This chapter identifies new, modified, and obsoleted configuration commands in Releases 12.0, 12.1, and 12.2.
This command enables to configure secondary AAA group for the APN. This supports the RADIUS Fire-and-Forget feature in conjunction with GGSN for secondary accounting (with different RADIUS accounting group configuration) to the RADIUS servers without expecting acknowledgement from the server, in addition to standard RADIUS accounting. This secondary accounting will be an exact copy of all the standard RADIUS accounting message (RADIUS Start / Interim / Stop) sent to the standard AAA RADIUS server.
aaa secondary-group aaa_group_name
This command enables to configure secondary AAA group for the subscriber template. This supports the No-ACK RADIUS Targets feature in conjunction with PDSN and HA for secondary accounting (with different RADIUS accounting group configuration) to the RADIUS servers without expecting the acknowledgement from the server, in addition to standard RADIUS accounting. This secondary accounting will be an exact copy of all the standard RADIUS accounting message (RADIUS Start / Interim / Stop) sent to the standard AAA RADIUS server.
aaa secondary-group aaa_group_name
Enables or disables the recording of the start and stop time of each command issued during a TACACS+ authenticated session.
app-level-retransmission { set-retransmission-bit | unset-retransmission-bit }
This command enables to map ARP priority-level value received from PCRF to inter-user-priority value and be sent in A11 session update.
Enables or disables the authorization of TACAS+ users on a command-by-command, command + argument, or command prompt basis.
This command enables to configure value of the Offline AVP sent by GGSN to the PCRF over Gx interface based on the Charging Characteristics (CC) profile received from the SGSN.
credit-control-group cc_group_name
This command enables to control the behavior of marking redirected HTTP flow as free-of-charge when the Final-Unit-Indication (FUI) Diameter AVP comes without Filter IDs.
This command enables to accept/ignore service ID in Service-Identifier AVP defined in the Diameter dictionaries for Gy interface implementation.
This command configures the value to be sent in the Service-Context-Id AVP, which identifies the context in which DCCA is used.
diameter service-context-id service_context_id
This command enables dictionary control of the AVPs that need to be added based on the version of the specification to which the OCS is compliant with. This command is applicable to all products that use the dcca-custom8 dictionary for Gy interface implementation.
This command enables dictionary control of the AVPs that need to be added based on the version of the specification to which the PCEF is compliant with. This command is applicable only to Diameter dictionaries that support standard based volume reporting over Gx feature.
destination-host-avp { session-binding | always | initial-request | retried-request }
This command configures the number of times the system attempts to connect to a dynamically discovered Diameter peer.
This command configures the expiration time for dynamic routes created after a Diameter destination host is reached.
This command is used to configure the maximum length of charging rulebase name in LOSDVs of eG-CDRs/P-GW-CDRs to between 1 through 63 characters. If configured to 0 (zero) the rulebase name is not trimmed. This CLI command is now available in 12.0 and later releases.
gtpp egcdr rulebase-max-length rulebase_name_max_length
When a link aggregation group (LAG) contains two sets of ports, each connecting to a different Ethernet switch, this command allows you to change the status of the active distributing ports.
link-aggregation port switch to slot_num/port_num
This command configures the behavior for load balancing Diameter peers in the event of a failure of an active server.
This command checks the Multi Protocol Label Switching (MPLS) LSP connectivity for the specified Forwarding Equivalence Class (FEC). It must be followed by an IPv4 prefix.
This command discovers MPLS LSP routes that packets actually take when traveling to their destinations. It must be followed by an IPv4 prefix.
Defines system behavior when an administrative login fails due to a TACACS+ authentication failure.
For PCEF bearer binding in 3G and when BCM mode is UE_ONLY, this command does not bind rules with QCI of default bearer to the default bearer and does not ignore other rules.
For PCEF bearer binding in LTE, this command enables updates, like TFT and bit rates, towards MS in downlink direction on default bearer. This allows application of pre-defined ECS based rules on default bearer.
This command configures the post-processing policy to be applied on Limit-Reached packets. This allows to enable post-processing priority based rules for content in blacklisted state.
The post-processing policy always CLI command will enable post-processing on Limit-Reached packets. If there are post-processed priority based rules, it will check for any redirection rules, else will discard the packets by default. No other post-processing actions like forward, next-hop, xheader-insertion, etc. will be applied on these limit-reached packets. If no post-processing priority rules are present, the packets will be dropped by default.
The post-processing policy not-for-dynamic-discard will directly discard the limit-reached context and will not apply post-processing priority based rules. This is the default setting.
Also, refer to the configuration changes required in the New Feature Summary chapter.
This command defines rule expressions to match all PPTP packets. This is used in conjunction with ADC, Stateful Firewall, and NAT in-line services.
[ no ] pptp any-match operator condition
This command defines rule expressions to analyze and charge user traffic based on control message type for PPTP packets. This is used in conjunction with ADC, Firewall, and NAT inline services.
[ no ] pptp ctrl-msg-type = { call-clear-request | call-disconnect-notify | echo-reply | echo-request | incoming-call-connected | incoming-call-reply | incoming-call-request | outgoing-call-reply | outgoing-call-request | set-link-info | start-control-connection-reply | start-control-connection-request | stop-control-connection-reply | stop-control-connection-request | wan-error-notify
This command defines rule expressions based on GRE to match all PPTP packets. This is used in conjunction with ADC, Firewall, and NAT in-line services.
[ no ] pptp gre any-match = condition
This feature enables to configure the Fire-and-Forget feature. The accounting request sent to a RADIUS accounting server configured under the AAA group with this CLI command configured in it will not expect a response from the server.
This command configures DCCA/Gy to work in per subscriber-PDN level Gy mode, wherein one Diameter session is created per subscriber PDN rather than per bearer, and only one DCCA/Gy session is created for multi-bearer PDNs. This command is applicable to all products using the Gy interface.
Configures TACACS+ AAA service-related parameters for use in authenticating ASR 5000 administrative users via a TACACS+ server.
[ no ] server priority priority_number ip-address ip_address [ service { authentication | authorization | accounting } ] [ port port_number ] [ { encrypted password shared_secret | password text_password } ] [ timeout seconds ] [ retries num_retries ] [ nas-source-address ip_address ]
This command configures the Diameter endpoint to establish the system as the server side endpoint of the connection.
This command configures whether to continue/terminate calls when Diameter server(s)/OCS become unreachable.
servers-unreachable { initial-request { continue | terminate [ after-timer-expiry timeout_period ] } | update-request { continue | terminate [ after-quota-expiry | after-timer-expiry timeout_period ] } }
The associate command allows the Diameter endpoint configuration to be associated with SCTP parameters configured in a template. In this release, this command replaces the diameter sctp command in the Context Configuration mode.
For more information on the deprecated command, please see the diameter sctp command in the Common Commands - Obsoleted in Release 12.2 section.
associate sctp-parameters-template template_name
The associate command allows the Diameter endpoint configuration to be associated with SCTP parameters configured in a template. In this release, this command replaces the diameter sctp command in the Context Configuration mode.
For more information on the deprecated command, please see the diameter sctp command in the Common Commands - Obsoleted in Release 12.2 section.
associate sctp-parameters-template template_name
The Exec mode chassis key value key_string command identifies the chassis which can encrypt and decrypt encrypted passwords in the configuration file. If two or more chassis are configured with the same chassis key value, the encrypted passwords can be decrypted by any of the chassis sharing the same chassis key value. As a corollary to this, a given chassis key value will not be able to decrypt passwords that were encrypted with a different chassis key value.
The key_string is an alphanumeric string of 1 through 16 characters. The chassis key is stored as a one-way encrypted value, much like a password. For this reason, the chassis key value is never displayed in plain-text form.
The Exec mode chassis keycheck key_string command generates a one-way encrypted key value based on the entered key_string. The generated encrypted key value is compared against the encrypted key value of the previously entered chassis key value. If the encrypted values match, the command succeeds and keycheck passes. If the comparison fails, a message is displayed indicating that the key check has failed. If the default chassis key (no chassis key) is currently being used, this key check will always fail since there will be no chassis key value to compare against.
Use the chassis keycheck command to verify whether multiple chassis share the same chassis key value.
chassis {key value <key_string> | keycheck <key_string>
This command allows an operator to allow or decline the dynamic addition of classifiers during MS-initiated service flow creation/modification.
This command allows an operator to enable/disable the reporting of the BSID in the Accounting Interim Update during the handoff and location update.
This command allows an operator to enable or disable WiMAX hotlining capability in the ASNGW and WiMAX HA. The command applies to both profile id-based and rule-based hotlining.
This command allows an operator to enable or disable 802.1P priority marking for WiMAX control traffic over an R6/R4 interface.
This command allows an operator to configure the 802.1 priority based on the schedule type for WiMAX data traffic.
This command configures the eG-CDR encoding type. When configuring the eG-CDR encoding type as ASCII, the delimiter character can be specified as either “:” (colon), “,” (comma), or “|” (pipe). The default delimiter character is “|” (pipe).
[ no ] http domain [ case-sensitive ] operator domain
This command defines rule expressions to match TCP previous state on the ingress side of the TCP proxy.
[ no ] tcp proxy-prev-state operator previous_state
[ no ] tcp proxy-state operator previous_state
[ no ] tftp any-match operator condition
[ no ] tftp data-any-match operator condition
[ no ] wsp domain [ case-sensitive ] operator domain
This command enables to define rule expressions to match domain portion of the URI for WSP/HTTP packets.
[ no ] www domain [ case-sensitive ] operator domain
This command enables to exclude/include packets/bytes dropped/retransmitted by ECS in the total charge volume — sn-charge-volume EDR attribute.
[ default | no ] edr sn-charge-volume { count-dropped-units | count-retransmitted-units }
This command configures the maximum number of flows for which TCP Proxy can be used per subscriber, and what portion of ECS memory should be reserved for TCP Proxy flows.
This command configures how long to keep the snooped addresses that were extracted from DNS responses.
ip dns-learnt-entries timeout timeout_period
[ no ] ip server-domain-name operator domain_name
This command allows you to enable/disable per-bearer MBR policing—bandwidth limiting. Note that there are only two variants of this command, the default and no variants.
This command allows you to enable/disable per-dynamic-rule MBR policing—bandwidth limiting. Note that there are only two variants of this command, the default and no variants.
This command enables the Tethering Detection feature, and loads the databases from the specified files into the service.
tethering-database [ os-signature os_signature_db_file_name | tac tac_db_file_name | ua-signature ua_signature_db_file_name ] +
This command enables/disables the Tethering Detection feature for a rulebase, and configures the database to use.
upgrade tethering-detection database { all | os-signature | tac | ua-signature } [ -noconfirm ]
[ no ] icmpv6 any-match operator condition
[ no ] icmpv6 code operator code
[ no ] icmpv6 type operator type
From the Context Configuration Mode, this command disables the sending of an INITIAL-CONTACT message in the IKEv1 protocol after the node creates a new Phase 1 SA, caused either by Dead Peer Detection or by a rekey.
This CLI has been introduced to skip the client hardware address (chaddr) validation performed on DHCPACK Message. This is required because some of the corporate DHCP servers in the field are not compliant with RFC 2131 and are not sending exact chaddr in DHCPACK message as it has received in DHCPREQUEST message. Configuring "no dhcp chaddr-validate" CLI will ensure that the chaddr field in DHCPACK is not validated and call is successfully established. Existing default behaviour is to perform chaddr validation and if mismatch is detected call is gets rejected.
This command configures the mapping of Location Area Code (LAC) received from UE to MSC point code. This is an important configuration for CS network resource sharing without Iu-Flex interface configuration.
This command is added to the Global Configuration Mode to configure the system to select source Boxer Internal Address (SBIA) as the input to the hashing function for ECMP-LAG distribution.
This command allows the operator to change the way hashing works in deciding which link to use for ECMP and Link Aggregation. In the default hashing algorithm the IP Source Address, IP Destination Address, IP Protocol and Source BIA are used in the hashing function. When “use-sbia-only” option is selected, only the Source BIA is used in the hashing function.
CAUTION: While using ECMP-LAG on a HNB-GW, this configuration is mandatory for standalone HNB-GW deployment and highly recommended in other deployment scenarios where HNB-GW is used in combination with other services.This command enables the DSCP marking feature for IP headers carrying outgoing A11-signalling A11 packets (such as RRP, RU, SU).
This command configures resource reservation protocol (RSVP) parameters for this HSGW service in support of the network initiated QoS feature.
This command enables the DSCP marking feature for IP headers carrying outgoing signalling packets.
max-pdn-connections eHRPD_PDNs
This command is used to enable or disable support for network initiated QoS functionality. Network initiated QoS is enabled by default.
Following new configuration modes and commands added in existing and new CLI configuration modes:
|
l
|
|
l
|
|
l
|
|
l
|
|
l
|
|
l
|
|
l
|
|
l
|
|
l
|
newcall duplicate-subscriber-requested-address { accept | reject }
The csfb command configures Circuit-Switched FallBack options for the configured call control profile. This command sets the CSFB option as only supporting short message service (SMS).
This command is a direct replacement for the obsolete mme-policy command and contains the same command set as the MME Policy mode.
This command creates a new, or enters an existing SCTP parameter template configuration. SCTP parameter templates configure SCTP associations.
sctp-param-template name
sctp-alpha value
sctp-beta value
sctp-cookie-life value
sctp-max-assoc-retx value
sctp-max-in-strms value
sctp-max-init-retx value
sctp-max-mtu-size bytes
sctp-max-out-strms value
sctp-max-path-retx value
sctp-min-mtu-size bytes
sctp-rto-initial value
sctp-rto-max value
sctp-rto-min value
sctp-sack-frequency value
sctp-start-mtu-size bytes
This command statically configures peer SGSN environments to facilitate MME-to-SGSN relocations over an S3 or Gn/Gp interface. In prior releases, before this command was created, the MME relied on the DNS setting in the SCTP Service mode for peer SGSN discovery/selection. The order of selection is peer SGSN configuration through MME Service mode first and DNS selection through the SCTP Service mode second.
peer-sgsn rai mcc number mnc number [ nri value ] rac value lac value address ip_address capability [ gn ] [ s16 ] [ s3 ]
This command enables the establishment of indirect data forwarding tunnels for Gn/Gp-based SRNS relocations.
This command configures the quality of service QoS differentiated service code point (DSCP) used when sending data packets of a particular 3GPP QoS class over the S1-MME interface.
s1-mme ip qos-dscp { af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | be | ef }
The nri command configures network resource identifier lengths used for source SGSN discovery via NRI-FQDN based DNS resolution. Up to 8 entries can be configured where each entry specifies the NRI length for a given PLMN.
IMPORTANT: In the absence of this configuration, the MME treats the NRI as invalid. The MME will use a plain RAI-based FQDN (and not an NRI-based FQDN) for DNS queries made to resolve the source SGSN.To support guarding the Location Update procedure during communication between the SGs service and the VLR, a timer command has been added to the SGS Service mode.
timer ts6-1 value
This command starts/stops the marking of subscribers associated with the specified VLR to an offload state. This enables the MME to preemptively move subscribers away from an MSS which is scheduled to be put in maintenance mode.
sgs offload sgs-service service-name vlr vlr-name { start time-duration minutes | stop } [ -noconfirm ]
Note: While the time-duration value is not used in Release 12.2, it is required for completion of the start command.
To support a network sharing configuration where service providers can share core network elements (MME, SGW, PGW), the MME service can now be configured with multiple local PLMNs per service. The configuration of these additional PLMNs is implemented using the network-sharing command within the mme-service config mode.
Refer to the plmn-id command to create the base PLMN identifier for an MME service. Each PLMN ID consists of the Mobile Country Code (MCC) and Mobile Network Code (MNC). A maximum of four network sharing entries can be configured per MME service. These PLMN IDs will be communicated to the eNodeBs in the S1 SETUP response and MME CFG Update messages.
The diameter-result-code-mapping command allows the administrator to map a specific EMM cause code to an S6a Diameter result code.
diameter-result-code-mapping s6a diameter-error-rat-not-allowed mme-emm-cause { no-suitable-cell-in-tracking-area | roaming-not-allowed-in-this-tracking-area | tracking-area-not-allowed }
The local-cause-code-mapping command maps a selected cause code to a restricted zone code result.
local-cause-code-mapping restricted-zone-code emm-cause-code { eps-service-not-allowed-in-this-plmn | no-suitable-cell-in-tracking-area | plmn-not-allowed | roaming-not-allowed-in-this-tracking-area | tracking-area-not-allowed }
The lte-zone-code command configures the enforcement of allowed or restricted zone code lists and associates an EMM cause code to rejected attach attempts.
lte-zone-code [ allow | restrict } { emm-cause-code { eps-service-not-allowed-in-this-plmn | no-suitable-cell-in-tracking-area | plmn-not-allowed | roaming-not-allowed-in-this-tracking-area | tracking-area-not-allowed ] zone-code-list zc_id +
The network-feature-support-ie command enables the information element in a supported feature message sent by the MME to indicate that Voice over PS is supported.
The associate command allows the Diameter endpoint configuration to be associated with SCTP parameters configured in a template.
associate sctp-parameters-template template_name
The lte-emergency-profile command creates and enters a new LTE Emergency Profile Configuration Mode.
pgw fqdn fqdn
qos qci qci arp arp_value peemption-capability ( may | shall-not } vulnerability ( not-preemptable | preemptable )
The network-global-mme-id-mgmt-db command creates and enters a new LTE Network Global MME ID Management Database Configuration Mode.
The nri command configures network resource identifier lengths used for source SGSN discovery via NRI-FQDN based DNS resolution. Up to 8 entries can be configured where each entry specifies the NRI length for a given PLMN.
IMPORTANT: In the absence of this configuration, the MME treats the NRI as invalid. The MME will use a plain RAI-based FQDN (and not an NRI-based FQDN) for DNS queries made to resolve the source SGSN.The msc command configures the IP address of an enhanced Mobile Switching Center (eMSC) server that the MME service communicates with over the Sv interface in support of the Single Radio Voice Call Continuity (SRVCC) feature.
msc ip_address
The associate command allows the SGs service to be associated with SCTP parameters configured in a template.
associate sctp-param-template template_name
The timezone command configures the timezone to be used for the UE time zone in S11 and NAS messages.
The lai command configures a Local Area Identifier for the management object.
The timezone command configures the timezone to be used for the UE time zone in S11 and NAS messages.
The zone-code command configures a zone code for the management object.
zone-code zc_id
To support enhanced TAI to LAI mapping, the plmn-id command has been added to support the optional configuration of the Public Land Mobile Network (PLMN) ID to identify the LAC pool area.
To support guarding the Location Update procedure during communication between the SGs service and the VLR, a timer command has been added to the SGS Service mode.
timer ts6-1 value
h323 time-to-live timeout
h323 timeout { admission adm_timeout | discovery disc_timeout | location loc_timeout | registration reg_timeout | unregistration unreg_timeout }
h323 tpkt timeout
h323 version version_num
This command enables/disables the NAT ICSR Flow check-pointing support for subscribers in a Firewall-and-NAT policy.
[ no ] ip server-ipv6-network-prefix operator ipv6_prefix/maskbit
action priority priority action_name arguments
no action priority priority
This command enables creating, configuring, or deleting action definitions within a local policy service.
no actiondef actiondef_name
action priority priority action_name arguments
condition priority priority { variable { eq | ge | gt | le | lt | match | ne | nomatch } regex | string_value | int_value | set }
no condition priority priority
This command enables creating, configuring, or deleting an event base within a local policy service.
no eventbase eventbase_name
rule priority priority [ event list_of_events ] ruledef ruledef_name actiondef actiondef_name [continue]
This command enables the ability to use network mobility service (NEMO) for the current APN. NEMO is disabled by default.
This command configures the Mobile IPv6 policy to decide on action to be taken when IPv4/IPv6 subscriber packets need to be tunneled, however, the encapsulated packets exceed tunnel MTU size.
This command enables the setting of event rules. An event is something that occurs in the system which would trigger a set of actions to take place, such as new-call or rat-change.
rule priority priority [ event list_of_events ] ruledef ruledef_name actiondef actiondef_name [continue]
no rule priority priority
This command enables creating, configuring, or deleting a rule definition within a local policy service.
no ruledef ruledef_name
condition priority priority { variable { eq | ge | gt | le | lt | match | ne | nomatch } regex | string_value | int_value | set }
This command enables the DSCP marking feature for IP headers carrying outgoing signalling packets.
This command aggregates the accounting information, using the configurable keys (qci) along with default keys.
This command enables use of locally configured P-CSCF addresses or Fully Qualified Domain Name (FQDN).
p-cscf { fqdn fqdn | primary [ ip IPv4_address | ipv6 IPv6_address ] | secondary [ ip IPv4_address | ipv6 IPv6_address ] }
This command configures the emergency session inactivity-timeout for an APN. APN must be configured as an emergency APN for VoLTE based E911 support.
timeout emergency-inactivity seconds
maximum-paths ebgp value
fa-spi-list list
ha-spi-list list
aaa nas-ip-address IPv4
aaa nas-ip-address ip-address
aaa 3gpp2-service-option service option
show ipv6 ospf [ database [ adv-router IPv4-Address ] [ls-type { external | inter-prefix | inter-router | intra-prefix | link | network | router } ] [ verbose ] [ | { grep grep_options | more } ] ] [ debugging ] [ interface ] [ neighbor [ details ] ] [ route [ summary ] ] [ virtual-links ] [ | { grep grep_options | more } ]
The S-GW now supports the use of the APN Profile Configuration Mode commands. The apn-profile name command is located in the Global Configuration Mode.
cc { local-value-for-scdrs behavior bit_value profile index_bit | prefer { hlrvalue-for-scdrs | local-value-for-scdrs } }
description description
idle-mode-acl { ipv4 | ipv6 } access-group group_name
ip { qos-dscp { { downlink | uplink } { background forwarding | conversational forwarding | interactive traffic-handling-priority priority_forwarding | streaming forwarding } + } | source-violation { deactivate [ all-pdp | excludefrom accounting | linked-pdp | tolerance-limit } | discard [ exclude-fromaccounting ] | ignore }
The S-GW now supports the use of the Call Control Profile Configuration Mode commands. The call-control-profile name command is located in the Global Configuration Mode.
attach access-type { gprs | umts } { all | location-area-list instance list_id }{ failure-code code | user-device-release { before-r99 failure code code | r99-or-later failure code code }
attach imei-query-type { imei | imei-sv | none } [ [ verify-equipment-identity ] [ deny-greylisted ]
authenticate { activate [ access-type { gprs | umts } ] | first [ access-type { gprs | umts } ] | frequency frequency | primary [ access-type { gprs | umts } ] | all-events [ access-type { gprs | umts } | frequency frequency | attach [ access-type { gprs | umts } | attach-type { combined | gprs-only } [ access-type { gprs | umts } | frequency frequency ] | frequency frequency | inter-rat [ access-type { gprs | umts } ] ] | detach [ access-type { gprs | umts } ] | rau | service-request | sms | tau }
description description
equivalent-plmn radio-access-technology { 2G | 3g | 4g | any } plmnid mcc mcc_number mnc_number priority priority
The S-GW now supports the use of the Operator Policy Configuration Mode commands. The operator-policy name command is located in the Global Configuration Mode.
apn { default-apn-profile apn_profile_name | network-identifier apn_net_id apn-profile apn_profile_name | operator-identifier apn_op_id apn-profile apn_profile_name }
description description
imei range IMEI_number to IMEI_number { imei-profile profile_name | sv ## imeiprofile profile_name }
This command is a direct replacement for the obsolete mme-policy command and contains the same command set as the MME Policy mode. The S-GW now supports the following modes in the LTE Policy Configuration Mode: LTE Subscriber Map Configuration Mode and LTE TAI Management Database Configuration Mode.
Sets a timer that delays the sending of excess Downlink Data Notification messages by the S-GW to the MME in instances where downlink data is received before a Modify Bearer Request is received by the MME.
ddn failure-actin pkt-drop-time seconds
This command configures Registration Expiry Timer Handling in P-CSCF/A-BG to keep pin holes open in B2BUA mode.
This command enables the P-CSCF/A-BG service to add “P-Emergency-Call-Mode-Preference” header in 200OK to REGISTER message. By default, this command is disabled.
This command enables external policy control via PCRF through the Rx Diameter interface and enters the PCRF-Policy-Control Configuration Mode. Default is disabled.
[ no ] authorization mediatype { application | audio | control | data | message | others | text | video }
This command replaces the subscribe command in the CSCF Proxy-CSCF Configuration Mode. Use this command to enable subscription to Notification of Signaling Transmission Path Status, as well as IPCAN Change type notification.
When enabled (default), the P-CSCF/A-BG sends AAR to the external PCRF via the Rx interface after UE registration. When disabled, the P-CSCF/A-BG will not subscribe to any event during Registration with PCRF and no diameter session will be established.
ca-certificate list name
certificate name
This command creates a new SSL cipher suite or specifies an existing cipher suite and enters the Cipher Suite Configuration Mode.
[ no ] cipher-suite name
This command specifies a list of SSL cipher suites. Currently, the system supports only one SSL cipher suite per SSL template.
cipher-suites list name
This command deletes all previously gathered SSL statistics for a specific P-CSCF service or all P-CSCF services, either system-wide or within a context.
This command specifies the key exchange algorithm for the SSL cipher suite. The key exchange algorithm provides the means by which the cryptographic keys for conventional encryption and MAC calculations are exchanged.
This command assigns the 8 processing cores on the PSC2 card and splits the hardware acceleration resources between SSL protocol and IPSec protocol processing.
require cipher ssl resource-percentage percentage_value
This command displays information related to SSL cipher suites since the last restart or clear command. A cipher suite contains the cryptographic algorithms supported by the client.
show ssl connection [ list | summary [ service-name name ] ] [ name name ] [ | { grep grep_options | more } ]
This command displays information related to configured SSL maps/templates since the last restart or clear command.
This command creates a new SSL template or specifies an existing one and enters the SSL Template Configuration Mode.
ca-certificate list name
certificate name
cipher-suites list name
This command specifies the supported version(s) of SSL protocol on the P-CSCF/A-BG. Currently, there is only one supported version of SSL protocol, which is TLS v0.1.
This command configures matching criteria for selecting a aaa-group name. When a subscriber registers, the selection criteria are compared and the aaa-group name from the matching entry will be picked up. The selected aaa-group will be used for all CDF (enabled for a given access type) or HSS interactions for that subscriber.
Maximum of 3 criteria can be configured per entry. A maximum of 1024 such entries can be configured.
aaa-group name { [ preference value ] criteria { aor aor_prefix | subscriber-capability { capability_type } | subscriber-ip-type
{ v4 | v6 } } + }
{ v4 | v6 } } + }
This command enables or disables the update of AS Call related Invite Request URI with translation result in the CSCF service.
This command allows/rejects a call based on configuration in case of failure from PCRF.
By default, session-reject is activated to reject the call with default response code 500.
By default, session-reject is activated to reject the call with default response code 500.
authorization policy-interworking-failure { session-continue | session-reject [ response-code code ] }
bind address IPv4_address system-id system_id id client_id { encrypted password password | password password }
This command creates a CDF or HSS selection table and enters the CSCF Diameter Selection Configuration Mode.
aaa-group name { [ preference value ] criteria { aor aor_prefix | subscriber-capability { capability_type } | subscriber-ip-type
{ v4 | v6 } } + }
{ v4 | v6 } } + }
no cscf peer-servers-group group_name
[ no ] peer-servers server_name
This command controls whether the S-CSCF returns only one or all bindings for AOR in 200 OK REGISTER response.
This command enables or disables prefix and capability based CDF server selection. By default, this command is disabled.
This command sets a response code for Dummy-AS. If this mode is selected, then MESSAGE/PUBLISH requests will be responded to by S-CSCF with configured response code. The response code can be 2xx/4xx/5xx/6xx; 3xx,401,and 407 are not allowed.
dummy-as custom-response-code SIP_response_code
This command controls the default-request forking-type in S-CSCF. The default forking type is parallel.
This command allows multiple registrations for the same private user-id from different devices. By default, multiple registrations are not allowed for the same private user-id.
This command creates an NPDB (Number Portability Data Base) client and enters the CSCF NPDB Client Configuration Mode.
bind address IPv4_address system-id system_id id client_id { encrypted password password | password password }
timeout { bind-response secs | error-response secs | idle secs | ping secs | ping-response secs | query-response secs | release-response secs | tcp-retry secs }
[ default | no ] timeout { bind-response | error-response | idle | ping | ping-response | query-response | release-response | tcp-retry }
This command determines for each number (or number prefix) in a prefix table whether it is ported and the SIP routing domain.
no number number
This command enables or disables PCRF policy control for this access-type. By default, PCRF policy control is disabled.
This command configures peer-server lists in a peer-servers-group. The peer-servers-list can be active, standby, or default.
Note: There can be one active, one standby, and one default peer-servers-list in a peer-servers-group.
[ no ] peer-servers server_name
This command sets the location of the PSAP-Database file to maintain and access the ESRK-Ranges provided by the operator for the E-CSCF.
psap-file file_name
This command configures the system to redirect subscriber sessions to another CSCF based on criteria(s) matching the received packet.
redirect { address ip_address | host host_name } [ port port_number ] { any | destination aor aor | log { any | destination aor aor | source { address ip_address | aor aor } | subscriber-capability { capability_type } | user-agent device-type device_type } | source { address ip_address | aor aor } | subscriber-capability { capability_type } | user-agent device-type device_type + }
no redirect { address ip_address | host host_name } [ port port_number ]
{ any | destination aor aor | source { address ip_address | aor aor } | subscriber-capability { capability_type } | user-agent device-type device_type + }
{ any | destination aor aor | source { address ip_address | aor aor } | subscriber-capability { capability_type } | user-agent device-type device_type + }
This command specifies whether the S-CSCF skips third party registration to the Application Server (AS) by a configured time after initial registration. After skipping the configured number of times, the third party register should be sent again to AS to reduce overload on AS. By default, the registration skip count is zero.
registration skip-count count
This command sets the minimum and maximum value in seconds for Retry-After Header. If Transactions Per Second (TPS) rate towards the peer-server application server (AS) is exceeded, the incoming requests will be rejected with 500 error response; Retry-After Header specifies the number of seconds before UE should retry.
This command enables/disables filling the server name AVP in MAR and SAR for Cx interface with configured server name. This command is disabled by default.
server-name server_name
This command enables strict checking on default-aor-domain so S-CSCF will reject registration and invite if there is a mismatch between aor in To/From and the configured default-aor-domain. By default, strict checking on default-aor-domain is disabled.
timeout { bind-response secs | error-response secs | idle secs | ping secs | ping-response secs | query-response secs | release-response secs | tcp-retry secs }
[ default | no ] timeout { bind-response | error-response | idle | ping | ping-response | query-response | release-response | tcp-retry }
This command controls the Transactions Per Second (TPS) towards the peer-server application server (AS). If TPS rate is exceeded, the incoming requests will be rejected with 500 error response; Retry-After Header specifies the number of seconds before UE should retry.
If this command is enabled, and I-CSCF role is enabled in S-CSCF, I-CSCF will send UAR/UAA diameter message to HSS.
This new command enables the operator to assign a failure code to be included in reject messages if attach rejection is due to access restriction data (ARD) checking in incoming subscriber data (ISD) messages. As well, the operator can disable the ARD checking behavior.
This new command enables the SGSN to send an straightforward name authority pointer (SNAPTR) type DNS query for APN resolution. The SNAPTR filters based on the EPC-capability of the user equipment (UE).
This new command in the GPRS Service configuration mode associates a specific DSCP template with a specific GPRS service configuration.
associate-dscp-template downlink template_name
A new command determines the SGSN response to MS-Flow-Control messages received from an unknown MS.
New commands determine the SGSN’s action during an attach process if the route towards the EIR is down.
IMPORTANT: The check-imei gf-failure-action command described below for 2G and 3G SGSNs works only if the EIR is associated under map-service and the EIR link is down. If check-imei gf-failure-action is configured as continue, and there is no EIR associated under map-service, then the SGSN rejects the Attach procedure with the disconnect-reason check-imei failure.control-packet qos-dscp { af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | be | cs1 | cs2 | cs3 | cs4 | cs5 | cs6 | cs7 | ef }]
priority2 | priority3 } | streaming } qos-dscp { af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | be | cs1 | cs2 | cs3 | cs4 | cs5 | cs6 | cs7 | ef }]
default data-packet { background | conversational | interactive { priority1 | priority2 | priority3 } | streaming }
This new command disables the SGSN's default behavior for verification of remote peer's restart counter change values.
A new command has been added to the Bulkstats configuration mode to configure bulk statistics collection for the DLCI utilization:
[ no ] dlci-util schema <dlci_schema_name> format <dlci_schema_format>
Use this new command to create or delete DSCP templates and to gain to the new DSCP templates configuration mode. The new DSCP template mode provides commands to configure control and data-packet handling:
|
l
|
control-packet command configures DSCP values for downlink control packets
|
|
l
|
data-packet command configures DSCP values for downlink data packets
|
This new command allows the operator to enable a feature which determines how empty (no data parameters) Connection Request messages will be handled.
ggsn-fail-retry-timer value
The new command configures the SGSN to discard (drop) the Attach-Request message received with a random TLLI already in use.
gn-delay-monitoring [ num-delay number_delayed | num-no-delay-for-clear number_normal | tolerance-seconds number_seconds ]
default gn-delay-monitoring [ num-delay | num-no-delay-for-clear | tolerance-seconds ]
This command sets a restart counter change window to avoid the resulting service deactivations and activations causing large bursts of network traffic if the restart counter change messages from the GGSN are erroneous.
A new configuration command instructs the SGSN to either ignore or validate the CAMEL subscription when there is no CAMEL service associated or in existence.
map-message insert-subscriber-data csi-handling when-camel-not-associated ignore-subscription
A new configuration command defines a threshold for the minimum number of unused vectors that the SGSN will retain before triggering the initiation of a SAI.
A new command provides a new default (7) for the number of outstanding packets sent by the linkmgr and also enables the operator to configurable a specific number of outstanding packets sent by the linkmgr. These configurations are applicable for both high-speed and low-speed narrowband links.
network-sharing failure-code <2-111>
Part 1: A new command configures a list of random TLLI (identified by hex number) to be invalidated (removed) from the GMM after the invalidate old-TLLI timer expires (see Part 2) and starts the invalidate old-TLLI timer. This command can be repeated up to 50 TLLI.
IMPORTANT: If the old-TLLI expiry timer is not configured with the old-tlli hold-time command, then the SGSN will only drop second Attach Requests using the same random TLLI already in use.Part 2: Another keyword in this new command configures the old-TLLI expiry timer (1 to 125 seconds, default of 5) to be started in GMM when anyone of the listed random TLLI are received. If the timer expires prior to receiving Attach-Complete then the SGSN invalidates (removes) the TLLI from the GMM.
IMPORTANT: For this configuration to work, the list of random TLLI to be removed (invalidated) from the GMM must be defined with the old-tlli invalidate tlli command.Set the rate at which the SGSN deactivates PDP connections per second per SessMgr when a GPT-C path failure is detected.
ptmsi-signature-reallocate { attach | frequency <frequency> | interval <minutes> | ptmsi-reallocation-command | routing-area-update [ update-type [ combined-update | imsi-combined-update | periodic | ra-update ] } [ access-type { gprs | umts } ] [ frequency <frequency> ]
The following new command allows the SGSN to use ‘selected-plmn’ in the Global Core Network ID IE in the Paging Request message and/or the Relocation Request message when network sharing is enabled:
ranap global-cn-id { relocation-request | paging-request } [ network-sharing selected-plmn ]
The following new command allows the SGSN to use ‘selected-plmn’ in the Paging Area ID IE in the Paging Request message and/or the Relocation Request message when network sharing is enabled:
This command enables the operator to define the cause code for subscriber rejection when it is due to regional subscription information failure.
[ remove ] regional-subscription-restriction [ failure-code <code> | user-device-release { before-r99 failure-code <code> | r99-or-later failure-code <code> } ]
A new command defines the amount of time (in seconds) that the SGSN waits for a Relocation Request message. The range is 1 to 60 with a default of 5.
relocation-alloc-timeout <time>
IMPORTANT: To enable CDR file generation, enter the edr-module active-charging-service, command from the Context configuration mode. To configure the file transfer and CDR parameters, accesses the EDR module configuration mode commands.A new command enables the SCTP association to set the size of the window (32768 (32KB) to 1048576 (1MB)) at the receiving end. The default window size is 1048576.
IMPORTANT: Before the window size can be set, the ASP association must be terminated with the no associate command. After the window size is set, the ASP association must be re-established with the associate command.sgsn retry-unavailable-ggsn <IPv4 or IPv6>
A new command allows the operator to restrict forwarding of SMS messages on the basis of a defined list of SMS-C addresses.
no smsc-address-restriction-list <isdn-no>
IMPORTANT: The smsc-address-restriction-list command only takes effect if the smsc-address-restriction-type command has also been configured.target-offloading algorithm [ optimized-for-speed | optimized-for-target-count ]
This new command enables the operator to assign a failure code to be included in reject messages if attach rejection is due to access restriction data (ARD) checking in incoming subscriber data (ISD) messages. As well, the operator can disable the ARD checking behavior.
A new command determines the SGSN response to MS-Flow-Control messages received from an unknown MS.
gn-delay-monitoring [ num-delay <number_delayed> | num-no-delay-for-clear <number_normal> | tolerance-seconds <number_seconds> ]
default gn-delay-monitoring [ num-delay | num-no-delay-for-clear | tolerance-seconds ]
A new command instructs the SGSN to ignore (not process) restart counters received from remote nodes. Default is to process the restart counters.
A new command provides a new default (7) for the number of outstanding packets sent by the linkmgr and also enables the operator to configurable a specific number of outstanding packets sent by the linkmgr. These configurations are applicable for both high-speed and low-speed narrowband links.
mtp2-max-outstand-frames <5 - 10>
ptmsi-signature-reallocate { attach | frequency <frequency> | interval <minutes> | ptmsi-reallocation-command | routing-area-update [ update-type [ combined-update | imsi-combined-update | periodic | ra-update ] } [ access-type { gprs | umts } ] [ frequency <frequency> ]
This command enables the operator to define the cause code for subscriber rejection when it is due to regional subscription information failure.
[ remove ] regional-subscription-restriction [ failure-code <code> | user-device-release { before-r99 failure-code <code> | r99-or-later failure-code <code> } ]
A new command defines the amount of time (in seconds) that the SGSN waits for a Relocation Request message. The range is 1 to 60 with a default of 5.
relocation-alloc-timeout <time>
sgsn retry-unavailable-ggsn <IPv4 or IPv6>
A new command allows the operator to restrict forwarding of SMS messages on the basis of a defined list of SMS-C addresses.
no smsc-address-restriction-list <isdn-no>
IMPORTANT: The smsc-address-restriction-list command only takes effect if the smsc-address-restriction-type command has also been configured.target-offloading algorithm [ optimized-for-speed | optimized-for-target-count ]
This new command enables the SGSN to send an straightforward name authority pointer (SNAPTR) type DNS query for APN resolution. The SNAPTR filters based on the EPC-capability of the user equipment (UE).
This new command enables the operator to specify the action to be taken when the SGSN receives a peer-to-peer BVC-Reset.
New commands determine the SGSN’s action during an attach process if the route towards the EIR is down.
IMPORTANT: The check-imei gf-failure-action command described below for 2G and 3G SGSNs works only if the EIR is associated under map-service and the EIR link is down. If check-imei gf-failure-action is configured as continue, and there is no EIR associated under map-service, then the SGSN rejects the Attach procedure with the disconnect-reason check-imei failure.This new command disables the SGSN's default behavior for verification of remote peer's restart counter change values.
A new command has been added to the Bulkstats configuration mode to configure bulk statistics collection for the DLCI utilization:
[ no ] dlci-util schema <dlci_schema_name> format <dlci_schema_format>
New command makes it possible for the operator to enable (default) / disable SGSN support for MS/UE requests for dual PDP type (IPv4v6) addressing.
NOTE: For this feature to function, common-flags must be enabled with the gptc send command in the SGTP Service configuration mode.
This new command enables the SGSN to work with an RNC with functioning dual address (IPv4v6) bearer support capability.
This new command allows the operator to enable a feature which determines how empty (no data parameters) Connection Request messages will be handled.
New command disables/enables forced authentication when the MS/UE security fails. Also configures the procedures and frequency for authentication.
force-authenticate consecutive-security-failure { inter-sgsn-rau | local-messages count <frequency> | non-local-messages count <frequency> }
[ default | no ] force-authenticate consecutive-security-failure { inter-sgsn-rau | local-messages | non-local-messages }
The new command configures the SGSN to discard (drop) the Attach-Request message received with a random TLLI already in use.
A new configuration command instructs the SGSN to either ignore or validate the CAMEL subscription when there is no CAMEL service associated or in existence.
map-message insert-subscriber-data csi-handling when-camel-not-associated ignore-subscription
This command sets a restart counter change window to avoid the resulting service deactivations and activations causing large bursts of network traffic if the restart counter change messages from the GGSN are erroneous.
A new configuration command defines a threshold for the minimum number of unused vectors that the SGSN will retain before triggering the initiation of a SAI.
New queue-size and wait-time keywords define the queue size for buffering and message age-out wait-time for optimized network overload protection.
network-overload-protection sgsn-new-connections-per-second #_new_connections action { drop | reject with cause { congestion | network failure } } [ queue-size <queue_size> ] [ wait-time <wait_time> ]
network-sharing failure-code <2-111>
Part 1: A new command configures a list of random TLLI (identified by hex number) to be invalidated (removed) from the GMM after the invalidate old-TLLI timer expires (see Part 2) and starts the invalidate old-TLLI timer. This command can be repeated up to 50 TLLI.
IMPORTANT: If the old-TLLI expiry timer is not configured with the old-tlli hold-time command, then the SGSN will only drop second Attach Requests using the same random TLLI already in use.Part 2: Another keyword in this new command configures the old-TLLI expiry timer (1 to 125 seconds, default of 5) to be started in GMM when anyone of the listed random TLLI are received. If the timer expires prior to receiving Attach-Complete then the SGSN invalidates (removes) the TLLI from the GMM.
IMPORTANT: For this configuration to work, the list of random TLLI to be removed (invalidated) from the GMM must be defined with the old-tlli invalidate tlli command.Set the rate at which the SGSN deactivates PDP connections per second per SessMgr when a GPT-C path failure is detected.
This new command configures the SGSN to send either IPv4 or IPv6 towards GGSN when MS/UE requests PDP type as IPv4v6 but either the SGSN or the RNC is not configured to support dual PDP type.
The following new command allows the SGSN to use ‘selected-plmn’ in the Global Core Network ID IE in the Paging Request message and/or the Relocation Request message when network sharing is enabled:
ranap global-cn-id { relocation-request | paging-request } [ network-sharing selected-plmn ]
The following new command allows the SGSN to use ‘selected-plmn’ in the Paging Area ID IE in the Paging Request message and/or the Relocation Request message when network sharing is enabled:
This new command enables the SGSN to handle RIM messages if the destination node is also RIM capable.
NOTE: to use this command, RIM support must first be enabled in the SGSN Global configuration mode.
IMPORTANT: To enable CDR file generation, enter the edr-module active-charging-service, command from the Context configuration mode. To configure the file transfer and CDR parameters, accesses the EDR module configuration mode commands.A new command enables the SCTP association to set the size of the window (32768 (32KB) to 1048576 (1MB)) at the receiving end. The default window size is 1048576.
IMPORTANT: Before the window size can be set, the ASP association must be terminated with the no associate command. After the window size is set, the ASP association must be re-established with the associate command.This command configures the default TPO policy for a rulebase. For subscribers using a particular rulebase, the default TPO policy configured in it will be used only if in the APN/subscriber profile no TPO policy is configured, and a policy to use is not received from the AAA.
tpo default-policy tpo_policy_name
This command configures the TPO profile for the charging action. This enables the specified TPO profile to be applied when a flow matches the charging action.
tpo profile tpo_profile_name
This command enables/disables TCP Pacing support, which causes the sender to evenly distribute window of data over an entire RTT.
This command configures authentication for subscribers or gateways accessing a service using the crypto template. Two new keywords and their respective supporting keywords and variables were added to the authentication command in the Crypto Template Configuration Mode: local and remote.
authentication { eap-profile name [ second-phase eap-profile name ] | gateway { encrypted key value | key clear_text } | local { certificate | pre-shared-key { encrypted key value | key clear_text } | pre-shared-key { encrypted key value | key clear_text } | remote { certificate | eap-profile name [ second-phase eap-profile name ] | pre-shared-key { encrypted key value | key clear_text } }
This command configures the Diameter Credit Control dictionary for the Active Charging Service. In this release, the dcca-custom21 through dcca-custom30 options were added to this command.
diameter dictionary { dcca-custom1 | dcca-custom10 | dcca-custom11 | dcca-custom12 | dcca-custom13 | dcca-custom14 | dcca-custom15 | dcca-custom16 | dcca-custom17 | dcca-custom18 | dcca-custom19 | dcca-custom2 | dcca-custom20 | dcca-custom21 | dcca-custom22 | dcca-custom23 | dcca-custom24 | dcca-custom25 | dcca-custom26 | dcca-custom27 | dcca-custom28 | dcca-custom29 | dcca-custom3 | dcca-custom30 | dcca-custom4 | dcca-custom5 | dcca-custom6 | dcca-custom7 | dcca-custom8 | dcca-custom9 | standard }
The allow-empty-ikesa keyword is new in the ikev2-ikesa command allowing the retention of an IKE SA even after its child SAs have been deleted.
ikev2-ikesa { allow-empty-ikesa | keepalive-user-activity | max-retransmissions number | retransmission-timeout msec | policy error-notification [ invalid-message-id | invalid-syntax ] rekey | setup-timer sec | transform-set list name }
ip address ip_address ip_mask
This command is used to aggregate ports on a Quad Gig-E line card (QGLC) and set related parameters. Several keywords have been added.
link-aggregation { distribution { block | random | rotate | simple } | lacp { active | passive } [ rate { auto | fast | slow } ] [ timeout { long | short } ] | master { global group group_number | group group_number | local group group_number } | member { global group group_number | group group_number | local group group_number } | redundancy { standard | switched } [ hold-time sec ] [ preferred slot { card_number | none } ] | toggle-link }
For link-aggregation redundancy standard mode, hold-time and preferred slot settings are now accepted and processed. Previously these settings were only observed for link-aggregation redundancy switched mode.
The keyword destination-network has been added to this command. An IP pool attached to the crypto map can have multiple IPSec tunnels according to the destination of the packet being forwarded to internet.
[ no ] match ip pool pool-name pool_name [ destination-network ip_address { / mask | mask ip_mask } ]
This command controls the pass/drop treatment of traffic while waiting for definitive credit information from the server. In this release, a new keyword limted-pass has been added to this command. This enables limited access for subscribers when the OCS is unreachable by provisioning a default quota to use until there is a response from the OCS.
pending-traffic-treatment { { { forced-reauth | trigger | validity-expired } drop | pass } | { { noquota | quota-exhausted } buffer | drop | limited-pass volume | pass } }
default pending-traffic-treatment { forced-reauth | noquota | quota-exhausted | trigger | validity-expired }
This command specifies the order of fields in the EDR. The following new TPO-related fields are now supported in the EDR format:
This command enables a Diameter proxy for the Diameter endpoint. A new keyword server-mode is added in this release to specify that the Diameter proxy should be treated as if it is the server side of the endpoint connection.
Configures the password used during authentication for sessions using a Constructed Network Access Identifier (NAI) or an APN-specified user name. The maximum value for the keyword encrypted password has been changed from 63 to 132 characters.
aaa constructed-nai authentication [ [ encrypted ] password user_password | useshared-secret-password ]
This command configures a charging characteristics profile, within the accounting profile configuration, for CDR generation. In this release, the maximum value for the cc profile buckets has been extended to support up to 10 for Diameter Rf accounting only. However, in the case of GTPP accounting, this CLI command allows configuring only up to 4 buckets.
cc profile index { buckets num | interval seconds | sdf-interval seconds | sdf-volume { downlink octets { uplink octets } | total octets | uplink octets { downlink octets } } | serving-nodes num | tariff time1 min hrs
[ time2 min hrs...time4 min hrs ] | volume { downlink octets { uplink octets } | total octets | uplink octets { downlink octets } } }
[ time2 min hrs...time4 min hrs ] | volume { downlink octets { uplink octets } | total octets | uplink octets { downlink octets } } }
default cc profile index
no cc profile index { buckets | interval | sdf-interval | sdf-volume | serving-nodes | tariff | volume }
Specifies the RADIUS prepaid service subscriber's user password parameters in the rulebase. The maximum value for the keyword encrypted password has been changed from 63 to 132 characters.
This command configures the Diameter credit control primary and secondary hosts for DCCA. A new keyword msisdn-based has been added to this command to support Diameter peer selection based on MSISDN prefix/suffix/range.
diameter peer-select peer peer_name [ realm realm_name ] [ secondary-peer secondary_peer_name [ realm realm_name ] ] [ imsi-based { { prefix | suffix } imsi/prefix/suffix_start_value } [ to imsi/prefix/suffix_end_value ] ] [ msisdn-based { { prefix | suffix } msisdn-based/prefix/suffix_start_value } [ to msisdn-based/prefix/suffix_end_value ] ]
no diameter peer-select [ imsi-based { { prefix | suffix } imsi/prefix/suffix_start_value } [ to imsi/prefix/suffix_end_value ] ] | [ msisdn-based { { prefix | suffix } msisdn-based/prefix/suffix_start_value } [ to msisdn-based/prefix/suffix_end_value ] ]
This command enables sending GTP Create-PDP-Context-Rsp message with cause code based on the DCCA result code. The following keywords were newly added to this command:
diameter result-code { authorization-rejected | credit-limit-reached | end-user-service-denied | user-unknown } use-gtp-cause-code { authentication-failure | no-resource-available | system-failure }
default diameter result-code { authorization-rejected | credit-limit-reached | end-user-service-denied | user-unknown } use-gtp-cause-code
Concatenated dynamic fields separated by “;” can also be added (for example, #BEARER.IMEI;BEARER.IMSI#).
In addition, the keywords encryption { blowfish128 | blowfish64 } [ encrypted ] key key enable encryption for dynamic fields of redirect url.
flow action redirect-url url /%3furl= dynamic_field
[ clear-quota-retry-timer ] [ encryption { blowfish128 | blowfish64 }
[ encrypted ] key key ]
[ clear-quota-retry-timer ] [ encryption { blowfish128 | blowfish64 }
[ encrypted ] key key ]
gtpc { bind { ipv4-address ipv4_address [ ipv6-address ipv6_address ] | ipv6-address ipv6_address [ ipv4-address ipv4_address ] } | echo-interval seconds | ip qos-dscp { forwarding_type } | max-retransmissions num | path-failure detection-policy echo | retransmission-timeout seconds }
no gtpc { bind { ipv4-address ipv4_address [ ipv6-address ipv6_address ] | ipv6-address ipv6_address [ ipv4-address ipv4_address ] } | echo-interval | path-failure detection-policy }
default gtpc { echo-interval | ip qos-dscp | max-retransmissions | path-failure detection-policy | retransmission-timeout }
custom41, custom42 , custom43, custom44, custom45, custom46, custom47, custom48, custom49, custom50, custom51, custom52, custom53, custom54, custom55, custom56, custom57, custom58, custom59, and custom60
gtpp dictionary { custom1 | custom10 | custom11 | custom12 | custom13 | custom14 | custom15 | custom16 | custom17 | custom18 | custom19 | custom2 | custom20 | custom21 | custom22 | custom23 | custom24 | custom25 | custom26 | custom27 | custom28 | custom29 | custom3 | custom30 | custom31 | custom32 | custom33 | custom34 | custom35 | custom36 | custom37 | custom38 | custom39 | custom4 | custom40 | custom41 | custom42 | custom43 | custom44 | custom45 | custom46 | custom47 | custom48 | custom49 | custom5 | custom50 | custom51 | custom52 | custom53 | custom54 | custom55 | custom56 | custom57 | custom58 | custom59 | custom6 | custom60 | custom7 | custom8 | custom9 | standard }
Added generate { cdr | container } for choice of generation of CDR or just a Container on a RAT change.
gtpp trigger { cell-update | direct-tunnel | egcdr max-losdv | inter-plmn-sgsn-change | ms-timezone-change | plmn-id-change | qos-change | rat-change [ generate { cdr | container } ] | routing-area-update | sgsn-change-limit | serving-node-change-limit | tariff-time-change | time-limit | volume-limit }
no gtpp trigger { cell-update | direct-tunnel | egcdr max-losdv | inter-plmn-sgsn-change | ms-timezone-change | plmn-id-change | qos-change | rat-change | routing-area-update | sgsn-change-limit | serving-node-change-limit | tariff-time-change | time-limit |
volume-limit }
volume-limit }
This command configures the RADIUS accounting server(s) in the current context. The maximum value for the keyword encrypted key has been changed from 256 to 236 characters.
radius [ mediation-device ] accounting server ip_address [ encrypted ] key value [ acct-on { disable | enable } ] [ acct-off { disable | enable } ] [ adminstatus { disable | enable } ] [ max max_messages ] [ max-rate max_value ] [ oldports ] [ port port_number ] [ priority priority ] [ type { mediation-device | standard } ] [ -noconfirm ]
Configures RADIUS charging accounting servers in the current context for Active Charging Service Prepaid Accounting. The maximum value for the keyword encrypted key has been changed from 256 to 236 characters.
radius charging accounting server ip_address [ encrypted ] key key [ max max_messages ] [ max-rate max_rate ] [ oldports ] [ port port_number ] [ priority priority ] [ admin-status { enable | disable } ] [ -noconfirm ]
Configures the NAS IP address and UDP port on which the current context will listen for Change of Authorization
(COA) messages and Disconnect Messages (DM). If the NAS IP address is not defined with this command, any COA or DM messages from the RADIUS server are returned with a Destination Unreachable error. The maximum value of the keyword encrypted key has been changed from 256 to 236 characters.
[ no ] radius change-authorize-nas-ip ip_address [ encrypted ] key value [ port port ] [ event-timestamp-window window ] [ no-nas-identification-check] [ no-reverse-path-forward-check ] [ mpls-label input in_label_value | output out_label_value1 [ out_label_value2 ]
Configures the RADIUS charging server(s) in the current context for Active Charging Service Prepaid Authentication. The maximum value for the keyword encrypted key has been changed from 256 to 236 characters.
radius charging server ip_address [ encrypted ] key key [ max max_messages ] [ max-rate max_rate ] [ oldports ] [ port port_number ] [ priority priority ] [ admin-status { enable | disable } ] [ -noconfirm ]
This command configures RADIUS authentication server(s) in the current context for authentication. The maximum value for the keyword encrypted key has been changed from 256 to 236 characters.
radius server ip_address [ encrypted ] key value [ admin-status { disable | enable } ] [ max max_messages ] [ max-rate max_value ] [ oldports ] [ port port_number ] [ priority priority ] [ probe | no-probe ] [ probe-username user_name ] [ probe-password [ encrypted ] password password ] [ type { mediation-device | standard } ] [ -noconfirm ]
This command configures whether to continue/terminate calls when Diameter server(s)/OCS become unreachable. In this release, this command has been enhanced to accept the following additional keywords after-inter-time, after-inter-volume, and server-retries. This CLI command can also be used to control the triggering of behavior either at transport failure, response timeout or at Tx expiry when OCS becomes unreachable.
servers-unreachable { behavior-triggers { initial-request | update-request } transport-failure [ response-timeout | tx-expiry ] | initial-request { continue [ { [ after-interim-time timeout_period ] [ after-interim-volume quota_value ] } server-retries retry_count ] | terminate [ { [ after-interim-time timeout_period ] [ after-interim-volume quota_value ] } server-retries retry_count | after-timer-expiry timeout_period ] } | update-request { continue [ { [ after-interim-time timeout_period ] [ after-interim-volume quota_value ] } server-retries retry_count ] | terminate [ { [ after-interim-time timeout_period ] [ after-interim-volume quota_value ] } server-retries retry_count ] | after-quota-expiry | after-timer-expiry timeout_period ] } }
default servers-unreachable behavior-triggers { initial-request | update-request }
The new obsolete-encryption keyword for the save configuration command allows the user to save a pre-12.2 release configuration prior to upgrading to 12.2 A change in encryption method prevents downgrading to a pre-12.2 release and importing a configuration file that had not been saved using this keyword.
save configuration <url> [-redundant] [-noconfirm] [obsolete-encryption] [showsecrets] [verbose]
This new keyword allows the administrator to configure the system description and the system OID string to display both either in the default style or the new Cisco style.
The description only applies to the default description when the admin has not configured the description using the system description CLI.
The OID string is either the current default string 1.3.6.1.4.1.8164 or the new Cisco string 1.3.6.1.4.1.9.
IMPORTANT: This CLI only works on both terms in the keyword. Either both are “default,” or both are “new.”This command enables or disables triggering a credit reauthorization when the named values in the subscriber session changes. In this release, the mcc and mnc keywords were added to this command.
This command enables detection of peer-to-peer (P2P) protocols. The following keywords were added to this command:
|
l
|
|
l
|
|
l
|
|
l
|
|
l
|
[ no ] p2p-detection protocol [ actsync | aimini | all | applejuice | ares | armagettron | battlefld | bittorrent | blackberry | citrix | clubpenguin | crossfire | ddlink | directconnect | dofus | edonkey | facebook | facetime | fasttrack | feidian | fiesta | filetopia | florensia | freenet | fring | funshion | gadugadu | gamekit | gnutella | gmail | gtalk | guildwars | halflife2 | hamachivpn | iax | icecast | imesh | iptv | irc | isakmp | iskoot | itunes | jabber | kontiki | manolito | maplestory | meebo | mgcp | msn | mute | myspace | nimbuzz | octoshape | off | oovoo | openft | orb | oscar | paltalk | pando | pandora | popo | pplive | ppstream | ps3 | qq | qqgame | qqlive | quake | rdp | rfactor | rmstream | secondlife | shoutcast | skinny | skype | slingbox | sopcast | soulseek | splashfighter | ssdp | stealthnet | steam | stun | teamspeak | teamviewer | thunder | tor | truphone | tvants | tvuplayer | twitter | uusee | veohtv | viber | vpnx | vtun | warcft3 | wii | winmx | winny | wmstream | wofkungfu | wofwarcraft | xbox | xdcc | yahoo | yourfreetunnel | zattoo + ]
This command enables detection of specific P2P protocols for charging purposes. This release now supports the following protocols:
|
l
|
|
l
|
|
l
|
|
l
|
|
l
|
[ no ] p2p protocol operator protocol
This command defines rule expressions to match traffic type—audio, video, and unclassified. The following options were added to this command:
|
l
|
|
l
|
[ no ] p2p traffic-type operator traffic_type
This command enables detection of peer-to-peer (P2P) protocols. The following keywords were added to this command:
|
l
|
|
l
|
|
l
|
|
l
|
|
l
|
|
l
|
|
l
|
|
l
|
|
l
|
|
l
|
|
l
|
|
l
|
[ no ] p2p-detection protocol [ actsync | aimini | all | antsp2p | applejuice | ares | armagettron | battlefld | bittorrent | blackberry | citrix | clubpenguin | crossfire | ddlink | directconnect | dofus | edonkey | facebook | facetime | fasttrack | feidian | fiesta | filetopia | florensia | freenet | fring | funshion | gadugadu | gamekit | gnutella | gmail | gtalk | guildwars | halflife2 | hamachivpn | iax | icecast | imesh | imo | iptv | irc | isakmp | iskoot | itunes | jabber | kontiki | manolito | maplestory | meebo | mgcp | msn | mute | mypeople | myspace | netmotion | nimbuzz | octoshape | off | ogg | oovoo | openft | openvpn | orb | oscar | paltalk | pando | pandora | popo | pplive | ppstream | ps3 | qq | qqgame | qqlive | quake | quicktime | rdp | rdt | rfactor | rmstream | scydo | secondlife | shoutcast | skinny | skype | slingbox | sopcast | soulseek | splashfighter | spotify | ssdp | stealthnet | steam | stun | tango | teamspeak | teamviewer | thunder | tor | truphone | tunnelvoice | tvants | tvuplayer | twitter | ultrabac | usenet | uusee | veohtv | viber | vpnx | vtun | warcft3 | whatsapp | wii | winmx | winny | wmstream | wofkungfu | wofwarcraft | xbox | xdcc | yahoo | yourfreetunnel | zattoo + ]
This command enables detection of specific P2P protocols for charging purposes. This release now supports the following protocols:
|
l
|
|
l
|
|
l
|
|
l
|
|
l
|
|
l
|
|
l
|
|
l
|
|
l
|
|
l
|
|
l
|
|
l
|
[ no ] p2p protocol operator protocol
This command specifies the action to take for the indicated result after content filtering analysis. The following options are additionally supported for the category keyword:
|
l
|
|
l
|
|
l
|
|
l
|
analyze priority priority { all | category category | x-category string } action { allow | content-insert content_string | discard | redirect-url url | terminate-flow | www-reply-code-and-terminate-flow reply_code } [ edr edr_format_name ]
This command specifies the action to take for the indicated result after content filtering analysis. The edr keyword has been deprecated and replaced with the reporting-edr keyword.
analyze priority priority { all | category category | x-category string } action { allow | content-insert content_string | discard | redirect-url url | terminate-flow | www-reply-code-and-terminate-flow reply_code } [ reporting-edr reporting_edr_format_name ]
no analyze priority priority
This command specifies the purpose of setting up a group-of-ruledefs. In support for the GX Alias feature the gx-alias keyword was added to this command. This enables to specify that a group-of-ruledefs is for Gx-alias purposes.
This command configures the x-header fields to be inserted in HTTP/WSP GET and POST request packets. The qos and s-mcc-mnc keywords were added to this command. This enables inserting bearer QoS and serving node MCC + MNC in x-headers.
insert xheader_field_name { string-constant xheader_field_value | variable { bearer { 3gpp { apn | charging-characteristics | charging-id | imei | imsi | qos | rat-type | s-mcc-mnc | sgsn-address } | acr | customer-id | ggsn-address | mdn | radius-calling-station-id | session-id | sn-rulebase | subscriber-ip-address | username } [ encrypt ] | http { host | url } }
no insert xheader_field_name
This command defines rule expressions to match specified arguments with POP3 reply. In this release, the user-specified argument must be 1 through 127 characters in length. In 11.0 and earlier releases, argument must be an alpha and/or numeric string of 1 through 512 characters in length.
[ no ] pop3 reply args [ case-sensitive ] operator argument
This command configures the order of fields in the EDR. This command now enables to configure HTTP domain and WSP domain fields in the EDR. For this, from the URL, after http:// (if it is present) is removed, everything until the first “/” is used as the domain.
This command specifies the order of fields in EDRs. Support for the following new attribute was added to this command.
sn-charge-volume: The total charge volume excluding packets/bytes dropped/retransmitted by ECS.
attribute attribute { [ format { MM/DD/YY-HH:MM:SS | MM/DD/YYYY-HH:MM:SS | YYYY/MM/DD-HH:MM:SS | YYYYMMDDHHMMSS | seconds } ] [ localtime ] | [ { ip | tcp } { bytes | pkts } { downlink | uplink } ] priority priority }
This command configures billing actions for packets that match ruledefs. Support for configuring charging and reporting EDR formats was added to this command.
billing-action { create-edrs { charging-edr charging_edr_format_name | reporting-edr reporting_edr_format_name } + [ wait-until-flow-ends ] | egcdr | exclude-from-udrs | radius | rf } +
This command configures the EDR/UDR file parameters. The module-only keyword was added to this command. This keyword specifies that the transfer-mode is only applicable to the EDR module; if not configured it is applicable to both EDR and UDR modules. This enables to support individual record transfer-mode configuration for each module.
cdr [ [ push-interval value ] [ push-trigger space-usage-percent trigger_percentage ] [ remove-file-after-transfer ] [ transfer-mode { pull | push primary { encrypted-url encrypted_url | url url } [ via local-context ] [ secondary { encrypted-secondary-url encrypted_secondary_url | url secondary_url } ] [ module-only ] } ] + | use-harddisk ]
default cdr [ push-interval | push-trigger space-usage-percent | remove-file-after-transfer | transfer-mode [ push via ] | use harddisk ] +
This command configures the EDR/UDR file parameters. The module-only keyword was added to this command. This keyword specifies that the transfer-mode is only applicable to the UDR module; if not configured it is applicable to both EDR and UDR modules. This enables to support individual record transfer-mode configuration for each module.
cdr [ push-interval value ] [ push-trigger space-usage-percent trigger_percentage ] [ remove-file-after-transfer ] [ transfer-mode { pull | push primary { encrypted-url encrypted_url | url url } [ via local-context ] [ secondary { encrypted-secondary-url encrypted_secondary_url | url secondary_url } ] [ module-only ] } ] + | use-harddisk ]
default cdr [ push-interval | push-trigger space-usage-percent | remove-file-after-transfer | transfer-mode [ push via ] | use-harddisk ] +
This command enables to create/configure/delete the Event Data Record (EDR) module for the context. Support for configuring the EDR module for charging / reporting EDRs was added to this command.
This command configures the generation of an EDR on the completion of a transaction. Support for configuring charging and reporting EDR formats was added to this command. The edr-format option is supported only in 12.1 and earlier releases. In 12.2 and later releases, it is deprecated and replaced by the charging-edr option.
edr transaction-complete http [ charging-edr charging_edr_format_name | edr-format edr_format_name | reporting-edr reporting_edr_format_name ]
This command enables generating Event Data Record (EDR) on the completion of voice calls. Support for configuring charging and reporting EDR formats was added to this command. The edr-format option is supported only in 12.1 and earlier releases. In 12.2 and later releases, it is deprecated and replaced by the charging-edr option.
edr voip-call-end { charging-edr charging_edr_format_name | edr-format edr_format_name | reporting-edr reporting_edr_format_name }+
This command specifies the actions for packets that match a rule definition. This command also specifies action on packet and flow for Session Control functionality. Support for Blowfish encryption in conjunction with URL redirection was added to this command.
flow action { conditional user-agent end-token end_token_name | discard [ downlink | uplink ] | random-drop interval interval_start to interval_end pkts-to-drop packet_min to packet_max | readdress [ server ipv4_address ] [ port port_number ] | redirect-url redirect_url [ [ encryption { blowfish128 | blowfish64 } [ encrypted ] key key ] clear-quota-retry-timer ] | terminate-flow | terminate-session }
This command sets the end condition of the session flows related to a user session and triggers EDR generation. Support for configuring charging and reporting EDR formats was added to this command.
flow end-condition { content-filtering | hagr | handoff | normal-end-signaling | session-end | url-blacklisting | timeout } [ flow-overflow ] + { charging-edr charging_edr_format_name | reporting-edr reporting_edr_format_name }
This command specifies the purpose of setting up a group-of-ruledefs as either for charging, post-processing, or for other purposes. Support to configure a group-of-ruledefs for Traffic Performance Optimization (TPO) in-line service’s match-rule and match-advertisement configurations was added to this command.
group-of-ruledefs-application { charging | content-filtering | gx-alias | post-processing | tpo }
This command allows you to configure how the Charging-Rule-Base-Name AVP from PCRF is interpreted, either as ACS rulebase or ACS group-of-ruledefs.
In 12.0 and earlier releases, if multiple Charging-Rule-Base-Name AVP are received from the PCRF, the "last" rulebase is selected and applied to the call. In early 12.2 releases, the "first" rulebase was being selected.
To maintain a uniform behavior, in later 12.2 releases also the "last" rulebase will be selected by default.
In cases where the "first" rulebase has to be selected, a new option “use-first” has been introduced.
policy-control charging-rule-base-name { active-charging-group-of-ruledefs | activecharging-rulebase [ ignore-when-removed ] [ use-first ]}
This command defines rule expressions to match specified arguments with POP3 reply. In this release, the user-specified argument must be 1 through 127 characters in length. In 11.0 and earlier releases, argument must be an alpha and/or numeric string of 1 through 512 characters in length.
[ no ] pop3 reply args [ case-sensitive ] operator argument
This command specifies the purpose of setting up a ruledef as either for charging, post-processing, or for other purposes. Support to configure a ruledef for Traffic Performance Optimization (TPO) in-line service’s match-rule and match-advertisement configurations was added to this command.
This command specifies the order of fields in the EDR. The following new fields were added to this command:
|
l
|
tcp os-signature: OS signature string for TCP flow. Enables/disables OS Signature field in EDRs sent to MUR.
|
|
l
|
flow tethered: Indicates tethering detected on flow. Enables/disables tethering detection result field in EDRs sent to MUR.
|
This command specifies the extension-header (x-header) format name whose fields are to be inserted in HTTP GET and POST request packets. Support for key encryption was added to this command.
xheader-insert xheader-format xheader_format_name [ encryption rc4md5 [ encrypted ] key key ] [ first-request-only ] [ -noconfirm ]
This command configures Stateful Firewall protection for subscribers from Denial-of-Service (DoS) attacks. The following keywords have been added to this command to support IPv6 firewall:
[ no ] firewall dos-protection { all | flooding { icmp | tcp-syn | udp } | ftp-bounce | ip-unaligned-timestamp | ipv6-dst-options [ invalid-options | unknown-options ] | ipv6-extension-hdrs [ limit extension_limit ] | ipv6-frag-hdr nested-fragmentation | ipv6-hop-by-hop [ invalid-options | jumbo-payload | router-alert | unknown-options ] | mime-flood | port-scan | source-router | tcp-window-containment | teardrop | winnuke }
This command configures Stateful Firewall action on IPv4/IPv6 packets involved in IP Reassembly Failure scenarios. In this release, support for IPv6 firewall is added.
This command configures the maximum IPv4/IPv6 packet size (after IP reassembly) allowed over Stateful Firewall. In this release, support for IPv6 firewall is added.
This command enables/disables Stateful Firewall support in a Firewall-and-NAT policy. In this release, support to enable/disable IPv4 and IPv6 firewall is added.
This command limits the maximum number of IPv4/IPv6 fragments per fragment chain. In this release, support for IPv6 firewall is added.
ip max-fragments max_fragments
This command controls routing of packets to protocol analyzers. The basic-and-advanced option is added to sip keyword for SIP packets to route through SIP analyzer and SIP ALG.
route priority route_priority ruledef ruledef_name analyzer { dns | file-transfer | ftp-control | ftp-data | h323 | http | imap | mms | p2p | pop3 | pptp | rtcp | rtp | rtsp | sdp | secure-http | sip [ advanced | basic-and-advanced ] | smtp | tftp | wsp-connection-less | wsp-connection-oriented } [ description description ]
no route priority route_priority
Virtual APN selection is based on configuration parameters like roaming mode, bearer access service etc. Three more parameters ‘cc-profile’, ‘msisdn-range’, and ‘rat-type’ are added based on them virtual-apn will be selected. ‘CC-profile option specifies the APN for charging characteristics (CC)-profile index. The APN selection will be applied to all subscribers that have msisdn in the configured ‘msisdn-range’. The range has lower and upper limit configured as ‘from’ and ‘to’ respectively. The ‘rat-type’ option configures the APN for rat-type (eutran, gan, geran, hspa, utran, wlan) received in the message.
Another addition is the ‘msin-range from <start_refix> to <end_prefix>’ keywords have been added to the MCC-MNC in this command to enable the IMSI prefix based prepaid/postpaid subscribers selection on GGSN. This enhancement extends the MCC+MNC based virtual APN selection to MCC+MNC+MSIN Range based virtual APN selection.
Virtual APN selection parameter ‘rat-type’ has been enhanced with the inclusion of a new keyword “eutran” along with the utran, geran, wlan, gan, and hspa. It is an enhanced 3GPP standard air interface for LTE mobile networks. Rat-type has also been included as an optional keyword for MCC+MNC.
virtual-apn { gcdr apn-name-to-be-included { gn | virtual } | preference priority apn apn_name [ access-gw-address { ip_address | ip_address/mask } | bearer-access-service svc_name | cc-profile cc_profile_index [ rat-type { eutran | gan | geran | hspa | utran | wlan } ] | domain domain_name | mcc mcc_number mnc mnc_number [ msin-range from msin_range_from to msin_range_to | rat-type { eutran | gan | geran | hspa | utran | wlan } ] | msisdn-range { from msisdn_start_range to msisdn_to_range | rat-type { eutran | gan | geran | hspa | utran | wlan } } | rat-type { eutran | gan | geran | hspa | utran | wlan } | roaming-mode { home | visiting | roaming } } }
This command configures the APN’s authentication parameters. A new option ‘prefer-chap-pco’ has been added to be used along with msisdn-auth/imsi-auth parameter. With this option, if enabled, GGSN performs CHAP authentication if CHAP parameters are received in Protocol Configuration Options (PCO). However, chap username would be constructed as msisdn@apn / imsi@apn and chap challenge, chap response parameters should be used as it is from CHAP parameters received in PCO IE. If CHAP parameters are not received in PCO IE of CPC Request, GGSN should do normal PAP authentication with PAP username as msisdn@apn / imsi@apn (ignoring any PAP username if received).
authentication { [ msid-auth | imsi-auth [ password-use-pco | username-strip-apn | prefer-chap-pco ] | msisdn-auth [ password-use-pco | username-strip-apn | prefer-chap-pco ] | eap initial-access-request [ authenticate-authorize | authenticate-only ] | [ allow-noauth ] [ chap preference ] [ mschap preference ] [ pap preference ] }
This command controls copying of IP TOS octet value from user IPv4/IPv6 datagrams to header of GTP tunnel encapsulation. Earlier the “data-tunnel” option appeared after this command, but it was removed to match with the same command in Subscriber Configuration Mode command.
From the Context Configuration Mode, this command creates IPSec transform sets. A new aes-cbc-256 cipher has been added to the existing list of supported cipher options.
[ no ] crypto ipsec transform-set transform_name [ ah { hmac { md5-96 | none | sha1-96 } { esp { hmac { { md5-96 | sha1-96 } { cipher { 3des-cbc | aes-cbc-128 | aes-cbc-256 | des-cbc } } | none } } } } ]
From the GGSN Service Configuration Mode, the sgsn command configures the SGSNs allowed to connect to this GGSN. A new option ‘mcc-mnc’ has been added to this command to configure the sgsn mcc-mnc to the GGSN service. This implementation gives first preference to “User Location Information” IE in Create PDP Context Request Message (to be sent to PCRF) for determining 3GPP-SGSN-MCC-MNC attribute. For backward compatibility with this old behavior, CLI controlled implementation has been done so that existing deployments are not affected with this change in behavior.
This command configures the parameters for GTPP files stored locally on GTPP storage server. A new option “start-file-seq-num” has been added to this command from 12.2 onwards which will allow the operators to configure the start file sequence number at the specified value and go on incrementing until the maximum sequence number configured in the file format is reached and then it would rollover.
In case the optional value “Recover-file-seq-num” is configured then every time the machine is rebooted (or aaaproxy recovery/planned/Unplanned PSC migration) the file sequence number continues from the last sequence and goes on incrementing until the maximum sequence number configured in file name format is reached and then it would rollover and start from the start-file-seq-num value.
gtpp storage-server local file { compression { gzip | none } | format { custom1 | custom2 | custom3 | custom4 | custom5 | custom6 | custom7 | custom8 } | name { format string [ max-file-seq-num seq_number ] | prefix prefix } | purge-processed-files [ file-name-pattern file_pattern | purge-interval purge_dur ] | rotation { cdr-count count | time-interval time [ force-file-rotation ] | volume mb size } | start-file-seq-num seq_num [ recover-file-seq-num ] }
default gtpp storage-server local file { compression | format | name { format | prefix } | purge-processed-files | rotation { cdr-count | time-interval | volume } | start-file-seq-num }
This command configures the APN authentication parameters. A new optional keyword “convert-to-mschap” has been added with CHAP option of this command. With this enhancement, the CHAP parameters with the length of 49 bytes are converted to MSCHAP by AAAmgr. If this new keyword is disabled, teh CHAP is not converted to MSCHAP even if CHAP parameter length is 49 bytes.
authentication [ [ msid-auth | imsi-auth [ password-use-pco | username-strip-apn | prefer-chap-pco ] | msisdn-auth [ password-use-pco | username-strip-apn | prefer-chap-pco ] | eap initial-access-request [ authenticate-authorize | authenticate-only ] | [ allow-noauth ] [ chap preference [ convert-to-mschap ] ] [ mschap preference ] [ pap preference ] ]
This command designates a specific dictionary used by GTPP for a specific context. A new set of dictionaries from custom 41 to custom 60 has been created for all products and necessary support to be provided.
gtpp dictionary { custom1 | custom10 | custom11 | custom12 | custom13 | custom14 | custom15 | custom16 | custom17 | custom18 | custom19 | custom2 | custom20 | custom21 | custom22 | custom23 | custom24 | custom25 | custom26 | custom27 | custom28 | custom29 | custom3 | custom30 | custom31 | custom32 | custom33 | custom34 | custom35 | custom36 | custom37 | custom38 | custom39 | custom4 | custom40 | custom41 | custom42 | custom43 | custom44 | custom45 | custom46 | custom47 | custom48 | custom49 | custom5 | custom50 | custom51 | custom52 | custom53 | custom54 | custom55 | custom56 | custom57 | custom58 | custom59 | custom6 | custom60 | custom7 | custom8 | custom9 | standard }
Key word roaming is added in the below command
Key word roaming is added in the below command
Below command configures the service ip-address to be sent as an AVP in RADIUS authentication probe messages.
radius probe-message local-service-address ipv4/ipv6_address
The keyword router-solicit-wait-timeout and its options have been added to the following command.
default ipv6 initial-router-advt { interval | num-advts | router-solicit-wait-timeout }
The apn-selection-default command enables and configures the Default APN feature for use when the normal APN selection process fails. A new keyword, first-in-subscription, has been added in this release and specifies that the first APN in the subscription record matching the PDN type is used if the UE APN is absent and the default APN is not a match.
apn-selection-default { first-in-subscription | network-identifier apn_net_id [ fallback-apn apn_net_id | reject-blank-apn | require-dns-fail-wildcard | require-subscription-apn ] }
The attach command now supports the ability of the MME to allow call processing even if the EIR check times out. Also, the MME now has the ability to allow call processing on emergency verification. The addition of the allow-on-eca-timeout keyword provides this function.
attach imei-query-type { imei | imei-sv | none } [ verify-equipment-identity [ allow-on-eca-timeout | deny-greylisted | deny-unknown ] ]
The authenticate command enables authentication for a variety of procedures within services using the configure call control profile. The authentication of SMS procedures has been added in this release.
authenticate sms [ access-type { gprs | umts } | frequency frequency | sms-type { mo-sms | mt-sms } ]
The associate command configures association between the MME service and other services such as the HSS peer service and the SGs service. An sctp-param-template keyword and associated variable has been added to this command. The sctp-param-template keyword allows the MME service to be associated with a configured SCTP parameter template. SCTP parameter templates are configured through the Global Configuration Mode.
Also, the associate sgs-service command now allows the SGs context to be configured.
associate { { egtp-service egtp_svc_name | hss-peer-service hss_svc_name | sctp-param-template template_name | sgs-service sgs_svc_name | sgtpc-service sgtpc_svc_name } [ context ctx_name ] | subscriber-map map_name | tai-mgmt-db database_name }
The bind s1-mme command connects the MME service to the S1-MME interface. In this release, the ability to configure node-to-node IP security has been added. An optional crypto template keyword and associated variable has been added to this command.
bind s1-mme ipv4-address address [ ipv4-address secondary_address ] | ipv6-address address [ ipv6-address secondary_address ] } [ crypto-template name ] [ max-subscribers number ]
IMPORTANT: Crypto templates can only be associated with IPv4 addresses on the S1-MME in this release.The dns command configures association between the MME service and a named context where a DNS client resides allowing for DNS queries to peer servers or other EPC entities. An peer-sgsn keyword has been added to this command. The peer-sgsn keyword allows the MME service to be associated with a context where a DNS client provides DNS queries to locate a peer SGSN.
The policy attach command now supports the ability of the MME to allow call processing even if the EIR check times out. Also, the MME now has the ability to allow call processing on emergency verification. The addition of the allow-on-eca-timeout keyword provides this function.
policy attach { imei-query-type { imei | imei-sv | none } [ verify-equipment-identity [ allow-on-eca-timeout | deny-greylisted | deny-unknown ] ] | set-ue-time { disable | enable }
The policy tau command now supports the ability of the MME to allow call processing even if the EIR check times out. Also, the MME now has the ability to allow call processing on emergency verification. The addition of the allow-on-eca-timeout keyword provides this function.
policy tau { imei-query-type { imei | imei-sv | none } [ verify-equipment-identity [ allow-on-eca-timeout | deny-greylisted | deny-unknown ] ] | set-ue-time { disable | enable }
The tau command now supports the ability of the MME to allow call processing even if the EIR check times out. Also, the MME now has the ability to allow call processing on emergency verification. The addition of the allow-on-eca-timeout keyword provides this function.
tau { imei-query-type { imei | imei-sv | none } [ verify-equipment-identity [ allow-on-eca-timeout | deny-greylisted | deny-unknown ] ] | inter-rat security-ctxt { allow-mapped | native } }
The maximum configurable value for eNodeB cache timeout has been increased from 60 minutes to 1440 minutes.
The following keyword has been added to this command to configure the MME to include the preamble in the target-id of relocation requests that it sends:
gtpc { bind address ip_address | dns-sgsn context cntxt_name | echo-interval seconds | guard-interval seconds | ignore response-port-validation | ip qos-dscp <dscp_marking> | max-retransmissions num | retransmission-timeout seconds | send { common flags | rab-context | target-identification-preamble } }
no gtpc { bind address ip_address | dns-sgsn context cntxt_name | echo-interval seconds | send { commo- flags | rab-context | target-identification-preamble} }
default gtpc { echo-interval | guard-interval | ignore response-port-validation | ip qos-dscp | max-retransmissions | retransmission-timeout | send { commonflags | rab-context | target-identification-preamble } }
The clear subscribers mme-service command now supports the ability to clear individual PDNS or bearers based on the EPS bearer identity.
The attach command now supports the ability of the MME to allow call processing even if the EIR check times out. Also, the MME now has the ability to allow call processing on emergency verification. The addition of the allow-on-eca-timeout and the verify-emergency keywords provide these functions.
attach imei-query-type ( imei | imei-sv | none ) [ verify-equipment-identity [ allow-on-eca-timeout | deny-greylisted | deny-unknown | verify-emergency ] ]
The cc prefer command now supports the ability of the MME to use charging characteristics from an HSS or by using locally set values. This, in conjunction with the addition of the time zone mapping command, supports TAI based UE time zone reporting by the MME so it can be passed to the S-GW and P-GW to be included as the UE time zone in billing records.
cc { behavior-bit no-records bit_value | local-value behavior bit_value profile index_bit | prefer { hlr-hss-value | local-value } }
The tau command now supports the ability of the MME to allow call processing even if the EIR check times out. Also, the MME now has the ability to allow call processing on emergency verification. The addition of the allow-on-eca-timeout and the verify-emergency keywords provide these functions.
tau { imei-query-type { imei | imei-sv | none } [ verify-equipment-identity [ allow-on-eca-timeout | deny-greylisted | deny-unknown | verify-emergency ] ] | inter-rat security-ctxt { allow-mapped | native } }
The associate command now allows the MME service to associate with the global MME ID management database.
associate { { egtp-service egtp_svc_name | egtp-sv-service egtp_sv_svc_name | hss-peer-service hss_svc_name | lte-emergency-profile profile_name | network-global-mme-id-mgmt-db | sctp-param-template template_name | sgs-service sgs_svc_name | sgtpc-service sgtpc_svc_name } [ context ctx_name ] | subscriber-map map_name | tai-mgmt-db database_name }
The policy attach command now supports the ability of the MME to allow call processing even if the EIR check times out. Also, the MME now has the ability to allow call processing on emergency verification. The addition of the allow-on-eca-timeout and the verify-emergency keywords provide these functions.
policy attach { imei-query-type ( imei | imei-sv | none ) [ verify-equipment-identity [ allow-on-eca-timeout | deny-greylisted | deny-unknown | verify-emergency ] ] | set-ue-time ( disable | enable }
The policy network command now supports the ability to switch on dual-addressing support to all network nodes including pre-release 8 SGSNs (Gn/Gp).
The policy tau command now supports the ability of the MME to allow call processing even if the EIR check times out. Also, the MME now has the ability to allow call processing on emergency verification. The addition of the allow-on-eca-timeout and the verify-emergency keywords provide these functions.
policy tau { imei-query-type { imei | imei-sv | none } [ verify-equipment-identity [ allow-on-eca-timeout | deny-greylisted | deny-unknown | verify-emergency ] ] | set-ue-time ( disable | enable }
The bind command now supports IPv6 addressing as well as SCTP multi-homing with the addition of the secondary ipv4-address keyword and the initial and secondary ipv6-address keywords.
bind ( ipv4-address ipv4_address [ ipv4-address ipv4_address ] | ipv6-address ipv6_address [ ipv6-address ipv6_address ] }
To support enhanced TAI to LAI mapping, the non-pool-area command now supports the optional configuration of the Public Land Mobile Network (PLMN) ID to determine the correct VLR to use, by including the optional plmnid keywords.
non-pool-area name use-vlr vlr_name [ lac value(s) ] [ plmnid { any | mcc mcc_value mnc mnc_value } ]
The vlr command now supports IPv6 addressing as well as SCTP multi-homing with the addition of the secondary ipv4-address keyword and the initial and secondary ipv6-address keywords.
vlr vlr_name ( ipv4-address ipv4_address [ ipv4-address ipv4_address ] | ipv6-address ipv6_address [ ipv6-address ipv6_address ] } port port_number
This command enables/disables all or specified NAT Application Level Gateways (ALG). The h323 keyword is added to this command to enable/disable H323 processing.
This command controls routing of packets to protocol analyzers. The h323 keyword is added to this command to route the H323 analyzer for the ruledef.
route priority route_priority ruledef ruledef_name analyzer { dns | file-transfer | ftp-control | ftp-data | h323 | http | imap | mms | p2p | pop3 | pptp | rtcp | rtp | rtsp | sdp | secure-http | sip [ advanced ] | smtp | tftp | wsp-connection-less | wsp-connection-oriented } [ description description ]
no route priority route_priority
This command enables/disables all or specified NAT Application Level Gateways (ALG). The following keywords are added to this command to enable/disable processing for NAT44/NAT64 ALGs.
[ default | no ] firewall nat-alg { all | ftp | h323 | pptp | rtsp | sip } [ ipv4-and-ipv6 | ipv4-only | ipv6-only ]
This command enables/disables Network Address Translation (NAT) support in a Firewall-and-NAT policy. The following keywords are added to this command to enable/disable NAT processing for IPv4/IPv6:
nat policy [ ipv4-and-ipv6 | ipv4-only | ipv6-only ] [ default-nat-realm nat_realm_name [ fw-and-nat-action action_name ] ]
This command controls routing of packets to protocol analyzers. The basic-and-advanced option is added to sip keyword for SIP packets to route through SIP analyzer and SIP ALG.
route priority route_priority ruledef ruledef_name analyzer { dns | file-transfer | ftp-control | ftp-data | h323 | http | imap | mms | p2p | pop3 | pptp | rtcp | rtp | rtsp | sdp | secure-http | sip [ advanced | basic-and-advanced ] | smtp | tftp | wsp-connection-less | wsp-connection-oriented } [ description description ]
no route priority route_priority
The keyword service-context-id has been added to this command.
diameter service-context-id service_context_id
This command enables the specification of some of the optional fields in the CDRs that the GSN (GGSN, P-GW, or SGSN) generates and/or how the information is to be presented. Several keywords have been added.
gtpp attribute { camel-info | cell-plmn-id | diagnostics | duration-ms | imei | local-record-sequence-number | msisdn | node-id-suffix STRING | plmn-id | rat | record-extensions rat | sms { destination-number | recording-entity | service-centre } } +
default gtpp attribute { cell-plmn-id | diagnostics | duration-ms | imei | local-record-sequence-number | msisdn | plmn-id | rat | record-extensions rat | sms { destination-number | recording-entity | service-centre } }
no gtpp attribute { cell-plmn-id | diagnostics | duration-ms | imei | local-record-sequence-number | msisdn | node-id-suffix | plmn-id | rat | record-extensions rat | sms { destination-number | recording-entity | service-centre } }
The keyword rulebase-max-length and its options have been added to the following command.
gtpp egcdr { final-record [ [ include-content-ids { all | only-with-traffic } ] [ closing-cause { same-in-all-partials | unique } ] ] | losdv-max-containers max_losdv_containers | lotdv-max-containers max_lotdv_containers | rulebase-max-length rulebase_name_max_length | service-data-flow threshold { interval interval | volume { downlink bytes
[ uplink bytes ] | total bytes | uplink bytes [ downlink bytes ] } } | service-idle-timeout { 0 | service_idle_timeout } }
[ uplink bytes ] | total bytes | uplink bytes [ downlink bytes ] } } | service-idle-timeout { 0 | service_idle_timeout } }
default gtpp egcdr { final-record include-content-ids only-with-traffic closing-cause same-in-all-partials | losdv-max-containers | lotdv-max-containers | service-idle-timeout 0 }
no gtpp egcdr { rulebase-max-length | service-data-flow threshold { interval | volume { downlink [ uplink ] | total | uplink [ downlink ] } } }
Support has been added for the following charging-characteristics:
insert xheader_field_name { string-constant xheader_field_value | variable { bearer { 3gpp { apn | charging-characteristics | charging-id | imei | imsi | rat-type | sgsn-address } | acr | customer-id | ggsn-address | mdn | radiuscalling-station-id | session-id | sn-rulebase| subscriber-ip-address | username } [ encrypt ] | http { host | url } }
no insert xheader_field_name
Support has been added for serving-node trigger type.
The keyword shape and its options have been removed from the following command.
apn-ambr rate-limit direction { downlink | uplink } [ burst-size { auto-readjust duration seconds | bytes } | violate-action { drop | lower-ip-precedence | shape [ transmit-when-buffer-full ] | transmit } ]
apn-ambr rate-limit direction { downlink | uplink } [ burst-size { auto-readjust duration seconds | bytes } | violate-action { drop | lower-ip-precedence | transmit } ]
cc profile index { buckets num | interval seconds | sdf-interval seconds | sdf-volume { downlink octets { uplink octets } | total octets | uplink octets { downlink octets } } | serving-nodes num | tariff time1 min hrs
[ time2 min hrs...time4 min hrs ] | volume { downlink octets { uplink octets } | total octets | uplink octets { downlink octets } } }
[ time2 min hrs...time4 min hrs ] | volume { downlink octets { uplink octets } | total octets | uplink octets { downlink octets } } }
default cc profile index
no cc profile index { buckets | interval | sdf-interval | sdf-volume | serving-nodes | tariff | volume }
With previous virtual-apn CLI command, either cc or imsi could be used to define a selection rule for virtual apn.
Now, virtual-apn CLI command can also be used to define a imsi+cc virtual apn selection rule.
virtual-apn { gcdr apn-name-to-be-included { Gn | virtual } | preference priority apn apn_name [ access-gw-address { ip_address | ip_address/mask } | bearer-access-service svc_name | cc-profile cc_profile_index [ rat-type
{ eutran | gan | geran | hspa | utran | wlan } ] | domain domain_name | mcc mcc_number mnc mnc_number [ cc-profile cc_profile_index ] | [ msin-range from msin_range_from to msin_range_to ] | [ rat-type { eutran | gan | geran | hspa | utran | wlan } ] | msisdn-range { from msisdn_start_range to msisdn_to_range | rat-type { eutran | gan | geran | hspa | utran | wlan } } | rat-type { eutran | gan | geran | hspa | utran | wlan } | roaming-mode { home | roaming | visiting } ] }
{ eutran | gan | geran | hspa | utran | wlan } ] | domain domain_name | mcc mcc_number mnc mnc_number [ cc-profile cc_profile_index ] | [ msin-range from msin_range_from to msin_range_to ] | [ rat-type { eutran | gan | geran | hspa | utran | wlan } ] | msisdn-range { from msisdn_start_range to msisdn_to_range | rat-type { eutran | gan | geran | hspa | utran | wlan } } | rat-type { eutran | gan | geran | hspa | utran | wlan } | roaming-mode { home | roaming | visiting } ] }
no virtual-apn preference priority
|
l
|
The associate command in the S-GW Service Configuration Mode is updated with the new subscriber-map keyword. This new keyword allows the S-GW service to be associated with a subscriber map configured through the LTE Policy Configuration Mode, and thus, to an operator policy.
The S-GW now supports the charging characteristics (cc) commands in the APN Profile and Call Control Profile Configuration Modes.
cc { local-value-for-scdrs behavior bit_value profile index_bit | prefer { hlr-value-for-scdrs | local-value-for-scdrs } }
cc { behavior-bit no-records bit_value | local-value behavior bit_value profile index_bit | prefer { hlr-value | local-value } }
The S-GW now supports the accounting context command in the Call Control Profile Configuration Mode.
[ no ] authorization mediatype { application | audio | control | data | message | others | text | video }
The keyword tls-crypto-template and its options have been added to this command.
bind address ip_address [ cscf-hostname host_name ] [ ipsec-crypto-template template ] [ max-sessions max# ] [ port number ] [ reserved-call-capacity percentage ] [ tls-crypto-template template [ tls-port number ] ] [ transport tcp ] [ use-serviceport-towards-network ]
The keyword signalling-pool has been added to this command. Specifies the name of an existing IP pool from where IP addresses will be used to fill in signalling headers only.
no nat-pool name pool_name
The keyword overload and its options have been moved from the CSCF Policy Rules Configuration Mode. The keyword ibcf-capability has also been added to this command.
policy { accounting interim-interval value | allow-early-media | ibcf-capability domain domain/name | overload [ drop | redirect IPv4_address1 [ weight weight1 ] [ IPv4_address2 [ weight weight2 ] ] ... | reject ] | threshold congestion-control { system-cpu-utilization percent | tolerance percent } }
default policy { allow-early-media | overload | threshold congestion-control { system-cpu-utilization | tolerance } }
no policy { accounting interim-interval | allow-early-media | ibcf-capability domain domain/name | overload [ redirect IPv4_address1 ] [ IPv4_address2 ] ... | threshold congestion-control { system-cpu-utilization | tolerance } }
This command enables thresholds alerting and configuration of thresholds for CSCF Service. This functionality has been moved from the Global Configuration Mode.
threshold { { call-setup-failures | call-total-active | error-no-resource | error-presence | error-reg-auth | error-tcp | invite-rcvd-rate | reg-rcvd-rate | reg-total-active | route-failures } high_thresh [ clear low_thresh ] | monitoring }
The keyword cleanup-timer has been added to this command. This timer is used to control how often to check for idle TCP connections.
timeout { hss-wait sec | no-answer sec | policy-interface sec | sip { 3gpp-d sec | 3gpp-t1 msec | 3gpp-t2 sec | 3gpp-t4 sec | d sec | idle-tcp-connection msec [ cleanup-timer msec ] | invite-expiry sec | t1 msec | t2 sec | t4 sec } }
default timeout { hss-wait | no-answer | policy-interface | sip { 3gpp-d | 3gpp-t1 | 3gpp-t2 | 3gpp-t4 | d | idle-tcp-connection | invite-expiry | t1 | t2 | t4 } }
The keyword private-network has been added to this command.
no trusted-domain-entity address
The keyword source has been removed from the following command.
In addition, the keyword preference and its options have been added to this command.
aaa-group name criteria { source aor aor_prefix | subscriber-capability { audio [ only ] | text | video } | subscriber-ip-type { v4 | v6 } } +
no aaa-group name
aaa-group name { [ preference value ] criteria { aor aor_prefix | subscriber-capability { capability_type } | subscriber-ip-type
{ v4 | v6 } } + }
{ v4 | v6 } } + }
Previously, if criteria source aor <aor-prefix> was configured, fetching of aaa group name was done based on source aor. Now, fetching of aaa group name for a subscriber can be based on source aor match or destination aor match.
The keyword length and its options have been added to this command.
action modify string position num length length target { destination | source } { aor | domain | user }
The keyword custom-md5 has been added to this command:
|
l
|
authentication { aka-v1 value | allow-auth-rsp-failure re-register | allow-hssfailure re-register | allow-noauth [ invite | re-register| register ] | allownoipauth [ invite | re-register| register ] | allow-skip-sar re-register | allow-unsecure | aor-auth | custom-md5 value | md5 value }
no authentication { aka-v1 | allow-auth-rsp-failure re-register | allow-hssfailure re-register | allow-noauth [ invite | re-register| register ] | allownoipauth [ invite | re-register| register ] | allow-skip-sar re-register | allow-unsecure | aor-auth | custom-md5 | md5 }
The keyword prov-response has been added to this command:
The keyword profile-part-indicator has been made optional in this command.
cscf ifc-filter-criteria id fc_id priority pri [ profile-part-indicator
{ registered | unregistered } ] app-server uri scheme { sip | sips } as as-defaulthandling { session-continue | session-terminate } [ -noconfirm ] | [ service-info info ] [ trigger-point tp_name ] [ -noconfirm ] |
[ trigger-point tp_id ] [ -noconfirm ]
{ registered | unregistered } ] app-server uri scheme { sip | sips } as as-defaulthandling { session-continue | session-terminate } [ -noconfirm ] | [ service-info info ] [ trigger-point tp_name ] [ -noconfirm ] |
[ trigger-point tp_id ] [ -noconfirm ]
The keyword ue-status and its options have been added to this command. This command now configures reject with specific response code for UE capability failure or UE status.
custom response { ue-capability-failure { capability_type } | ue-status
( status } } reject response-code { response_code }
( status } } reject response-code { response_code }
In addition, keywords can now be entered multiple times within a single command to support multi-part ACL in CSCF.
deny { any | destination aor aor | log { any | destination aor aor | source { address ip_address | aor aor } | subscriber-capability { capability_type } | user-agent device-type device_type } | source { address ip_address | aor aor } | subscriber-capability { capability_type } | user-agent device-type device_type + }
no deny { any | destination aor aor | source { address ip_address | aor aor } | subscriber-capability { capability_type } | user-agent device-type device_type + }
|
l
|
diameter policy-control { dictionary { gq-custom | gq-standard | rq-custom | rx-custom01 | rx-custom02 | rx-custom03 | rx-custom04 | rx-custom05 | rx-rel8 | rx-standard | tx-standard } | origin endpoint endpoint_name | peer-select peer peer_name [ peer-realm realm_name ] [ secondary-peer peer_name [ sec-peer-realm realm_name ] ] | request-timeout sec }
The keyword v6port-range and its options have been added to this command.
|
l
|
monitor-status { max-response-codes negative max | [ monitor-interval seconds ] [ monitor-message options [ max-forwards max | response-timer seconds ] ] [ monitor-response-timer seconds ] | response-code { positive SIP_response_code | negative SIP_response_code } | timer [ mark-out-of-service seconds ] [ unavailable-monitor-interval seconds ] [ unavailable-notification seconds ] }
In addition, keywords can now be entered multiple times within a single command to support multi-part ACL in CSCF.
permit { any | destination aor aor | log { any | destination aor aor | source { address ip_address | aor aor } | subscriber-capability { capability_type } | user-agent device-type device_type } | source { address ip_address | aor aor } | subscriber-capability { capability_type } | user-agent device-type device_type + }
no permit { any | destination aor aor | source { address ip_address | aor aor } | subscriber-capability { capability_type } | user-agent device-type device_type + }
The keyword implicit and its options have been added to this command. This command now specifies the implicit amount of time that a registration can exist on the system.
The keyword timeout and its options have been added to this command.
|
l
|
|
l
|
route { domain name | local { icscf | pcscf | scscf } | nexthop-address address | peer-servers list_name | peer-servers-group group_name | route-list group_name | vpn name } [ [ mod-req-uri ] base-criteria criteria [ filter-criteria1 criteria ] [ filter-criteria2 criteria ] ] [ log ]
no route { domain name | local { icscf | pcscf | scscf } | nexthop-address address | peer-servers list_name | peer-servers-group group_name | route-list group_name | vpn name } base-criteria criteria [ filtercriteria1 criteria ] [ filter-criteria2 criteria ]
The keyword p-cust1-prid-info has been added to this command.
[ no ] sip-header insert { p-access-network-info | p-cust1-prid-info | p-user-database }
The keyword p-cust1-prid-info has been added to this command.
The optional keyword custom-logic has been added to this command.
|
l
|
timeout { hss-wait sec | map-slr-response sec | no-answer sec | policy-interface sec | sip { 3gpp-d sec | 3gpp-t1 msec | 3gpp-t2 sec | 3gpp-t4 sec | c sec | d sec | idle-tcp-connection msec [ cleanup-timer msec ] | invite-expiry sec | t1 msec | t2 sec | t4 sec } }
default timeout { hss-wait | map-slr-response | no-answer | policy-interface | sip { 3gpp-d | 3gpp-t1 | 3gpp-t2 | 3gpp-t4 | c | d | idle-tcp-connection | invite-expiry | t1 | t2 | t4 } }
This command can now be used to update and trigger NOTIFY for the subscribers based on reg-state and event. contact is an optional parameter; when contact is not specified, all the contact IDs associated with either a specified user or all users will be updated and trigger NOTIFY.
update cscf subscriber { all | username user_name } cscf-service service_name { { [ contact contact_address ] reg-state { active event
{ refreshed | shortened } time seconds } | terminated event { deactivated | | expired | rejected | unregistered } } | reauthentication-time seconds }
[ verbose ]
{ refreshed | shortened } time seconds } | terminated event { deactivated | | expired | rejected | unregistered } } | reauthentication-time seconds }
[ verbose ]
This command has been moved from the SGSN Global configuration mode to the APN Profile configuration mode.
New keyword ‘fallback-apn’ allows definition of a dummy APN to use when default APN is not available.
apn-selection-default network-identifier <apn_net_id> [ fallback-apn <apn_net_id> | reject-blank-apn | require-dns-fail-wildcard | require-subscription-apn ] }
Three new keywords have been added to support flexible new options for using default APNs in the APN selection process:
|
l
|
first-in-subscription - option instructs the SGSN to use the APN in the first subscription record as a default APN.
|
|
l
|
fallback-to-first-in-subscription - option instructs the SGSN to use the APN in the first subscription record when configured default APN is not available.
|
|
l
|
prefer-single-subscription - option instructs the SGSN to use the APN in subscription record if it is the only record available and normal APN selection fails.
|
apn-selection-default { first-in-subscription | network-identifier <> [ fallback-apn network-identifier <> | fallback-to-first-in-subscription | prefer-single-subscription | reject-blank-apn | require-dns-fail-wildcard | require-subscription-apn ] }
authenticate sms [ sms-type ( mo-sms | mt-sms } ] [ frequency <frequency> | access-type { umts | gprs } ]
A new keyword, on-first-vector, instructs the SGSN to begin the MS authentication process immediately after receiving the first vector from the HLR.
The range of the BSSGP MS flow control timer ‘th’ has been expanded (per TS 48.018) to 6 to 5999 seconds:
bssgp-timer th <6 to 5999>
New keyword (new-ni) enables APN remapping only when the charging characteristic value in the subscription record, associated with the requested APN, matches the values configured.
cc behavior <beh_val> profile <prof_val> apn-remap network-identifier <apn_net_id> new-ni <new_apn_net_id>
New keywords - negotiation-failure-action - have been added to configure the SGSN's action if there is not a match between the MS and SGSN ciphering algorithm configurations. As well, the call Attach/RAU Rejection message may include a configurable GMM failure code.
ciphering-algorithm { negotiation-failure-action { reject [ failure-code ] | use-geo0 } | priority priority }
New keyword in the command enables the SGSN to append geographical information to the APN string that is being sent in the DNS query.
If the DNS is configured to support, then inclusion of two new keywords - charg-id and rnc-id - facilitate GGSN selection.
dns-extn { charg-id { binary | decimal | hexadecimal } | lac-rac | msisdn | rnc-id [ charg-id { binary | decimal | hexadecimal } ] }
New keywords enable validation of P-TMSI signature in the Attach Request against the P-TMSI signature stored at the SGSN. As well, optionally a GMM reject cause code can be configured.
Configures the diffserv code point marking to be used when sending GTP-C messages originating from the session manager and SGTPC manager.
gtpc ip qos-dscp { af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | be | ef }
Inclusion of this new keyword, target-identification-preamble, allows the SGSN to ignore the default behavior and enables the SGSN to send the preamble byte in the Target Identification IE in the Relocation Request message:
The custom33 keyword has been enabled to allow inclusion of the custom33 dictionary in the billing context configuration and to associate the dictionary with the GTPP server group for the billing context.
New keyword "file-name-pattern" defines a pattern for the file name that will be used to match against the files to be purged.
The rai keyword has been added to configure the SGSN to include the RAI of the SGSN in CPCQ and UPCQ messages to the GGSN.
hop-count <1-15>
The description keyword has been added to the IMSI range configuration to clarify use of the ranges when Release 9.0 Operator Policy configurations are converted for use with the Operator Policy functionality of Release 12.0.
imsi-range mcc <mcc> mnc <mnc> msin first <msin> last <msin> operator-policy <policy_name> description <description>
New keywords enable the operator to provision port link aggregation across multiple side-by-side XGLCs -- horizontal link aggregation.
link-aggregation redundancy { standard | switched } [ hold-time <seconds> ] [ preferred slot { none | <slot#> } ]
Ranges and defaults for various MTP2 timers have been modified for ANSI and ITU variants for both SS7 lowspeed-narrowband and SS7 highspeed-narrowband links.
|
l
|
mtp2-tmr-t1 - ITU default value is 40s and ANSI default value is 13s
|
|
l
|
mtp2-tmr-t2 - ITU default value is 5s, ANSI default value is 11.5s
|
|
l
|
mtp2-tmr-t3 - ITU default value is 1.5s, ANSI default value is 11.5s
|
|
l
|
mtp2-tmr-t4e - ITU default value is 500ms, ANSI default value is 600ms
|
|
l
|
mtp2-tmr-t4n - ITU default value is 8.2s, ANSI default value is 2.3s
|
|
l
|
mtp2-tmr-t1 - ITU & ANSI ranges are 120 - 500
|
|
l
|
mtp2-tmr-t3 - ITU & ANSI ranges are 10 - 140
|
|
l
|
mtp2-tmr-t4n - ITU & ANSI ranges are 20 - 95
|
|
l
|
mtp2-tmr-t6 - ITU & ANSI ranges are 10 - 60
|
|
l
|
mtp2-tmr-t1 - ITU default value is 300s and ANSI default value is 170s
|
|
l
|
mtp2-tmr-t2 - ITU default value is 5s, ANSI default value is 23s
|
|
l
|
mtp2-tmr-t3 - ITU default value is 1.5s, ANSI default value is 11.5s
|
|
l
|
mtp2-tmr-t4e - ITU default value is 500ms, ANSI default value is 5s
|
|
l
|
mtp2-tmr-t1 - ITU & ANSI ranges are 160 - 3500
|
|
l
|
mtp2-tmr-t2 - ITU & ANSI ranges are 50 - 1500
|
|
l
|
mtp2-tmr-t3 - ITU & ANSI ranges are 10 - 140
|
|
l
|
mtp2-tmr-t4e - ITU & ANSI ranges are 4 - 60
|
|
l
|
mtp2-tmr-t6 - ITU & ANSI ranges are 10 - 60
|
The default number (272) of outstanding packets sent by the linkmgr (MTP2), for both high-speed and low-speed narrowband SS7 links, has been changed
mtp3-msg-size <1-272>
In support of NRPCA, new keywords identify a predefined location area code list and define a GTPP failure cause code for inclusion in activation Reject messages.
network-initiated-pdp-activation { allow { primary | secondary } | restrict { primary | secondary } } access type { gprs | umts } { all | location-area-list instance <instance> } failure-code <code>
The following command has been moved from the SGSN-Service configuration mode to the IuPS-Service configuration mode:
New queue-size and wait-time keywords define the queue size for buffering and message age-out wait-time for optimized network overload protection.
network-overload-protection sgsn-new-connections-per-second #_new_connections action { drop | reject with cause { congestion | network failure } } [ queue-size <queue_size> ] [ wait-time <wait_time> ]
The lowest values of the configurable ranges have been decreased from 20 to 1 for the rate at which the SGSN deactivates PDP for both the connected-ready and idle-standby subscriber connections. The rate is per second per SessMgr when GPT-C path failure is detected.
New mbr-map-down and mbr-map-up keywords enable override mapping to replace a maximum bit rate (MBR) received from the HLR with locally configured MBR.
qos class { background | conversational | interactive | streaming } [ mbr-map-down from from_kbps to to_kbps | mbr-map-up from from_kbps to to_kbps ]
|
l
|
|
l
|
|
l
|
|
l
|
|
l
|
[ remove ] qos class { background | conversational | interactive | streaming } [ all-values | arp | gbr-down | gbr-up | mbr-down | mbr-map-down | mbr-map-up | mbr-up | min-transfer-delay | residual-bit-error-rate | sdu | thp ]
A new keyword enables the SGSN to use a ‘selected-plmn’ in the plmn-part of the Global Core Network ID IE in Reset/Ack and Reset-Resource/Ack messages when network sharing has been enabled.
ranap global-cn-id { reset-procedure | reset-resource-procedure } [ network-sharing selected-plmn ]
[ default | no ] ranap global-cn-id { reset-procedure | reset-resource-procedure }
This command has been modified to allow the operator to configure QoS overrides for both pre-release 7 and release 7 compliant RNC. New keywords are gbr-down, gbr-up, mbr-down, and mbr-up.
release-compliance { pre-release-7 | release-7 } [ gbr-down <gbr_dn_val> | gbr-up <gbr_up_val> | mbr-down <mbr_dn_val> | mbr-up <mbr_up_val> ] +
Include this keyword with the following commands in the PSP configuration mode. Enter it before entering a value. This enables configuration with finer granuality - in 10 millisecond units.
sctp-rto-min units-10ms <1-500>
sctp-sack-period units-10ms <1-500>
sgsn offload [ gprs-service <srvc_name> | sgsn-service <srvc_name> } { activating | connecting [ nri-value <nri_value> | stop [ target-nri <target_nri> target-count <target_count> ] | t3312-timeout <seconds> [ target-nri <target_nri> target-count <target_count> ] | target-nri <target_nri> target-count <target_count> }
|
l
|
• reset ack-timeout range has been expanded from 5 - 10 to 5 - 60 seconds. Default has increased to 20 seconds.
|
|
l
|
• reset guard-timeout range has been expanded from 5 - 10 to 5 - 60 seconds.
|
|
l
|
• tigoc-timeout range has been expanded from 1 - 10 to 1 - 60 seconds
|
|
l
|
• tintc-timeout range has been expanded from 1 - 10 to 1 - 60 seconds and the default has been increased to 30 seconds.
|
The default (now 30 seconds) and maximum range of seconds (now 1 to 300) configurable for the SNDCP reassembly timer have been changed to facilitate support for the reordering of sub-network dependent convergence protocol N-PDU segments that arrive out-of-order.
sndcp reassembly-timeout <seconds>
New keyword ‘fallback-apn’ allows definition of a dummy APN to use when default APN is not available.
apn-selection-default network-identifier <apn_net_id> [ fallback-apn <apn_net_id> | reject-blank-apn | require-dns-fail-wildcard | require-subscription-apn ] }
Three new keywords have been added to support flexible new options for using default APNs in the APN selection process:
|
l
|
first-in-subscription - option instructs the SGSN to use the APN in the first subscription record as a default APN.
|
|
l
|
fallback-to-first-in-subscription - option instructs the SGSN to use the APN in the first subscription record when configured default APN is not available.
|
|
l
|
prefer-single-subscription - option instructs the SGSN to use the APN in subscription record if it is the only record available and normal APN selection fails.
|
apn-selection-default { first-in-subscription | network-identifier <net_id> [ fallback-apn network-identifier <net_id> | fallback-to-first-in-subscription | prefer-single-subscription | reject-blank-apn | require-dns-fail-wildcard | require-subscription-apn ] }
authenticate sms [ sms-type ( mo-sms | mt-sms } ] [ frequency <frequency> | access-type { umts | gprs } ]
The range of the BSSGP MS flow control timer ‘th’ has been expanded (per TS 48.018) to 6 to 5999 seconds:
bssgp-timer th <6 to 5999>
New keywords - negotiation-failure-action - have been added to configure the SGSN's action if there is not a match between the MS and SGSN ciphering algorithm configurations. As well, the call Attach/RAU Rejection message may include a configurable GMM failure code.
ciphering-algorithm { negotiation-failure-action { reject [ failure-code <code>] | use-geo0 } | priority <priority> }
New keyword in the command enables the SGSN to append geographical information to the APN string that is being sent in the DNS query.
Configures the diffserv code point marking to be used when sending GTP-C messages originating from the session manager and SGTPC manager.
gtpc ip qos-dscp { af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | be | ef }
Inclusion of this new keyword, target-identification-preamble, allows the SGSN to ignore the default behavior and enables the SGSN to send the preamble byte in the Target Identification IE in the Relocation Request message:
The custom33 keyword has been enabled to allow inclusion of the custom33 dictionary in the billing context configuration and to associate the dictionary with the GTPP server group for the billing context.
New keyword "file-name-pattern" defines a pattern for the file name that will be used to match against the files to be purged.
The rai keyword has been added to configure the SGSN to include the RAI of the SGSN in CPCQ and UPCQ messages to the GGSN.
hop-count <1-15>
The description keyword has been added to the IMSI range configuration to clarify use of the ranges when Release 9.0 Operator Policy configurations are converted for use with the Operator Policy functionality of Release 12.0.
imsi-range mcc <mcc> mnc <mnc> msin first <msin> last <msin> operator-policy <policy_name> description <description>
New keywords enable the operator to provision port link aggregation across multiple side-by-side XGLCs -- horizontal link aggregation.
link-aggregation redundancy { standard | switched } [ hold-time <seconds> ] [ preferred slot { none | <slot#> } ]
Ranges and defaults for various MTP2 timers have been modified for ANSI and ITU variants for both SS7 lowspeed-narrowband and SS7 highspeed-narrowband links.
|
l
|
mtp2-tmr-t1 - ITU default value is 40s and ANSI default value is 13s
|
|
l
|
mtp2-tmr-t2 - ITU default value is 5s, ANSI default value is 11.5s
|
|
l
|
mtp2-tmr-t3 - ITU default value is 1.5s, ANSI default value is 11.5s
|
|
l
|
mtp2-tmr-t4e - ITU default value is 500ms, ANSI default value is 600ms
|
|
l
|
mtp2-tmr-t4n - ITU default value is 8.2s, ANSI default value is 2.3s
|
|
l
|
mtp2-tmr-t1 - ITU & ANSI ranges are 120 - 500
|
|
l
|
mtp2-tmr-t3 - ITU & ANSI ranges are 10 - 140
|
|
l
|
mtp2-tmr-t4n - ITU & ANSI ranges are 20 - 95
|
|
l
|
mtp2-tmr-t6 - ITU & ANSI ranges are 10 - 60
|
|
l
|
mtp2-tmr-t1 - ITU default value is 300s and ANSI default value is 170s
|
|
l
|
mtp2-tmr-t2 - ITU default value is 5s, ANSI default value is 23s
|
|
l
|
mtp2-tmr-t3 - ITU default value is 1.5s, ANSI default value is 11.5s
|
|
l
|
mtp2-tmr-t4e - ITU default value is 500ms, ANSI default value is 5s
|
|
l
|
mtp2-tmr-t1 - ITU & ANSI ranges are 160 - 3500
|
|
l
|
mtp2-tmr-t2 - ITU & ANSI ranges are 50 - 1500
|
|
l
|
mtp2-tmr-t3 - ITU & ANSI ranges are 10 - 140
|
|
l
|
mtp2-tmr-t4e - ITU & ANSI ranges are 4 - 60
|
|
l
|
mtp2-tmr-t6 - ITU & ANSI ranges are 10 - 60
|
In support of NRPCA, new keywords identify a predefined location area code list and define a GTPP failure cause code for inclusion in activation Reject messages.
network-initiated-pdp-activation { allow { primary | secondary } | restrict { primary | secondary } } access type { gprs | umts } { all | location-area-list instance <instance> } failure-code <code>
The lowest values of the configurable ranges have been decreased from 20 to 1 for the rate at which the SGSN deactivates PDP for both the connected-ready and idle-standby subscriber connections. The rate is per second per SessMgr when GPT-C path failure is detected.
New mbr-map-down and mbr-map-up keywords enable override mapping to replace a maximum bit rate (MBR) received from the HLR with locally configured MBR.
qos class { background | conversational | interactive | streaming } [ mbr-map-down from <from_kbps> to <to_kbps> | mbr-map-up from <from_kbps> to <to_kbps> ]
|
l
|
|
l
|
|
l
|
|
l
|
|
l
|
[ remove ] qos class { background | conversational | interactive | streaming } [ all-values | arp | gbr-down | gbr-up | mbr-down | mbr-map-down | mbr-map-up | mbr-up | min-transfer-delay | residual-bit-error-rate | sdu | thp ]
A new keyword enables the SGSN to use a ‘selected-plmn’ in the plmn-part of the Global Core Network ID IE in Reset/Ack and Reset-Resource/Ack messages when network sharing has been enabled.
ranap global-cn-id { reset-procedure | reset-resource-procedure } [ network-sharing selected-plmn ]
[ default | no ] ranap global-cn-id { reset-procedure | reset-resource-procedure }
Include this keyword with the following commands in the PSP configuration mode. Enter it before entering a value. This enables configuration with finer granuality - in 10 millisecond units.
sctp-rto-min units-10ms <1-500>
sctp-sack-period units-10ms <1-500>
sgsn offload [ gprs-service <srvc_name> | sgsn-service <srvc_name> } { activating | connecting [ nri-value <nri_value> | stop [ target-nri <target_nri> target-count <target_count> ] | t3312-timeout <seconds> [ target-nri <target_nri> target-count <target_count> ] | target-nri <target_nri> target-count <target_count> }
|
l
|
• reset ack-timeout range has been expanded from 5 - 10 to 5 - 60 seconds. Default has increased to 20 seconds.
|
|
l
|
• reset guard-timeout range has been expanded from 5 - 10 to 5 - 60 seconds.
|
|
l
|
• tigoc-timeout range has been expanded from 1 - 10 to 1 - 60 seconds
|
|
l
|
• tintc-timeout range has been expanded from 1 - 10 to 1 - 60 seconds and the default has been increased to 30 seconds.
|
The default (now 30 seconds) and maximum range of seconds (now 1 to 300) configurable for the SNDCP reassembly timer have been changed to facilitate support for the reordering of sub-network dependent convergence protocol N-PDU segments that arrive out-of-order.
sndcp reassembly-timeout <seconds>
The range for the number of actions configurable per GTT association has been increased from 8 to 15.
no action id <id>
A new keyword, on-first-vector, instructs the SGSN to begin the MS authentication process immediately after receiving the first vector from the HLR.
The authenticate command has been re-architected to provide interface consistency and to allow the operator to enable the functions as needed. The function of the ‘no’ keyword in all instances now disables the specified function. Several new keywords have been added; see the Command Line Interface Reference for use and function information for all of these new keywords:
|
l
|
This function is no longer enabled by default, so the default keyword has been removed (deprecated).
authenticate activate [ access-type { gprs | umts } | first | frequency <frequency> | primary ] [ access-type { gprs | umts } ]
[ no | remove ] authenticate activate [ access-type { gprs | umts } | first | primary ] [ access-type { gprs | umts } ] ]
authenticate all-events [ access-type { gprs | umts } | frequency <frequency> [ access-type { gprs | umts } ] ]
authenticate attach [ access-type { gprs | umts } | attach-type { combined | gprs-only } | frequency <frequency> | inter-rat ] [ access-type { gprs | umts } ]
[ no | remove ] authenticate attach [ access-type { gprs | umts } | attach-type { combined | gprs-only } | inter-rat ] [ access-type { gprs | umts } ]
authenticate rau [ access-type { gprs | umts } | frequency <frequency> | periodicity <duration> | update-type { combined-update | imsi-combined-update | periodic | ra-update [ with { foreign-ptmsi | inter-rat-local-ptmsi | local-ptmsi } ] ] [ access-type { gprs | umts } | frequency <frequency> | periodicity <duration> ]
no authenticate rau [ access-type { grps | umts } | update-type { combined-update | imsi-combined-update | periodic | ra-update [ with { foreign-ptmsi | inter-rat-local-ptmsi | local-ptmsi } [ access-type { gprs | umts } ]
remove authenticate rau [ access-type { gprs | umts } | periodicity | update-type { combined-update | imsi-combined-update | periodic | ra-update [ periodicity | with { foreign-ptmsi | inter-rat-local-ptmsi | local-ptmsi } [ access-type { gprs | umts } ]
authenticate service-request [ frequency <frequency> | periodicity <duration> | service-type { data | page-response | signaling } [ frequency <frequency> | periodicity <duration> ] ]
remove authenticate service-request [ periodicity | service-type { data | page-response | signaling } [ periodicity ] ]
authenticate sms [ access-type { gprs | umts } | frequency <frequency> | sms-type { mo-sms | mt-sms } ] [ access-type { gprs | umts } | frequency <frequency> ]
[ no | remove ] authenticate sms [ access-type { gprs | umts } | sms-type { mo-sms | mt-sms } [ access-type { gprs umts }]]
New keyword (new-ni) enables APN remapping only when the charging characteristic value in the subscription record, associated with the requested APN, matches the values configured.
cc behavior <beh_val> profile <prof_val> apn-remap network-identifier <apn_net_id> new-ni <new_apn_net_id>
New keywords enable validation of P-TMSI signature in the Attach Request against the P-TMSI signature stored at the SGSN. As well, optionally a GMM reject cause code can be configured.
In support of IPv4v6 dual PDP address types, this new keyword enables the SGSN to include IPv4v6 address information in the S-CDR. The IPv4 address goes in the new PDP address extension field and the IPv6 address goes in the existing servedPDPAddress field.
One new keyword enables (disabled by default) the use of continuous file sequence numbers and the second new keyword allows for recovery of file sequence numbers in the event of aaaproxy or chassis restarts/reboots.
gtpp storage-server local file { compression | format | name | purge-processed-files | rotation | start-file-seq-num <number> [ recover-file-seq-num ] }
New gtpu and gtpumgr logging filters enable the creation of Debug Logs specific to the GTPU information for the peer RNCs/GGSNs.
[ no ] logging filter active facility [ gtpu | gtpumgr ] level [ critical | error | warning | unusual | info | trace | debug ]
The following command has been moved from the SGSN-Service configuration mode to the IuPS-Service configuration mode:
The range of values has been expanded for the interval parameter:
ptmsi-reallocate interval <1 - 1440>
The remove keyword has been added to delete P-TMSI reallocation definitions from the configuration file. This function is no longer enabled by default, so the default keyword has been removed (deprecated).
[ no | remove ] ptmsi-reallocate { attach | frequency | interval | routing-area-update [ update-type { combined-update | imsi-combined-update | periodic | ra-update } ] | service-request [ service-type { data | page-response | signaling } ] } [ access-type { gprs | umts } ]
The range of values has been expanded for the interval parameter:
ptmsi-signature-reallocate interval <1 - 1440>
The remove keyword has been added to delete P-TMSI signature reallocation definitions from the configuration file. This function is no longer enabled by default, so the default keyword has been removed (deprecated).
[ no | remove ] ptmsi-signature-reallocate { attach | frequency | interval | routing-area-update [ update-type { combined-update | imsi-combined-update | periodic | ra-update } ] } [ access-type { gprs | umts } ]
New keyword displays authentication and P-TMSI reallocate and P-TMSI signature reallocate information in a new display table.
A new keyword gtpu-table filter allows the operator to display a table specific to GTPU information for the peer RNCs/GGSNs for the specified IuPS service.
show iups-service { all | name <srvc_name> } [ gtpu-table | rnc { all | id <rnc_id> } ] [ | { grep <grep_options> | more } ]
A new keyword gtpu-table filter allows the operator to display a table specific to GTPU information for the peer RNCs/GGSNs for the specified SGTP service.
show sgtp-service { all [ gtpu-table ] | ggsn-table [ smgr-instance <smgr_instance> ] | mbms-bearers | name <srvc_name> [ gtpu-table ] | sgsn-table }
New keyword allows the operator to configure a wildcard subscription with PDP type IPv4v6 for an SGSN default APN.
This command specifies the number of duplicate ACKs required for fast retransmission. The dynamic keyword was added to this command. This enables to dynamically change the number of duplicate ACKs required for fast retransmission based on the number of in-flight packets (one-third of the in-flight packets, subject to a minimum of two). This enables to eliminate spurious retransmissions when packet reordering in the network is high.
This command specifies the TPO profile to use when the traffic matches a particular TPO ruledef/TPO group-of-ruledefs. This command now enables to configure TPO group-of-ruledefs.
match-rule priority rule_priority { tpo-group-of-ruledefs tpo_group_of_ruledefs_name | tpo-ruledef tpo_ruledef_name } tpo { none | profile tpo_profile_name } [ description description ]
no match-rule priority rule_priority
This command specifies the number of duplicate ACKs required for fast retransmission. In the 12.2 and later releases, the behavior of the dynamic keyword has changed. Now the dynamic keyword specifies to dynamically change the number of duplicate ACKs required for fast retransmission based on the number of in-flight packets, and controls the actions taken on D-SACK detection.
This section provides information on commands that are common to all products that were obsoleted in Release 12.0.
This section provides information on commands that are common to all products that were obsoleted in Release 12.2.
This command has been removed from the 12.2 release and replaced with the associate sctp-parameters-template command in the Diameter Endpoint Configuration mode.
For more details on the new command, please see the associate command in Common Commands - New in Release 12.2 section.
This section provides information on Stateful Firewall commands that were obsoleted in Release 12.0.
This command has been obsoleted in 12.0 release and now available in GTP-U service configuration mode.
gtpu reorder { context { ppp } | sequence-numbers { ipv4 | ppp | ipv4-ppp | ppp-ipv4 } | timeout time }
This command has been removed from the 12.0 release and replaced with the lte-policy command.
This command functionality has been moved to the CSCF PCRF-Policy-Control Configuration Mode and expanded.
policy overload { redirect address1 [ weight weight1 ] [ address2 [ weight weight2 ] ] ... | reject [ use-reject-code { admin-prohibited | insufficient-resources } ] }
This command has been removed from the 12.0 release and replaced with the signaling-bearer-loss command in the CSCF PCRF-Policy-Control Configuration Mode.
This command in the SGSN-Service configuration mode has been replaced by the check-imei command in both the SGSN-Service and GPRS-Service configuration modes.
This command, in the SGTP Service configuration mode, has been deprecated because the default behavior has been modified so that the SGSN verifies the remote restart counter changes observed in the PDP establishment messages and to ensure no mistaken configuration leads to genuine GGSN restarts being ignored. For information about the behavioral change, see the New Features section.
This command in the SGSN-Service configuration mode has been replaced by the check-imei command in both the SGSN-Service and GPRS-Service configuration modes.
This command, in the SGTP Service configuration mode, has been deprecated because the default behavior was modified in 12.0 release so that the SGSN verifies the remote restart counter changes observed in the PDP establishment messages and to ensure no mistaken configuration leads to genuine GGSN restarts being ignored. For information about the behavioral change, see the SGSN in Release 12.0 section of the New Features Summary chapter.
Cisco Policy Provisioning Tool (PPT) is a Web-based client-server application which provides the user (network operator) a comprehensive use case design experience. It enables the network operator to design a service plan and subscriber profile data modelling at a time with the help of use case design and configuration.
PPT is designed to simplify use case configuration by importing the relevant Policy Control Enforcement Function (PCEF) flow, rules and APN data elements.
PCEF, typically located at the gateway is responsible for enforcing the policy and charging related decisions received from IPCF. PCEF performs service data flow detection as well as gate enforcement for the data flows.
For information about the PPT, refer Policy Provisioning Tool Installation and Administration Guide.
Subscriber Service Controller (SSC) is an application that complements and extends the functionality of Intelligent Policy Control Function (IPCF).
SSC uses Subscriber Profile Repository (SPR) data store, to implement the usage control policies in a centralized manner. It also handles account details as well as session state information of the subscriber. SSC can manage the event notification function for PCC, by sending e-mails or text messages to subscribers. SSC provides storage facility for subscriber profile along with centralized management of subscriber policy and quota for your deployment.
For information about the SSC, refer Subscriber Service Controller Installation and Administration Guide.
The Active Charging Support menu has been removed from the WEM Configuration menu. ACS functionality is now available via the CLI interface in the WEM’s Load Configuration feature.
During WEM installation in a High Availability environment, the pcrf folder was placed in the <ems_dir>/server directory. Now, the pcrf folder is placed on the shared disk so that it is available to both nodes in the cluster, and can thereby obtain data from external sources and parse the data to 3GPP format.
This is done automatically by the script once the path to the shared disk has been defined as part of the installation process.
Previously, configuration files were uploaded/downloaded using the FTP protocol. A pair of radio buttons has been added to the Software Upgrade dialog box to choose between FTP and SFTP protocols for transferring files.
If the WEM server is used as primary or secondary destination, then the user defined as the FTP user in the bulkstats configuration screen must be present/created on the WEM server by the system administrator. For the message "user for FTP-ing the files from ASR5K to WEM doesn't exist" the correct action is for the Admin to configure such a user.
This is addressed in the Troubleshooting chapter in the Web Element Manager Installation and Administration Guide.
Previously the documentation stated that the Script Server was disabled by default. The Script server is enabled by default and the documentation has been changed to reflect this.
Previously the documentation stated that the Script Server was disabled by default. The Script server is enabled by default and the documentation has been changed to reflect this.
