Enhanced Wireless Access Gateway Sample Configurations

This appendix provides sample configurations for the following deployment types:

eWAG Stand-alone Configuration

configure
   license
key <license_key>
   aaa
large-configuration
   system
hostname <host_name>
   autoconfirm
   orbem
      ssl-certificate
string <string>
      ssl-private-key
string <string>
   exit
   crash
enable encrypted url <encrypted_url>
   threshold
poll license-remaining-session interval 60
   threshold
monitoring license
   card
1
      mode
active
   exit
   card
3
      mode
active
   exit
   card
4
      mode
active
   exit
   require
session recovery
   congestion-control
   congestion-control
threshold license-utilization critical 80
   congestion-control
threshold max-sessions-per-service-utilization critical 100
   congestion-control
threshold tolerance critical 70
   congestion-control
policy ipsg-service action drop
   require
active-charging
   context
local
      interface
SPIO1
         ip
address 1.1.1.1 255.255.255.0
      exit
      server
ftpd
      exit
   ssh
key <ssh_key>
   ssh
key <ssh_key>
   ssh
key <ssh_key>
      server
sshd
         subsystem
sftp
      exit
      server
telnetd 
      exit
      subscriber
default
      exit
      administrator
staradmin encrypted password <password> ftp
      aaa
group default
      exit
      gtpp
group default
      exit
      ip
route 0.0.0.0 0.0.0.0 172.18.130.1 SPIO1
   exit
   port
ethernet 24/1
      no
shutdown
      bind
interface SPIO1 local
   exit
   active-charging
service acs
      ruledef
rtsp-1
         tcp
either-port = 554
         rule-application
routing
      exit
       ruledef
pptp-1
         tcp
either-port = 1723
         rule-application
routing
      exit
       ruledef
tftp-1
         udp
either-port = 69
         rule-application
routing
      exit
       ruledef
sip-1
         udp
either-port = 5060
         ip
any-match = TRUE
         rule-application
routing
      exit
      ruledef
ftp
         tcp
dst-port = 21
         rule-application
routing
      exit
      ruledef
http-1
         tcp
either-port = 80
         rule-application
routing
      exit
      ruledef
ftp_data
         tcp
either-port = 20
         rule-application
routing
      exit
      ruledef
http
         http
any-match = TRUE
      exit
      ruledef
icmp
         icmp
any-match = TRUE
      exit
      ruledef
ip
         ip
any-match = TRUE
      exit
      ruledef
tcp
         tcp
any-match = TRUE
      exit
      ruledef
udp-pkts
         udp
any-match = TRUE
      exit
      ruledef
h323
         udp
either-port = 1719
         rule-application
routing
      exit
      ruledef
h323_multi
         udp
either-port = 1718
         rule-application
routing
      exit
      ruledef
h323_tcp
         tcp
either-port = 1720
         rule-application
routing
      exit
      charging-action
test
      exit
      bandwidth-policy
bw1
         flow
limit-for-bandwidth id 20 group-id 10
         group-id
10 direction downlink peak-data-rate 256000 peak-burst-size 12800
violate-action discard
         group-id
10 direction uplink peak-data-rate 256000 peak-burst-size 12800
violate-action discard
         group-id
20 direction downlink peak-data-rate 256000 peak-burst-size 12800
violate-action discard
      exit
      rulebase
default
      exit
      rulebase
rb1
         ip
reassembly-timeout 30000
         action
priority 1 ruledef ip charging-action test
         action
priority 2 ruledef icmp charging-action test
         action
priority 3 ruledef tcp charging-action test
         action
priority 4 ruledef http charging-action test
         route
priority 1 ruledef rtsp-1 analyzer rtsp
         route
priority 2 ruledef pptp-1 analyzer pptp
         route
priority 3 ruledef tftp-1 analyzer tftp
         route
priority 4 ruledef sip-1 analyzer sip
         route
priority 5 ruledef ftp analyzer ftp-control
         route
priority 6 ruledef ftp_data analyzer ftp-data
         route
priority 7 ruledef http-1 analyzer http
         route
priority 8 ruledef h323_multi analyzer h323
         route
priority 9 ruledef h323_tcp analyzer h323
         route
priority 10 ruledef https-1 analyzer secure-http
         rtp
dynamic-flow-detection
         bandwidth
default-policy bw1
         fw-and-nat
default-policy ewag-policy
      exit
      fw-and-nat
policy ewag-policy
         firewall
policy ipv4-only
      exit
      firewall
nat-alg ftp ipv4-only
      firewall
nat-alg rtsp ipv4-only
      firewall
nat-alg sip ipv4-only
      firewall
nat-alg h323 ipv4-only
      firewall
nat-alg pptp ipv4-only
      policy-control
burst-size auto-readjust duration 5
   exit
   context
ipsg
      interface
wifi-ewag
         ip
address 2.2.2.2 255.255.255.0
      exit
      subscriber
default
      exit
      aaa
group default
      exit
      gtpp
group default
      exit
      ipsg-service
ipsg1 mode radius-server ewag
         bind
address 2.2.2.2
         associate
sgtp-service sgtp1 context sgtp
         plmn
id mcc 208 mnc 001
         radius
accounting interim create-new-call
         profile
APN default-apn star.com
         radius
accounting client 7.7.7.7 encrypted key <encrypted_key> disconnect-message
dest-port 3799
      exit
     ip
igmp profile default
     exit
  exit
   context
sgtp
      ip
access-list css-1
         redirect
css service service_1 ip any any
         permit
any
      exit
      interface
ewag-dns
         ip
address 3.3.3.3 255.255.255.0
      exit
      interface
ewag_ggsn
         ip
address 4.4.4.4 255.255.255.0
      exit
      subscriber
default
      exit
      apn
corp1
         selection-mode
subscribed sent-by-ms chosen-by-sgsn
         accounting-mode
none
         ip
access-group css-1 in
         ip
access-group css-1 out
         authentication
pap 1 chap 2 allow-noauth
         active-charging
rulebase rb1
         fw-and-nat
policy ewag-policy
      exit
      aaa
group default
      exit
      gtpp
group default
      exit
      sgtp-service
sgtp1
         gtpu
bind address 4.4.4.4
         gtpc
max-retransmissions 1
         gtpu
echo-interval 60
         gtpu
max-retransmissions 1
         no
disable-remote-restart-counter-verification
         max-remote-restart-counter-change 255
         gtpc
bind address 4.4.4.4
         no
ggsn-fail-retry-timer
      exit
   ip
domain-lookup
      ip
name-servers 9.9.9.9 9.9.9.10
      dns-client
dns-test
         bind
address 3.3.3.3
         cache
ttl positive 100
         cache
ttl negative 100
         round-robin-answers
      exit
      ip
igmp profile default
      exit
   exit
   bulkstats
collection
   bulkstats
mode
      file
1
         schema
ipsg-sys format %ipsg-total-call-arrived%,%ipsg-total-call-rejected%,%ipsg-total-call-demult%,%ipsg-total-dereg-rep-sent%,%ipsg-cur-active-call%,%ipsg-total-active-serv%
         ipsg
schema ipsg_schema format %vpnname%,%vpnid%,%servname%,%servid%,%total-start-req-rcv%,%total-start-req-retrans-rcv%,%total-start-rsp-sent%,%total-interim-update-req-rcv%,%total-stop-req-rcv%,%total-unknown-req-rcv%,%total-rsp-sent%,%total-discard-msgs-unknown-clnt%,%total-discard-msgs-ignore-interim%,%total-discard-msgs-ignore-stop%,%total-discard-msgs-incorrect-secret%,%total-discard-msgs-attr-missing%,%rad-servaddr%,%rad-servport%,%total_current_sessions%,%total_sessions_setup%,%total_sessions_replaced%,%total_sessions_released%,%total_interim_update_rsp_sent%,%total_stop_rsp_sent%,%total_access_req_rcv%,%total_access_req_retrans_rcv%,%total_access_accept_sent%,%total_access_reject_sent%,%total_disconnect_msg_sent%,%total_discarded%,%total_discard_msgs_no_resource%,%total_discard_msgs_ignore_start%,%total_discard_msgs_stale_packets%,%total_discard_msgs_svc_not_supported%,%total_discard_msgs_internal_error%,%total_discard_msgs_svc_limit_exceeded%,%total_discard_msgs_license_limit_exceeded%
      exit
   exit
   port
ethernet 17/1
      no
shutdown
      vlan
2465
         no
shutdown
         bind
interface ewag_ggsn sgtp
      exit
      vlan
2466
         no
shutdown
         bind
interface ewag-dns sgtp
      exit
      vlan
2467
         no
shutdown
      exit
      vlan
2468
         no
shutdown
         bind
interface wifi-ewag ipsg
      exit
   exit
end

eWAG + GGSN Combo Configuration

IMPORTANT:

In this release, the eWAG + GGSN combo deployment option is not fully qualified and is not supported, it is available only for lab / testing purposes.

configure
   license
key <license_key>
   aaa
large-configuration
   system
hostname host_name
   autoconfirm
   orbem
      ssl-certificate
string <string>
      ssl-private-key
string <string>
   exit
   card
1 
      mode
active 
   exit 
   card
3 
      mode
active 
   exit 
   card
4
      mode
active
   exit
   require
session recovery
   require
active-charging
   context
local
      interface
SPIO1
         ip
address 1.1.1.1 255.255.255.0
      exit
      server
ftpd
      exit
      ssh
key <key> len 461
      ssh
key <key> len 461
      ssh
key <key> len 461
      server
sshd
         subsystem
sftp
      exit
      server
telnetd
      exit
      subscriber
default
      exit
      administrator
staradmin encrypted password <encrypted_password> ftp
      aaa
group default
      exit
      gtpp
group default
      exit
      ip
route 0.0.0.0 0.0.0.0 172.18.130.1 SPIO1
   exit
   port
ethernet 24/1
      no
shutdown
      bind
interface SPIO1 local
   exit
   active-charging
service acs
      ruledef
rtsp-1
         tcp
either-port = 554
         rule-application
routing
      exit
      ruledef
pptp-1
         tcp
either-port = 1723
         rule-application
routing
      exit
      ruledef
tftp-1
         udp
either-port = 69
         rule-application
routing
      exit
      ruledef
sip-1
         udp
either-port = 5060
         ip
any-match = TRUE
         rule-application
routing
      exit
      ruledef
ftp
         tcp
dst-port = 21
         rule-application
routing
      exit
      ruledef
http-1
         tcp
either-port = 80
         rule-application
routing
      exit
      ruledef
ftp_data
         tcp
either-port = 20
         rule-application
routing
      exit
      ruledef
http
         http
any-match = TRUE
      exit
      ruledef
icmp
         icmp
any-match = TRUE
      exit
      ruledef
ip
         ip
any-match = TRUE
      exit
      ruledef
tcp
         tcp
any-match = TRUE
      exit
      ruledef
udp-pkts
         udp
any-match = TRUE
      exit
      charging-action
test
      exit
      bandwidth-policy
bw1
         flow
limit-for-bandwidth id 20 group-id 10
         group-id
10 direction downlink peak-data-rate 256000 peak-burst-size 12800
violate-action discard
         group-id
10 direction uplink peak-data-rate 256000 peak-burst-size 12800
violate-action discard
         group-id
20 direction downlink peak-data-rate 256000 peak-burst-size 12800
violate-action discard
      exit
      rulebase
default
      exit
      rulebase
rb1
         ip
reassembly-timeout 30000
         action
priority 1 ruledef ip charging-action test
         action
priority 2 ruledef icmp charging-action test
         action
priority 3 ruledef tcp charging-action test
         action
priority 4 ruledef http charging-action test
         route
priority 1 ruledef rtsp-1 analyzer rtsp
         route
priority 2 ruledef pptp-1 analyzer pptp
         route
priority 3 ruledef tftp-1 analyzer tftp
         route
priority 4 ruledef sip-1 analyzer sip
         route
priority 5 ruledef ftp analyzer ftp-control
         route
priority 6 ruledef ftp_data analyzer ftp-data
         route
priority 7 ruledef http-1 analyzer http
         rtp
dynamic-flow-detection
         bandwidth
default-policy bw1
         fw-and-nat
default-policy ewag-policy
      exit
      fw-and-nat
policy ewag-policy
         firewall
policy ipv4-only
      exit
      policy-control
burst-size auto-readjust duration 5
      exit
      context
ipsg
      interface
wifi-ewag
         ip
address 2.2.2.2 255.255.255.0
      exit
      subscriber
default
      exit
      aaa
group default
      exit
      gtpp
group default
      exit
      ipsg-service
ipsg1 mode radius-server ewag
         bind
address 2.2.2.2
         associate
sgtp-service sgtp1 context sgtp
         plmn
id mcc 208 mnc 001
         radius
accounting interim create-new-call
         profile
APN default-apn corp1
         radius
accounting client 7.7.7.7 encrypted key <encrypted_key> disconnect-message
dest-port 3799
      exit
      ip
igmp profile default
      exit
   exit
   context
sgtp
      ip
access-list css-1
         redirect
css service service_1 ip any any
         permit
any
      exit
      interface
ewag-dns
         ip
address 3.3.3.3 255.255.255.0
      exit
      interface
ggsn-pdn
         ip
address 5.5.5.5 255.255.255.0
      exit
      interface
ewag_ggsn
         ip
address 4.4.4.4 255.255.255.0
         ip
address 6.6.6.6 255.255.255.0 secondary
      exit
      subscriber
default
      exit
      apn
corp1
         selection-mode
subscribed sent-by-ms chosen-by-sgsn
         accounting-mode
none
         authentication
pap 1 chap 2 allow-noauth
         virtual-apn
preference 1 apn star.com access-gw-address 7.7.7.7/24
      exit
      apn
star.com
         selection-mode
subscribed sent-by-ms chosen-by-sgsn
         accounting-mode
none
         ip
access-group css-1 in
         ip
access-group css-1 out
         authentication
pap 1 chap 2 allow-noauth
         active-charging
rulebase rb1
         fw-and-nat
policy ewag-policy
      exit
      aaa
group default
      exit
      gtpp
group default
      exit
      gtpu-service
ggsn1_gtpu
         bind
ipv4-address 6.6.6.6
      exit
      ggsn-service
ggsn1
         no
gtpc ran-procedure-ready-delay
         plmn
unlisted-sgsn home
         associate
gtpu-service ggsn1_gtpu
         sgsn
address 8.8.8.8/24
         max-contexts
   max-primary
8000000
   max-sec-per-primary
10
   ppp-pdp-contexts
8000000
         bind
ipv4-address 6.6.6.6
      exit
      sgtp-service
sgtp1
         gtpu
bind address 4.4.4.4
         gtpc
max-retransmissions 1
         gtpu
echo-interval 60
         gtpu
max-retransmissions 1
         no
disable-remote-restart-counter-verification
         max-remote-restart-counter-change 255
         gtpc
bind address 4.4.4.4
         no
ggsn-fail-retry-timer
      exit
      ip
name-servers 9.9.9.9 9.9.9.10
      dns-client
dns_ttg
         bind
address 3.3.3.3
         cache
ttl positive 100
         cache
ttl negative 100
         round-robin-answers
      exit
      ip
igmp profile default
      exit
   exit
   bulkstats
collection
   bulkstats
mode
      file
1
         ipsg
schema ipsg_schema format %vpnname%,%vpnid%,%servname%,%servid%,%total-start-req-rcv%,%total-start-req-retrans-rcv%,%total-start-rsp-sent%,%total-interim-update-req-rcv%,%total-stop-req-rcv%,%total-unknown-req-rcv%,%total-rsp-sent%,%total-discard-msgs-unknown-clnt%,%total-discard-msgs-ignore-interim%,%total-discard-msgs-ignore-stop%,%total-discard-msgs-incorrect-secret%,%total-discard-msgs-attr-missing%,%rad-servaddr%,%rad-servport%,%total_current_sessions%,%total_sessions_setup%,%total_sessions_replaced%,%total_sessions_released%,%total_interim_update_rsp_sent%,%total_stop_rsp_sent%,%total_access_req_rcv%,%total_access_req_retrans_rcv%,%total_access_accept_sent%,%total_access_reject_sent%,%total_disconnect_msg_sent%,%total_discarded%,%total_discard_msgs_no_resource%,%total_discard_msgs_ignore_start%,%total_discard_msgs_stale_packets%,%total_discard_msgs_svc_not_supported%,%total_discard_msgs_internal_error%,%total_discard_msgs_svc_limit_exceeded%,%total_discard_msgs_license_limit_exceeded%
      exit
   exit
   port
ethernet 17/1
      no
shutdown
      vlan
2465
         no
shutdown
         bind
interface ewag-ggsn sgtp
      exit
      vlan
2466
         no
shutdown
         bind
interface ewag-dns sgtp
      exit
      vlan
2467
         no
shutdown
         bind
interface ggsn-pdn sgtp
      exit
      vlan
2468
         no
shutdown
         bind
interface wifi-ewag ipsg
      exit
      vlan
2469
      exit
      vlan
2470
      exit
      vlan
2472
      exit
      vlan
2473
      exit
      vlan
2475
         no
shutdown
      exit
      vlan
1500
         no
shutdown
      exit
   exit
end