-initiated-pdp-activation
restrict primary access-type umts location-area-list instance 2
override-arp-with-ggsn-arp

Enables or disables the ability of the SGSN to override an Allocation/Retention Priority (ARP) value with one received from a GGSN. If there is no authorized Evolved ARP received from the GGSN, by default the SGSN continues to use the legacy ARP included in the Quality of Service (QoS) Profile IE.

Platform:

ASR 5000

Product:

SGSN


Privilege:

Security Administrator, Administrator


Syntax
[ remove ] override-arp-with-ggsn-arp
remove

Adding the remove keyword to the command disables the override feature.


Usage:

Enabling this function on the SGSN will allow the ARP sent by the GGSN, in CPCR / UPCR / UPCQ, to be applicable as an overriding value.


Example:
Use this command to configure the SGSN to negotiate the ARP to be used as an overriding value:
override-arp-with-ggsn-arp
pdp-activate access-type

Configures the PDP context activation option based the type of access technology.

Platform:

ASR 5000

Product:

SGSN


Privilege:

Security Administrator, Administrator


Syntax
pdp-activate access-type { grps | umts } { all | location-area-list
instance instance } failure-code failure_codedefault pdp-activate
access-type { grps | umts } { all | location-area-list
instance instance } failure-code code
default

Resets the configuration to system default values for PDP context activation request.

{ grps | umts }

Specifies the access technology type for PDP context activation.

  • gprs: Enables access type as GPRS.
  • umts: Enables access type as UMTS.
all

Default: allow

Configures the system to allow the creation of all PDP context activation requests received from MS.

location-area-list instance instance

Specifies the location area instance for which to create a PDP context as an integer from 1 through 5. The value must be an already defined instance of a location area code (LAC) list created via the location-area-list command.

failure-code code

Specifies the failure code for PDP context activation as an integer from 8 through 112. Default: 8


Usage:

Use this command to configure this call control profile to allow GPRS/UMTS access through PDP context activation request from MS.


Example:
The following command configures the system to create the PDP context for requests from MS for GPRS access with location area list instance 2 and failure-code 5:
pdp-activate access-type
gprs location-area-list 2 failure-code 5
pdp-activate allow

Configures the system to allow the PDP context activation based on the type of access technology.

Platform:

ASR 5000

Product:

SGSN


Privilege:

Security Administrator, Administrator


Syntax
[ no ] pdp-activate
allow access-type { grps | umts } location-area-list
instance instance
no

Removes the configured permission to create PDP context on request of PDP context activation from MS for an access type.

access-type { grps | umts }

Specifies the access technology type for PDP context activation.

  • gprs: Enables access type as GPRS.
  • umts: Enables access type as UMTS.
location-area-list instance instance

Specifies the location area instance to create PDP context.

instance must be an integer from 1 through 5. The value must be an already defined instance of a location area code (LAC) list created via the location-area-list command.


Usage:

Use this command to configure this call control profile to allow GPRS/UMTS access through PDP context activation request from MS.


Example:
The following command configures the system to allow the PDP context activation for GPRS access type with location area list instance 2:
pdp-activate allow
access-type gprs location-area-list instance 2
pdp-activate restrict

Configures the system to restrict the PDP context activation based on the type of access technology.

Platform:

ASR 5000

Product:

SGSN


Privilege:

Security Administrator, Administrator


Syntax
[ no ] pdp-activate
restrict { { access-type { grps | umts } { all | location-area-list
instance instance } | secondary-activation { access-type { grps | umts } { all | location-area-list
instance instance } } }
no

Removes the configured restriction on PDP context activation through this command.

access-type { grps | umts }

Specifies the access technology type for which to restrict PDP context activation.

  • gprs: Enables access type as GPRS.
  • umts: Enables access type as UMTS.
all

Default: allow

Configures the system to restrict all PDP context activation requests from the MS.

location-area-list instance instance

Specifies the location area instance to restrict PDP context activation.

list_id must be an integer from 1 through 5. The value must be an already defined instance of a location area code (LAC) list created with the location-area-list command.

secondary-activation

Specifies the type of PDP context to restrict for secondary activation. This keyword restricts the system to create the secondary PDP context on receiving the PDP Context Activation Request from the MS.


Usage:

Use this command to configure this call control profile to restrict GPRS/UMTS access through PDP context activation request from MS.


Example:
The following command configures the system to restrict the PDP context activation for request from MS to access GPRS service with location area list instance 2:
pdp-activate restrict
access-type gprs location-area-list instance 2
peer-nri-length

Enables the SGSN to use NRI-FQDN-based DNS resolution for non-local RAIs when selection of the call control profile is based on the old-RAI and the PLMN Id of the RNC where the subscriber originally attached.

Platform:

ASR 5000

Product:

SGSN


Privilege:

Security Administrator, Administrator


Syntax
peer-nri-length   lengthremove peer-nri-length
remove

Deletes the NRI length configuration for the non-local RAIs and the SGSN sends RAI-FQDN-based DNS resolution.

length

This defines the NRI length for the peer SGSN and enables use of NRI-FQDN-based DNS resolution for non-local RAIs. This variable allows for an integer from 1 to 10.


Usage:

IMPORTANT:

Currently, this feature is supported for 3G subscribers only.

The command enables the SGSN to perform DNS query with an NRI when RAU comes from an SGSN outside the pool. The SGSN uses NRI-FQDN-based DNS resolution for the non-local RAIs for 3G subscribers in place of RAI-FQDN-based DNS resolution.

This functionality is applicable in situations for either inter- or intra-PLMN when the SGSN has not chosen a local NRI value (configured with SGSN Service commands) other than local-pool-rai or nb-rai. This means the RAI (outside pool but intra-PLMN) NRI length configured here will be applicable even for intra-PLMN with differently configured NRI lengths (different from the local pool).

This functionality is not applicable to call control profiles with an associated MSIN range as ccprofile selection is not IMSI-based. When this feature is enabled, the selection of the ccprofile is based on the old-RAI and the PLMN Id (if configured) of the RNC where the subscriber originally attached.


Example:

plmn-protocol

Configures the protocol supported by the PLMN (Public Land Mobile Network).

Platform:

ASR 5000

Product:

MME


Privilege:

Security Administrator, Administrator


Syntax
plmn-protocol plmnid
mcc mcc_num mnc mnc_num { s5-protocol | s8-protocol } { gtp | pmip }remove plmn-protocol
plmnid mcc mcc_num mnc mnc_num
remove

Deletes the definition from the call control profile configuration.

plmn-id mcc mcc_num mnc mnc_num

Identifies the PLMN by MCC (mobile country code) and MNC (mobile network code).

mcc_num: Enter a 3-digit integer from 100-999.

mnc_num: Enter a 2- or 3-digit integer from 00 to 999.

s5-protocol | s8-protocol

Select which protocol – S5 or S8 – that controls the identified PLMN.

gtp | pmip

Select the protocol variant - GTP or PMIP - that controls functionality for the identified PLMN.


Usage:

Use this command to identify a particular PLMN and, at a higher level, its operational characteristics.


Example:
The following command instructs the MME to use PLMN MCC423.MNC40.GPRS with PMIP under S8 Protocol:
plmn-protocol plmnid
mcc 423 mnc 40 s8-protocol pmip
ptmsi-reallocate

Defines P-TMSI reallocation for Attach Requests, RAU Request, and Service Requests.

Platform:

ASR 5000

Product:

SGSN


Privilege:

Security Administrator, Administrator


Syntax
ptmsi-reallocate { attach | frequency frequency | interval interval  | routing-area-update [ update-type ] | service-request [ service-type ] } [ access-type { gprs | umts } ]ptmsi-reallocate routing-area-update [ access-type { gprs | umts } | frequency frequency | update-type { combined-update | imsi-combined-update | periodic | ra-update } [  access-type { gprs | umts } | frequency frequency ] ]ptmsi-reallocate service-request [ frequency frequency | service-type { data | page-response | signaling } [ frequency frequency ] ][ no | remove ] ptmsi-reallocate { attach | frequency | interval | routing-area-update [ update-type { combined-update | imsi-combined-update | periodic | ra-update } [ access-type { gprs | umts } ] ] | service-request [ service-type { data | page-response | signaling } ] } [ access-type { gprs | umts } ] 
no

Disables the authentication procedures configured for the specified P-TMSI reallocation configuration in the call control profile.

remove

Deletes the defined authentication procedures for the specified P-TMSI reallocation configuration from the call control profile configuration file.

attach

Enables/disables P-TMSI reallocation for Attach with local P-TMSI.

IMPORTANT:

IMSI or inter-SGSN Attach is not configurable and will always be reallocated.

access-type type

One of the following must be selected to reallocate on the basis of the type of network access:

  • gprs
  • umts

This keyword can be used in combination with other keywords to refine the reallocation configuration.

frequency frequency

Defines frequency of the reallocation based on the number of messages skipped. If the frequency is set for 1, then the SGSN skips 1 message and then reallocates on receipt of the 2nd (alternate) request message. If the frequency is set for 12, then the SGSN skips reallocation for 12 messages and reallocates on receipt of the 13th request message. This keyword can be used in combination with other keywords to refine the reallocation configuration.

frequency must be an integer from 1 to 50.

By default, frequency is not defined and, therefore, reallocation is done for every request message and none are skipped.

interval minutes

Enter an integer between 1 and 1440 to define the time interval (in minutes) for skipping the service/RAU/attach request message procedure.

routing-area-update [ update-type ]

Enables/disables P-TMSI reallocation for RAU (routing area update) with local P-TMSI. To refine the reallocation configuration, include one of the optional types of updates to limit reallocation:

  • combined-update
  • imsi-combined-update
  • periodic
  • ra-update

IMPORTANT:

Inter-SGSN RAU will always be reallocated.

service-request [ service-type ]

Enables/disables P-TMSI reallocation for Service Requests. To refine the Service-Request reallocation configuration, include on of the optional service-types to limit the reallocation:

  • data
  • page-response
  • signaling

Usage:

By default, reallocation is not enabled. Use this command to enable P-TMSI reallocation for Attach Requests, RAU Request, and Service Requests. Fine-tune the reallocation configuration according to frequency, interval, or access-type.


Example:
The following command configures the SGSN to perform P-TMSI reallocation upon receiving 2G Attach Requests
ptmsi-reallocate attach
access-type  gprs
The following command configures the SGSN to disable all previously defined P-TMSI reallocations based on the combined criteria of interval and 3G requests:
no ptmsi-reallocate
interval access-type umts
ptmsi-signature-reallocate

Enables P-TMSI signature reallocation during Attach/RAU procedures.

Platform:

ASR 5000

Product:

SGSN


Privilege:

Security Administrator, Administrator


Syntax
ptmsi-signature-reallocate { attach | frequency frequency | interval interval  | ptmsi-reallocation-command | routing-area-update [ update-type ] } [ access-type { gprs | umts } | frequency frequency ]ptmsi-signature-reallocate
routing-area-update [ access-type { gprs | umts } | frequency frequency | update-type { combined-update | imsi-combined-update | periodic | ra-update } ]  [ access-type { gprs | umts } | frequency frequency ][ no | remove ] ptmsi-signature-reallocate { attach | frequency | interval | routing-area-update [ update-type { combined-update | imsi-combined-update | periodic | ra-update } ] } [ access-type { gprs | umts } ] 
no

Disables the authentication procedures configured for the specified P-TMSI signature reallocation configuration in the call control profile.

remove

Deletes the defined authentication procedures for the specified P-TMSI signature reallocation configuration from the call control profile configuration file.

attach

Enables/disables P-TMSI signature reallocation for Attach with local P-TMSI.

access-type type

One of the following must be selected to reallocate on the basis of the type of network access:

  • gprs
  • umts

This keyword can be used in combination with other keywords to refine the reallocation configuration.

frequency frequency

Defines 1-in-N selective reallocation. If the frequency is set for 12, then the SGSN skips reallocation for the first 11 messages and reallocates on receipt of the twelfth request message.

frequency must be an integer from 1 to 50.

This keyword can be used in combination with other keywords to refine the reallocation configuration.

interval minutes

Enter an integer between 1 and 1440 to define the time interval (in minutes) for skipping the service/RAU/attach request message procedure before performing a P-TMSI signature reallocation.

ptmsi-reallocation-command

Includes P-TMSI signature reallocation as a part of the P-TMSI reallocation configuration.

routing-area-update [ update-type ]

Enables/disables P-TMSI signature reallocation for RAU (routing area update) with local P-TMSI. To refine the reallocation configuration, include one of the optional types of updates to limit reallocation:

  • combined-update
  • imsi-combined-update
  • periodic
  • ra-update

Usage:

By default, P-TMSI signature reallocation is disabled. This command allows the operator to configure when the P-TMSI signature is reallocated.


Example:
The following command configures the SGSN to reallocate the P-TMSI signature for every third UMTS attach procedure:
ptmsi-signature-reallocate
attach frequency 3 access-type umts
The following command configures the SGSN to reallocate the P-TMSI signature for every seventh GPRS periodic RAU procedure:
ptmsi-signature-reallocate
routing-area-update uupdate-type periodic frequency 7 access-type gprs
The following command removes all configuration instances for reallocating the P-TMSI signature based on intervals and UMTS access:
remove ptmsi-signature-reallocate
interval access-type umts
qos

Configures the quality of service (QoS) parameters to be applied.

Platform:

ASR 5000

Product:

MME


Privilege:

Security Administrator, Administrator


Syntax
qos { gn-gp | ue-ambr } qos gn-gp { arp
high-priority priority medium-priority priority | pre-emption { capability { may-trigger-pre-emption | shall-not-trigger-pre-emption } | vulnerability { not-pre-emptable | pre-emptable } qos ue-ambr { max-ul mbr_up max-dl mbr_dl }remove qos { gn-gp | ue-ambr } 
remove

Deletes the configuration from the call control profile.

gn-gp

Configures Gn-Gp pre-release 8 ARP and pre-emption parameters.

arp

Maps usage of ARP (allocation/retention policy) high-priority (H) and medium-priority (M):

  • high-priority priority: Enter an integer from 1 to 13.
  • medium-priority priority: Enter an integer from 2 to 14.
pre-emption

Defines the pre-emption/vulnerability criteria for PDP Contexts imported from SGSN on Gn/Gp:

  • capability
    • may-trigger-pre-emption: PDP Contexts imported from Gn/Gp SGSN may preempt existing bearers.
    • shall-not-trigger-pre-emption: PDP Contexts imported from Gn/Gp SGSN shall not preempt existing bearers.
  • vulnerability
    • not-pre-emptable: PDP Contexts imported from Gn/Gp SGSN are not vulnerable to pre-emption.
    • pre-emptable: PDP Contexts imported from Gn/Gp SGSN are vulnerable to pre-emption.
ue-ambr

Configures the aggregate maximum bit rate that will be stored on the UE (user equipment).

  • max-ul mbr-up: Defines the maximum bit rate for uplink traffic.mbr-up: Enter a value from 0 to 1410065408.
  • max-dl mbr-up: Defines the maximum bit rate for downlink traffic.mbr-up: Enter a value from 0 to 1410065408.

Usage:

Use this command to configure the MME QoS parameters for the call control profile.


Example:
qos gn-gp arp high-priority
2 medium-priority 3
rau-inter

Defines an acceptable procedure for inter-SGSN routing area updates.

Platform:

ASR 5000

Product:

SGSN


Privilege:

Security Administrator, Administrator


Syntax
 rau-inter { accept
use-auth-vector  } | access-type { { gprs | umts } { all | location-area-list
instance instance } { failure-code fail_code | user-device-release { before-r99 | r99-or-later } failure-code fail_code } } | allow
accept access-type { gprs | umts } location-area-list
instance instance | ignore-peer-context-id | peer-sgsn-addr-resolution-failure
failure-code fail_code | restrict
access-type { { gprs | umts } { all | location-area-list
instance instance } }  default rau-inter ( accept
use-auth-vector | access-type { { gprs | umts } { all | location-area-list
instance instance } user-device-release { before-r99 | r99-or-later } failure-code fail_code } } | failure-code fail_code | ignore-peer-context-id | peer-sgsn-addr-resolution-failure
failure-code fail_code }no rau-inter ( accept
use-auth-vector | allow access-type { gprs | umts } location-area-list
instance instance | ignore-peer-context-id | restrict
access-type { gprs | umts } { all | location-area-list
instance instance } }
no

Including “no” as part of the command structure disables the values already configured for parameters specified in the command.

default

Resets the configuration of specified parameters to system default values.

accept use-auth-vector

Sets the SGSN to accept using the authorization vector.

allow access-type

Including this keyword with one of the following options, configures the SGSN to allow MS/UE with the identified access-type extension to be part of the intra-RAU procedure.

  • gprs - General Packet Radio Service
  • umts - Universal Mobile Telecommunications System
ignore-peer-context-id

Sets the SGSN to ignore the peer's context-ID and replace with PDP context-ID information based on the HLR subscription.

restrict access-type

Including this keyword-set with one of the following options, configures the SGSN to restrict MS/UE with the identified access-type extension from the inter-RAU procedure.

  • gprs - General Packet Radio Service
  • umts - Universal Mobile Telecommunications System
all

all - adding this option to the keyword determines that the failure cause code will be applicable to all location areas.

location-area-list instance instance

list_id must be an integer between 1 and 5. The value must be an already defined instance of a location area code (LAC) list created with the location-area-list command.

failure-code fail-code

Specify a GSM Mobility Management (GMM) failure cause code to identify the reason an inter SGSN RAU does not occur. This GMM cause code will be sent in the reject message to the MS.

fail-code must be an integer from 2 to 111. Refer to the GMM failure cause codes listed below (from section 10.5.5.14 of the 3GPP TS 124.008 v7.2.0 R7):

  • 2 - IMSI unknown in HLR
  • 3 - Illegal MS
  • 6 - Illegal ME
  • 7 - GPRS services not allowed
  • 8 - GPRS services and non-GPRS services not allowed
  • 9 - MSID cannot be derived by the network
  • 10 - Implicitly detached
  • 11 - PLMN not allowed
  • 12 - Location Area not allowed
  • 13 - Roaming not allowed in this location area
  • 14 - GPRS services not allowed in this PLMN
  • 15 - No Suitable Cells In Location Area
  • 16 -MSC temporarily not reachable
  • 17 - Network failure
  • 20 - MAC failure
  • 21 - Synch failure
  • 22 - Congestion
  • 23 - GSM authentication unacceptable
  • 40 - No PDP context activated
  • 48 to 63 - retry upon entry into a new cell
  • 95 - Semantically incorrect message
  • 96 - Invalid mandatory information
  • 97 - Message type non-existent or not implemented
  • 98 - Message type not compatible with state
  • 99 - Information element non-existent or not implemented
  • 100 - Conditional IE error
  • 101 - Message not compatible with the protocol state
  • 111 - Protocol error, unspecified
user-device-release { before-r99 | r99-or-later } failure-code code

Default: Disabled

Enables the SGSN to reject an Inter-RAU procedure based on the detected 3GPP release version of the MS equipment and selectively send a failure cause code in the reject message. The SGSN uses the following procedure to implement this configuration:
  1. When Attach Request is received, the SGSN checks the subscriber’s IMSI and current location information.
  2. Based on the IMSI, an operator policy and call control profile is found that relates to this Attach Request.
  3. call control profile is checked for access limitations.
  4. Attach Request is checked to see if the revision indicator bit is set
    • if not, then the configured common failure code for reject is sent;
    • if set, then the 3GPP release level is verified and action is taken based on the configuration of this parameter

One of the following options must be selected and completed:

  • before-r99: Indicates the MS would be a 3GPP release prior to R99 and an appropriate failure code should be defined.failure-code code: Enter an integer from 2 to 111.
  • r99-or-later: Indicates the MS would be a 3GPP Release 99 or later and an appropriate failure code should be defined.failure-code code: Enter an integer from 2 to 111.

Usage:

Use this command to configure the restrictions and function of the inter-RAU procedure.


Example:
Configure default inter-RAU settings for Edge calls from subscribers on location-area-list no. 1:
default rau-inter allow
access-type gprs location-area-list instance 1
rau-inter-plmn

Enables or disables restriction of all Routing Area Updates (RAUs) occurring between different PLMNs.

Platform:

ASR 5000

Product:

SGSN


Privilege:

Security Administrator, Administrator


Syntax
rau-inter-plmn access-type { all | location-area-list
instance instance } { failure-code fail_code | user-device-release { before-r99 } 
failure-code fail_code | r99-or-later
 } { failure-code fail_code } }default rau-inter-plmn
access-type { all | location-area-list instance instance} user-device-release { before-r99
failure-code | r99-or-later failure-code }[ no ] rau-inter-plmn { restrict | allow } access-type { gprs | umts } { all | location-area-list
instance instance }[ no ] rau-inter-plmn { allow
access-type | restrict access-type } { [ all ] failure-code fail_code |  location-area-list instance instance }default rau-inter { allow
access-type | restrict access-type } { [ all ] failure-code fail_code | location-area-list instance instance } }
no

Including “no” as part of the command structure disables the values already configured for parameters specified in the command.

default

Resets the configuration of specified parameters to system default values.

allow access-type

Including this keyword-set with one of the following options, configures the SGSN to allow MS/UE with the identified access-type extension to be part of the intra-RAU procedure.

  • gprs - General Packet Radio Service
  • umts - Universal Mobile Telecommunications System
restrict access-type

Including this keyword-set with one of the following options, configures the SGSN to restrict MS/UE with the identified access-type extension from the inter-RAU procedure.

  • gprs - General Packet Radio Service
  • umts - Universal Mobile Telecommunications System
all

all - adding this option to the keyword determines that the failure cause code will be applicable to all location areas.

location-area-list instance instance

list_id must be an integer between 1 and 5. The value must be an already defined instance of a LAC list created with the location-area-list command.

failure-code fail-code

Specify a GSM Mobility Management (GMM) failure cause code to identify the reason an inter SGSN RAU does not occur. This GMM cause code will be sent in the reject message to the MS.

fail-code must be an integer from 2 to 111. Refer to the GMM failure cause codes listed below (from section 10.5.5.14 of the 3GPP TS 124.008 v7.2.0 R7):

  • 2 - IMSI unknown in HLR
  • 3 - Illegal MS
  • 6 - Illegal ME
  • 7 - GPRS services not allowed
  • 8 - GPRS services and non-GPRS services not allowed
  • 9 - MSID cannot be derived by the network
  • 10 - Implicitly detached
  • 11 - PLMN not allowed
  • 12 - Location Area not allowed
  • 13 - Roaming not allowed in this location area
  • 14 - GPRS services not allowed in this PLMN
  • 15 - No Suitable Cells In Location Area
  • 16 -MSC temporarily not reachable
  • 17 - Network failure
  • 20 - MAC failure
  • 21 - Synch failure
  • 22 - Congestion
  • 23 - GSM authentication unacceptable
  • 40 - No PDP context activated
  • 48 to 63 - retry upon entry into a new cell
  • 95 - Semantically incorrect message
  • 96 - Invalid mandatory information
  • 97 - Message type non-existent or not implemented
  • 98 - Message type not compatible with state
  • 99 - Information element non-existent or not implemented
  • 100 - Conditional IE error
  • 101 - Message not compatible with the protocol state
  • 111 - Protocol error, unspecified
user-device-release { before-r99 | r99-or-later } failure-code code

Default: Disabled

Enables the SGSN to reject an Inter-RAU procedure based on the detected 3GPP release version of the MS equipment and selectively send a failure cause code in the reject message. The SGSN uses the following procedure to implement this configuration:

  1. When Attach Request is received, the SGSN checks the subscriber’s IMSI and current location information.
  2. Based on the IMSI, an operator policy and call control profile are found that relate to this Attach Request.
  3. The call control profile is checked for access limitations.
  4. Attach Request is checked to see if the revision indicator bit is set
    • if not, then the configured common failure code for reject is sent;
    • if set, then the 3GPP release level is verified and action is taken based on the configuration of this parameter

One of the following options must be selected and completed:

  • before-r99: Indicates the MS would be a 3GPP release prior to R99 and an appropriate failure code should be defined.failure-code code: Enter an integer from 2 to 111.
  • r99-or-later: Indicates the MS would be a 3GPP Release 99 or later and an appropriate failure code should be defined.failure-code code: Enter an integer from 2 to 111.

Usage:

Use this command to configure the restrictions and function of the inter-RAU procedure occurring across RNCs or BSSs where the PLMN changes. For example:

  • inter-IuPS RAU, where the two IuPSs have different PLMNs
  • inter-GPRS RAU, where the two GPRSs have different PLMNs
  • inter-RAT RAU (2G > 3G), where the IuPS/GPRS services have different PLMNs
  • inter-RAT-RAU (3G > 2G), where the IuPS/GPRS services have different PLMNs

Example:
default rau-inter allow
access-type gprs location-area-list instance 1
rau-intra

Defines an acceptable procedure for intra-SGSN Routing Area Updates (RAUs).

Platform:

ASR 5000

Product:

SGSN


Privilege:

Security Administrator, Administrator


Syntax
rau-intra access-type { all | location-area-list instance instance } { failure-code fail_code | user-device-release { before-r99
 } { failure-code fail_code | r99-or-later
 } { failure-code fail_code } }default rau-intra
access-type { all | location-area-list instance instance} user-device-release { before-r99
failure-code | r99-or-later failure-code }rau-intra { allow
access-type | restrict access-type } { [ all ] failure-code fail_code |  location-area-list
instance instance } }no rau-intra { allow
access-type | restrict access-type } { [ all ] failure-code fail_code |  location-area-list
instance instance }default rau-intra { allow
access-type | restrict access-type } { [ all ] failure-code fail_code | location-area-list
instance instance } }
no

Including “no” as part of the command structure disables the values already configured for parameters specified in the command.

default

Resets the configuration of specified parameters to system default values.

allow access-type

Including this keyword-set with one of the following options, configures the SGSN to allow an MS/UE with the identified access-type extension to be part of the intra-RAU procedure.

  • gprs - General Packet Radio Service
  • umts - Universal Mobile Telecommunications System
restrict access-type

Including this keyword-set with one of the following options, configures the SGSN to restrict an MS/UE with the identified access-type extension from the intra-RAU procedure.

  • gprs - General Packet Radio Service
  • umts - Universal Mobile Telecommunications System
all

all - adding this option to the keyword determines that the failure cause code will be applicable to all location areas.

location-area-list instance instance

list_id must be an integer between 1 and 5. The value must be an already defined instance of a location area code (LAC) list created via the location-area-list command.

failure-code fail-code

Specify a GSM Mobility Management (GMM) failure cause code to identify the reason an inter SGSN RAU does not occur. This GMM cause code will be sent in the reject message to the MS.

fail-code must be an integer from 2 to 111. Refer to the GMM failure cause codes listed below (from section 10.5.5.14 of the 3GPP TS 124.008 v7.2.0 R7):

  • 2 - IMSI unknown in HLR
  • 3 - Illegal MS
  • 6 - Illegal ME
  • 7 - GPRS services not allowed
  • 8 - GPRS services and non-GPRS services not allowed
  • 9 - MSID cannot be derived by the network
  • 10 - Implicitly detached
  • 11 - PLMN not allowed
  • 12 - Location Area not allowed
  • 13 - Roaming not allowed in this location area
  • 14 - GPRS services not allowed in this PLMN
  • 15 - No Suitable Cells In Location Area
  • 16 -MSC temporarily not reachable
  • 17 - Network failure
  • 20 - MAC failure
  • 21 - Synch failure
  • 22 - Congestion
  • 23 - GSM authentication unacceptable
  • 40 - No PDP context activated
  • 48 to 63 - retry upon entry into a new cell
  • 95 - Semantically incorrect message
  • 96 - Invalid mandatory information
  • 97 - Message type non-existent or not implemented
  • 98 - Message type not compatible with state
  • 99 - Information element non-existent or not implemented
  • 100 - Conditional IE error
  • 101 - Message not compatible with the protocol state
  • 111 - Protocol error, unspecified
user-device-release { before-r99 | r99-or-later } failure-code code

Default: Disabled

Enables the SGSN to reject an Intra-RAU procedure based on the detected 3GPP release version of the MS equipment and selectively send a failure cause code in the reject message. The SGSN uses the following procedure to implement this configuration:

  1. When Attach Request is received, the SGSN checks the subscriber’s IMSI and current location information.
  2. Based on the IMSI, an operator policy and call control profile are found that relate to this Attach Request.
  3. Call control profile is checked for access limitations.
  4. Attach Request is checked to see if the revision indicator bit is set
    • if not, then the configured common failure code for reject is sent;
    • if set, then the 3GPP release level is verified and action is taken based on the configuration of this parameter

One of the following options must be selected and completed:

  • before-r99: Indicates the MS would be a 3GPP release prior to R99 and an appropriate failure code should be defined.failure-code code: Enter an integer from 2 to 111.
  • r99-or-later: Indicates the MS would be a 3GPP Release 99 or later and an appropriate failure code should be defined.failure-code code: Enter an integer from 2 to 111.

Usage:

Use this command to configure the restrictions and function of the intra-RAU procedure.


Example:
default rau-intra allow
access-type gprs  location-area-list instance 1
re-authenticate

Enables or disables the re-authentication feature. This command is available in releases 8.1 and higher.

Platform:

ASR 5000

Product:

SGSN


Privilege:

Security Administrator, Administrator


Syntax
re-authenticate [ access-type { gprs | umts } ]remove re-authenticate
remove

Including this keyword with the command disables the feature. The feature is disabled by default.

access-type

Defines the type of access to be allowed or restricted.

  • gprs
  • umts

If this keyword is not included, then both access types are allowed by default.


Usage:

Use this command to enable or disable the re-authentication feature, which instructs the SGSN to retry authentication with another RAND in situations where failure of the first authentication has occurred. To address the introduction of new SIM cards, for security reasons a systematic "last chance" authentication retry with a fresh Authentication Vector is needed, particularly in cases where there is an SRES mismatch at authentication.


Example:
re-authenticate
regional-subscription-restriction

Allows the operator to define the cause code for subscriber rejection when it is due to regional subscription information failure.

Platform:

ASR 5000

Product:

SGSN


Privilege:

Security Administrator, Administrator


Syntax
[ remove ] 
regional-subscription-restriction [ failure-code code | user-device-release { before-r99
failure-code code | r99-or-later
failure-code code } ]
remove

This keyword causes the configuration to be deleted from the call control profile configuration.

failure-code cause_code

cause_code: Enter an integer from 2 to 111; default code is 13 (roaming not allowed in this location area [LA]).

Refer to the GMM failure cause codes listed below (from section 10.5.5.14 of the 3GPP TS 124.008 v7.2.0 R7):

  • 2 - IMSI unknown in HLR
  • 3 - Illegal MS
  • 6 - Illegal ME
  • 7 - GPRS services not allowed
  • 8 - GPRS services and non-GPRS services not allowed
  • 9 - MSID cannot be derived by the network
  • 10 - Implicitly detached
  • 11 - PLMN not allowed
  • 12 - Location Area not allowed
  • 13 - Roaming not allowed in this location area
  • 14 - GPRS services not allowed in this PLMN
  • 15 - No Suitable Cells In Location Area
  • 16 - MSC temporarily not reachable
  • 17 - Network failure
  • 20 - MAC failure
  • 21 - Synch failure
  • 22 - Congestion
  • 23 - GSM authentication unacceptable
  • 40 - No PDP context activated
  • 48 to 63 - retry upon entry into a new cell
  • 95 - Semantically incorrect message
  • 96 - Invalid mandatory information
  • 97 - Message type non-existent or not implemented
  • 98 - Message type not compatible with state
  • 99 - Information element non-existent or not implemented
  • 100 - Conditional IE error
  • 101 - Message not compatible with the protocol state
  • 111 - Protocol error, unspecified
user-device-release { before-r99 | r99-or-later } failure-code code

Enables the SGSN to assign a reject cause code based on the detected 3GPP release version of the MS equipment.

One of the following options must be selected and completed:

  • before-r99: Indicates the MS would be a 3GPP release prior to R99 and an appropriate failure code should be defined.failure-code code: Enter an integer from 2 to 111. Refer to the list above.
  • r99-or-later: Indicates the MS would be a 3GPP Release 99 or later and an appropriate failure code should be defined.failure-code code: Enter an integer from 2 to 111. Refer to the list above.

Usage:

Use this command to define GMM reject cause codes when rejection is due to regional subscription information failure.


Example:
The following command sets a location area rejection message, code 12 for regional restriction rejections:
regional-subscription-restriction
failure-code 12
reuse-authentication-triplets

Creates a configuration entry to enable or disable the reuse of authentication triplets in the event of a failure.

Platform:

ASR 5000

Product:

SGSN


Privilege:

Security Administrator, Administrator


Syntax
[ no | remove } reuse-authentication-triplets no-limit
no

Disables this configuration entry and disables reuse of authentication triplets.

remove

This keyword causes the reuse configuration to be deleted from the call control profile configuration.

This is the default behavior. Triplets are reused.

no-limit

This keyword enables reuse triplets as needed.


Usage:

Use this command to enable reuse of authentication triplets.


Example:
reuse-authentication-triplets
no limit
rfsp-override

Configures RAT frequency selection priority override parameters for this call control profile.

Platform:

ASR 5000

Product:

MME


Privilege:

Security Administrator, Administrator


Syntax
rfsp-override { default
 value | ue-val value new-val value + }remove rfsp-override { default | ue-val
 value }
remove

Deletes the rfsp-override configuration from the call control profile.

default

Restores the default value assigned.

ue-val value

Assign the UE value for the RAT frequency selection priority.

value: Enter an integer from 1 to 256.

new-val value

Assign a new RFSP Index value.

value: Enter an integer from 1 to 256.

Multiple UE value/new value combinations can be configured in a single command.


Usage:

Use this command to configure the RAT frequency selection priority override parameter.

Multiple UE value/new value combinations can be configured.


Example:
The following command resets the specified RFSP Index value (1) to its default value, thereby removing the RFSP Index override value previously configured:
rfsp-override default 1
s1-reset

Configures the behavior of user equipment (UE) on S1-reset.

Platform:

ASR 5000

Product:

MME


Privilege:

Security Administrator, Administrator


Syntax
s1-reset { detach-ue | idle-mode-entry } default s1-reset
default

Reset the profile configuration to the system default of idle-mode-entry.

detach-ue

Upon S1-reset the MME will detach the UE.

idle-mode-entry

Upon S1-reset the MME will move the UE to idle-mode. This is the default setting for this command.


Usage:

Use this command to set the MME’s reactions to an S1-reset.


Example:
Configure the MME to put the UE into idle-mode upon receipt of S1-reset:
s1-reset idle-mode-entry
sctp-down

Configures the behavior towards UE (user equipment) when Stream Control Transmission Protocol (SCTP) goes down.

Platform:

ASR 5000

Product:

MME


Privilege:

Security Administrator, Administrator


Syntax
sctp-down { detach-ue | idle-mode-entry } default sctp-down
default

Reset the profile configuration to the system default when SCTP layer goes down. The default for this command is idle-mode-entry.

detach-ue

When SCTP goes down, the MME will detach the UE.

idle-mode-entry

When the SCTP goes down, the MME will move the UE to idle-mode. This is the default for this command.


Usage:

Use this command to set the MME’s reactions when the SCTP goes down.


Example:
Configure the MME to put the UE into idle-mode when the SCTP layer goes down:
sctp-down idle-mode-entry
sgsn-address

Defines the IP addresses for peer SGSNs in a static SGSN address table. These configured addresses can be used rather than using DNS.

Platform:

ASR 5000

Product:

SGSN


Privilege:

Security Administrator, Administrator


Syntax
sgsn-address rac rac-id lac lac_id [  nri nri ]  prefer { fallback-for-dns | local } address { ipv4 ip_address | ipv6 ip_address }no sgsn-address { ipv4 ip_address | ipv6  ip_address } rac  rac_id lac lac_id [  nri nri ]
no

Disables the specified peer-SGSN address configuration.

rac rac_id

Identifies the foreign routing area code (RAC) of the peer-SGSN address to be configured in the static peer-SGSN address table. rac_id must be an integer from 1 to 255.

lac lac_id

Identifies the foreign location area code (LAC) ID of the peer-SGSN address to be configured in the static peer-SGSN address table. lac_id must be an integer from 1 to 65535.

nri nri

Identifies the network resource identifier stored in the P-TMSI (bit 17 to bit 23). nri must be an integer from 0 to 63.

IMPORTANT:

Typically, use of this keyword is optional. However, it must be included in the command when Flex (SGSN-Pooling) is implemented.

prefer { fallback-for-dns | local }

Indicates the preferred source of the address to be used.

  • fallback-for-dns - Instructs the SGSN to perform a DNS query to get the IP address of the peer-SGSN. If the DNS query fails, then the IP address configured with this command is used.
  • local - instructs the system to use the local IP address configured with this command.

IMPORTANT:

If the prefer command is used to change an existing sgsn-address configuration (with the same LAC and RAC) from fallback-for-dns to local or from local to fallback-for-dns, the new setting overwrites the previously configured setting for all interfaces.

address { ipv4 ip_address | ipv6 ip_address }

Specifies the IP address of the peer SGSN. Currently, the IPv6 address option is not supported on the S4-SGSN.

  • ipv4 ip_address - specifies a valid address in IPv4 dotted-decimal notation.
  • ipv6 ip_address - specifies a valid address in IPv6 colon-separated notation.

IMPORTANT:

The ipv6 option is under development for future use and is not supported in this release.


Usage:

Use this command to save time by avoiding DNS. This command enables a local mapping by setting the peer-SGSN IP address to be used for inter-SGSN Attach and inter-SGSN-RAU. When configured, if the SGSN receives a RAU or an Attach Request with a P-TMSI and an old-RAI that is not local, the SGSN consults this table and uses the configured IP address instead of resolving via DNS. If this table is not configured, then IP address resolution is done using DNS.

The MCC and MNC of the RAI are taken from the IMSI range configured in the operator policy and the LAC and RAC are configured here in the call control profile configuration mode.

The sgsn-address command differs from other Call Control Profile configuration mode commands in the following ways:

  • Within the SGSN’s call logic, all other configuration elements defined with the other commands in this mode are used after the IMSI is learnt. The configuration defined with this command is part of the decision logic prior to the IMSI being known.
  • With the peer-SGSN address configured using this sgsn-address command, the peer-SGSN-RAI’s MCC/MNC is used as a 5 or 6-digit IMSI and the operator policy and call control profile selection are completed.

IMPORTANT:

Typically, use of this command is optional. However, it must be included in the configuration when Flex (SGSN-Pooling) is implemented if (1) the SGSN functions as a default SGSN, then configure the local-NRI of other SGSN with this command; or if (2) another SGSN is offloading, then configure the NB-RAI/null-NRI of the peer-SGSN with this command.


Example:
Create a local peer-SGSN address mapping of an RAI with RAC of 123 and LAC of 4444 and an IPv4 address of 123.11.313.11 for the peer-SGSN:
sgsn-address rac 123
lac 4444 local address ipv4 123.11.313.11
sgsn-number

Defines the SGSN’s E.164 number to be used for interactions via the Mobile Application Part (MAP) protocol. E.164 is an ITU-T recommendation that defines the international public telecommunication numbering plan used in public switched telephone networks (PSTN) and some other data networks.

Platform:

ASR 5000

Product:

SGSN


Privilege:

Security Administrator, Administrator


Syntax
sgsn-number E164_numberno sgsn-number
no

Disables the use of this configuration definition.

E164_number

Specifies a string of 1 to 16 digits that serve as the SGSN’s E.164 identification.


Usage:

This command configures the current SGSN E164 contact number.

The SGSN number configured for a call control profile is related to the SGSN number configured in the SGSN service configuration and/or in the GPRS service configuration. If the SGSN number is not configured as part of the call control profile configuration, then the SGSN number defined as part of the SGSN service or GPRS service configuration is used.

When the 3G SGSN supports multiple PLMNs configured through different IuPS services or when network sharing is implemented, then it may be required to use different SGSN numbers for each PLMN. In such cases, configure the per-PLMN SGSN number in a call control profile. SGSN number definition for a call control profile allows emulation of a different SGSN to each HLR per PLMN. SGSN number definitions in the call control profile also enable the SGSN to use a different SGSN number per operator when network sharing is implemented.


Example:
Map the E.164 number 198765432123456 for the SGSN to this call control profile configuration:
sgsn-number 198765432123456 
sgtp-service

Identifies the SGTP service configuration to be used according to this call control profile.

Platform:

ASR 5000

Product:

SGSN


Privilege:

Security Administrator, Administrator


Syntax
sgtp-service context ctxt_name service sgtp_service_nameno sgtp-service context
context ctxt_name

Specifies the SGTP context as an alphanumeric string of 1 through 64 characters.

service sgtp_service_name

Specifies the SGTP service name as an alphanumeric string of 1 through 64 characters.

no

Disables use of SGTP service.


Usage:

Use this command to configure enabling or disabling of SGTP service for this call control profile.


Example:
sgtp-service context
sgtp1 service sgtp-srvc1
sms-mo

Configures how mobile-originated (MO) short message service (SMS) messages are handled.

Platform:

ASR 5000

Product:

SGSN


Privilege:

Security Administrator, Administrator


Syntax
[ remove ] sms-mo { { access-type { gprs | umts } { all-location-areas | 
location-area-list } | allow access-type { gprs | umts } | restrict
access-type { gprs | umts } }
remove

Deletes the specified configuration.

access-type type

Access by SMS will be limited to SMS coming from this network type:

  • gprs
  • umts
allow

Allow either GPRS or UMTS type access for SMS.

restrict

Restrict either GPRS or UMTS type access for SMS.

location-area-list instance instance

instance must be an integer between 1 and 5. The value must identify an already defined location area code (LAC) list created with the location-area-list command.

failure-code code

code: Must be an integer from 2 to 111.


Usage:

Configure filtering for SMS-MO messaging.


Example:
sms-mo access-type
gprs all-location-areas failure-code 100
sms-mt

This command configures how mobile-terminated (MT) short message service (SMS) messages are handled.

Platform:

ASR 5000

Product:

SGSN


Privilege:

Security Administrator, Administrator


Syntax
[ remove ] sms-mt { { access-type { gprs | umts } { all-location-areas | 
location-area-list } | allow access-type { gprs | umts } | restrict
access-type { gprs | umts } }
remove

Deletes the specified configuration.

access-type type

Access by SMS will be limited to SMS coming from this network type:

  • gprs
  • umts
allow

Allow either GPRS or UMTS type access for SMS.

restrict

Restrict either GPRS or UMTS type access for SMS.

location-area-list instance instance

instance must be an integer between 1 and 5. The value must identify an already defined LAC list created with the location-area-list command.

failure-code code

code: Must be an integer from 2 to 111.


Usage:

Configure filtering for SMS-MT messaging.


Example:
sms-mt access-type
gprs all-location-areas failure-code 100
srns-inter

Defines handling parameters for Inter-SRNS (Serving Radio Network Subsystem) relocation.

Platform:

ASR 5000

Product:

SGSN


Privilege:

Security Administrator, Administrator


Syntax
srns-inter ( all failure-code | allow
location-area-list instance instance | location-area-list
instance instance  failure-code code | restrict
location-area-list instance instance }no srns-inter { allowlocation-area-list
instance instance | restrictlocation-area-list
instance instance }default srns-inter { all | location-area-list-instance instance }
no

Deletes the inter-SRNS relocation configuration.

default

Resets the configuration to default values.

all failure-code code

Define the failure code that will apply to all inter-SRNS relocations.

code: Must be an integer from 2 to 111.

allow location-area-list instance instance

Identify the location area list Id (LAC Id) that will allow services in the defined location area.

location-area-list instance instance

instance: Must be an integer between 1 and 5 that identifies the previously defined location area list created with the location-area-list command.

restrict location-area-list instance instance

Identify the location area list Id (LAC Id) that indicates the location areas where services will be restricted.


Usage:

This command defines the operational parameters for inter-SRNS relocation.


Example:
The following command allows services in areas listed in LAC list #3:
srns-inter allow location-area-list
instance 3
srns-intra

Defines handling parameters for intra-SRNS (Serving Radio Network Subsystem) relocation.

Platform:

ASR 5000

Product:

SGSN


Privilege:

Security Administrator, Administrator


Syntax
srns-intra ( all failure-code | allow
location-area-list instance instance | location-area-list
instance instance failure-code code | restrict location-area-list
instance instance }no srns-intra { allow
location-area-list instance instance | restrictlocation-area-list
instance instance }default srns-intra { all | location-area-list-instance instance }
no

Deletes the intra-SRNS relocation configuration.

default

Resets the configuration to default values.

all failure-code code

Define the failure code that will apply to all intra-SRNS relocations.

code: Must be an integer from 2 to 111.

allow location-area-list instance instance

Identify the location area list Id (LAC Id) that will allow services in the defined location area.

location-area-list instance instance

instance: Must be an integer between 1 and 5 that identifies the previously defined location area list created with the location-area-list command.

restrict location-area-list instance instance

Identify the location area list Id (LAC Id) of the target RNC to determine the location areas where services will be restricted.


Usage:

This command defines the operational parameters for intra-SRNS relocation.


Example:
The following command restricts service in areas listed in the LAC list 1:
srns-intra restrict
location-area-list instance 1
subscriber-control-inactivity

Configures \the subscriber-control inactivity timer. The system detects inactivity when no PDP context is activated and starts the timer.

Platform:

ASR 5000

Product:

SGSN


Privilege:

Security Administrator, Administrator


Syntax
subscriber-control-inactivity
timeout minutes time detach { immediate | next-connection | reattach-time-period }{ no | default } subscriber-control-inactivity
no

Deletes the timer configuration.

default

Resets the timer configuration to the default value of 7 days (10080 minutes).

timeout minutes time[ detach ]

Sets the number of minutes the SGSN monitors the connection after inactivity has been detected. When the timer expires, the subscribe will be detached.

time: Enter an integer from 1 to 20160 (two weeks).

detach [ immediate | next-connection | reattach-time-period ]

Instructs the SGSN to detach and can be configured to specify when the detach will occur after inactivity is detected. To fine-tune the detach instruction, include one of the following with the command:

  • immediate - Instructs the SGSN to detach immediately after inactivity is detected. May combine with reattach-time-period.
  • next-connection - instructs the SGSN to detach after the next Iu connection after inactivity is detected.

    IMPORTANT:

    Supported for 3G SGSNs only.

  • reattach-time-period period[ action ] - Specify the number of seconds the SGSN will monitor a new re-attach after the previous detach was due to inactivity. Also, you can define the action to be taken regarding new attaches.period: Enter an integer from 60 to 3600.action - Select an action:
    • deny
    • permit-and-stop-monitoring

Usage:

Use this command to configure the timeout timer. After this timer times out the subscriber is detached from the SGSN.


Example:
The following command instructs the SGSN to monitor the connection for up to 360 minutes after inactivity is detected, or detach immediately after inactivity is detected:
subscriber-control-inactivity
timeout minutes 360 detach immediate
super-charger

Enables or disables the SGSN to work with a super-charged network.

Platform:

ASR 5000

Product:

SGSN


Privilege:

Security Administrator, Administrator


Syntax
[ remove ] super-charger
remove

Disables the super-charger functionality.


Usage:

By enabling the super charger functionality for 2G or 3G connections controlled by an operator policy, the SGSN changes the hand-off and location update procedures to reduce signalling traffic management.


Example:
The following command enables the super charger feature:
super-charger
tau

Configure parameters for the tracking area update (TAU) procedure.

Platform:

ASR 5000

Product:

MME


Privilege:

Security Administrator, Administrator


Syntax
tau { imei-query-type { imei | imei-sv | none } [ verify-equipment-identity [ allow-on-eca-timeout | deny-greylisted | deny-unknown ] ] | inter-rat
security-ctxt { allow-mapped | native } }remove tau { imei-query-type | inter-rat
security-ctxt }
remove

Deletes this TAU configuration from the call control profile.

imei-query-type { imei | imei-sv | none }

This keyword set is specific to the MME.

Sets the IMEI query-type if an IMEI (International Mobile Equipment Identity) is not already present.

  • imei: Specifies that the MME is required to query the UE for its International Mobile Equipment Identity (IMEI).
  • imei-sv: Specifies that the MME is required to query the UE for its International Mobile Equipment Identity - Software Version (IMEI-SV).
  • none: Specifies that the MME does not need to query for IMEI or IMEI-SV.
verify-equipment-identity [ allow-on-eca-timeout | deny-greylisted | deny-unknown ]

Specifies that the identification (IMEI or IMEI-SV) of the UE is to be performed by the Equipment Identity Register (EIR) over the S13 interface.

  • allow-on-eca-timeout: Configures the MME to allow equipment that has timed-out on ECA during the attach procedure.
  • deny-greylisted: Configures the MME to deny grey-listed equipment during the attach procedure.
  • deny-unknown: Configures the MME to deny unknown equipment during the attach procedure.
  • : Configures the MME to ignore the IMEI validation of the equipment during the attach procedure in emergency cases. This keyword is only supported in release 12.2 and higher.
inter-rat security-ctxt { allow-mapped | native }

Configure inter-RAT parameters for TAU. This keyword provides the operator with the option of continuing with the mapped context or creating a new native context after an inter-RAT handover.

  • allow-mapped: Configures inter-RAT security-context type as mapped. Mapped security context is allowed after inter-RAT handover. This is the default value.
  • native: Configures inter-RAT security-context type as native only. Inter-RAT handover will always result in a native security context.

Usage:

Use this command to define tracking area update procedures such as inter-RAT security context and IMEI query-type.


Example:
The following command sets the IMEI query type to IMEI-SV:
tau imei-query-type imei-sv
verify-equipment- identity
treat-as-hplmn

Enables or disables the MME or SGSN to treat an IMSI series as coming from the home PLMN.

Platform:

ASR 5000

Product:

MME, SGSN


Privilege:

Security Administrator, Administrator


Syntax
[ remove ] treat-as-hplmn
remove

Deletes this configuration from the profile. This would disable this function and is the default.


Usage:

Use this command to enable or disable the MME/SGSN to treat an IMSI series as coming from the home PLMN.


Example:
The following command disables previously configured feature:
remove treat-as-hplmn
zone-code

Configures a zone code listing of one or more location area code (LACs) included in the zone.

Platform:

ASR 5000

Product:

SGSN


Privilege:

Security Administrator, Administrator


Syntax
zone-code zc_id location-area-code lac 
no zone-code zc_id [ location-area-code lac ]
no

Removes either a specific LAC from the zone code list. If the location-area-code parameter is not included in the command, then the entire zone code list definition is removed from configuration.

zc_id

Identifies an instance of a zone code list as an integer from 1 to 65535.

location-area-code lac

Prompts for the location area-code(s), where the subscribers can roam, that are part of the zone. lac is an integer from 1 to 65535.

Repeat the command with this parameter to include up to 100 LACs in the zone code list.


Usage:

IMPORTANT:

While there is no limit to the number of zone codes that can be created, only 10 LACs per zone code can be defined.

Use this command to define zone code restrictions. Regional subscription data at the home location register (HLR) is used to determine the regional subscription area in which the subscriber is allowed to roam. The regional subscription data consists of a list of zone codes. A zone code is comprised of one or more location areas (identified by a LAC) into which the subscriber is allowed to roam. Regional subscription data, if present in the insert subscriber data (ISD) request from the HLR, defines the subscriber's subscription area for the addressed SGSN. It contains the complete list (up to 10 zone codes) that apply to a subscriber in the currently visited PLMN.

During the GPRS Location Update procedure, the zone code list is received in the ISD request from the HLR. The zone code list from the HLR is validated against the configured values in the operator policy. If matched, then the ISD is allowed to proceed. If not matched, then the ISD response is that the Network Node Area is Restricted and the GPRS Location Update procedure fails. If no zone codes are included in the ISD (whether or not the zone codes are defined in the SGSN configuration), then checking is not done.


Example:
The following command defines multiple LACs for zone code 1:
zone-code 1 lac 413
212 113