IuPS Service Configuration Mode Commands

IuPS Service Configuration Mode Commands
 
The IuPS Service configuration mode is used to define properties for the IuPS service which controls the Iu-PS interface connections to Radio Network Controllers (RNCs) of the UMTS Terrestrial Radio Access Network (UTRAN).
In this mode, the prompt will appear similar to:
[<context_name>]hostname(config-ctx-iups-service)#
note_smallImportant: The commands or keywords/variables that are available are dependent on platform type, product version, and installed license(s).
access-protocol
This command configures the access protocol parameters for the IuPS service.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
access-protocol sccp-network sccp_net_id
no access-protocol sccp-network
no
Removes a previously configured access protocol value.
sccp-network sccp_net_id
Specifies the Signaling Connection Control Part (SCCP) for this IuPS service to use.
sccp_net_id must be an integer from 1 to 16.
Usage
Use this command to configure access protocol parameters for the current IuPS service.
Example
The following command specifies that the current Iu-PS service should use SCCP 1:
access-protocol sccp-network 1
blacklist-timeout-gtpu-bind-addresses
This command specifies the time period that a GTP-U bind address (loopback address) will not be used (is blacklisted) in RAB-Assignment requests after a RAB assignment request, with that GTP-U bind address, has been rejected by an RNC with the cause - Unspecified Error. This is a failure at the RNC’s GTP-U IP interface.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
blacklist-timeout-gtpu-bind-addresses seconds
default blacklist-timeout-gtpu-bind-addresses
default
Resets the blacklist time to 60 seconds.
seconds
Number of seconds that the GTP-U bind (loopback) address will not be used in a RAB-Assignment request.
seconds : Must be an integer from 1 to 1800.
Usage
Use this command to configure the blacklist period.
Example
The following command specifies a 15 minutes (460 seconds) blacklist period.
blacklist-timeout-gtpu-bind-addresses 460
empty-cr
This command allows the operator to determine how empty Connection Request messages will be handled.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
empty-cr procedure reject
[ default | no ] empty-cr procedure reject
default | no
Using either default or no with the command disables the rejection function and returns the system to the default behavior, which is to ignore receipt of the empty CRs.
Usage
Use this command to enable/disable the procedure for handling empty (not containing dataparameters) Connection Request (CR) messages.
This feature can be used in the following scenario: During 4G to 3G handovers, some Connection Requests from mobile subscribers might be ignored by the SGSN, even though their UE would display that the WCDMA was available. The RNC would send an SCCP Connection Request (CR) over the Iu interface to the SGSN. Normally, this message contains a RANAP message and GMM, but according to 3GPP and ITU Q.713 standards, it is permissible to send an SCCP CR without any data parameters. In such a situation, normally the SGSN would ignore these SCCP CR messages, because without these data parameters the SGSN would be unable to derive the DeMux key which is the basis for determining the Session Manager instance to be used for a subscriber. Using this feature allows the SGSN to send a Reject to the mobile subscriber when an “empty” SCCP CR is sent from their UE.
Fields have been added to the output of the following CLI show commands to track the receipt and rejection of Connect Request (CR) messages:
show gmm-sm statistics
show gmm-sm statistics verbose
Example
The following command enables the empty CR handling procedure:
empty-cr procedure reject
The following command disables the empty CR handling procedure:
default empty-cr procedure reject
end
Exits the current configuration mode and returns to the Exec mode.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
end
Usage
Return to the Exec mode.
exit
Exits the current configuration mode and returns to the previous configuration mode, the context configuration mode.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
exit
Usage
Return to the context configuration mode.
force-authenticate consecutive-security-failure
Disable/enable authentication when the MS/UE security fails and configures the procedures and frequency for authentication
Product
SGSN
Privilege
Security Administrator, Administrator, Operator
Syntax
force-authenticate consecutive-security-failure { inter-sgsn-rau | local-messages count frequency | non-local-messages count frequency }
[ default | no ] force-authenticate consecutive-security-failure { inter-sgsn-rau | local-messages | non-local-messages }
default
Resets the values to defaults. Forced authentication is enabled for all the types of event procedures with the default values for determining frequency for authentication.
no
Disables the specified authentication configuration.
inter-sgsn-rau
Default: enabled
Enables/disables authentication for inter-SGSN RAU.
The SGSN does not remember previous inter-SGSN-RAU failures for a P-TMSI/RAI because the SGSN clears all contexts on the occurrence of an inter-SGSN-RAU security failure. So the next inter-SGSN-RAU can only be authenticated forcefully if it comes before the previous context is cleared. This type of forced authentication is enabled by default because this type of failure is fairly common.
local-messages count frequency
Default: 5
Enables/ disables authentication for local messages (such as local RAUs, Service Requests, Detach Requests, etc) . Consecutive security failures is fairly rare for local messages so the default count frequency is fairly high, 5. Setting the count frequency enables the feature and sets the number of consecurity local message security failures that must occur prior t o authentication being forced.
frequency: Enter an integer from 1 to 10.
non-local-messages count count
Default: 1
Enables/ disables authentication for non-local messages (such as inter-RAT RAUs and all types of attaches) . Consecutive security failures for non-local messages is fairly common so the default count frequency is 1. Setting the count frequency enables the feature and sets the number of consecurity non-local message security failures that must occur prior t o authentication being forced.
frequency: Enter an integer from 1 to 10.
Usage
GMM authentication is optional for UMTS. When GMM authentication is skipped, the SGSN and the MS continue to re-use the latest keys exchanged during the most recent GMM authentication procedure. This can result in the SGSN and the MS going out of sync with the CK and IK currently in use. If a mismatch occurs when the MS continues to use the correct parameters (e.g., cksn or P-TMSI signature) in the next Iu and if the SGSN skips authentication on the Iu, then, usually, the security mode will timeout or be rejected because the MS will not be able to decipher or perform an integrity check on the network messages. This scenario results in a lot of useless signaling in the network. This command allows the operator to enable a forced GMM authentication that will either resolve this type of problem or avoid it. As well, the operator can configure a frequency of authentication that best meets their needs.
Example
The following command enables forced authentication after every 3rd local message security failure:
force-authenticate consecutive-security-failure local-messages count 3
gtpu
This commands configures parameters for the GTP user (GTP-U) dataplane.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
gtpu { bind ip_addr | echo-interval seconds | max-retransmissions number | retransmission-timeout seconds }
no gtpu { bind address ip_addr | echo-interval | max-retransmissions | retransmission-timeout }
default gtpu { echo-interval | max-retransmissions | retransmission-timeout }
no
Removes the configured parameter value.
default
Sets the specified parameter to its default setting.
bind address ip_addr
This command binds the specified IP address to the Iu-PS GTP-U endpoint.
ip_addr: Must be an IP v4 IP address in dotted decimal notation.
echo-interval seconds
Default: 60
Configures the rate, in seconds, at which GTP-U echo packets are sent to the UTRAN over the Iu-PS interface.
seconds : Must be an integer from 60 through 3600.
max-retransmissions number
Default: 5
Configures the maximum number of transmission retries for GTP-U packets.
number : Must be an integer from 0 through 15.
retransmission-timeout seconds
Default: 5
Configures the retransmission timeout for GTPU packets in seconds.
seconds : Must be an integer from 1 through 20.
Usage
Use this command to configure GTP-U parameters for the Iu-PS interface.
Example
The following command binds the IP address 192.168.0.10 to the Iu-PS interface for communication with the UTRAN:
gtpu bind address 192.168.0.10
iu-hold-connection
Defines the type and duration of the Iu hold connection.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
iu-hold-connection { always [ hold-time time ] | requested-by-ms [ hold-time time ] }
default iu-hold-connection
no iu-hold-connection
default
Resets the Iu hold connection parameters to requested-by-ms and 100 second duration.
no
Removes the configuration information for the specified Iu hold connection parameter.
always
Specifies that there is always to be an Iu hold connection procedure.
requested-by-ms
Specifies that there is only an Iu hold connection procedure if requested by the MS/UE.
This is the default setting for Iu-hold-connection.
hold-time time
This variable configures the interval (in seconds) that the SGSN holds the Iu connection.
time: must be an integer from 10 to 3600.
Default is 100.
Usage
Define the amount of time the Iu connection will be held open.
Example
Instruct the SGSN to hold the Iu connection open for 120 seconds
iu-hold-connection always hold-time 120
iu-recovery
This command enables the Iu recovery function.
note_smallImportant: This command has been deprecated and is no longer available in most 12.0 or 12.2 releases.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
iu-recovery
no iu-recovery
no
Disables IU recovery.
Usage
Enable or disable Iu recovery function that should be used whenever sessions are recovered.
Example
The following command disables the Iu Recovery function:
no iu-recovery
iu-release-complete-timeout
Configures the SGSN’s timer for waiting for an Iu Release Complete message from the RNC.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
iu-release-complete-timeout time
default iu-release-complete-timeout
default
Resets the timer to its default setting.
time
This variable defines the amount of time (in seconds) that the SGSN waits to receive an ‘Iu Release Complete’ message from the RNC.
Default: 10.
time: Must be an integer from 1 to 60.
Usage
Configure the number of seconds that the SGSN waits to receive the Iu Release Complete message.
Example
Set the SGSN to wait 20 seconds for Iu-Release-Complete:
iu-release-complete-timeout 20
loss-of-radio-coverage ranap-cause
This command sets the detection cause included in the Iu Release message. This command is unique to releases 9.0 and higher.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
loss-or-radio-coverage ranap-cause cause_number
default loss-of-radio-coverage ranap-cause
default
This keyword resets the configuration to the default cause ID number.
ranap-cause cause_number
This number identifies the reason the SGSN has detected, from Iu Release messages, for the loss of radio coverage (LORC). This value is included in the IE messages the SGSN sends to either the GGSN or the GGSN and the peer SGSN to indicate LORC state. The range of reasons is a part of the set defined by 3GPP 25413.
cause_number : Must be an integer from 1 to 512.
Default: 46 (MS/UE radio connection lost)
Usage
By defining a cause code, the SGSN knows to detect the LORC state of the mobile from Iu Release messages it receives for the subscriber. This configuration also instructs the SGSN to include the defined cause code for the LORC state in the IE portion of various messages sent to the GGSN and optionally the peer SGSN.
This command is one of the two commands required to enable the SGSN to work with the GGSN and, optionally the peer SGSN, to implement the Overcharging Protection feature (see the SGSN Overview in the SGSN Administration Guide for feature details. The other command needed to implement the Overcharging Protection feature is the gtp private extension command explained in the SGSN APN Policy Configuration Mode chapter of the Command Line Interface Reference.
Example
Use the following command to set the cause code to indicate that there are no radio resources available in the target cell, cause 53.
loss-or-radio-coverage ranap-cause 53
mbms
This command is in development for future use so the command and keywords that you might see are not currently supported.
Product
SGSN
network-sharing cs-ps-coordination
Enables/disables the SGSN service to perform a CS-PS coordination check.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
network-sharing cs-ps-coordination
default network-sharing cs-ps-coordination
no network-sharing cs-ps-coordination
default
Including this keyword resets the SGSN service to allow the check to be performed.
no
Disables this feature for the SGSN service.
Usage
Use this command to facilitate the network sharing functionality. With this command, the SGSN can be instructed to perform a check to determine if CS-PS coordination is needed.
3GPP TS 25.231 section 4.2.5 describes the functionality of the SGSN to handle CS-PS (circuit-switching/packet-switching) coordination for attached networks not having a Gs-interface. In compliance with the standard, the SGSN rejects an Attach in a MOCN configuration with cause 'CS-PS coordination required', after learning the IMSI, to facilitate the RNC choosing the same operator for both CS and PS domains.
Example
Use the following syntax to disable the CS-PS coordination check:
no network-sharing cs-ps-coordination
network-sharing failure-code
Configure the reject cause code to included in network-sharing Reject messages.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
network-sharing failure failure_code
default network-sharing failure
default
Resets the SGSN service to use the default cause code,14 (GPRS services not allowed in this PLMN).
failure_code
Enter one of the GMM failure cause codes listed below (from section 10.5.5.14 of the 3GPP TS 124.008 v7.2.0 R7):
2 - IMSI unknown in HLR
3 - Illegal MS
6 - Illegal ME
7 - GPRS services not allowed
8 - GPRS services and non-GPRS services not allowed
9 - MSID cannot be derived by the network
10 - Implicitly detached
11 - PLMN not allowed
12 - Location Area not allowed
13 - Roaming not allowed in this location area
14 - GPRS services not allowed in this PLMN
15 - No Suitable Cells In Location Area
16 -MSC temporarily not reachable
17 - Network failure
20 - MAC failure
21 - Synch failure
22 - Congestion
23 - GSM authentication unacceptable
40 - No PDP context activated
48 to 63 - retry upon entry into a new cell
95 - Semantically incorrect message
96 - Invalid mandatory information
97 - Message type non-existent or not implemented
98 - Message type not compatible with state
99 - Information element non-existent or not implemented
100 - Conditional IE error
101 - Message not compatible with the protocol state
111 - Protocol error, unspecified
Usage
Use this command to determine which failure code will be included in Reject messages sent by the SGSN when there is a network-sharing failure.
Example
Use the following syntax to indicate that roaming is not allowed (#13) as the cause for the network-sharing failure:
network-sharing failure 13
plmn
Configures the PLMN (public land mobile network) related parameters for the IuPS service. This command is appicable to releases 8.1 and higher.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
plmn id mcc mcc_num mnc mnc_num [ network-sharing common-plmn mcc mcc_num mnc mnc_num [ plmn-list mcc mcc_num mnc mnc_num [ mcc mcc_num mnc mnc_num+ ] ] ]
no plmn id
no
Removes the PLMN ID from the configuration.
id
Creates a PLMN configuration instance based on the PLMN ID (comprised of the MCC and MNC). In accordance with TS 25.413, the SGSN supports up to 32 PLMN configurations for shared networks.
mcc mcc_num
Specifies the mobile country code (MCC) portion of the PLMN’s identifier.
mcc_num: The PLMN MCC identifier and can be configured to any integer value between 100 and 999.
mnc mnc_num
Specifies the mobile network code (MNC) portion of the PLMN’s identifier.
mnc_num: The PLMN MNC identifier and can be configured to any 2-digit or 3-digit value between 00 and 999.
network-sharing common-plmn mcc mcc_num mnc mnc_num
When network sharing is employed, this set of keywords is required to define the PLMN ID of the common PLMN. The common PLMN is usually not the same as the local PLMN.
plmn-list mcc mcc_num mnc mnc_num
When network sharing is employed and more than two PLMNs are available, then use the plmn-list keyword to begin a list of all additional PLMNs.
Usage
Use this command to configure the PLMN associated with the SGSN. There can only be one PLMN associated with an SGSN unless one of the following features is enabled and configured: network sharing or multiple PLMN.
For network sharing, use of the network-sharing keywords make it possible to identify more than one PLMN. Including the PLMN identified initially. None have precedence. They are all treated equally but they must each be unique. In a MOCN configuration, the PLMN list will not be used as there would only be one local PLMN.
For multiple PLMN support, the SGSN can support up to 8 Iu-PS configurations for PLMNs. These Iu-PS service configurations must be associated with the SGSN via the ran-protocol command in the SGSN Service configuration mode.
Example
Use the following command to identify a PLMN by the MCC 313 and MNC 23 and instruct the SGSN to perform network sharing with a single common PLMN identified by MCC 404 and MNC 123:
plmn id mcc 313 mnc 23 network-sharing common-plmn mcc 404 mnc 123
rab-assignment-response-timeout
Configures the RAB assignment timer.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
rab-assignment-response-timeout time
default rab-assignment-response-timeout
default
Resets the timer to its default setting.
time
This variable configures the amount of time (in seconds) that the SGSN waits to receive a RAB assignment from the RNC.
time: must be an integer from 1 to 60.
Default: 8.
Usage
This command defines time the SGSN waits for the completion of the RAB assignment procedure.
Example
Change the timer setting to 11 seconds.
rab-assignment-response-timeout 11
radio-network-controller
This command creates an instance of an RNC configuration to associate with the IuPS service for the SGSN. This command is only available in release 8.0; use the rnc command for releases 8.1 and higher.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
radio-network-controller id rnc_id mcc mcc_num mnc mnc_num
no radio-network-controller id rnc_id mcc mcc_num mnc mnc_num
no
Removes the configuration information for the specified RNC.
id rnc_id
Define the instance number of the RNC configuration.
rnc_id : Must be an integer from 0 to 4095.
mcc mcc_num
Specifies the mobile country code (MCC).
mcc_num : Must be an integer between 100 and 999.
mnc mnc_num
Specifies the mobile network code (MNC).
mnc_num : Must be an integer between 00 and 999.
Usage
Use this command to configure information for the IuPS service to use to contact specific RNCs.
This command also provides access to the RNC configuration mode.
Example
The following command creates or accesses RNC configuration instance #1 with MCC of 131 and MNC of 22:
radio-network-controller id 1 mcc 131 mnc 22
relocation-alloc-timeout
This command defines the amount of time the SGSN waits for a Relocation Request message.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
relocation-alloc-timeout timeout_value
default relocation-alloc-timeout
default
Resets the configuration to a 5 second wait time.
timeout_value
Time in seconds that the SGSN waits to receive a Relocation Request message.
timeout_value : Must be an integer from 1 to 60.
Default : 5 seconds.
Usage
Use this command to configure the number of seconds the SGSN will wait for a Relocation Request message to be received. This timeout needs to be set with sufficient time so that SRNS procedure aborts can be avoided if the peer fails to respond in a timely fashion in the case of a hard handoff.
Example
The following command sets the wait time to 10 seconds.
relocation-alloc-timeout 10
relocation-complete-timeout
This command specifies the maximum time for the SGSN to wait for a Relocation Completion from the core network.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
relocation-complete-timeout timeout_value
default relocation-complete-timeout
default
Resets the configuration to a 5 second wait time.
timeout_value
Time in seconds that the SGSN waits for relocation to be completed.
timeout_value : Must be an integer from 1 to 60.
Default : 5 seconds.
Usage
Use this command to configure the number of seconds the SGSN will wait for a relocation to be completed. This timeout needs to be set with sufficient time so that SRNS procedure aborts can be avoided if the peer fails to respond in a timely fashion in the case of a hard handoff.
Example
The following command sets the wait time for 10 seconds.
relocation-complete-timeout 10
reset
Defines the configuration specific to the RESET procedure.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
reset { ack-timeout time | guard-timeout time | max-retransmissions retries | sgsn-initiated }
default reset { ack-timeout | guard-timeout | max-retransmissions | sgsn-initiated }
no reset sgsn-initiated
default
Returns to the default settings for the Reset procedure.
no
Removes the SGSN-initiated reset procedure from the configuration.
ack-timeout time
Configures the interval (in seconds) for which the SGSN waits for RESET-ACK from the RNC.
time must be an integer from 5 to 60.
Default: 20.
guard-timeout
Configures the interval (in seconds) after which the SGSN sends RESET-ACK to the RNC.
time must be an integer from 5 to 60.
Default : 10
max-retransmissions
Configures maximum retries for RESET message.
retries must be an integer from 0 to 2.
Default: 1.
sgsn-initiated
Enables SGSN initiated RESET procedure.
Default: disabled.
Usage
Configures the parameters that determine a RESET.
Example
Use the following to have the SGSN initiate the RESET procedure:
reset sgsn-initiated
rnc
This command creates or accesses an instance of an RNC (radio network controller) configuration.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
rnc id rnc_id
no rnc id rnc_id
no
Removes the configuration information for the specified RNC.
id rnc_id
Set the identification number of the RNC configuration instance.
rnc_id : Must be an integer from 0 to 4095 for 8.1 releases. Must be an integer from 0 to 65535 for releases 9.0 and higher.
Usage
Use this command to configure information for the IuPS service to use to contact specific RNCs.
This command also provides access to the RNC configuration mode.
Example
The following command creates an RNC configuration instance #3442:
rnc id 3442
security-mode-complete-timeout
This command configures the security mode timer.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
security-mode-complete-timeout time
default security-mode-complete-timeout
default
Resets the timer configuration to the default settings.
time
Configures the interval (in seconds) the SGSN waits for the security mode from the MS to complete.
time must be an integer from 1 to 60.
Default is 5
Usage
Use this command to configure the timer that determines how long the SGSN waits for a Security Mode Complete message from the MS (mobile station).
Example
Instruct the SGSN to wait 7 seconds:
security-mode-complete-timeout 7
srns-context-response-timeout
This command configures the SGSN context response timer.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
srns-context-response-timeout time
default srns-context-response-timeout
default
Resets the timer configuration to the default setting.
time
Configures the interval (in seconds) for which the SGSN waits for an SRNS Context Request message.
time must be an integer from 1 to 60.
Default: 5.
Usage
Configures the time to wait before the SGSN sends a response to the SRNS Context-Request message.
Example
Configure the SGSN to wait 7 seconds for an SRNS Context-Request response:
srns-context-response-timeout 7
tigoc-timeout
This command configures the TigOc interval.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
tigoc-timeout time
default tigoc-timeout
default
Resets the timer configuration to the default setting.
time
This command sets the time in seconds.
time : Must be an integer from 1 to 60.
Default: 5.
Usage
Define the amount of time that the SGSN ignores any overload messages for TigOc interval after receiving one overload message from the RNC.
Example
Use the following command to change the default TigOc interval to 4 seconds:
tigoc-timeout 4
tintc-timeout
This command configures the TinTc interval..
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
tintc-timeout time
default tintc-timeout
default
Resets the timer configuration to the default setting.
time
Set the number of seconds to wait.
time : Must be an integer from 1 to 60.
Default: 30.
Usage
Define 4 as the number of seconds that the SGSN waits before decrementing (by one) the traffic level of the RNC.
Example
tintc-timeout 4
 
 
Cisco Systems Inc.
Tel: 408-526-4000
Fax: 408-527-0883