ASN Gateway Service
Configuration Mode Commands
Use the ASN GW Service
Configuration Mode to create and manage ASN Gateway services within
the current context.
IMPORTANT:
The commands or keywords/variables
that are available are dependent on platform type, product version,
and installed license(s).
active-relay
Use this command to
enable the active relay of R4 and R6 messages in ASN GW, and to
configure the timeout duration in seconds for the R4 or R6 messages
(for example, Data Path messages).
Syntax
active-relay timeout < duration>[ default ] active-relay timeout
default
Sets the total timeout
duration to 15 seconds to actively relayed R4 or R6 messages.
duration
Default: 15
Specifies the maximum
allowable timeout duration for the ASN GW service to actively relay
the R4 or R6 messages.
duration is
measured in seconds. Configure as an integer from 5 through 65535.
Usage:
Use this command to
enable the active relay of R4 and R6 messages and also to configure the
maximum timeout duration for the actively relayed R4 or R6 messages
by ASN GW.
By default, the system
is pre-configured for passive relay functionality for R4 and R6 messages.
Example:
The following command
configures the timeout duration of
20 seconds
for actively relayed R4 or R6 messages:
active-relay timeout 20
authentication
Use this command to
configure the authentication type and parameters used for subscribers
in this service.
Syntax
authentication { single-eap | none }default authentication
default
Disables the authentication
requirement for the ASN GW service.
single-eap
This keyword enables
single Extensible Authentication Protocol (EAP) authentication for specific
ASN GW service subscribers. Possible single-EAP authentication options
are User-only, Device-only, or Device-User.
none
This is the default
setting for authentication. Enter this keyword to disable all authentication types
for a specific ASN GW service.
Usage:
Use this command to
configure authentication requirements for the ASN GW service.
Example:
The following command
sets the user authentication for ASN GW service with single EAP:
authentication single-eap
bind
Use this command to
bind the ASN GW service to a logical IP interface and to configure
the maximum number of subscribers supported within an ASN GW service.
Syntax
bind address ip_address [ max-subscribers max_subs ]no bind
no
Removes the binding
of the service to a specified interface.
ip_address
Specifies the IP address
of the interface to which the service is to be bound. Express ip_address in
IPv4 dotted decimal or IPv6 colon-separated notation.
max-subscribers max_subs
Configures the maximum
number of subscribers allowed to connect with this ASN Gateway within
a specific ASN GW service.
max_subs must
be an integer from 1 and 1500000.
Usage:
Use this command to
associate the service with a specific logical IP address and provide the
identity of the ASN Gateway. The identity is either the domain name
of the ASN GW service or the IP address. This command also configures
the maximum number of subscribers with this service.
Example:
The following command
binds the ASN GW service to a logical interface with an IP address of
1.2.3.4 with
a limit of
250000 subscribers:
bind address 1.2.3.4 max-subscribers 250000
bs-monitor
Use this command to
enable or disable the ASN base station monitoring and related parameters
in a WiMAX ASN.
Syntax
bs-monitor [ interval duration | num-retry retries | timeout idle_time ][ default | no ] bs-monitor
default
Disables the configured
BS monitoring parameters.
no
Removes the configured
BS monitoring feature and parameters.
interval duration
Default: 60
Configures the interval
duration in seconds between two ICMP ping messages sent to the ASN
BS for BS monitoring.
duration specifies
the amount of time in seconds between two ICMP ping messages sent
to monitor an ASN BS. Specify an integer from 1 through 36000.
num-retry retries
Default: 5
Configures the number
of retries before marking a specific ASN BS as unreachable.
retries specifies
the number of times to send ICMP ping messages to an ASN BS before
the ASN BS is declared unreachable. Enter an integer from 0 through
100.
timeout idle_time
Default: 3
Configures the timeout
duration to wait for a response from ASN BS of ICMP ping message before
retransmitting the ICMP ping packets.
idle_time must
be an integer value in the range of 1 through 10.
Usage:
Use this command to
enable or disable base station monitoring and to configure the ASN BS
monitoring parameters in a WiMAX ASN.
IMPORTANT:
Base Station Monitoring
is a license-enabled feature.
Example:
The following command
configures the timeout duration of 5 seconds
before sending an ICMP ping message if the ASN BS does not respond:
bs-monitor timeout 6
end
Exits the current
configuration mode and returns to the Exec mode.
Privilege:
Security Administrator,
Administrator
Usage:
Use this command to
return to the Exec mode.
exit
Exits the current
mode and returns to the parent configuration mode.
Privilege:
Security Administrator,
Administrator
Usage:
Use this command to
return to the parent configuration mode.
gre
This command configures
the GRE tunnel parameters for ASN GW gateway functionality within
a specific ASN GW service.
Syntax
gre mtu mtu_sizedefault gre mtu
default
Sets the MTU size for
the GRE tunnel to the default value of 1500 bytes in a WiMAX network.
mtu mtu_size
Default: 1500 bytes
Configures the maximum
transmission unit size in bytes for the GRE tunnel within a specific
ASN GW service.
mtu_size must
be an integer between 36 and 2000.
Usage:
Use this command to
support tunnel reassembly optimization with the MTU size for a GRE
tunnel in a WiMAX network.
Example:
The following command
configures the maximum transmission unit (MTU) size to
1700 bytes
for a GRE tunnel:
default gre mtu 1700
handover
This command specifies
the handover-related parameters between BS, ASN GW, and MS.
Syntax
handover { anchor { dp-pre-reg-termination timeout duration| dp-termination timeout duration } | max-dp-pre-registrations reg_num | non-anchor { dp-pre-reg-termination
timeout duration | dp-termination
timeout duration } }default handover { anchor { dp-pre-reg-termination
timeout | dp-termination timeout } | max-dp-pre-registrations | non-anchor { dp-pre-reg-termination
timeout | dp-termination timeout } }
default
Sets the default values
for configured handover parameters.
anchor
Configures datapath
pre-registration and/or termination parameters for an anchor
gateway handover.
dp-pre-reg-termination
timeout duration
Default: 5
Configures the maximum
duration in seconds that a single MS can keep the pre-registration datapath
with the previous BS after a completed handover to another BS.
duration is
measured in seconds. Configure as any integer from 0 through 65535.
dp-termination timeout duration
Default: 0
Configures the maximum
duration in seconds for which the datapath with the previous BS
is maintained after a completed handover to another BS. The system
maintains the old datapath for the specified period after the new
datapath setup is completed, and then terminates it.
duration is
measured in seconds. Configured as any integer from 0 through 65535.
max-dp-pre-registrations reg_num
Default: 1
Configures the maximum
number of pre-registrations from multiple BSs that a single MS can
keep at a time.
reg_num is
the number of pre-registrations. Configure as any integer from 0
through 5.
non-anchor
Configures datapath
pre-registration and/or termination parameters for a non-anchor gateway
handover.
Usage:
Use this command to
configure the handover-related parameters between MS, BS, and ASN
GW.
By default, the system
is configured to terminate the previous sessions immediately. The number
of pre-registrations from multiple BSs is set to 0 for an MS.
Example:
The following command
configures the maximum duration as
20 seconds.
This is the amount of time for which the datapath with the previous
BS is maintained after a completed handover to another BS:
dp-pre-reg-termination
timeout 20
header-compression-rohc
Use this command to
configure (Robust Header Compression (ROHC) support and ROHC parameters
in an ASNGW service. Header compression is applied to ASNGW service
flows when the ROHC is enabled on the ASNGW, and MS and AAA authorize
ROHC for the ASNGW call. If ROHC is supported on the service, it
is indicated in the MS attachment messages. ROHC parameter values
are negotiated over R6. Unidirectional and bi-directional ROHC service
flow are supported.
Syntax
header-compression
rohc { [default] | cid-mode-large
max-cid < max-cid > | cid-mode-small < max-cid > | mrru < integer > } profile-id { rtp-
ip | esp-ip | rtp-udp | udp-ip | uncompressed-ip}
header-compression
rohc
Sets the default values
for configured ROHC parameters.
Sets the default values
for configured ROHC parameters.
ROHC large context
identifier range mode: an integer from 0 to 31.
ROHC small context
identifier range mode: an integer from 0 to 15.
Maximum Reconstructed
Reception Unit: The maximum possible size of a packet reassembled
from ROHC segments: an integer from 0 to 65535.
The ROHC configuration
is controlled by a set of attributes which are assocated with an ROHC
profile. A system may have multiple profiles..
Usage:
Data packets that
are transferred over a wireless link are dependent on each other
and share common parameters, such a equal source and destination
addresses. They can usually be grouped together logically, for example,
data packets that constitute an audio stream and data packets that
make up the accompanying video stream. Therefore, you can use a
stream-oriented approach in ROHC to compress packet headers. Each
stream or flow is identified by its parameters that are common to
all packets in a particular stream. The compressor and decompresor
maintain a context for each stream, which is identified by the same
context identifier (CID) on both sides. A context, being a set of
data, contains, for example, the statis and dynamic header fields
that define a stream.
Example:
The following command
configures a small context ROHC CID.
header-compression
rohc cid-mode small max 15 profile-id udp-id
idle-mode
Use this command to
configure the time in seconds that an ASN GW service waits to place
a session in idle mode or reactivates an idle session after the
specified time for exit timeout. This occurs if there is no activity
for the amount of time you specified.
Syntax
idle-mode { entry-timeout duration | exit-timeout duration | timeout duration }default idle-mode { entry-timeout | exit-timeout | timeout }
default
Resets the idle mode
durations to their respective default values.
no
Disables/removes
the configured idle mode entry and/or exit timeout duration
for a session.
entry-timeout duration
Default: 60
Specifies the maximum
duration in seconds allowed for idle mode entry for a session.
duration is
measured in seconds. Configure as an integer from 1 through 100000.
exit-timeout duration
Default: 60
Specifies the maximum
duration in seconds allowed for session to reenter active mode after idle
mode exit.
duration is
measured in seconds. Configure as an integer from 1 through 100000.
timeout duration
Default: 4069
Specifies the maximum
time (in seconds) allowed for a session to remain in idle mode. duration is
an integer from 128 to 65535.
Usage:
Use this command to
configure the ASN GW service to send a session for idle mode or active
mode after specified duration of time.
Example:
The following command
configures the idle mode entry timeout value to
50 seconds:
idle-mode entry-timeout 50
local-data-tunnel
Use this command to
specify the tunnel endpoint on the ASNGW side to receive the uplink
data packets over the R6 interface. This address is different from
the R6 control address.
Syntax
local-data-tunnel address < address >
default
Default is no tunnel
endpoint is configured and the control address is used as the uplink tunnel
endpoint.
no
Disables/removes
the configured tunnel endpoint.
address address
Specifies the tunnel
endpoint that will receive uplink data packets over the R6 interface.
Example:
The following command
specifies the tunnel endpoint on the ASNGW side that will receive uplink
data packets over the R6 interface.
local-data-tunnel address 102.168.1.5
max-retransmission
Use this command to
specify the number of times the system can attempt retransmission
of R6 control packets to communicate with an unresponsive BS.
Syntax
max-retransmission retrydefault max-retransmission
default
Sets the maximum number
of retransmission counters to 3 for R6 control packets within a specific
ASN GW service.
retry
Default: 3
Configures the maximum
number of retransmission of R6 control packets to BS before marking
it as failed. retry must
be an integer between 1 and 10.
Usage:
Use this command to
configure number of retransmission of R6 control packets to BS before
marking it as failed.
Example:
The following command
configures the system to attempt sending R6 control packets to the BS
2 times:
max-retransmission 2
mobile-access-gateway
Use this command to
associate MAG context and/or MAG service for an ASNGW service.
This is available only when PMIPv6 is supported and the license
is enabled. Default: no
Syntax
mobile-access-gateway
context < context_name >[ mag-service< service-name >
]no mobile-access-gateway context
Usage:
MAG service is responsible
for PMIPv6 signaling. MAG service establishes and maintains a bi-directional
tunnel for the subscriber traffic with LMA.
Use the no mobile-access-gateway
context to delete a previously configured context.
Example:
The following command
instructs the ASN GW service to use the context named mag-service
for MAG functionality:
mobile-access-gateway
context context-namemag-service service-name
mobile-ip
This command configures
Mobile IP support with FA service(s) for specific ASN GW service
and specifies the context in which the FA service is configured.
Default: no
Syntax
mobile-ip foreign-agent
context context_nameno mobile-ip foreign-agent context
foreign-agent context context_name
Default: No FA context
specified.
Specifies the name
of the previously configured context that facilitates the FA service(s).
context_name must
be between 1 and 79 alpha or numeric characters and is case sensitive.
Usage:
You can configure FA
services on the system in either the same or different contexts
from those facilitating ASN GW services. When they are configured
in separate contexts, this command, configured within an ASN GW
service, instructs the ASN GW service to route traffic to the context
facilitating the FA service.
Use the no mobile-ip foreign-agent
context to delete a previously configured destination
context.
Example:
The following command
instructs the ASN GW service to use the context named FA-destination
for FA functionality:
mobile-ip foreign-agent
context fa-destination
peer-asngw
Use this command to
configure the addresses of trusted non-anchor ASN GWs or ASN PC/LR
peers for which a specific ASN GW service can allow R4 control and
data path registration.
Syntax
[ no ] peer-asngw
address < ip_address> [id < 6-byte MAC address > | mode {legacy | non-legacy } | < simple-ip re-anchoring > ]
no
Removes the configured
non-anchor ASN GW or non-anchor ASN PC/LR peers from a specific
ASN GW service’s trusted peer list.
peer-asngw address
Specifies the IP address
of the non-anchor ASN GW or non-anchor ASN PC/LR peers.
The IP address is added as a trusted peer with the ASN GW service.
ip_address is
the IP address of the non-anchor ASN GW or non-anchor ASN PC/LR
peers expressed in IPv4 dotted decimal or IPv6 colon separated notation.
6-byte MAC address is
the 6-byte identifier on the ASNGW service.
Usage:
Use this command to
create trusted non-anchor ASN GW or non-anchor ASN PC/LR peers
with a specific ASN GW service to establish R4 control and data
path registration. The ASN GW supports the 6-byte ASNGW ID in the
souce ID TLV and destination ID TLV of all the messages. The 6-byte
anchor gateway ID and authenticator ID are also supported.
On receipt of an R4
control or data path registration request message, the ASN GW service checks
whether a non-anchor DPF/Authenticator ASN GW/ASN
PC-LR address received in a request message, is in the trusted peer
list configured with this command. If the Anchor DPF/Authenticator
ASN GW/ASN PC-LR address is not configured in the non-anchor
ASN GW or non-anchor ASN PC/LR peers’ list, the
ASN GW service sends a response for a request message with Failure
Indication TLV and unspecified error code.
You can configure a
maximum of 32 ASN GWs or ASN PC/LRs with this command.
Example:
The following command
adds the ASN GW with an IP address as a trusted peer within an ASN
GW service, and a 6-byte ID for the peer ASN GW.
peer-asngw address 1.2.3.4 id 00-05-47-00-37-44
policy
This command configures
the policies for ASN Gateway behavior within a specific ASN GW service.
Syntax
policy {
asngw-initiated-reauth | ms-unexpected-network-reentry | msid-dhcp-chaddr-mismatch | | non-anchor-mode | overload } { allow | disallow }default policy { ms-unexpected-network-reentry | msid-dhcp-chaddr-mismatch | non-anchor-mode
}
default
Resets the policy parameters
to their respective default values.
asngw-initiated-reauth
Defualt: allow
Configures ASNGW-initiated
reauthentication parameters.
ms-unexpected-network-reentry
Default: allow
Configures the ASN
Gateway to allow or disallow an MS re-entry from the same or a new BS,
when an active call already exists for the same MS on the ASN Gateway.
This policy performs
in the following manner:
- If the pre-attachment
request of the new call comes from a different BS, re-entry is accepted
regardless of the call state.
- If the pre-attachment
request of the new call comes from the same BS, re-entry is accepted
if the original call is in any state past the pre-attachment phase.
- Original call is dropped
in favor of new call.
msid-dhcp-chaddr-mismatch
Default: disallow
Valid only for the
primary host. Configures the ASN Gateway to allow or disallow an
MS to connect if the MSID and DHCP address information is mismatched.
non-anchor-mode
Default: allow
Configures the ASN
Gateway to allow or disallow the creation of non-anchor sessions
based on the DP Registration Request from any base station.
When non-anchor mode
is not allowed and a DP Registration Request is received, if there
is no matching session for the MSID, the request is rejected and
a DP Registration Response is sent with an error code: “Admin Prohibited”.
overload
Default: allow
Designates the rejection
of ASNGW services in case of session overload.
allow
Sets the policies to
allow the MS matching with specified policy for ASN Gateway.
disallow
Sets the policies to
deny or disallow the MS matching the specified policy for ASN Gateway.
Usage:
Use this command to
configure the policies of the ASN Gateway to handle the MS connection
within a specific ASN GW service.
Example:
The following command
enforces the policy to allow an MS re-entry from a new BS, when an
active call exists for the same MS on the ASN Gateway via another
BS.:
policy ms-unexpected-network-reentry allow
policy asngw-initiated-reauth
This command configures
the policies for how the ASN Gateway initiates reauthorization triggers
from an ASN GW service.
Syntax
policy asngw-initiated-reauth { allow | disallow | max-cmac-key-count max_count| pmk-grace-time grace_time }default policy asngw-initiated-reauth [ max-cmac-key-count | pmk-grace-time ]
default
Resets the policy to
disallow ASN GW-initiated re-authorization and sets the default
values for CMAC key count and PMK grace time within a specific ASN
GW service.
max-cmac-key-count max_count
Default: 100
Configures the ASN
Gateway to trigger the reauthorization on the basis of Cipher-based Message
Authentication Code (CMAC) key counter. Once the CMAC counter crosses
the configured value, the system initiates the reauthorization trigger.
max_count is
the CMAC key counter and is an integer from 2 through 32768.
pmk-grace-time grace_time
Default: 60
Configures the ASN
Gateway to trigger the reauthorization on the basis of the Pair-wise Master
Key (PMK) key grace period. Once the configured PMK grace period
is exhausted, the system initiates the reauthorization trigger.
grace_time is
the grace period in seconds to wait for the Pair-wise Master Key
(PMK) and is an integer from 10 through 65335.
allow
Default: disabled
Configures the ASN
Gateway to trigger re-authentication based on two locally configured parameters: pmk-grace-time and cmac-key-count.
disallow
Default: enabled
Configures the ASN
Gateway not trigger the re-authentication based on two locally configured
parameters: pmk-grace-time and cmac-key-count.
Usage:
Use this command to
enable the ASN GW to initiate the reauthorization trigger on the basis
of the configured policy.
Example:
The following command
enforces the reauthorization policy from the ASN GW:
policy asngw-initiated-reauth allow
policy overload
Configures the traffic
overload policy that controls congestion in this service.
Syntax
policy overload { drop | reject }default policy overload
default
Sets the traffic overload
policy action to reject in this service.
drop
Default: disabled
Specifies that the
system is to drop incoming packets containing new session requests.
reject
Default: enabled
Specifies that the
system processes new session request messages and responds with
a reject message.
Usage:
You can configure congestion
policies at the service-level. When congestion control functionality
is enabled at the service level, these policies dictate how services
respond should the system detect that a congestion condition threshold
has been crossed.
Example:
The following command
configures an overload policy of reject for this ASN GW service:
policy overload reject
ran-peer-map
Use this command to
configure a mapping between the BSID and IPv4 address of known base
station peers; identifies a base station peer map for this service.
Syntax
ran-peer-map name ran-peer id< mac-addr >address< ip-addr >[mode {non-legacy | legacy}]no ran-peer-map
name
Specifies the name
of the RAN Peer Map. Specify a name from
1 to 31 alpha and/or numeric characters. The name must
be an existing peer map. Configure RAN Peer Maps in the Global Configuration
Mode.
Creates a mapping
for id to ip address.
Specifies the IPv4
address of the base station which is added as a peer for the given service.
Default: non-legacy
Usage:
Use this command to
configure a base station peer map that this service will use to
map MAC addresses received in R6 protocol messages to IPv4 addresses.
Example:
The following command
configures the service to refer to a peer map named
ran12 when
reconciling a base station MAC address to an IP address:
ran-peer-map ran12
retransmission-timeout
Use this command to
configure the non-response time before the system re-attempts to
send R6 control packets to the BS.
Syntax
retransmission-timeout duration[ no | default ] retransmission-timeout
default
Sets the timeout duration
to 3 seconds before R6 control packets are retransmitted.
no
Disables or removes
the configured timeout duration for the retransmission of R6 control packets.
duration
Default: 3
Specifies the the number
of seconds for the ASN GW service to wait for a response from the BS
before it (a) attempts to communicate with the BS again (if the
system is configured to retry the BS), or (b) marks the BS as unreachable.
duration is
measured in seconds and can be configured to any integer value between
1 and 1,000.
Usage:
Use this command in
conjunction with the max-retransmission command
to configure the ASN GW services behavior when it does not receive
a response from a particular BS.
Use the no retransmission-timeout command
to delete a previously configured timeout value. If after deleting
the lifetime setting you desire to return the lifetime parameter
to its default setting, use the default retransmission-timeout command.
The chassis is shipped
with the retransmission timeout set to 3 seconds.
Example:
The following example
configures a retransmission timeout value of 5 seconds:
retransmission-timeout 5
The following command
deletes a previously configured retransmission-timeout setting:
no retransmission-timeout
secondary-ip-hosts
Use this command to
enable or disable multiple host support behind WiMAX customer premises
equipment (CPE). Default: disabled
Syntax
secondary-ip-hosts max_hostsdefault multiple-ip-hosts
default
Sets the multiple host
configuration in an ASN GW service to disabled (default mode).
max_hosts
Default: 0 (disabled)
Specifies the maximum
number of hosts allowed to connect through one primary node connection
behind a WiMAX CPE.
max_hosts must
be an integer from 0 through 4, where 0, the default value, disables
this feature.
Usage:
Use this command to
enable or disable multi-IP host support in an ASN GW service behind
one WiMAX CPE through a primary airlink. If enabled, this command
supports up to four hosts as an auxiliary connection. Accounting
and UDR generation for such connections are based on the primary
connection with the WiMAX CPE. To apply this facility to a subscriber, configure
the ip address
secondary-pool command in the Subscriber Configuration mode.
Example:
The following command
enables multiple host support and instructs the ASN GW service to allow
3 IP hosts
as auxiliary connections behind one CPE:
secondary-ip-hosts 3
The following command
disable the multiple host support and instructs the ASN GW service
not to allow auxiliary connections behind one CPE:
default secondary-ip-host
secondary-ip-hosts
Use this command to
enable or disable multiple host support behind WiMAX customer premises
equipment (CPE). Default: disabled
Syntax
secondary-ip-hosts max_hostsdefault multiple-ip-hosts
default
Sets the multiple host
configuration in an ASN GW service to disabled (default mode).
max_hosts
Default: 0 (disabled)
Specifies the maximum
number of hosts allowed to connect through one primary node connection
behind a WiMAX CPE.
max_hosts must
be an integer from 0 through 4, where 0, the default value, disables
this feature.
Usage:
Use this command to
enable or disable multi-IP host support in an ASN GW service behind
one WiMAX CPE through a primary airlink. If enabled, this command
supports up to four hosts as an auxiliary connection. Accounting
and UDR generation for such connections are based on the primary
connection with the WiMAX CPE. To apply this facility to a subscriber, configure
the ip address
secondary-pool command in the Subscriber Configuration mode.
Example:
The following command
enables multiple host support and instructs the ASN GW service to allow
3 IP hosts
as auxiliary connections behind one CPE:
secondary-ip-hosts 3
The following command
disable the multiple host support and instructs the ASN GW service
not to allow auxiliary connections behind one CPE:
default secondary-ip-host
service-flow create-before-ip-alloc
This command specifies
whether service flows should be created before the IP allocation
is completed. If this command is not configured, during the INE
process, only an Initial Service Flow (ISF) is created with a wildcard
classifier. The remaining service flow is created after the IP allocation.
Syntax
[ no | default ]service-flow
create-before-ip-alloc
default
The default is disabled.
Usage:
There are two types
of service flows: 1) pre-provisioned service flows are created during INE
and created, modified, or deleted based on some external trigger
from the PCRF/AAA; 2) dynamic service flow creation is
on an on-demand basis and because of some external trigger from
the PCFR/AAA. Path modification is requested to changes
in the state of the service flow, for example, from admit to active
or from active to admit.
