ACS Configuration Mode Commands


ACS Configuration Mode Commands
 
The ACS Configuration Mode is used to manage active charging service (ACS)/enhanced charging service (ECS) configurations. ACS provides flexible, differentiated, and detailed billing to subscribers through Layer 3 through Layer 7 packet inspection and the ability to integrate with back-end billing mediation systems.
note_smallImportant: In this release only one active charging service can be configured in a system.
note_smallImportant: The commands or keywords/variables that are available are dependent on platform type, product version, and installed license(s).
access-ruledef
This command allows you to create/configure/delete access rule definitions (ruledefs).
note_smallImportant: This command is available only in StarOS 8.1 and in StarOS 9.0 and later releases, and must be used to configure the Policy-based Stateful Firewall and NAT features.
Product
NAT, FW
Privilege
Security Administrator, Administrator
Syntax
access-ruledef access_ruledef_name [ -noconfirm ]
no access-ruledef access_ruledef_name
no
If previously configured, deletes the specified access ruledef.
access_ruledef_name
Specifies the access ruledef to add/configure/delete.
access_ruledef_name must be the name of an access ruledef, and must be an alphanumeric string of 1 through 63 characters, and can contain punctuation characters.
If the named access ruledef does not exist, it is created, and the CLI mode changes to the Firewall-and-NAT Access Ruledef Configuration Mode wherein the ruledef can be configured.
If the named access ruledef already exists, the CLI mode changes to the Firewall-and-NAT Access Ruledef Configuration Mode for that access ruledef.
-noconfirm
Specifies that the command must execute without prompting for confirmation.
Usage
Use this command to create/configure/delete an access ruledef. A ruledef contains different conditions/criteria to permit, drop, or reject a packet/connection/traffic based on one or more parameters. The ruledef name must be unique within the service. Host pool, port map, IMSI pool, and access/firewall, routing, and charging ruledefs configured in the active charging service must all have unique names.
note_smallImportant: An access ruledef can be referenced by multiple Stateful Firewall rulebases.
note_smallImportant: Access ruledefs are different from ACS ruledefs.
Also see the Firewall-and-NAT Access Ruledef Configuration Mode Commands chapter.
Example
The following command creates an access ruledef named ruledef1, and enters the Firewall-and-NAT Access Ruledef Configuration Mode:
access-ruledef ruledef1
bandwidth-policy
This command allows you to create/configure/delete bandwidth policies.
Product
ACS
Privilege
Security Administrator, Administrator
Syntax
bandwidth-policy bandwidth_policy_name [ -noconfirm ]
no bandwidth-policy bandwidth_policy_name
no
If previously configured, deletes the specified bandwidth policy from the active charging service.
bandwidth_policy_name
Specifies the bandwidth policy to add/configure/delete.
bandwidth_policy_name must be the name of a bandwidth policy, and must be an alphanumeric string of 1 through 63 characters.
If the named bandwidth policy does not exist, it is created, and the CLI mode changes to the ACS Bandwidth Policy Configuration Mode wherein the bandwidth policy can be configured.
If the named bandwidth policy already exists, the CLI mode changes to the ACS Bandwidth Policy Configuration Mode for that bandwidth policy.
-noconfirm
Specifies that the command must execute without prompting for confirmation.
Usage
Use this command to create/configure/delete a bandwidth policy.
Also see the ACS Bandwidth Policy Configuration Mode Commands chapter.
Example
The following command creates a bandwidth policy named test73, and enters the ACS Bandwidth Policy Configuration Mode:
bandwidth-policy test73
buffering-limit
This command allows you to configure packet buffering limits.
Product
ACS
Privilege
Security Administrator, Administrator
Syntax
buffering-limit { flow-max-packets flow_max_packets | subscriber-max-packets subscriber_max_packets }
{ default | no } buffering-limit { flow-max-packets | subscriber-max-packets }
default
Configures this command with its default setting.
Default: No limit, other than the maximum amount of available memory.
no
Disables the buffering limit configuration.
flow-max-packets flow_max_packets
Specifies the maximum number of packets that can be buffered per flow.
flow_max_packets must be an integer from 1 through 255.
subscriber-max-packets subscriber_max_packets
Specifies the maximum number of packets that can be buffered per subscriber.
subscriber_max_packets must be an integer from 1 through 255.
Usage
Use this command to configure the limits for buffering packets sent by a subscriber, while waiting for a response from the Diameter server. Packets need to be buffered for various reasons, such as, waiting for Credit Control Authorization or waiting for the result of a content filtering rating request.
Example
The following command sets the buffering limit per flow to 55:
buffering-limit flow-max-packets 55
charging-action
This command allows you to create/configure/delete ACS charging actions.
note_smallImportant: A maximum of 2048 charging actions can be configured in the active charging service.
Product
ACS
Privilege
Security Administrator, Administrator
Syntax
[ no ] charging-action charging_action_name [ -noconfirm ]
no
If previously configured, deletes the specified charging action from the active charging service.
charging_action_name
Specifies the charging action to add/configure/delete.
charging_action_name must be the name of a charging action, and must be an alphanumeric string of 1 through 63 characters and can contain punctuation characters.
If the named charging action does not exist, it is created, and the CLI mode changes to the ACS Charging Action Configuration Mode wherein the charging action can be configured.
If the named charging action already exists, the CLI mode changes to the ACS Charging Action Configuration Mode for that charging action.
The charging action’s name must be unique in the active charging service. Up to 2048 charging actions can be configured in the active charging service.
-noconfirm
Specifies that the command must execute without prompting for confirmation.
Usage
Use this command to create/configure/delete an ACS charging action.
A charging action represents actions to be taken when a configured rule is matched. Actions could range from generating an accounting record (for example, an EDR) to dropping the IP packet, etc. The charging action will also determine the metering principle—whether to count retransmitted packets and which protocol field to use for billing (L3/L4/L7 etc).
Also see the ACS Charging Action Configuration Mode Commands chapter.
Example
The following command creates a charging action named action123 and changes to the ACS Charging Action Configuration Mode:
charging-action action123
content-filtering category match-method
This command allows you to specify the match method to look up URLs in the Category-based Content Filtering database.
Product
CF
Privilege
Security Administrator, Administrator
Syntax
content-filtering category match-method { exact | generic }
default content-filtering category match-method
default
Configures this command with its default setting.
Default: generic
exact
Specifies the exact-match method, wherein URLs are rated only on exact match with URLs present in the Category-based Content Filtering database.
generic
Specifies the generic match method, wherein normalization, multi-lookups, and rollback algorithms are applied to URLs during look up. URLs are rated on generic match with URLs present in the Category-based Content Filtering database.
Usage
Use this command to set the match method to look up URLs in the Category-based Content Filtering database.
Example
The following command sets the exact-match method to look up URLs in the Category-based Content Filtering database:
content-filtering category match-method exact
content-filtering category policy-id
This command allows you to create/configure/delete Content Filtering Category Policies for Category-based Content Filtering support.
note_smallImportant: A maximum of 64 Content Filtering Category Policies can be configured in the active charging service.
Product
CF
Privilege
Security Administrator, Administrator
Syntax
content-filtering category policy-id cf_policy_id [ description [ description_string ] ] [ -noconfirm ]
no content-filtering category policy-id cf_policy_id
no
If previously configured, deletes the specified Content Filtering Category Policy from the active charging service.
cf_policy_id
Specifies the Content Filtering Category Policy ID to add/configure/delete.
cf_policy_id must be an integer from 1 through 4294967295.
If the specified policy ID does not exist, it is created and the CLI mode changes to the Content Filtering Policy Configuration Mode, wherein the policy can be configured.
If the specified policy ID already exists, the CLI mode changes to the Content Filtering Policy Configuration Mode for that policy.
description [ description_string ]
Specifies a description for the Content Filtering Category Policy.
description_string must be an alphanumeric string of 1 through 31 characters.
Note that both description and description_string are optional.
description description_string” saves description_string as the new description.
description” removes the previously specified description.
This description is displayed in the output of the “show content-filtering category policy-id id id” and “show active-charging service name service_name” commands.
-noconfirm
Specifies that the command must execute without prompting for confirmation.
Usage
Use this command to create/configure/delete a Content Filtering Category Policy.
Also see the Content Filtering Policy Configuration Mode Commands chapter.
Example
The following command creates a Content Filtering Policy with the ID 101, and enters the Content Filtering Policy Configuration Mode:
content-filtering category policy-id 101
credit-control
This command allows you to enable/disable Prepaid Credit Control Configuration Mode.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] credit-control [ group cc_group_name ]
no
Disables the specified Prepaid Credit Control Application configuration.
group cc_group_name
note_smallImportant: This option is only available in StarOS 8.1 and later releases.
Specifies the credit control group to add/configure/delete.
cc_group_name must be the name of a credit control group, and must be an alphanumeric string of 1 through 63 characters.
If the named credit control group does not exist, it is created, and the CLI mode changes to the Credit Control Configuration Mode, wherein the credit control group can be configured.
If the named credit control group already exists, the CLI mode changes to the Credit Control Configuration Mode for that credit control group.
Creating different credit control groups enables applying different credit control configurations (DCCA dictionary, failure-handling, session-failover, Diameter endpoint selection, etc.) to different subscribers on the same system.
Without credit control groups, only one credit control configuration is possible on a system. All the subscribers in the system will have to use the same configuration.
Usage
Use this command to enable/disable Prepaid Credit Control Configuration for RADIUS/Diameter charging mode.
Also see the Credit Control Configuration Mode Commands chapter.
Example
The following command enables prepaid credit control accounting to use RADIUS and/or Diameter interface mode.
credit-control
diameter credit-control
Description This command has been deprecated, and is replaced by the credit-control command.
edr-format
This command allows you to create/configure/delete ACS Event Data Record (EDR) formats.
Product
All
Privilege
Security Administrator, Administrator
Syntax
edr-format edr_format_name [ -noconfirm ]
no edr-format edr_format_name
no
If previously configured, deletes the specified EDR format from the active charging service.
edr_format_name
Specifies the EDR format to add/configure/delete.
edr_format_name must be a string of 1 through 63 characters.
If the named EDR format does not exist, it is created, and the CLI mode changes to the EDR Format Configuration Mode wherein the EDR format can be configured.
If the named EDR format already exists, the CLI mode changes to the EDR Format Configuration Mode for that EDR format.
The EDR format name must be unique in the active charging service. Up to 256 combined total EDR plus User Data Record (UDR) formats can be configured in the active charging service.
-noconfirm
Specifies that the command must execute without prompting for confirmation.
Usage
Use this command to create/configure/delete an EDR format.
Also see the EDR Format Configuration Mode Commands chapter.
Example
The following command creates an EDR format named edr_format1:
edr-format edr_format1
edr-udr-flow-control
This command allows you to enable/disable flow control between Session Managers (SessMgrs) and the CDRMOD process.
Product
All
Privilege
Security Administrator, Administrator
Syntax
edr-udr-flow-control [ unsent-queue-size unsent_queue_size ]
{ default | no } edr-udr-flow-control
no
If previously enabled, disables the flow control configuration.
default
Configures this command with its default setting.
Default: Flow control is enabled; unsent-queue-size: 375
unsent-queue-size unsent_queue_size
Specifies the flow control unsent queue size at Session Manager (SessMgr) level.
unsent_queue_size must be an integer from 1 through 2500.
Usage
Use this command to enable Flow Control between SessMgr and the CDRMOD process, and configure the unsent queue size.
Example
The following command enable Flow Control between SessMgrs and the CDRMOD process, and configure the unsent queue size to 1000:
edr-udr-flow-control unsent-queue-size 1000
end
Exits the current configuration mode and returns to the Exec mode.
Product
All
Privilege
Security Administrator, Administrator
Syntax
end
Usage
Use this command to return to the Exec mode.
exit
Exits the current mode and returns to the parent configuration mode.
Product
All
Privilege
Security Administrator, Administrator
Syntax
exit
Usage
Use this command to return to the parent configuration mode.
fair-usage deact-margin
This command allows you to configure the deactivate margin for the Fair Usage feature.
Product
ACS, ADC, CF, FW, NAT
Privilege
Security Administrator, Administrator
Syntax
fair-usage deact-margin deactivate_margin
default fair-usage deact-margin
default
Configures this command with its default setting.
Default: 5 percent
deactivate_margin
Specifies that Fair Usage monitoring must be disabled when the instance-level credit usage goes deactivate_margin percentage below usage_threshold.
deactivate_margin is a percentage value, and must be an integer from 1 through 100.
Usage
Use this command to configure when to disable the Fair Usage feature, which enables SessMgr instance-level load balancing for in-line service features, and resource usage control for subscribers. For additional information, refer to the feature description in the Enhanced Charging Service Administration Guide.
Example
The following command configures the deactivate margin to disable Fair Usage monitoring to 10% below the session resource usage threshold (65%):
fair-usage deact-margin 10
fair-usage tcp-proxy
This command allows you to configure the maximum number of flows for which TCP Proxy can be used per subscriber, and what portion of ECS memory should be reserved for TCP Proxy flows.
Product
ACS
Privilege
Security Administrator, Administrator
Syntax
fair-usage tcp-proxy { max-flows-per-subscriber max_flows_subscriber | memory-share memory_share }
max-flows-per-subscriber max_flows_subscriber
Specifies the maximum number of flows for which TCP Proxy can be used per subscriber.
This limit is per Session Manager.
max_flows_subscriber must be an integer from 1 through 1000.
Default: 5
memory-share memory_share
Specifies what portion of ECS memory should be reserved for TCP Proxy flows.
memory_share is a percentage value, and must be an integer from 1 through 100.
Default: 10%
Usage
Use this command to configure the maximum number of flows for which TCP Proxy can be used for a subscriber, and what portion of ECS memory should be reserved for TCP Proxy flows.
Example
The following command configures 100 as the maximum number of flows for which TCP Proxy can be enabled for the subscriber:
fair-usage tcp-proxy max-flows-per-subscriber 100
fair-usage threshold-percent
This command allows you to configure the usage threshold to start Fair Usage monitoring.
Product
ACS, ADC, CF, FW, NAT
Privilege
Security Administrator, Administrator
Syntax
fair-usage threshold-percent usage_threshold
default fair-usage threshold-percent
default
Configures this command with its default setting.
Default: 50 percent
usage_threshold
Specifies the threshold to start Fair Usage monitoring. Until the credit usage hits this threshold, all session resource allocation is allowed. On crossing this threshold, any new resource allocation request is evaluated before being allowed or denied.
usage_threshold is a percentage value, and must be an integer from 1 through 100.
Usage
Use this command to configure the threshold to enable the Fair Usage feature, which enables SessMgr instance-level load balancing for in-line service features, and resource usage control for subscribers. For additional information, refer to the feature description in the Enhanced Charging Service Administration Guide.
Example
The following command enables the Fair Usage feature, and configures the session resource usage threshold to start Fair Usage monitoring to 75%:
fair-usage threshold-percent 75
firewall flow-recovery
This command allows you to configure the Stateful Firewall’s Flow Recovery feature.
Product
FW
Privilege
Security Administrator, Administrator
Syntax
firewall flow-recovery { { downlink [ [ timeout timeout ] [ no-flow-creation ] + ] } | { uplink [ timeout timeout ] } }
{ default | no } firewall flow-recovery { downlink | uplink }
default
Configures this command with its default setting.
Default: Downlink and uplink flow recovery enabled, 300 seconds
no
Disables the flow recovery configuration.
downlink | uplink
Specifies the packets:
downlink: Enables flow recovery for packets from the downlink direction.
uplink: Enables flow recovery for packets from the uplink direction.
timeout timeout
Specifies the Stateful Firewall Flow Recovery Timeout setting, in seconds.
timeout must be an integer from 1 through 86400.
Default: 300 seconds
no-flow-creation
Specifies not to create data session/flow-related information for downlink-initiated packets (from the Internet to the subscriber) while the firewall downlink flow-recovery timer is running, but send to subscriber.
Usage
Use this command to configure Stateful Firewall Flow Recovery feature.
note_smallImportant: NAT flows will not be recovered.
Example
The following command configures Stateful Firewall Flow Recovery for packets in downlink direction with a timeout setting of 600 seconds:
firewall flow-recovery downlink timeout 600
firewall max-ip-packet-size
Description In StarOS 8.1 and later releases, for Rulebase-based Stateful Firewall this command is available in the ACS Rulebase Configuration Mode, and for Policy-based Stateful Firewall in the Firewall-and-NAT Policy Configuration Mode. In StarOS 8.3, this command is available in the ACS Rulebase Configuration Mode.
firewall mime-flood
Description In StarOS 8.1 and later releases, for Rulebase-based Stateful Firewall this command is available in the ACS Rulebase Configuration Mode, and for Policy-based Stateful Firewall in the Firewall-and-NAT Policy Configuration Mode. In StarOS 8.3, this command is available in the ACS Rulebase Configuration Mode.
firewall nat-alg
This command enables/disables Network Address Translation (NAT) Application Level Gateways (ALGs).
Product
NAT
Privilege
Security Administrator, Administrator
Syntax
[ default | no ] firewall nat-alg { all | ftp | h323 | pptp | rtsp | sip } [ ipv4-and-ipv6 | ipv4-only | ipv6-only ]
default
Configures this command with the default setting for the specified parameter.
Default:
ftp: Enabled
h323: Enabled
pptp: Disabled
rtsp: Disabled
sip: Disabled
no
Disables all/ or the specified NAT ALG configuration. When disabled, the ALG(s) will not do any payload translation for NATd calls.
all | ftp | h323 | pptp | rtsp | sip
Specifies the NAT ALG to enable/disable.
all: Enables/disables all of the following NAT ALGs.
ftp: Enables/disables File Transfer Protocol (FTP) NAT ALG.
h323: Enables/disables H323 NAT ALG.
pptp: Enables/disables Point-to-Point Tunneling Protocol (PPTP) NAT ALG.
rtsp: Enables/disables Real Time Streaming Protocol (RTSP) ALG.
sip: Enables/disables Session Initiation Protocol (SIP) NAT ALG.
ipv4-and-ipv6 | ipv4-only | ipv6-only
Specifies to enable/disable NAT44/NAT64 ALG.
ipv4-and-ipv6: Enables both NAT44 and NAT64 ALGs.
ipv4-only: Enables only NAT44 ALG.
ipv6-only: Enables only NAT64 ALG.
Usage
Use this command to enable/disable NAT ALGs.
To enable NAT ALG processing, in addition to this configuration, ensure that the routing rule for that particular protocol is added in the rulebase.
Example
The following command enables FTP NAT ALG:
firewall nat-alg ftp
The following command disables FTP NAT ALG:
no firewall nat-alg ftp
The following command enables FTP NAT ALG, and disables H.323, PPTP, RTSP, and SIP NAT ALGs:
default firewall nat-alg all
firewall no-ruledef-matches
Description In StarOS 8.1 and later releases, this command is available in the ACS Rulebase Configuration Mode.
firewall port-scan
This command allows you to configure Stateful Firewall’s Port Scan Detection algorithm.
Product
FW
Privilege
Security Administrator, Administrator
Syntax
firewall port-scan { connection-attempt-success-percentage { non-scanner | scanner } percentage | inactivity-timeout inactivity_timeout | protocol { tcp | udp } response-timeout response_timeout | scanner-policy { block inactivity-timeout inactivity_timeout | log-only } }
default firewall port-scan { connection-attempt-success- percentage { non-scanner | scanner } | inactivity-timeout | protocol { tcp | udp } response-timeout | scanner-policy }
default
Configures this command with its default setting.
connection-attempt-success-percentage { non-scanner | scanner } percentage
Specifies the connection attempt success percentage:
non-scanner: Specifies the connection attempt success percentage for a non-scanner.
percentage must be an integer from 60 through 99.
Default: 70%
scanner: Specifies the connection attempt success percentage for a scanner.
percentage must be an integer from 1 through 40.
Default: 30%
inactivity-timeout inactivity_timeout
Specifies the port scan inactivity timeout period, in seconds.
inactivity_timeout must be an integer from 60 through 1800.
Default: 300 seconds
protocol { tcp | udp } response-timeout response_timeout
Specifies transport protocol and response-timeout period:
tcp: Specifies response timeout for TCP.
response_timeout must be an integer from 3 through 30.
udp: Specifies response timeout for UDP.
response_timeout must be an integer from 3 through 60.
Default: 3 seconds
scanner-policy { block inactivity-timeout inactivity_timeout | log-only }
Specifies how to treat packets from a source address that has been detected as a scanner:
block inactivity-timeout inactivity_timeout: Specifies blocking any subsequent traffic from the scanner. If the scanner is found to be inactive for the inactivity-timeout period, then the scanner is no longer blocked, and traffic is allowed.
inactivity_timeout specifies the scanner inactivity timeout period, in seconds, and must be an integer from 1 through 4294967295.
log-only: Specifies logging scanner information without blocking scanner traffic.
Default: log-only
Usage
Use this command to configure the Stateful Firewall Port Scan Detection algorithm enabled by the firewall dos-protection port-scan CLI command.
This protection tracks all uplink source addresses, and the packets they initiate towards all subscribers that have this protection enabled.
Example
The following command configures the Stateful Firewall Port Scan inactivity timeout setting to 900 seconds:
firewall port-scan inactivity-timeout 900
firewall ruledef
This command allows you to create/configure/delete Stateful Firewall ruledefs.
note_smallImportant: This command is available only in StarOS 8.1. This command must be used to configure the Rulebase-based Stateful Firewall and NAT features.
Product
FW
Privilege
Security Administrator, Administrator
Syntax
firewall ruledef firewall_ruledef_name [ -noconfirm ]
no firewall ruledef firewall_ruledef_name
no
If previously configured, deletes the specified Stateful Firewall ruledef from the active charging service.
firewall_ruledef_name
Specifies the Stateful Firewall ruledef to add/configure/delete.
firewall_ruledef_name must be the name of a Stateful Firewall ruledef, and must be a string of 1 through 63 characters, and can contain punctuation characters.
If the named ruledef does not exist, it is created, and the CLI mode changes to the Firewall Ruledef Configuration Mode wherein the ruledef can be configured.
If the named Stateful Firewall ruledef already exists, the CLI mode changes to the Firewall Ruledef Configuration Mode for that ruledef.
-noconfirm
Specifies that the command must execute without prompting for confirmation.
Usage
Use this command to create/configure/delete a Stateful Firewall ruledef. A Stateful Firewall ruledef contains different conditions to permit, drop, or reject a packet/connection/traffic based on one or more parameters. The ruledef name must be unique with in the active charging service. Host pool, port map, IMSI pool, and Stateful Firewall, routing, and charging ruledefs must have unique names.
A Stateful Firewall ruledef can be referenced by multiple Stateful Firewall rulebases.
note_smallImportant: The Stateful Firewall ruledefs are different from the ACS ruledefs.
Also see the Firewall-and-NAT Access Ruledef Configuration Mode Commands chapter.
Example
The following command creates a Stateful Firewall ruledef named fw_ruledef1, and enters the Firewall Ruledef Configuration Mode:
firewall ruledef fw_ruledef1
firewall tcp-syn-flood-intercept
Description In StarOS 8.1 and later releases, for Rulebase-based Stateful Firewall this command is available in the ACS Rulebase Configuration Mode, and for Policy-based Stateful Firewall in the Firewall-and-NAT Policy Configuration Mode. In StarOS 8.3, this command is available in the ACS Rulebase Configuration Mode.
firewall track-list
This command allows you to configure the maximum number of server IP addresses to be tracked that are involved in any kind of denial-of-service (DoS) attacks.
Product
FW
Privilege
Security Administrator, Administrator
Syntax
firewall track-list attacking-servers no_of_servers
{ default | no } firewall track-list attacking-servers
default
Configures this command with its default setting.
Default: 10 servers
no
note_smallImportant: This command variant is available only in StarOS 8.3 and later releases.
If previously configured, deletes the configuration from the active charging service.
attacking-servers no_of_servers
Specifies the maximum number of servers to track.
no_of_servers must be an integer from 1 through 100.
Usage
Use this command to configure the maximum number of server IP addresses to be tracked that are involved in any kind of DoS attacks.
Example
The following command configures the maximum number of server IP addresses to be tracked that are involved in any kind of DoS attacks to 20:
firewall track-list attacking-servers 20
fw-and-nat action
This command allows you to create/configure/delete Firewall-and-NAT actions.
note_smallImportant: This command is available only in 11.0 and later releases. This command must be used to configure the Stateful Firewall and NAT Action.
Product
FW, NAT
Privilege
Security Administrator, Administrator
Syntax
fw-and-nat action action_name [ -noconfirm ]
no fw-and-nat action action_name
no
If previously configured, deletes the specified Firewall-and-NAT action from the active charging service.
action_name
Specifies the Firewall-and-NAT action to add/configure/delete.
action_name must be the name of a Firewall-and-NAT action, and must be an alphanumeric string of 1 through 63 characters.
-noconfirm
Specifies that the command must execute without prompting for confirmation.
Usage
Use this command to create/configure/delete a Firewall-and-NAT action.
Entering this command results in the following prompt:
[context_name]hostname(config-fw-and-nat-action)#
Also see the Firewall-and-NAT Action Configuration Mode Commands chapter.
Example
The following command creates a Firewall-and-NAT action named test1, and changes to the Firewall-and-NAT Action Configuration Mode:
fw-and-nat action test1
fw-and-nat policy
This command allows you to create/configure/delete Firewall-and-NAT policies.
note_smallImportant: This command is available only in StarOS 8.1 and in StarOS 9.0 and later releases. This command must be used to configure the Policy-based Stateful Firewall and NAT features.
Product
FW, NAT
Privilege
Security Administrator, Administrator
Syntax
fw-and-nat policy policy_name [ -noconfirm ]
no fw-and-nat policy policy_name
no
If previously configured, deletes the specified Firewall-and-NAT policy from the active charging service.
note_smallImportant: When a Firewall-and-NAT policy is deleted, for all subscribers using the policy, Stateful Firewall and NAT processing is disabled, also ACS sessions for the subscribers are dropped. In case of session recovery, the calls are recovered but with Stateful Firewall and NAT disabled.
policy_name
Specifies the Firewall-and-NAT policy to add/configure/delete.
policy_name must be the name of a Firewall-and-NAT policy, and must be an alphanumeric string of 1 through 63 characters.
-noconfirm
Specifies that the command must execute without prompting for confirmation.
Usage
Use this command to create/configure/delete a Firewall-and-NAT policy.
Entering this command results in the following prompt:
[context_name]hostname(config-fw-and-nat-policy)#
Also see the Firewall-and-NAT Policy Configuration Mode Commands chapter.
Example
The following command creates a Firewall-and-NAT policy named test321, and changes to the Firewall-and-NAT Policy Configuration Mode:
fw-and-nat policy test321
group-of-objects
This command allows you to create/configure/delete an ACS group-of-objects.
note_smallImportant: This command is available only in StarOS 10.2 and later releases.
note_smallImportant: A maximum of 16 object groups can be configured in the active charging service. And a maximum of 128 objects can be configured within each object group.
Product
ACS
Privilege
Security Administrator, Administrator
Syntax
group-of-objects objects_group_name [ type string [ -noconfirm ] ]
no group-of-objects objects_group_name
no
If previously configured, deletes the specified group-of-objects from the active charging service.
objects_group_name
Specifies the group-of-objects to add/configure/delete.
objects_group_name must be the name of a group-of-objects, and must be an alphanumeric string of 1 through 63 characters.
If the named group-of-objects does not exist, it is created, and the CLI mode changes to the ACS Group-of-Objects Configuration Mode wherein the group can be configured.
If the named group-of-objects already exists, the CLI mode changes to the ACS Group-of-Objects Configuration Mode for that group.
type
Specifies the data type for the group-of-objects.
note_smallImportant: “string” is the only data type supported in this release.
string
Specifies the data type as string.
When creating a group, specifying the data type is mandatory.
When modifying an existing group, specifying the data type is optional.
-noconfirm
Specifies that the command must execute without prompting for confirmation.
Usage
Use this command to create/configure/delete a group-of-objects.
Also see the ACS Group-of-Objects Configuration Mode Commands chapter.
Example
The following command creates a group-of-objects named test4 with the data type string, and enters the ACS Group-of-Objects Configuration Mode:
group-of-objects test4 type string
group-of-prefixed-urls
This command allows you to create/configure/delete an ACS group-of-prefixed-URLs.
note_smallImportant: This command is customer specific. For more information contact your Cisco account representative.
note_smallImportant: A maximum of 64 group-of-prefixed-URL groups can be configured in the active charging service.
Product
ACS
Privilege
Security Administrator, Administrator
Syntax
group-of-prefixed-urls prefixed_urls_group_name [ -noconfirm ]
no group-of-prefixed-urls prefixed_urls_group_name
no
If previously configured, deletes the specified group-of-prefixed-urls from the active charging service.
prefixed_urls_group_name
Specifies the group-of-prefixed-urls to add/configure/delete.
prefixed_urls_group_name must be the name of a group-of-prefixed-urls, and must be an alphanumeric string of 1 through 63 characters.
If the named group-of-prefixed-urls does not exist, it is created, and the CLI mode changes to the ACS Group-of-Prefixed-URLs Configuration Mode wherein the group can be configured.
If the named group-of-prefixed-urls already exists, the CLI mode changes to the ACS Group-of-Prefixed-URLs Configuration Mode for that group.
-noconfirm
Specifies that the command must execute without prompting for confirmation.
Usage
Use this command to create/configure/delete a group-of-prefixed-URLs.
Also see the ACS Group-of-Prefixed-URLs Configuration Mode Commands chapter.
Example
The following command creates group-of-prefixed-urls named test5, and enters the ACS Group-of-Prefixed-URLs Configuration Mode:
group-of-prefixed-urls test5
group-of-ruledefs
This command allows you to create/configure/delete an ACS group-of-ruledefs.
note_smallImportant: A maximum of 64 groups-of-ruledefs can be configured in the active charging service.
Product
ACS
Privilege
Security Administrator, Administrator
Syntax
group-of-ruledefs ruledefs_group_name [ -noconfirm ]
no group-of-ruledefs ruledefs_group_name
no
If previously configured, deletes the specified group-of-ruledefs from the active charging service.
ruledefs_group_name
Specifies the group-of-ruledefs to add/configure/delete.
ruledefs_group_name must be unique within the active charging service, and must be a string of 1 through 63 characters. Up 64 groups may be configured.
If the named group-of-ruledefs does not exist, it is created, and the CLI mode changes to the ACS Group-of-Ruledefs Configuration Mode wherein the group can be configured.
If the named group-of-ruledefs already exists, the CLI mode changes to the ACS Group-of-Ruledefs Configuration Mode for that group.
-noconfirm
Specifies that the command must execute without prompting for confirmation.
Usage
Use this command to create/configure/delete a group-of-ruledefs.
A group-of-ruledefs is a collection of rule definitions to use in access policy creation. The group-of-ruledefs name must be unique within the service.
Also see the ACS Group-of-Ruledefs Configuration Mode Commands chapter.
Example
The following command creates a group-of-ruledefs named group1, and enters the ACS Group-of-Ruledefs Configuration Mode:
group-of-ruledefs group1
h323 time-to-live
This command allows you to configure the time period for which an endpoint’s registration to an H.323 gatekeeper is valid.
Product
NAT
Privilege
Security Administrator, Administrator
Syntax
h323 time-to-live timeout
default h323 time-to-live
default
Configures this command with its default setting.
Default: 3600 seconds
timeout
Specifies the timeout setting, in seconds.
timeout must be an integer from 1 through 2147483647.
Usage
Use this command to configure the time period for which an endpoint’s registration to a gatekeeper is valid.
Example
The following command configures the time for an endpoint registration with a timeout setting of 5 seconds:
h323 time-to-live 5
h323 timeout
This command allows you to configure the timeout intervals for various H.323 requests.
Product
NAT
Privilege
Security Administrator, Administrator
Syntax
h323 timeout { admission admission_timeout | discovery discovery_timeout | location location_timeout | registration registration_timeout | unregistration unregistration_timeout }
default h323 timeout { admission | discovery | location | registration | unregistration }
default
Configures this command with the default setting for the specified parameters.
admission admission_timeout
Configures the timeout value for the admission request sent to the gatekeeper.
admission_timeout must be an integer from 1 through 20.
Default: 10 seconds
discovery discovery_timeout
Configures the timeout value for the gatekeeper request message sent to the Gatekeeper.
discovery_timeout must be an integer from 1 through 20.
Default: 10 seconds
location location_timeout
Configures the timeout value for the location request message sent to the Gatekeeper.
location_timeout must be an integer from 1 through 20.
Default: 10 seconds
registration registration_timeout
Configures the timeout value for the registration request message sent to the Gatekeeper.
registration_timeout must be an integer from 1 through 20.
Default: 6 seconds
unregistration unregistration_timeout
Configures the timeout value for the unregistration request message sent to the Gatekeeper.
unregistration_timeout must be an integer from 1 through 20.
Default: 3 seconds
Usage
Use this command to configure the timeout interval for the various H.323 requests.
Example
The following command configures the admission request message with a timeout value of 15 seconds:
h323 timeout admission 15
h323 tpkt
This command allows you to configure the maximum size of Transport Protocol Data Unit Packets (TPKT) that the H.323 Application Layer Gateway (ALG) can handle.
Product
NAT
Privilege
Security Administrator, Administrator
Syntax
h323 tpkt max_tpkt_size
default h323 tpkt
default
Configures this command with its default setting.
Default: 2048 bytes
max_tpkt_size
Specifies the maximum TPKT size, in bytes.
max_tpkt_size must be an integer from 4 through 4096.
Usage
Use this command to configure the maximum packet size for the H.323 ALG.
Example
The following command configures a maximum TPKT packet size of 100 bytes:
h323 tpkt 100
h323 version
This command allows you to configure the H.323 version number supported by an H.323 Application Layer Gateway (ALG).
Product
NAT
Privilege
Security Administrator, Administrator
Syntax
h323 version h323_version_number
default h323 version
default
Configures this command with its default setting.
Default: 5
h323_version_number
Specifies the H.323 version number.
h323_version_number must be an integer from 1 through 7.
Usage
Use this command to configure the H.323 version number supported by the H.323 ALG.
Example
The following command configures the H.323 version as 1:
h323 version 1
host-pool
This command allows you to create/configure/delete host pools.
Product
All
Privilege
Security Administrator, Administrator
Syntax
host-pool host_pool_name [ -noconfirm ]
no host-pool host_pool_name
no
If previously configured, deletes the specified host pool from the active charging service.
host_pool_name
Specifies the host pool to add/configure/delete.
host_pool_name must be the name of a host pool, and must be a string of 1 through 63 characters, and can contain punctuation characters.
If the named host pool does not exist, it is created, and the CLI mode changes to the ACS Host Pool Configuration Mode wherein the host pool can be configured.
If the named host pool already exists, the CLI mode changes to the ACS Host Pool Configuration Mode for that host pool.
-noconfirm
Specifies that the command must execute without prompting for confirmation.
Usage
Use this command to create/configure/delete ACS host pools.
A host pool is a collection of hosts and IP addresses to use in access policy creation. The host pool name must be unique with in the service. Host pool, port map, IMSI pool, and firewall, routing, and charging ruledefs must have unique names. A maximum of the 256 host pools can be created.
note_smallImportant: Host pools configured in other ruledefs cannot be deleted.
Also see the ACS Host Pool Configuration Mode Commands chapter.
Example
The following command creates a host pool named hostpool1, and enters the ACS Host Pool Configuration Mode:
host-pool hostpool1
idle-timeout
This command allows you to configure the maximum duration a flow can remain idle for, after which the system automatically terminates the flow.
Product
ACS, NAT, FW
Privilege
Security Administrator, Administrator
Syntax
idle-timeout { alg-media | flow-mapping { tcp | udp } | icmp | tcp | udp } idle_timeout
{ default | no } idle-timeout { alg-media | flow-mapping { tcp | udp } | icmp | tcp | udp }
default
Configures this command with the default setting for the specified parameter.
Default:
alg-media: 120 seconds
flow-mapping { tcp | udp }: 300 seconds for TCP and 0 seconds for UDP
icmp, tcp, udp: 300 seconds
no
Disables the idle-timeout configuration for the specified flow.
alg-media
Configures the ALG media for the specified flow.
flow-mapping { tcp | udp }
The Flow Mapping timer is an extension to the existing flow idle-timeout in ACS. This flow mapping timeout applies only for NAT enabled calls and is supported only for TCP and UDP flows. The purpose of this timer is to hold the resources (NAT IP, NAT port, Private IP NPU flow) associated with a 5-tuple flow until Mapping timeout expiry.
If the Flow Mapping timer is disabled, then the Mapping timeout will not get triggered for UDP/TCP idle timed out flows. The resources such as NAT mapping will be released along with the 5-tuple flow.
icmp
Configures the ICMP protocol for the specified flow.
tcp
Configures the TCP protocol for the specified flow.
udp
Configures the UDP protocol for the specified flow.
idle_timeout
Specifies the timeout duration, in seconds, and must be an integer from 0 through 86400.
For alg-media specifies the media inactivity timeout. The idle_timeout value gets applied on RTP and RTCP media flows that are created for SIP/H.323 calls. The timeout is applied only on those flows that actually match the RTP and RTCP media pinholes that are created by the SIP/H.323 ALG.
A value of 0 disables the idle-timeout setting.
Usage
Use this command to configure the maximum duration a flow can remain idle, in seconds, after which the system automatically terminates the flow.
Setting the value to 0 will cause the idle-timeout setting to be disabled.
For flows other than TCP, UDP and ICMP, timeout value will always be 300 seconds (unless configured in the charging-action). Charging action’s flow idle-timeout will have precedence over ACS idle-timeout. If charging action’s flow idle-timeout is default, then flows will have the value configured in the active charging service.
Example
The following command configures the maximum duration a TCP flow can remain idle to 3000 seconds, after which the system automatically terminates the flow:
idle-timeout tcp 3000
imsi-pool
This command allows you to create/configure/delete International Mobile Subscriber Identity (IMSI) pools.
Product
All
Privilege
Security Administrator, Administrator
Syntax
imsi-pool imsi_pool_name [ -noconfirm ]
no imsi-pool imsi_pool_name
no
If previously configured, deletes the specified IMSI pool from the active charging service.
imsi_pool_name
Specifies the IMSI pool to add/configure/delete.
imsi_pool_name must be the name of an IMSI pool, and must be an alphanumeric string of 1 through 63 characters, and can contain punctuation characters.
If the named IMSI pool does not exist, it is created, and the CLI mode changes to the ACS IMSI Pool Configuration Mode wherein the IMSI pool can be configured.
If the named IMSI pool already exists, the CLI mode changes to the ACS IMSI Pool Configuration Mode for that IMSI pool.
-noconfirm
Specifies that the command must execute without prompting for confirmation.
Usage
Use this command to create/configure/delete pools of International Mobile Subscriber Identifier (IMSI) numbers having group of single or range of IMSI numbers to use in access policy creation. The IMSI pool name must be unique with in the service. Host pool, port map, IMSI pool, and firewall, routing, and charging ruledefs must have unique names. A maximum of 256 IMSI pools can be created.
note_smallImportant: IMSI pools configured in other ruledefs cannot be deleted.
Also see the ACS IMSI Pool Configuration Mode Commands chapter.
Example
The following command creates an IMSI pool named imsipool1, and enters the ACS IMSI Pool Configuration Mode:
imsi-pool imsipool1
ip dns-learnt-entries
This command allows you to configure how long to keep the snooped IPv4 addresses that were extracted from DNS responses.
Product
All
Privilege
Security Administrator, Administrator
Syntax
ip dns-learnt-entries timeout timeout_period
{ default | no } ip dns-learnt-entries timeout
default
Configures this command with the default DNS-learnt-entries timeout setting.
Default: 300 seconds
no
Specifies to always use the TTL value in the DNS response, and not the timeout configured with this command.
timeout_period
Specifies the DNS-learnt-entries timeout period, in seconds.
timeout_period must be an integer from 1 through 2147483647.
Usage
Use this command to configure how long to keep the snooped IPv4 addresses that were extracted from DNS responses—for the TTL specified in the DNS response, or for the time period configured with this command, if greater.
The configurable timer will be at global ECS level and shared across all IP addresses. Internally, a five-minute (300 seconds, non configurable) timer will be started whenever DNS analyzer is enabled. On timeout of this timer, all the learnt IP addresses will be checked for TTL expiry and the expired entries will be flushed.
Example
The following command specifies to keep the snooped IPv4 addresses that were extracted from DNS responses for a time period of 900 seconds, or for the TTL value specified in the DNS response, whichever is greater:
ip dns-learnt-entries timeout 900
ip max-fragments
This command allows you to limit the maximum number of IPv4/IPv6 fragments per fragment chain.
Product
All
Privilege
Security Administrator, Administrator
Syntax
ip max-fragments max_fragments
default ip max-fragments
default
Configures this command with its default setting.
Default: 45
max_fragments
Specifies the maximum number of IPv4/IPv6 fragments per fragment chain.
max_fragments must be an integer from 1 through 300.
Usage
Use this command to limit the maximum number of IPv4/IPv6 fragments.
Example
The following command limits the maximum number of IPv4/IPv6 fragments to 100:
ip max-fragments 100
label content-id
This command allows you to specify a label (text string) to associate with a content ID for UDRs/EDRs/eG-CDRs.
Product
All
Privilege
Security Administrator, Administrator
Syntax
label content-id content_id text label_text
no label content-id content_id
no
If previously configured, deletes the specified label.
content-id content_id
Specifies the content ID to associate with the label.
content_id must be an integer from 1 through 65535.
text label_text
Specifies the label to associate with the specified content ID.
label_text must be an alphanumeric string of 1 through 64 characters.
Usage
Use this command to create a text label to associate with a content ID.
A maximum of 2048 labels can be configured in the active charging service.
Example
The following command creates the label test_charge1 to be associated with the content ID 1378:
label content-id 1378 text test_charge1
nat allocation-failure
This command allows you to configure the action to take when NAT IP/Port allocation fails.
note_smallImportant: This command is available only in StarOS 8.3 and later releases.
Product
NAT
Privilege
Security Administrator, Administrator
Syntax
nat allocation-failure send-icmp-dest-unreachable
{ default | no } nat allocation-failure
default
Configures this command with its default setting.
Default: Packets are dropped silently
no
If previously enabled, disables the NAT Allocation Failure configuration. Packets are dropped silently.
nat allocation-failure send-icmp-dest-unreachable
Specifies to send ICMP Destination Unreachable message when NAT IP/Port allocation fails.
Usage
Use this command to configure the action to take when NAT IP/port allocation fails—to send or not to send an “ICMP destination unreachable message” when a NAT IP/port cannot be assigned to a flow in data path.
Example
The following command configures sending ICMP Destination Unreachable message when NAT IP/Port allocation fails:
nat allocation-failure send-icmp-dest-unreachable
nat allocation-in-progress
This command allows you to configure the action to take on packets when NAT IP/NPU allocation is in progress.
note_smallImportant: This command is available only in StarOS 8.3 and later releases.
Product
NAT
Privilege
Security Administrator, Administrator
Syntax
nat allocation-in-progress { buffer | drop }
default nat allocation-in-progress
default
Configures this command with its default setting.
Default: buffer
buffer | drop
Specifies the action to take on packets when NAT IP/NPU allocation is in progress:
buffer: Buffers the packets.
drop:Drops the packets.
Usage
In On-demand NAT IP allocation (wherein NAT IP address is allocated to the subscriber when a packet is being sent), if no free NAT IP address is available, a NAT-IP Alloc Request is sent to the VPNMgr to get NAT-IP. During that time packets are dropped. This command enables buffering the packets received when IP Alloc Request is sent to VPNMgr.
Example
The following command specifies to buffer packets when NAT IP/NPU allocation is in progress:
nat allocation-in-progress buffer
nat tcp-2msl-timeout
This command allows you to configure the TCP 2MSL (Maximum Segment Lifetime) timeout value for NAT.
note_smallImportant: This command is available only in StarOS 8.3 and later releases.
Product
NAT
Privilege
Security Administrator, Administrator
Syntax
nat tcp-2msl-timeout timeout
default nat tcp-2msl-timeout
default
Configures this command with its default setting.
Default: 60 seconds
timeout
Specifies the TCP 2MSL timeout period, in seconds.
timeout must be an integer from 30 through 240.
Usage
Use this command to configure the TCP 2MSL timeout value for NAT.
Example
The following command configures the TCP 2MSL timeout for NAT to 120 seconds:
nat tcp-2msl-timeout 120
p2p-detection protocol
This command enables/disables the detection of all or specified peer-to-peer (P2P) protocols.
Product
ADC
Privilege
Security Administrator, Administrator
Syntax
[ no ] p2p-detection protocol [ actsync | aimini | all | antsp2p | applejuice | ares | armagettron | battlefld | bittorrent | blackberry | citrix | clubpenguin | crossfire | ddlink | directconnect | dofus | edonkey | facebook | facetime | fasttrack | feidian | fiesta | filetopia | florensia | freenet | fring | funshion | gadugadu | gamekit | gmail | gnutella | gtalk | guildwars | halflife2 | hamachivpn | iax | icecast | imesh | imo | iptv | irc | isakmp | iskoot | itunes | jabber | kontiki | manolito | maplestory | meebo | mgcp | msn | mute | mypeople | myspace | netmotion | nimbuzz | octoshape | off | ogg | oovoo | openft | openvpn | orb | oscar | paltalk | pando | pandora | popo | pplive | ppstream | ps3 | qq | qqgame | qqlive | quake | quicktime | rdp | rdt | rfactor | rmstream | scydo | secondlife | shoutcast | skinny | skype | slingbox | sopcast | soulseek | splashfighter | spotify | ssdp | stealthnet | steam | stun | tango | teamspeak | teamviewer | thunder | tor | truphone | tunnelvoice | tvants | tvuplayer | twitter | ultrabac | usenet | uusee | veohtv | viber | vpnx | vtun | warcft3 | whatsapp | wii | winmx | winny | wmstream | wofkungfu | wofwarcraft | xbox | xdcc | yahoo | yourfreetunnel | zattoo + ]
all
Specifies to detect all supported P2P protocols. Specifying all is the same as individually configuring each of the following protocols.
actsync
Specifies to detect ActiveSync protocol.
aimini
Specifies to detect Aimini protocol.
antsp2p
Specifies to detect ANts P2P protocol.
applejuice
Specifies to detect Applejuice protocol.
ares
Specifies to detect Ares Galaxy protocol.
armagettron
Specifies to detect Armagetron protocol.
battlefld
Specifies to detect Battlefield protocol.
bittorrent
Specifies to detect BitTorrent protocol.
blackberry
Specifies to detect BlackBerry protocol.
citrix
Specifies to detect Citrix Independent Computing Architecture (ICA) protocol.
clubpenguin
Specifies to detect Club Penguin protocol.
crossfire
Specifies to detect Crossfire protocol.
ddlink
Specifies to detect DDLink protocol.
directconnect
Specifies to detect Direct Connect protocol.
dofus
Specifies to detect DOFUS protocol.
edonkey
Specifies to detect eDonkey protocol.
facebook
Specifies to detect Facebook protocol.
facetime
Specifies to detect FaceTime protocol.
note_smallImportant: The facetime protocol option is available only in 9.0 and in 11.0 and later releases.
fasttrack
Specifies to detect FastTrack protocol.
feidian
Specifies to detect Feidian protocol.
fiesta
Specifies to detect FIESTA protocol.
filetopia
Specifies to detect Filetopia protocol.
florensia
Specifies to detect Florensia protocol.
freenet
Specifies to detect Freenet protocol.
fring
Specifies to detect Fring SIP protocol.
funshion
Specifies to detect Funshion protocol.
gadugadu
Specifies to detect Gadu-Gadu protocol.
gamekit
Specifies to detect GameKit protocol.
note_smallImportant: The gamekit protocol option is available only in 9.0 and in 11.0 and later releases.
gmail
Specifies to detect Gmail protocol.
gnutella
Specifies to detect Gnutella protocol.
gtalk
Specifies to detect Google Talk protocol.
guildwars
Specifies to detect GuildWars protocol.
halflife2
Specifies to detect Half-Life 2 protocol.
hamachivpn
Specifies to detect Hamachi VPN protocol.
iax
Specifies to detect Inter-Asterisk eXchange protocol.
icecast
Specifies to detect Icecast protocol.
imesh
Specifies to detect iMesh protocol.
imo
Specifies to detect Imo.im instant messenger protocol.
iptv
Specifies to detect IPTV protocol.
irc
Specifies to detect Internet Relay Chat protocol.
isakmp
Specifies to detect Internet Security Association and Key Management Protocol.
iskoot
Specifies to detect iSkoot VoIP protocol.
itunes
Specifies to detect iTunes protocol.
jabber
Specifies to detect Jabber XMPP protocol.
kontiki
Specifies to detect Kontiki delivery protocol.
manolito
Specifies to detect MANOLITO protocol.
maplestory
Specifies to detect MapleStory protocol.
meebo
Specifies to detect Meebo protocol.
mgcp
Specifies to detect Media Gateway Control Protocol.
msn
Specifies to detect MSN Messenger protocol.
mute
Specifies to detect MUTE protocol.
mypeople
Specifies to detect My People protocol.
myspace
Specifies to detect MySpace protocol.
netmotion
Specifies to detect NetMotion Internet Mobility Protocol.
nimbuzz
Specifies to detect Nimbuzz protocol.
octoshape
Specifies to detect Octoshape protocol.
off
Specifies to detect Off-The-Record protocol.
ogg
Specifies to detect Ogg multimedia streaming protocol.
oovoo
Specifies to detect ooVoo protocol.
openft
Specifies to detect OpenFT protocol.
openvpn
Specifies to detect OpenVPN protocol.
orb
Specifies to detect Internet Inter-ORB Protocol.
oscar
Specifies to detect Open System for CommunicAtion in Realtime protocol.
paltalk
Specifies to detect Paltalk protocol.
pando
Specifies to detect Pando protocol.
pandora
Specifies to detect Pandora protocol.
popo
Specifies to detect Popo protocol.
pplive
Specifies to detect PPlive protocol.
ppstream
Specifies to detect PPstream protocol.
ps3
Specifies to detect PS3 protocol.
qq
Specifies to detect Tencent QQ instant messaging protocol.
qqgame
Specifies to detect QQgame protocol.
qqlive
Specifies to detect QQlive protocol.
quake
Specifies to detect Quake network protocol.
quicktime
Specifies to detect QuickTime protocol.
rdp
Specifies to detect Remote Desktop protocol.
rdt
Specifies to detect Real Data Transport (RDT) protocol.
rfactor
Specifies to detect rFactor protocol.
rmstream
Specifies to detect RealMedia streaming protocol.
scydo
Specifies to detect Scydo VoIP protocol.
secondlife
Specifies to detect Second Life protocol.
shoutcast
Specifies to detect SHOUTcast protocol.
skinny
Specifies to detect Skinny Call Control Protocol (SCCP).
skype
Specifies to detect Skype protocol.
slingbox
Specifies to detect Slingbox protocol.
sopcast
Specifies to detect Sopcast streaming protocol.
soulseek
Specifies to detect Soulseek chat and file transfer protocol.
splashfighter
Specifies to detect SplashFighter protocol.
spotify
Specifies to detect Spotify music streaming protocol.
ssdp
Specifies to detect Simple Service Discovery Protocol.
stealthnet
Specifies to detect StealthNet RShare network protocol.
steam
Specifies to detect Steam file transfer protocol.
stun
Specifies to detect Session Traversal Utilities for NAT protocol.
tango
Specifies to detect TAco Next Generation Objects hardware control system protocol.
teamspeak
Specifies to detect TeamSpeak VoIP gaming client protocol.
teamviewer
Specifies to detect TeamViewer remote control protocol.
thunder
Specifies to detect Thunder (Xunlei) download manager protocol.
tor
Specifies to detect Tor hidden service (anonymizer) protocol.
truphone
Specifies to detect Truphone WiFi VoIP protocol.
tunnelvoice
Specifies to detect Tunnel VoIP protocol.
tvants
Specifies to detect TVAnts protocol.
tvuplayer
Specifies to detect TVUPlayer protocol.
twitter
Specifies to detect Twitter protocol.
ultrabac
Specifies to detect UltraBac protocol.
usenet
Specifies to detect Usenet Network News Transfer Protocol (NNTP) protocol.
uusee
Specifies to detect UUSee on-demand streaming protocol.
veohtv
Specifies to detect VeohTV television via Internet protocol.
viber
Specifies to detect Viber VoIP protocol.
vpnx
Specifies to detect VPN-X cross-platform protocol.
vtun
Specifies to detect VTun (Virtual Tunnel) protocol.
warcft3
Specifies to detect Warcraft 3 game protocol.
whatsapp
Specifies to detect WhatsApp messaging protocol.
wii
Specifies to detect Wii Remote Bluetooth protocol.
winmx
Specifies to detect WinMX Peer Network Protocol (WPNP).
winny
Specifies to detect Winny anonymizing protocol.
wmstream
Specifies to detect Windows Media HTTP Streaming Protocol.
wofkungfu
Specifies to detect wofkungfu protocol.
wofwarcraft
Specifies to detect World of Warcraft gaming protocol.
xbox
Specifies to detect Xbox protocol.
xdcc
Specifies to detect eXtended Direct Client-to-Client protocol.
yahoo
Specifies to detect Yahoo! Messenger protocol.
yourfreetunnel
Specifies to detect your free Tunnel chat protocol.
zattoo
Specifies to detect Zattoo IPTV protocol.
+
More than one of the above keywords can be entered within a single command.
Usage
Use this command to configure the detection of all or specific P2P protocol(s). Multiple keywords can be specified in a single command.
Example
The following command enables detection of all P2P protocols:
p2p-detection protocol all
packet-filter
This command allows you to create/configure/delete ACS packet filters.
Product
ACS
Privilege
Security Administrator, Administrator
Syntax
packet-filter packet_filter_name [ -noconfirm ]
no packet-filter packet_filter_name
no
If previously configured, deletes the specified packet filter from the active charging service.
packet_filter_name
Specifies the packet filter to add/configure/delete.
packet_filter_name must be the name of a packet filter, and must be an alphanumeric string of 1 through 63 characters.
If the named packet filter does not exist, it is created, and the CLI mode changes to the ACS Packet Filter Configuration Mode wherein the packet filter can be configured.
If the named packet filter already exists, the CLI mode changes to the ACS Packet Filter Configuration Mode for that packet filter.
-noconfirm
Specifies that the command must execute without prompting for confirmation.
Usage
Use this command to create/configure/delete an ACS packet filter.
Also see the ACS Packet Filter Configuration Mode Commands chapter.
Example
The following command creates a packet filter named filter3, and enters the ACS Packet Filter Configuration Mode:
packet-filter filter3
passive-mode
This command allows you to configure the Active Charging Service to operate in passive mode, wherein ACS passively monitors copies of packets.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ default | no ] passive-mode
no
If previously enabled, disables the passive mode configuration.
default
Configures this command with its default setting.
Default: Disabled
Usage
Use this command to put the active charging service in/out of passive mode operation, wherein ACS passively monitors copies of packets.
Example
The following command puts the active charging service into passive mode operation:
passive-mode
policy-control bearer-bw-limit
This command allows you to enable/disable per-bearer MBR policing—bandwidth limiting.
Product
ACS
Privilege
Security Administrator, Administrator
Syntax
{ default | no } policy-control bearer-bw-limit
default
Configures this command with its default setting.
Default: Enable; by default, per-bearer MBR policing is enabled.
no
Disables per-bearer MBR policing.
Usage
This command allows you to enable/disable per-bearer bandwidth limiting based on bitrates received over Gx. Note that there are only two variants of this command, the default and no variants.
policy-control bind-default-bearer
For PCEF Bearer Binding in 3G and when BCM mode is UE only, this command allows you to enable/disable binding rules having QCI of default bearer to the default bearer and to not ignore/ignore other rules.
Product
ACS
Privilege
Security Administrator, Administrator
Syntax
[ default | no ] policy-control bind-default-bearer
default
Configures this command with its default setting.
Default: Disables binding rules having QCI of default bearer to the default bearer and specifies to not ignore other rules.
no
Enables binding rules having QCI of default bearer to the default bearer and specifies to ignore other rules.
Usage
For PCEF Bearer Binding in 3G and when BCM mode is UE only, use this command to enable/disable binding rules having QCI of default bearer to the default bearer and to not ignore/ignore other rules respectively.
policy-control burst-size
This command allows you to configure the burst size for bandwidth limiting per dynamic-rule or per bearer.
Product
All
Privilege
Security Administrator, Administrator
Syntax
policy-control burst-size { auto-readjust [ duration duration ] | bytes bytes }
{ default | no } policy-control burst-size
default | no
Configures this command with its default setting.
Default: 65535 bytes
duration duration
Configures the burst size equal to <seconds> of traffic.
duration must be an integer from 1 through 20.
Default: In 12.1 and earlier releases, 10 seconds. In 12.2 and later releases, 5 seconds.
bytes bytes
Specifies the burst size, in bytes.
bytes must be an integer from 1 through 4000000000.
Usage
Use this command to configure the burst size for bandwidth limiting per dynamic-rule or per bearer.
Example
The following command configures the burst size for bandwidth limiting per dynamic-rule or per bearer equal to 10 seconds of traffic:
policy-control burst-size auto-readjust
policy-control charging-action-override
This command allows you to enable/disable overriding charging parameters of static rule with those of an ip-any rule or a specified dynamic rule.
note_smallImportant: This command is customer specific. For more information contact your Cisco account representative.
Product
GGSN, P-GW
Privilege
Security Administrator, Administrator
Syntax
policy-control charging-action-override custom1 [ use-rule dynamic_rule_name ]
{ default | no } policy-control charging-action-override
default
Configures this command with its default setting.
Default: Enables overriding charging parameters of static rule with those of an ip-any or a specified dynamic rule.
no
Disables overriding charging parameters of static rule with those of an ip-any or a specified dynamic rule.
custom1
Specifies overriding Online/Offline, Service ID, Content ID, Flow Control, ARP, and QCI.
use-rule dynamic_rule_name
Optional: Specifies the dynamic rule to inherit charging parameters from. If a dynamic rule name is not specified, the charging properties will be inherited from any dynamic rule.
dynamic_rule_name specifies name of the dynamic rule, and must be an alpha and/or numeric string of 1 through 63 characters in length.
Usage
Use this command to enable/disable overriding charging parameters of static rule with those of a dynamic ip-any rule or a specified dynamic rule.
Example
The following command specifies to enable overriding charging parameters of static rule with those of a dynamic rule named test:
policy-control charging-action-override custom1 use-rule test
policy-control charging-rule-base-name
This command allows you to configure how the Charging-Rule-Base-Name AVP from PCRF is interpreted, either as ACS rulebase or ACS group-of-ruledefs.
Product
ACS
Privilege
Security Administrator, Administrator
Syntax
policy-control charging-rule-base-name { active-charging-group-of-ruledefs | active-charging-rulebase [ ignore-when-removed ] [ use-first ]}
default policy-control charging-rule-base-name
no policy-control charging-rule-base-name active-charging-rulebase use-first
default
Configures this command with its default setting(s).
Default:
charging-rule-base-name: active-charging-group-of-ruledefs
use-first: Disabled
no
If multiple Charging-Rule-Base-Name are received from the PCRF, specifies to select the last rulebase. This is the default behavior.
active-charging-group-of-ruledefs
Specifies interpreting Charging-Rule-Base-Name as ACS group-of-ruledefs.
active-charging-rulebase [ ignore-when-removed ][ use-first ]
Specifies interpreting Charging-Rule-Base-Name as ACS rulebase.
When Charging-Rule-Base-Name AVP is interpreted as ACS rulebase, if PCRF requests the removal of a Charging-Rule-Base-Name, which is the same as the rulebase used for that PDP context, the PDP context is terminated. This is because after removal of the rulebase, the PDP context will have no rulebase. This is the default behavior.
ignore-when-removed: Specifies to ignore PCRF request for removal of Charging-Rule-Base-Name, and take no action. If this keyword is not configured, the PDP context from which the rulebase is removed gets terminated.
use-first: If multiple Charging-Rule-Base-Name are received from the PCRF, since a call can only have one ACS rulebase applied, specifies to select the first rulebase. If previously enabled, to disable this configuration, use the no policy-control charging-rule-base-name active-charging-rulebase use-first command. If this keyword is not configured, by default, the last rulebase is selected.
For each call, this interpretation is decided at call setup, and will not be changed during the life of that call. Change will only apply to new calls coming up after the change.
Usage
Use this command to configure interpretation of Charging-Rule-Base-Name AVP from PCRF either as ACS group-of-ruledefs or as ACS rulebase.
Example
The following command configures interpreting of Charging-Rule-Base-Name AVP as ACS rulebase:
policy-control charging-rule-base-name active-charging-rulebase
policy-control dynamic-rule-limit
This command allows you to enable/disable per-dynamic-rule MBR policing—bandwidth limiting.
Product
ACS
Privilege
Security Administrator, Administrator
Syntax
{ default | no } policy-control dynamic-rule-limit
default
Configures this command with its default setting.
Default: Enable; by default, per-dynamic-rule MBR policing is enabled.
no
Disables per-dynamic-rule MBR policing.
Usage
This command allows you to enable/disable per-dynamic-rule bandwidth limiting based on bitrates received over Gx. Note that there are only two variants of this command, the default and no variants.
policy-control retransmissions-counted
This command allows you to enable/disable charging of retransmitted packets when they hit a dynamic rule.
Product
ACS
Privilege
Security Administrator, Administrator
Syntax
[ default | no ] policy-control retransmissions-counted
default | no
Disables charging of retransmitted packets when they hit a dynamic rule.
Default: Disabled; no retransmissions counted.
Usage
Use this command to enable/disable charging of retransmitted packets when they hit a dynamic rule.
Example
The following command enables retransmissions to be charged when they hit a dynamic rule:
policy-control retransmissions-counted
policy-control update-default-bearer
For PCEF Bearer Binding in LTE, this command allows you to enable/disable sending updates that control the default bearer to the subscriber.
Product
ACS
Privilege
Security Administrator, Administrator
Syntax
[ default | no ] policy-control update-default-bearer
default
Configures this command with its default setting.
Default: Enables sending updates towards subscriber on default bearer.
no
Disables sending updates towards subscriber on default bearer.
Usage
For PCEF Bearer Binding in LTE, use this command to enable/disable sending updates like change in TFT, change in bit-rates, and so on towards the subscriber, in downlink direction, on default bearer.
port-map
This command allows you to create/configure/delete port maps.
Product
All
Privilege
Security Administrator, Administrator
Syntax
port-map port_map_name [ -noconfirm ]
no port-map port_map_name
no
If previously configured, deletes the specified port map from the active charging service.
port_map_name
Specifies the port map to add/configure/delete.
port_map_name must be the name of a port map, and must be an alphanumeric string of 1 through 63 characters, and can contain punctuation characters.
If the named port map does not exist, it is created, and the CLI mode changes to the ACS Port Map Configuration Mode wherein the port map can be configured.
If the named port map already exists, the CLI mode changes to the ACS Port Map Configuration Mode for that port map.
-noconfirm
Specifies that the command must execute without prompting for confirmation.
Usage
Use this command to create/configure/delete an ACS port map.
The port map name must be unique with in the service. Host pool, port map, IMSI pool, and firewall, routing, and charging ruledefs must have unique names. A maximum of the 256 port maps can be created.
note_smallImportant: Port maps in use in other ruledefs cannot be deleted.
Also see the ACS Port Map Configuration Mode Commands chapter.
Example
The following command creates a port map named portmap1, and enters the ACS Port Map Configuration Mode:
port-map portmap1
redirect user-agent
This command allows you to specify the user agent for conditional redirection of traffic flows.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] redirect user-agent user_agent_name
no
If previously configured, deletes the specified user agent from the active charging service.
user_agent_name
Specifies the user agent to be used for redirecting traffic flow.
user_agent_name must be the name of a user agent, and must be an alphanumeric string of 1 through 32 characters.
A maximum of 16 user-agents can be configured in the active charging service.
Usage
Use this command to redirect the traffic flow with conditions based on configured user-agent name. This user agent is used with flow action command in the ACS Charging Action Configuration Mode.
Example
The following command specifies the redirect user agent user_rule1 for conditional redirection of traffic flow:
redirect user-agent user_rule1
rulebase
This command allows you to create/configure/delete ACS rulebases.
note_smallImportant: A maximum of 512 rulebases can be configured in the active charging service.
Product
ACS
Privilege
Security Administrator, Administrator
Syntax
rulebase rulebase_name [ -noconfirm ]
no rulebase rulebase_name
no
If previously configured, deletes the specified rulebase from the active charging service.
rulebase_name
Specifies the rulebase to add/configure/delete.
rulebase_name must be the name of an ACS rulebase, and must be an alphanumeric string of 1 through 63 characters, and can contain punctuation characters.
If the named rulebase does not exist, it is created, and the CLI mode changes to the ACS Rulebase Configuration Mode wherein the rulebase can be configured.
If the named rulebase already exists, the CLI mode changes to the ACS Rulebase Configuration Mode for that rulebase.
-noconfirm
Specifies that the command must execute without prompting for confirmation.
Usage
Use this command to create/configure/delete an ACS rulebase. A rulebase is a collection of protocol rules to match a flow and associated actions to be taken for matching flow. The rulebase_name must be unique in the active charging service.
The default rulebase is used when a subscriber/APN is not configured with a specific rulebase to use.
Also see the ACS Rulebase Configuration Mode Commands chapter.
Example
The following command creates a rulebase named test1, and enters the ACS Rulebase Configuration Mode:
rulebase test1
ruledef
This command allows you to create/configure/delete ACS rule definitions.
note_smallImportant: A maximum of 2048 ruledefs can be configured in the active charging service.
Product
ACS
Privilege
Security Administrator, Administrator
Syntax
ruledef ruledef_name [ -noconfirm ]
no ruledef ruledef_name
no
If previously configured, deletes the specified ruledef from the active charging service.
ruledef_name
Specifies the ruledef to add/configure/delete.
ruledef_name must be the name of an ACS ruledef, and must be an alphanumeric string of 1 through 63 characters, and can contain punctuation characters.
ruledef_name must be unique with in the service. Host pool, port map, IMSI pool, and firewall, routing, and charging ruledefs must have unique names.
If the named ruledef does not exist, it is created, and the CLI mode changes to the ACS Ruledef Configuration Mode wherein the ruledef can be configured.
If the named ruledef already exists, the CLI mode changes to the ACS Ruledef Configuration Mode for that ruledef.
-noconfirm
Specifies that the command must execute without prompting for confirmation.
Usage
Use this command to create/configure/delete an ACS ruledef.
A ruledef represents a set of matching conditions across multiple L3 – L7 protocol based on protocol fields and state information. Each ruledef can be used across multiple rulebases within the active charging service.
Also see the ACS Ruledef Configuration Mode Commands chapter.
Example
The following command creates an ACS ruledef named test1, and enters the ACS Ruledef Configuration Mode:
ruledef test1
system-limit l4-flows
This command allows you to configure the system-wide Layer 4 flow limit.
note_smallImportant: This command is customer specific. For more information contact your Cisco account representative.
Product
ACS
Privilege
Security Administrator, Administrator
Syntax
system-limit l4-flows limit
{ default | no } system-limit l4-flows
default
Configures this command with its default setting.
Default: Disabled; same as no system-limit l4-flows
no
Disables the limit checking configuration.
limit
Specifies the Layer 4 flows limit.
limit must be an integer from 1 through 2147483647.
Usage
Use this command to configure the system-wide limit for Layer 4 flows.
The System-wide L4 Flow Limiting feature provides the capability to limit the number of TCP and UDP flow over the system. This limiting can be applied to all subscribers attaching to the system and to all APNs. This feature is compatible with the existing per-subscriber limiting (configured using the flow limit-for-flow-type charging action). Both limiting can be active in the same time.
System-wide flow limiting is implemented by comparing the “Effective Flows” periodically (~ every 10 seconds) against the configurable “System-wide Flow Limit”. Where “Effective Flows” is the number of active data sessions, each identified by the 5-tuple key. If the “Effective Flows” exceeds the “System-wide Flow Limit”, the Resource Manager indicates it to the active charging service. When ACS is aware of the “System-wide Flow Limit” being reached, no more data sessions are setup. The packets are discarded. While processing a successive flow-usage update from active charging service a change in behavior is indicated to active charging service to start accepting data sessions. As this relies on periodic reporting there is an inherent delay in the detection of “exceeding/returning once exceeded” to the flow limit.
Example
The following command sets the system limit for L4 flows to 100:
system-limit l4-flows 100
tethering-database
This command allows you to enable/disable the Tethering Detection feature, and load the databases from the specified files into the service.
Product
ACS
Privilege
Security Administrator, Administrator
Syntax
tethering-database [ os-signature os_signature_db_file_name | tac tac_db_file_name | ua-signature ua_signature_db_file_name ] +
{ default | no } tethering-database
default
Configures this command with its default setting.
Default: Tethering Detection feature is disabled, and the database file names are reset to their default values.
no
Disables Tethering Detection.
tethering-database os-signature os_signature_db_file_name
Specifies the OS Signature database file to load.
os_signature_db_file_name must be the name of the OS Signature database file, and must be an alphanumeric string of 1 through 255 characters.
tethering-database tac tac_db_file_name
Specifies the TAC database file to load.
tac_db_file_name must be the name of a TAC database file, and must be an alphanumeric string of 1 through 255 characters.
tethering-database ua-signature ua_signature_db_file_name
Specifies the User Agent (UA) Signature database file to load.
ua_signature_db_file_name must be the name of a UA Signature database file, and must be an alphanumeric string of 1 through 255 characters.
+
Indicates that more than one of the preceding option can be entered in a single command.
Usage
Use this command to enable the Tethering Detection feature, and load the OS, TAC, and UA databases from the specified files into the service.
Tethering refers to the use of a smartphone as a USB dongle/modem to provide Internet connectivity to laptops/PDAs/tablets like iPad, using the smartphone's data plan. Typically many operators have in place an eat-all-you-can-get data plan for smartphones, the usage of which is intended to be from the smartphone as a mobile device. However, some users use the low rate/unlimited usage of data plan to provide Internet connectivity to their laptops in places where normal Internet connection via broadband/WiFi might be more costly/not available/insecure.
Operators are interested in detecting such usage of a smartphone as a modem to better understand the usage across their networks and offer plans inline to that usage to their customers. They may also charge the tethered and non-tethered traffic separately.
After Tethering Detection has been enabled here (regardless, it must also be enabled within the rulebase), this CLI command may be used to change the databases with the specified databases.
The files are picked from the disk file system within the /databases directory. If a file name value is not configured, the default file names, os-db, tac-db, and ua-db, are used.
For more information on the Tethering Detection feature, refer to the Enhanced Charging Services Administration Guide.
Example
The following command enables Tethering Detection and selects the UA Signature database file named test:
tethering-database ua-signature test
timedef
This command allows you to create/configure/delete ACS Time Definitions (timedefs).
note_smallImportant: This command is available only in StarOS 8.1 and in StarOS 9.0 and later releases.
note_smallImportant: A maximum of 10 timedefs can be configured in the active charging service.
Product
ACS
Privilege
Security Administrator, Administrator
Syntax
timedef timedef_name [ -noconfirm ]
no timedef timedef_name
no
If previously configured, deletes the specified timedef from the active charging service.
timedef_name
Specifies the timedef to add/configure/delete.
timedef_name must be the name of a timedef, and must be an alphanumeric string of 1 through 63 characters.
If the named timedef does not exist, it is created, and the CLI mode changes to the ACS Timedef Configuration Mode wherein timeslots for the timedef can be configured.
If the named timedef already exists, the CLI mode changes to the ACS Timedef Configuration Mode for that timedef.
-noconfirm
Specifies that the command must execute without prompting for confirmation.
Usage
Use this command to create/configure/delete ACS timedefs for the Time-of-Day Activation/Deactivation of Rules feature. Timedefs enable activation/deactivation of ruledefs/groups-of-ruledefs such that they are available for rule matching only when they are active.
Also see the ACS Timedef Configuration Mode Commands chapter.
Example
The following command creates a timedef named test1, and enters the ACS Timedef Configuration Mode:
timedef test1
tpo policy
This command allows you to create/configure/delete Traffic Performance Optimization (TPO) policies.
Product
TPO
Privilege
Security Administrator, Administrator
Syntax
tpo policy tpo_policy_name [ -noconfirm ]
no tpo policy tpo_policy_name
no
If previously configured, deletes the specified TPO policy from the active charging service.
tpo_policy_name
Specifies the TPO policy to add/configure/delete.
tpo_policy_name must be the name of a TPO policy, and must be an alphanumeric string of 1 through 63 characters.
If the named TPO policy does not exist, it is created, and the CLI mode changes to the ACS TPO Policy Configuration Mode wherein the TPO policy can be configured.
If the named TPO policy already exists, the CLI mode changes to the ACS TPO Policy Configuration Mode for that TPO policy.
-noconfirm
Specifies that the command must execute without prompting for confirmation.
Usage
note_smallImportant: A maximum of 2048 TPO policies can be created in the active charging service.
Use this command to create/configure/delete TPO policies.
A TPO Policy contains the rules that determine which TPO profile is to be used.
Also see the ACS TPO Policy Configuration Mode Commands chapter.
Example
The following command creates a TPO policy named tpo_policy_1, and enters the ACS TPO Policy Configuration Mode:
tpo policy tpo_policy_1
tpo profile
This command allows you to create/configure/delete Traffic Performance Optimization (TPO) profiles.
Product
TPO
Privilege
Security Administrator, Administrator
Syntax
tpo profile tpo_profile_name [ -noconfirm ]
no tpo profile tpo_profile_name
no
If previously configured, deletes the specified TPO profile from the active charging service.
tpo_profile_name
Specifies the TPO profile to add/configure/delete.
tpo_profile_name must be the name of a TPO profile, and must be an alphanumeric string of 1 through 63 characters.
If the named TPO profile does not exist, it is created, and the CLI mode changes to the ACS TPO Profile Configuration Mode wherein the TPO profile can be configured.
If the named TPO profile already exists, the CLI mode changes to the ACS TPO Profile Configuration Mode for that TPO profile.
-noconfirm
Specifies that the command must execute without prompting for confirmation.
Usage
note_smallImportant: A maximum of 2048 TPO profiles can be created in the active charging service.
Use this command to create/configure/delete TPO profiles.
A TPO profile contains the optimization configuration to be used.
Also see the ACS TPO Profile Configuration Mode Commands chapter.
Example
The following command creates a TPO profile named tpo_profile_1, and enters the ACS TPO Profile Configuration Mode:
tpo profile tpo_profile_1
udr-format
This command allows you to create/configure/delete a User Data Record (UDR) format.
Product
All
Privilege
Security Administrator, Administrator
Syntax
udr-format udr_format_name [ -noconfirm ]
no udr-format udr_format_name
no
If previously configured, deletes the specified UDR format from the active charging service.
udr_format_name
Specifies the UDR format to add/configure/delete.
udr_format_name must be the name of a UDR format, and must be an alphanumeric string of 1 through 63 characters.
If the named UDR format does not exist, it is created, and the CLI mode changes to the UDR Format Configuration Mode wherein the UDR format can be configured.
If the named UDR format already exists, the CLI mode changes to the UDR Format Configuration Mode for that UDR format.
Up to 256 UDR and/or EDR formats can be configured in the active charging service.
-noconfirm
Specifies that the command must execute without prompting for confirmation.
Usage
Use this command to create/configure/delete a UDR format in the active charging service.
Also see the UDR Format Configuration Mode Commands chapter.
Example
The following command creates an UDR format named udr_fromat1 and changes to the UDR Format Configuration Mode:
udr-format udr_format1
url-blacklisting match-method
This command allows you to specify the match method to look up URLs in the URL Blacklisting database.
Product
CF
Privilege
Security Administrator, Administrator
Syntax
url-blacklisting match-method { exact | generic }
default url-blacklisting match-method
default
Configures this command with its default setting.
Default: exact
exact
Specifies the exact-match method, wherein URL Blacklisting is performed only on exact match with a URL present in the URL Blacklisting database.
generic
Specifies the generic-match method, wherein URL Blacklisting is performed on a generic match with URLs present in the URL Blacklisting database.
Usage
Use this command to set the match method to look up URLs in the URL Blacklisting database.
Example
The following command sets the exact-match method to look up URLs in the URL Blacklisting database:
url-blacklisting match-method exact
xheader-format
This command allows you to create/configure/delete ACS extension-header (x-header) format specifications.
Product
ACS
Privilege
Security Administrator, Administrator
Syntax
xheader-format xheader_format_name [ -noconfirm ]
no xheader-format xheader_format_name
no
If previously configured, deletes the specified x-header format from the active charging service.
xheader_format_name
Specifies the x-header format to add/configure/delete.
xheader_format_name must be the name of an xheader format, and must be an alphanumeric string of 1 through 63 characters.
If the named x-header format does not exist, it is created, and the CLI mode changes to the ACS X-header Format Configuration Mode wherein the x-header format can be configured.
If the named x-header format already exists, the CLI mode changes to the ACS X-header Format Configuration Mode for that x-header format.
-noconfirm
Specifies that the command must execute without prompting for confirmation.
Usage
Use this command to create/configure/delete an x-header format specification in the active charging service.
An x-header may be specified in a charging action to be inserted into HTTP GET and POST request packets. See xheader-insert CLI command in the ACS Charging Action Configuration Mode Commands chapter. Also see the ACS X-header Format Configuration Mode Commands chapter.
Example
The following command creates an x-header format named test, and enters the ACS X-header Format Configuration Mode:
xheader-format test
 
 

Cisco Systems Inc.
Tel: 408-526-4000
Fax: 408-527-0883