IMPORTANT:
CAUTION:
IMPORTANT:
GGSN Service Creation and Binding
Accounting Context and Charging Characteristics Configuration
configure
context <vpn_ctxt_name>
ggsn-service <ggsn_svc_name>
accounting
context <aaa_ctxt_name>
cc
profile <cc_prof_index>
end
SGSN and PLMN Policy Configuration
configure
context <vpn_ctxt_name>
ggsn-service <ggsn_svc_name>
plmn
id mcc <mcc_number>
mnc <mnc_number> [primary]
sgsn
address <ip_address> / <subnet_mask>
plmn
unlisted-sgsn [foreign | home | reject]
setup-timeout <dur_sec>
end
IMPORTANT:
Network-requested PDP Context Support Configuration
show ggsn-service name <ggsn_svc_name>}
The output of this
command given below is a concise listing of GGSN service parameter
settings as shown in the sample output displayed. In this example,
a GGSN service called ggsn1 was
configured and you can observe some parameters configured as default.Service name: ggsn1Context: ggsn1Associated PGW svc: NoneAssociated GTPU svc: NoneAccounting Context
Name: ggsn1dns-client Context
Name:Authorize: DisabledFqdn-name: DisabledBind: DoneLocal IP Address: 192.168.70.1 Local
IP Port: 2123Self PLMN Id.: MCC: 450, MNC: 06Retransmission Timeout: 20
(secs)Max Retransmissions: 4Restart Counter: 16Echo Interval: 60
(secs)Guard Interval: 100
(secs)Setup Timeout: 60
(secs)PLMN Policy: Reject
unlisted SGSNReject Code Policy: Authentication
Server Timeout: User Authentication Failed Accounting
Server Timeout: No
Resources AvailableRan Procedure Ready: DisabledNSAPI in Create PDP
response: DisabledDuplicate Subscriber
Addr Request: Rejecttrace-collection-entity: DisabledPath Failure Detection
on gtp msgs: EchoGTP Private Extensions: NoneMax IP sessions: 4000000Max PPP sessions: 2500000Max sessions: 4000000Service Status: StartedNewcall Policy: NoneMBMS Policy: NoneMBMS Charging ID Optimization: Disabled3GPP Qos to DSCP Mapping
(for G-PDUs): qci
1: ef qci
2: ef qci
3: af11 qci
4: af11 qci
5: ef qci
6: ef qci
7: af21 qci
8: af21 qci
9: be3GPP Qos to DSCP Mapping
based on Alloc. Prio: qci
5 (Alloc. P 1): ef qci
5 (Alloc. P 2): ef qci
5 (Alloc. P 3): ef qci
6 (Alloc. P 1): ef qci
6 (Alloc. P 2): ef qci
6 (Alloc. P 3): ef qci
7 (Alloc. P 1): af21 qci
7 (Alloc. P 2): af21 qci
7 (Alloc. P 3): af21 qci
8 (Alloc. P 1): af21 qci
8 (Alloc. P 2): af21 qci
8 (Alloc. P 3): af21 GTPC
messages: be Background: beCharging Characteristics(CC) Behaviors: No
records (Bit No.): 0Charging Characteristics(CC)
Profiles: Profile
0: Buckets:
4 SGSN
changes: 4 Profile
1: Buckets:
4 SGSN
changes: 4SGSN Configuration
List: sgsn
address 2.2.2.2/32 mcc 111 mnc 999 description aaa-ggsn
show configuration
errors section ggsn-service verbose
IMPORTANT:
GTPP Group Creation
configure
context <vpn_ctxt_name>
gtpp
group <gtpp_group_name>
-noconfirm
end
GTPP Group Configuration
configure
context <vpn_ctxt_name>
gtpp
group <gtpp_group_name>
gtpp
charging-agent address <ip_address> [port <port>]
gtpp
server <ip_address> [max <msgs >] [priority <priority>]
gtpp
dictionary <dictionaries>
gtpp
max-cdrs <number_cdrs> [wait-time
<dur_sec>]
gtpp
transport-layer {tcp | udp}
end
show gtpp accounting servers
This command produces
an output similar to that displayed below:context: sourcePreference IP Port Priority State Group---------- ---------------
----- -------- ---------------- ----------Primary 192.168.32.135 3386 1 Active defaultPrimary 192.168.89.9 3386 100 Active default
show configuration
errors section ggsn-service verbose
IMPORTANT:
APN Creation and Configuration
configure
context <vpn_ctxt_name>
apn
<apn_name>
-noconfirm
max-contexts
primary <number> total
<total_number>
pdp-type {ipv4 [ipv6] | ipv6 [ipv4] | ppp}
selection-mode {sent-by-ms | chosen-by-sgsn | subscribed}
ip
context-name <dst_ctxt_name>
end
Authentication and Accounting Configuration in APN
configure
context <dst_ctxt_name>
apn <apn_name>
accounting-mode {none | gtpp | radius [no-interims] [no-early-pdus]}
default
authentication
end
GTPP Group Association to APN
IP Address Allocation Method Configuration in APN
IMPORTANT:
configure
context <dst_ctxt_name>
apn <apn_name>
ip
address alloc-method { dhcp-proxy [allow-deferred] [prefer-dhcp-options] | dhcp-relay | local [allow-deferred] | no-dynamic [allow-deferred] } [allow-user-specified]
end
Charging Characteristics Parameter Configuration in APN
IMPORTANT:
configure
context <dst_ctxt_name>
apn <apn_name>
cc-sgsn {home-subscriber-use-GGSN | roaming-subscriber-use-GGSN | visiting-subscriber-use-GGSN}+
cc-home
behavior <bit> profile
<index>
cc-roaming
behavior <bit> profile
<index>
cc-visiting
behavior <bit> profile
<index>
end
Virtual APN Configuration
configure
context <dst_ctxt_name>
apn <apn_name>
virtual-apn preference <priority> apn <apn_name> { access-gw-address <IP_addr | IP_addr/mask> | bearer-access-service <bearer_access_svc_name> | cc-profile <cc_profile_index> | domain <domain_name> | mcc <mcc_number> mnc <mnc_number> | msisdn-range from <start_range> to <end_range> | rat-type { gan | geran | hspa | utran | wlan } | roaming-mode { home | visiting | roaming }
end
Other Optional Parameter Configuration in APN
configure
context <dst_ctxt_name>
apn <apn_name>
dns {primary | secondary} {<dns_ip_address>}
mobile-ip
required
mobile-ip
home-agent <ha_ip_address>
ip
source-violation {ignore | check [drop-limit <limit>]} [exclude-from-accounting]
restriction-value <value>
timeout {absolute | idle | qos-renegotiate} <timeout_dur>
timeout
long-duration <ldt_dur> [inactivity-time <inact_dur>]
long-duration-action detection
long-duration-action
disconnection [suppress-notification] [dormant-only] +
end
show apn all
This command produces
an output similar to that displayed below is an excerpt from a sample
output. In this example, an APN called apn1 was
configured.access point name (APN): apn1authentication context: testpdp type: ipv4ehrpd access: N/ASelection Mode: subscribedip source violation: Checked drop limit: 10accounting mode: gtpp No
early PDUs: Disabledno-interims: DisabledBearer Control Mode: nonemax-primary-pdp-contexts: 1000000 total-pdp-contexts: 1000000current primary-pdp-contexts: 0 total-pdp-contexts: 0primary contexts: not
available total
contexts: not availablemax secondary contexts
per-subscriber: 10 IMS Authorization: disabledCredit Control: disabledmbms bearer absolute
timeout: 0 mbms
bearer idle timeout: 0mbms ue absolute timeout: 0permission:local ip: 0.0.0.0 nexthop
gateway addr:primary dns: 0.0.0.0 secondary dns: 0.0.0.0primary nbns: 0.0.0.0 secondary nbns: 0.0.0.0ppp keep alive period
: 0 ppp
mtu : 1500absolute timeout : 0 idle
timeout : 0idle-timeout-activity
ignore-downlink: Disabledlong duration timeout: 0 long
dur inactivity time: Disabledlong duration action: Detectionwimax header compression/suppression: noneip header compression: vjip hide service address: Disabledip output access-group: ip
input access-group:ipv6 output access-group: ipv6
input access-group:policy-group in: policy-group out:permit ip multicast: Falseppp authentication:eap authentication
initial-access-request: authenticate-authorizeallow noauthentication: Enabled imsi authentication:
Disabledmsisdn authentication: Disabledip destination context: ip-ctxRule Base: defaultFW-and-NAT Policy: defaultBandwidth-Policy: defaultLink-Monitoring: OFFContent-Filtering
Policy-Id: Not configuredmediation accounting: Disabledmediation-device context: Not
set mediation
no early PDUs: Disabledmediation no-interims: Disabled mediation
delay-GTP-response: Disabledoutbound username: N/Aip address pools: N/Aip address secondary
pools: N/Aaccess-link ip-frag: df-ignoreignore DF-bit data-tunnel: Onip allocation type: local
pool allow
user specified ip addr: trueprefer dhcp options: falseallow deferred: true3GPP Qos to DSCP Mapping: qci
1: ef qci
2: ef qci
3: af11 qci
4: af11 qci
5: ef qci
6: ef qci
7: af21 qci
8: af21 qci
9: be3GPP Qos to DSCP Mapping
based on Alloc. Prio: qci
5 (Alloc. P 1): ef qci
5 (Alloc. P 2): ef qci
5 (Alloc. P 3): ef qci
6 (Alloc. P 1): ef qci
6 (Alloc. P 2): ef qci
6 (Alloc. P 3): ef qci
7 (Alloc. P 1): af21 qci
7 (Alloc. P 2): af21 qci
7 (Alloc. P 3): af21 qci
8 (Alloc. P 1): af21 qci
8 (Alloc. P 2): af21 qci
8 (Alloc. P 3): af21GTPP Group: gtpp-gp GTPP
Accounting Context: accMobile IPv6 Tunnel
MTU: 1500Mobile IPv6 Tunnel
MTU Exceed Action: notify-senderMobile IPv6 Home Agent: noneMobile IPv6 Home Link
Prefix: ::/0Mobile IPv6 Home Address: none
show configuration
errors section ggsn-service verbose
IMPORTANT:
DHCP Service Creation
DHCP Server Parameter Configuration
configure
context <dest_ctxt_name>
dhcp-service <dhcp_svc_name>
dhcp
server <ip_address> [priority
<priority>
dhcp
server selection-algorithm {first-server | round-robin}
lease-duration
min <minimum_dur>
max <max_dur>
dhcp
deadtime <max_time>
dhcp
detect-dead-server consecutive-failures <max_number>
max-retransmissions <max_number>
retransmission-timeout <dur_sec>
end
show dhcp service all
This command produces
an output similar to that displayed below where DHCP name is dhcp1:Service name: dhcp1Context: ispBind: DoneLocal IP Address: 150.150.150.150Next Hop Address: 192.179.91.3 MPLS-label: Input: 5000 Output: 1566 1899Service Status: StartedRetransmission Timeout: 3000
(milli-secs)Max Retransmissions: 2Lease Time: 600 (secs)Minimum Lease Duration: 600 (secs)Maximum Lease Duration: 86400 (secs)DHCP Dead Time: 120 (secs)DHCP Dead consecutive
Failure:5DHCP T1 Threshold Timer: 50DHCP T2 Threshold Timer: 88DHCP Client Identifier: Not
UsedDHCP Algorithm: Round RobinDHCP Servers configured: Address: 150.150.150.150 Priority: 1DHCP server rapid-commit:
disabledDHCP client rapid-commit:
disabledDHCP chaddr validation:
enabled
show dhcp service status
DHCPv6 Service Creation
DHCPv6 Server Parameter Configuration
configure
context <dest_ctxt_name>
dhcpv6-service <dhcpv6_svc_name>
dhcpv6-server
renew-time <renewal_time>
rebind-time <rebind_time>
preferred-lifetime <pref_lifetime>
valid-lifetime <valid_lifetime>
end
DHCPv6 Client Parameter Configuration
configure
context <dest_ctxt_name>
dhcpv6-service <dhcpv6_svc_name>
dhcpv6-client
server-ipv6-address <ipv6_addr>
port <port>
priority <priority>
max-retransmissions <max_number>
server-dead-time <dead_time>
server-resurrect-time <revive_time>
end
DHCPv6 Profile Configuration
configure
context <dest_ctxt_name>
dhcp-server-profile <server_profile>
enable
rapid-commit-dhcpv6
process
dhcp-option-from { AAA | LOCAL | PDN-DHCP } priority
<priority>
dhcpv6-server-preference <pref_value>
enable
dhcpv6-server-unicast
enable
dhcpv6-server-reconf
exit
dhcp-client-profile <client_profile>
client-identifier { IMSI | MSISDN }
enable
rapid-commit-dhcpv6
enable
dhcp-message-spray
request
dhcp-option dns-address
request
dhcp-option netbios-server-address
request
dhcp-option sip-server-address
end
Associate DHCPv6 Configuration
show dhcpv6-service all
This command produces
an output similar to that displayed below where DHCPv6service name
is dhcp6-service:Service name: dhcpv6-serviceContext: ABind Address: 2092::192:90:92:40Bind : DoneService Status: StartedServer Dead Time: 120 (secs)Server Dead consecutive
Failure:5Server Select Algorithm: First ServerServer Renew Time: 400 (secs)Server Rebind Time: 500 (secs)Server Preferred Life
Time: 600 (secs)Server Valid Life Time: 700 (secs)Max Retransmissions: 3
(secs)Server Dead Tries: 4
(secs)Server Resurrect Time: 10 (secs)ipv6_nd_flag: O_FLAGDHCPv6 Servers configured: Address: 2092::192:90:92:40 Priority:
1 enabled
show dhcpv6 status servicedhcpv6_service_name
IMPORTANT:
IMPORTANT:
IPv4 Pool Creation
configure
context <dest_ctxt_name>
ip
pool <pool_name> <ip_address/mask> [{private| public}[priority]] | static]
end
IPv6 Pool Creation
configure
context <dest_ctxt_name>
ipv6
pool <pool_name>
6to4 local-endpoint <ip_address>[private][public][shared][static]
end
show ip pool
The output from this
command should look similar to the sample shown below. In this example
all IP pools were configured in the isp1 context.context : isp1:+-----Type: (P)
- Public (R) - Private| (S)
- Static (E) - Resource||+----State: (G)
- Good (D)
- Pending Delete (R)-Resizing||||++--Priority:
0..10 (Highest (0) .. Lowest (10))||||||||+-Busyout:
(B) - Busyout configured||||||||||vvvvv Pool
Name Start Address Mask/End Address Used Avail----- ----------
--------------- ------------------ -------- --------PG00 ipsec 12.12.12.0 255.255.255.0 0 254RG00 pool3 30.30.0.0 255.255.0.0 0 65534SG00 pool2 20.20.0.0 255.255.0.0 10 65524PG00 pool1 10.10.0.0 255.255.0.0 0 65534SG00 vpnpool 192.168.1.250 192.168.1.254 0 5Total Pool Count: 5
show ipv6 pools
The
output from this command should look similar to the sample shown
above except IPv6 addresses.
IMPORTANT:
GTP-U Service Configuration
Modifying GGSN Configuration for Gn-Gp Handoff
configure
context <ctxt_name>
ggsn-service <ggsn_svc_name>
associate
gtpu-service <gtpu_svc_name>
associate
pgw-service <pgw_svc_name>
bind
address <ip_address>
end
APN Configuration for Gn-Gp Handoff
show ggsn-service
name ggsn
The output from this
command should look similar to the sample shown below. In this example
context name A was
created in Exec mode, GGSN service ggsn was created
in GGSN Service Configuration mode, PGW service named pgw was an
already configured service and GTP-U service named gtpu was configured
in the GTPU Service Configuration mode:
Service name: ggsn
context: A
Associated PGW svc: pgw
Associated GTPU svc: gtpu
.
.
Bind: Done
Local IP Address: 120.56.45.12 Local
IP Port: 2123
...
...
Echo Interval: 60
(secs)
.
.
.
IMPORTANT:
FA Service Creation
IP Interface and UDP Port Binding for Pi Interface
configure
context <fa_ctxt_name>
fa-service <fa_svc_name>
bind
address <fa_ip_address> max-subscribers
<max_subs>
ip
local-port <udp_port_num>
end
IMPORTANT:
Security Parameter Index (SPI) Configuration
IMPORTANT:
configure
context <fa_ctxt_name>
fa-service <fa_svc_name>
fa-ha-spi
remote-address <ha_ip_address>
spi-number <spi_num> {encrypted
secret <enc_secret_key> | secret <secret_key>} [description <desc_string>]
end
IMPORTANT:
FA Agent Advertisement Parameter Configuration
configure
context <fa_ctxt_name>
fa-service <fa_svc_name>
advertise
adv-lifetime <advt_dur>
advertise
num-adv-sent <advt_num>
advertise
reg-lifetime <reg_dur>
end
Subscriber Registration, Authentication and Timeout Parameter Configuration
configure
context <fa_ctxt_name>
fa-service <fa_svc_name>
multiple-reg <reg_num>
reg-timeout <timeout_dur>
authentication
mn-aaa {always | ignore-after-handoff | init-reg | init-reg-except-handoff | renew-and-dereg-noauth | renew-reg-noauth} [optimize-retries]
end
IMPORTANT:
IMPORTANT:
Revocation Message Configuration
show fa-service all
The output from this
command should look similar to the sample shown below. In this example
an FA service named fa1 was configured in the isp1 context.
Service name: fa1
Context: isp1
Bind: Done Max Subscribers: 500000
Local
IP Address: 195.20.20.3 Local
IP Port 434
Lifetime: 00h10m00s Registration Timeout:
45 (secs)
Advt
Lifetime 02h30m00s Advt Interval: 5000
(msecs)
Num
Advt: 5
Advt
Prefix Length Extn: NO
Reverse
Tunnel: Enabled GRE Encapsulation: Enabled
SPI(s):
FAHA:
Remote Addr: 195.30.30.3/32
Hash
Algorithm: HMAC_MD5 SPI Num: 1000
Replay
Protection: Timestamp Timestamp Tolerance:
60
IPSEC Crypto Map(s):
Peer
HA Addr: 195.30.30.2
Crypto
Map: test
Registration
Revocation: Enabled Reg-Revocation
I bit: Enabled
Reg-Revocation
Max Retries: 3 Reg-Revocation Timeout:
3 (secs)
Reg-Rev
on InternalFailure: Enabled
show configuration
errors section fa-service verbose
IMPORTANT:
Authorization over S6b Configuration
DNS Client Configuration
configure
context <ggsn_ctxt_name>
ip
domain-lookup
ip
name-servers <ip_address/mask>
dns-client <dns_name>
bind
address <ip_address>
resolver
retransmission-interval <duration>
resolver
number-of-retries <retrie>
cache
ttl positive <ttl_value>
exit
ggsn-service <ggsn_svc_name>
default
dns-client context
end
Duplicate Call Accept Configuration
show ggsn-service all
The output from this
command should look similar to the sample shown below. In this example
GGSN service named GGSN1 was
configured in the vpn1 context.
Service name: ggsn1
Context: cn1
Associated PGW svc: None
Associated GTPU svc: None
Accounting Context Name:cn1
dns-client Context Name:cn1
Authorize: hss
Fqdn-name: xyz.abc@starent.networks.com
Bind: Not
Done
Local IP Address: 0.0.0.0 Local
IP Port: 2123
Self PLMN: Not
defined
Retransmission Timeout:
5 (secs)
Accounting Policy Configuration
Diameter End-Point Configuration
AAA Group Configuration
configure
context <ctxt_name>
aaa
group <group_name>
diameter
accounting endpoint <endpoint_name>
diameter
accounting dictionary [ aaa-custom1 | aaa-custom10 | aaa-custom2 | aaa-custom3 | aaa-custom4 | aaa-custom5 | aaa-custom6 | aaa-custom7 | aaa-custom8 | aaa-custom9 ]
diameter
accounting server <diameter_hostname>
priority <number>
end
APN Configuration for Rf Interface
Rf Interface Configuration Verification
show configuration contextctxt_name
config
context
rf_context
subscriber
default
exit
apn
apn
associate
accounting-policy test_policy
exit
aaa
group default
#exit
aaa
group rf_aaa
diameter
accounting dictionary aaa-custom6
diameter
accounting endpoint rf_endpoint
diameter
accounting server rf_server priority 2
#exit
gtpp
group default
#exit
policy
accounting test_policy
accounting-level
flow
operator-string
Rf_string
cc
profile 2 buckets 5
#exit
diameter
endpoint rf_endpoint
origin
host rf_diameter address 1.2.3.4
peer
ak realm ak_realm address 2.3.4.5 port 52
#exit
ip
igmp profile default
#exit
#exit
end