eWAG Stand-alone Configuration
configure
license
key <license_key>
aaa
large-configuration
system
hostname <host_name>
autoconfirm
orbem
ssl-certificate
string <string>
ssl-private-key
string <string>
exit
crash
enable encrypted url <encrypted_url>
threshold
poll license-remaining-session interval 60
threshold
monitoring license
card
1
mode
active
exit
card
3
mode
active
exit
card
4
mode
active
exit
require
session recovery
congestion-control
congestion-control
threshold license-utilization critical 80
congestion-control
threshold max-sessions-per-service-utilization critical 100
congestion-control
threshold tolerance critical 70
congestion-control
policy ipsg-service action drop
require
active-charging
context
local
interface
SPIO1
ip
address 1.1.1.1 255.255.255.0
exit
server
ftpd
exit
ssh
key <ssh_key>
ssh
key <ssh_key>
ssh
key <ssh_key>
server
sshd
subsystem
sftp
exit
server
telnetd
exit
subscriber
default
exit
administrator
staradmin encrypted password <password> ftp
aaa
group default
exit
gtpp
group default
exit
ip
route 0.0.0.0 0.0.0.0 172.18.130.1 SPIO1
exit
port
ethernet 24/1
no
shutdown
bind
interface SPIO1 local
exit
active-charging
service acs
ruledef
rtsp-1
tcp
either-port = 554
rule-application
routing
exit
ruledef
pptp-1
tcp
either-port = 1723
rule-application
routing
exit
ruledef
tftp-1
udp
either-port = 69
rule-application
routing
exit
ruledef
sip-1
udp
either-port = 5060
ip
any-match = TRUE
rule-application
routing
exit
ruledef
ftp
tcp
dst-port = 21
rule-application
routing
exit
ruledef
http-1
tcp
either-port = 80
rule-application
routing
exit
ruledef
ftp_data
tcp
either-port = 20
rule-application
routing
exit
ruledef
http
http
any-match = TRUE
exit
ruledef
icmp
icmp
any-match = TRUE
exit
ruledef
ip
ip
any-match = TRUE
exit
ruledef
tcp
tcp
any-match = TRUE
exit
ruledef
udp-pkts
udp
any-match = TRUE
exit
ruledef
h323
udp
either-port = 1719
rule-application
routing
exit
ruledef
h323_multi
udp
either-port = 1718
rule-application
routing
exit
ruledef
h323_tcp
tcp
either-port = 1720
rule-application
routing
exit
charging-action
test
exit
bandwidth-policy
bw1
flow
limit-for-bandwidth id 20 group-id 10
group-id
10 direction downlink peak-data-rate 256000 peak-burst-size 12800
violate-action discard
group-id
10 direction uplink peak-data-rate 256000 peak-burst-size 12800
violate-action discard
group-id
20 direction downlink peak-data-rate 256000 peak-burst-size 12800
violate-action discard
exit
rulebase
default
exit
rulebase
rb1
ip
reassembly-timeout 30000
action
priority 1 ruledef ip charging-action test
action
priority 2 ruledef icmp charging-action test
action
priority 3 ruledef tcp charging-action test
action
priority 4 ruledef http charging-action test
route
priority 1 ruledef rtsp-1 analyzer rtsp
route
priority 2 ruledef pptp-1 analyzer pptp
route
priority 3 ruledef tftp-1 analyzer tftp
route
priority 4 ruledef sip-1 analyzer sip
route
priority 5 ruledef ftp analyzer ftp-control
route
priority 6 ruledef ftp_data analyzer ftp-data
route
priority 7 ruledef http-1 analyzer http
route
priority 8 ruledef h323_multi analyzer h323
route
priority 9 ruledef h323_tcp analyzer h323
route
priority 10 ruledef https-1 analyzer secure-http
rtp
dynamic-flow-detection
bandwidth
default-policy bw1
fw-and-nat
default-policy ewag-policy
exit
fw-and-nat
policy ewag-policy
firewall
policy ipv4-only
exit
firewall
nat-alg ftp ipv4-only
firewall
nat-alg rtsp ipv4-only
firewall
nat-alg sip ipv4-only
firewall
nat-alg h323 ipv4-only
firewall
nat-alg pptp ipv4-only
policy-control
burst-size auto-readjust duration 5
exit
context
ipsg
interface
wifi-ewag
ip
address 2.2.2.2 255.255.255.0
exit
subscriber
default
exit
aaa
group default
exit
gtpp
group default
exit
ipsg-service
ipsg1 mode radius-server ewag
bind
address 2.2.2.2
associate
sgtp-service sgtp1 context sgtp
plmn
id mcc 208 mnc 001
radius
accounting interim create-new-call
profile
APN default-apn star.com
radius
accounting client 7.7.7.7 encrypted key <encrypted_key> disconnect-message
dest-port 3799
exit
ip
igmp profile default
exit
exit
context
sgtp
ip
access-list css-1
redirect
css service service_1 ip any any
permit
any
exit
interface
ewag-dns
ip
address 3.3.3.3 255.255.255.0
exit
interface
ewag_ggsn
ip
address 4.4.4.4 255.255.255.0
exit
subscriber
default
exit
apn
corp1
selection-mode
subscribed sent-by-ms chosen-by-sgsn
accounting-mode
none
ip
access-group css-1 in
ip
access-group css-1 out
authentication
pap 1 chap 2 allow-noauth
active-charging
rulebase rb1
fw-and-nat
policy ewag-policy
exit
aaa
group default
exit
gtpp
group default
exit
sgtp-service
sgtp1
gtpu
bind address 4.4.4.4
gtpc
max-retransmissions 1
gtpu
echo-interval 60
gtpu
max-retransmissions 1
no
disable-remote-restart-counter-verification
max-remote-restart-counter-change 255
gtpc
bind address 4.4.4.4
no
ggsn-fail-retry-timer
exit
ip
domain-lookup
ip
name-servers 9.9.9.9 9.9.9.10
dns-client
dns-test
bind
address 3.3.3.3
cache
ttl positive 100
cache
ttl negative 100
round-robin-answers
exit
ip
igmp profile default
exit
exit
bulkstats
collection
bulkstats
mode
file
1
schema
ipsg-sys format %ipsg-total-call-arrived%,%ipsg-total-call-rejected%,%ipsg-total-call-demult%,%ipsg-total-dereg-rep-sent%,%ipsg-cur-active-call%,%ipsg-total-active-serv%
ipsg
schema ipsg_schema format %vpnname%,%vpnid%,%servname%,%servid%,%total-start-req-rcv%,%total-start-req-retrans-rcv%,%total-start-rsp-sent%,%total-interim-update-req-rcv%,%total-stop-req-rcv%,%total-unknown-req-rcv%,%total-rsp-sent%,%total-discard-msgs-unknown-clnt%,%total-discard-msgs-ignore-interim%,%total-discard-msgs-ignore-stop%,%total-discard-msgs-incorrect-secret%,%total-discard-msgs-attr-missing%,%rad-servaddr%,%rad-servport%,%total_current_sessions%,%total_sessions_setup%,%total_sessions_replaced%,%total_sessions_released%,%total_interim_update_rsp_sent%,%total_stop_rsp_sent%,%total_access_req_rcv%,%total_access_req_retrans_rcv%,%total_access_accept_sent%,%total_access_reject_sent%,%total_disconnect_msg_sent%,%total_discarded%,%total_discard_msgs_no_resource%,%total_discard_msgs_ignore_start%,%total_discard_msgs_stale_packets%,%total_discard_msgs_svc_not_supported%,%total_discard_msgs_internal_error%,%total_discard_msgs_svc_limit_exceeded%,%total_discard_msgs_license_limit_exceeded%
exit
exit
port
ethernet 17/1
no
shutdown
vlan
2465
no
shutdown
bind
interface ewag_ggsn sgtp
exit
vlan
2466
no
shutdown
bind
interface ewag-dns sgtp
exit
vlan
2467
no
shutdown
exit
vlan
2468
no
shutdown
bind
interface wifi-ewag ipsg
exit
exit
end
eWAG + GGSN Combo Configuration
IMPORTANT:
configure
license
key <license_key>
aaa
large-configuration
system
hostname host_name
autoconfirm
orbem
ssl-certificate
string <string>
ssl-private-key
string <string>
exit
card
1
mode
active
exit
card
3
mode
active
exit
card
4
mode
active
exit
require
session recovery
require
active-charging
context
local
interface
SPIO1
ip
address 1.1.1.1 255.255.255.0
exit
server
ftpd
exit
ssh
key <key> len 461
ssh
key <key> len 461
ssh
key <key> len 461
server
sshd
subsystem
sftp
exit
server
telnetd
exit
subscriber
default
exit
administrator
staradmin encrypted password <encrypted_password> ftp
aaa
group default
exit
gtpp
group default
exit
ip
route 0.0.0.0 0.0.0.0 172.18.130.1 SPIO1
exit
port
ethernet 24/1
no
shutdown
bind
interface SPIO1 local
exit
active-charging
service acs
ruledef
rtsp-1
tcp
either-port = 554
rule-application
routing
exit
ruledef
pptp-1
tcp
either-port = 1723
rule-application
routing
exit
ruledef
tftp-1
udp
either-port = 69
rule-application
routing
exit
ruledef
sip-1
udp
either-port = 5060
ip
any-match = TRUE
rule-application
routing
exit
ruledef
ftp
tcp
dst-port = 21
rule-application
routing
exit
ruledef
http-1
tcp
either-port = 80
rule-application
routing
exit
ruledef
ftp_data
tcp
either-port = 20
rule-application
routing
exit
ruledef
http
http
any-match = TRUE
exit
ruledef
icmp
icmp
any-match = TRUE
exit
ruledef
ip
ip
any-match = TRUE
exit
ruledef
tcp
tcp
any-match = TRUE
exit
ruledef
udp-pkts
udp
any-match = TRUE
exit
charging-action
test
exit
bandwidth-policy
bw1
flow
limit-for-bandwidth id 20 group-id 10
group-id
10 direction downlink peak-data-rate 256000 peak-burst-size 12800
violate-action discard
group-id
10 direction uplink peak-data-rate 256000 peak-burst-size 12800
violate-action discard
group-id
20 direction downlink peak-data-rate 256000 peak-burst-size 12800
violate-action discard
exit
rulebase
default
exit
rulebase
rb1
ip
reassembly-timeout 30000
action
priority 1 ruledef ip charging-action test
action
priority 2 ruledef icmp charging-action test
action
priority 3 ruledef tcp charging-action test
action
priority 4 ruledef http charging-action test
route
priority 1 ruledef rtsp-1 analyzer rtsp
route
priority 2 ruledef pptp-1 analyzer pptp
route
priority 3 ruledef tftp-1 analyzer tftp
route
priority 4 ruledef sip-1 analyzer sip
route
priority 5 ruledef ftp analyzer ftp-control
route
priority 6 ruledef ftp_data analyzer ftp-data
route
priority 7 ruledef http-1 analyzer http
rtp
dynamic-flow-detection
bandwidth
default-policy bw1
fw-and-nat
default-policy ewag-policy
exit
fw-and-nat
policy ewag-policy
firewall
policy ipv4-only
exit
policy-control
burst-size auto-readjust duration 5
exit
context
ipsg
interface
wifi-ewag
ip
address 2.2.2.2 255.255.255.0
exit
subscriber
default
exit
aaa
group default
exit
gtpp
group default
exit
ipsg-service
ipsg1 mode radius-server ewag
bind
address 2.2.2.2
associate
sgtp-service sgtp1 context sgtp
plmn
id mcc 208 mnc 001
radius
accounting interim create-new-call
profile
APN default-apn corp1
radius
accounting client 7.7.7.7 encrypted key <encrypted_key> disconnect-message
dest-port 3799
exit
ip
igmp profile default
exit
exit
context
sgtp
ip
access-list css-1
redirect
css service service_1 ip any any
permit
any
exit
interface
ewag-dns
ip
address 3.3.3.3 255.255.255.0
exit
interface
ggsn-pdn
ip
address 5.5.5.5 255.255.255.0
exit
interface
ewag_ggsn
ip
address 4.4.4.4 255.255.255.0
ip
address 6.6.6.6 255.255.255.0 secondary
exit
subscriber
default
exit
apn
corp1
selection-mode
subscribed sent-by-ms chosen-by-sgsn
accounting-mode
none
authentication
pap 1 chap 2 allow-noauth
virtual-apn
preference 1 apn star.com access-gw-address 7.7.7.7/24
exit
apn
star.com
selection-mode
subscribed sent-by-ms chosen-by-sgsn
accounting-mode
none
ip
access-group css-1 in
ip
access-group css-1 out
authentication
pap 1 chap 2 allow-noauth
active-charging
rulebase rb1
fw-and-nat
policy ewag-policy
exit
aaa
group default
exit
gtpp
group default
exit
gtpu-service
ggsn1_gtpu
bind
ipv4-address 6.6.6.6
exit
ggsn-service
ggsn1
no
gtpc ran-procedure-ready-delay
plmn
unlisted-sgsn home
associate
gtpu-service ggsn1_gtpu
sgsn
address 8.8.8.8/24
max-contexts
max-primary
8000000
max-sec-per-primary
10
ppp-pdp-contexts
8000000
bind
ipv4-address 6.6.6.6
exit
sgtp-service
sgtp1
gtpu
bind address 4.4.4.4
gtpc
max-retransmissions 1
gtpu
echo-interval 60
gtpu
max-retransmissions 1
no
disable-remote-restart-counter-verification
max-remote-restart-counter-change 255
gtpc
bind address 4.4.4.4
no
ggsn-fail-retry-timer
exit
ip
name-servers 9.9.9.9 9.9.9.10
dns-client
dns_ttg
bind
address 3.3.3.3
cache
ttl positive 100
cache
ttl negative 100
round-robin-answers
exit
ip
igmp profile default
exit
exit
bulkstats
collection
bulkstats
mode
file
1
ipsg
schema ipsg_schema format %vpnname%,%vpnid%,%servname%,%servid%,%total-start-req-rcv%,%total-start-req-retrans-rcv%,%total-start-rsp-sent%,%total-interim-update-req-rcv%,%total-stop-req-rcv%,%total-unknown-req-rcv%,%total-rsp-sent%,%total-discard-msgs-unknown-clnt%,%total-discard-msgs-ignore-interim%,%total-discard-msgs-ignore-stop%,%total-discard-msgs-incorrect-secret%,%total-discard-msgs-attr-missing%,%rad-servaddr%,%rad-servport%,%total_current_sessions%,%total_sessions_setup%,%total_sessions_replaced%,%total_sessions_released%,%total_interim_update_rsp_sent%,%total_stop_rsp_sent%,%total_access_req_rcv%,%total_access_req_retrans_rcv%,%total_access_accept_sent%,%total_access_reject_sent%,%total_disconnect_msg_sent%,%total_discarded%,%total_discard_msgs_no_resource%,%total_discard_msgs_ignore_start%,%total_discard_msgs_stale_packets%,%total_discard_msgs_svc_not_supported%,%total_discard_msgs_internal_error%,%total_discard_msgs_svc_limit_exceeded%,%total_discard_msgs_license_limit_exceeded%
exit
exit
port
ethernet 17/1
no
shutdown
vlan
2465
no
shutdown
bind
interface ewag-ggsn sgtp
exit
vlan
2466
no
shutdown
bind
interface ewag-dns sgtp
exit
vlan
2467
no
shutdown
bind
interface ggsn-pdn sgtp
exit
vlan
2468
no
shutdown
bind
interface wifi-ewag ipsg
exit
vlan
2469
exit
vlan
2470
exit
vlan
2472
exit
vlan
2473
exit
vlan
2475
no
shutdown
exit
vlan
1500
no
shutdown
exit
exit
end