Before You Begin
IMPORTANT:
eWAG Configuration
IMPORTANT:
Creating and Configuring the eWAG Service
Creating the eWAG Service
configure
context <context_name> [ -noconfirm ]
ipsg-service <ipsg_service_name> mode radius-server
ewag [ -noconfirm ]
end
Configuring the eWAG Service
Configuring Stand-alone eWAG Deployment
configure
context <context_name>
ipsg-service <ipsg_service_name> mode radius-server
ewag
#To associate
an SGTP service:
associate
sgtp-service <sgtp_service_name> [ context <sgtp_context_name> ]
#To bind the
eWAG service to a logical AAA interface and configure the number
of subscriber sessions allowed:
bind
address <ipv4/ipv6_address> [ max-subscribers <max_sessions> | port <port_number> | source-context <source_context_name> ]
#To configure
location-specific mobile network identifiers:
plmn
id mcc <mcc_number> mnc <mnc_number>
#To enable
APN profile for eWAG and optionally configure the default APN:
profile
APN [ default-apn <default_apn_name> ]
#To configure
QoS DSCP parameters:
ip { gnp-qos-dscp | qos-dscp } qci { { { 1 | 2 | 3 | 4 | 9 } | { 5 | 6 | 7 | 8 } allocation-retention-priority { 1 | 2 | 3 } } { af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | be | ef | pt } } +
#To configure
RADIUS dictionary:
radius
dictionary <dictionary_name>
#To configure
RADIUS accounting parameters:
radius
accounting { client { <ipv4/ipv6_address> | <ipv4/ipv6_address/mask> } [ encrypted ] key <key> [ acct-onoff [ aaa-context <aaa_context_name> ] [ aaa-group <aaa_server_group_name> ] [ clear-sessions ] + ] [ dictionary <dictionary_name> ] [ disconnect-message [ dest-port <destination_port_number> ] + | interim create-new-call }
#To configure
timeout for eWAG session setup attempts:
setup-timeout <setup_timeout>
end
Configuring eWAG + GGSN Combo Deployment
IMPORTANT:
configure
context <context_name>
ipsg-service <ipsg_service_name> mode radius-server
ewag
#To associate
an SGTP service:
associate
sgtp-service <sgtp_service_name> [ context <sgtp_context_name> ]
#To bind the
eWAG service to a logical AAA interface and configure the number
of subscriber sessions allowed:
bind
address <ipv4/ipv6_address> [ max-subscribers <max_sessions> | port <port_number> | source-context <source_context> ]
#To configure
location-specific mobile network identifiers:
plmn
id mcc <mcc_number> mnc <mnc_number>
#To enable
APN profile for eWAG and optionally configure the default APN:
profile
APN [ default-apn <apn_name> ]
#To configure
QoS DSCP parameters:
ip { gnp-qos-dscp | qos-dscp } qci { { { 1 | 2 | 3 | 4 | 9 } | { 5 | 6 | 7 | 8 } allocation-retention-priority { 1 | 2 | 3 } } { af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | be | ef | pt } } +
#To configure
RADIUS dictionary:
radius
dictionary <dictionary_name>
#To configure
RADIUS accounting parameters:
radius
accounting { client { <ipv4/ipv6_address> | <ipv4/ipv6_address/mask> } [ encrypted ] key <key> [ acct-onoff [ aaa-context <aaa_context_name> ] [ aaa-group <aaa_server_group_name> ] [ clear-sessions ] + ] [ dictionary <dictionary> ] [ disconnect-message [ dest-port <destination_port_number> ] + | interim create-new-call }
#To configure
timeout for eWAG session setup attempts:
setup-timeout <setup_timeout>
end
Configuring the APN
configure
context <context_name>
apn <apn_name>
#To configure
the accounting mode:
accounting-mode none
#To specify
the ACS rulebase:
active-charging
rulebase <ecs_rulebase_name>
#To specify
the IP access group:
ip
access-group <access_list_name> in
ip
access-group <access_list_name> out
#To specify
the Firewall-and-NAT policy to use for NAT support:
fw-and-nat
policy <fw_nat_policy_name>
#To configure
alternative APN to be used by eWAG:
virtual-apn
preference <preference> apn <virtual_apn_name> access-gw-address { <radius_client_ipv4/ipv6_address> | <radius_client_ipv4/ipv6_address/mask> }
end
Configuring the SGTP Service
configure
context <context_name>
sgtp-service <sgtp_service_name>
#To configure
GTP-C parameters:
gtpc { bind
address <ipv4_address> | dns-sgsn
context <context_name> | echo-interval
<echo_interval_seconds> | echo-retransmission { exponential-backoff [ [ min-timeout <min_retrans_timeout_seconds> ] [ smooth-factor <smooth_factor> ] + ] | timeout <retrans_timeout_seconds> } | guard-interval <guard_interval_seconds> | ignore response-port-validation | ip
qos-dscp { af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | be | ef } | max-retransmissions <max_retransmissions> | retransmission-timeout <retrans_timeout_seconds> | send { common
flags | rab-context | target-identification-preamble } }
#To configure
GTP-U parameters:
gtpu { bind
address <ipv4_address> | echo-interval <echo_interval_seconds> | echo-retransmission { exponential-backoff [ [ min-timeout <min_retrans_timeout_seconds> ] [ smooth-factor <smooth_factor> ] + ] | timeout <retrans_timeout_seconds> } | max-retransmissions <max_retransmissions> | retransmission-timeout <retrans_timeout_seconds> }
#To configure
path failure detection policy:
path-failure
detection-policy gtp { echo | non-echo } +
#To configure
the restart counter change window to avoid service deactivations
and activations that could cause large bursts of network traffic
if the restart counter change messages from the GGSN are erroneous:
max-remote-restart-counter-change <variance>
end
Configuring NAT/ALG Support
Configuring Routing Rules and NAT ALG
configure
active-charging
service <ecs_service_name>
#To configure
routing ruledefs:
#FTP ALG:
ruledef <ftp_control_ruledef_name>
tcp
either-port <operator>
<value>
rule-application routing
exit
ruledef <ftp_data_ruledef_name>
tcp
either-port <operator>
<value>
rule-application routing
exit
#SIP ALG:
ruledef <sip_ruledef_name>
udp
either-port <operator>
<value>
rule-application routing
exit
#RTSP ALG:
ruledef <rtsp_ruledef_name>
tcp
either-port <operator>
<value>
rule-application routing
exit
#PPTP ALG:
ruledef <pptp_ruledef_name>
tcp
either-port <operator>
<value>
rule-application routing
exit
#TFTP ALG:
ruledef <tftp_ruledef_name>
tcp
either-port <operator>
<value>
rule-application routing
exit
#H323 ALG:
ruledef <h323_ruledef_name>
udp
either-port <operator>
<value>
rule-application routing
exit
ruledef <h323_multi_ruledef_name>
udp
either-port <operator>
<value>
rule-application routing
exit
ruledef <h323_tcp_ruledef_name>
tcp
either-port <operator>
<value>
rule-application routing
exit
#To configure
the routing rule priorities in the rulebase:
rulebase <rulebase_name>
route
priority <route_priority> ruledef <ftp_control_ruledef_name> analyzer ftp-control
route
priority <route_priority> ruledef <ftp_data_ruledef_name> analyzer ftp-data
route
priority <route_priority> ruledef <rtsp_ruledef_name> analyzer rtsp
route
priority <route_priority> ruledef <pptp_ruledef_name> analyzer pptp
route
priority <route_priority> ruledef <tftp_ruledef_name> analyzer tftp
route
priority <route_priority> ruledef <sip_ruledef_name> analyzer sip advanced
route
priority <route_priority> ruledef <h323_ruledef_name> analyzer h323
route
priority <route_priority> ruledef <h323_multi_ruledef_name> analyzer h323
route
priority <route_priority> ruledef <h323_tcp_ruledef_name> analyzer h323
exit
#To enable
payload (Layer 7) translation of IP packets, in the ECS service:
firewall
nat-alg ftp
firewall
nat-alg pptp
firewall
nat-alg rtsp
firewall
nat-alg sip
firewall
nat-alg h323
end
Additional Configurations
Configuring Access Lists
Configuring Bulk Statistics
configure
bulkstats mode
ipsg
schema <schema_name> format <schema_format>
end
Configuring Congestion Control
configure
#To enable
Congestion Control:
congestion-control
#To configure
Congestion Control policy:
congestion-control
policy ipsg-service action { drop | none }
#To configure
Congestion Control thresholds:
congestion-control
threshold { { license-utilization | max-sessions-per-service-utilization | message-queue-utilization | port-rx-utilization | port-specific { <slot/port> | all { rx-utilization | tx-utilization } } | port-specific-rx-utilization | port-specific-tx-utilization | port-tx-utilization | service-control-cpu-utilization | system-cpu-utilization | system-memory-utilization | tolerance } [ critical ] <percentage> | message-queue-wait-time [ critical ] <seconds> | { port-specific-rx-utilization | port-specific-tx-utilization } [ critical ] }
end
Verifying your Configuration
show congestion-control configuration
Configuring Session Recovery
configure
require
session recovery
end
eWAG Administration
Logging Support
logging filter active
facility { ipsg | ipsgmgr } level <severity_level> [ critical-info | no-critical-info ]
logging filter active
facility { sgsn-gtpc | sgsn-gtpu | sgtpcmgr } level <severity_level> [ critical-info | no-critical-info ]
logging filter active
facility sessmgr level <severity_level> [ critical-info | no-critical-info ]
Protocol Monitoring Support
Monitor Protocol
monitor protocol
Monitor Subscriber
monitor subscriber
Gathering eWAG-related Statistics and Information
| eWAG-related statistics or information | CLI command to use |
|---|---|
|
To view concise eWAG
service-level information.
|
show ipsg service all
|
|
To view detailed eWAG
service-level information.
|
show ipsg service all verbose
|
|
To view eWAG service-level
statistics, including session and RADIUS message-level statistics.
|
show ipsg statistic
|
|
To view eWAG session
counter information.
|
show ipsg sessions counters
|
|
To view eWAG subscriber
information.
|
show subscribers ipsg-only
|
|
To view detailed eWAG
session information, for all sessions.
|
show ipsg sessions
full all
|
|
To view detailed subscriber
information, for all subscribers.
|
show subscribers full all
|
|
To view session progress
information for in-progress calls.
|
show session progress
|
|
To view IPSG Manager
related information.
|
show session subsystem facility
ipsgmgr
|
|
To view APN-related
information.
|
show apn name <apn_name>
|
|
To view APN-related
statistics.
|
show apn statistics
|
|
To view SNMP trap history.
|
show snmp trap history | grep
IPSG
|
|
To view SNMP trap statistics,
for all services including eWAG and SGTP.
|
show snmp trap statistics
|
|
To view Congestion
Control statistics for IPSG Manager.
|
show congestion-control statistics
ipsgmgr
|
|
To view Congestion
Control configuration.
|
show congestion-control configuration
|
|
To view NAT-related
statistics.
|
show active-charging firewall
statistics
|
|
To view ECS session-level
information.
|
show active-charging sessions
|
|
To view detailed ECS
session-level information.
|
show active-charging sessions
full
|
|
To view information
for subscribers with NAT enabled.
|
show subscribers nat required
|
|
To view information
for ECS flows with NAT enabled.
|
show active-charging
flows full nat required
|
|
To view information
for all ECS flows.
|
show active-charging
flows all
|
|
To view ECS statistics
for specific analyzer.
|
show active-charging analyzer
statistics name <analyzer_name>
|
|
To view ECS statistics
for specific rulebase.
|
show active-charging rulebase
name <rulebase_name>
|
|
To view detailed ECS
subsystem-level information.
|
show active-charging subsystem
all
|