Last Updated 09-30-2011 : Configuration Management


Configuration Management
This chapter identifies new, modified, and obsoleted configuration commands in Releases 12.0 or 12.1.
Topics covered in this chapter are:
l
l
l
l
l
New Configuration Commands
This section identifies configuration commands that are new in .
l
l
l
l
l
l
l
l
l
l
l
l
l
l
l
l
l
l
l
Common Commands - New in Release 12.0
This section provides information on new commands that are common to products in Release 12.0.
aaa secondary-group
This command enables to configure secondary AAA group for the APN. This supports the RADIUS Fire-and-Forget feature in conjunction with GGSN for secondary accounting (with different RADIUS accounting group configuration) to the RADIUS servers without expecting acknowledgement from the server, in addition to standard RADIUS accounting. This secondary accounting will be an exact copy of all the standard RADIUS accounting message (RADIUS Start / Interim / Stop) sent to the standard AAA RADIUS server.
CLI (APN Configuration Mode)
aaa secondary-group aaa_group_name
{ default | no } aaa secondary-group
aaa tacacs+
Enables TACACS+ AAA services that have been configured on the ASR 5000.
CLI (Global Configuration Mode)
aaa tacacs+
aaa secondary-group
This command enables to configure secondary AAA group for the subscriber template. This supports the No-ACK RADIUS Targets feature in conjunction with PDSN and HA for secondary accounting (with different RADIUS accounting group configuration) to the RADIUS servers without expecting the acknowledgement from the server, in addition to standard RADIUS accounting. This secondary accounting will be an exact copy of all the standard RADIUS accounting message (RADIUS Start / Interim / Stop) sent to the standard AAA RADIUS server.
CLI (Subscriber Configuration Mode)
aaa secondary-group aaa_group_name
{ default | no } aaa secondary-group
accounting
Enables or disables the recording of the start and stop time of each command issued during a TACACS+ authenticated session.
CLI (TACACS+ Configuration Mode)
[no] accounting {start-stop | command}
app-level-retransmission
This command enables application-level retransmissions with “T” bit set.
CLI (Credit Control Configuration Mode)
app-level-retransmission { set-retransmission-bit | unset-retransmission-bit }
default app-level-retransmission
arp-priority-level
This command enables to map ARP priority-level value received from PCRF to inter-user-priority value and be sent in A11 session update.
CLI (Policy Control Configuration Mode)
arp-priority-level map-to inter-user-priority
{ default | no } arp-priority-level map-to
authorization
Enables or disables the authorization of TACAS+ users on a command-by-command, command + argument, or command prompt basis.
CLI (TACACS+ Configuration Mode)
[no] authorization {command | prompt | arguments}
credit-control-group
This command enables to configure Credit Control Group in subscriber template.
CLI (Subscriber Configuration Mode)
credit-control-group cc_group_name
no credit-control-group
diameter ignore-service-id
This command enables to accept/ignore service ID in Service-Identifier AVP defined in the Diameter dictionaries for Gy interface implementation.
CLI (Credit Control Configuration Mode)
[ default | no ] diameter ignore-service-id
diameter service-context-id
This command configures the value to be sent in the Service-Context-Id AVP, which identifies the context in which DCCA is used.
CLI (Credit Control Configuration Mode)
diameter service-context-id service_context_id
default diameter service-context-id
diameter update-dictionary-avps
This command enables dictionary control of the AVPs that need to be added based on the version of the specification to which the OCS is compliant with. This command is applicable to all products that use the dcca-custom8 dictionary for Gy interface implementation.
CLI (Credit Control Configuration Mode)
diameter update-dictionary-avps { 3gpp-rel8 | 3gpp-rel9 }
{ default | no } diameter update-dictionary-avps
diameter update-dictionary-avps
This command enables dictionary control of the AVPs that need to be added based on the version of the specification to which the PCEF is compliant with. This command is applicable only to Diameter dictionaries that support standard based volume reporting over Gx feature.
CLI (Policy Control Configuration Mode)
diameter update-dictionary-avps { 3gpp-r8 | 3gpp-r9 }
{ default | no } diameter update-dictionary-avps
destination-host-avp
This command controls encoding of the Destination-Host AVP in initial/retried requests.
CLI (Diameter Endpoint Configuration Mode)
destination-host-avp { session-binding | always | initial-request | retried-request }
default destination-host-avp
dynamic-peer-failure-retry-count
This command configures the number of times the system attempts to connect to a dynamically discovered Diameter peer.
CLI (Diameter Endpoint Configuration Mode)
dynamic-peer-failure-retry-count value
default dynamic-peer-failure-retry-count
dynamic-route
This command configures the expiration time for dynamic routes created after a Diameter destination host is reached.
CLI (Diameter Endpoint Configuration Mode)
dynamic-route expiry-timeout value
default dynamic-route expiry-timeout
egcdr cdr-encoding
This command configures the eG-CDR encoding type.
CLI (ACS Rulebase Configuration Mode)
egcdr cdr-encoding { ascii [ delimiter { colon | comma | pipe } ] | asn.1 }
default egcdr cdr-encoding
link-aggregation port switch to
When a link aggregation group (LAG) contains two sets of ports, each connecting to a different Ethernet switch, this command allows you to change the status of the active distributing ports.
CLI (Global Configuration Mode)
link-aggregation port switch to <slot/port>
load-balancing-algorithm
This command configures the behavior for load balancing Diameter peers in the event of a failure of an active server.
CLI (Diameter Endpoint Configuration Mode)
load-balancing-algorithm { highest-weight | lowest-weight-borrowing min-active-servers number }
default load-balancing-algorithm
lsp ping
This command checks the Multi Protocol Label Switching (MPLS) LSP connectivity for the specified forwarding equivalence class (FEC). It must be followed by an IPv4 prefix.
CLI (Exec Mode)
lsp-ping ip_prefix_FEC [ count ping-packets ] [ | verbose ] [ | grep grep_options ]
lsp-traceroute
This command discovers MPLS LSP routes that packets actually take when traveling to their destinations. It must be followed by an IPv4 prefix.
CLI (Exec Mode)
lsp-traceroute ip_prefix_FEC [ maxttl time_to_live ] [ | verbose ] [ | grep grep_options ]
on-authen-fail
Defines system behavior when an administrative login fails due to a TACACS+ authentication failure.
CLI (TACACS+ Configuration Mode)
on-authen-fail {continue | stop} [tty console]
on-network-error
Defines system behavior when a TACACS+ login fails due to a network error.
CLI (TACACS+ Configuration Mode)
on-network-error {continue | stop} [tty console]
on-unknown-user
Configures system behavior when a TACACS+ server cannot authenticate a given user name.
CLI (TACACS+ Configuration Mode)
on-unknown-user {continue | stop} [tty console]
post-processing policy
This command configures the post-processing policy to be applied on Limit-Reached packets. This allows to enable post-processing priority based rules for content in blacklisted state.
The post-processing policy always CLI command will enable post-processing on Limit-Reached packets. If there are post-processed priority based rules, it will check for any redirection rules, else will discard the packets by default. No other post-processing actions like forward, next-hop, xheader-insertion, etc. will be applied on these limit-reached packets. If no post-processing priority rules are present, the packets will be dropped by default.
The post-processing policy not-for-dynamic-discard will directly discard the limit-reached context and will not apply post-processing priority based rules. This is the default setting.
Also, refer to the configuration changes required in the New Feature Summary chapter.
CLI (ACS Rulebase Configuration Mode)
post-processing policy { always | not-for-dynamic-discard }
default post-processing policy
pptp any-match
This command defines rule expressions to match all PPTP packets. This is used in conjunction with ADC, Stateful Firewall, and NAT in-line services.
CLI (ACS Ruledef Configuration Mode)
[ no ] pptp any-match operator condition
pptp ctrl-msg-type
This command defines rule expressions to analyze and charge user traffic based on control message type for PPTP packets. This is used in conjunction with ADC, Firewall, and NAT inline services.
CLI (ACS Ruledef Configuration Mode)
[ no ] pptp ctrl-msg-type = { call-clear-request | call-disconnect-notify | echo-reply | echo-request | incoming-call-connected | incoming-call-reply | incoming-call-request | outgoing-call-reply | outgoing-call-request | set-link-info | start-control-connection-reply | start-control-connection-request | stop-control-connection-reply | stop-control-connection-request | wan-error-notify
pptp gre
This command defines rule expressions based on GRE to match all PPTP packets. This is used in conjunction with ADC, Firewall, and NAT in-line services.
CLI (ACS Ruledef Configuration Mode)
[ no ] pptp gre any-match = condition
radius accounting fire-and-forget
This feature enables to configure the Fire-and-Forget feature. The accounting request sent to a RADIUS accounting server configured under the AAA group with this CLI command configured in it will not expect a response from the server.
CLI (AAA Group Configuration Mode)
[ default | no ] radius accounting fire-and-forget
require ecs credit-control subscriber-mode
This command configures DCCA/Gy to work in per subscriber-PDN level Gy mode, wherein one Diameter session is created per subscriber PDN rather than per bearer, and only one DCCA/Gy session is created for multi-bearer PDNs. This command is applicable to all products using the Gy interface.
CLI (Global Configuration Mode)
[ no ] require ecs credit-control subscriber-mode
server
Configures TACACS+ AAA service-related parameters for use in authenticating ASR 5000 administrative users via a TACACS+ server.
CLI (TACACS+ Configuration Mode)
[no] server priority <priority_number> ip-address <ip_address> [service {authentication | authorization | accounting}] [port <port_number>] [{encrypted password <shared_secret > | password <text_password>}] [timeout <seconds>] [retries <num_retries>] [nas-source-address <ip_address>]
server-mode
This command configures the Diameter endpoint to establish the system as the server side endpoint of the connection.
CLI (Diameter Endpoint Configuration Mode)
server-mode [ demux-mode ]
servers-unreachable
This command configures whether to continue/terminate calls when Diameter server(s)/OCS become unreachable.
CLI (Credit Control Configuration Mode)
servers-unreachable { initial-request { continue | terminate [ after-timer-expiry timeout_period ] } | update-request { continue | terminate [ after-quota-expiry | after-timer-expiry timeout_period ] } }
no servers-unreachable { initial-request | update-request }
Application Detection and Control - New in Release 12.0
This section provides information on new ADC commands available in Release 12.0.
None for this release.
ASN GW Commands - New in Release 12.0
This section provides information on new ASN GW commands available in Release 12.0.
asn-policy ms-requested-classifiers
This command allows an operator to allow or decline the dynamic addition of classifiers during MS-initiated service flow creation/modification.
CLI (Subscriber Configuration Mode)
[no] asn-policy ms-requested-classifiers {allow | disallow}
asn-policy notification-handoff
This command allows an operator to enable/disable the reporting of the BSID in the Accounting Interim Update during the handoff and location update.
CLI (Subscriber Configuration Mode)
[no] asn-policy notification-handoff {allow | disallow}
asn-policy hotlining wimax
This command allows an operator to enable or disable WiMAX hotlining capability in the ASNGW and WiMAX HA. The command applies to both profile id-based and rule-based hotlining.
CLI (Subscriber Configuration Mode)
[no] asn-policy hotlining-wimax
asngw-service priority vlan
This command allows an operator to enable or disable 802.1P priority marking for WiMAX control traffic over an R6/R4 interface.
CLI (Service Configuration Mode)
asngw-service <asngw_serviceName> priority vlan <priority >
The default is to disallow.
schedule-type
This command allows an operator to configure the 802.1 priority based on the schedule type for WiMAX data traffic.
CLI (ASN QoS Descriptor Configuration Mode)
(no] schedule-type [be | ertvr | nrtvr | rtvr | ugs] priority < 0-7 >
If the policy is set to allow, only the priority value is used for WiMAX data traffic.
Content Filtering Commands - New in Release 12.0
This section provides information on new CF commands available in Release 12.0.
None for this release.
ECS Commands - New in Release 12.0
This section provides information on new ECS commands available in Release 12.0.
egcdr cdr-encoding
This command configures the eG-CDR encoding type. When configuring the eG-CDR encoding type as ASCII, the delimiter character can be specified as either “:” (colon), “,” (comma), or “|” (pipe). The default delimiter character is “|” (pipe).
CLI (ACS Rulebase Configuration Mode)
egcdr cdr-encoding { ascii [ delimiter { colon | comma | pipe } ] | asn.1 }
default egcdr cdr-encoding
http domain
This command enables to define rule expressions to match domain portion of the URI in HTTP packets.
CLI (ACS Ruledef Configuration Mode)
[ no ] http domain [ case-sensitive ] operator domain
tcp proxy-prev-state
This command defines rule expressions to match TCP previous state on the ingress side of the TCP proxy.
CLI (ACS Ruledef Configuration Mode)
[ no ] tcp proxy-prev-state operator previous_state
tcp proxy-state
This command defines rule expressions to match TCP state on the ingress side of the TCP proxy.
CLI (ACS Ruledef Configuration Mode)
[ no ] tcp proxy-state operator previous_state
tftp any-match
This command defines rule expressions to match all TFTP packets.
CLI (ACS Ruledef Configuration Mode)
[ no ] tftp any-match operator condition
tftp data-any-match
This command defines rule expressions to match all TFTP data packets.
CLI (ACS Ruledef Configuration Mode)
[ no ] tftp data-any-match operator condition
wsp domain
This command enables to define rule expressions to match domain portion of the URI in WSP packets.
CLI (ACS Ruledef Configuration Mode)
[ no ] wsp domain [ case-sensitive ] operator domain
www domain
This command enables to define rule expressions to match domain portion of the URI for WSP/HTTP packets.
CLI (ACS Ruledef Configuration Mode)
[ no ] www domain [ case-sensitive ] operator domain
Firewall Commands - New in Release 12.0
This section provides information on new Stateful Firewall commands available in Release 12.0.
icmpv6 any-match
This command configures an access ruledef to match any ICMPv6 traffic for the user.
CLI (Access Ruledef Configuration Mode)
[ no ] icmpv6 any-match operator condition
icmpv6 code
This command configures an access ruledef to analyze user traffic based on ICMPv6 code.
CLI (Access Ruledef Configuration Mode)
[ no ] icmpv6 code operator code
icmpv6 type
This command configures an access ruledef to analyze user traffic based on ICMPv6 type.
CLI (Access Ruledef Configuration Mode)
[ no ] icmpv6 type operator type
ip version
This command defines rule expressions to match version number in IP header.
CLI (Access Ruledef Configuration Mode)
[ no ] ip version = { ipv4 | ipv6 }
GGSN Commands - New in Release 12.0
This section provides information on new GGSN commands available in Release 12.0.
ikev1 disable-initial-contact
From the Context Configuration Mode, this command disables the sending of an INITIAL-CONTACT message in the IKEv1 protocol after the node creates a new Phase 1 SA, caused either by Dead Peer Detection or by a rekey.
CLI (Context Configuration Mode)
[ no ] ikev1 disable-initial-contact
HA Commands - New in Release 12.0
This section provides information on new HA commands available in Release 12.0.
None for this release.
HNB-GW Commands - New in Release 12.1
This section provides information on new commands for HNB-GW available in Release 12.1.
map lac
This command configures the mapping of Location Area Code (LAC) received from UE to MSC point code. This is an important configuration for CS network resource sharing without Iu-Flex interface configuration.
Support for multiple MSC selection in a CS core network is provided with this command.
CLI (HNB-CS Configuration Mode)
map lac range lac_start to lac_end point-code msc_point_code
no map lac range lac_start to lac_end
ecmp-lag hash
This command is added to the Global Configuration Mode to configure the system to select source Boxer Internal Address (SBIA) as the input to the hashing function for ECMP-LAG distribution.
This command allows the operator to change the way hashing works in deciding which link to use for ECMP and Link Aggregation. In the default hashing algorithm the IP Source Address, IP Destination Address, IP Protocol and Source BIA are used in the hashing function. When “use-sbia-only” option is selected, only the Source BIA is used in the hashing function.
CLI (Global Configuration Mode)
[no] ecmp-lag hash use-sbia-only
*CAUTION: While using ECMP-LAG on a HNB-GW, this configuration is mandatory for standalone HNB-GW deployment and highly recommended in other deployment scenarios where HNB-GW is used in combination with other services.
HSGW Commands - New in Release 12.0
This section provides information on new HSGW commands available in Release 12.0.
a11-signalling-packets
This command enables the DSCP marking feature for IP headers carrying outgoing A11-signalling A11 packets (such as RRP, RU, SU).
CLI (HSGW Service Configuration Mode)
a11-signalling-packets ip-header-dscp value
[ default | no ] a11-signalling-packets ip-header-dscp
mobility-option-type-value
This command changes the mobility option type value used in mobility messages.
CLI (MAG Service Configuration Mode)
mobility-option-type-value { custom1 | standard )
default mobility-option-type-value
rsvp
This command configures resource reservation protocol (RSVP) parameters for this HSGW service in support of the network initiated QoS feature.
CLI (HSGW Service Configuration Mode)
rsvp { max-retransmissions count | retransmission-timeout seconds }
[ default | no ] rsvp { max-retransmissions | retransmission-timeout }
signalling-packets
This command enables the DSCP marking feature for IP headers carrying outgoing signalling packets.
CLI (MAG Service Configuration Mode)
signalling-packets ip-header-dscp value
[ default | no ] signalling-packets ip-header-dscp
LNS Service Configuration Mode Commands
This section provides information on new LNS commands available in Release 21.2
newcall
The following command configures new call related behavior
CLI (LNS Service Configuration Mode)
newcall duplicate-subscriber-requested-address { accept | reject }
default newcall duplicate-subscriber-requested-address
Mobility Management Entity Commands - New in Release 12.0
This section provides information on new MME commands available in Release 12.0.
csfb
The csfb command configures Circuit-Switched FallBack options for the configured call control profile. This command sets the CSFB option as only supporting short message service (SMS).
CLI (Call Control Profile Configuration Mode)
[ remove ] csfb sms-only
lte-policy
This command is a direct replacement for the obsolete mme-policy command and contains the same command set as the MME Policy mode.
CLI (Global Configuration Mode)
lte-policy
sctp-param-template
This command creates a new, or enters an existing SCTP parameter template configuration. SCTP parameter templates configure SCTP associations.
CLI (Global Configuration Mode)
sctp-param-template name
This command enters the following mode:
CLI (SCTP Parameter Template Configuration Mode)
The following commands are located in the new SCTP Parameter Template Configuration mode:
sctp-alpha value
sctp-alt-accept-flag { diable | enable }
sctp-beta value
sctp-checksum-type { adler32 | crc32 }
sctp-cookie-life value
sctp-max-assoc-retx value
sctp-max-in-strms value
sctp-max-init-retx value
sctp-max-mtu-size bytes
sctp-max-out-strms value
sctp-max-path-retx value
sctp-min-mtu-size bytes
sctp-rto-initial value
sctp-rto-max value
sctp-rto-min value
sctp-sack-frequency value
sctp-sack-period { value | units-10ms value }
sctp-start-mtu-size bytes
timeout { sctp-bundle value | sctp-heart-beat value }
peer-sgsn
This command statically configures peer SGSN environments to facilitate MME-to-SGSN relocations over an S3 or Gn/Gp interface. In prior releases, before this command was created, the MME relied on the DNS setting in the SCTP Service mode for peer SGSN discovery/selection. The order of selection is peer SGSN configuration through MME Service mode first and DNS selection through the SCTP Service mode second.
CLI (MME Service Configuration Mode)
peer-sgsn rai mcc number mnc number [ nri value ] rac value lac value address ip_address capability [ gn ] [ s16 ] [ s3 ]
policy inter-rat
This command enables the establishment of indirect data forwarding tunnels for Gn/Gp-based SRNS relocations.
CLI (MME Service Configuration Mode)
policy inter-rat indirect-forwarding-tunnels always
s1-mme ip
This command configures the quality of service QoS differentiated service code point (DSCP) used when sending data packets of a particular 3GPP QoS class over the S1-MME interface.
CLI (MME Service Configuration Mode)
s1-mme ip qos-dscp { af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | be | ef }
NAT Commands - New in Release 12.0
This section provides information on new NAT commands available in Release 12.0.
h323 time-to-live
This command configures registration lifetime to maintain NAT binding.
CLI (ACS Configuration Mode)
h323 time-to-live timeout
default h323 time-to-live
h323 timeout
This command configures the timeout interval for H323 requests.
CLI (ACS Configuration Mode)
h323 timeout { admission adm_timeout | discovery disc_timeout | location loc_timeout | registration reg_timeout | unregistration unreg_timeout }
default h323 timeout { admission | discovery | location | registration | unregistration }
h323 tpkt
This command configures the Transport Protocol Data Unit Packet (TPKT).
CLI (ACS Configuration Mode)
h323 tpkt timeout
default h323 tpkt
h323 version
This command configures the supported H323 versions.
CLI (ACS Configuration Mode)
h323 version version_num
default h323 version
Packet Data Network Gateway Commands - New in Release 12.0
This section provides information on new P-GW commands available in Release 12.0.
action
This command configures the action priority for an actiondef.
CLI (Local Policy Actiondef Configuration Mode)
action priority priority action_name arguments
no action priority priority
actiondef
This command enables creating, configuring, or deleting action definitions within a local policy service.
CLI (Local Policy Service Configuration Mode)
actiondef actiondef_name [ -noconfirm ]
no actiondef actiondef_name
This command enters the following mode:
CLI (Local Policy Actiondef Configuration Mode)
The following commands are located in the new Local Policy Actiondef Configuration mode:
action priority priority action_name arguments
end
exit
condition
This command is used to configure the conditions which trigger the ruledef event.
CLI (Local Policy Ruledef Configuration Mode)
condition priority priority { variable { eq | ge | gt | le | lt | match | ne | nomatch } regex | string_value | int_value | set }
no condition priority priority
eventbase
This command enables creating, configuring, or deleting an event base within a local policy service.
CLI (Local Policy Service Configuration Mode)
eventbase eventbase_name [ -noconfirm ]
no eventbase eventbase_name
This command enters the following mode:
CLI (Local Policy Eventbase Configuration Mode)
The following commands are located in the new Local Policy Eventbase Configuration mode:
end
exit
rule priority priority [ event list_of_events ] ruledef ruledef_name actiondef actiondef_name [continue]
local-policy-service
This command enables creating, configuring, or deleting a local QoS policy.
CLI (Global Configuration Mode)
local-policy-service name [ -noconfirm ]
This command enters the following mode:
CLI (Local Policy Service Configuration Mode)
The following commands are located in the new Local Policy Service Configuration mode:
actiondef actiondef_name [ -noconfirm ]
eventbase eventbase_name [ -noconfirm ]
end
exit
ruledef ruledef_name [ -noconfirm ]
mobility-option-type-value
This command changes the mobility option type value used in mobility messages.
CLI (LMA Service Configuration Mode)
mobility-option-type-value { custom1 | standard )
default mobility-option-type-value
permission
This command enables the ability to use network mobility service (NEMO) for the current APN. NEMO is disabled by default.
CLI (APN Configuration Mode)
[ no ] permission nemo
default permission
policy
This command configures the Mobile IPv6 policy to decide on action to be taken when IPv4/IPv6 subscriber packets need to be tunneled, however, the encapsulated packets exceed tunnel MTU size.
CLI (APN Configuration Mode)
policy ipv6 tunnel mtu exceed { fragment [ inner ] | notify-sender }
[ default | no ] policy ipv6 tunnel mtu exceed
rule
This command enables the setting of event rules. An event is something that occurs in the system which would trigger a set of actions to take place, such as new-call or rat-change.
CLI (Local Policy Eventbase Configuration Mode)
rule priority priority [ event list_of_events ] ruledef ruledef_name actiondef actiondef_name [continue]
no rule priority priority
ruledef
This command enables creating, configuring, or deleting a rule definition within a local policy service.
CLI (Local Policy Service Configuration Mode)
ruledef ruledef_name [ -noconfirm ]
no ruledef ruledef_name
This command enters the following mode:
CLI (Local Policy Ruledef Configuration Mode)
The following commands are located in the new Local Policy Ruledef Configuration mode:
condition priority priority { variable { eq | ge | gt | le | lt | match | ne | nomatch } regex | string_value | int_value | set }
end
exit
signalling-packets
This command enables the DSCP marking feature for IP headers carrying outgoing signalling packets.
CLI (LMA Service Configuration Mode)
signalling-packets ip-header-dscp value
[ default | no ] signalling-packets ip-header-dscp
PDIF Commands - New in Release 12.0
This section provides information on new PDIF commands available in Release 12.0.
None for this release.
PDSN Commands - New in Release 12.0
This section provides information on new PDSN commands available in Release 12.0.
bgp
The following command has been added.
l
CLI (Context Configuration Mode)
[ no ] bgp extended-asn-cap
maximum-paths ebgp
The following command has been added.
l
CLI (Router Bgp Mode)
maximum-paths ebgp value
[ no ] maximum-paths ebgp
a11-signalling-packets
The following command is added.
l
CLI (Pdsn-service Mode)
a11-signalling-packets ip-header-dscp value
[ no | default ] a11-signalling-packets ip-header-dscp
fa-spi-list / ha-spi-list
The following commands are added.
l
l
CLI (Config Mode)
fa-spi-list list
ha-spi-list list
aaa nas-ip-address IPv4
The following commands are added.
l
l
CLI (PDSN Service Config Mode)
aaa nas-ip-address ip-address
aaa 3gpp2-service-option service option
show ipv6 ospf
Following command shows ipv6 ospf options and its results
CLI (Context configuration mode)
show ipv6 ospf [ database [ adv-routerIPv4-Address ] [ls-type { external | inter-prefix | inter-router | intra-prefix | link | network | router } ] [ verbose ] [ | { grep grep_options | more } ] ] [ debugging ] [ interface ] [ neighbor [ details ] ] [ route [ summary ] ] [ virtual-links ] [ | { grep grep_options | more } ]
Serving Gateway Commands - New in Release 12.0
This section provides information on new commands available in Release 12.0.
apn-profile
The S-GW now supports the use of the APN Profile Configuration Mode commands. The apn-profile name command is located in the Global Configuration Mode.
CLI (APN Profile Configuration Mode)
The following commands in this mode are supported by the S-GW:
cc { local-value-for-scdrs behavior bit_value profile index_bit | prefer { hlrvalue-for-scdrs | local-value-for-scdrs } }
description description
idle-mode-acl { ipv4 | ipv6 } access-group group_name
ip { qos-dscp { { downlink | uplink } { background forwarding | conversational forwarding | interactive traffic-handling-priority priority_forwarding | streaming forwarding } + } | source-violation { deactivate [ all-pdp | excludefrom accounting | linked-pdp | tolerance-limit } | discard [ exclude-fromaccounting ] | ignore }
call-control-profile
The S-GW now supports the use of the Call Control Profile Configuration Mode commands. The call-control-profile name command is located in the Global Configuration Mode.
CLI (Call Control Profile Configuration Mode)
The following commands in this mode are supported by the S-GW:
attach access-type { gprs | umts } { all | location-area-list instance list_id }{ failure-code code | user-device-release { before-r99 failure code code | r99-or-later failure code code }
attach allow access-type { eps | gprs | umts } location-area-list instance list_id
attach restrict access-type { eps | gprs | umts } { all | location-area-list instance list_id }
attach imei-query-type { imei | imei-sv | none } [ [ verify-equipment-identity ] [ deny-greylisted ]
attach imei-query-type
authenticate { activate [ access-type { gprs | umts } ] | first [ access-type { gprs | umts } ] | frequency frequency | primary [ access-type { gprs | umts } ] | all-events [ access-type { gprs | umts } | frequency frequency | attach [ access-type { gprs | umts } | attach-type { combined | gprs-only } [ access-type { gprs | umts } | frequency frequency ] | frequency frequency | inter-rat [ access-type { gprs | umts } ] ] | detach [ access-type { gprs | umts } ] | rau | service-request | sms | tau }
description description
equivalent-plmn radio-access-technology { 2G | 3g | 4g | any } plmnid mcc mcc_number mnc_number priority priority
treat-as-hplmn
operator-policy
The S-GW now supports the use of the Operator Policy Configuration Mode commands. The operator-policy name command is located in the Global Configuration Mode.
CLI (Operator Policy Configuration Mode)
The following commands in this mode are supported by the S-GW:
apn { default-apn-profile apn_profile_name | network-identifier apn_net_id apn-profile apn_profile_name | operator-identifier apn_op_id apn-profile apn_profile_name }
associate { apn-remap-table table_id | call-control-profile profile_id }
description description
imei range IMEI_number to IMEI_number { imei-profile profile_name | sv ## imeiprofile profile_name }
lte-policy
This command is a direct replacement for the obsolete mme-policy command and contains the same command set as the MME Policy mode. The S-GW now supports the following modes in the LTE Policy Configuration Mode: LTE Subscriber Map Configuration Mode and LTE TAI Management Database Configuration Mode.
CLI (Global Configuration Mode)
lte-policy
Session Control Manager Commands - New in Release 12.0
This section provides information on new SCM commands available in Release 12.0.
bgcf-proxy
This command enables SIP BGCF proxy for the service.
CLI (CSCF Proxy-CSCF Configuration Mode)
bgcf-proxy [ port value | transport { tcp | udp } port value ] ]
[ default | no ] bgcf-proxy
core-reg-expiry-time
This command configures Registration Expiry Timer Handling in P-CSCF/A-BG to keep pin holes open in B2BUA mode.
CLI (CSCF Proxy-CSCF Configuration Mode)
core-reg-expiry-time sec
[ default | no ] core-reg-expiry-time
emergency-call-mode
This command enables the P-CSCF/A-BG service to add “P-Emergency-Call-Mode-Preference” header in 200OK to REGISTER message. By default, this command is disabled.
CLI (CSCF Proxy-CSCF Configuration Mode)
emergency-call-mode { 3gpp-cs | 3gpp-ims }
[ default | no ] emergency-call-mode
lawful-intercept
This command enables Lawful Intercept (LI) in this CSCF service. Feature is disabled by default.
CLI (CSCF Service Configuration Mode)
[ no ] lawful-intercept
pcrf-policy-control
This command enables external policy control via PCRF through the Rx Diameter interface and enters the PCRF-Policy-Control Configuration Mode. Default is disabled.
CLI (Proxy-CSCF Configuration Mode)
[ no ] pcrf-policy-control
This command enters the following mode:
CLI (CSCF PCRF-Policy-Control Configuration Mode)
The following commands are located in the new PCRF-Policy-Control Configuration Mode:
[ no ] authorization mediatype { application | audio | control | data | message | others | text | video }
end
exit
[ no ] signaling-bearer-loss subscription
signaling-bearer-loss
This command replaces the subscribe command in the CSCF Proxy-CSCF Configuration Mode. Use this command to enable subscription to Notification of Signaling Transmission Path Status, as well as IPCAN Change type notification.
When enabled (default), the P-CSCF/A-BG sends AAR to the external PCRF via the Rx interface after UE registration. When disabled, the P-CSCF/A-BG will not subscribe to any event during Registration with PCRF and no diameter session will be established.
CLI (CSCF PCRF-Policy-Control Configuration Mode)
[ no ] signaling-bearer-loss subscription
ca-certificate
This command specifies a list of ca-certificates.
CLI (SSL Template Configuration Mode)
ca-certificate list name
certificate
This command is used to bind an X.509 trusted certificate to the SSL template.
CLI (SSL Template Configuration Mode)
certificate name
cipher-suite
This command creates a new SSL cipher suite or specifies an existing cipher suite and enters the Cipher Suite Configuration Mode.
CLI (Context Configuration Mode)
[ no ] cipher-suite name
This command enters the following mode:
CLI (Cipher Suite Configuration Mode)
The following commands are located in the new Cipher Suite Configuration mode:
encryption { 3des | aes-128 | null | rc4 }
end
exit
hmac { sha1 }
key-exchange { rsa }
cipher-suites
This command specifies a list of SSL cipher suites. Currently, the system supports only one SSL cipher suite per SSL template.
CLI (SSL Template Configuration Mode)
cipher-suites list name
clear ssl statistics
This command deletes all previously gathered SSL statistics for a specific P-CSCF service or all P-CSCF services, either system-wide or within a context.
CLI (Exec Mode)
clear ssl statistics [ service-name name ]
encryption
This command specifies the encryption algorithm for the SSL cipher suite.
CLI (Cipher Suite Configuration Mode)
encryption { 3des | aes-128 | null | rc4 }
default encryption
hmac
This command specifies the HMAC (keyed-Hash Message Authentication Code) for the SSL cipher suite.
The default and only currently available option is SHA-1 (Secure Hash Algorithm-1).
CLI (Cipher Suite Configuration Mode)
hmac { sha1 }
default hmac
key-exchange
This command specifies the key exchange algorithm for the SSL cipher suite. The key exchange algorithm provides the means by which the cryptographic keys for conventional encryption and MAC calculations are exchanged.
The default and only currently available option is RSA (Rivest, Shamir, and Adleman).
CLI (Cipher Suite Configuration Mode)
key-exchange { rsa }
default key-exchange
require cipher ssl resource-percentage
This command assigns the 8 processing cores on the PSC2 card and splits the hardware acceleration resources between SSL protocol and IPSec protocol processing.
CLI (Global Configuration Mode)
require cipher ssl resource-percentage percentage_value
default require cipher ssl resource-percentage
show ssl cipher-suite
This command displays information related to SSL cipher suites since the last restart or clear command. A cipher suite contains the cryptographic algorithms supported by the client.
CLI (Exec Mode)
show ssl cipher-suite [ name name ] [ | { grep grep_options | more } ]
show ssl connection
This command displays information pertaining to SSL connections on the P-CSCF.
CLI (Exec Mode)
show ssl connection [ list | summary [ service-name name ] ] [ name name ] [ | { grep grep_options | more } ]
show ssl map
This command displays information related to configured SSL maps/templates since the last restart or clear command.
CLI (Exec Mode)
show ssl map [ map-type ssl-subscriber-template ] [ name name ] [ | { grep grep_options | more } ]
show ssl statistics
This command displays statistics for SSL since the last restart or clear command.
CLI (Exec Mode)
show ssl statistics [ service-name name ] [ | { grep grep_options | more } ]
ssl
This command creates a new SSL template or specifies an existing one and enters the SSL Template Configuration Mode.
CLI (Context Configuration Mode)
[ no ] ssl template name { ssl-subscriber }
This command enters the following mode:
CLI (SSL Template Configuration Mode)
The following commands are located in the new SSL Template Configuration mode:
ca-certificate list name
certificate name
cipher-suites list name
end
exit
version list { tlsv1 }
version
This command specifies the supported version(s) of SSL protocol on the P-CSCF/A-BG. Currently, there is only one supported version of SSL protocol, which is TLS v0.1.
CLI (SSL Template Configuration Mode)
version list { tlsv1 }
default version
SGSN Commands - New in Release 12.0
This section provides information on new SGSN commands available in Release 12.0.
access-restriction-data
This new command enables the operator to assign a failure code to be included in reject messages if attach rejection is due to access restriction data (ARD) checking in incoming subscriber data (ISD) messages. As well, the operator can disable the ARD checking behavior.
CLI (Call Control Profile Configuration Mode)
access-restriction-data { failure-code <cause_code> | no-check }
remove access-restriction-data failure-code
aggregate-ipc-msg
New command enables/disables aggregation of IPC messages in linkmgr and sessmgr.
CLI (SGSN-Global Configuration Mode)
aggregate-ipc-msg { linkmgr | sessmgr } { flush-frequency <frequency> | num-msgs <number_msgs> }
default aggregate-ipc-msg { linkmgr | sessmgr }
associate-dscp-template
This new command in the GPRS Service configuration mode associates a specific DSCP template with a specific GPRS service configuration.
CLI (GPRS Service Configuration Mode)
associate-dscp-template downlink <template_name>
no associate-dscp-template downlink
bssgp-message
A new command determines the SGSN response to MS-Flow-Control messages received from an unknown MS.
CLI (SGSN Global Configuration Mode)
bssgp-message ms-flow-control-from-unknown-ms { discard-message | send-ack | send-status }
[default] bssgp-message ms-flow-control-from-unknown-ms
check-zone-code
Command enables/disables a mechanism to check zone codes.
CLI (Call-Control Profile Configuration Mode)
[ no | remove ] check-zone-code
control-packet
This command in the new DSCP template mode configure handling of downlink control packets.
CLI (DSCP TemplateConfiguration Mode)
control-packet qos-dscp { af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | be | cs1 | cs2 | cs3 | cs4 | cs5 | cs6 | cs7 | ef }]
default control-packet
data-packiet
This command in the new DSCP template mode configure handling of downlink data packets.
CLI (DSCP TemplateConfiguration Mode)
data-packet { background | conversational | interactive { priority1 |
priority2 | priority3 } | streaming } qos-dscp { af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | be | cs1 | cs2 | cs3 | cs4 | cs5 | cs6 | cs7 | ef }]
default data-packet { background | conversational | interactive { priority1 | priority2 | priority3 } | streaming }
disable-remote-restart-counter-verification
This new command disables the SGSN's default behavior for verification of remote peer's restart counter change values.
CLI (SGTP Service Configuration Mode)
[ no | default ] disable-remote-restart-counter-verification
dscp-template
Use this new command to create or delete DSCP templates and to gain access to the new DSCP templates configuration mode. The new DSCP template mode provides commands to configure control and data-packet handling:
l
control-packet command configures DSCP values for downlink control packets
l
data-packet command configures DSCP values for downlink data packets
CLI (SGSN Global Configuration Mode)
[ no ] dscp-template <template_name> [-noconfirm]
ggsn-fail-retry-timer
Sets the amount of time that a GGSN will be unavailable/blacklisted.
CLI (SGTP Service Configuration Mode)
ggsn-fail-retry-timer <value>
no ggsn-fail-retry-timer
gn-delay-monitoring
New command enables monitoring of the delay of packets over Gn/Gp between the SGSN and GGSN.
CLI (SGTP Service Configuration Mode)
gn-delay-monitoring [ num-delay <number_delayed> | num-no-delay-for-clear <number_normal> | tolerance-seconds <number_seconds> ]
default gn-delay-monitoring [ num-delay | num-no-delay-for-clear | tolerance-seconds ]
no gn-delay-monitoring
max-remote-restart-counter-change
This command sets a restart counter change window to avoid the resulting service deactivations and activations causing large bursts of network traffic if the restart counter change messages from the GGSN are erroneous.
CLI (SGTP Service Configuration Mode)
max-remote-restart-counter-change <value 1 - 255>
default max-remote-restart-counter-change
mtp2-max-outstand-frames
A new command provides a new default (7) for the number of outstanding packets sent by the linkmgr and also enables the operator to configurable a specific number of outstanding packets sent by the linkmgr. These configurations are applicable for both highspeed and lowspeed narrowband links.
CLI (Link Configuration Mode)
mtp2-max-outstand-frames <5 - 10>
default mtp2-max-outstand-frames
mtp3-msg-size
The default number (272) of outstanding packets sent by the linkmgr (MTP2), for both highspeed and lowspeed narrowband SS7 links, has been altered with the addition of this new command. As well, it is now possible to configure a preferred number of outstanding packets.
CLI (Link Configuration Mode)
mtp3-msg-size <1-272>
default mtp3-msg-size
pdp-deactivation-rate
Set the rate at which the SGSN deactivates PDP connections per second per SessMgr when a GPT-C path failure is detected.
CLI (SGSN-Global Configuration Mode)
pdp-deactivation-rate { connected-ready <rate> | idle-standby <rate> }
default pdp-deactivation-rate { connected-ready | idle-standby }
ptmsi-signature-reallocate
A new command enables configuration of P-TMSI signature reallocation for Attach/RAU procedures.
CLI (SGTP Service Configuration Mode)
ptmsi-signature-reallocate { attach | frequency <frequency> | interval <minutes> | ptmsi-reallocation-command | routing-area-update [ update-type [ combined-update | imsi-combined-update | periodic | ra-update ] } [ access-type { gprs | umts } ] [ frequency <frequency> ]
regional-subscription-restriction
This command enables the operator to define the cause code for subscriber rejection when it is due to regional subscription information failure.
CLI (Call-Control Profile Configuration Mode)
[ remove ] regional-subscription-restriction [ failure-code <code> | user-device-release { before-r99 failure-code <code> | r99-or-later failure-code <code> } ]
relocation-alloc-timeout
A new command defines the amount of time (in seconds) that the SGSN waits for a Relocation Request message. The range is 1 to 60 with a default of 5.
CLI (IuPS Service Configuration Mode)
relocation-alloc-timeout <time>
default relocation-alloc-timeout
sgsn retry-unavailable-ggsn
Marks the GGSN as available for further activation.
CLI (Exec Mode)
sgsn retry-unavailable-ggsn <IPv4 or IPv6>
smsc-address-restriction-list
A new command allows the operator to restrict forwarding of SMS messages on the basis of a defined list of SMS-C addresses.
CLI Short-Message-Service Configuration Mode
smsc-address-restriction-list <isdn-no> +
no smsc-address-restriction-list <isdn-no>
*IMPORTANT: The smsc-address-restriction-list command only takes effect if the smsc-address-restriction-type command has also been configured.
target-offloading algorithm
Configure the number of subscribers to be off-loaded.
CLI (SGSN-Global Configuration Mode)
target-offloading algorithm [ optimized-for-speed | optimized-for-target-count ]
SGSN Commands - New in Release 12.1
This section provides information on new SGSN commands available in Release 12.1.
access-restriction-data
This new command enables the operator to assign a failure code to be included in reject messages if attach rejection is due to access restriction data (ARD) checking in incoming subscriber data (ISD) messages. As well, the operator can disable the ARD checking behavior.
CLI (Call Control Profile Configuration Mode)
access-restriction-data { failure-code <cause_code> | no-check }
remove access-restriction-data failure-code
aggregate-ipc-msg
New command enables/disables aggregation of IPC messages in linkmgr and sessmgr.
CLI (SGSN-Global Configuration Mode)
aggregate-ipc-msg { linkmgr | sessmgr } { flush-frequency <frequency> | num-msgs <number_msgs> }
default aggregate-ipc-msg { linkmgr | sessmgr }
bssgp-message
A new command determines the SGSN response to MS-Flow-Control messages received from an unknown MS.
CLI (SGSN Global Configuration Mode)
bssgp-message ms-flow-control-from-unknown-ms { discard-message | send-ack | send-status }
[default] bssgp-message ms-flow-control-from-unknown-ms
check-zone-code
Command enables/disables a mechanism to check zone codes.
CLI (Call-Control Profile Configuration Mode)
[ no | remove ] check-zone-code
ggsn-fail-retry-timer
Sets the amount of time that a GGSN will be unavailable/blacklisted.
CLI (SGTP Service Configuration Mode)
ggsn-fail-retry-timer <value>
no ggsn-fail-retry-timer
gn-delay-monitoring
New command enables monitoring of the delay of packets over Gn/Gp between the SGSN and GGSN.
CLI (SGTP Service Configuration Mode)
gn-delay-monitoring [ num-delay <number_delayed> | num-no-delay-for-clear <number_normal> | tolerance-seconds <number_seconds> ]
default gn-delay-monitoring [ num-delay | num-no-delay-for-clear | tolerance-seconds ]
no gn-delay-monitoring
ignore-remote-restart-counter-change
A new command instructs the SGSN to ignore (not process) restart counters received from remote nodes. Default is to process the restart counters.
CLI (SGTP Service Configuration Mode)
ignore-remote-restart-counter-change
[ default | no ] ignore-remote-restart-counter-change
mtp2-max-outstand-frames
A new command provides a new default (7) for the number of outstanding packets sent by the linkmgr and also enables the operator to configurable a specific number of outstanding packets sent by the linkmgr. These configurations are applicable for both highspeed and lowspeed narrowband links.
CLI (Link Configuration Mode)
mtp2-max-outstand-frames <5 - 10>
default mtp2-max-outstand-frames
mtp3-msg-size
The default number (272) of outstanding packets sent by the linkmgr (MTP2), for both highspeed and lowspeed narrowband SS7 links, has been altered with the addition of this new command. As well, it is now possible to configure a preferred number of outstanding packets.
CLI (Link Configuration Mode)
mtp3-msg-size <1-272>
default mtp3-msg-size
ptmsi-signature-reallocate
A new command enables configuration of P-TMSI signature reallocation for Attach/RAU procedures.
CLI (SGTP Service Configuration Mode)
ptmsi-signature-reallocate { attach | frequency <frequency> | interval <minutes> | ptmsi-reallocation-command | routing-area-update [ update-type [ combined-update | imsi-combined-update | periodic | ra-update ] } [ access-type { gprs | umts } ] [ frequency <frequency> ]
regional-subscription-restriction
This command enables the operator to define the cause code for subscriber rejection when it is due to regional subscription information failure.
CLI (Call-Control Profile Configuration Mode)
[ remove ] regional-subscription-restriction [ failure-code <code> | user-device-release { before-r99 failure-code <code> | r99-or-later failure-code <code> } ]
relocation-alloc-timeout
A new command defines the amount of time (in seconds) that the SGSN waits for a Relocation Request message. The range is 1 to 60 with a default of 5.
CLI (IuPS Service Configuration Mode)
relocation-alloc-timeout <time>
default relocation-alloc-timeout
sgsn retry-unavailable-ggsn
Marks the GGSN as available for further activation.
CLI (Exec Mode)
sgsn retry-unavailable-ggsn <IPv4 or IPv6>
smsc-address-restriction-list
A new command allows the operator to restrict forwarding of SMS messages on the basis of a defined list of SMS-C addresses.
CLI Short-Message-Service Configuration Mode
smsc-address-restriction-list <isdn-no> +
no smsc-address-restriction-list <isdn-no>
*IMPORTANT: The smsc-address-restriction-list command only takes effect if the smsc-address-restriction-type command has also been configured.
target-offloading algorithm
Configure the number of subscribers to be off-loaded.
CLI (SGSN-Global Configuration Mode)
target-offloading algorithm [ optimized-for-speed | optimized-for-target-count ]
TPO Commands - New in Release 12.0
This section provides information on new TPO commands available in Release 12.0.
p2p-detected
This command allows to disable/continue TPO optimizations when a P2P flow is detected.
CLI (ACS TPO Profile Configuration Mode)
p2p-detected { cease-tpo | continue-tpo }
default p2p-detected
tpo default-policy
This command configures the default TPO policy for a rulebase. For subscribers using a particular rulebase, the default TPO policy configured in it will be used only if in the APN/subscriber profile no TPO policy is configured, and a policy to use is not received from the AAA.
CLI (ACS Rulebase Configuration Mode)
tpo default-policy tpo_policy_name
no tpo default-policy
tpo profile
This command configures the TPO profile for the charging action. This enables the specified TPO profile to be applied when a flow matches the charging action.
CLI (ACS Charging Action Configuration Mode)
tpo profile tpo_profile_name
no tpo profile
Modified Configuration Commands
This section identifies configuration commands that have been modified in:
l
l
l
l
l
l
l
l
l
l
l
l
l
l
l
l
l
l
Common Commands - Modified in Release 12.0
This section provides information on common commands modified for Release 12.0.
authentication
This command configures authentication for subscribers or gateways accessing a service using the crypto template. Two new keywords and their respective supporting keywords and variables were added to the authentication command in the Crypto Template Configuration Mode: local and remote.
CLI (Crypto Template Configuration Mode)
authentication { eap-profile name [ second-phase eap-profile name ] | gateway { encrypted key value | key clear_text } | local { certificate | pre-shared-key { encrypted key value | key clear_text } | pre-shared-key { encrypted key value | key clear_text } | remote { certificate | eap-profile name [ second-phase eap-profile name ] | pre-shared-key { encrypted key value | key clear_text } }
diameter dictionary
This command configures the Diameter Credit Control dictionary for the Active Charging Service. In release 12.0, the dcca-custom21 through dcca-custom30 options were added to this command.
CLI (Credit Control Configuration Mode)
diameter dictionary { dcca-custom1 | dcca-custom10 | dcca-custom11 | dcca-custom12 | dcca-custom13 | dcca-custom14 | dcca-custom15 | dcca-custom16 | dcca-custom17 | dcca-custom18 | dcca-custom19 | dcca-custom2 | dcca-custom20 | dcca-custom21 | dcca-custom22 | dcca-custom23 | dcca-custom24 | dcca-custom25 | dcca-custom26 | dcca-custom27 | dcca-custom28 | dcca-custom29 | dcca-custom3 | dcca-custom30 | dcca-custom4 | dcca-custom5 | dcca-custom6 | dcca-custom7 | dcca-custom8 | dcca-custom9 | standard }
default diameter dictionary
ikev2-ikesa
The allow-empty-ikesa keyword is new in the ikev2-ikesa command allowing the retention of an IKE SA even after its child SAs have been deleted.
CLI (Crypto Template Configuration Mode)
ikev2-ikesa { allow-empty-ikesa | keepalive-user-activity | max-retransmissions number | retransmission-timeout msec | policy error-notification [ invalid-message-id | invalid-syntax ] rekey | setup-timer sec | transform-set list name }
ip address
This command now allows the configuration of a 31-bit subnet mask for IPv4 addresses per RFC 3021.
CLI (Ethernet Interface Configuration Mode)
ip address ip_address ip_mask
link-aggregation
This command is used to aggregate ports on a Quad Gig-E line card (QGLC) and set related parameters. Several keywords have been added.
CLI (Ethernet Port Configuration Mode)
link-aggregation { distribution { block | random | rotate | simple } | lacp { active | passive } [ rate { auto | fast | slow } ] [ timeout { long | short } ] | master { global group group_number | group group_number | local group group_number } | member { global group group_number | group group_number | local group group_number } | redundancy { standard | switched } [ hold-time sec ] [ preferred slot { card_number | none } ] | toggle-link }
no link-aggregation [ toggle-link ]
default link-aggregation { distribution | lacp | redundancy | toggle-link }
For link-aggregation redundancy standard mode, hold-time and preferred slot settings are now accepted and processed. Previously these setting were only observed for link-aggregation redundancy switched mode.
match ip pool
The keyword destination-network has been added to this command. An IP pool attached to the crypto map can have multiple IPSec tunnels according to the destination of the packet being forwarded to internet.
CLI (Crypto Map IKEv1 Configuration Mode)
[ no ] match ip pool pool-name pool_name[ destination-network ip_address { / mask | mask ip_mask } ]
pending-traffic-treatment
This command controls the pass/drop treatment of traffic while waiting for definitive credit information from the server. The limted-pass keyword was added to this command. This enables limited access for subscribers when the OCS is unreachable by provisioning a default quota to use until there is a response from the OCS.
CLI (Credit Control Configuration Mode)
pending-traffic-treatment { { { forced-reauth | trigger | validity-expired } drop | pass } | { { noquota | quota-exhausted } buffer | drop | limited-pass volume | pass } }
default pending-traffic-treatment { forced-reauth | noquota | quota-exhausted | trigger | validity-expired }
rule-variable
This command specifies the order of fields in the EDR. The following new TPO-related fields are now supported in the EDR format:
l
l
l
l
l
l
l
l
l
l
CLI (ACS EDR Format Configuration Mode)
rule-variable protocol rule priority priority [ in-quotes ]
no rule-variable protocol rule [ priority priority ]
use-proxy
This command enables a Diameter proxy for the Diameter endpoint. A server-mode keyword is added in the 12.0 release to specify that the Diameter proxy should be treated as if it is the server side of the endpoint connection.
CLI (Diameter Endpoint Configuration Mode)
use-proxy [ server-mode [ demux-mode ] ]
Application Detection and Control - Modified in Release 12.0
This section provides information on ADC commands modified in Release 12.0.
p2p-detection protocol
This command configures the system to detect peer-to-peer (P2P) protocols. The following keywords were added to this command:
l
l
l
l
l
l
l
CLI (ACS Configuration Mode)
[ no ] p2p-detection protocol [ actsync | aimini | all | applejuice | ares | armagettron | battlefld | bittorrent | blackberry | citrix | clubpenguin | crossfire | ddlink | directconnect | dofus | edonkey | facebook | facetime | fasttrack | feidian | fiesta | filetopia | florensia | freenet | fring | funshion | gadugadu | gamekit | gnutella | gmail | gtalk | guildwars | halflife2 | hamachivpn | iax | icecast | imesh | iptv | irc | isakmp | iskoot | itunes | jabber | kontiki | manolito | maplestory | meebo | mgcp | msn | mute | myspace | nimbuzz | octoshape | off | oovoo | openft | orb | oscar | paltalk | pando | pandora | popo | pplive | ppstream | ps3 | qq | qqgame | qqlive | quake | rdp | rfactor | rmstream | secondlife | shoutcast | skinny | skype | slingbox | sopcast | soulseek | splashfighter | ssdp | stealthnet | steam | stun | teamspeak | teamviewer | thunder | tor | truphone | tvants | tvuplayer | twitter | uusee | veohtv | viber | vpnx | vtun | warcft3 | wii | winmx | winny | wmstream | wofkungfu | wofwarcraft | xbox | xdcc | yahoo | yourfreetunnel | zattoo + ]
p2p protocol
This command configures the system to detect specific P2P protocols for charging purposes. This release now supports the following protocols:
l
l
l
l
l
l
l
CLI (ACS Ruledef Configuration Mode)
[ no ] p2p protocol operator protocol
p2p traffic-type
This command defines rule expressions to match traffic type—audio, video, and unclassified. The following keywords were added to this command:
l
l
l
CLI (ACS Ruledef Configuration Mode)
[ no ] p2p traffic-type operator traffic_type
Content Filtering Commands - Modified in Release 12.0
This section provides information on Content Filtering commands modified in Release 12.0.
analyze
This command specifies the action to take for the indicated result after content filtering analysis. The following options are additionally supported for the category keyword:
l
l
l
l
CLI (Content Filtering Policy Configuration Mode)
analyze priority priority { all | category category | x-category string } action { allow | content-insert content_string | discard | redirect-url url | terminate-flow | www-reply-code-and-terminate-flow reply_code } [ edr edr_format_name ]
ECS Commands - Modified in Release 12.0
This section provides information on ECS commands modified in Release 12.0.
group-of-ruledefs-application
This command specifies the purpose of setting up a group-of-ruledefs. In support for the GX Alias feature the gx-alias keyword was added to this command. This enables to specify that a group-of-ruledefs is for Gx-alias purposes.
CLI (ACS Group-of-Ruledefs Configuration Mode)
group-of-ruledefs-application { charging | content-filtering | gx-alias | post-processing }
no group-of-ruledefs-application
insert
This command configures the x-header fields to be inserted in HTTP/WSP GET and POST request packets. The qos and s-mcc-mnc keywords were added to this command. This enables inserting bearer QoS and serving node MCC + MNC in x-headers.
CLI (ACS x-header Format Configuration Mode)
insert xheader_field_name { string-constant xheader_field_value | variable { bearer { 3gpp { apn | charging-characteristics | charging-id | imei | imsi | qos | rat-type | s-mcc-mnc | sgsn-address } | acr | customer-id | ggsn-address | mdn | radius-calling-station-id | session-id | sn-rulebase | subscriber-ip-address | username } [ encrypt ] | http { host | url } }
no insert xheader_field_name
rule-variable
This command configures the order of fields in the EDR. This command now enables to configure HTTP domain and WSP domain fields in the EDR. For this, from the URL, after http:// (if it is present) is removed, everything until the first “/” is used as the domain.
CLI (ACS EDR Ruledef Configuration Mode)
rule-variable protocol rule priority priority [ in-quotes ]
no rule-variable protocol rule [ priority priority ]
Firewall Commands - Modified in Release 12.0
This section provides information on Stateful Firewall commands modified in Release 12.0.
firewall dos-protection
This command configures Stateful Firewall protection for subscribers from Denial-of-Service (DoS) attacks. The following keywords have been added to this command to support IPv6 firewall:
ipv6-dst-options [ invalid-options | unknown-options ] | ipv6-extension-hdrs [ limit extension_limit ] | ipv6-frag-hdr nested-fragmentation | ipv6-hop-by-hop [ invalid-options | jumbo-payload | router-alert | unknown-options ]
CLI (Firewall-and-NAT Policy Configuration Mode)
[ no ] firewall dos-protection { all | flooding { icmp | tcp-syn | udp } | ftp-bounce | ip-unaligned-timestamp | ipv6-dst-options [ invalid-options | unknown-options ] | ipv6-extension-hdrs [ limit extension_limit ] | ipv6-frag-hdr nested-fragmentation | ipv6-hop-by-hop [ invalid-options | jumbo-payload | router-alert | unknown-options ] | mime-flood | port-scan | source-router | tcp-window-containment | teardrop | winnuke }
default firewall dos-protection
firewall ip-reassembly-failure
This command configures Stateful Firewall action on IPv4/IPv6 packets involved in IP Reassembly Failure scenarios. In this release, support for IPv6 firewall is added.
CLI (Firewall-and-NAT Policy Configuration Mode)
firewall ip-reassembly-failure { drop | permit }
default firewall ip-reassembly-failure
firewall max-ip-packet-size
This command configures the maximum IPv4/IPv6 packet size (after IP reassembly) allowed over Stateful Firewall. In this release, support for IPv6 firewall is added.
CLI (Firewall-and-NAT Policy Configuration Mode)
firewall max-ip-packet-size packet_size protocol { icmp | non-icmp }
default firewall max-ip-packet-size protocol { icmp | non-icmp }
firewall policy
This command enables/disables Stateful Firewall support in a Firewall-and-NAT policy. In this release, support to enable/disable IPv4 and IPv6 firewall is added.
CLI (Firewall-and-NAT Policy Configuration Mode)
firewall policy { ipv4-and-ipv6 | ipv4-only | ipv6-only }
{ default | no } firewall policy
ip max-fragments
This command limits the maximum number of IPv4/IPv6 fragments per fragment chain. In this release, support for IPv6 firewall is added.
CLI (ACS Configuration Mode)
ip max-fragments max_fragments
default ip max-fragments
route priority
This command controls routing of packets to protocol analyzers. The basic-and-advanced option is added to sip keyword for SIP packets to route through SIP analyzer and SIP ALG.
CLI (ACS Rulebase Configuration Mode)
route priority route_priority ruledef ruledef_name analyzer { dns | file-transfer | ftp-control | ftp-data | h323 | http | imap | mms | p2p | pop3 | pptp | rtcp | rtp | rtsp | sdp | secure-http | sip [ advanced | basic-and-advanced ] | smtp | tftp | wsp-connection-less | wsp-connection-oriented } [ description description ]
no route priority route_priority
GGSN Commands - Modified in Release 12.0
This section provides information on GGSN commands modified in Release 12.0.
virtual-apn
Virtual APN selection is based on configuration parameters like roaming mode, bearer access service etc. Three more parameters ‘cc-profile’, ‘msisdn-range’, and ‘rat-type’ are added based on them virtual-apn will be selected. ‘CC-profile option specifies the APN for charging characteristics (CC)-profile index. The APN selection will be applied to all subscribers that have msisdn in the configured ‘msisdn-range’. The range has lower and upper limit configured as ‘from’ and ‘to’ respectively. The ‘rat-type’ option configures the APN for rat-type (gan, geran, hspa, utran, wlan) received in the message.
Another addition is the ‘msin-range from <start_refix> to <end_prefix>’ keywords have been added to the MCC-MNC in this command to enable the IMSI prefix based prepaid/postpaid subscribers selection on GGSN. This enhancement extends the MCC+MNC based virtual APN selection to MCC+MNC+MSIN Range based virtual APN selection.
CLI (APN Configuration Mode)
virtual-apn { gcdr apn-name-to-be-included { gn | virtual } | preference priority apn apn_name { access-gw-address { ip_address | ip_address/mask } | bearer-access-service svc_name | cc-profile cc_profile_index | domain domain_name | mcc mcc_number mnc mnc_number { msin-range from msin_range_from to msin_range_to } | msisdn-range from msisdn_start_range to msisdn_to_range | rat-type { gan | geran | hspa | utran | wlan } | roaming-mode { home | visiting | roaming } } }
authentication
This command configures the APN’s authentication parameters. A new option ‘prefer-chap-pco’ has been added to be used along with msisdn-auth/imsi-auth parameter. With this option, if enabled, GGSN performs CHAP authentication if CHAP parameters are received in Protocol Configuration Options (PCO). However, chap username would be constructed as msisdn@apn / imsi@apn and chap challenge, chap response parameters should be used as it is from CHAP parameters received in PCO IE. If CHAP parameters are not received in PCO IE of CPC Request, GGSN should do normal PAP authentication with PAP username as msisdn@apn / imsi@apn (ignoring any PAP username if received).
*IMPORTANT: This change is applicable for 10.2 and above versions.
CLI (APN Configuration Mode)
authentication { [ msid-auth | imsi-auth [ password-use-pco | username-strip-apn | prefer-chap-pco ] | msisdn-auth [ password-use-pco | username-strip-apn | prefer-chap-pco ] | eap initial-access-request [ authenticate-authorize | authenticate-only ] | [ allow-noauth ] [ chap preference ] [ mschap preference ] [ pap preference ] }
ip user-datagram-tos copy
This command controls copying of IP TOS octet value from user IPv4/IPv6 datagrams to header of GTP tunnel encapsulation. Earlier the “data-tunnel” option appeared after this command, but it was removed to match with the same command in Subscriber Configuration Mode command.
CLI (APN Configuration Mode)
[ no | default ] ip user-datagram-tos copy
crypto ipsec transform-set
From the Context Configuration Mode, this command creates IPSec transform sets. A new aes-cbc-256 cipher has been added to the existing list of supported cipher options.
CLI (Context Configuration Mode)
[ no ] crypto ipsec transform-set transform_name [ ah { hmac { md5-96 | none | sha1-96 } { esp { hmac { { md5-96 | sha1-96 } { cipher { 3des-cbc | aes-cbc-128 | aes-cbc-256 | des-cbc } } | none } } } } ]
sgsn mcc-mnc
From the GGSN Service Configuration Mode, the sgsn command configures the SGSNs allowed to connect to this GGSN. A new option ‘mcc-mnc’ has been added to this command to configure the sgsn mcc-mnc to the GGSN service. This implementation gives first preference to “User Location Information” IE in Create PDP Context Request Message (to be sent to PCRF) for determining 3GPP-SGSN-MCC-MNC attribute. For backward compatibility with this old behavior, CLI controlled implementation has been done so that existing deployments are not affected with this change in behavior.
CLI (GGSN Service Configuration Mode)
sgsn mcc-mnc { prefer rai | prefer uli }
default sgsn mcc-mnc
HA Commands - Modified in Release 12.0
This section provides information on HA commands modified in Release 12.0.
None for this release.
HSGW Commands - Modified in Release 12.0
This section provides information on HSGW commands modified in Release 12.0.
None for this release.
Mobility Management Entity Commands - Modified in Release 12.0
This section provides information on MME commands modified in Release 12.0.
apn-selection-default
The apn-selection-default command enables and configures the Default APN feature for use when the normal APN selection process fails. A new keyword, first-in-subscription, has been added in this release and specifies that the first APN in the subscription record matching the PDN type is used if the UE APN is absent and the default APN is not a match.
CLI (APN Remap Table Configuration Mode)
apn-selection-default { first-in-subscription | network-identifier apn_net_id [ fallback-apn apn_net_id | reject-blank-apn | require-dns-fail-wildcard | require-subscription-apn ] }
authenticate
The authenticate command enables authentication for a variety of procedures within services using the configure call control profile. The authentication of SMS procedures has been added in this release.
CLI (Call Control Profile Configuration Mode)
authenticate sms [ access-type { gprs | umts } | frequency frequency | sms-type { mo-sms | mt-sms } ]
associate
The associate command configures association between the MME service and other services such as the HSS peer service and the SGs service. An sctp-param-template keyword and associated variable has been added to this command. The sctp-param-template keyword allows the MME service to be associated with a configured SCTP parameter template. SCTP parameter templates are configured through the Global Configuration Mode.
Also, the associate sgs-service command now allows the SGs context to be configured.
CLI (MME Service Configuration Mode)
associate { { egtp-service egtp_svc_name | hss-peer-service hss_svc_name | sctp-param-template template_name | sgs-service sgs_svc_name | sgtpc-service sgtpc_svc_name } [ context ctx_name ] | subscriber-map map_name | tai-mgmt-db database_name }
bind s1-mme
The bind s1-mme command connects the MME service to the S1-MME interface. In this release, the ability to configure node-to-node IP security has been added. An optional crypto template keyword and associated variable has been added to this command.
CLI (MME Service Configuration Mode)
bind s1-mme ipv4-address address [ ipv4-address secondary_address ] | ipv6-address address [ ipv6-address secondary_address ] } [ crypto-template name ] [ max-subscribers number ]
*IMPORTANT: Crypto templates can only be associated with IPv4 addresses on the S1-MME in this release.
dns
The dns command configures association between the MME service and a named context where a DNS client resides allowing for DNS queries to peer servers or other EPC entities. An peer-sgsn keyword has been added to this command. The peer-sgsn keyword allows the MME service to be associated with a context where a DNS client provides DNS queries to locate a peer SGSN.
CLI (MME Service Configuration Mode)
dns { peer-mme | peer-sgsn | pgw | sgw | [ context ctx_name ]
NAT Commands - Modified in Release 12.0
This section provides information on NAT commands modified in Release 12.0.
firewall nat-alg
This command enables/disables all/specified NAT Application Level Gateways (ALG). The h323 keyword is added to this command to enables/disable H23 processing.
CLI (ACS Configuration Mode)
[ default | no ] firewall nat-alg { all | ftp | h323 | pptp | rtsp | sip }
route priority
This command controls routing of packets to protocol analyzers. The h323 keyword is added to this command to route the H323 analyzer for the ruledef.
CLI (ACS Rulebase Configuration Mode)
route priority route_priority ruledef ruledef_name analyzer { dns | file-transfer | ftp-control | ftp-data | h323 | http | imap | mms | p2p | pop3 | pptp | rtcp | rtp | rtsp | sdp | secure-http | sip [ advanced ] | smtp | tftp | wsp-connection-less | wsp-connection-oriented } [ description description ]
no route priority route_priority
Packet Data Network Gateway Commands - Modified in Release 12.0
This section provides information on P-GW commands modified in Release 12.0.
diameter
The keyword service-context-id has been added to this command.
CLI (Credit Control Configuration Mode)
diameter service-context-id service_context_id
default diameter service-context-id
gtpp attribute
This command enables the specification of some of the optional fields in the CDRs that the GSN (GGSN, P-GW, or SGSN) generates and/or how the information is to be presented. Several keywords have been added.
CLI (GTPP Server Group Configuration Mode)
gtpp attribute { camel-info | cell-plmn-id | diagnostics | duration-ms | imei | local-record-sequence-number | msisdn | node-id-suffix STRING | plmn-id | rat | record-extensions rat | sms { destination-number | recording-entity | service-centre } } +
default gtpp attribute { cell-plmn-id | diagnostics | duration-ms | imei | local-record-sequence-number | msisdn | plmn-id | rat | record-extensions rat | sms
{ destination-number | recording-entity | service-centre } }
no gtpp attribute { cell-plmn-id | diagnostics | duration-ms | imei | local-record-sequence-number | msisdn | node-id-suffix | plmn-id | rat | record-extensions rat | sms { destination-number | recording-entity | service-centre } }
insert
Support has been added for the following charging-characteristics:
l
l
CLI (ACS x-header Format Configuration Mode)
insert xheader_field_name { string-constant xheader_field_value | variable { bearer { 3gpp { apn | charging-characteristics | charging-id | imei | imsi | rat-type | sgsn-address } | acr | customer-id | ggsn-address | mdn | radiuscalling-station-id | session-id | sn-rulebase| subscriber-ip-address | username } [ encrypt ] | http { host | url } }
no insert xheader_field_name
trigger type
Support has been added for serving-node trigger type.
CLI (Credit Control Configuration Mode)
[ no ] trigger type { cellid | lac | qos | rat | serving-node | sgsn } +
default trigger type
PDIF Commands - Modified in Release 12.0
This section provides information on PDIF commands modified in Release 12.0.
None for this release.
PDSN Commands - Modified in Release 12.0
This section provides information on PDSN commands modified in Release 12.0.
neighbor fall-over bfd multihop
The following keyword has been added to the command.
l
CLI (Router bgp Mode)
[ no ] neighbor ip_address fall-over bfd multihop
neighbor password / encrypted password
The following keywords have been added to the command.
l
l
CLI (Router bgp Mode)
neighbor ip_addres password password
neighbor ip_addres encrypted password encrypted_password
[ no ] neighbor ip_addres password
neighbor srp-activated-soft-clear
The following keyword has been added to the command.
l
CLI (Router bgp Mode)
[ no ] neighbor ip_address srp-activated-soft-clear
show rp statistics pcf-summary
The following keyword has been added to the command.
l
CLI (Config Mode)
show rp statistics pcf-summary
Serving Gateway Commands - Modified in Release 12.0
This section provides information on commands modified in Release 12.0.
associate
The associate command in the S-GW Service Configuration Mode is updated with the new subscriber-map keyword. This new keyword allows the S-GW service to be associated with a subscriber map configured through the LTE Policy Configuration Mode, and thus, to an operator policy.
CLI (S-GW Service Configuration Mode)
associate subscriber-map name
cc
The S-GW now supports the charging characteristics (cc) commands in the APN Profile and Call Control Profile Configuration Modes.
CLI (APN Profile Configuration Modes)
cc { local-value-for-scdrs behavior bit_value profile index_bit | prefer { hlr-value-for-scdrs | local-value-for-scdrs } }
CLI (Call Control Profile Configuration Modes)
cc { behavior-bit no-records bit_value | local-value behavior bit_value profile index_bit | prefer { hlr-value | local-value } }
accounting context
The S-GW now supports the accounting context command in the Call Control Profile Configuration Mode.
CLI (S-GW Service Configuration Mode)
accounting context ctxt_name [ gtpp group grp_name ]
Session Control Manager Commands - Modified in Release 12.0
This section provides information on SCM commands modified in Release 12.0.
authorization
This command functionality has been moved from the CSCF Proxy-CSCF Configuration Mode and expanded.
CLI (CSCF PCRF-Policy-Control Configuration Mode)
[ no ] authorization mediatype { application | audio | control | data | message | others | text | video }
bind
The keyword tls-crypto-template and its options have been added to this command.
CLI (CSCF Service Configuration Mode)
bind address ip_address [ cscf-hostname host_name ] [ ipsec-crypto-template template ] [ max-sessions max# ] [ port number ] [ reserved-call-capacity percentage ] [ tls-crypto-template template [ tls-port number ] ] [ transport tcp ] [ use-serviceport-towards-network ]
no bind address
nat-pool
The keyword signalling-pool has been added to this command. Specifies the name of an existing IP pool from where IP addresses will be used to fill in signalling headers only.
CLI (CSCF Service Configuration Mode)
nat-pool name pool_name [ signalling-pool signalling_pool_name ]
no nat-pool name pool_name
policy
The keyword overload and its options have been moved from the CSCF Policy Rules Configuration Mode. The keyword ibcf-capability has also been added to this command.
CLI (CSCF Service Configuration Mode)
policy { accounting interim-interval value | allow-early-media | ibcf-capability domain domain/name | overload [ drop | redirect IPv4_address1 [ weight weight1 ] [ IPv4_address2 [ weight weight2 ] ] ... | reject ] | threshold congestion-control { system-cpu-utilization percent | tolerance percent } }
default policy { allow-early-media | overload | threshold congestion-control { system-cpu-utilization | tolerance } }
no policy { accounting interim-interval | allow-early-media | ibcf-capability domain domain/name | overload [ redirect IPv4_address1 ] [ IPv4_address2 ] ... | threshold congestion-control { system-cpu-utilization | tolerance } }
threshold
This command enables thresholds alerting and configuration of thresholds for CSCF Service. This functionality has been moved from the Global Configuration Mode.
CLI (CSCF Service Configuration Mode)
threshold { { call-setup-failures | call-total-active | error-no-resource | error-presence | error-reg-auth | error-tcp | invite-rcvd-rate | reg-rcvd-rate | reg-total-active | route-failures } high_thresh [ clear low_thresh ] | monitoring }
[ default | no ] monitoring
timeout
The keyword cleanup-timer has been added to this command. This timer is used to control how often to check for idle TCP connections.
CLI (CSCF Service Configuration Mode)
timeout { hss-wait sec | no-answer sec | policy-interface sec | sip { 3gpp-d sec | 3gpp-t1 msec | 3gpp-t2 sec | 3gpp-t4 sec | d sec | idle-tcp-connection msec [ cleanup-timer msec ] | invite-expiry sec | t1 msec | t2 sec | t4 sec } }
default timeout { hss-wait | no-answer | policy-interface | sip { 3gpp-d | 3gpp-t1 | 3gpp-t2 | 3gpp-t4 | d | idle-tcp-connection | invite-expiry | t1 | t2 | t4 } }
trusted-domain-entity
The keyword private-network has been added to this command.
CLI (CSCF Service Configuration Mode)
trusted-domain-entity address [ foreign-network ] [ private-network ]
no trusted-domain-entity address
SGSN Commands - Modified in Release 12.0
This section provides information on SGSN commands modified in Release 12.0.
apn-selection-default
New keyword ‘fallback-apn’ allows definition of a dummy APN to use when default APN is not available.
CLI (APN-Remap-Table Configuration Mode)
apn-selection-default network-identifier <apn_net_id> [ fallback-apn <apn_net_id> | reject-blank-apn | require-dns-fail-wildcard | require-subscription-apn ] }
no apn-selection
apn-selection-default
Three new keywords have been added to support flexible new options for using default APNs in the APN selection process:
l
first-in-subscription - option instructs the SGSN to use the APN in the first subscription record as a default APN.
l
fallback-to-first-in-subscription - option instructs the SGSN to use the APN in the first subscription record when configured default APN is not available.
l
prefer-single-subscription - option instructs the SGSN to use the APN in subscription record if it is the only record available and normal APN selection fails.
CLI (APN-Remap-Table Configuration Mode)
apn-selection-default { first-in-subscription | network-identifier <> [ fallback-apn network-identifier <> | fallback-to-first-in-subscription | prefer-single-subscription | reject-blank-apn | require-dns-fail-wildcard | require-subscription-apn ] }
no apn-selection
authenticate
New keywords enable/disable authentication for the SMS procedure.
CLI (Call-Control Profile Configuration Mode)
authenticate sms [ sms-type ( mo-sms | mt-sms } ] [ frequency <frequency> | access-type { umts | gprs } ]
no authenticate sms [ sms-type ( mo-sms | mt-sms } ] {access-type [umts/gprs]}
default authenticate sms [ sms-type ( mo-sms | mt-sms } ] {access-type [umts/gprs]}
bssgp-timer
The range of the BSSGP MS flow control timer ‘th’ has been expanded (per TS 48.018) to 6 to 5999 seconds:
CLI (SGSN-Global Configuration Mode)
bssgp-timer th <6 to 5999>
default bssgp-timer th
ciphering algorithm
New keywords - negotiation-failure-action - have been added to configure the SGSN's action if there is not a match between the MS and SGSN ciphering algorithm configurations. As well, the call Attach/RAU Rejection message may include a configurable GMM failure code.
CLI (GPRS Service Configuration Mode)
ciphering-algorithm { negotiation-failure-action { reject [ failure-code ] | use-geo0 } | priority <priority> }
default ciphering-algorithm negotiation-failure-action
dns-extn
New keyword in the command enables the SGSN to append geographical information to the APN string that is being sent in the DNS query.
CLI (APN-Profile Configuration Mode)
dns-extn { lac-rac | msisdn start-offset <start_digits> end-offset <end_digits>
dns-extn
If the DNS is configured to support, then inclusion of two new keywords - charg-id and rnc-id - facilitate GGSN selection.
CLI (APN-Profile Configuration Mode)
dns-extn { charg-id { binary | decimal | hexadecimal } | lac-rac | msisdn | rnc-id [ charg-id { binary | decimal | hexadecimal } ] }
remove dns-extn { charg-id | rnc-id [ charg-id ] }
gateway-address
New keyword assigns GGSN to a secondary pool of GGSNs.
CLI (APN-Profile Configuration Mode)
gateway-address <IPv4 or IPv6> weight <1-100> secondary-pool
gtpc
Configures the diffserv code point marking to be used when sending GTP-C messages originating from the session manager and SGTPC manager.
CLI (SGTP Service Configuration Mode)
gtpc ip qos-dscp { af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | be | ef }
default gtpc ip qos-dscp
gtpp dictionary
The custom33 keyword has been enabled to allow inclusion of the custom33 dictionary in the billing context configuration and to associate the dictionary with the GTPP server group for the billing context.
CLI (Context Configuration Mode Commands)
gtpp dictionary custom33
CLI (GTPP Server Group Configuration Mode Commands)
gtpp dictionary custom33
gtpp storage-server local file
New keyword "file-name-pattern" defines a pattern for the file name that will be used to match against the files to be purged.
CLI (GTPP Server Group Configuration Mode Commands)
gtpp storage-server local file purge-processed-files file-name-pattern <name_pattern>
gtp send
The rai keyword has been added to configure the SGSN to include the RAI of the SGSN in CPCQ and UPCQ messages to the GGSN.
CLI (GTPP Server Group Configuration Mode Commands)
gtp send { imeisv | ms-timezone | rai | rat | uli }
[ no | remove ] gtp send rai
hop-count
The configurable number of hop counts for an SCCP network instance has been expanded to 15.
CLI (SCCP-Network Configuration Mode)
hop-count <1-15>
imsi-range
The description keyword has been added to the IMSI range configuration to clarify use of the ranges when Release 9.0 Operator Policy configurations are converted for use with the Operator Policy functionality of Release 12.0.
CLI (SGSN-Global Configuration Mode Commands)
imsi-range mcc <mcc> mnc <mnc> msin first <msin> last <msin> operator-policy <policy_name> description <description>
link-aggregation redundancy
New keywords enable the operator to provision port link aggregation across multiple side-by-side XGLCs -- horizontal link aggregation.
CLI (Port Ethernet Configuration Mode Commands)
link-aggregation redundancy { standard | switched } [ hold-time <seconds> ] [ preferred slot { none | <slot#>} ]
link id <id> link-type {highspeed-narrowband | lowspeed-narrowband}
Ranges and defaults for various MTP2 timers have been modified for ANSI and ITU variants for both SS7 lowspeed-narrowband and SS7 highspeed-narrowband links.
CLI (Link Configuration Mode Commands)
Lowspeed, ITU and ANSI; new defaults below:
l
mtp2-tmr-t1 - ITU default value is 40s and ANSI default value is 13s
l
mtp2-tmr-t2 - ITU default value is 5s, ANSI default value is 11.5s
l
mtp2-tmr-t3 - ITU default value is 1.5s, ANSI default value is 11.5s
l
mtp2-tmr-t4e - ITU default value is 500ms, ANSI default value is 600ms
l
mtp2-tmr-t4n - ITU default value is 8.2s, ANSI default value is 2.3s
Lowspeed, ITU and ANSI; new ranges below:
l
mtp2-tmr-t1 - ITU & ANSI ranges are 120 - 500
l
mtp2-tmr-t3 - ITU & ANSI ranges are 10 - 140
l
mtp2-tmr-t4n - ITU & ANSI ranges are 20 - 95
l
mtp2-tmr-t6 - ITU & ANSI ranges are 10 - 60
Highspeed, ITU and ANSI; new defaults below:
l
mtp2-tmr-t1 - ITU default value is 300s and ANSI default value is 170s
l
mtp2-tmr-t2 - ITU default value is 5s, ANSI default value is 23s
l
mtp2-tmr-t3 - ITU default value is 1.5s, ANSI default value is 11.5s
l
mtp2-tmr-t4e - ITU default value is 500ms, ANSI default value is 5s
Highspeed, ITU and ANSI; new ranges below:
l
mtp2-tmr-t1 - ITU & ANSI ranges are 160 - 3500
l
mtp2-tmr-t2 - ITU & ANSI ranges are 50 - 1500
l
mtp2-tmr-t3 - ITU & ANSI ranges are 10 - 140
l
mtp2-tmr-t4e - ITU & ANSI ranges are 4 - 60
l
mtp2-tmr-t6 - ITU & ANSI ranges are 10 - 60
network-initiated-pdp-activation
In support of NRPCA, new keywords identify a predefined location area code list and define a GTPP failure cause code for inclusion in activation Reject messages.
CLI (Call-Control Profile Configuration Mode)
network-initiated-pdp-activation { allow { primary | secondary } | restrict { primary | secondary } } access type { gprs | umts } { all | location-area-list instance <instance> } failure-code <code>
qos class
New mbr-map-down and mbr-map-up keywords enable override mapping to replace a maximum bit rate (MBR) received from the HLR with locally configured MBR.
CLI (APN-Profile Configuration Mode)
qos class { background | conversational | interactive | streaming } [ mbr-map-down from from_kbps to to_kbps | mbr-map-up from from_kbps to to_kbps ]
qos class
The following keywords have been removed from the command:
l
l
The following keywords have been added to the command:
l
l
l
l
l
l
CLI (APN-Profile Configuration Mode)
[ remove ] qos class { background | conversational | interactive | streaming } [ all-values | arp | gbr-down | gbr-up | mbr-down | mbr-map-down | mbr-map-up | mbr-up | min-transfer-delay | residual-bit-error-rate | sdu | thp ]
sctp-rto-min / sctp-sack-period
Include this keyword with the following commands in the PSP configuration mode. Enter it before entering a value. This enables configuration with finer granuality - in 10 millisecond units.
CLI (PSP Configuration Mode)
sctp-rto-min units-10ms <1-500>
sctp-sack-period units-10ms <1-500>
sgsn offload
 
Enable targeting an SGSN for offloading.
CLI (Exec Mode)
sgsn offload [ gprs-service srvc_name | sgsn-service srvc_name } srvc_name { activating | connecting [ nri-value <nri_value> | stop [ target-nri <target_nri> target-count <target_count> ] | t3312-timeout <seconds> [ target-nri <target_nri> target-count <target_count>] | target-nri <target_nri> target-count <target_count> }
service timers changed
Four timers have had changes to their ranges and two timers have had changes to their defaults:
CLI (IuPS Service Configuration Mode)
l
reset ack-timeout range has been expanded from 5 - 10 to 5 - 60 seconds. Default has increased to 20 seconds.
l
reset guard-timeout range has been expanded from 5 - 10 to 5 - 60 seconds.
l
tigoc-timeout range has been expanded from 1 - 10 to 1 - 60 seconds
l
tintc-timeout range has been expanded from 1 - 10 to 1 - 60 seconds and the default has been increased to 30 seconds.
sndcp reassembly-timeout
The default (now 30 seconds) and maximum range of seconds (now 1 to 300) configurable for the SNDCP reassembly timer have been changed to facilitate support for the reordering of sub-network dependent convergence protocol N-PDU segments that arrive out-of-order.
CLI (GPRS Service Configuration Mode)
sndcp reassembly-timeout seconds
default sndcp reassembly-timeout
SGSN Commands - Modified in Release 12.1
This section provides information on SGSN commands modified in Release 12.1.
apn-selection-default
New keyword ‘fallback-apn’ allows definition of a dummy APN to use when default APN is not available.
CLI (APN-Remap-Table Configuration Mode)
apn-selection-default network-identifier <apn_net_id> [ fallback-apn <apn_net_id> | reject-blank-apn | require-dns-fail-wildcard | require-subscription-apn ] }
no apn-selection
apn-selection-default
Three new keywords have been added to support flexible new options for using default APNs in the APN selection process:
l
first-in-subscription - option instructs the SGSN to use the APN in the first subscription record as a default APN.
l
fallback-to-first-in-subscription - option instructs the SGSN to use the APN in the first subscription record when configured default APN is not available.
l
prefer-single-subscription - option instructs the SGSN to use the APN in subscription record if it is the only record available and normal APN selection fails.
CLI (APN-Remap-Table Configuration Mode)
apn-selection-default { first-in-subscription | network-identifier <> [ fallback-apn network-identifier <> | fallback-to-first-in-subscription | prefer-single-subscription | reject-blank-apn | require-dns-fail-wildcard | require-subscription-apn ] }
no apn-selection
authenticate
New keywords enable/disable authentication for the SMS procedure.
CLI (Call-Control Profile Configuration Mode)
authenticate sms [ sms-type ( mo-sms | mt-sms } ] [ frequency <frequency> | access-type { umts | gprs } ]
no authenticate sms [ sms-type ( mo-sms | mt-sms } ] {access-type [umts/gprs]}
default authenticate sms [ sms-type ( mo-sms | mt-sms } ] {access-type [umts/gprs]}
bssgp-timer
The range of the BSSGP MS flow control timer ‘th’ has been expanded (per TS 48.018) to 6 to 5999 seconds:
CLI (SGSN-Global Configuration Mode)
bssgp-timer th <6 to 5999>
default bssgp-timer th
ciphering algorithm
New keywords - negotiation-failure-action - have been added to configure the SGSN's action if there is not a match between the MS and SGSN ciphering algorithm configurations. As well, the call Attach/RAU Rejection message may include a configurable GMM failure code.
CLI (GPRS Service Configuration Mode)
ciphering-algorithm { negotiation-failure-action { reject [ failure-code ] | use-geo0 } | priority <priority> }
default ciphering-algorithm negotiation-failure-action
dns-extn
New keyword in the command enables the SGSN to append geographical information to the APN string that is being sent in the DNS query.
CLI (APN-Profile Configuration Mode)
dns-extn { lac-rac | msisdn start-offset <start_digits> end-offset <end_digits>
gateway-address
New keyword assigns GGSN to a secondary pool of GGSNs.
CLI (APN-Profile Configuration Mode)
gateway-address <IPv4 or IPv6> weight <1-100> secondary-pool
gtpc
Configures the diffserv code point marking to be used when sending GTP-C messages originating from the session manager and SGTPC manager.
CLI (SGTP Service Configuration Mode)
gtpc ip qos-dscp { af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | be | ef }
default gtpc ip qos-dscp
gtpp dictionary
The custom33 keyword has been enabled to allow inclusion of the custom33 dictionary in the billing context configuration and to associate the dictionary with the GTPP server group for the billing context.
CLI (Context Configuration Mode Commands)
gtpp dictionary custom33
CLI (GTPP Server Group Configuration Mode Commands)
gtpp dictionary custom33
gtpp storage-server local file
New keyword "file-name-pattern" defines a pattern for the file name that will be used to match against the files to be purged.
CLI (GTPP Server Group Configuration Mode Commands)
gtpp storage-server local file purge-processed-files file-name-pattern <name_pattern>
gtp send
The rai keyword has been added to configure the SGSN to include the RAI of the SGSN in CPCQ and UPCQ messages to the GGSN.
CLI (GTPP Server Group Configuration Mode Commands)
gtp send { imeisv | ms-timezone | rai | rat | uli }
[ no | remove ] gtp send rai
hop-count
The configurable number of hop counts for an SCCP network instance has been expanded to 15.
CLI (SCCP-Network Configuration Mode)
hop-count <1-15>
imsi-range
The description keyword has been added to the IMSI range configuration to clarify use of the ranges when Release 9.0 Operator Policy configurations are converted for use with the Operator Policy functionality of Release 12.0.
CLI (SGSN-Global Configuration Mode Commands)
imsi-range mcc <mcc> mnc <mnc> msin first <msin> last <msin> operator-policy <policy_name> description <description>
link-aggregation redundancy
New keywords enable the operator to provision port link aggregation across multiple side-by-side XGLCs -- horizontal link aggregation.
CLI (Port Ethernet Configuration Mode Commands)
link-aggregation redundancy { standard | switched } [ hold-time <seconds> ] [ preferred slot { none | <slot#>} ]
link id <id> link-type {highspeed-narrowband | lowspeed-narrowband}
Ranges and defaults for various MTP2 timers have been modified for ANSI and ITU variants for both SS7 lowspeed-narrowband and SS7 highspeed-narrowband links.
CLI (Link Configuration Mode Commands)
Lowspeed, ITU and ANSI; new defaults below:
l
mtp2-tmr-t1 - ITU default value is 40s and ANSI default value is 13s
l
mtp2-tmr-t2 - ITU default value is 5s, ANSI default value is 11.5s
l
mtp2-tmr-t3 - ITU default value is 1.5s, ANSI default value is 11.5s
l
mtp2-tmr-t4e - ITU default value is 500ms, ANSI default value is 600ms
l
mtp2-tmr-t4n - ITU default value is 8.2s, ANSI default value is 2.3s
Lowspeed, ITU and ANSI; new ranges below:
l
mtp2-tmr-t1 - ITU & ANSI ranges are 120 - 500
l
mtp2-tmr-t3 - ITU & ANSI ranges are 10 - 140
l
mtp2-tmr-t4n - ITU & ANSI ranges are 20 - 95
l
mtp2-tmr-t6 - ITU & ANSI ranges are 10 - 60
Highspeed, ITU and ANSI; new defaults below:
l
mtp2-tmr-t1 - ITU default value is 300s and ANSI default value is 170s
l
mtp2-tmr-t2 - ITU default value is 5s, ANSI default value is 23s
l
mtp2-tmr-t3 - ITU default value is 1.5s, ANSI default value is 11.5s
l
mtp2-tmr-t4e - ITU default value is 500ms, ANSI default value is 5s
Highspeed, ITU and ANSI; new ranges below:
l
mtp2-tmr-t1 - ITU & ANSI ranges are 160 - 3500
l
mtp2-tmr-t2 - ITU & ANSI ranges are 50 - 1500
l
mtp2-tmr-t3 - ITU & ANSI ranges are 10 - 140
l
mtp2-tmr-t4e - ITU & ANSI ranges are 4 - 60
l
mtp2-tmr-t6 - ITU & ANSI ranges are 10 - 60
network-initiated-pdp-activation
In support of NRPCA, new keywords identify a predefined location area code list and define a GTPP failure cause code for inclusion in activation Reject messages.
CLI (Call-Control Profile Configuration Mode)
network-initiated-pdp-activation { allow { primary | secondary } | restrict { primary | secondary } } access type { gprs | umts } { all | location-area-list instance <instance> } failure-code <code>
qos class
New mbr-map-down and mbr-map-up keywords enable override mapping to replace a maximum bit rate (MBR) received from the HLR with locally configured MBR.
CLI (APN-Profile Configuration Mode)
qos class { background | conversational | interactive | streaming } [ mbr-map-down from from_kbps to to_kbps | mbr-map-up from from_kbps to to_kbps ]
qos class
The following keywords have been removed from the command:
l
l
The following keywords have been added to the command:
l
l
l
l
l
l
CLI (APN-Profile Configuration Mode)
[ remove ] qos class { background | conversational | interactive | streaming } [ all-values | arp | gbr-down | gbr-up | mbr-down | mbr-map-down | mbr-map-up | mbr-up | min-transfer-delay | residual-bit-error-rate | sdu | thp ]
sctp-rto-min / sctp-sack-period
Include this keyword with the following commands in the PSP configuration mode. Enter it before entering a value. This enables configuration with finer granuality - in 10 millisecond units.
CLI (PSP Configuration Mode)
sctp-rto-min units-10ms <1-500>
sctp-sack-period units-10ms <1-500>
sgsn offload
 
Enable targeting an SGSN for offloading.
CLI (Exec Mode)
sgsn offload [ gprs-service srvc_name | sgsn-service srvc_name } srvc_name { activating | connecting [ nri-value <nri_value> | stop [ target-nri <target_nri> target-count <target_count> ] | t3312-timeout <seconds> [ target-nri <target_nri> target-count <target_count>] | target-nri <target_nri> target-count <target_count> }
service timers changed
Four timers have had changes to their ranges and two timers have had changes to their defaults:
CLI (IuPS Service Configuration Mode)
l
reset ack-timeout range has been expanded from 5 - 10 to 5 - 60 seconds. Default has increased to 20 seconds.
l
reset guard-timeout range has been expanded from 5 - 10 to 5 - 60 seconds.
l
tigoc-timeout range has been expanded from 1 - 10 to 1 - 60 seconds
l
tintc-timeout range has been expanded from 1 - 10 to 1 - 60 seconds and the default has been increased to 30 seconds.
sndcp reassembly-timeout
The default (now 30 seconds) and maximum range of seconds (now 1 to 300) configurable for the SNDCP reassembly timer have been changed to facilitate support for the reordering of sub-network dependent convergence protocol N-PDU segments that arrive out-of-order.
CLI (GPRS Service Configuration Mode)
sndcp reassembly-timeout seconds
default sndcp reassembly-timeout
TPO Commands Modified in Release 12.0
This section provides information on TPO commands modified in release 12.0.
tcp fast-retransmit-dupacks
This command specifies the number of duplicate ACKs required for fast retransmission. The dynamic keyword was added to this command. This enables to dynamically change the number of duplicate ACKs required for fast retransmission based on the number of in-flight packets (one-third of the in-flight packets, subject to a minimum of two). This enables to eliminate spurious retransmissions when packet reordering in the network is high.
CLI (ACS TPO Profile Configuration Mode)
tcp fast-retransmit-dupacks { duplicate_acks | dynamic }
default tcp fast-retransmit-dupacks
Obsoleted Commands
This section identifies configuration commands that have been obsoleted in:
l
l
l
l
l
l
l
l
l
l
l
Common Commands - Obsoleted in Release 12.0
This section provides information on commands that are common to all products that were obsoleted in Release 12.0.
None for this release.
Application Detection and Control Commands - Obsoleted in Release 12.0
This section provides information on new ADC commands available in Release 12.0.
None for this release.
Content Filtering Commands - Obsoleted in Release 12.0
This section provides information on CF commands that were obsoleted in Release 12.0.
None for this release.
ECS Commands - Obsoleted in Release 12.0
This section provides information on ECS commands that were obsoleted in Release 12.0.
None for this release.
Firewall Commands - Obsoleted in Release 12.0
This section provides information on Stateful Firewall commands that were obsoleted in Release 12.0.
None for this release.
GGSN Commands - Obsoleted in Release 12.0
This section provides information on GGSN commands that were obsoleted in Release 12.0.
gtpu echo interval
This command has been obsoleted in 12.0 release and now available in GTP-U service configuration mode.
CLI (GGSN Service Configuration mode))
gtpu echo-interval time_interval
no gtpu echo-interval
gtpu reorder
This command has been obsoleted in 12.0 release.
CLI (GGSN Service Configuration mode))
gtpu reorder { context { ppp } | sequence-numbers { ipv4 | ppp | ipv4-ppp | ppp-ipv4 } | timeout time }
[ no ] gtpu reorder { context | sequence-numbers { ipv4 | ppp | ipv4-ppp | ppp-ipv4 } }
gtpu udp-checksum insert
This command has been obsoleted in 12.0 release.
CLI (GGSN Service Configuration mode))
[ default | no ] gtpu udp-checksum insert
HA Commands - Obsoleted in Release 12.0
This section provides information on HA commands that were obsoleted in Release 12.0.
None for this release.
Mobility Management Entity Commands - Obsoleted in Release 12.0
This section provides information on MME commands that were obsoleted in Release 12.0.
mme-policy
This command has been removed from the 12.0 release and replaced with the lte-policy command.
CLI (Global Configuration Mode)
mme-policy
PDSN Commands - Obsoleted in Release 12.0
This section provides information on PDSN commands that were obsoleted in Release 12.0.
None for this release.
Session Control Manager Commands - Obsoleted in Release 12.0
This section provides information on SCM commands that were obsoleted in Release 12.0.
authorization
This command functionality has been moved to the CSCF PCRF-Policy-Control Configuration Mode and expanded.
CLI (CSCF Proxy-CSCF Configuration Mode)
[ no ] authorization non-video
policy
This command functionality has been moved to the CSCF Service Configuration Mode and expanded.
CLI (CSCF Policy Rules Configuration Mode)
policy overload { redirect address1 [ weight weight1 ] [ address2 [ weight
weight2 ] ] ... | reject [ use-reject-code { admin-prohibited | insufficient-resources } ] }
default policy overload
no policy overload redirect address1 [ address2 ] ...
subscribe
This command has been removed from the 12.0 release and replaced with the signaling-bearer-loss command in the CSCF PCRF-Policy-Control Configuration Mode.
CLI (CSCF Proxy-CSCF Configuration Mode)
[ no ] subscribe signaling-bearer-loss
SGSN Commands - Obsoleted in Release 12.0
This section provides information on SGSN commands that were obsoleted in Release 12.0.
ignore-remote-restart-counter
This command, in the SGTP Service configuration mode, has been deprecated because the default behavior has been modified so that the SGSN verifies the remote restart counter changes observed in the PDP establishment messages and to ensure no mistaken configuration leads to genuine GGSN restarts being ignored. For information about the behavioral change, see the New Features section.
GTPP Storage Server (GSS)
This section provides information on GSS changes in Release 12.0.
None for this release.
This section provides information on GSS changes in Release 12.1
None for this release.
 
Web Element Manager Changes
This section provides information on Web Element Manager changes in Release 12.0.
This section provides information on Web Element Manager changes in Release 12.1.
None for these releases.
 

Cisco Systems Inc.
Tel: 408-526-4000
Fax: 408-527-0883