Call Control Profile Configuration Mode


Call Control Profile Configuration Mode
 
 
Call Control Profile configuration mode defines call-handling rules which can be combined with other profiles -- such as an APN profile (see APN Profile Configuration Mode chapter) -- when using the Operator Policy feature. The call control profile is a key element in the Operator Policy feature and the profile is not valid until it is associated with an operator policy (see the Operator Policy Configuration Mode Commands chapter).
The MME and SGSN supports a maximum of 1000 call control profiles and only one can be associated with an operator policy.
By configuring a call control profile, the operator fine-tunes any desired restrictions or limitations needed to control call handling per subscriber or for a group of callers across IMSI ranges.
Upon accessing this mode, your prompt should look similar to the following:
[local]asr5000(config-call-control-profile-<profile_name>)#
 
 
access-restriction-data
This command enables the operator to assign a failure code to be included in reject messages if attach rejection is due to access restriction data (ARD) checking in incoming subscriber data (ISD) messages. As well, the operator can disable the ARD checking behavior.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
access-restriction-data { failure-code cause_code | no-check }
remove access-restriction-data failure-code
remove
Removes the failure code setting for the reject message that could result from ARD checking.
failure-code cause_code
cause_code: Enter an integer from 2 to 111; default code is 13 (roaming not allowed in this location area (LA).
Refer to the GMM failure cause codes listed below (information has been taken from section 10.5.5.14 of the 3GPP TS 124.008 v7.2.0 R7):
no-check
Including this keyword with the command disables the ARD checking behavior.
Usage
By default, the SGSN checks access restriction data (ARD) in incoming insert subscriber data (ISD) messages. This enables operator to selectively restrict subscribers in either 3G (UTRAN) or 2G (GERAN). The SGSN ARD checking behavior occurs during the attach procedure and if a reject occurs, the SGSN sends the subscriber an Attach Reject message with a configurable failure cause code.
Example
For this call control profile, the following command disables the ARD checking function:
access-restriction-data no-check
 
accounting context
This command defines the name of the accounting context and optionally associates a GTPP group with this call control profile.
Product
SGSN, S-GW
Privilege
Security Administrator, Administrator
Syntax
accounting context ctxt_name [ gtpp group grp_name ]
remove accounting context
remove
Removes the accounting configuration from this profile’s configuration.
context ctxt_name
Use this keyword to identify the accounting context.
ctxt_name: Enter a string of 1 to 79 alphanumeric characters.
gtpp group grp_name
This keyword set identifies the GTPP group, where the GTPP related parameters have been configured in the GTPP Group configuration mode, to associate with this call control profile.
grp_name: Enter a string of 1 to 63 alphanumeric characters to identify the GTPP group created with the gtpp group command in the Context configuration mode.
Usage
This command can be used to associate a predefined GTPP server group - including all its associated configuration - with a specific call control profile. The GTPP group would have been defined with the gtpp group command, see the Context Configuration Mode chapter in the Command Line Interface Reference.
If the GTPP group is not specified, then a default GTPP group in the accounting context will be used.
If this command is not specified, use the name of the accounting context configured in the SGSN service configuration mode (for 3G) or the GPRS service configuration mode (for 2G), either will automatically use a “default” GTPP group generated in that accounting context.
If the accounting context is specified in the GPRS service or SGSN service and in a call control profile, then priority is given to the accounting context of the call control profile.
Example
For this call control profile, the following command identifies an accounting context called acctng1 and associates a GTPP server group named roamers with defined charging gateway accounting functionality.
accounting context acctng1 gtpp group roamers
 
accounting mode
Configures the mode to be used for accounting – GTPP (default), RADIUS/Diameter or None.
Product
S-GW
Privilege
Administrator
Syntax
[ default ] accounting mode { gtpp | none | radius-diameter }
default
Sets the accounting mode to GTPP.
gtpp
Specifies that GTPP accounting is performed. This is the default method.
none
Specifies that no accounting will be performed for the call control profile.
radius-diameter
Specifies that RADIUS/Diameter will be performed for the call control profile.
Usage
Use this command to specify the accounting mode for a call control profile. For additional information on accounting mode and its relationship to operator policy, refer to the System Administration Guide.
Example
The following command specifies that RADIUS/Diamteer accounting will be used for the call control profile:
accounting mode radius-diameter
 
allocate-ptmsi-signature
This command enables the allocation of a P-TMSI signature.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
allocate-ptmsi-signature
[ no | default ] allocate-ptmsi-signature
no
Disables the allocation of the P-TMSI signature.
default
Resets the configuration value to the default: allocates the P-TMSI signature.
Usage
Use this command to enable or disable the allocation of the P-TMSI signature.
Example
allocate-ptmsi-signature
 
apn-restriction
This command enables the APN restriction feature and configures the instruction for the SGSN on the action to take when an APN restriction value is received from the GGSN during an Update PDP Context procedure.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
apn-restriction update-policy deactivate restriction
default apn-restriction
default
Creates a default APN restriction configuration.
restriction
Select one of the two restriction types to define the appropriate action if the APN restriction value received conflicts with the stored value:
least-restrictive: least restrictive value applicable when there are no already active PDP context(s).
most-restrictive: most restrictive is the most stringent restriction required by any already active PDP context(s).
Usage
When this feature is enabled, the SGSN will send the maximum APN restriction value in every CPC Request message sent to the GGSN. The SGSN expects to receive an APN restriction value in each PDP Context received from the GGSN. The SGSN stores and compares received APN restriction values to check for conflicts. In the case of a conflict, the SGSN rejects the PDP Context with appropriate messages and error codes to the MS.
If an APN restriction value is not assigned by the GGSN, the SGSN assumes the value of “1” (least restrictive) to allow APN restriction rules will be possible when valid values are assigned for new PDP Context(s) from the same MS.
Example
Apply the lowest level of APN restrictions.
apn-restriction update-policy deactivate least-restrictive
 
associate
This command associates various MME-specific lists and databases with this call control profile.
Product
MME
Privilege
Security Administrator, Administrator
Syntax
associate { ho-restrict-list list_name | hss-peer-service service_name [ s13-interface | s6a-interface ] | tai-mgmt-db tai-db_name }
remove associate { ho-restrict-list | hss-peer-service [ s13-interface | s6a-interface ] | tai-mgmt-db }
remove
Remove the specified association definition from the call control profile.
ho-restrict-list list_name
Identify the handover restriction list that should be associated with this call control profile.
list_name: Enter a string of 1 to 64 alphanumeric characters.
hss-peer-service service_name
Associates an HSS peer service with this call control profile.
service_name: Identifies the name of the HSS peer service. name must be an existing HSS peer service and be from 1 to 63 alpha and/or numeric characters.
[ s13-interface | s6a-interface ]
Optionally, identify the interface to be associated with the HSS service in this call control profile.
tai-mgmt-db tai-db_name
Identify the tracking area identifier (TAI) database that should be associated with this call control profile.
tai-db_name: Enter a string of 1 to 64 alphanumeric characters.
This configuration overrides the S-GW selection and TAI list assignment functionality for a call that uses an operator policy associated with this call control profile. The TAI management object provides a TAI list for calls and provides S-GW selection functionality if a DNS is not configured for S-GW discovery for this operator policy or if a DNS discovery fails.
Usage
Use this command to associate handover restriction lists, HSS service (and interfaces), and TAI dB with the call control profile. This ensures that the information is available for application when a Request is received.
Repeat the command as needed to associate each feature.
Example
Link HO restriction list named HOrestrict1 with this call control profile:
associate ho-restrict-list HOrestrict1
 
attach
This command defines attach-related configuration for this call control profile.
note_smallImportant: SGSN only: Before using this command, ensure that the appropriate LAC information has been defined with the location-area-list command.
Product
MME, SGSN, S-GW
Privilege
Security Administrator, Administrator
Syntax
attach access-type { gprs | umts } { all | location-area-list instance list_id } { failure-code code | user-device-release { before-r99 failure code code | r99-or-later failure code code } }
default attach access-type { gprs | umts } { all | location-area-list instance list_id } { failure-code | user-device-release { before-r99 failure code | r99-or-later failure code }
[ no ] attach allow access-type { eps | gprs | umts } location-area-list instance list_id
[ no ] attach restrict access-type { eps | gprs | umts } { all | location-area-list instance list_id }
attach imei-query-type { imei | imei-sv | none } [ [ verify-equipment-identity ] [ allow-on-eca-timeout | deny-greylisted | deny-unknown | verify-emergency ]
remove attach imei-query-type
default
Restores the default values for the for the specified parameter.
no
Deletes the specified attach configuration.
remove
Deletes the specified attach configuration.
access-type type
Defines the type of access to be allowed or restricted.
If this keyword is not included, then both access types are allowed by default.
allow
Allow re-enables attaches in the configuration after an attach restrict command has been used.
restrict
Restrict attaches (do not accept calls) of specified access-type and from specified location areas (defined using either the all or location-area-list keywords).
all
Instructs the SGSN or MME to apply the command action to all location area lists. Location area lists should already have been created with the location-area-list command. The location area list consists of one or more LACs, location area codes, where the MS is when placing the call.
location-area-list instance list_id
Instructs the MME or SGSN to apply the command action to a specific location area list. Location area lists should already have been created with the location-area-list command. The location area list consists of one or more LACs, location area codes, where the MS is when placing the call.
Using this keyword with either the allow or restrict keywords enables you to configure with more granularity.
list_id : Enter a digit between 1 and 5.
failure-code code
Specify a GMM failure cause code to identify the reason an attach did not occur. This GMM cause code will be sent in the reject message to the MS.
Default: 14.
fail-code : Enter an integer from 2 to 111. Refer to the GMM failure cause codes listed below (information has been taken from section 10.5.5.14 of the 3GPP TS 124.008 v7.2.0 R7):
user-device-release { before-r99 | r99-or-later } failure-code code
Default: disabled
Enables the SGSN to reject an Attach procedure based on the detected 3GPP release version of the MS equipment and selectively send a failure cause code in the reject message. The SGSN uses the following procedure to implement this configuration:
1.
2.
3.
4.
One of the following options must be selected and completed:
before-r99 : Indicates the MS would be a 3GPP release prior to R99 and an appropriate failure code should be defined.
failure-code code : Enter an integer from 2 to 111.
r99-or-later : Indicates the MS would be a 3GPP Release 99 or later and an appropriate failure code should be defined.
failure-code code : Enter an integer from 2 to 111.
imei-query-type { imei | imei-sv | none }
This keyword set is specific to the MME.
Defines device Attach limitations if an IMEI is not already present in the Attach Request.
imei: Deny Attach if IMEI is not present, unless the IMEI meets other criteria.
imei-sv: Deny Attach if IMEI-SV is not retrieved, unless the IMEI meets other criteria.
none: No limits on Attach related to IMEI query.
verify-equipment-identity [ allow-on-eca-timeout | deny-greylisted | deny-unknown | verify-emergency ]
Specifies that the identification (IMEI or IMEI-SV) of the UE is to be performed by the Equipment Identity Register (EIR) over the S13 interface.
allow-on-eca-timeout: Configures the MME to allow equipment that has timed-out on ECA during the attach procedure.
deny-greylisted: Configures the MME to deny grey-listed equipment during the attach procedure.
deny-unknown: Configures the MME to deny unknown equipment during the attach procedure.
verify-emergency: Configures the MME to ignore the IMEI validation of the equipment during the attach procedure in emergency cases.
This is the default for the equipment identity verification option.
Usage
Once the IMSI of an incoming call is known and matched with a specific operator policy, according to the filter definition of the mcc command, then the associated call control profile is selected to determine how the incoming call is handled.
By default, all attaches are allowed. If no access limitations are needed, then do not use the attach command.
note_smallImportant: Before using this command, ensure that the appropriate LAC information has been defined with the location-area-list command.
Use this command to define attach limitations for the call control profile.
Use this command to fine-tune the attach configuration specifying which calls/subscribers can attach and which calls are restricted from attaching and what failure code is included in the Reject message.
Attachment restrictions can be based on any one or combination of the options, such as location area code or access type. It is even possible to restrict all attaches.
The command can be repeated using different keyword values to further fine-tune the attachment configuration.
Example
For calls under the purview of this call control profile, the following command restricts the attaches of all subscribers using the GPRS access type.
attach restrict access-type gprs all
Use the next command to reverse the previous attach restrict command:
attach allow access-type gprs all
Or, change the attach restriction to only restrict attaches of GPRS subscribers from specified LACs included in location area list #2 and include failure-code 45 as the reject cause. This configuration requires two CLI commands:
attach restrict access-type gprs location-area-list instance 2
attach access-type gprs location-area-list instance 2 failure-code 45
In the case of a dual-access SGSN, it is possible to also add a second definition to restrict attaches of UMTS subscribers within the LACs included in location area list #3.
attach restrict access-type UMTS location-area-list instance 3
Change the configuration to allow attaches for GPRS access for all previously restricted LACs - note that GPRS attaches would still be limited.
no attach restrict access-type gprs all
Restrict (deny) all GPRS attach requests (coming from any location area) and assign a single failure code for the reject messages. This is a two command process:
attach restrict access-type gprs all
attach access-type grps all failure-code 22
Remove the restrictions defined above - so that the access type is reset to the default (both types) and the failure code returns to the default value (14).
default attach access-type gprs all failure-code
 
authenticate activate
This command allows the operator to define authentication procedures in response to a received Activate Request.
Product
MME, SGSN, S-GW
Privilege
Security Administrator, Administrator
Syntax
authenticate activate [ access-type { gprs | umts } | first | frequency frequency | primary ] [ access-type { gprs | umts } ]
[ no | remove ] authenticate activate [ access-type { gprs | umts } | first | primary ] [ access-type { gprs | umts } ] ]
no
Disables the specified activate authentication configuration in the call control profile.
remove
Removes the specified activate authentication configuration from the call control profile configuration file.
access-type type
One of the following must be selected to identify the type of network access if the access-type keyword is included in the command:
The access-type keyword can be included with any of the other three keywords available with the authenticate activate command.
first
Including this keyword enables authentication only for the first Activate Request for an MS/UE.
frequency frequency
This keyword defines 1-in-N selective authentication for Activate Request events. If the frequency is set for 12, then the SGSN skips authentication for the first 11 events and authenticates on the 12th event.
frequency must be an integer from 1 to 16.
primary
Including this keyword enables authentication for every primary PDP context Activate Request.
Usage
Activate Requests are not authenticated by default. Use this command to enable authentication of Activate Requests.
Repeat the commands as needed to configure desired authentication responses to Activate Request messages for this call control profile.
Example
Configure Request Activate authentication for every primary PDP context for MS with GPRS access.
authenticate activate primary access-type gprs
 
authenticate all-events
This command allows the operator to quickly define authentication procedures, based on limited parameters, for all types of events.
Product
MME, SGSN, S-GW
Privilege
Security Administrator, Administrator
Syntax
authenticate all-events [ access-type { gprs | umts } | frequency frequency [ access-type { gprs | umts } ] ]
[ no | remove ] authenticate all-events [ access-type { gprs | umts } ]
no
Disables the specified authentication configuration in the call control profile.
remove
Removes the specified authentication configuration from the call control profile configuration file.
access-type type
One of the following must be selected to identify the type of network access if the access-type keyword is included in the command:
The access-type keyword can be included with any of the other three keywords available with the authenticate all-events command.
frequency frequency
This keyword defines 1-in-N selective authentication for all types of subscriber events. If the frequency is set for 12, then the SGSN skips authentication for the first 11 events and authenticates on the 12th event.
frequency must be an integer from 1 to 16.
Usage
By default, authentication is not performed for any subscriber events. Use this command to enable authentication for all types of events at one time, such as but not limited to: Activate Requests, Attach Requests, Detach Requests, Service-Requests.
Example
Configure all authentication for all subscriber events to occur every 10th time a specific type of event occurs (e.g., every 10th time an Attach Request is received):
authenticate all-events frequency10
Configure authentication for all Detach Requests and RAUs to occur if the UE access-type is UMTS:
authenticate all-events access-typeUMTS
 
authenticate attach
This command allows the operator to define authentication for Attach procedures.
Product
MME, SGSN, S-GW
Privilege
Security Administrator, Administrator
Syntax
authenticate attach access-type { gprs | umts }
authenticate attach attach-type { combined | gprs-only } [ access-type { gprs | umts } | frequency frequency ]
authenticate attach frequency frequency [ access-type { gprs | umts } ]
authenticate attach inter-rat [ access-type { gprs | umts } | attach-type { combined | gprs-only } [ access-type { gprs | umts } | frequency frequency ] | frequency frequency [ access-type { gprs | umts } ]
[ no | remove ] authenticate attach [ access-type { gprs | umts } | attach-type { combined | gprs-only } | inter-rat | attach-type { combined | gprs-only } ] [ access-type { gprs | umts } ] ]
no
Disables the defined authentication procedures configured for Attach Requests from the call control profile.
remove
Deletes the defined authentication procedures for Attach Requests from the call control profile configuration file.
access-type type
One of the following must be selected to identify the type of network access if the access-type keyword is included in the command:
attach-type
This keyword configures the Attach authentication based on the type of attach requested. The attach-type must be one of the following options:
combined: Authenticates combined GPRS/IMSI Attaches.
gprs-only: Authenticates GRPS Attaches only.
frequency frequency
This keyword defines 1-in-N selective authentication for this type of subscriber event - Attach Request. If the frequency is set for 12, then the SGSN skips authentication for the first 11 events and authenticates on the 12th event.
frequency must be an integer from 1 to 16.
inter-rat
Enables/diables authentication for Inter-RAT Attaches.
Usage
Authentication for Attach is disabled by default. This command enables/disables authentication for an Attach with a local P-TMSI or Attaches with an IMSI, which will be authenticated to acquire the CK (cipher key) and the IK (integrity key).
Example
Configure authentication to occur after every 10th attach event for GPRS access.
authenticate attach frequency 10 access-type gprs
Disable authentication for Inter-RAT Attaches, use:
no authenticate attach inter-rat
 
authenticate detach
This command allows the operator to enable and define authentication for Detach procedures.
Product
MME, SGSN, S-GW
Privilege
Security Administrator, Administrator
Syntax
authenticate detach access-type { gprs | umts }
[ no | remove ] authenticate detach [ access-type { gprs | umts }
no
Disables the defined authentication procedures configured for Detach Requests from the call control profile.
remove
Deletes the defined authentication procedures for Detach Requests from the call control profile configuration file.
access-type type
One of the following must be selected to identify the type of network access if the access-type keyword is included in the command:
Usage
Authentication for Detach procedures is disabled by default. This command enables/disables authentication for a Detach Request and allows the operator to limit authentication based on the MS/UE access-type.
Example
Configure detach authentication to occur only for UMTS attached subscribers
authenticate detach access-type umts
Disable authentication for all Detach Requests, use:
no authenticate detach
 
authenticate rau
This command enables/disables and finetunes authentication procedures for routing area updates (RAUs)
Product
MME, SGSN, S-GW
Privilege
Security Administrator, Administrator
Syntax
authenticate rau [ access-type { gprs | umts } | frequency frequency [ access { gprs | umts } ] | periodicity duration [ access { gprs | umts } ] | update-type { combined-update | imsi-combined-update | periodic | ra-update } [ access-type { gprs | umts } | frequency frequency | periodicity duration | with { foreign-ptmsi | inter-rat-local-ptmsi | local-ptmsi } [ access-type { gprs | umts } | frequency frequency | periodicity duration ]
no authenticate rau [ access-type { grps | umts } | update-type { combined-update | imsi-combined-update | periodic | ra-update } [ access-type { gprs | umts } | with { foreign-ptmsi | inter-rat-local-ptmsi | local-ptmsi } [ access-type { gprs | umts } ]
remove authenticate rau [ access-type { gprs | umts } | periodicity [ access { gprs | umts } ] | update-type { combined-update | imsi-combined-update | periodic | ra-update } [ access-type { gprs | umts } | periodicity | with { foreign-ptmsi | inter-rat-local-ptmsi | local-ptmsi } [ access-type { gprs | umts } | periodicity ] ]
no
Disables authentication for the RAUS specified in the configuration for the call control profile.
remove
Deletes the authentication configuration for the RAUS from the call control profile in the configuration file.
access-type type
One of the following must be selected to identify the type of network access if the access-type keyword is included in the command:
The access-type keyword can be included with any of the other keywords available with the authenticate rau command.
frequency frequency
Defines 1-in-N selective authentication for RAU events. If the frequency is set for 12, then the SGSN skips authentication for the first 11 events and authenticates on the 12th event.
frequency must be an integer from 1 to 16.
periodicity duration
Defines the length of time (number of minutes) that authentication can be skipped.
duration : Must be an integer from 1 to 10800.
update-type
Defines the type of RAU Request. Select one of the following:
Usage
By default, authentication is not performed for routing area updates (RAUs). Use this command to enable/disable authentication and to finetune the authentication procedure based on frequency, periods for skipping authentication and the various types of routing area updates.
Example
Configure RAU authentication to occur after every 10th event for GPRS access.
authenticate rau frequency 10 access-type gprs
Disable authentication for RAUs based on the combined IMSI with foreign P-TMSIs, use:
no authenticate rau imsi-combined-update with foreign-ptmsi
Delete all authentication configuration from the call control profile for all RAUs using GPRS access-type:
remove authenticate rau access-type gprs
 
authenticate service-request
This command enables/disables and finetunes authentication procedures for Service Requests.
Product
MME, SGSN, S-GW
Privilege
Security Administrator, Administrator
Syntax
authenticate service-request [ frequency frequency | periodicity duration | service-type { data | page-response | signaling } [ frequency frequency | periodicity duration ] ]
no authenticate service-request [ service-type { data | page-response | signaling } ]
remove authenticate service-request [ periodicity | service-type { data | page-response | signaling } [ periodicity ] ]
no
Disables authentication for the Service Requests specified in the configuration for the call control profile.
remove
Deletes the authentication configuration for Service Requests from the call control profile in the configuration file.
frequency frequency
Defines 1-in-N selective authentication for this type of subscriber event - Service Request. If the frequency is set for 12, then the SGSN skips authentication for the first 11 events and authenticates on the 12th event.
frequency must be an integer from 1 to 16.
periodicity duration
Defines the length of time (number of minutes) that authentication can be skipped.
duration : Must be an integer from 1 to 10800.
signaling-type
Defines the type of service being requested by the Service Request. Select one of the following:
Usage
By default, authentication is not performed for Service Requests. Use this command to enable/disable authentication and to finetune the authentication procedure based on frequency and periods for skipping authentication and the various types of service. Repeat the commands as needed to configure criteria for all service types.
Example
Configure authentication Service Requests for data service to only occur every 5 minutes:
authenticate service-request service-type data periodicity 5
 
authenticate sms
This command enables/disables and finetunes authentication procedures for Short Message Service (SMS).
Product
MME, SGSN, S-GW
Privilege
Security Administrator, Administrator
Syntax
authenticate sms [ access-type { gprs | umts } | frequency frequency [ access-type { gprs umts } ] | sms-type { mo-sms | mt-sms } [ access-type { gprs | umts } | frequency frequency ] ]
[ no | remove ] authenticate sms [ access-type { gprs | umts } | sms-type { mo-sms | mt-sms } [ access-type { gprs umts } ] ]
no
Disables authentication for the SMS Requests specified in the configuration for the call control profile.
remove
Deletes the authentication configuration for SMS Requests from the call control profile in the configuration file.
access-type type
One of the following must be selected to identify the type of network access if the access-type keyword is included in the command:
The access-type keyword can be included with any of the other keywords available with the authenticate sms command.
frequency frequency
Defines 1-in-N selective authentication for SMS Requests. If the frequency is set for 12, then the SGSN skips authentication for the first 11 events and authenticates on the 12th event.
frequency must be an integer from 1 to 16.
sms-type
Enables authentication for the following SMS types:
mo-sms: mobile-originated SMS
mt-sms: mobile-terminated SMS
Usage
By default, authentication is not performed for short message service (SMS). Use this command to enable/disable authentication and to finetune the authentication procedure based on MS/UE access type and the frequency for the selected SMS type. Repeat the commands as needed to configure criteria for all service types.
Example
Configure MO-SMS authentication to occur every 5th request:
authenticate sms sms-type mo-sms frequency 5
 
authenticate tau
This command allows the operator to enable/disable and finetune authentication for the tracking area update (TAU) procedures.
Product
MME
Privilege
Security Administrator, Administrator
Syntax
authenticate tau [ freqency frequency | inter-rat | periodicity interval ]
no authenticate tau inter-rat
no
Disables the TAU authentication procedures specified in the call control profile configuration.
frequency frequency
Defines 1-in-N selective authentication for this type of subscriber event - a tracking area update for an inter-RAT Attach. If the frequency is set for 12, then the MME skips authentication for the first 11 events and authenticates on the 12th event.
frequency must be an integer from 1 to 16.
inter-rat
Enables authentication for TAU procedures for inter-RAT Attaches.
periodicity duration
Defines the length of time (number of minutes) that authentication can be skipped.
duration : Must be an integer from 1 to 10800.
Usage
Authentication for TAU procedures is disabled by default. This command enables/disables authentication for a inter-RAT TAU procedures and allows the operator to limit authentication based on the frequency of the events or elapsed intervals between the events.
Example
Configure TAU authentication to occur when there is 15 minutes between inter-RAT Attaches
authenticate tau periodicity 15
Disable authentication for all TAU Inter-RAT Attaches, use:
no authenticate tau
cc
This command defines the charging characteristics to be applied for CDR generation when the handling rules are applied via the Operator Policy feature.
Product
MME, SGSN, S-GW
Privilege
Security Administrator, Administrator
Syntax
cc { behavior-bit no-records bit_value | local-value behavior bit_value profile index_bit | prefer { hlr-hss-value | local-value } }
no cc behavior-bit no-records
remove cc { behavior-bit no-records | local-value | prefer }
no
Disables the charging characteristics configuration of behavior bit from this call control profile.
remove
Removes the configured charging characteristics from this profile.
behavior-bit no-records bit_value
Default: disabled
Specify that which behavior bit in charging characteristic is used to no accounting records will be generated. no-records to indicate which behavior bit in charging characteristics, means that no accounting records should be generated.
If we use a charging characteristics with the no-records bit set, then we won’t generate any accounting records, regardless of what may be configured elsewhere. Use “no” to indicate that there is no such bit.
bit_value must be an integer value from 1 through 12.
local-value behavior bit_value profile index_bit
Default: bit_value = 0x0
index_bit = 8
This keyword sets the call control profile to configure the value of the behavior bits and profile index for the charging characteristics when the HLR does not provide value for this.
If the HLR provides the charging characteristics with behavior bits and profile index and operator want to ignore it, then specify prefer local-value keyword with this command.
bit_value : Enter a hexadecimal value between 0x0 and 0xFFF.
index_bit : Enter an integer value from 1 through 15.
Some of the index values are predefined according to 3GPP standard:
1 for hot billing
2 for flat billing
4 for prepaid billing
8 for normal billing
prefer { hlr-hss-value | local-value }
Default: hlr-hss-value
Specifies preference for using charging characteristics settings received from HLR or HSS, or set by the SGSN or MME locally.
hlr-hss-value: Sets the call control profile to use charging characteristics settings received from HLR or HSS. This is the default preference.
local-value: Sets the call control profile to use charging characteristics settings from the SGSN or MME only. If no charging characteristics received from HLR then local value will be applicable.
Usage
Use this command to set the behavior for charging characteristic coming from either an HLR or locally from an SGSN.
These charging characteristics parameters are configurable from APN Profile configuration mode too. For generation of M-CDRs, the parameters configured in this mode, Call Control Profile configuration mode, will prevail but for generation of S-CDRs the parameters configured in the APN Profile configuration mode will prevail.
The first four bits of charging characteristics (use keyword profile) is for the charging trigger profile index and is used to select different charging trigger profiles.
The 12 behavior bits (with keyword local-value behavior) can to enable or disable the CDR generation.
Example
The following command specifies a rule not to use records for charging characteristics and to set behavior bit to 2:
cc behavior-bit no-records 2
 
check-zone-code
This command enables/disables the zone code checking mechanism.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
check-zone-code
no check-zone-code
remove check-zone-code
check-zone-code
Enables the mechanism.
no
Included with the command, this keyword disables the mechanism.
remove
Included with the command, this keyword calses the removal of the current check-zone-code configuration and returns to the SGSN to the default where zone-code checking is enabled.
Usage
Use this command to enable/disable the zone-code checking function.
Example
Disable checking of the zone code:
no check-zone-code
 
ciphering-algorithm-gprs
This command defines the order of preference of the ciphering algorithms.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
ciphering-algorithm-gprs priority priority algorithm
remove ciphering-algorithm-gprs priority priority
remove
Delete the priority definition.
priority priority
Sets the order in which the algorithm will be selected for use.
priority : Enter a digit from 1 to 8.
algorithm
Identifies the ciphering algorithm to be used.
algorithm : Enter one of the following: gea0, gea1, gea2, gea3.
Usage
Define the order in which the ciphering algorithms are chosen for use. The command can be repeated to provide multiple definitions -- multiple priorities.
Example
Define gea1 as the 3rd priority algorithm:
ciphering-algorithm-gprs priority 3 gea1
 
csfb
Configures circuit-switched fallback options.
Product
MME
Privilege
Administrator
Syntax
[ remove ] csfb { policy { not-allowed | sms-only } | sms-only }
remove csfb { policy | sms-only }
remove csfb { policy | sms-only }
sms-only: Removes the SMS-only restriction allowing the UE to request voice and short message service (SMS) support for circuit-switched fallback.
policy: Removes the configured policy
policy { not-allowed | sms-only }
not-allowed: Specifies that the circuit-switched fallback function is not allowed for both voice and SMS.
sms-only: Specifies that the circuit-switched fallback function only supports SMS.
sms-only
Specifies that the circuit-switched fallback function only supports SMS.
note_smallImportant: This is a legacy keyword that remains to support earlier versions of the code. It operates identically to the policy sms-only keyword.
Usage
Use this command to restrict the circuit-switched fallback function to SMS only or no support for either voice or SMS.
Example
The following command enforces the SMS-only functionality for UEs requesting circuit-switched fallback:
csfb policy sms-only
 
description
Set to a relevant descriptive string.
Product
MME, SGSN, S-GW
Privilege
Security Administrator, Administrator
Syntax
description description
no description
description
Enter an alphanumeric string of 1 to 100 alphanumeric characters. The string may include spaces, punctuation, and case-sensitive letters if the string is enclosed in double quotes ( “ ).
no
Removes the description from the call control profile.
Usage
Define information that identifies this particularly call control profile.
Example
description “call-control-profile handling incoming from CallTell”
 
diameter-result-code-mapping
Maps a EMM NAS cause code to map to a Diameter result code.
Product
MME
Privilege
Administrator
Syntax
diameter-result-code-mapping s6a diameter-error-rat-not-allowed mme-emm-cause { no-suitable-cell-in-tracking-area | roaming-not-allowed-in-this-tracking-area | tracking-area-not-allowed }
remove diameter-result-code-mapping s6a diameter-error-rat-not-allowed
remove diameter-result-code-mapping s6a diameter-error-rat-not-allowed
Removes the mapping.
s6a diameter-error-rat-not-allowed
Specifies the Diameter result code to which the EMM NAS cause code is mapped.
mme-emm-cause { no-suitable-cell-in-tracking-area | roaming-not-allowed-in-this-tracking-area | tracking-area-not-allowed }
Specifies the EMM NAS cause mapped to the Diameter result code.
no-suitable-cell-in-tracking-area: Specifies that the EMM NAS cause code “no suitable cell in tracking area” is to be mapped to the specified Diameter result code.
roaming-not-allowed-in-this-tracking-area: Specifies that the EMM NAS cause code “roaming not allowed in this tracking area” is to be mapped to the specified Diameter result code.
tracking-area-not-allowed: Specifies that the EMM NAS cause code “tracking area not allowed” is to be mapped to the specified Diameter result code.
Usage
Use this command to map a selected EMM NAS cause code to a specific Diameter result code.
Example
The following command maps the EMM NAS cause code “roaming not allowed in this tracking area” to the Diameter result code “S6a Diameter error RAT not allowed”:
diameter-result-code-mapping s6a diameter-error-rat-not-allowed mme-emm-cause roaming-not-allowed-in-this-tracking-area
 
direct-tunnel
This command allows direct tunneling if the direct tunneling is supported by destination node.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
direct-tunnel attempt-when-permitted
remove direct-tunnel
remove
Removes the configured setting from the call control profile.
attempt-when-permitted
Default: disabled.
Enables direct tunneling if the destination node allows it.
Usage
Use this command to enable the Direct-Tunnel feature.
To ensure that direct tunnel is fully configured for support by the SGSN, check the settings for direct-tunnel in
the APN profile -- from the Exec mode, use command: show apn-profile <profile_name> all
note_smallImportant: Direct tunneling must be enabled at both of these two points to allow direct tunneling for the MS/UE.
Example
The following command sets the configuration to instruct the SGSN to attempt to setup a direct tunnel if permitted at the destination node:
direct-tunnel attempt-when-permitted
 
dns-ggsn
Define the context to be used to do DNS lookup for GGSNs.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
dns-ggsn context ctxt_name
no dns-ggsn context ctxt_name
no
Removes the dns-ggsn configuration from this call control profile.
ctxt_name
Enter an alphanumeric string of 1 to 64 alphanumeric characters.
Usage
Use this command to define the context to be used to do DNS lookup to find the GGSN address.
Example
dns-ggsn context sgsn1
 
dns-sgsn
Identify the context to be used to do DNS to find an SGSN Address.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
[ no ] dns-sgsn context ctxt_name
no
Removes the dns-sgsn configuration from this call control profile.
ctxt_name
Enter an alphanumeric string of 1 to 64 alphanumeric characters.
Usage
Use this command to configure the context ID for the SGSN address that will be used to do the DNS lookup.
Example
dns-sgsn context sgsn1
 
dns-pgw
Define the context to be used to do DNS lookup for P-GWs.
Product
MME
Privilege
Security Administrator, Administrator
Syntax
[ remove ] dns-pgw context ctxt_name
remove
Deletes this definition from the call control profile.
ctxt_name
Enter an alphanumeric string of 1 to 64 alphanumeric characters.
Usage
Use this command to configure the context ID for the DNS lookup.
Example
dns-pgw context pgw1
 
dns-sgw
Define the context to be used to do DNS lookup for S-GWs.
Product
MME
Privilege
Security Administrator, Administrator
Syntax
[ remove ] dns-sgw context ctxt_name
remove
Deletes this definition from the call control profile.
ctxt_name
Enter an alphanumeric string of 1 to 64 alphanumeric characters.
Usage
Use this command to configure the context ID for the DNS lookup.
Example
dns-sgw context sgw1
 
encryption-algorithm-lte
Define the priorities for using the encryption algorithms.
Product
MME
Privilege
Administrator
Syntax
encryption-algorithm-lte priority1 128-eea { 0 | 1 | 2 } priority2 128-eea { 0 | 1 | 2 } priority3 128-eea { 0 | 1 | 2 }
remove encryption-algorithm-lte
remove
Deletes the priorities definition from the call control profile configuration.
priority1 128-eea { 0 | 1 | 2 }
Enter 0, 1, or 2 at the end of 128-eea to define the algorithm being given first priority.
priority2 128-eea { 0 | 1 | 2 }
Enter 0, 1, or 2 at the end of 128-eea to define the algorithm being given second priority.
priority3 128-eea { 0 | 1 | 2 }
Enter 0, 1, or 2 at the end of 128-eea to define the algorithm being given third priority.
Usage
Set the order or priority in which the MME will select a 128-EEA algorithm for use. All three priorities must be set or the definition is invalid. The command can be re-entered to change the priorities without removing the configuration.
Example
Configure 128-EEA2 as first priority encryption algorithm:
encryption-algorithm-lte priority1 128-eea2 priority2 128-eea0 priority3 128-eea1
 
encryption-algorithm-umts
Define the priorities for using the encryption algorithms.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
encryption-algorithm-umts { uea0 | uea1 | uea2 } [ then-uea# | then-uea# ]
no encryption-algorithm-lte
no
Deletes the priorities definition from the call control profile configuration.
uea0 | uea1 | uea2
Enter one of the three options to define the first priority algorithm.
then-uea# | then-uea#
If a second algorithm is to be included as an option, give it second priority. Enter 0, 1, or 2 at the end of then-uea to define the algorithm being given second priority.
then-uea#
If a third algorithm is to be included as an option, give it third priority. Enter 0, 1, or 2 at the end of then-uea to define the algorithm being given third priority.
Usage
Set the order or priority in which the SGSN will select a UEA algorithm for use. It is not necessary to define priorities for all three priority levels. The command can be re-entered to change the priorities without removing the configuration.
Example
Configure algorithm UEA2 as the first priority encryption algorithm with no others to be considered:
encryption-algorithm-umts uea2
 
end
Exits the configuration mode and returns to the Exec mode.
Product
MME, SGSN
Privilege
Security Administrator, Administrator
Syntax
end
 
equivalent-plmn
Configures the definition for an equivalent PLMNID and the preferred radio access technology (RAT).
Product
MME, SGSN, S-GW
Privilege
Security Administrator, Administrator
Syntax
equivalent-plmn radio-access-technology { 2G | 3g | 4g | any } plmnid mcc mcc_number mnc mnc_number priority priority
no equivalent-plmn radio-access-technology { 2G | 3g | any } plmnid mccmcc_number mnc mnc_number
no
Removes the equivalent-PLMN configuration from this call control profile.
radio_access_technology
Identify the RAT type of the equivalent PLMN:
2G: 2nd generation
3G: 3rd generation
4G: 4th generation
any: Any RAT
plmnid mccmcc_number mnc mnc_number
mcc: Specifies the mobile country code (MCC) portion of the PLMN’s ID. The number can be any integer between 100 and 999.
mnc: Specifies the mobile network code (MNC) portion of the PLMN’s ID. The number can be any integer between 00 and 999.
priority priority
Select an integer between 1 and 15 with the highest priority assigned to the integer of the lowest numeric value.
Usage
Use the command to identify an ‘equivalent PLMN’ and assign it a priority to define the preferred equivalent PLMN to be used. This command can be entered multiple times to set priorities of usage.
Example
Setup a secondary equivalent PLMN definition that allows for any RAT with a PLMN ID of MCC121.MNC767
equivalent-plmn radio_access_technology any plmnid mcc 121 mnc 767 priority 2
 
exit
Exits the configuration mode and returns to the previous configuration mode.
Product
MME, SGSN
Privilege
Security Administrator, Administrator
Syntax
exit
 
gmm information-in-messages
This command provides the configuration to include the information in messages for the GPRS mobility management (GMM) parameters.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
gmm information-in-messages access-type { { gprs | umts } [ network-name { full-text name | short-text name } | [ send-after { attach | rau } ] }
[ default | no ] gmm { information-in-messages access-type { gprs | umts }
no
Disables the GMM configuration from this call control profile.
default
Sets up a GMM configuration with system default values.
access-type
Must select one of the following options:
gprs - General Packet Radio Service network
umts - Universal Mobile Telecommunications System network
After selecting the access-type, an additional parameter can be configured:
network-name: identifies the network name in either short text or full text.
send-after: configures the information in message to send after attachment or Routing Area Update (RAU).
network-name { full-text name | short-text name }
This keyword provides the option to add the network name to the message. The network name will in full text or short text. Possible options are:
full-text name: Indicate the network name in full text
short-text name: Indicate the network name in short text
send-after{ attach | rau }
This keyword configures the information in message to send after attachment or RAU message. Possible options are:
attach: Information sent after attachment
rau: Information sent after routing area update
Usage
Use this command to configure identifying information about the network that will be included in GMM messages.
Example
default gmm information-in-messages access-type gprs
 
gmm retrieve-equipment-identity
This command configures the International Mobile Equipment Identity (IMEI) or software version (SV) retrieval and validation procedure.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
gmm retrieve-equipment-identity { imei | imeisv [ unciphered ] [ then-imei ] } [ verify-equipment-identity [ deny-greylisted ] ]
[ no | default ] gmm retrieve-equipment-identity
no
Disables the equipment identity retrieval procedure configured for this call control profile.
default
Sets the default action for equipment identity retrieval (EIR) procedure:
retrieve-equipment-identity : Default action is disabled - no retrieval of IMEI/IMEI-SV
verify-equipment-identity : Default action is disabled - no verification with Equipment Identity Register (EIR)
equipment-identity-type
Default: disabled
Indicates the type of equipment identification, with the possible values:
imei : International Mobile Equipment Identity
imeisv : International Mobile Equipment Identity - Software Version
imei
Indicates the equipment identity retrieval type to International Mobile equipment Identity (IMEI). IMEI is a unique 15 digit number consists of TAC (technical approval code), FAC (Final Assembly Code), SNR (Serial Number), and a check digit.
imeisv [ unciphered ] [ then-imei ]
Indicates the equipment identity retrieval type to IMEI with software version (SV). IMEI with SV becomes a unique 16 digit number consists of TAC (technical approval code), FAC (Final Assembly Code), SNR (Serial Number), and 2 digit software version number.
unciphered: This optional keyword enables the unciphered retrieval of IMEI-SV. If this option is enabled the retrieval procedure will get IMEISV (if auth is still pending, get as part of Authentication and Ciphering Response otherwise, via explicit Identification Request after Security Mode Complete).
then-imei: This optional keyword enables the retrieval of software version number before the IMEI. If this option is enabled the equipment identity retrieval procedure will get IMEISV on secured link (after Security mode procedure via explicit GMM Identification Request), and if MS is not having IMEISV (responded with NO Identity), SGSN will try to get IMEI.
If no other keyword is provided, imeisv will get IMEISV on secured link (after Security mode procedure via explicit GMM Identification Request).
verify-equipment-identity [ deny-greylisted ]
Default: disabled
This keyword enables the equipment identity validation and validates the equipment identity against EIR.
Usage
Use this command to enable and configure the procedures for mobile equipment identity retrieval and validation from the EIR identified in the MAP Service configuration mode.
Example
The following command enables the SGSN to send ‘check IMEI’ messages to the EIR:
gmm retrieve-equipment-identity imei verify-equipment-identity
 
gs-service
This command associates the context of a Gs service interface with this call control profile.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
gs-service gs_srvc_name context ctx_name
no gs-service svc_name
no
Removes/disassociates the named Gs service from the call control profile.
gs_srvc_name
Specifies the name of a specific Gs service for which to display information.
gs_srvc_name is the name of a configured Gs service and can be from 1 to 63 alpha and/or numeric characters and is case sensitive.
context ctx_name
Specifies the specific context name where Gs service is configured. If this keyword is omitted, the named Gs service must be exist in the same context as the GPRS/SGSN service.
ctx_name is name of the configured context of Gs service. This can be from 1 to 63 alpha and/or numeric characters and is case sensitive.
Usage
Use this command to associate a specific Gs service interface with this GPRS service instance.
note_smallImportant: A Gs service can be used with multiple SGSN and/or GPRS service.
Example
Following command associates a Gs service instance named stargs1, which is configured in context named star_ctx, with a call control profile:
gs-service stargs1 context star_ctx
 
gtp send
This command configures which information elements (IE) the SGSN sends in GTP messages. These are required by the GGSN.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
gtp send { imeisv [ derive-imeisv-from-imei ] | ms-timezone | rai | rat | uli }
remove gtp send { imeisv | ms-timezone | rai | rat | uli }
no gtp send
remove
Removes the specified GTP send definition from the system configuration.
no
Disables the specified GTP send configuration.
imeisv
Instructs the SGSN to include the IMEISV (international mobile equipment identity (and software version) of the mobile when sending GTP messages of the type “Create PDP Context Request”.
derive-imeisv-from-imei
This is a filter for the imeisv keyword. It allows the operator to configure the SGSN to send IMEI to the GGSN as IMEI-SV.
This filter instructs the SGSN to add four 1s (1111) to the final semi-octet of the CPCQ (Create PDP Context Request) message which enables the SGSN to deduce the IMEI-SV value from the IMEI. If this filter is used, then IMEI is also sent as IMEI-SV when the gmm retrieve-equipment-identity command is configured.
ms-timezone
Instructs the SGSN to include this IE in GTP messages of the type “Create PDP Request” and “Update PDP Context Request”. This IE specifies the offset between universal time and local time, where the MS currently resides, in steps of 15 minutes.
This IE is sent by default.
rai
This keyword configures the SGSN to include the RAI of the SGSN in the following situations:
rat
The RAT IE specifies which radio access technology (RAT) is being used by the MS (GERAN, UTRAN, or GAN). Including this keyword instructs the SGSN to include this IE when sending GTP messages of the type “Create PDP Request” and “Update PDP Context Request”.
This IE is sent by default.
uli
The ULI IE specifies the CGI (MCC, MNC, etc.) and SAI of the MS where it is registered. Including this keyword instructs the SGSN to include the IE when sending GTP messages of the type “Create PDP Request” and “Update PDP Context Request”.
This IE is not sent by default.
Usage
Use this command to define a preferred set of information to include when GTP messages are sent. Repeat this command multiple times to enable or disable multiple options. This instruction will be implemented when the specific operator policy and call control profile are applied.
Example
Following command series instructs the SGSN to send ULI and RAT in the GTP messages.
gtp send uligtp send rat
 
gtpu fast-path
This command enables/disables the network processing unit (NPU) Fast Path support for NPU processing of GTP-U packets of user sessions at the NPU.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
[ remove ] gtpu fast-path
remove
Removes the NPU fast path functionality configuration from the call control profile.
Usage
Use this command to enable/disable the NPU processed fast-path feature for processing of GTP-U data packets received from GGSN/RNC. This feature enhances the GTP-U packet processing by adding the ability to fully process and forward the packets through the NPU itself.
note_smallImportant: When enabled/disabled, fast-path processing will be applicable only to new subscriber who establishes a PDP context after issuing this command (enabling GTP-U fast path). No existing subscriber session will be affected by this command.
Example
Following command enables the NPU fast path processing for all new subscribers’ session established with this call control profile:
gtpu fast-path
 
gw-selection
This command configuration the parameters controlling the gateway selection process.
Product
MME
Privilege
Security Administrator, Administrator
Syntax
[ remove ] gw-selection { co-location | pgw weight | sgw weight | topology }
remove
Deletes the gw-selection definition from the call control profile.
co-location
Selects “co-location” as the determining factor for gateway selection.
pgw weight
Selects “PDN gateway” as the determining factor for gateway selection.
sgw weight
Selects “serving gateway” as the determining factor for gateway selection.
topology
Selects “topology” as the determining factor for gateway selection.
Usage
Use this command to define the criteria for gateway selection.
Example
The following command instructs the MME to determine gateway selection on the basis of topology:
gw-selection topology
 
integrity-algorithm-lte
Choose the order of preference for using an Integrity Algorithm.
Product
MME
Privilege
Administrator
Syntax
integrity-algorithm-lte priority1 { 128-eia0 | 128-eia1 | 128-eia2 } priority2 128-eia { 0 | 1 | 2 } priority3 128-eia { 0 | 1 | 2 }
remove integrity-algorithm-lte
remove
Deletes the priorities definition from the call control profile configuration.
priority1 128-eia { 0 | 1 | 2 }
Enter 0, 1, or 2 at the end of 128-eia to define the algorithm being given first priority.
priority2 128-eia { 0 | 1 | 2 }
Enter 0, 1, or 2 at the end of 128-eia to define the algorithm being given second priority.
priority3 128-eia { 0 | 1 | 2 }
Enter 0, 1, or 2 at the end of 128-eia to define the algorithm being given third priority.
Usage
Set the order or priority in which the MME will select an integrity algorithm for use. All three priorities must be set or the definition is invalid. The command can be re-entered to change the priorities without removing the configuration.
Example
Configure 128-EIA0 as first priority integrity algorithm:
integrity-algorithm-lte priority1 128-eia0 priority2 128-eia2 priority3 128-eia1
 
integrity-algorithm-umts
This command configures the order of preference for the Integrity Algorithm used for 3G.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
integrity-algorithm-umts type then_ type
default integrity-algorithm-umts
default
Creates a configuration defining an order of preference based on system defaults.
type
Enter one or more of the following options in the order of preference:
uia1 - uia1 Algorithm
uia2 - uia2 Algorithm
Usage
Use this command to determine which integrity algorithm is preferred 3G. This command is configured in tandem with the algorithm type for encryption-algorithm-umts command.
Example
default integrity-algorithm-umts
 
local-cause-code-mapping
Maps a selected cause code to the restricted zone code result.
Product
MME
Privilege
Administrator
Syntax
local-cause-code-mapping restricted-zone-code emm-cause-code { eps-service-not-allowed-in-this-plmn | no-suitable-cell-in-tracking-area | plmn-not-allowed | roaming-not-allowed-in-this-tracking-area | tracking-area-not-allowed }
remove local-cause-code-mapping restricted-zone-code
remove
Removes the configured cause code mapping.
restricted-zone-code
Specifies the event for which the cause code is returned.
emm-cause-code { eps-service-not-allowed-in-this-plmn | no-suitable-cell-in-tracking-area | plmn-not-allowed | roaming-not-allowed-in-this-tracking-area | tracking-area-not-allowed }
Specifies the EMM cause code to apply when a UE requests access to a restricted zone:
eps-service-not-allowed-in-this-plmn
no-suitable-cell-in-tracking-area
plmn-not-allowed
roaming-not-allowed-in-this-tracking-area
tracking-area-not-allowed
Usage
Use this command to configure the cause code returned when a UE requests access to a restricted zone.
Example
The following command maps the “PLMN not allowed” cause code to the restricted zone code event:
local-cause-code-mapping restricted-zone-code emm-cause-code plmn-not-allowed
 
location-area-list
Define the location area list to allow or restrict services in the specified location areas identified by location area code (LAC).
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
location-area-list instance instance area-code area_code [ area_code * ]
no location-area-list instance instance[ area-code area_code ]
no
If the area-code keyword is included in the command, then only the specified area code is removed from the identified list. If the area-code keyword is not included with the command then the entire list of LACs is removed from this call control profile.
instance instance
Specifies an identification for the specific location area list.
instance must be an integer between 1 and 5.
area-code area_code *
This keyword defines the location area codes (LACs) to be used by this call control profile as a determining factor in the handling of incoming calls. Multiple LACs can be defined in a single location-area-list.
area_code : Enter an integer between 1 and 65535.
* If desired, enter multiple LACs separated by a single blank space.
Usage
Use the command multiple times to configure multiple LAC lists or to modify the a list.
Example
The following command creates a location area list for a single area code:
location-area-list instance 1 area-code 514
This command creates a second location area list for with multiple area codes - all separated by a single blank space:
location-area-list instance 2 area-code 514 62552 32 1513
The next command corrects an area code mistake (327 not 32) made in the previous configuration:
location-area-list instance 1 area-code 514 62552 327 1513
lte-zone-code
Configures the enforcement of allowed or restricted zone code lists and associates an EMM cause code to rejected attach attempts.
Product
MME
Privilege
Administrator
Syntax
lte-zone-code [ allow | restrict } { emm-cause-code { eps-service-not-allowed-in-this-plmn | no-suitable-cell-in-tracking-area | plmn-not-allowed | roaming-not-allowed-in-this-tracking-area | tracking-area-not-allowed ] zone-code-list zc_id +
remove lte-zone-code zone-code-list
remove
Removes the zone code list from the call control profile.
allow | restrict
Specifies whether the zone code list is allowed or restricted.
note_smallImportant: You can only create an allowed or restricted list, not both.
emm-cause-code [ eps-service-not-allowed-in-this-plmn | no-suitable-cell-in-tracking-area | plmn-not-allowed | roaming-not-allowed-in-this-tracking-area | tracking-area-not-allowed ]
Optionally, specify one of the following EMM cause codes to apply when a UE request is rejected:
eps-service-not-allowed-in-this-plmn
no-suitable-cell-in-tracking-area
plmn-not-allowed
roaming-not-allowed-in-this-tracking-area
tracking-area-not-allowed
zone-code-list zc_id +
Specifies the zone code in the allowed or restricted list of zone codes. zone_code must be an integer value from 0 to 65535.
Usage
Use this command to create zone code lists that allow or restrict access to UEs managed by this call control profile.
Example
The following command restricts access to zone codes 234 and 456 and returns an EMM cause code of “ tracking area not allowed”:
lte-zone-code restrict emm-cause-code tracking-area-not-allowed zone-code-list 234 456
 
map
Use this command to configure the optional extensions to MAP messages.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
[ remove ] map message update-gprs-location [ imeisv | private-extension access-type ]
remove
IMEI-SV is not included in the GLU request -- this is the default behavior.
update-gprs-location
Includes an GLU message. This keyword-set is required.
imeisv
Default: disabled
Specifies the International Mobile equipment Identity-Software Version (IMEI-SV) information to include in GPRS Location Update (GLU) request message. SGSN will include IMEI-SV if available in message.
private-extension access-type
Include specific access-type private extension in the message.
Usage
This command configures optional extensions to MAP messages. The HLR should ignore these extensions if not supported by the HLR.
Example
map message update-gprs-location private-extension access-type
 
map-service
This command identifies a MAP service and the context which contains it and associates both with the call control profile.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
map-service context ctxt_name service map_srvc_name
no map-service context
no
Disables use of MAP service with this call control profile.
ctxt_name
Enter an alphanumeric string of 1 to 64 alphanumeric characters.
map_srvc_name
Enter an alphanumeric string of 1 to 64 alphanumeric characters.
Usage
Use this command to enable or disable MAP service with this call control profile.
Example
no map-service context
 
max-bearers-per-subscriber
Define the maximum number of bearers allowed per subscriber.
Product
MME
Privilege
Security Administrator, Administrator
Syntax
max-bearers-per-subscriber number
remove max-bearers-per-subscriber
remove
Deletes the definition from the call control profile.
number
Identifies the maximum number of bearers allowed per subscriber.
number : Enter an integer from 1 to 11.
Usage
Use this command to set the maximum number of bearers allowed per subscriber.
Example
Set the maximum to 3:
max-bearers-per-subscriber 3
 
max-pdns-per-subscriber
Define the maximum number of PDNs allowed per subscriber.
Product
MME
Privilege
Security Administrator, Administrator
Syntax
max-pdns-per-subscriber number
remove max-pdns-per-subscriber
remove
Deletes the definition from the call control profile.
number
Identifies the maximum number of PDNs allowed per subscriber.
number : Enter an integer from 1 to 11.
Usage
Use this command to set the maximum number of PDNs allowed per subscriber.
Example
Set the maximum to 4:
max-PDNs-per-subscriber 4
 
network-feature-support-ie
This command configures support for IMS Voice over PS information element (IE) as part of the MME (Network) Feature Support.
Product
MME
Privilege
Administrator
Syntax
network-feature-support-ie ims-voice-over-ps
remove network-feature-support-ie
remove
Disables support for Voice over PS.
ims-voice-over-ps
Enables support for Voice over PS.
Usage
Use this command to enable Voice over PS which “switches on” an IE in a message sent by the MME indicating the features it supports.
Example
The following command enables Voice over PS on the MME:
network-feature-support-ie ims-voice-over-ps
 
network-initiated-pdp-activation
This command configures the call control profile to perform two functions: (1) to enable or disable network-requested PDP context activation (NRPCA) for 3G attachments and (2) to define a failure cause code for inclusion in NRPCA-related reject messages.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
[ remove ] network-initiated-pdp-activation { allow primary | restrict primary } access type { gprs | umts } { all | location-area-list instance <instance> }
network-initiated-pdp-activation primary access type { gprs | umts } { all | location-area-list instance <instance> } failure-codecode
remove
Including this keyword with the command, removes all configured values for the specified configuration.
allow
Allows network-initiated PDP context activation. This keyword must be followed by other parameters to indicate the limitations for allowing the NRPCA.
Allow is the default for NRPCA.
restrict
Restricts network-initiated PDP context activation. This keyword must be followed by other command parameters to indicate the limitations for restricting the NRPCA.
primary
Specifies that only network-initiated primary PDP context activations are to be allowed.
secondary
note_smallImportant: The secondary keyword is visible and can be selected, however, secondary NRPCA functionality is in development and currently this keyword is not supported for configuration.
all
Configures the SGSN to allow or to restrict NRPCA for calls within all location areas.
location-area-list instance instance
Selects a pre-defined list of location area codes (LACs) and allows/restricts the NRPCA procedure for calls within the listed area codes.
instance: Enter a list ID; an integer between 1 and 5.
note_smallImportant: Before using this keyword, ensure that the appropriate LAC information has been defined with the location-area-list command, also in this configuration mode.
failure-codes code
Enter an integer from 192 to 226 to identify the GTPP failure cause code (from 3GPP TS29.060, listed below) to be included in the reject messages when NRPCA is restricted. If a failure cause code is not defined, the default value is 200 (service not supported).
Usage
Use this command to allow or restrict network-requested PDP context activation (NRPCA) based on access-type and location areas. NRPCA is used when there is downlink data at the GGSN for a subscriber, but there is no valid context for the already-established PDP address so the GGSN initiates an NRPCA procedure towards the SGSN.
This command can also be used to define the failure cause code that will be included in activation reject messages.
These commands can be repeated to define a unique set of NRPCA parameters for each access-type and each location area list.
The T3385-timeout and the max-actv-retransmission timers configure the retransmission timer and the number of retries for PDP context activation requests. Both of these timers are set in the SGSN service configuration mode.
The configuration for NRPCA can be viewed via the show call-control-profile full name profile_name. Statistics associated with NRPCA can be seen via the show gmm-sm statistics output and via the show sgtpc statistics verbose output.
Example
Change the failure code for Reject messages from 200 (service not supported) to 205 (roaming restriction) for primary NRPCA for all GRPS access and all LACs:
network-initiated-pdp-activation primary access-type gprs all failure-code 205
Enable network-initiated primary PDP context activation for UMTS calls from the LACs in location-area-list 1:
network-initiated-pdp-activation allow primary access-type umts location-area-list instance 1
Restrict network-initiated primary PDP context activation for UMTS calls from the LACs in location-area-list 2:
network-initiated-pdp-activation restrict primary access-type umts location-area-list instance 2
 
override-arp-with-ggsn-arp
This command enables the SGSN to configure whether or “not” to negotiate or to override an ARP value received from a GGSN.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
[ remove ] override-arp-with-ggsn-arp
remove
Adding the remove keyword to the command disables the override feature.
Usage
This command configures the SGSN to negotiate or change or "not" to negotiate or change the value of the ARP received from the GGSN. This configuration of the SGSN will allow the ARP sent by the GGSN, in CPCR / UPCR / UPCQ, to be applicable as an overriding value.
Example
Use this command to configure the SGSN to negotiate the ARP to be used as an overriding value:
override-arp-with-ggsn-arp
 
pdp-activate access-type
This command configures the PDP context activation option based the type of access technology.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
pdp-activate access-type { grps | umts } { all | location-area-list instance instance } failure-code failure_code
default pdp-activate access-type { grps | umts } { all | location-area-list instance instance } failure-code code
default
Resets the configuration to system default values for PDP context activation request.
access-type { grps | umts }
Specifies the access technology type for PDP context activation.
gprs: Enables access type as GPRS.
umts: Enables access type as UMTS.
all
Default: allow
Configures the system to allow to create all PDP context activation request from MS.
location-area-list instance instance
Specifies the location area instance to create PDP context.
instance must be an integer from 1 through 5. The value must be an already defined instance of a LAC list created with the location-area-list command.
failure-code code
Default: 8
Specifies the failure code for PDP context activation.
code must be an integer from 8 through 112.
Usage
Use this command to configure this call control profile to allow GPRS/UMTS access through PDP context activation request from MS.
Example
Following command configures the system to create the PDP context for request from MS for GPRS access type with location area list instance 2 and failure-code 45.
pdp-activate access-type gprs location-area-list 2 failure-code 45
 
pdp-activate allow
This command configures the system to allow the PDP context activation based on the type of access technology.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
[ no ] pdp-activate allow access-type { grps | umts } location-area-list instance instance
no
Removes the configured permission to create PDP context on request of PDP context activation from MS for an access type.
access-type { grps | umts }
Specifies the access technology type for PDP context activation.
gprs: Enables access type as GPRS.
umts: Enables access type as UMTS.
location-area-list instance instance
Specifies the location area instance to create PDP context.
instance must be an integer from 1 through 5. The value must be an already defined instance of a LAC list created with the location-area-list command.
Usage
Use this command to configure this call control profile to allow GPRS/UMTS access through PDP context activation request from MS.
Example
Following command configures the system to allow the PDP context activation for GPRS access type with location area list instance 2.
pdp-activate allow access-type gprs location-area-list instance 2
 
pdp-activate restrict
This command configures the system to restrict the PDP context activation based on the type of access technology.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
[ no ] pdp-activate restrict { { access-type { grps | umts } { all | location-area-list instance instance } | secondary-activation { access-type { grps | umts } { all | location-area-list instance instance } } }
no
Removes the configured restriction on PDP context activation through this command.
access-type { grps | umts }
Specifies the access technology type to restrict PDP context activation.
gprs: Enables access type as GPRS.
umts: Enables access type as UMTS.
all
Default: allow
Configures the system to restrict all PDP context activation requests from the MS.
location-area-list instance instance
Specifies the location area instance to restrict PDP context activation.
list_id must be an integer from 1 through 5. The value must be an already defined instance of a LAC list created with the location-area-list command.
secondary-activation
Specifies the type of PDP context to restrict for secondary activation. This keyword restricts the system to create the secondary PDP context on receiving the PDP Context Activation Request from the MS.
Usage
Use this command to configure this call control profile to restrict GPRS/UMTS access through PDP context activation request from MS.
Example
Following command configures the system to restrict the PDP context activation for request from MS to access GPRS service with location area list instance 2.
pdp-activate restrict access-type gprs location-area-list instance 2
plmn-protocol
Configure the protocol supported by the PLMN.
Product
MME
Privilege
Security Administrator, Administrator
Syntax
plmn-protocol plmnid mcc mcc_num mnc mnc_num { s5-protocol | s8-protocol } { gtp | pmip }
remove plmn-protocol plmnid mcc mcc_num mnc mnc_num
remove
Deletes the definition from the call control profile configuration.
mcc mcc_num mnc mnc_num
Identifies the PLMN by MCC (mobile country code) and MNC (mobile network code).
mcc_num: Enter a 3-digit integer from 100-999.
mnc_num: Enter a 2-digit or 3-digit integer from 00 to 999.
s5-protocol | s8-protocol
Select which protocol - S5 or S8 - that controls the identified PLMN.
gtp | pmip
Select the protocol variant - GTP or PMIP - that controls functionality for the identified PLMN.
Usage
Use this command to identify a particular PLMN and, at a higher level, its operational characteristics.
Example
With this command, you would be instructing the MME to use PLMN MCC423.MNC40.GPRS with PMIP under S8 Protocol:
plmn-protocol plmnid mcc423 mnc 40 s8-protocol pmip
 
ptmsi-reallocate
Define P-TMSI reallocation for Attach Requests, RAU Request, and Service Requests.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
ptmsi-reallocate { attach | frequency frequency | interval interval | routing-area-update [ update-type ] | service-request [ service-type ] } [ access-type { gprs | umts } ]
ptmsi-reallocate routing-area-update [ access-type { gprs | umts } | frequency frequency | update-type { combined-update | imsi-combined-update | periodic | ra-update } [ access-type { gprs | umts } | frequency frequency ] ]
ptmsi-reallocate service-request [ frequency frequency | service-type { data | page-response | signaling } [ frequency frequency ] ]
[ no | remove ] ptmsi-reallocate { attach | frequency | interval | routing-area-update [ update-type { combined-update | imsi-combined-update | periodic | ra-update } [ access-type { gprs | umts } ] ] | service-request [ service-type { data | page-response | signaling } ] } [ access-type { gprs | umts } ]
no
Disables the authentication procedures configured for the specified P-TMSI reallocation configuration in the call control profile.
remove
Deletes the defined authentication procedures for the specified P-TMSI reallocation configuration from the call control profile configuration file.
attach
Enables/disables P-TMSI reallocation for Attach with local P-TMSI.
note_smallImportant: IMSI or inter-SGSN Attach is not configurable and will always be reallocated.
access-type type
One of the following must be selected to reallocate on the basis of the type of network access:
This keyword can be used in combination with other keywords to refine the reallocation configuration.
frequency frequency
Defines 1-in-N selective reallocation. If the frequency is set for 12, then the SGSN skips reallocation for the first 11 messages and reallocates on receipt of the 12th request message.
frequency must be an integer from 1 to 50.
This keyword can be used in combination with other keywords to refine the reallocation configuration.
interval minutes
Enter an integer between 1 and 1440 to define the time interval (in minutes) for skipping the service/RAU/attach request message procedure.
routing-area-update [ update-type ]
Enables/disables P-TMSI reallocation for RAU (routing area update) with local P-TMSI. To refine the reallocation configuration, include one of the optional types of updates to limit reallocation:
note_smallImportant: Inter-SGSN RAU will always be reallocated.
service-request [ service-type ]
Enables/disables P-TMSI reallocation for Service Requests. To refine the Service-Request reallocation configuration, include on of the optional service-types to limit the reallocation:
Usage
By default, reallocation is not enabled. Use this command to enable P-TMSI reallocation for Attach Requests, RAU Request, and Service Requests. Finetune the reallocation configuration according to frequency, interval, or access-type.
Example
Configure the SGSN to perform P-TMSI reallocation upon receiving 2G Attach Requests
ptmsi-reallocate attach access-type gprs
Configure the SGSN to disable all previously defined P-TMSI reallocations based on the combined criteria of interval and 3G requests:
no ptmsi-reallocate interval access-type umts
 
ptmsi-signature-reallocate
Enable P-TMSI signature reallocation during Attach/RAU procedures.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
ptmsi-signature-reallocate { attach | frequency frequency | interval interval | ptmsi-reallocation-command | routing-area-update [ update-type ] } [ access-type { gprs | umts } | frequency frequency ]
ptmsi-signature-reallocate routing-area-update [ access-type { gprs | umts } | frequency frequency | update-type { combined-update | imsi-combined-update | periodic | ra-update } ] [ access-type { gprs | umts } | frequency frequency ]
[ no | remove ] ptmsi-signature-reallocate { attach | frequency | interval | routing-area-update [ update-type { combined-update | imsi-combined-update | periodic | ra-update } ] } [ access-type { gprs | umts } ]
no
Disables the authentication procedures configured for the specified P-TMSI signature reallocation configuration in the call control profile.
remove
Deletes the defined authentication procedures for the specified P-TMSI signature reallocation configuration from the call control profile configuration file.
attach
Enables/disables P-TMSI signature reallocation for Attach with local P-TMSI.
access-type type
One of the following must be selected to reallocate on the basis of the type of network access:
This keyword can be used in combination with other keywords to refine the reallocation configuration.
frequency frequency
Defines 1-in-N selective reallocation. If the frequency is set for 12, then the SGSN skips reallocation for the first 11 messages and reallocates on receipt of the 12th request message.
frequency must be an integer from 1 to 50.
This keyword can be used in combination with other keywords to refine the reallocation configuration.
interval minutes
Enter an integer between 1 and 1440 to define the time interval (in minutes) for skipping the service/RAU/attach request message procedure before performing a P-TMSI signature reallocation.
ptmsi-reallocation-command
Includes P-TMSI signature reallocation as a part of the P-TMSI reallocation configuration.
routing-area-update [ update-type ]
Enables/disables P-TMSI signature reallocation for RAU (routing area update) with local P-TMSI. To refine the reallocation configuration, include one of the optional types of updates to limit reallocation:
Usage
By default, P-TMSI signature reallocation is disabled. This command allows the operator to configure when the P-TMSI signature is reallocated.
Example
Use the following to configure the SGSN to reallocate the P-TMSI signature for every 3rd UMTS attach procedure:
ptmsi-signature-reallocate attach frequency 3 access-type umts
Use the following to configure the SGSN to reallocate the P-TMSI signature for every 7th GPRS periodic RAU procedure:
ptmsi-signature-reallocate routing-area-update uupdate-type periodic frequency 7 access-type gprs
Remove all configuration instances for reallocating the P-TMSI signature based on intervals and UMTS access:
remove ptmsi-signature-reallocate interval access-type umts
 
qos
Configure quality of service parameters to be applied.
Product
MME
Privilege
Security Administrator, Administrator
Syntax
[ remove ] qos { gn-gp | ue-ambr }
qos gn-gp { arp high-priority priority medium-priority priority | pre-emption { capability { may-trigger-pre-emption | shall-not-trigger-pre-emption } | vulnerability { not-pre-emptable | pre-emptable }
qos ue-ambr max-ul mbr_up max-dl mbr_dl
remove
Deletes the configuration from the call control profile.
gn-gp
Configures Gn-Gp pre-release 8 ARP and pre-emption parameters.
arp
Maps usage of ARP (address retention protocol) high-priority (H) and medium-priority (M):
high-priority priority : Enter an integer from 1 to 13.
medium-priority priority : Enter an integer from 2 to 14.
pre-emption
Defines the pre-emption/vulnerability criteria for PDP Contexts imported from SGSN on Gn/Gp:
may-trigger-pre-emption : PDP Contexts imported from Gn/Gp SGSN may preempt existing bearers.
shall-not-trigger-pre-emption : PDP Contexts imported from Gn/Gp SGSN shall not preempt existing bearers.
not-pre-emptable : PDP Contexts imported from Gn/Gp SGSN are not vulnerable to pre-emption.
pre-emptable : PDP Contexts imported from Gn/Gp SGSN are vulnerable to pre-emption.
ue-ambr
Configures the aggregate maximum bit rate that will be stored on the UE (user equipment).
max-ul mbr-up : Defines the maximum bit rate for uplink traffic.
mbr-up : Enter a value from 0 to 1410065408.
max-dl mbr-up : Defines the maximum bit rate for downlink traffic.
mbr-up : Enter a value from 0 to 1410065408.
Usage
Use this command to configure the MME QoS parameters for the call control profile.
Example
qos gn-gp arp high-priority 2 medium-priority 3
 
rau-inter
Define acceptable procedure for inter-SGSN routing area updates.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
rau-inter access-type { all | location-area-list instance instance } { failure-code fail_code | user-device-release { before-r99 } { failure-code fail_code | r99-or-later } { failure-code fail_code } }
default rau-inter access-type { all | location-area-list instance instance} user-device-release { before-r99 failure-code | r99-or-later failure-code }
no rau-inter { allow access-type | restrict access-type } { [ all ] failure-code fail_code | location-area-list instance instance }
default rau-inter { allow access-type | restrict access-type } { [ all ] failure-code fail_code | location-area-list instance instance } }
no
Including ‘no’ as part of the command structure disables the values already configured for parameters specified in the command.
default
Resets the configuration of specified parameters to system default values.
allow access-type
Including this keyword-set with one of the following options, configures the SGSN to allow MS/UE with the identified access-type extension to be part of the intra-RAU procedure.
gprs - General Packet Radio Service
umts - Universal Mobile Telecommunications System
restrict access-type
Including this keyword-set with one of the following options, configures the SGSN to restrict MS/UE with the identified access-type extension from the inter-RAU procedure.
gprs - General Packet Radio Service
umts - Universal Mobile Telecommunications System
all
all - adding this option to the keyword determines that the failure cause code will be applicable to all location areas.
location-area-list instance instance
list_id must be an integer between 1 and 5. The value must be an already defined instance of a LAC list created with the location-area-list command.
failure-code fail-code
Specify a GMM failure cause code to identify the reason an inter SGSN RAU does not occur. This GMM cause code will be sent in the reject message to the MS.
fail-code must be an integer from 2 to 111. Refer to the GMM failure cause codes listed below (information has been taken from section 10.5.5.14 of the 3GPP TS 124.008 v7.2.0 R7):
user-device-release { before-r99 | r99-or-later } failure-code code
Default: Disabled
Enables the SGSN to reject an Inter-RAU procedure based on the detected 3GPP release version of the MS equipment and selectively send a failure cause code in the reject message. The SGSN uses the following procedure to implement this configuration:
1.
2.
3.
4.
One of the following options must be selected and completed:
before-r99 : Indicates the MS would be a 3GPP release prior to R99 and an appropriate failure code should be defined.
failure-code code : Enter an integer from 2 to 111.
r99-or-later : Indicates the MS would be a 3GPP Release 99 or later and an appropriate failure code should be defined.
failure-code code : Enter an integer from 2 to 111.
Usage
Use this command to configure the restrictions and function of the inter-RAU procedure.
Example
default rau-inter allow access-type gprs location-area-list instance 1
 
rau-inter-plmn
Enable/disable restriction of all RAUs occurring between different PLMNs.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
rau-inter-plmn access-type { all | location-area-list instance instance } { failure-code fail_code | user-device-release { before-r99 } failure-code fail_code | r99-or-later } { failure-code fail_code } }
default rau-inter-plmn access-type { all | location-area-list instance instance} user-device-release { before-r99 failure-code | r99-or-later failure-code }
[ no ] rau-inter-plmn { restrict | allow } access-type { gprs | umts } { all | location-area-list instance instance }
[ no ] rau-inter-plmn { allow access-type | restrict access-type } { [ all ] failure-code fail_code | location-area-list instance instance }
default rau-inter { allow access-type | restrict access-type } { [ all ] failure-code fail_code | location-area-list instance instance } }
no
Including ‘no’ as part of the command structure disables the values already configured for parameters specified in the command.
default
Resets the configuration of specified parameters to system default values.
allow access-type
Including this keyword-set with one of the following options, configures the SGSN to allow MS/UE with the identified access-type extension to be part of the intra-RAU procedure.
gprs - General Packet Radio Service
umts - Universal Mobile Telecommunications System
restrict access-type
Including this keyword-set with one of the following options, configures the SGSN to restrict MS/UE with the identified access-type extension from the inter-RAU procedure.
gprs - General Packet Radio Service
umts - Universal Mobile Telecommunications System
all
all - adding this option to the keyword determines that the failure cause code will be applicable to all location areas.
location-area-list instance instance
list_id must be an integer between 1 and 5. The value must be an already defined instance of a LAC list created with the location-area-list command.
failure-code fail-code
Specify a GMM failure cause code to identify the reason an inter SGSN RAU does not occur. This GMM cause code will be sent in the reject message to the MS.
fail-code must be an integer from 2 to 111. Refer to the GMM failure cause codes listed below (information has been taken from section 10.5.5.14 of the 3GPP TS 124.008 v7.2.0 R7):
user-device-release { before-r99 | r99-or-later } failure-code code
Default: Disabled
Enables the SGSN to reject an Inter-RAU procedure based on the detected 3GPP release version of the MS equipment and selectively send a failure cause code in the reject message. The SGSN uses the following procedure to implement this configuration:
1.
2.
3.
4.
One of the following options must be selected and completed:
before-r99 : Indicates the MS would be a 3GPP release prior to R99 and an appropriate failure code should be defined.
failure-code code : Enter an integer from 2 to 111.
r99-or-later : Indicates the MS would be a 3GPP Release 99 or later and an appropriate failure code should be defined.
failure-code code : Enter an integer from 2 to 111.
Usage
Use this command to configure the restrictions and function of the inter-RAU procedure occurring across RNCs or BSSs where the PLMN changes. For example:
Example
default rau-inter allow access-type gprs location-area-list instance 1
 
rau-intra
Define acceptable procedure for intra-SGSN Routing Area Updates
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
rau-intra access-type { all | location-area-list instance instance } { failure-code fail_code | user-device-release { before-r99 } { failure-code fail_code | r99-or-later } { failure-code fail_code } }
default rau-intra access-type { all | location-area-list instance instance} user-device-release { before-r99 failure-code | r99-or-later failure-code }
rau-intra { allow access-type | restrict access-type } { [ all ] failure-code fail_code | location-area-list instance instance } }
no rau-intra { allow access-type | restrict access-type } { [ all ] failure-code fail_code | location-area-list instance instance }
default rau-intra { allow access-type | restrict access-type } { [ all ] failure-code fail_code | location-area-list instance instance } }
no
Including ‘no’ as part of the command structure disables the values already configured for parameters specified in the command.
default
Resets the configuration of specified parameters to system default values.
allow access-type
Including this keyword-set with one of the following options, configures the SGSN to allow MS/UE with the identified access-type extension to be part of the intra-RAU procedure.
gprs - General Packet Radio Service
umts - Universal Mobile Telecommunications System
restrict access-type
Including this keyword-set with one of the following options, configures the SGSN to restrict MS/UE with the identified access-type extension from the intra-RAU procedure.
gprs - General Packet Radio Service
umts - Universal Mobile Telecommunications System
all
all - adding this option to the keyword determines that the failure cause code will be applicable to all location areas.
location-area-list instance instance
list_id must be an integer between 1 and 5. The value must be an already defined instance of a LAC list created with the location-area-list command.
failure-code fail-code
Specify a GMM failure cause code to identify the reason an inter SGSN RAU does not occur. This GMM cause code will be sent in the reject message to the MS.
fail-code must be an integer from 2 to 111. Refer to the GMM failure cause codes listed below (information has been taken from section 10.5.5.14 of the 3GPP TS 124.008 v7.2.0 R7):
user-device-release { before-r99 | r99-or-later } failure-code code
Default: Disabled
Enables the SGSN to reject an Intra-RAU procedure based on the detected 3GPP release version of the MS equipment and selectively send a failure cause code in the reject message. The SGSN uses the following procedure to implement this configuration:
1.
2.
3.
4.
One of the following options must be selected and completed:
before-r99 : Indicates the MS would be a 3GPP release prior to R99 and an appropriate failure code should be defined.
failure-code code : Enter an integer from 2 to 111.
r99-or-later : Indicates the MS would be a 3GPP Release 99 or later and an appropriate failure code should be defined.
failure-code code : Enter an integer from 2 to 111.
Usage
Use this command to configure the restrictions and function of the intra-RAU procedure.
Example
default rau-intra allow access-type gprs location-area-list instance 1
 
re-authenticate
Enable or disable the re-authentication feature. This command is available in releases 8.1 and higher.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
re-authenticate [ access-type { gprs | umts } ]
remove re-authenticate
remove
Including this keyword with the command disables the feature. The feature is disabled by default.
access-type
Defines the type of access to be allowed or restricted.
If this keyword is not included, then both access types are allowed by default.
Usage
Use this command to enable or disable the re-authentication feature, which instructs the SGSN to retry authentication with another RAND in situations where failure of the first authentication has occurred. To address the introduction of new SIM cards, for security reasons a systematic "last chance" authentication retry with a fresh Authentication Vector is needed, particularly in cases where there is an SRES mismatch at authentication.
Example
re-authenticate
 
regional-subscription-restriction
This command enables the operator to define the cause code for subscriber rejection when it is due to regional subscription information failure.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
[ remove ] regional-subscription-restriction [ failure-code code | user-device-release { before-r99 failure-code code | r99-or-later failure-code code } ]
remove
This keyword causes the configuration to be deleted from the call control profile configuration.
failure-code cause_code
cause_code: Enter an integer from 2 to 111; default code is 13 (roaming not allowed in this location area (LA).
Refer to the GMM failure cause codes listed below (information has been taken from section 10.5.5.14 of the 3GPP TS 124.008 v7.2.0 R7):
user-device-release { before-r99 | r99-or-later } failure-code code
Enables the SGSN to assign a reject cause code based on the detected 3GPP release version of the MS equipment.
One of the following options must be selected and completed:
before-r99 : Indicates the MS would be a 3GPP release prior to R99 and an appropriate failure code should be defined.
failure-code code : Enter an integer from 2 to 111. Refer to the list above.
r99-or-later : Indicates the MS would be a 3GPP Release 99 or later and an appropriate failure code should be defined.
failure-code code : Enter an integer from 2 to 111. Refer to the list above.
Usage
Use this command to define GMM reject cause codes when rejection is due to regional subscription information failure.
Example
Operator prefers a location area rejection message, code 12 to be used for regional restirction rejections:
regional-subscription-restriction failure-code 12
 
reuse-authentication-triplets
Creates a configuration entry to enable or disable the reuse of authentication triplets in the event of a failure.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
[ no | remove } reuse-authentication-triplets no-limit
no
Disables this configuration entry and disables reuse of authentication triplets.
remove
This keyword causes the reuse configuration to be deleted from the call control profile configuration.
This is the default behavior. Triplets are reused.
no-limit
This keyword enables reuse triplets as needed.
Usage
Use this command to enable reuse of authentication triplets.
Example
reuse-authentication-triplets no limit
 
rfsp-override
Configure RAT frequency selection priority override parameters for this call control profile.
Product
MME
Privilege
Security Administrator, Administrator
Syntax
rfsp-override { default | ue-val value new-val value + }
remove rfsp-override { default | ue-val value
remove
Deletes the rfsp-override configuration from the call control profile.
default
Restores the default value assigned.
ue-val value
Assign the UE value for the RAT frequency selection priority.
value: Enter an integer from 1 to 256.
new-val value
Assign a new value for the RAT frequency selection priority.
value: Enter an integer from 1 to 256.
Usage
Use this command to configure the RAT frequency selection priority override parameter.
Multiple UE value/new value combinations can be configured.
Example
Reset the default value for the RAT frequency selection priority override function:
rfsp-override default
 
s1-reset
Configure behavior of user equipment (UE) on S1-reset.
Product
MME
Privilege
Security Administrator, Administrator
Syntax
s1-reset { detach-ue | idle-mode-entry }
default s1-reset
default
Reset the profile configuration to the system default of idle-mode-entry.
detach-ue
Upon S1-reset the MME will detach the UE.
idle-mode-entry
Upon S1-reset the MME will move the UE to idle-mode. This is the default setting for this command.
Usage
Use this command to set the MME’s reactions to an S1-reset.
Example
Configure the MME to put the UE into idle-mode upon receipt of S1-reset:
s1-reset idle-mode-entry
 
sctp-down
Configure behavior towards UE (user equipment) when SCTP goes down.
Product
MME
Privilege
Security Administrator, Administrator
Syntax
sctp-down { detach-ue | idle-mode-entry }
default sctp-down
default
Reset the profile configuration to the system default when SCTP layer goes down. The default for this command is idle-mode-entry.
detach-ue
When SCTP goes down, the MME will detach the UE.
idle-mode-entry
When the SCTP goes down, the MME will move the UE to idle-mode. This is the default for this command.
Usage
Use this command to set the MME’s reactions when the SCTP goes down.
Example
Configure the MME to put the UE into idle-mode when the SCTP layer goes down:
sctp-down idle-mode-entry
 
sgsn-address
Use this command to define the SGSN addresses for the static SGSN address table for peer SGSNs.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
sgsn-address rac rac-id lac lac_id [ nri nri ] prefer { fallback-for-dns address { ipv4 ip_address | ipv6 ip_addess } | local address { ipv4 ip_address | ipv6 ip_address } }
no sgsn-address { ipv4 ip_address | ipv6 ip_addess } rac rac_id lac lac_id
no
Disables the SGSN address configuration for the designated IP address.
rac rac_id
rac_id identifies foreign RAC of the peer SGSN address to be configured in the static peer SGSN address table.
rac_id must be an integer from 1 to 255.
lac lac_id
lac_id identifies foreign LAC of the peer SGSN address to be configured in the static peer SGSN address table.
lac_id must be an integer from 1 to 65535.
nri nri
nri identifies the network resource identifier stored in PTMSI (bit 17 to bit 23).
nri must be an integer from 0 to 63.
prefer
Indicate the preferred source of the address to be used.
fallback-for-dns - instructs the SGSN to do a DNS query to get the address.
local - instructs the system to use the local address present in the configuration.
address ip_address
ipv4 - enter a valid address in IPv4 standard notation.
ipv6 - enter a valid address in IPv6 standard notation.
 
sgsn-core-nw-interface
This command is under development and not yet supported for configuration.
Product
SGSN
Privilege
Security Administrator, Administrator
 
sgsn-number
Define the SGSN’s E.164 number to be used for interactions via the MAP protocol.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
sgsn-number E164_number
no sgsn-number
no
Disables the use of this configuration definition.
E164_number
Enter a string of 1 to 16 digits to identify the SGSN’s E.164 identification.
Usage
This command identifies the SGSN information to be used in messages to identify the SGSN.
 
sgtp-service
Identifies the SGTP service configuration to be used according to this call control profile.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
sgtp-service context ctxt_name service sgtp_service_name
no sgtp-service context
ctxt_name
Enter an alphanumeric string of 1 to 64 alphanumeric characters.
sgtp_service_name
Enter an alphanumeric string of 1 to 64 alphanumeric characters.
no
Disables use of SGTP service.
Usage
Use this command to configure enabling or disabling of SGTP service for this call control profile.
Example
sgtp-service context ctxt_name service sgtp_service_name
 
sms-mo
This command configures how mobile-originated SMS messages are handled.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
[ remove ] sms-mo { { access-type { gprs | umts } { all-location-areas | location-area-list } | allow access-type { gprs | umts } | restrict access-type { gprs | umts } }
remove
Deletes the specified configuration.
access-type type
Access by SMS will be limited to SMS coming from this network type:
allow
Allow either GPRS or UMTS type access for SMS.
restrict
Restrict either GPRS or UMTS type access for SMS.
location-area-list instance instance
instance must be an integer between 1 and 5. The value must identify an already defined LAC list created with the location-area-list command.
failure-code code
code : Must be an integer from 2 to 111.
Usage
Configure filtering for SMS-MO messaging.
Example
sms-mo access-type gprs all-location-areas failure-code code
 
sms-mt
This command configures how mobile-terminated SMS messages are handled.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
[ remove ]sms-mt { { access-type { gprs | umts } { all-location-areas | location-area-list } | allow access-type { gprs | umts } | restrict access-type { gprs | umts } }
remove
Deletes the specified configuration.
access-type type
Access by SMS will be limited to SMS coming from this network type :
allow
Allow either GPRS or UMTS type access for SMS.
restrict
Restrict either GPRS or UMTS type access for SMS.
location-area-list instance instance
instance must be an integer between 1 and 5. The value must identify an already defined LAC list created with the location-area-list command.
failure-code code
code: Must be an integer from 2 to 111.
Usage
Configure filtering for SMS-MT messaging.
Example
sms-mt access-type gprs all-location-areas failure-code code
 
srns-inter
Inter-SRNS (Serving Radio Network Subsystem) relocation.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
srns-inter ( all failure-code | allow location-area-list instance instance | location-area-list instance instance failure-code code | restrict location-area-list instance instance }
no srns-inter { allowlocation-area-list instance instance | restrictlocation-area-list instance instance }
default srns-inter { all | location-area-list-instance instance }
no
Deletes the inter-SRNS relocation configuration.
default
Resets the configuration to default values.
all failure-code code
Define the failure code that will apply to all inter-SRNS relocations.
code: Must be an integer from 2 to 111.
allow location-area-list instance instance
Identify the location area list Id (LAC Id) that will allow services in the defined location area.
location-area-list instance instance
instance : Must be an integer between 1 and 5 that identifies the previously defined location area list created with the location-area-list command.
restrict location-area-list instance instance
Identify the location area list Id (LAC Id) that indicates the location areas where services will be restricted.
Usage
This command defines the operational parameters for inter-SRNS relocation.
Example
Use the following command to allow services in areas listed in LAC list #3:
srns-inter allow location-area-list instance 3
 
srns-intra
This command configurations parameters relevant to the intra-SRNS (Serving Radio Network Subsystem) relocation procedure.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
srns-intra ( all failure-code | allow location-area-list instance instance | location-area-list instance instance failure-code code | restrict location-area-list instance instance }
no srns-intra { allow location-area-list instance instance | restrictlocation-area-list instance instance }
default srns-intra { all | location-area-list-instance instance }
no
Deletes the intra-SRNS relocation configuration.
default
Resets the configuration to default values.
all failure-code code
Define the failure code that will apply to all intra-SRNS relocations.
code : Must be an integer from 2 to 111.
allow location-area-list instance instance
Identify the location area list Id (LAC Id) that will allow services in the defined location area.
location-area-list instance instance
instance : Must be an integer between 1 and 5 that identifies the previously defined location area list created with the location-area-list command.
restrict location-area-list instance instance
Identify the location area list Id (LAC Id) of the target RNC to determine the location areas where services will be restricted.
Usage
This command defines the operational parameters for intra-SRNS relocation.
Example
Use the following command to restrict service in areas listed in the LAC list 1:
srns-intra restrict location-area-list instance 1
 
subscriber-control-inactivity
This command defines the time for the subscriber-control inactivity timer. The system seeks to detect inactivity where no PDP context is activated and then starts the timer.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
subscriber-control-inactivity timeout minutes time detach { immediate | next-connection | reattach-time-period }
{ no | default } subscriber-control-inactivity
no
Deletes the timer configuration.
default
Resets the timer configuration to the default value of 7 days (10080 minutes).
timeout minutes time[ detach ]
Sets the number of minutes the SGSN monitors the connection after inactivity has been detected. When the timer expires, the subscribe will be detached.
time: Enter an integer from 1 to 20160 (two weeks).
detach [ immediate | next-connection | reattach-time-period ]
Instructs the SGSN to detach and can be configured to specify when the detach will occur after inactivity is detected. To fine-tune the detach instruction, include one of the following with the command:
immediate - Instructs the SGSN to detach immediately after inactivity is detected. May combine with reattach-time-period.
next-connection - instructs the SGSN to detach after the next Iu connection after inactivity is detected.
note_smallImportant: Supported for 3G SGSNs only.
reattach-time-period period[ action ] - Specify the number of seconds the SGSN will monitor a new re-attach after the previous detach was due to inactivity. Also, you can define the action to be taken regarding new attaches.
period: Enter an integer from 60 to 3600.
action - Select an action:
Usage
Use this command to configure the timeout timer. After this timer times out the subscriber is detached from the SGSN.
Example
Instruct the SGSN to monitor the connection for up to 360 minutes after inactivity is detected or the SGSN should detach the attached subscriber immediately after inactivity is detected:
subscriber-control-inactivity timeout minutes 360detach immediate
 
super-charger
This command enables/disables the SGSN to work with a super-charged network.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
super-charger
remove super-charger
remove
Disables the super-charger functionality.
Usage
By enabling the super charger functionality for 2G or 3G connections controlled by an operator policy, the SGSN changes the hand-off and location update procedures to reduce signalling traffic management.
Example
Enable the feature with the following command:
super-charger
 
tau
Configure parameters for tracking area update (TAU) procedure.
Product
MME
Privilege
Security Administrator, Administrator
Syntax
tau { imei-query-type { imei | imei-sv | none } [ verify-equipment-identity [ allow-on-eca-timeout | deny-greylisted | deny-unknown | verify-emergency ] ] | inter-rat security-ctxt { allow-mapped | native } }
remove tau { imei-query-type | inter-rat security-ctxt }
remove
Deletes this TAU configuration from the call control profile.
imei-query-type { imei | imei-sv | none }
This keyword set is specific to the MME.
Sets the IMEI query-type if an IMEI (International Mobile Equipment Identity) is not already present.
imei: Check the IMEI.
imei-sv: Check the IMEI-SV.
none: Don’t check for IMEI.
verify-equipment-identity [ allow-on-eca-timeout | deny-greylisted | deny-unknown | verify-emergency ]
Specifies that the identification (IMEI or IMEI-SV) of the UE is to be performed by the Equipment Identity Register (EIR) over the S13 interface.
allow-on-eca-timeout: Configures the MME to allow equipment that has timed-out on ECA during the attach procedure.
deny-greylisted: Configures the MME to deny grey-listed equipment during the attach procedure.
deny-unknown: Configures the MME to deny unknown equipment during the attach procedure.
verify-emergency: Configures the MME to ignore the IMEI validation of the equipment during the attach procedure in emergency cases.
This is the default for the equipment identity verification option.
inter-rat security-ctxt { allow-mapped | native }
Configure inter-RAT parameters for TAU. This keyword provides the operator with the option of continuing with the mapped context or creating a new native context after an inter-RAT handover.
allow-mapped: Configures inter-RAT security-context type as mapped. Mapped security context is allowed after inter-RAT handover. This is the default value.
native : Configures inter-RAT security-context type as native only. Inter-RAT handover will always result in a native security context.
Usage
Use this command to define tracking area update procedures such as inter-RAT security context and IMEI query-type.
Example
Set the IMEI query type to IMEI-SV:
tau imei-query-type imei-sv verify-equipment- identity
 
treat-as-hplmn
Enable/disable the MME or SGSN to treat an IMSI series as coming from the home PLMN.
Product
MME, SGSN, S-GW
Privilege
Security Administrator, Administrator
Syntax
[ remove ] treat-as-hplmn
remove
Deletes this configuration from the profile. This would disable this function and is the default.
Usage
Use this command to enable or disable the MME/SGSN to treat an IMSI series as coming from the home PLMN.
Example
Disable previously configured feature:
remove treat-as-hplmn
 
zone-code
Configure a zone code listing of one or more LACs included in the zone.
Product
SGSN
Privilege
Security Administrator, Administrator
Syntax
zone-code zc_id location-area-code lac
no zone-code zc_id [ location-area-code lac ]
no
Removes either a specific LAC from the zone code list. If the location-area-code parameter is not included in the command, then the entire zone code list definition is removed from configuration.
zc_id
Identifies an instance of a zone code list. The list ID must be an integer from 1 to 65535.
An unlimited number of zone code lists can be configured per call control profile as the zone code lists are allocated dynamically.
location-area-code lac
This keyword prompts for the location area-code(s), where the subscribers can roam, that are part of the zone.
lac: Must be an integer from 1 to 65535.
Repeat the command with this parameter to include up to 100 LACs in the zone code list.
Usage
note_smallImportant: While there is no limit to the number of zone codes that can be created, only 10 LACs per zone code can be defined.
Use this command to define zone code restrictions. Regional subscription data at the home location register (HLR) is used to determine the regional subscription area in which the subscriber is allowed to roam. The regional subscription data consists of a list of zone codes. A zone code is comprised of one or more location areas (identified by a LAC) into which the subscriber is allowed to roam. Regional subscription data, if present in the insert subscriber data (ISD) request from the HLR, defines the subscriber's subscription area for the addressed SGSN. It contains the complete list (up to 10 zone codes) that apply to a subscriber in the currently visited PLMN.
During the GPRS Location Update procedure, the zone code list is received in the ISD request from the HLR. The zone code list from the HLR is validated against the configured values in the operator policy. If matched, then the ISD is allowed to proceed. If not matched, then the ISD response is that the Network Node Area is Restricted and the GPRS Location Update procedure fails. If no zone codes are included in the ISD (whether or not the zone codes are defined in the SGSN configuration), then checking is not done.
Example
Use this command to define multiple LACs for zone code 1:
zone-code 1 lac 413 212 113
 
 

Cisco Systems Inc.
Tel: 408-526-4000
Fax: 408-527-0883