Important: The commands or keywords/variables that are available are dependent on platform type, product version, and installed license(s).|
•
|
group: Uses the default AAA group.
|
|
•
|
secondary-group: Removes the secondary AAA group from the APN’s configuration.
|
|
•
|
group: Uses the default AAA group—the one specified at the context level or in the APN template.
|
|
•
|
secondary-group: Removes the secondary AAA group from the APN configuration.
|
secondary-group aaa_group_name
Specifies the secondary AAA server group for the APN. aaa_group_name must be an alphanumeric string of 1 through 63 characters.
If the same AAA group is configured with both the aaa group aaa_group_name and the aaa secondary-group aaa_group_name commands, then this configuration will have no effect and secondary accounting will not happen.
The AAA secondary server group configuration takes effect only when used with APN accounting-mode set to radius-diameter (or) with mediation-acct enabled. The RADIUS accounting triggers for both standard RADIUS accounting and secondary accounting will be taken from the AAA group configured with the aaa group aaa_group_name command. On the fly change of this configuration is not supported. Any change to the configuration will have effect only for new calls.
The following command applies the AAA server group star1 to an APN within the specific context:
Ignores the DF (Don’t Fragment) bit setting; fragments and forwards the packet over the access link.
Important: The system’s GTPP parameters must be configured prior to using this protocol for accounting. Refer to the gtpp commands in the Context Configuration Mode Commands chapter.
Important: The system’s RADIUS/Diameter accounting parameters must be configured prior to using either of the protocols for accounting. Refer to the radius/diameter commands in the Context Configuration Mode Commands and the AAA Server Group Configuration Mode Commands chapters.
Important: For StarOS 10.0 and earlier releases, the system buffers up to four PDUs and queues or discards the remaining PDUs. 
Important: For StarOS 11.0 and later releases, the system is configured so that none of the PDUs are discarded.
Important: Different CLI commands are used to disable RADIUS interims for RADIUS accounting and mediation accounting. To disable RADIUS interims for RADIUS accounting, use the following command: accounting-mode radius-diameter no-interims. To disable RADIUS interims for mediation accounting, use the following command: mediation-device context-name context_name no-interims.When the GTPP protocol is used, accounting messages are sent to the charging gateways (CGs) over the Ga interface. The Ga interface and GTPP functionality are typically configured within the system’s source context. As specified by the standards, a CDR is not generated when a session starts - CDRs are generated according to the interim triggers (configured using the cc command in the GGSN service configuration mode) and a CDR is generated when the session ends. For interim accounting, STOP/START pairs are sent based on configured triggers.
If the radius-diameter option is used, either the RADIUS or the Diameter protocol is used as configured in the Context Configuration mode or the AAA Server Group Configuration mode.
If the RADIUS protocol is used, accounting messages can be sent over a AAA interface or the Gi to the RADIUS server. The AAA or Gi interface(s) and RADIUS functionality are typically configured with the system’s destination context along with the APN. RADIUS accounting begins immediately after an IP address is allocated for the MS. Interim accounting can be configured using the radius accounting interim interval. The radius accounting interim interval command sends INTERIM-UPDATE messages at specific intervals.
Important: If the accounting type in the APN is set to ‘none’ then G-CDRs will not be generated. If accounting type is left as default “GTPP” and “billing-records” are configured in the ACS Rulebase Configuration Mode, then both G-CDRs and eG-CDRs would be generated.active-charging bandwidth-policy bandwidth_policy_name
bandwidth-policy bandwidth_policy_name
Specifies the bandwidth policy name. bandwidth_policy_name must be an alphanumeric string from 1 through 63 characters.
The following command configures a bandwidth policy named standard for the APN:
Enables the TCP link monitoring feature on the Mobile Video Gateway. Note that TCP link monitoring is not enabled by default. Also note that when this command is configured without the log option, TCP link monitoring is enabled without logging, and the output from TCP link monitoring is only used by the dynamic translating feature.
Similarly, the bitrate option can be used to enable either histogram or time-series logging for bit rate.
When rtt and bitrate options are used without additional options, histogram and time-series logging are enabled for RTT and/or bit rate respectively.
active-charging rulebase rulebase_name
The following command specifies the ACS rulebase named rule1 for the APN:
apn-ambr rate-limit direction { downlink | uplink } [ burst-size { auto-readjust duration seconds | bytes } | violate-action { drop | lower-ip-precedence | shape [ transmit-when-buffer-full ] | transmit } ]
downlink: Applies the AMBR parameters to the downlink direction.
uplink: Applies the AMBR parameters to the uplink direction.
auto-readjust duration seconds: The duration (in seconds) used in this burst size calculation: burst size = peak data rate/8 * auto-readjust duration
seconds must be an integer value from 1 to 30. Default is 1 second
bytes: Specifies the burst size in bytes allowed by this APN for the associated PDNs. It must be an integer from 1 to 4294967295 (1 byte to 4 GB).
drop: Drops violating packets.
lower-ip-precedence: Sets the DSCP value to zero (“best effort”) for violating packets.
shape [ transmit-when-buffer-full ]: Places all violating packets into a buffer and, optionally, transmits the packets when the buffer is full.
Important: The shape keyword and optional transmit-when-buffer-full are only available in StarOS v12.0 and earlier releases. P-GW does not currently support traffic shaping for APN-AMBR.transmit: Transmits violating packets. This is the default setting.
Associates the P-GW APN with an accounting policy configured in the same context. name must be an existing accounting policy expressed as a string of 1 through 63 characters.
Accounting policies are configured through the policy accounting command in the Context Configuration mode.
authentication [ [ msid-auth | imsi-auth [ password-use-pco | username-strip-apn | prefer-chap-pco ] | msisdn-auth [ password-use-pco | username-strip-apn | prefer-chap-pco ] | eap initial-access-request [ authenticate-authorize | authenticate-only ] | [ allow-noauth ] [ chap preference [ convert-to-mschap ] ] [ mschap preference ] [ pap preference ] ]
Sets the default authentication type for this APN. By default allow-noauth is the type for authentication for an APN.
Obsolete. Use imsi-auth.
Configures the APN to attempt to authenticate the subscriber based on their Mobile Station International Integrated Services Digital Network (MSISDN) number as described in the Usage section of this command.
This keyword if enabled, either with msisdn-auth or imsi-auth strips the APN name from the user name msisdn@apn or imsi@apn received from AAA and makes the user name as msisdn or imsi respectively.
If this keyword along with msisdn-auth/imsi-auth is enabled, GGSN performs Challenge Handshake Authentication Protocol (CHAP) authentication, if CHAP parameters are received in Protocol Configuration Options (PCO). However, chap username would be constructed as msisdn@apn / imsi@apn and chap challenge, chap response parameters should be used as it is from CHAP parameters received in the PCO IE. If CHAP parameters are not received in the PCO IE of the CPC Request, GGSN does normal Password Authentication Protocol (PAP) authentication with PAP username as msisdn@apn / imsi@apn (ignoring any PAP username if received).
Configures the APN to not perform authentication for PDP contexts as described in the Usage section.
chap preference
Configures the APN to attempt to use CHAP to authenticate the subscriber as described in the Usage section of this command.
A preference must be specified in conjunction with this option. Priorities specify which authentication protocol should be attempted first, second, third and so on. It must be an integer from 1 through 1000. The lower the integer, the higher the preference.
mschap preference
Configures the APN to attempt to use the Microsoft Challenge Handshake Authentication Protocol (MSCHAP) to authenticate the subscriber as described in the Usage section of this command.
A preference can be specified in conjunction with this option. Priorities specify which authentication protocol should be attempted first, second, third and so on. It must be an integer from 1 through 1000. The lower the integer, the higher the preference.
pap preference
Configures the APN to attempt to use PAP to authenticate the subscriber as described in the Usage section of this command.
A preference must be specified in conjunction with this option. Priorities specify which authentication protocol should be attempted first, second, third and so on. It must be an integer from 1 through 1000. The lower the integer, the higher the preference.
|
If the there was no match and the aaa constructed-nai authentication parameter is enabled in the authentication context, the system attempts to determine a subscriber profile (via PAP with no password) using the subscriber’s MSISDN as the username.
|
If the aaa constructed-nai authentication parameter is enabled in the authentication context, the system attempts to determine a subscriber profile (via PAP with no password) using the subscriber’s MSISDN as the username.
|
|
|
If this protocol is used is specified and the allow-noauth parameter is disabled, the system will attempt to use the APN’s default username/password specified by the outbound command for authentication via PAP.
|
||
|
Obsolete. Use imsi-auth.
|
Obsolete. Use imsi-auth.
|
|
The following command would configure the system to attempt subscriber authentication first using MSCHAP, then CHAP, and finally PAP. Since the allow-noauth command was also issued, if all attempts to authenticate the subscriber using these protocols fail, then the subscriber would be still be allowed access.
Important: When bearer control mode is set to “none” with the keyword set “prefer-local-value”, even PCRF provided values will not override APN config and therefore sending of BCM mode IE and BCM in PCO IE in CPC Response is supressed.|
•
|
behavior bits: 0x00
|
|
•
|
behavior bits
Specifies the behavior bit for the home subscriber charging characteristic. bits can be configured to any unique bit from 001H to FFFH (0001 to 1111 1111 1111 bin) where the least-significant bit corresponds to B1 and the most-significant bit corresponds to B12.
profile index
Specifies the profile index for the home subscriber charging characteristic. index can be configured to any integer value between 0 and 15. Default: 8
Important: 3GPP standards suggest that profile index values of 1, 2, 4, and 8 be used for hot billing, flat rate billing, prepaid billing and normal billing, respectively. A single charging characteristics profile can contain multiple behavior settings.The properties of the actual CC profile index are configured as part of the GGSN service using the cc profile command. Refer to the GGSN Service Configuration Mode chapter of this reference for additional information on this command.
The following command configures a behavior bit of 2 (0000 0000 0010) and a profile index of 10 for home subscribers charging characteristics:
The following command configures the behavior bits 3 (0000 0000 0100) and 5 (0000 0001 0000 bin) and a profile index of 14 for home subscriber charging characteristics:
|
•
|
behavior bits: 0x00
|
|
•
|
behavior bits
Specifies the behavior bit for the roaming subscriber charging characteristic. bits can be configured to any unique bit from 001H to FFFH (0001 to 1111 1111 1111 bin) where the least-significant bit corresponds to B1 and the most-significant bit corresponds to B12.
profile index
Specifies the profile index for the roaming subscriber charging characteristic. index can be configured to any integer value between 0 and 15. Default: 8
Important: 3GPP standards suggest that profile index values of 1, 2, 4, and 8 be used for hot billing, flat rate billing, prepaid billing and normal billing, respectively. A single charging characteristics profile can contain multiple behavior settings.The following command configures a behavior bit 10 (0010 0000 0000) and a profile index of 10 for roaming subscriber charging characteristics:
The following command configures the behavior bits 9 (0001 0000 0000) and 6 (0000 0010 0000) and a profile index of 14 for roaming subscriber charging characteristics:
cc-sgsn { home-subscriber-use-GGSN | radius-returned | roaming-subscriber-use-GGSN | visiting-subscriber-use-GGSN } +
no cc-sgsn { { radius-returned | home-subscriber-use-GGSN | roaming-subscriber-use-GGSN | visiting-subscriber-use-GGSN } + | [ use-GGSN ] [ radius-returned ] }
|
•
|
home-subscriber-use-GGSN: Disabled
|
|
•
|
roaming-subscriber-use-GGSN: Disabled
|
|
•
|
visiting-subscriber-use-GGSN: Disabled
|
Causes the GGSN to accept CCs from the SGSN(s) when the no cc-sgsn command is entered with all applicable keywords. Otherwise, no cc-sgsn can be used to turn off one or more of the GGSN sources of CC.
Before entering no cc-sgsn, it is helpful to determine which CC sources have been configured. This can be done with either show configuration or show apn name in Exec Mode.
Configures the GGSN to use the locally defined charging characteristics for home subscribers, as configured with the APN Configuration Mode cc-home command.
Configures the GGSN to use the locally defined charging characteristics for roaming subscribers, as configured with the APN Configuration Mode cc-roaming command.
Configures the GGSN to use the locally defined charging characteristics for visiting subscribers, as configured with the APN Configuration Mode cc-visiting command.
bits specifies the behavior bit for the charging characteristic. This variable can be configured to any unique bit from 001H to FFFH (0001 to 1111 1111 1111 bin) where the least-significant bit corresponds to B1 and the most-significant bit corresponds to B12.
index indicates which profile defined with cc profile in GGSN Service Configuration mode, the GGSN will use as a source for CCs. The index can be configured to an integer from 0 to 15.
The use-GGSN keyword can be entered alone or in conjunction with the radius-returned keyword. When entered, this keyword overrides the previous configuration using any of the home, roaming, and/or visiting keywords.
|
•
|
Home: Subscribers belonging to the same Public Land Mobile Network (PLMN) as the one on which the GGSN is located.
|
|
•
|
Roaming: Subscribers that are serviced by a an SGSN belonging to a different PLMN than the one on which the GGSN is located.
|
|
•
|
Visiting: Subscribers belonging to a different PLMN than the one on which the GGSN is located.
|
|
•
|
behavior bits: 0x00
|
|
•
|
behavior bits
Specifies the behavior bit for the visiting subscriber charging characteristic. bits can be configured to any unique bit from 001H to FFFH (0001 to 1111 1111 1111 bin) where the least-significant bit corresponds to B1 and the most-significant bit corresponds to B12.
profile index
Specifies the profile index for the visiting subscriber charging characteristic. index can be configured to any integer value between 0 and 15. Default: 8
Important: 3GPP standards suggest that profile index values of 1, 2, 4, and 8 be used for hot billing, flat rate billing, prepaid billing and normal billing, respectively. A single charging characteristics profile can contain multiple behavior settings.content-filtering category policy-idcf_policy_id
policy-id cf_policy_id
cf_policy_id must be a category policy ID entered as an integer from 1 through 4294967295.
Important: Category Policy ID configured through this mode overrides the Category Policy ID configured through content-filtering category policy-id command in the ACS Rulebase Configuration Mode.
Important: If Content Filtering Category Policy ID is not specified here the similar command in the ACS Rulebase Configuration Mode determines the policy.The following command enters the Content Filtering Policy Configuration Mode and enables the Category Policy ID 101 for Content Filtering support:
credit-control-group cc_group_name
The following command configures a credit control group named testgroup12 for the current APN:
data-tunnel mtubytes
Specifies the MTU for the IPv6 tunnel between the P-GW and the mobile node. bytes must be an integer between 1280 and 2000. Default: 1500
This command is obsolete. To configure the Diameter Credit Control Origin Endpoint, in the Credit Control Configuration Mode, use the diameter origin endpoint command.
realm realm_name
secondary-peer host_name
Warning: This configuration completely overrides all instances of diameter peer-select that have been configured within the Credit Control Configuration Mode for an Active Charging Service.Specifies the name of a context configured on the system in which one or more DHCP services are configured. name is an alphanumeric string of 1 through 79 characters that is case sensitive.
The name of the context in which the desired DHCP service is configured must be specified by the dhcp context-name command.
The DNS can be specified at the APN level in APN configuration as well as at the Context level in Context configuration mode with ip name-servers command, or it can be received from AAA server.
When DNS is requested in PCO configuration, the following preference will be followed for DNS value:
4. DNS values configured at context level with ip name-servers command has the last preference.
Important: The same preference would be applicable for the NBNS (NetBIOS Name Service) servers to be negotiated via ICPC (Initial Connection Protocol Control) with the LNS (L2TP Network Server).The following commands configure a primary DNS server address of 192.168.100.3 and a secondary DNS server address of 192.168.100.4:
Important: This command is only available in StarOS 8.0. In StarOS 8.1 and later, this configuration is available in the ACS Rulebase Configuration Mode.
Important: Unless Stateful Firewall support for this APN is enabled using this command, firewall processing for this APN is disabled.
Important: If firewall is enabled, and the rulebase has no firewall configuration, Stateful Firewall will cause all packets to be discarded.fw-and-nat policy fw_nat_policy
Specifies the Firewall-and-NAT policy for the APN as an alphanumeric string of 1 through 63 characters. Note that this policy will override the default Firewall-and-NAT policy configured in the ACS rulebase.
Important: This command is customer-specific and is only available in StarOS 8.1.
Important: This customer-specific command must be used to configure the Policy-based Firewall-and-NAT feature.The following command configures a Firewall-and-NAT policy named standard for the APN:
[ no ] gsm-qos negotiate sdu-error-ratio [ sdu-error-ratio-code [ residual-ber residual-ber-code ] ]
sdu-error-ratio sdu-error-ratio-code
Enables the negotiation of the QoS Reliability Class attribute based on Service Data Unit (SDU) Error Ratio attributes. sdu-error-ratio-code corresponds to distinct SDU Error ratio values within an integer range of 1 to 7.
residual-ber residual-ber-code
Enables the optional configuration of negotiation of the QoS Reliability Class attribute based on Residual Bit Error Ratio (BER) attributes. residual-ber-code corresponds to distinct Residual Bit Error Ratio values within an integer range of 1 to 9.
The mapping for sdu-error-ratio-code is as follows:
The following commands configures the negotiation of QoS attribute Reliability Class based on Service Data Unit (SDU) Error Ratio 3 attributes in the APN:
Important: In Releases prior to 11.0, only one GTPP group is allowed to configure per APN. In Releases 11.0 and later, this CLI can be used to configure up to a maximum of 32 GTPP groups for each APN. no gtpp group group_name
Specifies the name of server group that is used for authentication/accounting for specific APN. group_name must be an alphanumeric string of 1 to 63 characters. It must be identical to the one configured earlier within the same APN context.
Important: In Release 11.0 and later, if you have mistakenly configured a GTPP group, you should remove the initially configured group and configure the new desired group. However, in Releases prior to 11.0, there is no need to remove the incorrect configuration; instead you can directly reconfigure the desired GTPP group.
Important: If a GTPP group entry is invalid, this GTPP group will be ignored and the next valid GTPP group in the APN will be used. If no valid GTTP group exists, then the default GTPP group in the accounting context specified by the GGSN service will be used.accounting-context ac_context_name
ac_context_name must be an alphanumeric string of 1 through 79 characters that is case sensitive.
Note that if an accounting context is not specified here, the system uses the GGSN service context or the context configured by the accounting context command in the GGSN Service Configuration mode.
Important: When multiple GTPP groups are applied to the same APN, the load will be shared across these GTPP groups. Sessions for this APN will use all the configured GTPP groups in a round robin fashion.The following command applies a previously configured GTPP server group named star1 to an APN within the specific context:
Specifies the name of secondary GTPP server group that is used as an alternate for the primary GTPP group associated with a specific APN for storage of GTPP messages. group_name must be an alphanumeric string of 1 through 63 characters. It must be the same name as configured earlier within the same APN context.
accounting-context actt_ctxt_name
actt_ctxt_name specifies the name of the context to be used for accounting as an alphanumeric string of 1 through 79 characters that is case sensitive.
Note that if an accounting context is not specified here, the system uses the GGSN service context or the context configured by the accounting context command in the GGSN Service Configuration mode.
This secondary group configuration is ignored, if the configured group_name is the same as the primary group. It will also be ignored, if the configured GTPP group_name and/or accounting context ac_context_name is invalid. In such cases, the call will be established successfully (unlike the primary group configuration where the call drops).
In the absence of a configured ac_context_name context, the GGSN service context is chosen by default.
For more information on GTPP group, refer the description of the gtpp group command.
The following command applies a previously configured GTPP server group named star2 to as secondary GTPP group to an APN within the specific context:
If idle-timeout-activity ignore-downlink is configured, the downlink (network to subscriber) traffic will not be used to reset the idle-timeout. Only uplink (subscriber to network) packets will be able to reset the idle-timeout.
By default, ignore-downlink is negated by the no command so downlink traffic is also used to reset the idle-timeout.
Specifies the name of the IMS authorization service name that is used for Gx interface authentication for a specific APN. auth_svc_name must be a alphanumeric string of 1 through 63 characters preconfigured within the same context as this APN.
The following command applies a previously configured IMS authorization service named gx_interface1 to an APN within the specific context:
The following command disables the applied IMS authorization service gx_interface1 for the specific APN:
Specifies the name of the IPv4/IPv6 access group. acl_group_name is a previously configured ACL group expressed as an alphanumeric string of 1 to 79 characters.
The following command associates the sampleipv4Group access group with the current APN profile for both inbound and outbound access.
The following command removes the outbound access group flag for sampleipv4Group.
ip address alloc-method { dhcp-proxy [ allow-deferred ] [ prefer-dhcp-options ] | dhcp-relay | local [ allow-deferred ] | no-dynamic [ allow-deferred ] } [ allow-user-specified ]
Important: If this option is used, the system’s DHCP parameters must be configured.
Important: If this option is used, the system’s DHCP parameters must be configured.
Important: If this option is used, the name of the IP address pool from which to allocate addresses must be configured using the ip address pool-name command. If no pool name is specified, the system will attempt to allocate an address from any public pool configured in the destination context.If this keyword is specified with dhcp-proxy for IP address allocation configuration, the GGSN will prefer DHCP-supplied parameters over values provided by AAA server or by local configuration. This keyword controls the following parameters:
Important: This keyword is available only with dhcp-proxy ip allocation method as this functionality is implemented only for GGSN acting as DHCP proxy.Enables support for PDP contexts requesting the use of specific (static) addresses. Default: Enabled
Important: If this option is not enabled, PDP contexts requesting the use of a static address will be rejected with a cause code of 220 (Unknown PDP address or PDP type).
If the ip address alloc-method command is configured to allow the assignment of IP addresses from a local pool configured on the system. It command instructs the system as to which pool should be used.
The pool specified by this command must be a private pool configured in the destination context on the system. Please refer to the ip pool command in the Context Configuration Mode Commands chapter for information on configuring IP address pools.
The following command configures the system to use a pool named private_pool1 for address allocation:
Specifies the name of the context through which subscriber data traffic will be routed. ctxt_name must be an alphanumeric string from 1 to 79 characters.
ip local-address ip_address
Specifies an IP address configured in a destination context on the system through which a packet data network can be accessed. ip_address must be expressed in IPv4 dotted-decimal notation.
Restores the APN IP parameters to the default setting conversational ef streaming af11 interactive af21 background be.
allocation-retention-priority can be the integers 1, 2, or 3.
Following table shows the DSCP value matrix for allocation-retention-priority.
Important: If you only configure DCSP marking for interactive traffic classes without specifying ARP, it may not properly take effect. The CLI allows this scenario for backward compatibility. However, it is recommended that you configure all three values.Configures the QoS Class Identifier (QCI) attribute of QoS. Here the qci_val is the QCI for which the negotiate limit is being set; it ranges from 1 to 9.
Specifies the DSCP for the specified traffic pattern. dscp can be configured to any one of the following:
|
|
||||
|
|
||||
|
|
||||
|
|
||||
|
|
||||
|
|
||||
|
|
||||
|
|
•
|
|
•
|
|
•
|
|
•
|
|
•
|
|
•
|
|
•
|
|
•
|
|
•
|
A drop-limit can be configured to set a limit on the number of invalid packets that can be received from a subscriber prior to their session being deleted. limit can be configured to any integer value between 0 and 1000000. A value of 0 indicates that all invalid packets will be discarded but the session will never be deleted by the system.
The following command enables source address validation for the APN and configures a drop-limit of 15:
Removes a previously configured IPv6 ACL applied to a particular APN for IPv6 traffic. If at least one of the two { in | out } options is not selected for the ACL that will be removed, the ACL will be removed for both directions.
The following command associates the sampleipv6Group access group with the current APN profile for both inbound and outbound access:
The following removes the outbound access group flag for sampleipv6Group:
The DNS can be specified at the APN level in APN configuration as well as at the Context level in Context configuration mode with ip name-servers command, or it can be received from AAA server.
When DNS is requested in PCO configuration, the following preference will be followed for DNS value:
4. DNS values configured at context level with ip name-servers command has the last preference.
Important: The same preference would be applicable for the NBNS (NetBIOS Name Service) servers to be negotiated via ICPC (Initial Connection Protocol Control) with the LNS (L2TP Network Server).interval int_value
value is .
num-advts value num_value
Refer to the timeout idle and timeout long-duration commands for information on setting the long duration timer.
Refer to the timeout idle and timeout long-duration command for information on setting the long duration timer.
|
•
|
primary: 1000000
|
|
•
|
total: 1000000
|
per-subscriber secondary secondary_ctx
secondary_ctx is an integer from 0 through 10. Default: 10
primary number
This keyword specifies the maximum number of primary PDP contexts that can be facilitated by the APN. Subscribers can have primary PDP and secondary PDP contexts; the secondary contexts can be configured using the per-subscriber secondary keyword.
number isbe an integer value from 1 to 4000000. Default: 4000000
total total_number
Specifies the maximum total number of PDP contexts (primary and secondary) that can be facilitated by the APN. total_number can be configured to any integer value from 1 to 4000000. Default: 4000000
mbms bmsc-profile name bmsc_profile_name
name bmsc_profile_name
Specifies a name for the BM-SC profile already configured in BMSC configuration mode. bmsc_profile_name is an alphanumeric string of 1 through 79 characters that may contain dots (.) and/or dashes (-).
For more information on BM-SC profile configuration, refer to the BMSC Profile Configuration Mode Commands chapter.
Following command applies a previously configured BM-SC profile named bm_sc_1 to an APN within the specific context.
time can be any integer value between 0 and 4294967295. A time of 0 disables timeouts for this APN. Default: 0
The following commands enables an absolute time timeout of 60000 seconds for MBMS bearer context:
absolute time
Configures the absolute maximum time (in seconds) an MBMS UE context may exist in any state (active or idle). time can be any integer value between 0 and 4294967295. A time of 0 disables timeouts for this APN. Default: 0
The following commands enables an absolute time timeout of 60000 seconds for MBMS UE context:
mediation-device [ context-name context_name ] [ delay-GTP-response ] [ no-early-PDUs ] [ no interims ] +
Indicates that more than one of the options can be specified with a single execution of the command.
context-name context_name
Important: For StarOS 10.0 and earlier releases, the system buffers up to four PDUs and queues or discards the remaining PDUs. 
Important: For StarOS 11.0 and later releases, the system is configured so that none of the PDUs are discarded.
Important: Different commands are used to disable RADIUS interims for RADIUS accounting and mediation accounting. To disable RADIUS interims for mediation accounting, use the following command: mediation-device context-name context_name no-interims. To disable RADIUS interims for RADIUS accounting, use the following command: accounting-mode radius-diameter no-interims.mobile-ip mn-ha-spi spi_number
The following command configures an SPI of 15111111111111111111111111111111:
nai-construction { imsi | msisdn } [ override-null-username ] [ encrypted password encrypt_password | use-shared-secret-password | password password ]
Specifies an encrypted password is to be used for this NAI-constructed user. string is an alphanumeric string of 0 through 63 characters.
Configures the authentication user-password for this NAI-constructed user. password is an alphanumeric string of 0 through 63 characters.
Note that NAI construction using IMSI or MSISDN, where either no user name is received or a blank user name is received for authentication, is applicable only when NAI constructed authentication is enabled using the aaa nai-construction authentication command in Context Configuration Mode.
[ no ] nbns { primary | secondary } IP_address
nexthop-forwarding-address ip_address
best-effort: Assigns the best-effort queue priority. This is the lowest priority.
bronze: Assigns the bronze queue priority. This is the third-highest priority.
derive-from-packet-dscp: Specifies that the priority is to be determined from the DSCP (Differentiated Services Code Point) field in the packet's TOS octet. Default: Enabled
gold: Assigns the gold queue priority. This is the highest priority.
silver: Assigns the silver queue priority. This is the second-highest priority.
Refer to the GGSN Administration Guide for additional information on NPU QoS functionality.
The encrypted keyword is intended only for use by the chassis while saving configuration scripts. The system displays the encrypted keyword in the configuration file as a flag that the variable following the password keyword is the encrypted version of the plain text password. Only the encrypted password is saved as part of the configuration file.
password pwd
username name
If only a username is specified using this command, the password is determined based on the setting of the aaa constructed-nai command in the Context Configuration mode. That command is also used to determine the password if an outbound username and password are configured for the APN when the imsi-auth keyword is specified for the authentication command in this mode.
p-cscf { fqdn fqdn | primary [ ip IPv4_address | ipv6 IPv6_address ] | secondary [ ip IPv4_address | ipv6 IPv6_address ] }
fqdn fqdn
IPv4_address must be expressed in IPv4 dotted-decimal notation.
IPv6_address must be expressed in IPv6 colon-separated notation.
IPv4_address must be expressed in IPv4 dotted-decimal notation.
IPv6_address must be expressed in IPv6 colon-separated notation.
The following command enables a P-CSCF with the primary IPv4 address 10.2.3.4 for the APN:
The following command enables a P-CSCF with FQDN server name pcscfalias1.ind.pun.cisco.com for the APN:
Important: Entering both IPv4 and IPv6 in either order enables support for both.
Important: Entering both IPv4 and IPv6 in either order enables support for both.
Caution: For the IPv6 calls to work, the destination context must have at least one IPv6 interface configured.IPv6: System will do a Path MTU (PMTU) discovery and send “ICMPv6 Packet Too Big” to the original sender if the subscriber packet exceeds MTU after encapsulation.
IPv4: System will do an outer IPv6 fragmentation if the packet exceeds MTU after encapsulation.
fragment: System will do an outer IPv6 fragmentation if the subscriber packet exceeds MTU after encapsulation.
IPv6: System will do a PMTU discovery and send “ICMPv6 Packet Too Big” to the original sender if the subscriber packet exceeds MTU after encapsulation.
IPv4: If packet will exceed tunnel MTU after encapsulation, based on DF bit and ignore-df config, the original IPv4 packet will be fragmented and then encapsulated so that it will not exceed MTU, or ICMP Error will be sent if IPv4 packet fragmentation is not allowed.
IPv6: System will do a PMTU discovery and send “ICMPv6 Packet Too Big” to the original sender if subscriber packet exceeds MTU after encapsulation.
IPv4: System will do an outer IPv6 fragmentation if packet exceeds MTU after encapsulation.
ppp { data-compression { protocols protocols | mode modes } | keepalive seconds | min-compression-size min_octets | mtu max_octets }
mode modes: Sets the compression mode to one of the following:
|
•
|
normal: Packets are compressed using the packet history for automatic adjustment and for best compression.
|
|
•
|
stateless: Each packet is compressed individually.
|
protocols protocols: Sets the compression protocol to one of the following:
|
•
|
deflate: DEFLATE algorithm
|
|
•
|
mppc: Microsoft Point-to-Point Compression
|
|
•
|
stac: STAC LZS algorithm
|
keepalive seconds
Specifies the frequency of sending the Link Control Protocol (LCP) keep alive messages. seconds must be either 0 or an intgeger from 5 through 14400. The special value 0 disables the keep alive messages entirely. Default: 30
min-compression-size min_octets
mtu max_octets
Important: The MTU refers to the PPP payload which excludes the two PPP octets. Therefore, an MTU of 1500 corresponds to the 3GPP standard MTU of 1502 for GTP packets with PPP payloads.The following command configures an MTU of 500 for the APN:
More information about Proxy Mobile IP support for the GGSN can be found in the GGSN Administration Guide.
qos negotiate-limit direction { downlink | uplink } [ qci qci_val ] [ peak-data-rate bps [ committed-data-rate bps ] | committed-data-rate [ peak-data-rate bps ] ]
Important: When no QoS Profile is configured, the system’s default behavior is to use the information provided by the SGSN.downlink: Apply the specified limits and actions to the downlink (to-Gn direction).
uplink: Apply the specified limits and actions to the uplink (to-Gi direction).
qci qci_val
qci_val is the QoS Class Identifier (QCI) for which the negotiate limit is being set. QCI ranges from 1 to 9. If no qci-val is configured, it will be handled as an undefined-qci (same as undefined-qos class).
Default: See the Usage section for this command
bps must be an integer from 1 through 16000000 for the downlink direction or 1 through 8640000 for the uplink direction. The value must also correspond to one of the permitted values identified the tables below. If a non-permitted value is entered for this parameter, the system rounds the value to the nearest lower supported value, except in the case where value is less than 1,000 bps. In this case, the system rounds the value to 1,000 bps. In addition, if the configured committed rate is lower than the value configured for the peak-data-rate, the system uses the configured peak rate for this parameter.
Important: System measurements for this value exclude the GTP and outer packet headers. In addition, some traffic classes have both a committed rate and a peak rate, while other traffic classes have just a peak rate. If a committed rate is not applicable (such as, the traffic class is background or interactive), an error occurs if this option is configured. If the committed-rate is applicable (such as, the traffic class is conversational or streaming), the values supplied by the SGSN are used if this option is not configured.peak-data-rate bps
Default: See the Usage section for this command
bps must be an integer from 1 through 16000000 for the downlink direction or 1 through 8640000 for the uplink direction. The value must also correspond to one of the permitted values identified in the tables below. If a non-permitted value is entered for this parameter, the system rounds the value to the nearest lower supported value, except in the case where value is less than 1,000 bps. In this case, the system rounds the value to 1,000 bps.
Important: This command should be used in conjunction with the max-contexts command to limit the maximum possible bandwidth consumption by the APN.Additional information on the QoS traffic shaping functionality is located in the System Administration Guide.
qos rate-limit direction { downlink | uplink } [ qci qci_val ] [ burst-size { bytes | auto-readjust [ duration dur ] } ] [ exceed-action { drop | lower-ip-precedence | transmit } [ violate-action { drop | lower-ip-precedence | shape [ transmit-when-buffer-full ] | transmit } ] ] | [ violate-action { drop | lower-ip-precedence | shape [ transmit-when-buffer-full ] | transmit } [ exceed-action { drop | lower-ip-precedence | transmit } ] ] +
Important: When no Qos Profile is configured, the system defaults to using the information provided by the SGSN.downlink: Apply the specified limits and actions to the downlink (the Gn direction).
uplink: Apply the specified limits and actions to the uplink (the Gi direction).
qci qci_val
qci_val is the QoS Class Identifier (QCI) for which the negotiate limit is being set. QCI ranges from 1 to 9. If no qci-val is configured, it will be handled as an undefined-qci (same as undefined-qos class).
bytes must be an integer from 1 through 6000000.
Important: It is recommended that the minimum value of this parameter be configured to the greater of the following two values: 1) three times greater than packet MTU for the subscriber connection, OR 2) 3 seconds worth of token accumulation within the “bucket” for the configured peak-data-rate. In addition, if the committed-data-rate parameter is specified, the burst-size is applied to both the committed and peak rates.auto-readjust [ duration dur ] keyword provides the option to calculate the Burst size dynamically while configuring the rate-limit. Whenever this keyword is enabled to calculate burst size, the GGSN QoS negotiated rate is enforced for this calculation.
duration dur describes the duration of burst in seconds. If duration is not specified this keyword will use 1 second as default value. dur must be an integer between 1 through 30.
Default: See the Usage section for this command
|
•
|
drop: Drop the packet
|
|
•
|
lower-ip-precedence: Transmit the packet after lowering the ip-precedence
|
|
•
|
transmit: Transmit the packet
|
Default: See he Usage section for this command
drop: Drop the packet
lower-ip-precedence: Transmit the packet after lowering the IP precedence
shape [ transmit-when-buffer-full ]: Enables traffic shaping and provides the buffering of user packets when subscriber traffic violates the allowed peak/committed data rate. The transmit-when-buffer-full keyword allows the packet to be transmitted when buffer memory is full.
transmit: Transmit the packet
Important: The user packet buffer function in traffic shaping is not applicable for real-time traffic.
Important: If the exceed/violate action is set to “lower-ip-precedence”, this command may override the configuration of the ip qos-dscp command in the GGSN Service Configuration mode for packets from the GGSN to the SGSN. In addition, the GGSN service ip qos-dscp command configuration can override the APN setting for packets from the GGSN to the Internet. Therefore, it is recommended that this command not be used in conjunction with this action.
Important: This command should be used in conjunction with the max-contexts command to limit the maximum possible bandwidth consumption by the APN.To calculate the burst size dynamically an optional keyword auto-readjust [ duration dur ] is provided with the burst-size keyword. By default the burst size is fixed if defined in bytes with this command. Regardless of the rate being enforced, burst-size is fixed as set by the burst-size bytes parameter.
The auto-readjust [ duration dur ] keyword enables variable burst size depending on the rate being enforced. the system calculates burst size using a per token bucket algorithm calculation as T=B/R, where T is the time interval, B is the burst size and R is the Rate being enforced. It also provides different burst size for Peak and Committed data rate-limiting.
If the auto-readjust keyword is not used, a fixed burst size must be defined which will be applicable for peak data rate and committed data rate regardless of the rate being enforced.
If the auto-readjust keyword is provided without specifying the duration, a default duration of 1 second will be used for burst size calculation.
This command is obsolete. This functionality is now supported through qos negotiate-limit and qos rate-limit commands.
accept-call-when-ms-ip-not-supplied: Accept calls when the RADIUS server does not supply a framed IP address and the MS does not supply and address.
reject-call-when-ms-ip-not-supplied: Reject calls when the RADIUS server does not supply a framed IP address and the MS does not supply an address.
Important: If the username is available in the PCO, that username will be used regardless of the setting for this command (radius returned-username).restriction-value value
Entering either default or no restriction-value sets the internal value to zero (0) so that connection to any APN is allowed.
|
•
|
1: Value used for Wireless Application Protocol (WAP) or Multimedia Messaging Service (MMS) type of networks. This corresponds to APN type public-1.
|
|
•
|
2: Value used for Internet or Packet-Switched Public Data Network (PSPDN) type of networks. This corresponds to APN type public-2.
|
|
•
|
3: Value used for corporate customers who use MMS. This corresponds to APN type private-1.
|
|
•
|
4: Value used for corporate who do not use MMS. This corresponds to APN type private-2.
|
|
•
|
If value = 1, then PDP contexts with restriction values of 0, 1, 2, and/or 3 are allowed
|
|
•
|
If value = 2, then PDP contexts with restriction values of 0, 1 and/or 2 are allowed
|
|
•
|
If value = 3, then PDP contexts with restriction values of 0 and/or 1 are allowed
|
|
•
|
If value = 4, then PDP contexts with no restriction values are allowed
|
|
•
|
secondary ip pool pool_name
pool_name must be an alphanumeric string of 1 through 31 characters.
Important: This command is license dependent, requiring the 600-00-7871 NAT Bypass license. Please contact your local sales representative for more information.The following commands enables an absolute time timeout of 60000 seconds:
time must be an integer value from 3600 through 2592000.
volume-threshold total bytes
bytes must be an integer value from 1 through 4294967295.
The following command enables the inactivity time on the bearer with a timeout duration of 7200 seconds and the total traffic volume of 256000 bytes in uplink and downlink directions as thresholds:
timeout emergency-inactivity seconds
seconds must be an integer value from 1 through 3600.
Refer to the emergency-apn command in this chapter for additional information.
timeout idle idle_dur
idle_dur must be an integer value in the range from 0 through 4294967295.
Refer to the long-duration-action detection and long-duration-action disconnection command in this chapter for additional information.
Following command sets the idle timeout duration to 450 seconds.
ldt_timeout must be an integer value in the range from 0 through 4294967295.
inactivity-time inact_timeout
Specifies the maximum amount of time (in seconds) before the specified session is marked as dormant.
inact_timeout must be an integer value in the range from 0 through 4294967295.
Refer to the long-duration-action detection and long-duration-action disconnection commands in this chapter for additional information.
The following command sets the long duration timeout duration to 300 seconds and the inactivity timer for subscriber session to 45 seconds.
tpo policy tpo_policy_name
The following command specifies to use the TPO policy named tpo_policy_110:
For calls coming through L2TP tunnels, the command l3-to-l2-tunnel address policy as defined in the APN Configuration mode, will be in effect.
no tunnel gre peer-address peer_address
peer-address peer_address
peer_address must be expressed in dotted decimal notation.
local-address local_addr
local_addr must be expressed in IPv4 dotted-decimal notation.
preference num
preference can be configured to any integer value from 1 to 128.
Important: Only one GRE tunnel per APN is supported. Therefore, the preference should always be set to “1”.The following command configures the system to encapsulate subscriber traffic using GRE and tunnel it from a local address of 192.168.1.100 to a gateway with an IP address of 192.168.1.225:
peer-address peer_address
peer_address must be expressed in IPv4 dotted-decimal notation.
local-address local_addr
local_addr must be expressed in IPv4 dotted-decimal notation.
preference num
preference can be configured to any integer value from 1 to 128.
The following command configures the system to encapsulate subscriber traffic using IP-in-IP and tunnel it from a local address of 192.168.1.100 to a gateway with an IP address of 192.168.1.225:
tunnel l2tp [ peer-address lns-address [ [ encrypted ] secret l2tp_secret ] [ preference num ] [ tunnel-context name ] [ local-address ip-address ] [ crypto-map map_name { [ encrypted ] isakmp-secret crypto_secret } ] [ local-hostname hostname ]
peer-address lns-address
lns-address must be expressed in IPv4 dotted-decimal notation.
Important: A maximum of four LNS peers can be configured per APN.secret l2tp_secret
l2tp_secret must be an alphanumeric string of 1 through 127 characters and is case sensitive.
preference num
preference can be configured to any integer value from 1 to 128.
tunnel-context name
name must be an alphanumeric string of 1 through 79 characters and is case sensitive.
Important: If this option is not configured, the system will attempt to determine the name of the destination context from the ip context-name parameter configured for the APN.local-address ip-address
address is the IP address of the interface in IPv4 dotted-decimal notation.
Important: If the address configured does not exist or is not bound to a LAC service, the system will automatically choose a LAC service to use.local-hostname hostname
Important: For this configuration to take effect allow aaa-assigned-hostname command, which is used to configure LAC-Hostname based on the “Tunnel-Client-Auth-ID” attribute received from the RADIUS server, needs to be configured in the LAC Service Configuration mode.hostname is name of the local host for the LNS peer and must be an alphanumeric string of 1 through 127 characters.
When Tunnel parameters are not received from the RADIUS Server, Tunnel parameters configured in APN will be considered for the LNS peer selection. When APN Configuration is selected, the local hostname hostname configured with this command in the APN for the LNS peer will be used as a LAC Hostname.
map_name is the name of a crypto-map policy configured on the system expressed as an alphanumeric string of 1 through 127 characters and is case sensitive.
encrypted is intended only for use by the system while saving configuration scripts. The system displays the encrypted keyword in the configuration file as a flag that the variable following the secret keyword is the encrypted version of the plain text secret. Only the encrypted secret is saved as part of the configuration file.
secret specifies the secret associated with the crypto-map policy. crypto_secret can be from 0 to 255 bytes.
virtual-apn { gcdr apn-name-to-be-included { Gn | virtual } | preference priority apn apn_name [ access-gw-address { ip_address | ip_address/mask } | bearer-access-service svc_name | cc-profile cc_profile_index [ rat-type { eutran | gan | geran | hspa | utran | wlan } ] | domain domain_name | mcc mcc_number mnc mnc_number [ cc-profile cc_profile_index ] | [ msin-range from msin_range_from to msin_range_to ] | [ rat-type { eutran | gan | geran | hspa | utran | wlan } ] | msisdn-range { from msisdn_start_range to msisdn_to_range | rat-type { eutran | gan | geran | hspa | utran | wlan } } | rat-type { eutran | gan | geran | hspa | utran | wlan } | roaming-mode { home | roaming | visiting } ] }
no virtual-apn preference priority
If virtual APN to be used is configured, the virtual APN name is sent in G-CDRs. Provides an option to either send the virtual APN name or the Gn APN name (that comes from the SGSN) in G-CDRs.
Gn: the APN received in the Create PDP Context Request message from SGSN.
virtual: the APN selected by the GGSN/P-GW. This is the default.
preference priority
priority specifies the order and can be configured to any integer value from 1 (highest priority) to 1000 (lowest priority).
apn apn_name
apn_name is the name of the alternative APN expressed as an alphanumeric string of 1 through 62 alphanumeric characters and is case insensitive. It may also contain dots ( . ) and/or dashes ( - ).
ip_address is an IP address entered in IPv4 dotted-decimal or IPv6 colon-separated notation.
ip_address/mask is the IP address in IPv4 dotted-decimal or IPv6 colon-separated notation with network-host mask separation.
bearer-access-service svc_name
svc_name is an alphanumeric string of 1 through 63 characters.
cc-profile cc_profile_index
cc_profile_index is an integer from 1 to 15.
domain domain_name
domain_name must be an alphanumeric string of 1 through 79 characters, is case sensitive and can contain all special characters.
mcc mcc_number
mcc_number is the PLMN MCC identifier and can be configured to any 3-digit integer value between 100 and 999.
mnc mnc_number
mnc_number is the PLMN MNC identifier and can be configured to any 2- or 3-digit integer value between 00 and 999.
msin-range{ from msin_range_from to msin_range_to| rat-type { eutran | gan | geran | hspa | utran | wlan } }
msin_range_from is the start prefix of the IMSI MSIN range and can be configured between 0 and 9999999999.
msin_range_to is the end prefix of the IMSI MSIN range and can be configured as a string of size 1 to 10 digits between 0 and 9999999999.
msin-range should follow the following rules
|
•
|
Start prefix (such as msin_range_from) and end prefix (such as msin_range_from) must be of the same length.
|
rat-type is the type of the radio access technology based on which the APN would be specified.
msisdn_start_range is the starting MSISDN number which a string of size 2 to 15 and its value ranges between 00 and 999999999999999.
msisdn_to_range is the ending MSISDN number which is also a string of size 2 to 15 and its value ranges between 00 and 999999999999999.
|
•
|
|
•
|
|
•
|
|
•
|
|
•
|
|
•
|
The following commands configure two “virtual” APNs, priority 1 references the bigco APN with a domain rule of bigco.com, priority 2 references the bigtown APN with a mobile country code rule of 100 and a mobile network code rule of 50.
