Call Control Profile Configuration Mode

Call Control Profile Configuration Mode
 
Call Control Profile configuration mode defines call-handling rules which can be combined with other profiles – such as an APN profile (see the APN Profile Configuration Mode Commands chapter) – when using the Operator Policy feature. The call control profile is a key element in the Operator Policy feature and the profile is not valid until it is associated with an operator policy (see the Operator Policy Configuration Mode Commands chapter).
The MME and SGSN each support a maximum of 1,000 call control profiles; only one profile can be associated with an operator policy.
By configuring a call control profile, the operator fine tunes any desired restrictions or limitations needed to control call handling per subscriber or for a group of callers across IMSI (International Mobile Subscriber Identity) ranges.
Upon accessing this mode, the CLI prompt be similar to the following:
[local]asr5000(config-call-control-profile-<profile_name>)#
access-restriction-data
Enables the operator to assign a failure code to be included in reject messages if the attach rejection is due to access restriction data (ARD) checking in the incoming subscriber data (ISD) messages. The operator can also disable the ARD checking behavior.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
access-restriction-data { failure-code cause_code | no-check }
remove access-restriction-data failure-code
remove
Removes the failure code setting for the reject message that could result from ARD checking.
failure-code cause_code
cause_code: Enter an integer from 2 through 111; default code is 13 (roaming not allowed in this location area [LA]).
Refer to the GMM failure cause codes listed below (from section 10.5.5.14 of the 3GPP TS 124.008 v7.2.0 R7):
2 - IMSI unknown in HLR
3 - Illegal MS
6 - Illegal ME
7 - GPRS services not allowed
8 - GPRS services and non-GPRS services not allowed
9 - MSID cannot be derived by the network
10 - Implicitly detached
11 - PLMN not allowed
12 - Location Area not allowed
13 - Roaming not allowed in this location area
14 - GPRS services not allowed in this PLMN
15 - No Suitable Cells In Location Area
16 -MSC temporarily not reachable
17 - Network failure
20 - MAC failure
21 - Synch failure
22 - Congestion
23 - GSM authentication unacceptable
40 - No PDP context activated
48 to 63 - retry upon entry into a new cell
95 - Semantically incorrect message
96 - Invalid mandatory information
97 - Message type non-existent or not implemented
98 - Message type not compatible with state
99 - Information element non-existent or not implemented
100 - Conditional IE error
101 - Message not compatible with the protocol state
111 - Protocol error, unspecified
no-check
Including this keyword with the command disables the ARD checking behavior.
Usage
By default, the SGSN checks access restriction data (ARD) within incoming insert subscriber data (ISD) messages. This enables operator to selectively restrict subscribers in either 3G (UTRAN) or 2G (GERAN). The SGSN ARD checking behavior occurs during the attach procedure and if a reject occurs, the SGSN sends the subscriber an Attach Reject message with a configurable failure cause code.
Example
For this call control profile, the following command disables the ARD checking function:
access-restriction-data no-check
accounting context
Defines the name of the accounting context and optionally associates a GTPP group with this call control profile.
Product
SGSN, S-GW
Privilege
Security Administrator, Administrator
Syntax
accounting context ctxt_name [ gtpp group grp_name ]
remove accounting context
remove
Removes the accounting configuration from this profile’s configuration.
ctxt_name
Specifies the accounting context as an alphanumeric string of 1 through 79 characters.
gtpp group grp_name
Identifies the GTPP group, where the GTPP related parameters have been configured in the GTPP Group Configuration mode, to associate with this call control profile.
grp_name: Enter an alphanumeric string of 1 through 63 characters to identify the GTPP group created with the gtpp group command in the Context configuration mode.
Usage
This command can be used to associate a predefined GTPP server group - including all its associated configuration - with a specific call control profile. The GTPP group would have been defined with the gtpp group command (see the Context Configuration Mode Commands chapter).
If the GTPP group is not specified, then a default GTPP group in the accounting context will be used.
If this command is not specified, use the name of the accounting context configured in the SGSN service configuration mode (for 3G) or the GPRS service configuration mode (for 2G), either will automatically use a “default” GTPP group generated in that accounting context.
If the accounting context is specified in the GPRS service or SGSN service and in a call control profile, the priority is given to the accounting context of the call control profile.
Example
For this call control profile, the following command identifies an accounting context called acctng1 and associates a GTPP server group named roamers with defined charging gateway accounting functionality.
accounting context acctng1 gtpp group roamers
accounting mode
Configures the mode to be used for accounting – GTPP (default), RADIUS/Diameter or None.
Product
S-GW
Privilege
Administrator
Syntax
[ default ] accounting mode { gtpp | none | radius-diameter }
default accounting mode
Sets the accounting mode to GTPP.
gtpp
Specifies that GTPP accounting is performed. This is the default method.
none
Specifies that no accounting will be performed for the call control profile.
radius-diameter
Specifies that RADIUS/Diameter will be performed for the call control profile.
Usage
Use this command to specify the accounting mode for a call control profile. For additional information on accounting mode and its relationship to operator policy, refer to the System Administration Guide.
Example
The following command specifies that RADIUS/Diameter accounting will be used for the call control profile:
accounting mode radius-diameter
allocate-ptmsi-signature
Enables or disables the allocation of a P-TMSI (Packet Temporary Mobile Subscriber Identity) signature.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
[ no | default ] allocate-ptmsi-signature
no
Disables the allocation of the P-TMSI signature.
default
Resets the configuration value to the default: allocates the P-TMSI signature.
Usage
Use this command to enable or disable the allocation of the P-TMSI signature.
Example
allocate-ptmsi-signature
apn-restriction
Enables the APN restriction feature and configures the instruction for the SGSN on the action to take when an APN restriction value is received from the GGSN during an Update PDP Context procedure.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
apn-restriction update-policy deactivate restriction
default apn-restriction
default
Creates a default APN restriction configuration.
update-policy deactivate restriction
Specifies one of the two restriction types to define the appropriate action if the APN restriction value received conflicts with the stored value:
least-restrictive: least restrictive value applicable when there are no already active PDP context(s).
most-restrictive: most restrictive is the most stringent restriction required by any already active PDP context(s).
Usage
When this feature is enabled, the SGSN will send the maximum APN restriction value in every CPC Request message sent to the GGSN. The SGSN expects to receive an APN restriction value in each PDP Context received from the GGSN. The SGSN stores and compares received APN restriction values to check for conflicts. In the case of a conflict, the SGSN rejects the PDP Context with appropriate messages and error codes to the MS.
If an APN restriction value is not assigned by the GGSN, the SGSN assumes the value of “1” (least restrictive) to allow APN restriction rules will be possible when valid values are assigned for new PDP Context(s) from the same MS.
Example
The following command applies the lowest level of APN restrictions:
apn-restriction update-policy deactivate least-restrictive
associate
Associates various MME-specific lists and databases with this call control profile.
Product
MME
Privilege
Security Administrator, Administrator
Syntax
associate { ho-restrict-list list_name | hss-peer-service service_name [ s13-interface | s6a-interface ] | tai-mgmt-db tai-db_name }
remove associate { ho-restrict-list | hss-peer-service [ s13-interface | s6a-interface ] | tai-mgmt-db }
remove
Remove the specified association definition from the call control profile.
ho-restrict-list list_name
Identifies the handover restriction list that should be associated with this call control profile. list_name is an alphanumeric string of 1 through 64 characters.
hss-peer-service service_name
Associates a Home Subscriber Server (HSS) peer service with this call control profile. service_name is an existing HSS peer service expressed as an alphanumeric string of 1 through 63 characters.
[ s13-interface | s6a-interface ]
Optionally, identify the interface to be associated with the HSS service in this call control profile.
tai-mgmt-db tai-db_name
Identifies the tracking area identifier (TAI) database that should be associated with this call control profile. tai-db_name is an alphanumeric string of 1 through 64 characters.
This configuration overrides the S-GW selection and TAI list assignment functionality for a call that uses an operator policy associated with this call control profile. The TAI management object provides a TAI list for calls and provides S-GW selection functionality if a DNS is not configured for S-GW discovery for this operator policy or if a DNS discovery fails.
Usage
Use this command to associate handover restriction lists, HSS service (and interfaces), and TAI dB with the call control profile. This ensures that the information is available for application when a Request is received.
Repeat the command as needed to associate each feature.
Example
Link HO restriction list named HOrestrict1 with this call control profile:
associate ho-restrict-list HOrestrict1
attach
Defines attach-related configuration parameters for this call control profile.
note_smallImportant: SGSN only: Before using this command, ensure that the appropriate location area code (LAC) information has been defined via the location-area-list command.
Product
MME, SGSN
Privilege
Security Administrator, Administrator
Syntax
attach access-type { gprs | umts } { all | location-area-list instance list_id } { failure-code code | user-device-release { before-r99 failure code code | r99-or-later failure code code } }
default attach access-type { gprs | umts } { all | location-area-list instance list_id } { failure-code | user-device-release { before-r99 failure code | r99-or-later failure code }
[ no ] attach allow access-type { eps | gprs | umts } location-area-list instance list_id
[ no ] attach restrict access-type { eps | gprs | umts } { all | location-area-list instance list_id }
attach imei-query-type { imei | imei-sv | none } [ [ verify-equipment-identity ] [ allow-on-eca-timeout | deny-greylisted | deny-unknown | verify-emergency ]
remove attach imei-query-type
default
Restores the default values for the for the specified parameter.
no
Deletes the specified attach configuration.
remove
Deletes the specified attach configuration.
access-type type
Defines the type of access to be allowed or restricted.
eps
gprs
umts
If this keyword is not included, then both access types are allowed by default.
allow
Allow re-enables attaches in the configuration after an attach restrict command has been used.
restrict
Restrict attaches (do not accept calls) of specified access-type and from specified location areas (defined using either the all or location-area-list keywords).
all
Instructs the SGSN or MME to apply the command action to all location area lists. Location area lists should already have been created with the location-area-list command. The location area list consists of one or more LACs, location area codes, where the MS is when placing the call.
location-area-list instance list_id
Instructs the MME or SGSN to apply the command action to a specific location area list. Location area lists should already have been created with the location-area-list command. The location area list consists of one or more LACs, location area codes, where the MS is when placing the call.
Using this keyword with either the allow or restrict keywords enables you to configure with more granularity.
list_id: Enter an integer between 1 and 5.
failure-code code
Specify a GMM failure cause code to identify the reason an attach did not occur. This GMM cause code will be sent in the reject message to the MS.
Default: 14.
fail-code: Enter an integer from 2 to 111. Refer to the GMM failure cause codes listed below (from section 10.5.5.14 of the 3GPP TS 124.008 v7.2.0 R7):
2 - IMSI unknown in HLR
3 - Illegal MS
6 - Illegal ME
7 - GPRS services not allowed
8 - GPRS services and non-GPRS services not allowed
9 - MSID cannot be derived by the network
10 - Implicitly detached
11 - PLMN not allowed
12 - Location Area not allowed
13 - Roaming not allowed in this location area
14 - GPRS services not allowed in this PLMN
15 - No Suitable Cells In Location Area
16 -MSC temporarily not reachable
17 - Network failure
20 - MAC failure
21 - Synch failure
22 - Congestion
23 - GSM authentication unacceptable
40 - No PDP context activated
48 to 63 - retry upon entry into a new cell
95 - Semantically incorrect message
96 - Invalid mandatory information
97 - Message type non-existent or not implemented
98 - Message type not compatible with state
99 - Information element non-existent or not implemented
100 - Conditional IE error
101 - Message not compatible with the protocol state
111 - Protocol error, unspecified
user-device-release { before-r99 | r99-or-later } failure-code code
Default: disabled
Enables the SGSN to reject an Attach procedure based on the detected 3GPP release version of the MS equipment and selectively send a failure cause code in the reject message. The SGSN uses the following procedure to implement this configuration:
1.
When Attach Request is received, the SGSN checks the subscriber’s IMSI and current location information.
2.
Based on the IMSI, an operator policy and call control profile are found that relate to this Attach Request.
3.
Profile is checked for access limitations.
4.
Attach Request is checked to see if the revision indicator bit is set
if not, then the configured common failure code for reject is sent;
if set, then the 3GPP release level is verified and action is taken based on the configuration of this parameter
One of the following options must be selected and completed:
before-r99: Indicates the MS would be a 3GPP release prior to R99 and an appropriate failure code should be defined.
failure-code code: Enter an integer from 2 to 111.
r99-or-later : Indicates the MS would be a 3GPP Release 99 or later and an appropriate failure code should be defined.
failure-code code: Enter an integer from 2 to 111.
imei-query-type { imei | imei-sv | none }
This keyword set is specific to the MME.
Defines device Attach limitations if an IMEI is not already present in the Attach Request.
imei: Specifies that the MME is required to query the UE for its International Mobile Equipment Identity (IMEI).
imei-sv: Specifies that the MME is required to query the UE for its International Mobile Equipment Identity - Software Version (IMEI-SV).
none: Specifies that the MME does not need to query for IMEI or IMEI-SV.
verify-equipment-identity [ allow-on-eca-timeout | deny-greylisted | deny-unknown | verify-emergency ]
Specifies that the identification (IMEI or IMEI-SV) of the UE is to be performed by the Equipment Identity Register (EIR) over the S13 interface.
allow-on-eca-timeout: Configures the MME to allow equipment that has timed-out on ECA during the attach procedure.
deny-greylisted: Configures the MME to deny grey-listed equipment during the attach procedure.
deny-unknown: Configures the MME to deny unknown equipment during the attach procedure.
verify-emergency: Configures the MME to ignore the IMEI validation of the equipment during the attach procedure in emergency cases. This keyword is only supported in release 12.2 and higher.
Usage
Once the IMSI of an incoming call is known and matched with a specific operator policy, according to the filter definition of the mcc command, then the associated call control profile is selected to determine how the incoming call is handled.
By default, all attaches are allowed. If no access limitations are needed, then do not use the attach command.
note_smallImportant: Before using this command, ensure that the appropriate LAC information has been defined with the location-area-list command.
Use this command to define attach limitations for the call control profile.
Use this command to fine-tune the attach configuration specifying which calls/subscribers can attach and which calls are restricted from attaching and what failure code is included in the Reject message.
Attachment restrictions can be based on any one or combination of the options, such as location area code or access type. It is even possible to restrict all attaches.
The command can be repeated using different keyword values to further fine-tune the attachment configuration.
Example
For calls under the purview of this call control profile, the following command restricts the attaches of all subscribers using the GPRS access type.
attach restrict access-type gprs all
Use the next command to reverse the previous attach restrict command:
attach allow access-type gprs all
Or, change the attach restriction to only restrict attaches of GPRS subscribers from specified LACs included in location area list #2 and include failure-code 45 as the reject cause. This configuration requires two CLI commands:
attach restrict access-type gprs location-area-list instance 2
attach access-type gprs location-area-list instance 2 failure-code 45
In the case of a dual-access SGSN, it is possible to also add a second definition to restrict attaches of UMTS subscribers within the LACs included in location area list #3.
attach restrict access-type UMTS location-area-list instance 3
Change the configuration to allow attaches for GPRS access for all previously restricted LACs - note that GPRS attaches would still be limited:
no attach restrict access-type gprs all
Restrict (deny) all GPRS attach requests (coming from any location area) and assign a single failure code for the reject messages. This is a two command process:
attach restrict access-type gprs all
attach access-type grps all failure-code 22
Remove the restrictions defined above - so that the access type is reset to the default (both types) and the failure code returns to the default value (14).
default attach access-type gprs all failure-code
authenticate activate
Allows the operator to define authentication procedures in response to a received Activate Request.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
authenticate activate [ access-type { gprs | umts } | first | frequency frequency | primary ] [ access-type { gprs | umts } ]
[ no | remove ] authenticate activate [ access-type { gprs | umts } | first | primary ] [ access-type { gprs | umts } ] ]
no
Disables the specified activate authentication configuration in the call control profile.
remove
Removes the specified activate authentication configuration from the call control profile configuration file.
access-type type
One of the following must be selected to identify the type of network access if the access-type keyword is included in the command:
gprs
umts
The access-type keyword can be included with any of the other three keywords available with the authenticate activate command.
first
Including this keyword enables authentication only for the first Activate Request for an MS/UE.
frequency frequency
This keyword defines 1-in-N selective authentication for Activate Request events. If the frequency is set for 12, then the SGSN skips authentication for the first 11 events and authenticates on the twelfth event.
frequency must be an integer from 1 to 16.
primary
Including this keyword enables authentication for every primary PDP context Activate Request.
Usage
Activate Requests are not authenticated by default. Use this command to enable authentication of Activate Requests.
Repeat the commands as needed to configure desired authentication responses to Activate Request messages for this call control profile.
Example
Configure Request Activate authentication for every primary PDP context for MS with GPRS access:
authenticate activate primary access-type gprs
authenticate all-events
Allows the operator to quickly define authentication procedures, based on limited parameters, for all types of events.
Product
MME, SGSN
Privilege
Security Administrator, Administrator
Syntax
authenticate all-events [ access-type { gprs | umts } | frequency frequency [ access-type { gprs | umts } ] ]
[ no | remove ] authenticate all-events [ access-type { gprs | umts } ]
no
Disables the specified authentication configuration in the call control profile.
remove
Removes the specified authentication configuration from the call control profile configuration file.
access-type type
One of the following must be selected to identify the type of network access if the access-type keyword is included in the command:
gprs
umts
The access-type keyword can be included with any of the other three keywords available with the authenticate all-events command.
frequency frequency
This keyword defines 1-in-N selective authentication for all types of subscriber events. If the frequency is set for 12, then the service skips authentication for the first 11 events and authenticates on the 12th event.
frequency must be an integer from 1 to 16.
Usage
By default, authentication is not performed for any subscriber events. Use this command to enable authentication for all types of events at one time, such as but not limited to: Activate Requests, Attach Requests, Detach Requests, Service-Requests.
Example
The following command configures all authentication for all subscriber events to occur every tenth time a specific type of event occurs (for example every tenth time an Attach Request is received):
authenticate all-events frequency 10
The following command configures authentication for all Detach Requests and RAUs to occur if the UE access-type is UMTS:
authenticate all-events access-type umts
authenticate attach
Allows the operator to define authentication for Attach procedures.
Product
MME, SGSN
Privilege
Security Administrator, Administrator
Syntax
authenticate attach access-type { gprs | umts }
authenticate attach attach-type { combined | gprs-only } [ access-type { gprs | umts } | frequency frequency ]
authenticate attach frequency frequency [ access-type { gprs | umts } ]
authenticate attach inter-rat [ access-type { gprs | umts } | attach-type { combined | gprs-only } [ access-type { gprs | umts } | frequency frequency ] | frequency frequency [ access-type { gprs | umts } ]
[ no | remove ] authenticate attach [ access-type { gprs | umts } | attach-type { combined | gprs-only } | inter-rat | attach-type { combined | gprs-only } ] [ access-type { gprs | umts } ] ]
no
Disables the defined authentication procedures configured for Attach Requests from the call control profile.
remove
Deletes the defined authentication procedures for Attach Requests from the call control profile configuration file.
access-type type
One of the following must be selected to identify the type of network access if the access-type keyword is included in the command:
gprs
umts
attach-type
This keyword configures the Attach authentication based on the type of attach requested. The attach-type must be one of the following options:
combined: Authenticates combined GPRS/IMSI Attaches.
gprs-only: Authenticates GRPS Attaches only.
frequency frequency
This keyword defines 1-in-N selective authentication for this type of subscriber event - Attach Request. If the frequency is set for 12, then the service skips authentication for the first 11 events and authenticates on the twelfth event.
frequency must be an integer from 1 to 16.
inter-rat
Enables/disables authentication for Inter-RAT Attaches.
Usage
Authentication for Attach is disabled by default. This command enables/disables authentication for an Attach with a local P-TMSI or Attaches with an IMSI, which will be authenticated to acquire the CK (cipher key) and the IK (integrity key).
Example
The following command configures authentication to occur after every tenth attach event for GPRS access.
authenticate attach frequency 10 access-type gprs
The following command disables authentication for Inter-RAT Attaches, use:
no authenticate attach inter-rat
authenticate detach
Allows the operator to enable and define authentication for Detach procedures.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
authenticate detach access-type { gprs | umts }
[ no | remove ] authenticate detach [ access-type { gprs | umts }
no
Disables the defined authentication procedures configured for Detach Requests from the call control profile.
remove
Deletes the defined authentication procedures for Detach Requests from the call control profile configuration file.
access-type type
One of the following must be selected to identify the type of network access if the access-type keyword is included in the command:
gprs
umts
Usage
Authentication for Detach procedures is disabled by default. This command enables/disables authentication for a Detach Request and allows the operator to limit authentication based on the MS/UE access-type.
Example
The following command configures detach authentication to occur only for UMTS attached subscribers:
authenticate detach access-type umts
The following command disables authentication for all Detach Requests, use:
no authenticate detach
authenticate on-first-vector
Allows the operator to enable the SGSN to begin MS authentication immediately after receiving the first vector from the HLR.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
authenticate on-first-vector
remove authenticate on-first-vector
remove
Removes the authenticate on-first-vector definition from the configuration file and resets the default behavior so that the SGSN waits to receive all vectors before beginning authentication towards the MS.
Usage
After an initial attach request, some end devices restart themselves after waiting for the PDP to be established. In such cases, the SGSN restarts and a large number of end devices repeat their attempts to attach. The attach requests flood the radio network, and if the devices timeout before the PDP is established then they continue to retry, thus even more traffic is generated.
To avoid the high traffic levels during PDP establishment, the SGSN has been modified to reduce the attach time, as much as possible, so that the devices can attach and discontinue sending requests. The current enhancement is intended to reduce the time needed to retrieve vectors over the GR interface by allowing the operator to configure the SGSN to start authentication towards the MS as soon as it receives the first vector from the AuC/HLR. With the new command included in the configuration, the SGSN begins the MS authentication process immediately after receiving the first vector from the HLR while the SAI continues in parallel.
Example
Use the following command to configure the SGSN to begin MS authentication immediately after receiving the first vector from the AuC/HLR:
authenticate on-first-vector
Use the following command to reset the default behavior, so that the SGSN waits to receive all vectors requested in the SAI from the AuC/HLR before begining authentication towards the MS:
remove authenticate on-first-vector
authenticate rau
Enables or disables and fine tunes authentication procedures for routing area updates (RAUs)
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
authenticate rau [ access-type { gprs | umts } | frequency frequency [ access { gprs | umts } ] | periodicity duration [ access { gprs | umts } ] | update-type { combined-update | imsi-combined-update | periodic | ra-update } [ access-type { gprs | umts } | frequency frequency | periodicity duration | with { foreign-ptmsi | inter-rat-local-ptmsi | local-ptmsi } [ access-type { gprs | umts } | frequency frequency | periodicity duration ]
no authenticate rau [ access-type { grps | umts } | update-type { combined-update | imsi-combined-update | periodic | ra-update } [ access-type { gprs | umts } | with { foreign-ptmsi | inter-rat-local-ptmsi | local-ptmsi } [ access-type { gprs | umts } ]
remove authenticate rau [ access-type { gprs | umts } | periodicity [ access { gprs | umts } ] | update-type { combined-update | imsi-combined-update | periodic | ra-update } [ access-type { gprs | umts } | periodicity | with { foreign-ptmsi | inter-rat-local-ptmsi | local-ptmsi } [ access-type { gprs | umts } | periodicity ] ]
no
Disables authentication for the RAUs specified in the configuration for the call control profile.
remove
Deletes the authentication configuration for the RAUs from the call control profile in the configuration file.
access-type type
One of the following must be selected to identify the type of network access if the access-type keyword is included in the command:
gprs
umts
The access-type keyword can be included with any of the other keywords available with the authenticate rau command.
frequency frequency
Defines 1-in-N selective authentication for RAU events. If the frequency is set for 12, then the SGSN skips authentication for the first 11 events and authenticates on the twelfth event.
frequency must be an integer from 1 to 16.
periodicity duration
Defines the length of time (number of minutes) that authentication can be skipped.
duration: Must be an integer from 1 to 10800.
update-type
Defines the type of RAU Request. Select one of the following:
combined-update [ access-type | with inter-rat-local-ptmsi ]
imsi-combined-update [ access-type | with inter-rat-local-ptmsi ]
periodic [ access-type | frequency | periodicity ]
ra-update [ access-type | with inter-rat-local-ptmsi ]
Usage
By default, authentication is not performed for routing area updates (RAUs). Use this command to enable/disable authentication and to fine tune the authentication procedure based on frequency, periods for skipping authentication and the various types of routing area updates.
Example
The following command configures RAU authentication to occur after every tenth event for GPRS access.
authenticate rau frequency 10 access-type gprs
The following command disables authentication for RAUs based on the combined IMSI with foreign P-TMSIs, use:
no authenticate rau imsi-combined-update with foreign-ptmsi
The following command deletes all authentication configuration from the call control profile for all RAUs using GPRS access-type:
remove authenticate rau access-type gprs
authenticate service-request
Enables or disables and fine-tunes authentication procedures for Service Requests.
Product
MME, SGSN
Privilege
Security Administrator, Administrator
Syntax
authenticate service-request [ frequency frequency | periodicity duration | service-type { data | page-response | signaling } [ frequency frequency | periodicity duration ] ]
no authenticate service-request [ service-type { data | page-response | signaling } ]
remove authenticate service-request [ periodicity | service-type { data | page-response | signaling } [ periodicity ] ]
no
Disables authentication for the Service Requests specified in the configuration for the call control profile.
remove
Deletes the authentication configuration for Service Requests from the call control profile in the configuration file.
frequency frequency
Defines 1-in-N selective authentication for this type of subscriber event - Service Request. If the frequency is set for 12, then the service skips authentication for the first 11 events and authenticates on the twelfth event.
frequency must be an integer from 1 to 16.
periodicity duration
Defines the length of time (number of minutes) that authentication can be skipped.
duration: Must be an integer from 1 to 10800.
signaling-type
Defines the type of service being requested by the Service Request. Select one of the following:
data
page-response
signaling
Usage
By default, authentication is not performed for Service Requests. Use this command to enable/disable authentication and to fine-tune the authentication procedure based on frequency and periods for skipping authentication and the various types of service. Repeat the commands as needed to configure criteria for all service types.
Example
The following command configures authentication Service Requests for data service to only occur every 5 minutes:
authenticate service-request service-type data periodicity 5
authenticate sms
Enables or disables and fine tunes authentication procedures for Short Message Service (SMS).
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
authenticate sms [ access-type { gprs | umts } | frequency frequency [ access-type { gprs umts } ] | sms-type { mo-sms | mt-sms } [ access-type { gprs | umts } | frequency frequency ] ]
[ no | remove ] authenticate sms [ access-type { gprs | umts } | sms-type { mo-sms | mt-sms } [ access-type { gprs umts } ] ]
no
Disables authentication for the SMS Requests specified in the configuration for the call control profile.
remove
Deletes the authentication configuration for SMS Requests from the call control profile in the configuration file.
access-type type
One of the following must be selected to identify the type of network access if the access-type keyword is included in the command:
gprs
umts
The access-type keyword can be included with any of the other keywords available with the authenticate sms command.
frequency frequency
Defines 1-in-N selective authentication for SMS Requests. If the frequency is set for 12, then the SGSN skips authentication for the first 11 events and authenticates on the twelfth event.
frequency must be an integer from 1 to 16.
sms-type
Enables authentication for the following SMS types:
mo-sms: mobile-originated SMS
mt-sms: mobile-terminated SMS
Usage
By default, authentication is not performed for short message service (SMS). Use this command to enable/disable authentication and to fine-tune the authentication procedure based on MS/UE access type and the frequency for the selected SMS type. Repeat the commands as needed to configure criteria for all service types.
Example
The following command configures MO-SMS authentication to occur every fifth request:
authenticate sms sms-type mo-sms frequency 5
authenticate tau
Allows the operator to enable/disable and fine-tune authentication for the tracking area update (TAU) procedures.
Product
MME
Privilege
Security Administrator, Administrator
Syntax
authenticate tau [ freqency frequency | inter-rat | periodicity interval ]
no authenticate tau inter-rat
no
Disables the TAU authentication procedures specified in the call control profile configuration.
frequency frequency
Defines 1-in-N selective authentication for this type of subscriber event - a tracking area update for an inter-RAT Attach. If the frequency is set for 12, the MME skips authentication for the first 11 events and authenticates on the twelfth event.
frequency must be an integer from 1 to 16.
inter-rat
Enables authentication for TAU procedures for inter-RAT Attaches.
periodicity duration
Defines the length of time (number of minutes) that authentication can be skipped.
duration: Must be an integer from 1 to 10800.
Usage
Authentication for TAU procedures is disabled by default. This command enables/disables authentication for a inter-RAT TAU procedures and allows the operator to limit authentication based on the frequency of the events or elapsed intervals between the events.
Example
The following command configures TAU authentication to occur when there is 15 minutes between inter-RAT Attaches:
authenticate tau periodicity 15
The following command disables authentication for all TAU Inter-RAT Attaches, use:
no authenticate tau
cc
Defines the charging characteristics to be applied for CDR generation when the handling rules are applied via the Operator Policy feature.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
cc { behavior-bit no-records bit_value | local-value behavior bit_value profile index_bit | prefer { hlr-hss-value | local-value } }
no cc behavior-bit no-records
remove cc { behavior-bit no-records | local-value | prefer }
no
Disables the charging characteristics configuration of behavior bit from this call control profile.
remove
Removes the configured charging characteristics from this profile.
behavior-bit no-records bit_value
Default: disabled
Specify the charging characteristic behavior bit. no-records indicates that no accounting records should be generated.
If charging characteristics has no-records bit set, the system will not generate any accounting records, regardless of what may be configured elsewhere. Use “no” to indicate that there is no such bit.
bit_value must be must be an integer from 1 through 12.
local-value behavior bit_value profile index_bit
Default: bit_value = 0x0
index_bit = 8
This keyword sets the call control profile to configure the value of the behavior bits and profile index for the charging characteristics when the HLR does not provide value for this.
If the HLR provides the charging characteristics with behavior bits and profile index and operator want to ignore it, then specify prefer local-value keyword with this command.
bit_value: Enter a hexadecimal value between 0x0 and 0xFFF.
index_bit: Enter an integer value from 1 through 15.
Some of the index values are predefined according to 3GPP standard:
1 for hot billing
2 for flat billing
4 for prepaid billing
8 for normal billing
prefer { hlr-hss-value | local-value }
Default: hlr-hss-value
Specifies preference for using charging characteristics settings received from HLR or HSS, or set by the SGSN or MME locally.
hlr-hss-value: Sets the call control profile to use charging characteristics settings received from HLR or HSS. This is the default preference.
local-value: Sets the call control profile to use charging characteristics settings from the SGSN or MME only. If no charging characteristics received from HLR then local value will be applicable.
Usage
Use this command to set the behavior for charging characteristic coming from either an HLR or locally from an SGSN.
These charging characteristics parameters are configurable from APN Profile configuration mode too. For generation of M-CDRs, the parameters configured in this mode, Call Control Profile configuration mode, will prevail but for generation of S-CDRs the parameters configured in the APN Profile configuration mode will prevail.
The first four bits of charging characteristics (use keyword profile) is for the charging trigger profile index and is used to select different charging trigger profiles.
The 12 behavior bits (with keyword local-value behavior) can to enable or disable the CDR generation.
Example
The following command specifies a rule not to use records for charging characteristics and to set behavior bit to 2:
cc behavior-bit no-records 2
check-zone-code
Enables or disables the zone code checking mechanism.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
[ no | remove ] check-zone-code
no
Included with the command, this keyword disables the mechanism.
remove
Included with the command, this keyword causes the removal of the current check-zone-code configuration and returns to the SGSN to the default where zone-code checking is enabled.
Usage
Use this command to enable/disable the zone-code checking function.
Example
Disable checking of the zone code:
no check-zone-code
ciphering-algorithm-gprs
Defines the order of preference of the ciphering algorithms.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
ciphering-algorithm-gprs priority priority algorithm
remove ciphering-algorithm-gprs priority priority
remove
Delete the priority definition.
priority priority
Sets the order in which the algorithm will be selected for use.
priority is an integer from 1 to 8.
algorithm
Identifies the ciphering algorithm to be used.
algorithm is one of the following: gea0, gea1, gea2, gea3.
Usage
Define the order in which the ciphering algorithms are chosen for use. The command can be repeated to provide multiple definitions -- multiple priorities.
Example
Define gea1 as the third priority algorithm:
ciphering-algorithm-gprs priority 3 gea1
csfb
Configures circuit-switched fallback options. CSFB is the mechanism to move a subscriber from LTE to a legacy technology to obtain circuit switched voice or short message.
Product
MME
Privilege
Administrator
Syntax
csfb { policy { not-allowed | sms-only } | sms-only }
remove csfb { policy | sms-only }
remove csfb { policy | sms-only }
sms-only: Removes the SMS-only restriction allowing the UE to request voice and short message service (SMS) support for circuit-switched fallback (CSFB).
policy: Removes the configured policy
policy { not-allowed | sms-only }
not-allowed: Specifies that the CSFB function is not allowed for both voice and SMS.
sms-only: Specifies that the CSFB function only supports SMS.
sms-only
Specifies that the circuit-switched fallback function only supports SMS.
note_smallImportant: This is a legacy keyword that remains to support earlier versions of the code. It operates identically to the policy sms-only keyword.
Usage
Use this command to restrict the circuit-switched fallback function to SMS only or no support for either voice or SMS.
Example
The following command enforces the SMS-only functionality for UEs requesting circuit-switched fallback:
csfb policy sms-only
description
Allows you to enter a relevant descriptive string.
Product
MME, SGSN, S-GW
Privilege
Security Administrator, Administrator
Syntax
description description
no description
description
Enter an alphanumeric string of 1 to 100 characters. The string may include spaces, punctuation, and case-sensitive letters if the string is enclosed in double quotation marks ( “ ).
no
Removes the description from the call control profile.
Usage
Define information that identifies this particularly call control profile.
Example
description “call-control-profile handling incoming from CallTell”
diameter-result-code-mapping
Maps an EMM (EPS Mobility Management) NAS (Network Access Server) cause code to map to a Diameter result code.
Product
MME
Privilege
Administrator
Syntax
diameter-result-code-mapping s6a diameter-error-rat-not-allowed mme-emm-cause { no-suitable-cell-in-tracking-area | roaming-not-allowed-in-this-tracking-area | tracking-area-not-allowed }
remove diameter-result-code-mapping s6a diameter-error-rat-not-allowed
remove diameter-result-code-mapping s6a diameter-error-rat-not-allowed
Removes the mapping.
s6a diameter-error-rat-not-allowed
Specifies the Diameter result code to which the EMM NAS cause code is mapped.
mme-emm-cause { no-suitable-cell-in-tracking-area | roaming-not-allowed-in-this-tracking-area | tracking-area-not-allowed }
Specifies the EMM NAS cause mapped to the Diameter result code.
no-suitable-cell-in-tracking-area: Specifies that the EMM NAS cause code “no suitable cell in tracking area” is to be mapped to the specified Diameter result code.
roaming-not-allowed-in-this-tracking-area: Specifies that the EMM NAS cause code “roaming not allowed in this tracking area” is to be mapped to the specified Diameter result code.
tracking-area-not-allowed: Specifies that the EMM NAS cause code “tracking area not allowed” is to be mapped to the specified Diameter result code.
Usage
Use this command to map a selected EMM NAS cause code to a specific Diameter result code.
Example
The following command maps the EMM NAS cause code “roaming not allowed in this tracking area” to the Diameter result code “S6a Diameter error RAT not allowed”:
diameter-result-code-mapping s6a diameter-error-rat-not-allowed mme-emm-cause roaming-not-allowed-in-this-tracking-area
direct-tunnel
Allows direct tunneling if direct tunneling is supported by the destination node.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
direct-tunnel attempt-when-permitted
remove direct-tunnel
remove
Removes the configured setting from the call control profile.
attempt-when-permitted
Enables direct tunneling if the destination node allows it. Default: disabled.
Usage
Use this command to enable the Direct-Tunnel feature.
To ensure that direct tunnel is fully configured for support by the SGSN, check the settings for direct-tunnel in
the APN profile -- from the Exec mode, use command: show apn-profile <profile_name> all
the RNC (radio network controller) configuration -- from the Exec mode, use command: iups-service <service_name> all
note_smallImportant: Direct tunneling must be enabled at both of these two points to allow direct tunneling for the MS/UE.
Example
The following command sets the configuration to instruct the SGSN to attempt to setup a direct tunnel if permitted at the destination node:
direct-tunnel attempt-when-permitted
dns-ggsn
Defines the context to be used to do DNS lookup for GGSNs.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
dns-ggsn context ctxt_name
no dns-ggsn context ctxt_name
no
Removes the dns-ggsn configuration from this call control profile.
context ctxt_name
Specifies the context to be used to do DNS lookup for GGSNs as an alphanumeric string of 1 through 64 characters.
Usage
Use this command to define the context to be used to do DNS lookup to find the GGSN address.
Example
dns-ggsn context sgsn1
dns-sgsn
Identifies the context to be used to do DNS to find an SGSN address.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
[ no ] dns-sgsn context ctxt_name
no
Removes the dns-sgsn configuration from this call control profile.
context ctxt_name
Specifies the context to be used to do DNS to find an SGSN address as an alphanumeric string of 1 through 64 characters.
Usage
Use this command to configure the context ID for the SGSN address that will be used to do the DNS lookup.
Example
dns-sgsn context sgsn1
dns-pgw
Defines the context to be used to do DNS lookup for P-GWs.
Product
MME
Privilege
Security Administrator, Administrator
Syntax
[ remove ] dns-pgw context ctxt_name
remove
Deletes this definition from the call control profile.
context ctxt_name
Specifies the context to be used to do DNS lookup for P-GWs as an alphanumeric string of 1 through 64 characters.
Usage
Use this command to configure the context ID for the DNS lookup.
Example
dns-pgw context pgw1
dns-sgw
Defines the context to be used to do DNS lookup for S-GWs.
Product
MME
Privilege
Security Administrator, Administrator
Syntax
[ remove ] dns-sgw context ctxt_name
remove
Deletes this definition from the call control profile.
context ctxt_name
Specifies the context to be used to do DNS lookup for S-GWs as an alphanumeric string of 1 through 64 characters.
Usage
Use this command to configure the context ID for the DNS lookup.
Example
dns-sgw context sgw1
encryption-algorithm-lte
Defines the priorities for using the encryption algorithms.
Product
MME
Privilege
Administrator
Syntax
encryption-algorithm-lte priority1 128-eea { 0 | 1 | 2 } priority2 128-eea { 0 | 1 | 2 } priority3 128-eea { 0 | 1 | 2 }
remove encryption-algorithm-lte
remove
Deletes the priorities definition from the call control profile configuration.
priority1 128-eea { 0 | 1 | 2 }
Enter 0, 1, or 2 at the end of 128-eea to define the algorithm being given first priority.
priority2 128-eea { 0 | 1 | 2 }
Enter 0, 1, or 2 at the end of 128-eea to define the algorithm being given second priority.
priority3 128-eea { 0 | 1 | 2 }
Enter 0, 1, or 2 at the end of 128-eea to define the algorithm being given third priority.
Usage
Set the order or priority in which the MME will select a 128-EEA algorithm for use. All three priorities must be set or the definition is invalid. The command can be re-entered to change the priorities without removing the configuration.
Example
Configure 128-EEA2 as first priority encryption algorithm:
encryption-algorithm-lte priority1 128-eea 2 priority2 128-eea 0 priority3 128-eea 1
encryption-algorithm-umts
Defines the priorities for using the encryption algorithms.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
encryption-algorithm-umts { uea0 | uea1 | uea2 } [ then-uea# | then-uea# ]
no encryption-algorithm-lte
no
Deletes the priorities definition from the call control profile configuration.
{ uea0 | uea1 | uea2 }
Enter one of the three options to define the first priority algorithm.
[ then-uea# | then-uea# ]
If a second algorithm is to be included as an option, give it second priority. Enter 0, 1, or 2 at the end of then-uea to define the algorithm being given second priority.
then-uea#
If a third algorithm is to be included as an option, give it third priority. Enter 0, 1, or 2 at the end of then-uea to define the algorithm being given third priority.
Usage
Set the order or priority in which the SGSN will select a UEA algorithm for use. It is not necessary to define priorities for all three priority levels. The command can be re-entered to change the priorities without removing the configuration.
Example
Configure algorithm UEA2 as the first priority encryption algorithm with no others to be considered:
encryption-algorithm-umts uea2
end
Exits the current configuration mode and returns to the Exec mode.
Product
All
Privilege
Security Administrator, Administrator
Syntax
end
Usage
Use this command to return to the Exec mode.
equivalent-plmn
Configures the definition for an equivalent public land mobile network identifier (PLMN ID) and the preferred radio access technology (RAT). This is a of PLMNs which should be considered by the mobile as equivalent to the visited PLMN for cell reselection and network selection. When configured, the equivalent PLMN list will be sent to the UE in NAS ATTACH ACCEPT / TAU ACCEPT messages (up to 15 PLMNs in each message).
Product
MME, SGSN
Privilege
Security Administrator, Administrator
Syntax
equivalent-plmn radio-access-technology { 2G | 3g | 4g | any } plmnid mcc mcc_number mnc mnc_number priority priority
no equivalent-plmn radio-access-technology { 2G | 3g | any } plmnid mccmcc_number mnc mnc_number
no
Removes the equivalent-PLMN configuration from this call control profile.
radio-access-technology { 2G | 3g | 4g | any }
Identify the RAT type of the equivalent PLMN:
2G: 2nd generation
3G: 3rd generation
4G: 4th generation
any: Any RAT
plmnid mcc mcc_number mnc mnc_number
mcc: Specifies the mobile country code (MCC) portion of the PLMN ID. The number can be any integer between 100 and 999.
mnc: Specifies the mobile network code (MNC) portion of the PLMN ID. The number can be any 2- or 3-digit integer between 00 and 999.
priority priority
Enter an integer between 1 and 15 with the highest priority assigned to the integer of the lowest numeric value.
Usage
Use the command to identify an ‘equivalent PLMN’ and assign it a priority to define the preferred equivalent PLMN to be used. This command can be entered multiple times to set priorities of usage.
Example
The following command sets up a secondary equivalent PLMN definition that allows for any RAT with a PLMN ID of MCC121.MNC767:
equivalent-plmn radio_access_technology any plmnid mcc 121 mnc 767 priority 2
exit
Exits the current mode and returns to the parent configuration mode.
Product
All
Privilege
Security Administrator, Administrator
Syntax
exit
Usage
Use this command to return to the parent configuration mode.
gmm information-in-messages
Provides the configuration to include the information in messages for the GPRS mobility management (GMM) parameters.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
gmm information-in-messages access-type { { gprs | umts } [ network-name { full-text name | short-text name } | [ send-after { attach | rau } ] }
[ default | no ] gmm { information-in-messages access-type { gprs | umts }
no
Disables the GMM configuration from this call control profile.
default
Sets up a GMM configuration with system default values.
access-type
Must select one of the following options:
gprs - General Packet Radio Service network
umts - Universal Mobile Telecommunications System network
After selecting the access-type, an additional parameter can be configured:
network-name: identifies the network name in either short text or full text.
send-after: configures the information in message to send after attachment or Routing Area Update (RAU).
network-name { full-text name | short-text name }
This keyword provides the option to add the network name to the message. The network name will in full text or short text. Possible options are:
full-text name: Indicate the network name in full text
short-text name: Indicate the network name in short text
send-after{ attach | rau }
This keyword configures the information in message to send after attachment or RAU message. Possible options are:
attach: Information sent after attachment
rau: Information sent after routing area update
Usage
Use this command to configure identifying information about the network that will be included in GMM messages.
Example
default gmm information-in-messages access-type gprs
gmm retrieve-equipment-identity
Configures the International Mobile Equipment Identity (IMEI) or software version (SV) retrieval and validation procedure.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
gmm retrieve-equipment-identity { imei | imeisv [ unciphered ] [ then-imei ] } [ verify-equipment-identity [ deny-greylisted ] ]
[ no | default ] gmm retrieve-equipment-identity
no
Disables the equipment identity retrieval procedure configured for this call control profile.
default
Sets the default action for equipment identity retrieval (EIR) procedure:
retrieve-equipment-identity: Default action is disabled - no retrieval of IMEI/IMEI-SV
verify-equipment-identity: Default action is disabled - no verification with Equipment Identity Register (EIR)
equipment-identity-type
Default: disabled
Indicates the type of equipment identification, with the possible values:
imei: International Mobile Equipment Identity
imeisv: International Mobile Equipment Identity - Software Version
imei
Indicates the equipment identity retrieval type to International Mobile Equipment Identity (IMEI). IMEI is a unique 15-digit number consisting of a TAC (Technical Approval Code), a FAC (Final Assembly Code), an SNR (Serial Number), and a check digit.
imeisv [ unciphered ] [ then-imei ]
Indicates the equipment identity retrieval type to IMEI with software version (SV). IMEI with SV is a unique 16-digit number consisting of a TAC (Technical Approval Code), a FAC (Final Assembly Code), an SNR (Serial Number), and a 2-digit software version number.
unciphered: This optional keyword enables the unciphered retrieval of IMEI-SV. If this option is enabled the retrieval procedure will get IMEISV (if auth is still pending, get as part of Authentication and Ciphering Response otherwise, via explicit Identification Request after Security Mode Complete).
then-imei: This optional keyword enables the retrieval of software version number before the IMEI. If this option is enabled the equipment identity retrieval procedure will get IMEISV on secured link (after Security mode procedure via explicit GMM Identification Request), and if MS is not having IMEISV (responded with NO Identity), SGSN will try to get IMEI.
If no other keyword is provided, imeisv will get IMEISV on a secured link (after a Security mode procedure via explicit GMM Identification Request).
verify-equipment-identity [ deny-greylisted ]
Default: disabled
This keyword enables the equipment identity validation and validates the equipment identity against the EIR.
deny-greylisted: This keyword fine-tunes the configuration and enables the restriction to the user having mobile equipment with an IMEI in the EIR grey list.
Usage
Use this command to enable and configure the procedures for mobile equipment identity retrieval and validation from the EIR identified in the MAP Service Configuration mode.
Example
The following command enables the SGSN to send “check IMEI” messages to the EIR:
gmm retrieve-equipment-identity imei verify-equipment-identity
gs-service
Associates the context of a Gs service interface with this call control profile.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
gs-service gs_srvc_name context ctx_name
no gs-service svc_name
no
Removes/disassociates the named Gs service from the call control profile.
gs-service gs_srvc_name
Specifies the name of a specific Gs service for which to display information. gs_srvc_name is the name of a configured Gs service expressed as an alphanumeric string of 1 through 63 characters that is case sensitive.
context ctx_name
Specifies the specific context name where Gs service is configured. If this keyword is omitted, the named Gs service must exist in the same context as the GPRS/SGSN service.
ctx_name is name of the configured context of Gs service expressed as an alphanumeric string from 1 through 63 characters that is case sensitive.
Usage
Use this command to associate a specific Gs service interface with this GPRS service instance.
note_smallImportant: A Gs service can be used with multiple SGSN and/or GPRS service.
Example
The following command associates a Gs service instance named stargs1, which is configured in context named star_ctx, with a call control profile:
gs-service stargs1 context star_ctx
gtp send
Configures which information elements (IE) the SGSN sends in GTP messages. These are required by the GGSN.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
gtp send { imeisv [ derive-imeisv-from-imei ] | ms-timezone | rai | rat | uli }
remove gtp send { imeisv | ms-timezone | rai | rat | uli }
no gtp send
remove
Removes the specified GTP send definition from the system configuration.
no
Disables the specified GTP send configuration.
imeisv
Instructs the SGSN to include the IMEISV (International Mobile Equipment Identity with Software Version) of the mobile when sending GTP messages of the type Create PDP Context Request.
derive-imeisv-from-imei
This is a filter for the imeisv keyword. It allows the operator to configure the SGSN to send IMEI to the GGSN as IMEI-SV.
This filter instructs the SGSN to add four 1s (1111) to the final semi-octet of the CPCQ (Create PDP Context Request) message which enables the SGSN to deduce the IMEI-SV value from the IMEI. If this filter is used, then IMEI is also sent as IMEI-SV when the gmm retrieve-equipment-identity command is configured.
ms-timezone
Instructs the SGSN to include this IE in GTP messages of the type Create PDP Request and Update PDP Context Request. This IE specifies the offset between universal time and local time, where the MS currently resides, in 15-minute steps.
This IE is sent by default.
rai
Configures the SGSN to include the Routing Area Identity (RAI) of the SGSN in the following situations:
2G new SGSN RAU
3G new SGSN SRNS
2G -> 3G HO (only if PLMN Id has changed)
3G -> 2G HO (only if PLMN Id has changed)
multiple IUPS service RAU (only if PLMN Id has changed)
multiple GPRS service RAU (only if PLMN Id has changed)
3G new SGSN RAU (change in behavior)
3G primary and secondary PDP activation (change in behavior)
2G primary and secondary PDP activation (change in behavior)
rat
Specifies which radio access technology (RAT) is being used by the MS (GERAN, UTRAN, or GAN). Including this keyword instructs the SGSN to include this IE when sending GTP messages of the type Create PDP Request and Update PDP Context Request.
This IE is sent by default.
uli
Specifies the CGI (MCC, MNC, etc.) and SAI of the MS where it is registered. Including this keyword instructs the SGSN to include the IE when sending GTP messages of the type Create PDP Request and Update PDP Context Request.
This IE is not sent by default.
Usage
Use this command to define a preferred set of information to include when GTP messages are sent. Repeat this command multiple times to enable or disable multiple options. This instruction will be implemented when the specific operator policy and call control profile are applied.
Example
The following command series instructs the SGSN to send ULI and RAT in the GTP messages:
gtp send uligtp send rat
gtpu fast-path
Enables or disables the network processing unit (NPU) Fast Path support for NPU processing of GTP-U packets of user sessions at the NPU.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
[ remove ] gtpu fast-path
remove
Removes the NPU fast path functionality configuration from the call control profile.
Usage
Use this command to enable/disable the NPU processed fast-path feature for processing of GTP-U data packets received from GGSN/RNC. This feature enhances the GTP-U packet processing by adding the ability to fully process and forward the packets through the NPU itself.
note_smallImportant: When enabled/disabled, fast-path processing will be applicable only to new subscriber who establishes a PDP context after issuing this command (enabling GTP-U fast path). No existing subscriber session will be affected by this command.
Example
The following command enables the NPU fast path processing for all new subscribers’ session established with this call control profile:
gtpu fast-path
gw-selection
Configures the parameters controlling the gateway selection process.
Product
MME
Privilege
Security Administrator, Administrator
Syntax
[ remove ] gw-selection { co-location | pgw weight | sgw weight | topology }
remove gw-selection
Deletes the gw-selection definition from the call control profile.
co-location
Selects “co-location” as the determining factor for gateway selection.
pgw weight
Selects PDN-Gateway as the determining factor for gateway selection.
sgw weight
Selects Serving Gateway as the determining factor for gateway selection.
topology
Selects topology as the determining factor for gateway selection.
Usage
Use this command to define the criteria for gateway selection.
Example
The following command instructs the MME to determine gateway selection on the basis of topology:
gw-selection topology
integrity-algorithm-lte
Specifies the order of preference for using an Integrity Algorithm.
Product
MME
Privilege
Administrator
Syntax
integrity-algorithm-lte priority1 { 128-eia0 | 128-eia1 | 128-eia2 } priority2 128-eia { 0 | 1 | 2 } priority3 128-eia { 0 | 1 | 2 }
remove integrity-algorithm-lte
remove
Deletes the priorities definition from the call control profile configuration.
priority1 128-eia { 0 | 1 | 2 }
Enter 0, 1, or 2 at the end of 128-eia to define the algorithm being given first priority.
priority2 128-eia { 0 | 1 | 2 }
Enter 0, 1, or 2 at the end of 128-eia to define the algorithm being given second priority.
priority3 128-eia { 0 | 1 | 2 }
Enter 0, 1, or 2 at the end of 128-eia to define the algorithm being given third priority.
Usage
Set the order or priority in which the MME will select an integrity algorithm for use. All three priorities must be set or the definition is invalid. The command can be re-entered to change the priorities without removing the configuration.
Example
Configure 128-EIA0 as first priority integrity algorithm:
integrity-algorithm-lte priority1 128-eia 0 priority2 128-eia 2 priority3 128-eia 1
integrity-algorithm-umts
Configures the order of preference for the Integrity Algorithm used for 3G.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
integrity-algorithm-umts type then_ type
default integrity-algorithm-umts
default
Specifies the default preference based on system defaults.
type
Creates a configuration defining an order of preference. Enter one or more of the following options in the order of preference:
uia1 - uia1 Algorithm
uia2 - uia2 Algorithm
Usage
Use this command to determine which integrity algorithm is preferred 3G. This command is configured in tandem with the algorithm type for encryption-algorithm-umts command.
Example
default integrity-algorithm-umts
local-cause-code-mapping
Maps a selected cause code to the restricted zone code result.
Product
MME
Privilege
Administrator
Syntax
local-cause-code-mapping restricted-zone-code emm-cause-code { eps-service-not-allowed-in-this-plmn | no-suitable-cell-in-tracking-area | plmn-not-allowed | roaming-not-allowed-in-this-tracking-area | tracking-area-not-allowed }
remove local-cause-code-mapping restricted-zone-code
remove
Removes the configured cause code mapping.
restricted-zone-code
Specifies the event for which the cause code is returned.
emm-cause-code { eps-service-not-allowed-in-this-plmn | no-suitable-cell-in-tracking-area | plmn-not-allowed | roaming-not-allowed-in-this-tracking-area | tracking-area-not-allowed }
Specifies the EPS Mobility Management (EMM) cause code to apply when a UE requests access to a restricted zone:
eps-service-not-allowed-in-this-plmn
no-suitable-cell-in-tracking-area
plmn-not-allowed
roaming-not-allowed-in-this-tracking-area
tracking-area-not-allowed
Usage
Use this command to configure the cause code returned when a UE requests access to a restricted zone.
Example
The following command maps the “PLMN not allowed” cause code to the restricted zone code event:
local-cause-code-mapping restricted-zone-code emm-cause-code plmn-not-allowed
location-area-list
Defines the location area list to allow or restrict services in the specified location areas identified by location area code (LAC).
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
location-area-list instance instance area-code area_code [ area_code * ]
no location-area-list instance instance[ area-code area_code ]
no
If the area-code keyword is included in the command, then only the specified area code is removed from the identified list. If the area-code keyword is not included with the command, the entire list of LACs is removed from this call control profile.
instance instance
Specifies an identification for the specific location area list.
instance must be an integer between 1 and 5.
area-code area_code *
This keyword defines the location area codes (LACs) to be used by this call control profile as a determining factor in the handling of incoming calls. Multiple LACs can be defined in a single location-area-list.
area_code: Enter an integer between 1 and 65535.
* If desired, enter multiple LACs separated by a single blank space.
Usage
Use the command multiple times to configure multiple LAC lists or to modify the a list.
Example
The following command creates a location area list for a single area code:
location-area-list instance 1 area-code 514
This command creates a second location area list for with multiple area codes - all separated by a single blank space:
location-area-list instance 2 area-code 514 62552 32 1513
The next command corrects an area code mistake (327 not 32) made in the previous configuration:
location-area-list instance 1 area-code 514 62552 327 1513
lte-zone-code
Configures the enforcement of allowed or restricted zone code lists and associates an EPS Mobility Management (EMM) cause code to rejected attach attempts.
Product
MME
Privilege
Administrator
Syntax
lte-zone-code [ allow | restrict } { emm-cause-code { eps-service-not-allowed-in-this-plmn | no-suitable-cell-in-tracking-area | plmn-not-allowed | roaming-not-allowed-in-this-tracking-area | tracking-area-not-allowed ] zone-code-list zc_id +
remove lte-zone-code zone-code-list
remove
Removes the zone code list from the call control profile.
[ allow | restrict ]
Specifies whether the zone code list is allowed or restricted.
note_smallImportant: You can only create an allowed or restricted list, not both.
emm-cause-code [ eps-service-not-allowed-in-this-plmn | no-suitable-cell-in-tracking-area | plmn-not-allowed | roaming-not-allowed-in-this-tracking-area | tracking-area-not-allowed ]
Optionally, specify one of the following EMM cause codes to apply when a UE request is rejected:
eps-service-not-allowed-in-this-plmn
no-suitable-cell-in-tracking-area
plmn-not-allowed
roaming-not-allowed-in-this-tracking-area
tracking-area-not-allowed
zone-code-list zc_id +
Specifies the zone code in the allowed or restricted list of zone codes. zone_code must be an integer value from 0 to 65535.
Usage
Use this command to create zone code lists that allow or restrict access to UEs managed by this call control profile.
Example
The following command restricts access to zone codes 234 and 456 and returns an EMM cause code of “tracking area not allowed”:
lte-zone-code restrict emm-cause-code tracking-area-not-allowed zone-code-list 234 456
map
Configures the optional extensions to Mobile Application Part (MAP) messages.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
[ remove ] map message update-gprs-location [ imeisv | private-extension access-type ]
remove
IMEI-SV is not included in the GLU request -- this is the default behavior.
message update-gprs-location
Includes a GLU message. This keyword-set is required.
imeisv
Specifies the International Mobile equipment Identity-Software Version (IMEI-SV) information to include in the GPRS Location Update (GLU) request message. SGSN will include IMEI-SV in the message, if available. Default: disabled
private-extension access-type
Includes a specific access-type private extension in the message.
Usage
This command configures optional extensions to MAP messages. The HLR should ignore these extensions if not supported by the HLR.
Example
map message update-gprs-location private-extension access-type
map-service
Identifies a Mobile Application Part (MAP) service and the context which contains it and associates both with the call control profile.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
map-service context ctxt_name service map_srvc_name
no map-service context
no
Disables use of MAP service with this call control profile.
context ctxt_name
Specifies the name of the context for the MAP service as an alphanumeric string of 1 through 64 characters.
service map_srvc_name
Specifies the MAP service name as an alphanumeric string of 1 through 64 characters.
Usage
Use this command to enable or disable MAP service with this call control profile.
Example
no map-service context
max-bearers-per-subscriber
Defines the maximum number of bearers allowed per subscriber.
Product
MME
Privilege
Security Administrator, Administrator
Syntax
max-bearers-per-subscriber number
remove max-bearers-per-subscriber
remove
Deletes the definition from the call control profile.
number
Identifies the maximum number of bearers allowed per subscriber as an integer from 1 to 11.
Usage
Use this command to set the maximum number of bearers allowed per subscriber.
Example
Set the maximum to 3:
max-bearers-per-subscriber 3
max-pdns-per-subscriber
Defines the maximum number of PDNs allowed per subscriber.
Product
MME
Privilege
Security Administrator, Administrator
Syntax
max-pdns-per-subscriber number
remove max-pdns-per-subscriber
remove
Deletes the definition from the call control profile.
number
Identifies the maximum number of PDNs allowed per subscriber as an integer from 1 to 11.
Usage
Use this command to set the maximum number of PDNs allowed per subscriber.
Example
Set the maximum to 4:
max-pdns-per-subscriber 4
min-unused-auth-vectors
Configures a specific minimum number of unused vectors to be maintained by the SGSN.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
min-unused-auth-vectors min#_vectors
remove min-unused-auth-vectors
remove
Removes the definition from the configuration file and restores the default behavior, which does not use the threshold.
min#_vectors
Enables and defines a threshold for the minimum number of unused vectors that the SGSN retains to trigger the initation of a service area identity request (SAI) .
min#_vectors: Enter a digit betwen 1 and 4.
Usage
Vectors are used by the SGSN for authentication. Use this command to enable a minimum threshold for unused vector for this call control profile. When the unused vector count falls below this configured threshold, then an SAI is initiated to fill the buffer back to 5 or to the most appropriate number based on the MAP service configuration.
Example
Enter a command similar to the following to set a threshold of 3:
min-unused-auth-vectors 3
Use the following command to disable this function and restore the default behavior, which does not use a threshold to trigger an SAI:
remove min-unused-auth-vectors
network-feature-support-ie
Configures support for IMS Voice over Packet-Switched information element (IE) as part of the MME (Network) Feature Support.
Product
MME
Privilege
Administrator
Syntax
network-feature-support-ie ims-voice-over-ps
remove network-feature-support-ie
remove
Disables support for Voice over PS.
ims-voice-over-ps
Enables support for Voice over PS.
Usage
Use this command to enable Voice over PS which “switches on” an IE in a message sent by the MME indicating the features it supports.
Example
The following command enables Voice over PS on the MME:
network-feature-support-ie ims-voice-over-ps
network-initiated-pdp-activation
Configures the call control profile to perform two functions: (1) to enable or disable network-requested PDP context activation (NRPCA) for 3G attachments and (2) to define a failure cause code for inclusion in NRPCA-related reject messages.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
[ remove ] network-initiated-pdp-activation { allow primary | restrict primary } access type { gprs | umts } { all | location-area-list instance <instance> }
network-initiated-pdp-activation primary access type { gprs | umts } { all | location-area-list instance <instance> } failure-codecode
remove
Including this keyword with the command, removes all configured values for the specified configuration.
allow
Allows network-initiated PDP context activation. This keyword must be followed by other parameters to indicate the limitations for allowing the NRPCA.
Allow is the default for NRPCA.
restrict
Restricts network-initiated PDP context activation. This keyword must be followed by other command parameters to indicate the limitations for restricting the NRPCA.
primary
Specifies that only network-initiated primary PDP context activations are to be allowed.
secondary
note_smallImportant: The secondary keyword is visible and can be selected, however, secondary NRPCA functionality is in development and currently this keyword is not supported for configuration.
all
Configures the SGSN to allow or to restrict NRPCA for calls within all location areas.
location-area-list instance instance
Selects a pre-defined list of location area codes (LACs) and allows/restricts the NRPCA procedure for calls within the listed area codes.
instance: Enter a list ID; an integer between 1 and 5.
note_smallImportant: Before using this keyword, ensure that the appropriate LAC information has been defined with the location-area-list command, also in this configuration mode.
failure-codes code
Enter an integer from 192 to 226 to identify the GTPP failure cause code (from 3GPP TS29.060, list below) to be included in the reject messages when NRPCA is restricted. If a failure cause code is not defined, the default value is 200 (service not supported).
192 - Non-existent
193 - Invalid message format
194 - IMSI not known
195 - MS is GPRS Detached
196 - MS is not GPRS Responding
197 - MS Refuses
198 - Version not supported
199 - No resources available
200 - Service not supported
201 - Mandatory IE incorrect
202 - Mandatory IE missing
203 - Optional IE incorrect
204 - System failure
205 - Roaming restriction
206 - P-TMSI Signature mismatch
207 - GPRS connection suspended
208 - Authentication failure
209 - User authentication failed
210 - Context not found
211 - All dynamic PDP addresses are occupied
212 - No memory is available
213 - Relocation failure
214 - Unknown mandatory extension header
215 - Semantic error in the TFT operation
216 - Syntactic error in the TFT operation
217 - Semantic errors in packet filter(s)
218 - Syntactic errors in packet filter(s)
219 - Missing or unknown APN
220 - Unknown PDP address or PDP type
221 - PDP context without TFT already activated
222 - APN access denied – no subscription
223 - APN Restriction type incompatibility with currently active PDP Contexts
224 - MS MBMS Capabilities Insufficient
225 - Invalid Correlation-ID
226 - MBMS Bearer Context Superseded
Usage
Use this command to allow or restrict network-requested PDP context activation (NRPCA) based on access-type and location areas. NRPCA is used when there is downlink data at the GGSN for a subscriber, but there is no valid context for the already-established PDP address so the GGSN initiates an NRPCA procedure towards the SGSN.
This command can also be used to define the failure cause code that will be included in activation reject messages.
These commands can be repeated to define a unique set of NRPCA parameters for each access-type and each location area list.
The T3385-timeout and the max-actv-retransmission timers configure the retransmission timer and the number of retries for PDP context activation requests. Both of these timers are set in the SGSN service configuration mode.
The configuration for NRPCA can be viewed via the show call-control-profile full name profile_name. Statistics associated with NRPCA can be seen via the show gmm-sm statistics output and via the show sgtpc statistics verbose output.
Example
The following command changes the failure code for Reject messages from 200 (service not supported) to 205 (roaming restriction) for primary NRPCA for all GRPS access and all LACs:
network-initiated-pdp-activation primary access-type gprs all failure-code 205
The following command enables network-initiated primary PDP context activation for UMTS calls from the LACs in location-area-list 1:
network-initiated-pdp-activation allow primary access-type umts location-area-list instance 1
The following command restricts network-initiated primary PDP context activation for UMTS calls from the LACs in location-area-list 2:
network-initiated-pdp-activation restrict primary access-type umts location-area-list instance 2
override-arp-with-ggsn-arp
Enables or disables the ability of the SGSN to override an Allocation/Retention Priority (ARP) value with one received from a GGSN. If there is no authorized Evolved ARP received from the GGSN, by default the SGSN continues to use the legacy ARP included in the Quality of Service (QoS) Profile IE.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
[ remove ] override-arp-with-ggsn-arp
remove
Adding the remove keyword to the command disables the override feature.
Usage
Enabling this function on the SGSN will allow the ARP sent by the GGSN, in CPCR / UPCR / UPCQ, to be applicable as an overriding value.
Example
Use this command to configure the SGSN to negotiate the ARP to be used as an overriding value:
override-arp-with-ggsn-arp
pdp-activate access-type
Configures the PDP context activation option based the type of access technology.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
pdp-activate access-type { grps | umts } { all | location-area-list instance instance } failure-code failure_code
default pdp-activate access-type { grps | umts } { all | location-area-list instance instance } failure-code code
default
Resets the configuration to system default values for PDP context activation request.
{ grps | umts }
Specifies the access technology type for PDP context activation.
gprs: Enables access type as GPRS.
umts: Enables access type as UMTS.
all
Default: allow
Configures the system to allow the creation of all PDP context activation requests received from MS.
location-area-list instance instance
Specifies the location area instance for which to create a PDP context as an integer from 1 through 5. The value must be an already defined instance of a location area code (LAC) list created via the location-area-list command.
failure-code code
Specifies the failure code for PDP context activation as an integer from 8 through 112. Default: 8
Usage
Use this command to configure this call control profile to allow GPRS/UMTS access through PDP context activation request from MS.
Example
The following command configures the system to create the PDP context for requests from MS for GPRS access with location area list instance 2 and failure-code 5:
pdp-activate access-type gprs location-area-list 2 failure-code 5
pdp-activate allow
Configures the system to allow the PDP context activation based on the type of access technology.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
[ no ] pdp-activate allow access-type { grps | umts } location-area-list instance instance
no
Removes the configured permission to create PDP context on request of PDP context activation from MS for an access type.
access-type { grps | umts }
Specifies the access technology type for PDP context activation.
gprs: Enables access type as GPRS.
umts: Enables access type as UMTS.
location-area-list instance instance
Specifies the location area instance to create PDP context.
instance must be an integer from 1 through 5. The value must be an already defined instance of a location area code (LAC) list created via the location-area-list command.
Usage
Use this command to configure this call control profile to allow GPRS/UMTS access through PDP context activation request from MS.
Example
The following command configures the system to allow the PDP context activation for GPRS access type with location area list instance 2:
pdp-activate allow access-type gprs location-area-list instance 2
pdp-activate restrict
Configures the system to restrict the PDP context activation based on the type of access technology.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
[ no ] pdp-activate restrict { { access-type { grps | umts } { all | location-area-list instance instance } | secondary-activation { access-type { grps | umts } { all | location-area-list instance instance } } }
no
Removes the configured restriction on PDP context activation through this command.
access-type { grps | umts }
Specifies the access technology type for which to restrict PDP context activation.
gprs: Enables access type as GPRS.
umts: Enables access type as UMTS.
all
Default: allow
Configures the system to restrict all PDP context activation requests from the MS.
location-area-list instance instance
Specifies the location area instance to restrict PDP context activation.
list_id must be an integer from 1 through 5. The value must be an already defined instance of a location area code (LAC) list created with the location-area-list command.
secondary-activation
Specifies the type of PDP context to restrict for secondary activation. This keyword restricts the system to create the secondary PDP context on receiving the PDP Context Activation Request from the MS.
Usage
Use this command to configure this call control profile to restrict GPRS/UMTS access through PDP context activation request from MS.
Example
The following command configures the system to restrict the PDP context activation for request from MS to access GPRS service with location area list instance 2:
pdp-activate restrict access-type gprs location-area-list instance 2
plmn-protocol
Configures the protocol supported by the PLMN (Public Land Mobile Network).
Product
MME
Privilege
Security Administrator, Administrator
Syntax
plmn-protocol plmnid mcc mcc_num mnc mnc_num { s5-protocol | s8-protocol } { gtp | pmip }
remove plmn-protocol plmnid mcc mcc_num mnc mnc_num
remove
Deletes the definition from the call control profile configuration.
plmn-id mcc mcc_num mnc mnc_num
Identifies the PLMN by MCC (mobile country code) and MNC (mobile network code).
mcc_num: Enter a 3-digit integer from 100-999.
mnc_num: Enter a 2- or 3-digit integer from 00 to 999.
s5-protocol | s8-protocol
Select which protocol – S5 or S8 – that controls the identified PLMN.
gtp | pmip
Select the protocol variant - GTP or PMIP - that controls functionality for the identified PLMN.
Usage
Use this command to identify a particular PLMN and, at a higher level, its operational characteristics.
Example
The following command instructs the MME to use PLMN MCC423.MNC40.GPRS with PMIP under S8 Protocol:
plmn-protocol plmnid mcc 423 mnc 40 s8-protocol pmip
ptmsi-reallocate
Defines P-TMSI reallocation for Attach Requests, RAU Request, and Service Requests.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
ptmsi-reallocate { attach | frequency frequency | interval interval | routing-area-update [ update-type ] | service-request [ service-type ] } [ access-type { gprs | umts } ]
ptmsi-reallocate routing-area-update [ access-type { gprs | umts } | frequency frequency | update-type { combined-update | imsi-combined-update | periodic | ra-update } [ access-type { gprs | umts } | frequency frequency ] ]
ptmsi-reallocate service-request [ frequency frequency | service-type { data | page-response | signaling } [ frequency frequency ] ]
[ no | remove ] ptmsi-reallocate { attach | frequency | interval | routing-area-update [ update-type { combined-update | imsi-combined-update | periodic | ra-update } [ access-type { gprs | umts } ] ] | service-request [ service-type { data | page-response | signaling } ] } [ access-type { gprs | umts } ]
no
Disables the authentication procedures configured for the specified P-TMSI reallocation configuration in the call control profile.
remove
Deletes the defined authentication procedures for the specified P-TMSI reallocation configuration from the call control profile configuration file.
attach
Enables/disables P-TMSI reallocation for Attach with local P-TMSI.
note_smallImportant: IMSI or inter-SGSN Attach is not configurable and will always be reallocated.
access-type type
One of the following must be selected to reallocate on the basis of the type of network access:
gprs
umts
This keyword can be used in combination with other keywords to refine the reallocation configuration.
frequency frequency
Defines 1-in-N selective reallocation. If the frequency is set for 12, then the SGSN skips reallocation for the first 11 messages and reallocates on receipt of the 12th request message.
frequency must be an integer from 1 to 50.
This keyword can be used in combination with other keywords to refine the reallocation configuration.
interval minutes
Enter an integer between 1 and 1440 to define the time interval (in minutes) for skipping the service/RAU/attach request message procedure.
routing-area-update [ update-type ]
Enables/disables P-TMSI reallocation for RAU (routing area update) with local P-TMSI. To refine the reallocation configuration, include one of the optional types of updates to limit reallocation:
combined-update
imsi-combined-update
periodic
ra-update
note_smallImportant: Inter-SGSN RAU will always be reallocated.
service-request [ service-type ]
Enables/disables P-TMSI reallocation for Service Requests. To refine the Service-Request reallocation configuration, include on of the optional service-types to limit the reallocation:
data
page-response
signaling
Usage
By default, reallocation is not enabled. Use this command to enable P-TMSI reallocation for Attach Requests, RAU Request, and Service Requests. Fine-tune the reallocation configuration according to frequency, interval, or access-type.
Example
The following command configures the SGSN to perform P-TMSI reallocation upon receiving 2G Attach Requests
ptmsi-reallocate attach access-type gprs
The following command configures the SGSN to disable all previously defined P-TMSI reallocations based on the combined criteria of interval and 3G requests:
no ptmsi-reallocate interval access-type umts
ptmsi-signature-reallocate
Enables P-TMSI signature reallocation during Attach/RAU procedures.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
ptmsi-signature-reallocate { attach | frequency frequency | interval interval | ptmsi-reallocation-command | routing-area-update [ update-type ] } [ access-type { gprs | umts } | frequency frequency ]
ptmsi-signature-reallocate routing-area-update [ access-type { gprs | umts } | frequency frequency | update-type { combined-update | imsi-combined-update | periodic | ra-update } ] [ access-type { gprs | umts } | frequency frequency ]
[ no | remove ] ptmsi-signature-reallocate { attach | frequency | interval | routing-area-update [ update-type { combined-update | imsi-combined-update | periodic | ra-update } ] } [ access-type { gprs | umts } ]
no
Disables the authentication procedures configured for the specified P-TMSI signature reallocation configuration in the call control profile.
remove
Deletes the defined authentication procedures for the specified P-TMSI signature reallocation configuration from the call control profile configuration file.
attach
Enables/disables P-TMSI signature reallocation for Attach with local P-TMSI.
access-type type
One of the following must be selected to reallocate on the basis of the type of network access:
gprs
umts
This keyword can be used in combination with other keywords to refine the reallocation configuration.
frequency frequency
Defines 1-in-N selective reallocation. If the frequency is set for 12, then the SGSN skips reallocation for the first 11 messages and reallocates on receipt of the twelfth request message.
frequency must be an integer from 1 to 50.
This keyword can be used in combination with other keywords to refine the reallocation configuration.
interval minutes
Enter an integer between 1 and 1440 to define the time interval (in minutes) for skipping the service/RAU/attach request message procedure before performing a P-TMSI signature reallocation.
ptmsi-reallocation-command
Includes P-TMSI signature reallocation as a part of the P-TMSI reallocation configuration.
routing-area-update [ update-type ]
Enables/disables P-TMSI signature reallocation for RAU (routing area update) with local P-TMSI. To refine the reallocation configuration, include one of the optional types of updates to limit reallocation:
combined-update
imsi-combined-update
periodic
ra-update
Usage
By default, P-TMSI signature reallocation is disabled. This command allows the operator to configure when the P-TMSI signature is reallocated.
Example
The following command configures the SGSN to reallocate the P-TMSI signature for every third UMTS attach procedure:
ptmsi-signature-reallocate attach frequency 3 access-type umts
The following command configures the SGSN to reallocate the P-TMSI signature for every seventh GPRS periodic RAU procedure:
ptmsi-signature-reallocate routing-area-update uupdate-type periodic frequency 7 access-type gprs
The following command removes all configuration instances for reallocating the P-TMSI signature based on intervals and UMTS access:
remove ptmsi-signature-reallocate interval access-type umts
qos
Configures the quality of service (QoS) parameters to be applied.
Product
MME
Privilege
Security Administrator, Administrator
Syntax
[ remove ] qos { gn-gp | ue-ambr }
qos gn-gp { arp high-priority priority medium-priority priority | pre-emption { capability { may-trigger-pre-emption | shall-not-trigger-pre-emption } | vulnerability { not-pre-emptable | pre-emptable }
qos ue-ambr max-ul mbr_up max-dl mbr_dl
remove
Deletes the configuration from the call control profile.
gn-gp
Configures Gn-Gp pre-release 8 ARP and pre-emption parameters.
arp
Maps usage of ARP (address retention protocol) high-priority (H) and medium-priority (M):
high-priority priority: Enter an integer from 1 to 13.
medium-priority priority: Enter an integer from 2 to 14.
pre-emption
Defines the pre-emption/vulnerability criteria for PDP Contexts imported from SGSN on Gn/Gp:
capability
may-trigger-pre-emption: PDP Contexts imported from Gn/Gp SGSN may preempt existing bearers.
shall-not-trigger-pre-emption: PDP Contexts imported from Gn/Gp SGSN shall not preempt existing bearers.
vulnerability
not-pre-emptable: PDP Contexts imported from Gn/Gp SGSN are not vulnerable to pre-emption.
pre-emptable: PDP Contexts imported from Gn/Gp SGSN are vulnerable to pre-emption.
ue-ambr
Configures the aggregate maximum bit rate that will be stored on the UE (user equipment).
max-ul mbr-up: Defines the maximum bit rate for uplink traffic.
mbr-up: Enter a value from 0 to 1410065408.
max-dl mbr-up: Defines the maximum bit rate for downlink traffic.
mbr-up: Enter a value from 0 to 1410065408.
Usage
Use this command to configure the MME QoS parameters for the call control profile.
Example
qos gn-gp arp high-priority 2 medium-priority 3
rau-inter
Defines an acceptable procedure for inter-SGSN routing area updates.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
rau-inter access-type { all | location-area-list instance instance } { failure-code fail_code | user-device-release { before-r99 } { failure-code fail_code | r99-or-later } { failure-code fail_code } }
default rau-inter access-type { all | location-area-list instance instance} user-device-release { before-r99 failure-code | r99-or-later failure-code }
no rau-inter { allow access-type | restrict access-type } { [ all ] failure-code fail_code | location-area-list instance instance }
default rau-inter { allow access-type | restrict access-type } { [ all ] failure-code fail_code | location-area-list instance instance } }
no
Including “no” as part of the command structure disables the values already configured for parameters specified in the command.
default
Resets the configuration of specified parameters to system default values.
allow access-type
Including this keyword-set with one of the following options, configures the SGSN to allow MS/UE with the identified access-type extension to be part of the intra-RAU procedure.
gprs - General Packet Radio Service
umts - Universal Mobile Telecommunications System
restrict access-type
Including this keyword-set with one of the following options, configures the SGSN to restrict MS/UE with the identified access-type extension from the inter-RAU procedure.
gprs - General Packet Radio Service
umts - Universal Mobile Telecommunications System
all
all - adding this option to the keyword determines that the failure cause code will be applicable to all location areas.
location-area-list instance instance
list_id must be an integer between 1 and 5. The value must be an already defined instance of a location area code (LAC) list created with the location-area-list command.
failure-code fail-code
Specify a GSM Mobility Management (GMM) failure cause code to identify the reason an inter SGSN RAU does not occur. This GMM cause code will be sent in the reject message to the MS.
fail-code must be an integer from 2 to 111. Refer to the GMM failure cause codes listed below (from section 10.5.5.14 of the 3GPP TS 124.008 v7.2.0 R7):
2 - IMSI unknown in HLR
3 - Illegal MS
6 - Illegal ME
7 - GPRS services not allowed
8 - GPRS services and non-GPRS services not allowed
9 - MSID cannot be derived by the network
10 - Implicitly detached
11 - PLMN not allowed
12 - Location Area not allowed
13 - Roaming not allowed in this location area
14 - GPRS services not allowed in this PLMN
15 - No Suitable Cells In Location Area
16 -MSC temporarily not reachable
17 - Network failure
20 - MAC failure
21 - Synch failure
22 - Congestion
23 - GSM authentication unacceptable
40 - No PDP context activated
48 to 63 - retry upon entry into a new cell
95 - Semantically incorrect message
96 - Invalid mandatory information
97 - Message type non-existent or not implemented
98 - Message type not compatible with state
99 - Information element non-existent or not implemented
100 - Conditional IE error
101 - Message not compatible with the protocol state
111 - Protocol error, unspecified
user-device-release { before-r99 | r99-or-later } failure-code code
Default: Disabled
Enables the SGSN to reject an Inter-RAU procedure based on the detected 3GPP release version of the MS equipment and selectively send a failure cause code in the reject message. The SGSN uses the following procedure to implement this configuration:
1.
When Attach Request is received, the SGSN checks the subscriber’s IMSI and current location information.
2.
Based on the IMSI, an operator policy and call control profile is found that relates to this Attach Request.
3.
call control profile is checked for access limitations.
4.
Attach Request is checked to see if the revision indicator bit is set
if not, then the configured common failure code for reject is sent;
if set, then the 3GPP release level is verified and action is taken based on the configuration of this parameter
One of the following options must be selected and completed:
before-r99: Indicates the MS would be a 3GPP release prior to R99 and an appropriate failure code should be defined.
failure-code code: Enter an integer from 2 to 111.
r99-or-later: Indicates the MS would be a 3GPP Release 99 or later and an appropriate failure code should be defined.
failure-code code: Enter an integer from 2 to 111.
Usage
Use this command to configure the restrictions and function of the inter-RAU procedure.
Example
default rau-inter allow access-type gprs location-area-list instance 1
rau-inter-plmn
Enables or disables restriction of all Routing Area Updates (RAUs) occurring between different PLMNs.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
rau-inter-plmn access-type { all | location-area-list instance instance } { failure-code fail_code | user-device-release { before-r99 } failure-code fail_code | r99-or-later } { failure-code fail_code } }
default rau-inter-plmn access-type { all | location-area-list instance instance} user-device-release { before-r99 failure-code | r99-or-later failure-code }
[ no ] rau-inter-plmn { restrict | allow } access-type { gprs | umts } { all | location-area-list instance instance }
[ no ] rau-inter-plmn { allow access-type | restrict access-type } { [ all ] failure-code fail_code | location-area-list instance instance }
default rau-inter { allow access-type | restrict access-type } { [ all ] failure-code fail_code | location-area-list instance instance } }
no
Including “no” as part of the command structure disables the values already configured for parameters specified in the command.
default
Resets the configuration of specified parameters to system default values.
allow access-type
Including this keyword-set with one of the following options, configures the SGSN to allow MS/UE with the identified access-type extension to be part of the intra-RAU procedure.
gprs - General Packet Radio Service
umts - Universal Mobile Telecommunications System
restrict access-type
Including this keyword-set with one of the following options, configures the SGSN to restrict MS/UE with the identified access-type extension from the inter-RAU procedure.
gprs - General Packet Radio Service
umts - Universal Mobile Telecommunications System
all
all - adding this option to the keyword determines that the failure cause code will be applicable to all location areas.
location-area-list instance instance
list_id must be an integer between 1 and 5. The value must be an already defined instance of a LAC list created with the location-area-list command.
failure-code fail-code
Specify a GSM Mobility Management (GMM) failure cause code to identify the reason an inter SGSN RAU does not occur. This GMM cause code will be sent in the reject message to the MS.
fail-code must be an integer from 2 to 111. Refer to the GMM failure cause codes listed below (from section 10.5.5.14 of the 3GPP TS 124.008 v7.2.0 R7):
2 - IMSI unknown in HLR
3 - Illegal MS
6 - Illegal ME
7 - GPRS services not allowed
8 - GPRS services and non-GPRS services not allowed
9 - MSID cannot be derived by the network
10 - Implicitly detached
11 - PLMN not allowed
12 - Location Area not allowed
13 - Roaming not allowed in this location area
14 - GPRS services not allowed in this PLMN
15 - No Suitable Cells In Location Area
16 -MSC temporarily not reachable
17 - Network failure
20 - MAC failure
21 - Synch failure
22 - Congestion
23 - GSM authentication unacceptable
40 - No PDP context activated
48 to 63 - retry upon entry into a new cell
95 - Semantically incorrect message
96 - Invalid mandatory information
97 - Message type non-existent or not implemented
98 - Message type not compatible with state
99 - Information element non-existent or not implemented
100 - Conditional IE error
101 - Message not compatible with the protocol state
111 - Protocol error, unspecified
user-device-release { before-r99 | r99-or-later } failure-code code
Default: Disabled
Enables the SGSN to reject an Inter-RAU procedure based on the detected 3GPP release version of the MS equipment and selectively send a failure cause code in the reject message. The SGSN uses the following procedure to implement this configuration:
1.
When Attach Request is received, the SGSN checks the subscriber’s IMSI and current location information.
2.
Based on the IMSI, an operator policy and call control profile are found that relate to this Attach Request.
3.
The call control profile is checked for access limitations.
4.
Attach Request is checked to see if the revision indicator bit is set
if not, then the configured common failure code for reject is sent;
if set, then the 3GPP release level is verified and action is taken based on the configuration of this parameter
One of the following options must be selected and completed:
before-r99: Indicates the MS would be a 3GPP release prior to R99 and an appropriate failure code should be defined.
failure-code code: Enter an integer from 2 to 111.
r99-or-later: Indicates the MS would be a 3GPP Release 99 or later and an appropriate failure code should be defined.
failure-code code: Enter an integer from 2 to 111.
Usage
Use this command to configure the restrictions and function of the inter-RAU procedure occurring across RNCs or BSSs where the PLMN changes. For example:
inter-IuPS RAU, where the two IuPSs have different PLMNs
inter-GPRS RAU, where the two GPRSs have different PLMNs
inter-RAT RAU (2G > 3G), where the IuPS/GPRS services have different PLMNs
inter-RAT-RAU (3G > 2G), where the IuPS/GPRS services have different PLMNs
Example
default rau-inter allow access-type gprs location-area-list instance 1
rau-intra
Defines an acceptable procedure for intra-SGSN Routing Area Updates (RAUs).
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
rau-intra access-type { all | location-area-list instance instance } { failure-code fail_code | user-device-release { before-r99 } { failure-code fail_code | r99-or-later } { failure-code fail_code } }
default rau-intra access-type { all | location-area-list instance instance} user-device-release { before-r99 failure-code | r99-or-later failure-code }
rau-intra { allow access-type | restrict access-type } { [ all ] failure-code fail_code | location-area-list instance instance } }
no rau-intra { allow access-type | restrict access-type } { [ all ] failure-code fail_code | location-area-list instance instance }
default rau-intra { allow access-type | restrict access-type } { [ all ] failure-code fail_code | location-area-list instance instance } }
no
Including “no” as part of the command structure disables the values already configured for parameters specified in the command.
default
Resets the configuration of specified parameters to system default values.
allow access-type
Including this keyword-set with one of the following options, configures the SGSN to allow an MS/UE with the identified access-type extension to be part of the intra-RAU procedure.
gprs - General Packet Radio Service
umts - Universal Mobile Telecommunications System
restrict access-type
Including this keyword-set with one of the following options, configures the SGSN to restrict an MS/UE with the identified access-type extension from the intra-RAU procedure.
gprs - General Packet Radio Service
umts - Universal Mobile Telecommunications System
all
all - adding this option to the keyword determines that the failure cause code will be applicable to all location areas.
location-area-list instance instance
list_id must be an integer between 1 and 5. The value must be an already defined instance of a location area code (LAC) list created via the location-area-list command.
failure-code fail-code
Specify a GSM Mobility Management (GMM) failure cause code to identify the reason an inter SGSN RAU does not occur. This GMM cause code will be sent in the reject message to the MS.
fail-code must be an integer from 2 to 111. Refer to the GMM failure cause codes listed below (from section 10.5.5.14 of the 3GPP TS 124.008 v7.2.0 R7):
2 - IMSI unknown in HLR
3 - Illegal MS
6 - Illegal ME
7 - GPRS services not allowed
8 - GPRS services and non-GPRS services not allowed
9 - MSID cannot be derived by the network
10 - Implicitly detached
11 - PLMN not allowed
12 - Location Area not allowed
13 - Roaming not allowed in this location area
14 - GPRS services not allowed in this PLMN
15 - No Suitable Cells In Location Area
16 -MSC temporarily not reachable
17 - Network failure
20 - MAC failure
21 - Synch failure
22 - Congestion
23 - GSM authentication unacceptable
40 - No PDP context activated
48 to 63 - retry upon entry into a new cell
95 - Semantically incorrect message
96 - Invalid mandatory information
97 - Message type non-existent or not implemented
98 - Message type not compatible with state
99 - Information element non-existent or not implemented
100 - Conditional IE error
101 - Message not compatible with the protocol state
111 - Protocol error, unspecified
user-device-release { before-r99 | r99-or-later } failure-code code
Default: Disabled
Enables the SGSN to reject an Intra-RAU procedure based on the detected 3GPP release version of the MS equipment and selectively send a failure cause code in the reject message. The SGSN uses the following procedure to implement this configuration:
1.
When Attach Request is received, the SGSN checks the subscriber’s IMSI and current location information.
2.
Based on the IMSI, an operator policy and call control profile are found that relate to this Attach Request.
3.
Call control profile is checked for access limitations.
4.
Attach Request is checked to see if the revision indicator bit is set
if not, then the configured common failure code for reject is sent;
if set, then the 3GPP release level is verified and action is taken based on the configuration of this parameter
One of the following options must be selected and completed:
before-r99: Indicates the MS would be a 3GPP release prior to R99 and an appropriate failure code should be defined.
failure-code code: Enter an integer from 2 to 111.
r99-or-later: Indicates the MS would be a 3GPP Release 99 or later and an appropriate failure code should be defined.
failure-code code: Enter an integer from 2 to 111.
Usage
Use this command to configure the restrictions and function of the intra-RAU procedure.
Example
default rau-intra allow access-type gprs location-area-list instance 1
re-authenticate
Enables or disables the re-authentication feature. This command is available in releases 8.1 and higher.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
re-authenticate [ access-type { gprs | umts } ]
remove re-authenticate
remove
Including this keyword with the command disables the feature. The feature is disabled by default.
access-type
Defines the type of access to be allowed or restricted.
gprs
umts
If this keyword is not included, then both access types are allowed by default.
Usage
Use this command to enable or disable the re-authentication feature, which instructs the SGSN to retry authentication with another RAND in situations where failure of the first authentication has occurred. To address the introduction of new SIM cards, for security reasons a systematic "last chance" authentication retry with a fresh Authentication Vector is needed, particularly in cases where there is an SRES mismatch at authentication.
Example
re-authenticate
regional-subscription-restriction
Allows the operator to define the cause code for subscriber rejection when it is due to regional subscription information failure.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
[ remove ] regional-subscription-restriction [ failure-code code | user-device-release { before-r99 failure-code code | r99-or-later failure-code code } ]
remove
This keyword causes the configuration to be deleted from the call control profile configuration.
failure-code cause_code
cause_code: Enter an integer from 2 to 111; default code is 13 (roaming not allowed in this location area [LA]).
Refer to the GMM failure cause codes listed below (from section 10.5.5.14 of the 3GPP TS 124.008 v7.2.0 R7):
2 - IMSI unknown in HLR
3 - Illegal MS
6 - Illegal ME
7 - GPRS services not allowed
8 - GPRS services and non-GPRS services not allowed
9 - MSID cannot be derived by the network
10 - Implicitly detached
11 - PLMN not allowed
12 - Location Area not allowed
13 - Roaming not allowed in this location area
14 - GPRS services not allowed in this PLMN
15 - No Suitable Cells In Location Area
16 - MSC temporarily not reachable
17 - Network failure
20 - MAC failure
21 - Synch failure
22 - Congestion
23 - GSM authentication unacceptable
40 - No PDP context activated
48 to 63 - retry upon entry into a new cell
95 - Semantically incorrect message
96 - Invalid mandatory information
97 - Message type non-existent or not implemented
98 - Message type not compatible with state
99 - Information element non-existent or not implemented
100 - Conditional IE error
101 - Message not compatible with the protocol state
111 - Protocol error, unspecified
user-device-release { before-r99 | r99-or-later } failure-code code
Enables the SGSN to assign a reject cause code based on the detected 3GPP release version of the MS equipment.
One of the following options must be selected and completed:
before-r99: Indicates the MS would be a 3GPP release prior to R99 and an appropriate failure code should be defined.
failure-code code: Enter an integer from 2 to 111. Refer to the list above.
r99-or-later: Indicates the MS would be a 3GPP Release 99 or later and an appropriate failure code should be defined.
failure-code code: Enter an integer from 2 to 111. Refer to the list above.
Usage
Use this command to define GMM reject cause codes when rejection is due to regional subscription information failure.
Example
The following command sets a location area rejection message, code 12 for regional restriction rejections:
regional-subscription-restriction failure-code 12
reuse-authentication-triplets
Creates a configuration entry to enable or disable the reuse of authentication triplets in the event of a failure.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
[ no | remove } reuse-authentication-triplets no-limit
no
Disables this configuration entry and disables reuse of authentication triplets.
remove
This keyword causes the reuse configuration to be deleted from the call control profile configuration.
This is the default behavior. Triplets are reused.
no-limit
This keyword enables reuse triplets as needed.
Usage
Use this command to enable reuse of authentication triplets.
Example
reuse-authentication-triplets no limit
rfsp-override
Configures RAT frequency selection priority override parameters for this call control profile.
Product
MME
Privilege
Security Administrator, Administrator
Syntax
rfsp-override { default | ue-val value new-val value + }
remove rfsp-override { default | ue-val value
remove
Deletes the rfsp-override configuration from the call control profile.
default
Restores the default value assigned.
ue-val value
Assign the UE value for the RAT frequency selection priority.
value: Enter an integer from 1 to 256.
new-val value
Assign a new value for the RAT frequency selection priority as an integer from 1 to 256.
Usage
Use this command to configure the RAT frequency selection priority override parameter.
Multiple UE value/new value combinations can be configured.
Example
Reset the default value for the RAT frequency selection priority override function:
rfsp-override default
s1-reset
Configures the behavior of user equipment (UE) on S1-reset.
Product
MME
Privilege
Security Administrator, Administrator
Syntax
s1-reset { detach-ue | idle-mode-entry }
default s1-reset
default
Reset the profile configuration to the system default of idle-mode-entry.
detach-ue
Upon S1-reset the MME will detach the UE.
idle-mode-entry
Upon S1-reset the MME will move the UE to idle-mode. This is the default setting for this command.
Usage
Use this command to set the MME’s reactions to an S1-reset.
Example
Configure the MME to put the UE into idle-mode upon receipt of S1-reset:
s1-reset idle-mode-entry
sctp-down
Configures the behavior towards UE (user equipment) when Stream Control Transmission Protocol (SCTP) goes down.
Product
MME
Privilege
Security Administrator, Administrator
Syntax
sctp-down { detach-ue | idle-mode-entry }
default sctp-down
default
Reset the profile configuration to the system default when SCTP layer goes down. The default for this command is idle-mode-entry.
detach-ue
When SCTP goes down, the MME will detach the UE.
idle-mode-entry
When the SCTP goes down, the MME will move the UE to idle-mode. This is the default for this command.
Usage
Use this command to set the MME’s reactions when the SCTP goes down.
Example
Configure the MME to put the UE into idle-mode when the SCTP layer goes down:
sctp-down idle-mode-entry
sgsn-address
Defines the IP addresses for peer SGSNs in a static SGSN address table. These configured addresses can be used rather than using DNS.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
sgsn-address rac rac-id lac lac_id [ nri nri ] prefer { fallback-for-dns | local } address { ipv4 ip_address | ipv6 ip_addess }
no sgsn-address { ipv4 ip_address | ipv6 ip_addess } rac rac_id lac lac_id [ nri nri
no
Disables the peer-SGSN address configuration for the designated IP address.
rac rac_id
Identifies the foreign routing area code (RAC) of the peer-SGSN address to be configured in the static peer-SGSN address table. rac_id must be an integer from 1 to 255.
lac lac_id
Identifies the foreign location area code (LAC) ID of the peer-SGSN address to be configured in the static peer-SGSN address table. lac_id must be an integer from 1 to 65535.
nri nri
Identifies the network resource identifier stored in the P-TMSI (bit 17 to bit 23). nri must be an integer from 0 to 63.
note_smallImportant: Typically, use of this keyword is optional. However, it must be included in the command when Flex (SGSN-Pooling) is implemented.
prefer
Indicates the preferred source of the address to be used.
fallback-for-dns -
note_smallImportant: The fallback-for-dns option is under development for future use and is not supported in this release.
local - instructs the system to use the local IP address configured with this command.
address ip_address
ipv4 - specifies a valid address in IPv4 dotted-decimal notation.
ipv6 -
note_smallImportant: The ipv6 option is under development for future use and is not supported in this release.
Usage
Use this command to save time by avoiding DNS. This command enables a local mapping by setting the peer-SGSN IP address to be used for inter-SGSN Attach and inter-SGSN-RAU. When configured, if the SGSN receives a RAU or an Attach Request with a P-TMSI and an old-RAI that is not local, the SGSN consults this table and uses the configured IP address instead of resolving via DNS. If this table is not configured, then IP address resolution is done using DNS.
The MCC and MNC of the RAI are taken from the IMSI range configured in the operator policy and the LAC and RAC are configured here in the call control profile configuration mode.
The sgsn-address command differs from other Call Control Profile configuration mode commands in the following ways:
Within the SGSN’s call logic, all other configuration elements defined with the other commands in this mode are used after the IMSI is learnt. The configuration defined with this command is part of the decision logic prior to the IMSI being known.
With the peer-SGSN address configured using this sgsn-address command, the peer-SGSN-RAI’s MCC/MNC is used as a 5 or 6-digit IMSI and the operator policy and call control profile selection are completed.
note_smallImportant: Typically, use of this command is optional. However, it must be included in the configuration when Flex (SGSN-Pooling) is implemented if (1) the SGSN functions as a default SGSN, then configure the local-NRI of other SGSN with this command; or if (2) another SGSN is offloading, then configure the NB-RAI/null-NRI of the peer-SGSN with this command.
Example
Create a local peer-SGSN address mapping of an RAI with RAC of 123 and LAC of 4444 and an IPv4 address of 123.11.313.11 for the peer-SGSN:
sgsn-address rac 123 lac 4444 local address ipv4 123.11.313.11
sgsn-core-nw-interface
This command is under development and not yet supported for configuration.
Product
SGSN
Privilege
Security Administrator, Administrator
sgsn-number
Defines the SGSN’s E.164 number to be used for interactions via the Mobile Application Part (MAP) protocol. E.164 is an ITU-T recommendation that defines the international public telecommunication numbering plan used in public switched telephone networks (PSTN) and some other data networks.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
sgsn-number E164_number
no sgsn-number
no
Disables the use of this configuration definition.
E164_number
Specifies a string of 1 to 16 digits that serve as the SGSN’s E.164 identification.
Usage
This command configures the current SGSN E164 contact number.
The SGSN number configured for a call control profile is related to the SGSN number configured in the SGSN service configuration and/or in the GPRS service configuration. If the SGSN number is not configured as part of the call control profile configuration, then the SGSN number defined as part of the SGSN service or GPRS service configuration is used.
When the 3G SGSN supports multiple PLMNs configured through different IuPS services or when network sharing is implemented, then it may be required to use different SGSN numbers for each PLMN. In such cases, configure the per-PLMN SGSN number in a call control profile. SGSN number definition for a call control profile allows emulation of a different SGSN to each HLR per PLMN. SGSN number definitions in the call control profile also enable the SGSN to use a different SGSN number per operator when network sharing is implemented.
Example
Map the E.164 number 198765432123456 for the SGSN to this call control profile configuration:
sgsn-number 198765432123456
sgtp-service
Identifies the SGTP service configuration to be used according to this call control profile.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
sgtp-service context ctxt_name service sgtp_service_name
no sgtp-service context
context ctxt_name
Specifies the SGTP context as an alphanumeric string of 1 through 64 characters.
service sgtp_service_name
Specifies the SGTP service name as an alphanumeric string of 1 through 64 characters.
no
Disables use of SGTP service.
Usage
Use this command to configure enabling or disabling of SGTP service for this call control profile.
Example
sgtp-service context sgtp1 service sgtp-srvc1
sms-mo
Configures how mobile-originated (MO) short message service (SMS) messages are handled.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
[ remove ] sms-mo { { access-type { gprs | umts } { all-location-areas | location-area-list } | allow access-type { gprs | umts } | restrict access-type { gprs | umts } }
remove
Deletes the specified configuration.
access-type type
Access by SMS will be limited to SMS coming from this network type:
gprs
umts
allow
Allow either GPRS or UMTS type access for SMS.
restrict
Restrict either GPRS or UMTS type access for SMS.
location-area-list instance instance
instance must be an integer between 1 and 5. The value must identify an already defined location area code (LAC) list created with the location-area-list command.
failure-code code
code: Must be an integer from 2 to 111.
Usage
Configure filtering for SMS-MO messaging.
Example
sms-mo access-type gprs all-location-areas failure-code 100
sms-mt
This command configures how mobile-terminated (MT) short message service (SMS) messages are handled.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
[ remove ] sms-mt { { access-type { gprs | umts } { all-location-areas | location-area-list } | allow access-type { gprs | umts } | restrict access-type { gprs | umts } }
remove
Deletes the specified configuration.
access-type type
Access by SMS will be limited to SMS coming from this network type:
gprs
umts
allow
Allow either GPRS or UMTS type access for SMS.
restrict
Restrict either GPRS or UMTS type access for SMS.
location-area-list instance instance
instance must be an integer between 1 and 5. The value must identify an already defined LAC list created with the location-area-list command.
failure-code code
code: Must be an integer from 2 to 111.
Usage
Configure filtering for SMS-MT messaging.
Example
sms-mt access-type gprs all-location-areas failure-code 100
srns-inter
Defines handling parameters for Inter-SRNS (Serving Radio Network Subsystem) relocation.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
srns-inter ( all failure-code | allow location-area-list instance instance | location-area-list instance instance failure-code code | restrict location-area-list instance instance }
no srns-inter { allowlocation-area-list instance instance | restrictlocation-area-list instance instance }
default srns-inter { all | location-area-list-instance instance }
no
Deletes the inter-SRNS relocation configuration.
default
Resets the configuration to default values.
all failure-code code
Define the failure code that will apply to all inter-SRNS relocations.
code: Must be an integer from 2 to 111.
allow location-area-list instance instance
Identify the location area list Id (LAC Id) that will allow services in the defined location area.
location-area-list instance instance
instance: Must be an integer between 1 and 5 that identifies the previously defined location area list created with the location-area-list command.
restrict location-area-list instance instance
Identify the location area list Id (LAC Id) that indicates the location areas where services will be restricted.
Usage
This command defines the operational parameters for inter-SRNS relocation.
Example
The following command allows services in areas listed in LAC list #3:
srns-inter allow location-area-list instance 3
srns-intra
Defines handling parameters for intra-SRNS (Serving Radio Network Subsystem) relocation.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
srns-intra ( all failure-code | allow location-area-list instance instance | location-area-list instance instance failure-code code | restrict location-area-list instance instance }
no srns-intra { allow location-area-list instance instance | restrictlocation-area-list instance instance }
default srns-intra { all | location-area-list-instance instance }
no
Deletes the intra-SRNS relocation configuration.
default
Resets the configuration to default values.
all failure-code code
Define the failure code that will apply to all intra-SRNS relocations.
code: Must be an integer from 2 to 111.
allow location-area-list instance instance
Identify the location area list Id (LAC Id) that will allow services in the defined location area.
location-area-list instance instance
instance: Must be an integer between 1 and 5 that identifies the previously defined location area list created with the location-area-list command.
restrict location-area-list instance instance
Identify the location area list Id (LAC Id) of the target RNC to determine the location areas where services will be restricted.
Usage
This command defines the operational parameters for intra-SRNS relocation.
Example
The following command restricts service in areas listed in the LAC list 1:
srns-intra restrict location-area-list instance 1
subscriber-control-inactivity
Configures \the subscriber-control inactivity timer. The system detects inactivity when no PDP context is activated and starts the timer.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
subscriber-control-inactivity timeout minutes time detach { immediate | next-connection | reattach-time-period }
{ no | default } subscriber-control-inactivity
no
Deletes the timer configuration.
default
Resets the timer configuration to the default value of 7 days (10080 minutes).
timeout minutes time[ detach ]
Sets the number of minutes the SGSN monitors the connection after inactivity has been detected. When the timer expires, the subscribe will be detached.
time: Enter an integer from 1 to 20160 (two weeks).
detach [ immediate | next-connection | reattach-time-period ]
Instructs the SGSN to detach and can be configured to specify when the detach will occur after inactivity is detected. To fine-tune the detach instruction, include one of the following with the command:
immediate - Instructs the SGSN to detach immediately after inactivity is detected. May combine with reattach-time-period.
next-connection - instructs the SGSN to detach after the next Iu connection after inactivity is detected.
note_smallImportant: Supported for 3G SGSNs only.
reattach-time-period period[ action ] - Specify the number of seconds the SGSN will monitor a new re-attach after the previous detach was due to inactivity. Also, you can define the action to be taken regarding new attaches.
period: Enter an integer from 60 to 3600.
action - Select an action:
deny
permit-and-stop-monitoring
Usage
Use this command to configure the timeout timer. After this timer times out the subscriber is detached from the SGSN.
Example
The following command instructs the SGSN to monitor the connection for up to 360 minutes after inactivity is detected, or detach immediately after inactivity is detected:
subscriber-control-inactivity timeout minutes 360 detach immediate
super-charger
Enables or disables the SGSN to work with a super-charged network.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
[ remove ] super-charger
remove
Disables the super-charger functionality.
Usage
By enabling the super charger functionality for 2G or 3G connections controlled by an operator policy, the SGSN changes the hand-off and location update procedures to reduce signalling traffic management.
Example
The following command enables the super charger feature:
super-charger
tau
Configure parameters for the tracking area update (TAU) procedure.
Product
MME
Privilege
Security Administrator, Administrator
Syntax
tau { imei-query-type { imei | imei-sv | none } [ verify-equipment-identity [ allow-on-eca-timeout | deny-greylisted | deny-unknown | verify-emergency ] ] | inter-rat security-ctxt { allow-mapped | native } }
remove tau { imei-query-type | inter-rat security-ctxt }
remove
Deletes this TAU configuration from the call control profile.
imei-query-type { imei | imei-sv | none }
This keyword set is specific to the MME.
Sets the IMEI query-type if an IMEI (International Mobile Equipment Identity) is not already present.
imei: Specifies that the MME is required to query the UE for its International Mobile Equipment Identity (IMEI).
imei-sv: Specifies that the MME is required to query the UE for its International Mobile Equipment Identity - Software Version (IMEI-SV).
none: Specifies that the MME does not need to query for IMEI or IMEI-SV.
verify-equipment-identity [ allow-on-eca-timeout | deny-greylisted | deny-unknown | verify-emergency ]
Specifies that the identification (IMEI or IMEI-SV) of the UE is to be performed by the Equipment Identity Register (EIR) over the S13 interface.
allow-on-eca-timeout: Configures the MME to allow equipment that has timed-out on ECA during the attach procedure.
deny-greylisted: Configures the MME to deny grey-listed equipment during the attach procedure.
deny-unknown: Configures the MME to deny unknown equipment during the attach procedure.
verify-emergency: Configures the MME to ignore the IMEI validation of the equipment during the attach procedure in emergency cases. This keyword is only supported in release 12.2 and higher.
inter-rat security-ctxt { allow-mapped | native }
Configure inter-RAT parameters for TAU. This keyword provides the operator with the option of continuing with the mapped context or creating a new native context after an inter-RAT handover.
allow-mapped: Configures inter-RAT security-context type as mapped. Mapped security context is allowed after inter-RAT handover. This is the default value.
native: Configures inter-RAT security-context type as native only. Inter-RAT handover will always result in a native security context.
Usage
Use this command to define tracking area update procedures such as inter-RAT security context and IMEI query-type.
Example
The following command sets the IMEI query type to IMEI-SV:
tau imei-query-type imei-sv verify-equipment- identity
treat-as-hplmn
Enables or disables the MME or SGSN to treat an IMSI series as coming from the home PLMN.
Product
MME, SGSN
Privilege
Security Administrator, Administrator
Syntax
[ remove ] treat-as-hplmn
remove
Deletes this configuration from the profile. This would disable this function and is the default.
Usage
Use this command to enable or disable the MME/SGSN to treat an IMSI series as coming from the home PLMN.
Example
The following command disables previously configured feature:
remove treat-as-hplmn
zone-code
Configures a zone code listing of one or more location area code (LACs) included in the zone.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
zone-code zc_id location-area-code lac
no zone-code zc_id [ location-area-code lac ]
no
Removes either a specific LAC from the zone code list. If the location-area-code parameter is not included in the command, then the entire zone code list definition is removed from configuration.
zc_id
Identifies an instance of a zone code list as an integer from 1 to 65535.
An unlimited number of zone code lists can be configured per call control profile as the zone code lists are allocated dynamically. A maximum of 10 zone code lists can be configured per Call Control Profile.
location-area-code lac
Prompts for the location area-code(s), where the subscribers can roam, that are part of the zone. lac is an integer from 1 to 65535.
Repeat the command with this parameter to include up to 100 LACs in the zone code list.
Usage
note_smallImportant: While there is no limit to the number of zone codes that can be created, only 10 LACs per zone code can be defined.
Use this command to define zone code restrictions. Regional subscription data at the home location register (HLR) is used to determine the regional subscription area in which the subscriber is allowed to roam. The regional subscription data consists of a list of zone codes. A zone code is comprised of one or more location areas (identified by a LAC) into which the subscriber is allowed to roam. Regional subscription data, if present in the insert subscriber data (ISD) request from the HLR, defines the subscriber's subscription area for the addressed SGSN. It contains the complete list (up to 10 zone codes) that apply to a subscriber in the currently visited PLMN.
During the GPRS Location Update procedure, the zone code list is received in the ISD request from the HLR. The zone code list from the HLR is validated against the configured values in the operator policy. If matched, then the ISD is allowed to proceed. If not matched, then the ISD response is that the Network Node Area is Restricted and the GPRS Location Update procedure fails. If no zone codes are included in the ISD (whether or not the zone codes are defined in the SGSN configuration), then checking is not done.
Example
The following command defines multiple LACs for zone code 1:
zone-code 1 lac 413 212 113
 
 
Cisco Systems Inc.
Tel: 408-526-4000
Fax: 408-527-0883