This command enables to configure secondary AAA group for the APN. This supports the RADIUS Fire-and-Forget feature in conjunction with GGSN for secondary accounting (with different RADIUS accounting group configuration) to the RADIUS servers without expecting acknowledgement from the server, in addition to standard RADIUS accounting. This secondary accounting will be an exact copy of all the standard RADIUS accounting message (RADIUS Start / Interim / Stop) sent to the standard AAA RADIUS server.
This command enables to configure secondary AAA group for the subscriber template. This supports the No-ACK RADIUS Targets feature in conjunction with PDSN and HA for secondary accounting (with different RADIUS accounting group configuration) to the RADIUS servers without expecting the acknowledgement from the server, in addition to standard RADIUS accounting. This secondary accounting will be an exact copy of all the standard RADIUS accounting message (RADIUS Start / Interim / Stop) sent to the standard AAA RADIUS server.
This command enables dictionary control of the AVPs that need to be added based on the version of the specification to which the OCS is compliant with. This command is applicable to all products that use the dcca-custom8 dictionary for Gy interface implementation.
This command enables dictionary control of the AVPs that need to be added based on the version of the specification to which the PCEF is compliant with. This command is applicable only to Diameter dictionaries that support standard based volume reporting over Gx feature.
When a link aggregation group (LAG) contains two sets of ports, each connecting to a different Ethernet switch, this command allows you to change the status of the active distributing ports.
This command checks the Multi Protocol Label Switching (MPLS) LSP connectivity for the specified forwarding equivalence class (FEC). It must be followed by an IPv4 prefix.
lsp-ping ip_prefix_FEC [ count ping-packets ] [ | verbose ] [ | grep grep_options ]
lsp-traceroute ip_prefix_FEC [ maxttl time_to_live ] [ | verbose ] [ | grep grep_options ]
This command configures the post-processing policy to be applied on Limit-Reached packets. This allows to enable post-processing priority based rules for content in blacklisted state.
The post-processing policy always CLI command will enable post-processing on Limit-Reached packets. If there are post-processed priority based rules, it will check for any redirection rules, else will discard the packets by default. No other post-processing actions like forward, next-hop, xheader-insertion, etc. will be applied on these limit-reached packets. If no post-processing priority rules are present, the packets will be dropped by default.
The post-processing policy not-for-dynamic-discard will directly discard the limit-reached context and will not apply post-processing priority based rules. This is the default setting.
This command defines rule expressions to analyze and charge user traffic based on control message type for PPTP packets. This is used in conjunction with ADC, Firewall, and NAT inline services.
[ no ] pptp ctrl-msg-type = { call-clear-request | call-disconnect-notify | echo-reply | echo-request | incoming-call-connected | incoming-call-reply | incoming-call-request | outgoing-call-reply | outgoing-call-request | set-link-info | start-control-connection-reply | start-control-connection-request | stop-control-connection-reply | stop-control-connection-request | wan-error-notify
This feature enables to configure the Fire-and-Forget feature. The accounting request sent to a RADIUS accounting server configured under the AAA group with this CLI command configured in it will not expect a response from the server.
This command configures DCCA/Gy to work in per subscriber-PDN level Gy mode, wherein one Diameter session is created per subscriber PDN rather than per bearer, and only one DCCA/Gy session is created for multi-bearer PDNs. This command is applicable to all products using the Gy interface.
[no]
server priority <priority_number> ip-address <ip_address> [
service {
authentication |
authorization |
accounting}] [
port <port_number>] [{
encrypted password <shared_secret > |
password <text_password>}] [
timeout <seconds>] [
retries <num_retries>] [
nas-source-address <ip_address>]
servers-unreachable { initial-request { continue | terminate [ after-timer-expiry timeout_period ] } | update-request { continue | terminate [ after-quota-expiry | after-timer-expiry timeout_period ] } }
This command allows an operator to enable or disable WiMAX hotlining capability in the ASNGW and WiMAX HA. The command applies to both profile id-based and rule-based hotlining.
This command configures the eG-CDR encoding type. When configuring the eG-CDR encoding type as ASCII, the delimiter character can be specified as either “:” (colon), “,” (comma), or “|” (pipe). The default delimiter character is “|” (pipe).
[ no ] tcp proxy-state operator previous_state
From the Context Configuration Mode, this command disables the sending of an INITIAL-CONTACT message in the IKEv1 protocol after the node creates a new Phase 1 SA, caused either by Dead Peer Detection or by a rekey.
This command configures the mapping of Location Area Code (LAC) received from UE to MSC point code. This is an important configuration for CS network resource sharing without Iu-Flex interface configuration.
map lac range lac_start to lac_end point-code msc_point_code
no map lac range lac_start to lac_end
This command is added to the Global Configuration Mode to configure the system to select source Boxer Internal Address (SBIA) as the input to the hashing function for ECMP-LAG distribution.
This command allows the operator to change the way hashing works in deciding which link to use for ECMP and Link Aggregation. In the default hashing algorithm the IP Source Address, IP Destination Address, IP Protocol and Source BIA are used in the hashing function. When “use-sbia-only” option is selected, only the Source BIA is used in the hashing function.
rsvp { max-retransmissions count | retransmission-timeout seconds }
The csfb command configures Circuit-Switched FallBack options for the configured call control profile. This command sets the CSFB option as only supporting short message service (SMS).
This command is a direct replacement for the obsolete mme-policy command and contains the same command set as the MME Policy mode.
sctp-sack-period { value | units-10ms value }
timeout { sctp-bundle value | sctp-heart-beat value }
This command statically configures peer SGSN environments to facilitate MME-to-SGSN relocations over an S3 or Gn/Gp interface. In prior releases, before this command was created, the MME relied on the DNS setting in the SCTP Service mode for peer SGSN discovery/selection. The order of selection is peer SGSN configuration through MME Service mode first and DNS selection through the SCTP Service mode second.
peer-sgsn rai mcc number mnc number [ nri value ] rac value lac value address ip_address capability [ gn ] [ s16 ] [ s3 ]
This command configures the quality of service QoS differentiated service code point (DSCP) used when sending data packets of a particular 3GPP QoS class over the S1-MME interface.
h323 timeout { admission adm_timeout | discovery disc_timeout | location loc_timeout | registration reg_timeout | unregistration unreg_timeout }
action priority priority action_name arguments
actiondef actiondef_name [ -noconfirm ]
no actiondef actiondef_name
action priority priority action_name arguments
condition priority priority { variable { eq | ge | gt | le | lt | match | ne | nomatch } regex | string_value | int_value | set }
eventbase eventbase_name [ -noconfirm ]
no eventbase eventbase_name
rule priority priority [ event list_of_events ] ruledef ruledef_name actiondef actiondef_name [continue]
local-policy-service name [ -noconfirm ]
actiondef actiondef_name [ -noconfirm ]
eventbase eventbase_name [ -noconfirm ]
ruledef ruledef_name [ -noconfirm ]
This command configures the Mobile IPv6 policy to decide on action to be taken when IPv4/IPv6 subscriber packets need to be tunneled, however, the encapsulated packets exceed tunnel MTU size.
This command enables the setting of event rules. An event is something that occurs in the system which would trigger a set of actions to take place, such as new-call or rat-change.
rule priority priority [ event list_of_events ] ruledef ruledef_name actiondef actiondef_name [continue]
ruledef ruledef_name [ -noconfirm ]
condition priority priority { variable { eq | ge | gt | le | lt | match | ne | nomatch } regex | string_value | int_value | set }
show ipv6 ospf [ database [ adv-routerIPv4-Address ] [ls-type { external | inter-prefix | inter-router | intra-prefix | link | network | router } ] [ verbose ] [ | { grep grep_options | more } ] ] [ debugging ] [ interface ] [ neighbor [ details ] ] [ route [ summary ] ] [ virtual-links ] [ | { grep grep_options | more } ]
cc { local-value-for-scdrs behavior bit_value profile index_bit | prefer { hlrvalue-for-scdrs | local-value-for-scdrs } }
ip { qos-dscp { { downlink | uplink } { background forwarding | conversational forwarding | interactive traffic-handling-priority priority_forwarding | streaming forwarding } + } | source-violation { deactivate [ all-pdp | excludefrom accounting | linked-pdp | tolerance-limit } | discard [ exclude-fromaccounting ] | ignore }
The S-GW now supports the use of the Call Control Profile Configuration Mode commands. The
call-control-profile name command is located in the Global Configuration Mode.
attach access-type { gprs | umts } { all | location-area-list instance list_id }{ failure-code code | user-device-release { before-r99 failure code code | r99-or-later failure code code }
authenticate { activate [ access-type { gprs | umts } ] | first [ access-type { gprs | umts } ] | frequency frequency | primary [ access-type { gprs | umts } ] | all-events [ access-type { gprs | umts } | frequency
frequency | attach [ access-type { gprs | umts } | attach-type { combined | gprs-only } [ access-type { gprs | umts } | frequency
frequency ] | frequency
frequency | inter-rat [ access-type { gprs | umts } ] ] | detach [ access-type { gprs | umts } ] | rau | service-request | sms | tau }
apn { default-apn-profile apn_profile_name | network-identifier apn_net_id apn-profile apn_profile_name | operator-identifier apn_op_id apn-profile apn_profile_name }
associate { apn-remap-table table_id | call-control-profile profile_id }
imei range IMEI_number to
IMEI_number { imei-profile
profile_name | sv
## imeiprofile
profile_name }
This command is a direct replacement for the obsolete mme-policy command and contains the same command set as the MME Policy mode. The S-GW now supports the following modes in the LTE Policy Configuration Mode: LTE Subscriber Map Configuration Mode and LTE TAI Management Database Configuration Mode.
bgcf-proxy [ port value | transport { tcp | udp } port value ] ]
This command enables the P-CSCF/A-BG service to add “P-Emergency-Call-Mode-Preference” header in 200OK to REGISTER message. By default, this command is disabled.
This command replaces the subscribe command in the CSCF Proxy-CSCF Configuration Mode. Use this command to enable subscription to Notification of Signaling Transmission Path Status, as well as IPCAN Change type notification.
When enabled (default), the P-CSCF/A-BG sends AAR to the external PCRF via the Rx interface after UE registration. When disabled, the P-CSCF/A-BG will not subscribe to any event during Registration with PCRF and no diameter session will be established.
This command specifies the key exchange algorithm for the SSL cipher suite. The key exchange algorithm provides the means by which the cryptographic keys for conventional encryption and MAC calculations are exchanged.
This command displays information related to SSL cipher suites since the last restart or clear command. A cipher suite contains the cryptographic algorithms supported by the client.
show ssl cipher-suite [ name name ] [ | { grep grep_options | more } ]
show ssl connection [ list | summary [ service-name name ] ] [ name name ] [ | { grep grep_options | more } ]
show ssl statistics [ service-name name ] [ | { grep grep_options | more } ]
[ no ] ssl template name { ssl-subscriber }
This command specifies the supported version(s) of SSL protocol on the P-CSCF/A-BG. Currently, there is only one supported version of SSL protocol, which is TLS v0.1.
This new command enables the operator to assign a failure code to be included in reject messages if attach rejection is due to access restriction data (ARD) checking in incoming subscriber data (ISD) messages. As well, the operator can disable the ARD checking behavior.
control-packet qos-dscp { af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | be | cs1 | cs2 | cs3 | cs4 | cs5 | cs6 | cs7 | ef }]
priority2 | priority3 } | streaming } qos-dscp { af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | be | cs1 | cs2 | cs3 | cs4 | cs5 | cs6 | cs7 | ef }]
Use this new command to create or delete DSCP templates and to gain access to the new DSCP templates configuration mode. The new DSCP template mode provides commands to configure control and data-packet handling:
|
l
|
control-packet command configures DSCP values for downlink control packets
|
|
l
|
data-packet command configures DSCP values for downlink data packets
|
[ no ] dscp-template <template_name> [-noconfirm]
gn-delay-monitoring [ num-delay <number_delayed> | num-no-delay-for-clear <number_normal> | tolerance-seconds <number_seconds> ]
This command sets a restart counter change window to avoid the resulting service deactivations and activations causing large bursts of network traffic if the restart counter change messages from the GGSN are erroneous.
A new command provides a new default (7) for the number of outstanding packets sent by the linkmgr and also enables the operator to configurable a specific number of outstanding packets sent by the linkmgr. These configurations are applicable for both highspeed and lowspeed narrowband links.
The default number (272) of outstanding packets sent by the linkmgr (MTP2), for both highspeed and lowspeed narrowband SS7 links, has been altered with the addition of this new command. As well, it is now possible to configure a preferred number of outstanding packets.
ptmsi-signature-reallocate { attach | frequency <frequency> | interval <minutes> | ptmsi-reallocation-command | routing-area-update [ update-type [ combined-update | imsi-combined-update | periodic | ra-update ] } [ access-type { gprs | umts } ] [ frequency <frequency> ]
[ remove ] regional-subscription-restriction [ failure-code <code> | user-device-release { before-r99 failure-code <code> | r99-or-later failure-code <code> } ]

IMPORTANT:
The smsc-address-restriction-list command only takes effect if the
smsc-address-restriction-type command has also been configured.
This new command enables the operator to assign a failure code to be included in reject messages if attach rejection is due to access restriction data (ARD) checking in incoming subscriber data (ISD) messages. As well, the operator can disable the ARD checking behavior.
gn-delay-monitoring [ num-delay <number_delayed> | num-no-delay-for-clear <number_normal> | tolerance-seconds <number_seconds> ]
A new command provides a new default (7) for the number of outstanding packets sent by the linkmgr and also enables the operator to configurable a specific number of outstanding packets sent by the linkmgr. These configurations are applicable for both highspeed and lowspeed narrowband links.
The default number (272) of outstanding packets sent by the linkmgr (MTP2), for both highspeed and lowspeed narrowband SS7 links, has been altered with the addition of this new command. As well, it is now possible to configure a preferred number of outstanding packets.
ptmsi-signature-reallocate { attach | frequency <frequency> | interval <minutes> | ptmsi-reallocation-command | routing-area-update [ update-type [ combined-update | imsi-combined-update | periodic | ra-update ] } [ access-type { gprs | umts } ] [ frequency <frequency> ]
[ remove ] regional-subscription-restriction [ failure-code <code> | user-device-release { before-r99 failure-code <code> | r99-or-later failure-code <code> } ]

IMPORTANT:
The smsc-address-restriction-list command only takes effect if the
smsc-address-restriction-type command has also been configured.
This command configures the default TPO policy for a rulebase. For subscribers using a particular rulebase, the default TPO policy configured in it will be used only if in the APN/subscriber profile no TPO policy is configured, and a policy to use is not received from the AAA.
tpo profile tpo_profile_name
This command configures authentication for subscribers or gateways accessing a service using the crypto template. Two new keywords and their respective supporting keywords and variables were added to the
authentication command in the Crypto Template Configuration Mode:
local and
remote.
authentication { eap-profile name [ second-phase eap-profile name ] | gateway { encrypted key value | key clear_text } | local { certificate | pre-shared-key { encrypted key value | key clear_text } | pre-shared-key { encrypted key value | key clear_text } | remote { certificate | eap-profile name [ second-phase eap-profile name ] | pre-shared-key { encrypted key value | key clear_text } }
This command configures the Diameter Credit Control dictionary for the Active Charging Service. In release 12.0, the
dcca-custom21 through
dcca-custom30 options were added to this command.
diameter dictionary { dcca-custom1 | dcca-custom10 | dcca-custom11 | dcca-custom12 | dcca-custom13 | dcca-custom14 | dcca-custom15 | dcca-custom16 | dcca-custom17 | dcca-custom18 | dcca-custom19 | dcca-custom2 | dcca-custom20 | dcca-custom21 | dcca-custom22 | dcca-custom23 | dcca-custom24 | dcca-custom25 | dcca-custom26 | dcca-custom27 | dcca-custom28 | dcca-custom29 | dcca-custom3 | dcca-custom30 | dcca-custom4 | dcca-custom5 | dcca-custom6 | dcca-custom7 | dcca-custom8 | dcca-custom9 | standard }
The allow-empty-ikesa keyword is new in the
ikev2-ikesa command allowing the retention of an IKE SA even after its child SAs have been deleted.
ikev2-ikesa { allow-empty-ikesa | keepalive-user-activity | max-retransmissions number | retransmission-timeout msec | policy error-notification [ invalid-message-id | invalid-syntax ] rekey | setup-timer sec | transform-set list name }
ip address ip_address ip_mask
link-aggregation { distribution { block | random | rotate | simple } | lacp { active | passive } [ rate { auto | fast | slow } ] [ timeout { long | short } ] | master { global group group_number | group group_number | local group group_number } | member { global group group_number | group group_number | local group group_number } | redundancy { standard | switched } [ hold-time sec ] [ preferred slot { card_number | none } ] | toggle-link }
For link-aggregation redundancy standard mode,
hold-time and
preferred slot settings are now accepted and processed. Previously these setting were only observed for
link-aggregation redundancy switched mode.
The keyword destination-network has been added to this command. An IP pool attached to the crypto map can have multiple IPSec tunnels according to the destination of the packet being forwarded to internet.
[ no ] match ip pool pool-name pool_name[ destination-network ip_address { / mask | mask ip_mask } ]
This command controls the pass/drop treatment of traffic while waiting for definitive credit information from the server. The
limted-pass keyword was added to this command. This enables limited access for subscribers when the OCS is unreachable by provisioning a default quota to use until there is a response from the OCS.
pending-traffic-treatment { { { forced-reauth | trigger | validity-expired } drop | pass } | { { noquota | quota-exhausted } buffer | drop | limited-pass volume | pass } }
rule-variable protocol rule priority priority [ in-quotes ]
no rule-variable protocol rule [ priority priority ]
This command enables a Diameter proxy for the Diameter endpoint. A server-mode keyword is added in the 12.0 release to specify that the Diameter proxy should be treated as if it is the server side of the endpoint connection.
[ no ] p2p-detection protocol [ actsync | aimini | all | applejuice | ares | armagettron | battlefld | bittorrent | blackberry | citrix | clubpenguin | crossfire | ddlink | directconnect | dofus | edonkey | facebook | facetime | fasttrack | feidian | fiesta | filetopia | florensia | freenet | fring | funshion | gadugadu | gamekit | gnutella | gmail | gtalk | guildwars | halflife2 | hamachivpn | iax | icecast | imesh | iptv | irc | isakmp | iskoot | itunes | jabber | kontiki | manolito | maplestory | meebo | mgcp | msn | mute | myspace | nimbuzz | octoshape | off | oovoo | openft | orb | oscar | paltalk | pando | pandora | popo | pplive | ppstream | ps3 | qq | qqgame | qqlive | quake | rdp | rfactor | rmstream | secondlife | shoutcast | skinny | skype | slingbox | sopcast | soulseek | splashfighter | ssdp | stealthnet | steam | stun | teamspeak | teamviewer | thunder | tor | truphone | tvants | tvuplayer | twitter | uusee | veohtv | viber | vpnx | vtun | warcft3 | wii | winmx | winny | wmstream | wofkungfu | wofwarcraft | xbox | xdcc | yahoo | yourfreetunnel | zattoo + ]
analyze priority priority { all | category category | x-category string } action { allow | content-insert content_string | discard | redirect-url url | terminate-flow | www-reply-code-and-terminate-flow reply_code } [ edr edr_format_name ]
This command specifies the purpose of setting up a group-of-ruledefs. In support for the GX Alias feature the
gx-alias keyword was added to this command. This enables to specify that a group-of-ruledefs is for Gx-alias purposes.
This command configures the x-header fields to be inserted in HTTP/WSP GET and POST request packets. The
qos and
s-mcc-mnc keywords were added to this command. This enables inserting bearer QoS and serving node MCC + MNC in x-headers.
insert xheader_field_name { string-constant xheader_field_value | variable { bearer { 3gpp { apn | charging-characteristics | charging-id | imei | imsi | qos | rat-type | s-mcc-mnc | sgsn-address } | acr | customer-id | ggsn-address | mdn | radius-calling-station-id | session-id | sn-rulebase | subscriber-ip-address | username } [ encrypt ] | http { host | url } }
no insert xheader_field_name
This command configures the order of fields in the EDR. This command now enables to configure HTTP domain and WSP domain fields in the EDR. For this, from the URL, after http:// (if it is present) is removed, everything until the first “/” is used as the domain.
rule-variable protocol rule priority priority [ in-quotes ]
no rule-variable protocol rule [ priority priority ]
This command configures Stateful Firewall protection for subscribers from Denial-of-Service (DoS) attacks. The following keywords have been added to this command to support IPv6 firewall:
ipv6-dst-options [ invalid-options | unknown-options ] | ipv6-extension-hdrs [ limit extension_limit ] | ipv6-frag-hdr nested-fragmentation | ipv6-hop-by-hop [ invalid-options | jumbo-payload | router-alert | unknown-options ]
[ no ] firewall dos-protection { all | flooding { icmp | tcp-syn | udp } | ftp-bounce | ip-unaligned-timestamp | ipv6-dst-options [ invalid-options | unknown-options ] | ipv6-extension-hdrs [ limit extension_limit ] | ipv6-frag-hdr nested-fragmentation | ipv6-hop-by-hop [ invalid-options | jumbo-payload | router-alert | unknown-options ] | mime-flood | port-scan | source-router | tcp-window-containment | teardrop | winnuke }
This command configures the maximum IPv4/IPv6 packet size (after IP reassembly) allowed over Stateful Firewall. In this release, support for IPv6 firewall is added.
firewall max-ip-packet-size packet_size protocol { icmp | non-icmp }
This command controls routing of packets to protocol analyzers. The basic-and-advanced option is added to
sip keyword for SIP packets to route through SIP analyzer and SIP ALG.
route priority route_priority ruledef ruledef_name analyzer { dns | file-transfer | ftp-control | ftp-data | h323 | http | imap | mms | p2p | pop3 | pptp | rtcp | rtp | rtsp | sdp | secure-http | sip [ advanced | basic-and-advanced ] | smtp | tftp | wsp-connection-less | wsp-connection-oriented } [ description description ]
Virtual APN selection is based on configuration parameters like roaming mode, bearer access service etc. Three more parameters ‘cc-profile’, ‘msisdn-range’, and ‘rat-type’ are added based on them virtual-apn will be selected. ‘CC-profile option specifies the APN for charging characteristics (CC)-profile index. The APN selection will be applied to all subscribers that have msisdn in the configured ‘msisdn-range’. The range has lower and upper limit configured as ‘from’ and ‘to’ respectively. The ‘rat-type’ option configures the APN for rat-type (gan, geran, hspa, utran, wlan) received in the message.
Another addition is the ‘msin-range from <start_refix> to <end_prefix>’ keywords have been added to the MCC-MNC in this command to enable the IMSI prefix based prepaid/postpaid subscribers selection on GGSN. This enhancement extends the MCC+MNC based virtual APN selection to MCC+MNC+MSIN Range based virtual APN selection.
virtual-apn {
gcdr apn-name-to-be-included {
gn |
virtual } |
preference priority apn apn_name {
access-gw-address {
ip_address |
ip_address/mask } |
bearer-access-service svc_name |
cc-profile cc_profile_index |
domain domain_name |
mcc mcc_number mnc mnc_number {
msin-range from msin_range_from to msin_range_to } |
msisdn-range from msisdn_start_range to msisdn_to_range |
rat-type {
gan |
geran |
hspa |
utran |
wlan } |
roaming-mode {
home |
visiting |
roaming } } }
This command configures the APN’s authentication parameters. A new option ‘prefer-chap-pco’ has been added to be used along with msisdn-auth/imsi-auth parameter. With this option, if enabled, GGSN performs CHAP authentication if CHAP parameters are received in Protocol Configuration Options (PCO). However, chap username would be constructed as
msisdn@apn / imsi@apn and chap challenge, chap response parameters should be used as it is from CHAP parameters received in PCO IE. If CHAP parameters are not received in PCO IE of CPC Request, GGSN should do normal PAP authentication with PAP username as
msisdn@apn / imsi@apn (ignoring any PAP username if received).
authentication { [
msid-auth |
imsi-auth [
password-use-pco |
username-strip-apn |
prefer-chap-pco ] |
msisdn-auth [
password-use-pco |
username-strip-apn |
prefer-chap-pco ] |
eap initial-access-request [
authenticate-authorize |
authenticate-only ] | [
allow-noauth ] [
chap preference ] [
mschap preference ] [
pap preference ] }
This command controls copying of IP TOS octet value from user IPv4/IPv6 datagrams to header of GTP tunnel encapsulation.
Earlier the “data-tunnel” option appeared after this command, but it was removed to match with the same command in Subscriber Configuration Mode command.
[ no | default ] ip user-datagram-tos copy
From the Context Configuration Mode, this command creates IPSec transform sets. A new aes-cbc-256 cipher has been added to the existing list of supported cipher options.
[ no ] crypto ipsec transform-set transform_name [ ah { hmac { md5-96 | none | sha1-96 } { esp { hmac { { md5-96 | sha1-96 } { cipher { 3des-cbc | aes-cbc-128 | aes-cbc-256 | des-cbc } } | none } } } } ]
From the GGSN Service Configuration Mode, the sgsn command configures the SGSNs allowed to connect to this GGSN. A new option ‘
mcc-mnc’ has been added to this command to configure the sgsn mcc-mnc to the GGSN service. This implementation gives first preference to “User Location Information” IE in Create PDP Context Request Message (to be sent to PCRF) for determining 3GPP-SGSN-MCC-MNC attribute. For backward compatibility with this old behavior, CLI controlled implementation has been done so that existing deployments are not affected with this change in behavior.
sgsn mcc-mnc { prefer rai | prefer uli }
The apn-selection-default command enables and configures the Default APN feature for use when the normal APN selection process fails. A new keyword,
first-in-subscription, has been added in this release and specifies that the first APN in the subscription record matching the PDN type is used if the UE APN is absent and the default APN is not a match.
apn-selection-default { first-in-subscription | network-identifier apn_net_id [ fallback-apn apn_net_id | reject-blank-apn | require-dns-fail-wildcard | require-subscription-apn ] }
The authenticate command enables authentication for a variety of procedures within services using the configure call control profile. The authentication of SMS procedures has been added in this release.
The associate command configures association between the MME service and other services such as the HSS peer service and the SGs service. An
sctp-param-template keyword and associated variable has been added to this command. The
sctp-param-template keyword allows the MME service to be associated with a configured SCTP parameter template. SCTP parameter templates are configured through the Global Configuration Mode.
Also, the associate sgs-service command now allows the SGs context to be configured.
associate { { egtp-service egtp_svc_name | hss-peer-service hss_svc_name | sctp-param-template template_name | sgs-service sgs_svc_name | sgtpc-service sgtpc_svc_name } [ context ctx_name ] | subscriber-map map_name | tai-mgmt-db database_name }
The bind s1-mme command connects the MME service to the S1-MME interface. In this release, the ability to configure node-to-node IP security has been added. An optional
crypto template keyword and associated variable has been added to this command.
bind s1-mme ipv4-address address [ ipv4-address secondary_address ] | ipv6-address address [ ipv6-address secondary_address ] } [ crypto-template name ] [ max-subscribers number ]
The dns command configures association between the MME service and a named context where a DNS client resides allowing for DNS queries to peer servers or other EPC entities. An
peer-sgsn keyword has been added to this command. The
peer-sgsn keyword allows the MME service to be associated with a context where a DNS client provides DNS queries to locate a peer SGSN.
This command controls routing of packets to protocol analyzers. The h323 keyword is added to this command to route the H323 analyzer for the ruledef.
route priority route_priority ruledef ruledef_name analyzer { dns | file-transfer | ftp-control | ftp-data | h323 | http | imap | mms | p2p | pop3 | pptp | rtcp | rtp | rtsp | sdp | secure-http | sip [ advanced ] | smtp | tftp | wsp-connection-less | wsp-connection-oriented } [ description description ]
The keyword service-context-id has been added to this command.
This command enables the specification of some of the optional fields in the CDRs that the GSN (GGSN, P-GW, or SGSN) generates and/or how the information is to be presented. Several keywords have been added.
gtpp attribute { camel-info | cell-plmn-id | diagnostics | duration-ms | imei | local-record-sequence-number | msisdn | node-id-suffix
STRING | plmn-id | rat | record-extensions rat | sms { destination-number | recording-entity | service-centre } } +
default gtpp attribute { cell-plmn-id | diagnostics | duration-ms | imei | local-record-sequence-number | msisdn | plmn-id | rat | record-extensions rat | sms
{ destination-number | recording-entity | service-centre } }
no gtpp attribute { cell-plmn-id | diagnostics | duration-ms | imei | local-record-sequence-number | msisdn | node-id-suffix | plmn-id | rat | record-extensions rat | sms { destination-number | recording-entity | service-centre } }
insert xheader_field_name { string-constant xheader_field_value | variable { bearer { 3gpp { apn | charging-characteristics | charging-id | imei | imsi | rat-type | sgsn-address } | acr | customer-id | ggsn-address | mdn | radiuscalling-station-id | session-id | sn-rulebase| subscriber-ip-address | username } [ encrypt ] | http { host | url } }
no insert xheader_field_name
Support has been added for serving-node trigger type.
[ no ] neighbor ip_address fall-over bfd multihop
neighbor ip_addres password password
neighbor ip_addres encrypted password encrypted_password
[ no ] neighbor ip_addres password
[ no ] neighbor ip_address srp-activated-soft-clear
The associate command in the S-GW Service Configuration Mode is updated with the new subscriber-map keyword. This new keyword allows the S-GW service to be associated with a subscriber map configured through the LTE Policy Configuration Mode, and thus, to an operator policy.
The S-GW now supports the charging characteristics (cc) commands in the APN Profile and Call Control Profile Configuration Modes.
cc { local-value-for-scdrs behavior bit_value profile index_bit | prefer { hlr-value-for-scdrs | local-value-for-scdrs } }
cc { behavior-bit no-records bit_value | local-value behavior bit_value profile index_bit | prefer { hlr-value | local-value } }
The keyword tls-crypto-template and its options have been added to this command.
bind address ip_address [ cscf-hostname host_name ] [ ipsec-crypto-template template ] [ max-sessions max# ] [ port number ] [ reserved-call-capacity percentage ] [ tls-crypto-template template [ tls-port number ] ] [ transport tcp ] [ use-serviceport-towards-network ]
The keyword signalling-pool has been added to this command. Specifies the name of an existing IP pool from where IP addresses will be used to fill in signalling headers only.
nat-pool name pool_name [ signalling-pool signalling_pool_name ]
The keyword overload and its options have been moved from the CSCF Policy Rules Configuration Mode. The keyword
ibcf-capability has also been added to this command.
policy { accounting interim-interval value | allow-early-media | ibcf-capability domain domain/name | overload [ drop | redirect IPv4_address1 [ weight weight1 ] [ IPv4_address2 [ weight weight2 ] ] ... | reject ] | threshold congestion-control { system-cpu-utilization percent | tolerance percent } }
default policy { allow-early-media | overload | threshold congestion-control { system-cpu-utilization | tolerance } }
no policy { accounting interim-interval | allow-early-media | ibcf-capability domain domain/name | overload [ redirect IPv4_address1 ] [ IPv4_address2 ] ... | threshold congestion-control { system-cpu-utilization | tolerance } }
threshold { { call-setup-failures | call-total-active | error-no-resource | error-presence | error-reg-auth | error-tcp | invite-rcvd-rate | reg-rcvd-rate | reg-total-active | route-failures } high_thresh [ clear low_thresh ] | monitoring }
The keyword cleanup-timer has been added to this command. This timer is used to control how often to check for idle TCP connections.
timeout { hss-wait sec | no-answer sec | policy-interface sec | sip { 3gpp-d sec | 3gpp-t1 msec | 3gpp-t2 sec | 3gpp-t4 sec | d sec | idle-tcp-connection msec [ cleanup-timer msec ] | invite-expiry sec | t1 msec | t2 sec | t4 sec } }
default timeout { hss-wait | no-answer | policy-interface | sip { 3gpp-d | 3gpp-t1 | 3gpp-t2 | 3gpp-t4 | d | idle-tcp-connection | invite-expiry | t1 | t2 | t4 } }
The keyword private-network has been added to this command.
trusted-domain-entity address [ foreign-network ] [ private-network ]
apn-selection-default network-identifier <apn_net_id> [ fallback-apn <apn_net_id> | reject-blank-apn | require-dns-fail-wildcard | require-subscription-apn ] }
|
l
|
first-in-subscription - option instructs the SGSN to use the APN in the first subscription record as a default APN.
|
|
l
|
prefer-single-subscription - option instructs the SGSN to use the APN in subscription record if it is the only record available and normal APN selection fails.
|
apn-selection-default { first-in-subscription | network-identifier <> [ fallback-apn network-identifier <> | fallback-to-first-in-subscription | prefer-single-subscription | reject-blank-apn | require-dns-fail-wildcard | require-subscription-apn ] }
New keywords - negotiation-failure-action - have been added to configure the SGSN's action if there is not a match between the MS and SGSN ciphering algorithm configurations. As well, the call Attach/RAU Rejection message may include a configurable GMM failure code.
The custom33 keyword has been enabled to allow inclusion of the custom33 dictionary in the billing context configuration and to associate the dictionary with the GTPP server group for the billing context.
The rai keyword has been added to configure the SGSN to include the RAI of the SGSN in CPCQ and UPCQ messages to the GGSN.
The description keyword has been added to the IMSI range configuration to clarify use of the ranges when Release 9.0 Operator Policy configurations are converted for use with the Operator Policy functionality of Release 12.0.
|
l
|
mtp2-tmr-t1 - ITU default value is 40s and ANSI default value is 13s
|
|
l
|
mtp2-tmr-t2 - ITU default value is 5s, ANSI default value is 11.5s
|
|
l
|
mtp2-tmr-t3 - ITU default value is 1.5s, ANSI default value is 11.5s
|
|
l
|
mtp2-tmr-t4e - ITU default value is 500ms, ANSI default value is 600ms
|
|
l
|
mtp2-tmr-t4n - ITU default value is 8.2s, ANSI default value is 2.3s
|
|
l
|
mtp2-tmr-t1 - ITU default value is 300s and ANSI default value is 170s
|
|
l
|
mtp2-tmr-t2 - ITU default value is 5s, ANSI default value is 23s
|
|
l
|
mtp2-tmr-t3 - ITU default value is 1.5s, ANSI default value is 11.5s
|
|
l
|
mtp2-tmr-t4e - ITU default value is 500ms, ANSI default value is 5s
|
network-initiated-pdp-activation { allow { primary | secondary } | restrict { primary | secondary } } access type { gprs | umts } { all | location-area-list instance <instance> } failure-code <code>
New mbr-map-down and
mbr-map-up keywords enable override mapping to replace a maximum bit rate (MBR) received from the HLR with locally configured MBR.
qos class { background | conversational | interactive | streaming } [ mbr-map-down from from_kbps to to_kbps | mbr-map-up from from_kbps to to_kbps ]
[ remove ] qos class { background | conversational | interactive | streaming } [ all-values | arp | gbr-down | gbr-up | mbr-down | mbr-map-down | mbr-map-up | mbr-up | min-transfer-delay | residual-bit-error-rate | sdu | thp ]
Include this keyword with the following commands in the PSP configuration mode. Enter it before entering a value. This enables configuration with finer granuality - in 10 millisecond units.
sgsn offload [ gprs-service srvc_name | sgsn-service srvc_name } srvc_name { activating | connecting [ nri-value <nri_value> | stop [ target-nri <target_nri> target-count <target_count> ] | t3312-timeout <seconds> [ target-nri <target_nri> target-count <target_count>] | target-nri <target_nri> target-count <target_count> }
|
l
|
• reset ack-timeout range has been expanded from 5 - 10 to 5 - 60 seconds. Default has increased to 20 seconds.
|
|
l
|
• reset guard-timeout range has been expanded from 5 - 10 to 5 - 60 seconds.
|
|
l
|
• tigoc-timeout range has been expanded from 1 - 10 to 1 - 60 seconds
|
|
l
|
• tintc-timeout range has been expanded from 1 - 10 to 1 - 60 seconds and the default has been increased to 30 seconds.
|
The default (now 30 seconds) and maximum range of seconds (now 1 to 300) configurable for the SNDCP reassembly timer have been changed to facilitate support for the reordering of sub-network dependent convergence protocol N-PDU segments that arrive out-of-order.
apn-selection-default network-identifier <apn_net_id> [ fallback-apn <apn_net_id> | reject-blank-apn | require-dns-fail-wildcard | require-subscription-apn ] }
|
l
|
first-in-subscription - option instructs the SGSN to use the APN in the first subscription record as a default APN.
|
|
l
|
prefer-single-subscription - option instructs the SGSN to use the APN in subscription record if it is the only record available and normal APN selection fails.
|
apn-selection-default { first-in-subscription | network-identifier <> [ fallback-apn network-identifier <> | fallback-to-first-in-subscription | prefer-single-subscription | reject-blank-apn | require-dns-fail-wildcard | require-subscription-apn ] }
New keywords - negotiation-failure-action - have been added to configure the SGSN's action if there is not a match between the MS and SGSN ciphering algorithm configurations. As well, the call Attach/RAU Rejection message may include a configurable GMM failure code.
The custom33 keyword has been enabled to allow inclusion of the custom33 dictionary in the billing context configuration and to associate the dictionary with the GTPP server group for the billing context.
The rai keyword has been added to configure the SGSN to include the RAI of the SGSN in CPCQ and UPCQ messages to the GGSN.
The description keyword has been added to the IMSI range configuration to clarify use of the ranges when Release 9.0 Operator Policy configurations are converted for use with the Operator Policy functionality of Release 12.0.
|
l
|
mtp2-tmr-t1 - ITU default value is 40s and ANSI default value is 13s
|
|
l
|
mtp2-tmr-t2 - ITU default value is 5s, ANSI default value is 11.5s
|
|
l
|
mtp2-tmr-t3 - ITU default value is 1.5s, ANSI default value is 11.5s
|
|
l
|
mtp2-tmr-t4e - ITU default value is 500ms, ANSI default value is 600ms
|
|
l
|
mtp2-tmr-t4n - ITU default value is 8.2s, ANSI default value is 2.3s
|
|
l
|
mtp2-tmr-t1 - ITU default value is 300s and ANSI default value is 170s
|
|
l
|
mtp2-tmr-t2 - ITU default value is 5s, ANSI default value is 23s
|
|
l
|
mtp2-tmr-t3 - ITU default value is 1.5s, ANSI default value is 11.5s
|
|
l
|
mtp2-tmr-t4e - ITU default value is 500ms, ANSI default value is 5s
|
network-initiated-pdp-activation { allow { primary | secondary } | restrict { primary | secondary } } access type { gprs | umts } { all | location-area-list instance <instance> } failure-code <code>
New mbr-map-down and
mbr-map-up keywords enable override mapping to replace a maximum bit rate (MBR) received from the HLR with locally configured MBR.
qos class { background | conversational | interactive | streaming } [ mbr-map-down from from_kbps to to_kbps | mbr-map-up from from_kbps to to_kbps ]
[ remove ] qos class { background | conversational | interactive | streaming } [ all-values | arp | gbr-down | gbr-up | mbr-down | mbr-map-down | mbr-map-up | mbr-up | min-transfer-delay | residual-bit-error-rate | sdu | thp ]
Include this keyword with the following commands in the PSP configuration mode. Enter it before entering a value. This enables configuration with finer granuality - in 10 millisecond units.
sgsn offload [ gprs-service srvc_name | sgsn-service srvc_name } srvc_name { activating | connecting [ nri-value <nri_value> | stop [ target-nri <target_nri> target-count <target_count> ] | t3312-timeout <seconds> [ target-nri <target_nri> target-count <target_count>] | target-nri <target_nri> target-count <target_count> }
|
l
|
• reset ack-timeout range has been expanded from 5 - 10 to 5 - 60 seconds. Default has increased to 20 seconds.
|
|
l
|
• reset guard-timeout range has been expanded from 5 - 10 to 5 - 60 seconds.
|
|
l
|
• tigoc-timeout range has been expanded from 1 - 10 to 1 - 60 seconds
|
|
l
|
• tintc-timeout range has been expanded from 1 - 10 to 1 - 60 seconds and the default has been increased to 30 seconds.
|
The default (now 30 seconds) and maximum range of seconds (now 1 to 300) configurable for the SNDCP reassembly timer have been changed to facilitate support for the reordering of sub-network dependent convergence protocol N-PDU segments that arrive out-of-order.
This command specifies the number of duplicate ACKs required for fast retransmission. The
dynamic keyword was added to this command. This enables to dynamically change the number of duplicate ACKs required for fast retransmission based on the number of in-flight packets (one-third of the in-flight packets, subject to a minimum of two). This enables to eliminate spurious retransmissions when packet reordering in the network is high.
gtpu reorder { context {
ppp } |
sequence-numbers {
ipv4 |
ppp |
ipv4-ppp |
ppp-ipv4 } |
timeout time }
[ no ]
gtpu reorder {
context |
sequence-numbers {
ipv4 |
ppp |
ipv4-ppp |
ppp-ipv4 } }
[ default | no ]
gtpu udp-checksum insert
policy overload { redirect address1 [ weight weight1 ] [ address2 [ weight
weight2 ] ] ... | reject [ use-reject-code { admin-prohibited | insufficient-resources } ] }
This command has been removed from the 12.0 release and replaced with the signaling-bearer-loss command in the CSCF PCRF-Policy-Control Configuration Mode.
This command, in the SGTP Service configuration mode, has been deprecated because the default behavior has been modified so that the SGSN verifies the remote restart counter changes observed in the PDP establishment messages and to ensure no mistaken configuration leads to genuine GGSN restarts being ignored. For information about the behavioral change, see the
New Features section.