|
l
|
use-harddisk: Specifies that the hard disk on the SMC be used to store EDR/UDR files. On configuring to use the hard disk for EDR/UDR storage, EDR/UDR files are transferred from RAMFS on the PSC card to the hard disk on the SMC card. Subsequently the files can be offloaded to an external server such as the L-ESS.
|

IMPORTANT:
The use-harddisk keyword is only available on the ST40 platform.
|
l
|
remove-file-after-transfer: Specifies that the system is to remove an EDR/UDR file as soon as the file is pushed out of the system.
|
cdr [ push-interval value | remove-file-after-transfer | transfer-mode { pull | push primary { encrypted-url enc_url | url url } [ secondary { encrypted-secondary-url enc_sec_url | url sec_url } ] } + | use-harddisk ]
On ST16 chassis, this command must be run only from the context where the EDR/UDR module is configured. On ST40 chassis, this command must be run only from the local context. Running in other contexts will fail.
frame-relay path path_id { ds1 connects | e1 connects} [ timeslots | frame-relay [ intf-type intf_type [ lmi_type lmi_type ] ] ]
Link aggregation combines up to four ports on a redundant pair of Quad Gig-E line card so a large file is guaranteed to be sent serially down the same pipe rather than be distributed and be subject to massive packet re-ordering. LACP is the link aggregation control protocol.
Using this command enters the BITS port configuration mode which provides configuration for the transmit timing source. The new BITS port configuration mode includes the following commands:
This command configures the volume of uplink and downlink volume octet counts that triggers RADIUS interim accounting. This command is now available for PDSN and HA services.
radius accounting interim volume { downlink bytes uplink bytes | total bytes | uplink bytes downlink bytes }
This command displays the information configured to define a transmit timing source other than the system clock. The display includes related information (such as port status, timing source priority, timing alarms, etc.) for all of the ports configured for either BITS or line timing.
New timezone asia-azerbaijan added for Baku (
GMT+4:00; Baku, Azerbaijan) ) to configure system clock on chassis.
diameter sctp { hearbeat-interval interval | path max-retransmissions retransmissions }
A new command manages the RAID properties on the ST40 SMC hard disks when the hard disk controller task cannot automatically make the correct decisions or admin intervention is required by policy enforcement.
hd raid { check | create { local1 | remote1 } | insert { local1 | remote1 } | overwrite { local1 | remote1 } | remove { local1 | remote1 } | select { local1 | remote1 } }
- end- exit
- overwrite
- select
If idle-timeout-activity ignore-downlink is configured, the downlink traffic will not be used to reset the idle-timeout. Only uplink packets will be able to reset the idle-timeout.
By default,
ignore-downlink is negated by the
no command so both uplink and downlink traffic is used to reset the idle-timeout.
New command added to configure the rekeying of Phase1 SA when the Internet Security Association and Key Management Protocol (ISAKMP) lifetime expires in Internet Key Exchange (IKE) v1 protocol. This command replaced the isakmp disable-phase1-rekey command.
New command added to configure the ISAKMP IPSec Dead Peer Detection (DPD) message parameters for IKE v1 protocol. This command replaced the isakmp keepalive command.
[ no ] ikev1 keepalive dpd interval interval timeout time num-retry retries
New command added to configure/create an ISAKMP policy with the specified priority and enters ISAKMP Configuration Mode for IKE v1 protocol. This command replaced the isakmp policy command.
[ no ] ikev1 policy priority
This command enables IPMS Client Configuration Mode for Intelligent Packet Monitoring System (IPMS) support on an AGW, configuring IPMS server connectivity in the context.
[ no ] ipms [-noconfirm ]
This command controls the don’t fragment (DF) bit in the outer IP header of the IPsec tunnel data packet. It is a new keyword for the
set command in the following crypto map configuration modes:
It is also issued as control-dont-fragment (without the
set command) in the crypto template configuration mode.
|
l
|
clear-bit: Clears the DF bit from the outer IP header (sets it to 0).
|
|
l
|
copy-bit: Copies the DF bit from the inner IP header to the outer IP header. This is the default action.
|
|
l
|
set-bit: Sets the DF bit in the outer IP header (sets it to 1).
|
New command added in to enable/disable the he L2TP LAC service always to use standard L2TP port 1701 as source port for all L2TP control and data packets originated from LAC node.
New command added in to support the creation of L2TP tunnels between LAC service on GGSN and an LNS server on the basis of attribute, “Tunnel-Server-Auth-ID”, value received from AAA server.
This command specifies the action to be taken when communication between ICAP endpoints within a Content Filtering Server Group fails. This command replaces the
timeout action command.
failure-action { allow | content-insertion content_string | discard | redirect-url url | terminate-flow }
failure-action { allow | content-insert content_string | discard | redirect-url url | terminate-flow | www-reply-code-and-terminate-flow reply_code } [ edr edr_format_name ]
This command enables/disables URL Blacklisting functionality for the rulebase, and configures the EDRs to be generated on Blacklisting match and the action to take.
url-blacklisting action { discard | redirect-url url | terminate-flow | www-reply-code-and-terminate-flow reply_code } [ edr edr_format_name ]
url-blacklisting database { directory path path | max-versions max_versions | override file file_name }
add-ruledef priority priority ruledef ruledef_name
group-of-ruledefs ruledef_group [ - noconfirm ]
[ no ] host-pool host_pool [ - noconfirm ]
[ no ] http error operator condition
[ no ] imsi-pool imsi_pool [ - noconfirm ]
[ no ] ip error operator condition
packet-filter filter_name [ -noconfirm ]
[ no ] port-map port_map [ - noconfirm ]
This command configures the QoS traffic class for the charging action for the Layer 7 QoS Renegotiation feature, enabling triggering QoS renegotiation from an active-charging rule. This command is controlled by the dynamic-qos-renegotiation license.
This command configures the timeout setting for the Quality of Service (QoS) Renegotiation feature. This command is controlled by the dynamic-qos-renegotiation license.
This command defines a rule definition to analyze and charge user traffic using Uniform Resource Identifier (URI) associated with Real-time Transport Control Protocol (RTCP).
tcp packets-out-of-order { timeout duration_ms | transmit [ after-reordering | immediately ] }
wtp packets-out-of-order { out-of-order-timeout timeout | transmit [ after-reordering | immediately ] }
[ no ] bearer 3gpp imsi { operator imsi | { !range | range } imsi-pool imsi_pool }
This command defines a rule definition to analyze and charge user traffic based on SGSN address associated in bearer flow. This command replaces the
bearer sgsn-address command.
[ no ] http error operator condition
[ no ] ip error operator condition
[ no ] rtp parent-proto operator parent_protocol
[ no ] rtcp parent-proto operator parent_protocol
[ no ] start day { friday | monday | saturday | sunday | thursday | tuesday | wednesday } time hh mm ss end day { friday | monday | saturday | sunday | thursday | tuesday | wednesday } time hh mm ss
[ no ] start time hh mm ss end time hh mm ss
tcp mss tcp_mss { add-if-not-present | limit-if-present } +
timedef timedef_name [ -noconfirm ]
[ no ] wsp x-header name [ case-sensitive ] operator string
post-processing priority priority ruledef ruledef_name charging-action charging_action_name [ description description ]
[ no ] firewall dos-protection { all | flooding { icmp | tcp-syn | udp } | ftp-bounce | ip-unaligned-timestamp | mime-flood | seq-number-out-of-range | seq-number-prediction | source-router | teardrop | winnuke }
firewall max-ip-packet-size packet_size protocol { icmp | non-icmp }
firewall mime-flood { http-headers-limit max_limit | max-http-header-field-size max_size }
This command adds and specifies the priority of a firewall rule definition in the rulebase, and allows to configure a single or range of ports to be allowed on the server for auxiliary/data connections.
firewall priority priority firewall-ruledef ruledef_name { { permit [ trigger open-port { aux_port_number | range start_port_number to end_port_number } direction { both | reverse | same } ] } | { deny [ charging-action charging_action ] } }
[ no ] firewall ruledef ruledef_name [ -noconfirm ]
This command enables and configures the TCP intercept parameters to prevent TCP SYN flooding attacks by intercepting and validating TCP connection requests for DoS protection mechanism configured with the
dos-protection command.
firewall tcp-syn-flood-intercept { max-attempts max_attempts | mode { none | { intercept | watch } [ aggressive ] } | retransmit-timeout retransmit_timeout | watch-timeout intercept_watch_timeout }
This command enables/disables Stateful Firewall support for all subscribers using the current rulebase. In 8.0, this configuration was present in the Subscriber/APN mode.
firewall port-scan { connection-attempt-success-percentage { non-scanner | scanner } percentage | inactivity-timeout inactivity_timeout | protocol { tcp | udp } response-timeout response_timeout | scanner-policy { block inactivity-timeout inactivity_timeout | log-only } }
default firewall port-scan { connection-attempt-success- percentage { non-scanner | scanner } | inactivity-timeout | protocol { tcp | udp } response-timeout | scanner-policy }
This command adds and specifies the priority and type of a firewall rule definition in the rulebase, and allows you to configure a single or range of ports to be allowed on the server for auxiliary/data connections.
firewall priority priority [ dynamic-only | static-and-dynamic ] firewall-ruledef ruledef_name { { permit [ trigger open-port { aux_port_number | range start_port_number to end_port_number } direction { both | reverse | same } ] } | { deny [ charging-action charging_action ] } }
This command configures a threshold on the number of TCP reset messages sent by the subscriber for a particular data flow. After this threshold is reached, further downlink traffic to the subscriber on the unwanted flow is blocked.
[ default ] bearer-control-mode
qos negotiate-limit direction { downlink | uplink } [ class { background | conversational | interactive traffic_priority | streaming } ] [ peak-data-rate bps [ committed-data-rate bps ] | committed-data-rate [ peak-data-rate bps ]]
no negotiate-limit direction { downlink | uplink } [ class { background | conversational | interactive traffic_priority | streaming }]
qos rate-limit { downlink | uplink } [ class { background | conversational | interactive traffic_priority | streaming } ] [ burst-size bytes ] [ exceed-action { drop | lower-ip-precedence | transmit }[ violate-action { drop | lower-ip-precedence | shape [transmit-when-buffer-full] | transmit }]]|[ violate-action { drop | lower-ip-precedence | shape [transmit-when-buffer-full] | transmit } [ exceed-action { drop | lower-ip-precedence | transmit }]] +
no qos rate-limit direction { downlink | uplink } [ class { background | conversational | interactive traffic_priority | streaming } ]
This command configures the maximum number of child compression processes that AAAproxy can have. This functionality is a part of the hard disk support processes.
New command added to configure the action to be taken on the CDRs generated during communication failure between GGSN and GTPP servers. It also disables the archive of CDRs.
This command configures additional storage space to be allocated for writing files. The memory specified with this command would be added to the existing memory allocated to the AAAproxy only if hard disk storage is enabled.
New command added to enable/associate a preconfigured secondary GTPP server group to an APN for CGF accounting functionality. By default it is disabled.
gtpp secondary-group group_name [accounting-context actt_ctxt_name]
This command configures the parameters for the GTPP files to be stored on the local GTPP storage server.
Support for ‘custom6’ has been added to provide 8K block structure for billing CDR files
gtpp storage-server local file { compression { gzip | none } | format { custom1 | custom2 | custom3 | custom4 | custom5 | custom6 } | name prefix prefix | rotation { cdr-count count | time-interval time | volume size } }
New command added to provide facility to select the transport layer protocol for Ga interface between AGWs (GSNs) and GTPP servers. By default selected transport layer protocol is UDP.
[ no ] certificate name name pem { data cert_data | url cert_url } private-key pem { [ encrypted ] data private_key_data | url url }
[ no ] diameter authentication failure-handling { eap-request | eap-termination-request } { request-timeout action { continue | terminate } } | result-code result_code [ to result_code ] action { continue | retry-and-terminate | terminate } }
diameter disable endpoint endpoint_name peer peer_id
diameter enable endpoint endpoint_name peer peer_id
Configured in the PDIF-Service mode, duplicate-session-detection configures the PDIF to check for any attempt to set up a call after a MS comes back into WiFi range using either the IMSI or NAI address from a call lost after the MS initially went out of WiFi AP range. Detection can be based on either the IMSI or NAI (default) address. If NAI is used, it must be the NAI from Stage One authentication.
Configured in the Crypto Template Config Mode, the keyword rekey has been added to
ikev2-ikesa commands. It specifies if IKESA rekeying should occur before the configured lifetime expires (at approximately 90% of the lifetime interval). Default is
no ikev2-ikesa rekey.
Source validation requires the source address of received packets to match the IP address assigned to the subscriber. IP source-violation sets parameters for allowing bad packets before terminating the call.
ipv6 address 2001:268:2008:b::1021/128 srp-activate
Configures the NAI parameters to be used for the crypto template IDr. This configured IDr is sent from PDIF to MS in the first IKEv2 AUTH response. The default configuration is
no nai. As a result, the default behavior is for the PDIF-service IP address to be sent as the IDr value with the type ID_IP_ADDR.
[ default | no ] nai idr name id-type { rfc822-addr | fqdn | ip-addr | key-id }
radius accounting pdif trigger-policy { counter-rollover | standard }
Configured in the Crypto Template Payload Config Mode, the keyword keepalive has been added to the
rekey command. If
keepalive is configured, a session will be rekeyed even if there has been no data exchanged since the last rekeying operation. By default, rekeying is only performed if there has been data exchanged since the previous rekey.
tsi start-address { any { end-address any } | endpoint { end-address endpoint } }
[ default | no ] mobile-ipv6 { home-address ipv6_address | home-agent ipv6_address | home-link-prefix ipv6_address | tunnel mtu value }
qos traffic-shape direction { downlink | uplink } [ burst-size bytes ] [ committed-data-rate bps ] [ exceed-action { drop | lower-ip-precedence | transmit } ] [ peak-data-rate bps ] [ violate-action { drop | lower-ip-precedence | buffer [transmit-when-buffer-full] | transmit } ] +
This command configures an accounting trigger policy map to selectively start and terminate accounting sessions based on the categorization of traffic as being interesting or non-interesting to support the QCHAT Billing Suppression feature.
nat-policy policy_name private-address { address ip_address_mask | default | range start_ip_address end_ip_address }
plmn-id mcc code mnc code
This command configures the overload response for this policy. When the P-CSCF/A-BG becomes congested, this overload policy is used to reject subsequent sessions or redirect them to another server.
policy overload { redirect address1 [ weight weight1 ]
[ address2 [ weight weight2 ] ] ...
This keyword enables the use of either a new TLLI (temporary logical link identifier) or an old TLLI for attach-accept or RAU-accept messages sent by the SGSN to the MS during related procedures. Default is
new-tlli.
The new accounting command in the GPRS Service configuration mode enables the configuration of the type of CDRs to be generated and also defines the context in which the CDRs are generated.
accounting ( cdr-types type | context ctxt_name }
[ no ] associate-service { gs name | map name | sgtp name } [ context ctxt_name ]
The command configures BSS GP timer parameters in Network Service Entity-Frame Relay or IP configuration mode in a 2.5G GPRS frame relay or IP network connection.
bssgp-timer { T2 time | Th time }
gmm information-in-messages access-type {{gprs |umts } [ network-name {full-text name | short-text name } | [ send-after { attach | rau } ] }
llc { T200-sapi1-timeout time | T200-sapi11-timeout time | T200-sapi3-timeout time | T200-sapi5-timeout time | T200-sapi7-timeout time | T200-sapi9-timeout time } +
This command sets the length of the link status signal unit (LSSU) which carries link status information used to manage link alignment and indicate the status of the signaling points to each other.
This new command enables an attach rate throttle mechanism to configure the number of attaches per second and to specific the action to be taken if the limit is exceeded.
network-overload-protection sgsn-new-connections-per-second #_attaches action { drop | reject with cause { congestion | network failure } }
This command enables the default SGSN functionality for SGSN (flex) pooling and enables inclusion of the configured count for pool hop-counter in new SGSN context/identify request messages.
[ default ] resolver {number-of-retries retries | retransmission-interval time}
retries { ns-alive-retry num_retries | ns-block-retry num_retries | ns-reset-retry num_retries | ns-unblock-retry num_retries }
[default] sgsn-context-request ptmsi-signature-absence allowed
sgsn imsimgr { add-record imsi sessmgr instance
sessmgr# | audit-with sessmgr { all | instance
sessmgr# } | remove-record
imsi }
sm { activate-max-retransmissions num_retries | deactivate-
max-retransmissions num_retries | modify-max-retransmissions num_retries | t3385-timeout secs | t3386-timeout secs | t3395-timeout secs }
default sm { activate-max-retransmissions | deactivate-
max-retransmissions | modify-max-retransmissions | t3385-timeout | t3386-timeout | t3395-timeout }
The requested-apn-from-first subrec keyword enables the selection of an APN from the first subscription record as APN(R). If this feature is enabled, the PDP Activation is not rejected during APN Selection; instead, the APN from the first subscription record is used as the requested APN and the SGSN continues with the rest of the APN Selection process.
threshold total-gprs-pdp-sessions high_thresh [ clear low_thresh ]
threshold total-gprs-sessions high_thresh [ clear low_thresh ]
timer { ns-alive-timeout duration | ns-block-timeout duration | ns-reset-timeout duration | ns-test-timeout duration }
timer { SNS-Prov-Timeout time | TNS-Test-Timeout time}
weight { data data_weight | signaling
signaling_weight }
apn-selection-default network-identifier <apn_net_id> [ require-subscription-apn network-identifier <apn_net_id>]
This command configures either decimal or hexadecimal format for the MCC and MNC values in the DNS query.
This command configures the maximum number of child compression processes that AAAproxy can have. This functionality is a part of the hard disk support processes.
This command configures additional storage space to be allocated for writing files. The memory specified with this command would be added to the existing memory allocated to the AAAproxy only if hard disk storage is enabled.
This command configures the parameters for the GTPP files to be stored on the local GTPP storage server. Support for ‘custom6’ has been added to provide 8K block structure for billing CDR files.
gtpp storage-server local file { compression { gzip | none } | format { custom1 | custom2 | custom3 | custom4 | custom5 | custom6} | name prefix prefix | rotation { cdr-count count | time-interval time | volume size } }
A new keyword has been added to configure either UDP or TCP as the Ga interface transport layer between SGSN and GTPP servers. By default, UPD protocol is enabled for transport layer.
link id id [ link-type [ atm-broadband | highspeed-narrowband | lowspeed-narrowband ]
ranap { paging-cause-ie { all | background-data <value> | conversational-data <value> | gmm-signalling <value>| gs-signalling <value> | interactive-data <value> | sm-signalling <value> | sms-signalling <value> | streaming-data <value> } | { signalling-indication-ie { rab-assignment-request [ relocation-request ] | relocation-request [ rab-assignment-request ] } }
This command specifies the quota state of a subscriber for prepaid credit control service. The
lower-bandwidth keyword was added to this command. When configured, this state matches the lower-bandwidth quota state of a rating group.
[ no ] cca quota-state operator { limit-reached | lower-bandwidth }
New sgsn-service keyword clears all PDP contexts associated with a specific SGSN service. This keyword can be used with filtering keywords that are part of the clear subscriber command set. Using this command can trigger a network-initiated service request (paging) procedure.
congestion-control policy {asngw-service | asnpc-service | cscf-service | ggsn-service | ha-service | lns-service | mipv6ha-service | pdif-service | pdsn-service | sgsn-service } action
{ drop | none | redirect | reject }
Click Monitoring | Congestion Control to view the pdif-service congestion control policy. The other policies are not supported at this time.
The dictionary keyword was added to the
diameter accounting command.
diameter accounting { dictionary { aaa-custom1 | aaa-custom10 | aaa-custom2 | aaa-custom3 | aaa-custom4 | aaa-custom5 | aaa-custom6 | aaa-custom7 | aaa-custom8 | aaa-custom9 | nasreq | rf-plus } | endpoint endpoint_name | max-retries tries | max-transmissions transmissions | request-timeout duration | server host_name priority priority }
The dictionary keyword was added to the
diameter authentication command.
diameter authentication { dictionary { aaa-custom1 | aaa-custom10 | aaa-custom2 | aaa-custom3 | aaa-custom4 | aaa-custom5 | aaa-custom6 | aaa-custom7 | aaa-custom8 | aaa-custom9 | nasreq } | endpoint endpoint_name | max-retries tries | max-transmissions transmissions | request-timeout duration | server host_name priority priority }
The after-expiry-try-secondary-host keyword was removed from the
diameter pending-timeout command. This feature can now be managed using the
retry-after-tx-expiry and
go-offline-after-tx-expiry keywords available in the
failure-handling command.
failure-handling { initial-request | terminate-request | update-request } { continue [ go-offline-after-tx-expiry | retry-after-tx-expiry ] | retry-and-terminate [ retry-after-tx-expiry ] | terminate }
This command configures the failure handling behavior for flow or protocol in Enhanced-Policy Decision Function (E-PDF). The
any-error keyword was added to this command. This enables configuring failure handling behavior for those result-codes for which failure-handling behavior has not been specified.
failure-handling { continue | retry-and-terminate | terminate | diameter-result-code { any-error | integer result_code } ccfh { continue | retry-and-terminate | terminate } [ cc-request-type { initial-request | terminate-request | update-request } ] }
no failure-handling diameter-result-code { any-error | integer result_code } [ cc-request-type { initial-request | terminate-request | update-request } ]
|
l
|
The file-sequence-number rulebase-seq-num keyword was added to the command. This keyword enables generating file sequence numbers on a per rulebase basis with the rulebase name and format name.
|
|
l
|
The num-records option was added to the file rotation keyword. This option enables limiting the file size by number of records.
|
On ST40 chassis, the total storage limit is 536870912 bytes (512 MB). On ST16 chassis, the total storage limit is 268435456 bytes (256 MB). This limit is for UDR and EDR files combined.
file [ charging-service-name { include | omit } ] [ compression { gzip | none } ] [ current-prefix string ] [ delete-timeout seconds ] [ directory dir_name ] [ edr-format-name ] [ exclude-checksum-record ] [ field-separator { hyphen | omit | underscore } ] [ file-sequence-number rulebase-seq-num ] [ headers ] [ name file_name ] [ reset-indicator ] [ rotation [ num-records number | time seconds | volume bytes ] ] [ sequence-number { omit | padded | padded-six-length | unpadded } ] [ storage-limit limit ] [ time-stamp { expanded-format | rotated-format | unix-format } ] [ trailing-text string ] [ trap-on-file-delete ] [ xor-final-record ] +
default file [ charging-service-name ] [ compression ] [ current-prefix ] [ delete-timeout ] [ directory ] [ edr-format-name ] [ field-separator ] [ file-sequence-number ] [ headers ] [ name ] [ reset-indicator ] [ rotation { num-records | time | volume } ] [ sequence-number ] [ storage-limit ] [ time-stamp ] [ trailing-text ] +
|
l
|
The file-sequence-number rulebase-seq-num keyword was added to the command. This keyword enables generating file sequence numbers on a per rulebase basis with the rulebase name and format name.
|
|
l
|
The num-records option was added to the file rotation keyword. This option enables limiting the file size by number of records.
|
On ST40 chassis, the total storage limit is 536870912 bytes (512 MB). On ST16 chassis, the total storage limit is 268435456 bytes (256 MB). This limit is for UDR and EDR files combined.
file [ charging-service-name { include | omit } ] [ compression { gzip | none } ] [ current-prefix string ] [ delete-timeout seconds ] [ directory dir_name ] [ exclude-checksum-record ] [ field-separator { hyphen | omit | underscore } ] [ file-sequence-number rulebase-seq-num ] [ headers ] [ name file_name ] [ reset-indicator ] [ rotation [ num-records number | time seconds | volume bytes ] ] [ sequence-number { omit | padded | padded-six-length | unpadded } ] [ storage-limit limit ] [ time-stamp { expanded-format | rotated-format | unix-format } ] [ trailing-text string ] [ trap-on-file-delete ] [ udr-seq-num ] [ xor-final-record ] +
default file [ charging-service-name ] [ compression ] [ current-prefix ] [ delete-timeout ] [ directory ] [ field-separator ] [ file-sequence-number ] [ headers ] [ name ] [ reset-indicator ] [ rotation { num-records | time | volume } ] [ sequence-number ] [ storage-limit ] [ time-stamp ] [ trailing-text ] [ udr-seq-num ]
frame-relay path path_id { ds1 connects | e1 connects} [ timeslots | frame-relay [ intf-type intf_type [ lmi_type lmi_type ] ] ]
Added new keyword all for this command to use with
no keyword to clear all warrant information in one single command
no lawful-intercept all:
no lawful-intercept [ all ] { [ imei
imei_value ]
[ imsi imsi_value ] [ ip-addr intercept_ip_addr ] [ msid ms_id ] [ msisdn msisdn_value ]
[ username subscriber_name ] + } [ calltype call_type ]
Additional facility options have been added to the logging filter command in the Global Configuration Mode. Those with an * (asterisk) are for the SGSN.
The mipv6ha-service keyword was added to the syntax.
The broadcast keyword was added to the syntax.
Added new license-enabled keywords to configure traffic from the specified DHCP service bind address to use the MPLS labels. This support also provides the configuration to define nexthop gateway address:
bind address ip_address [ nexthop-forwarding-address nexthop_ip_address
[ mpls-label input in_mpls_label_value output out_mpls_label_value1
[ out_mpls_label_value2 ]]]
no bind address ip_address
attribute attribute { [ format { MM/DD/YY-HH:MM:SS | MM/DD/YYYY-HH:MM:SS | YYYY/MM/DD-HH:MM:SS | YYYYMMDDHHMMSS | seconds } ] [ localtime ] | [ { ip | tcp } { bytes | pkts } { downlink | uplink } ] priority priority }
no attribute attribute [ priority priority ]
attribute attribute { [ format { MM/DD/YY-HH:MM:SS | MM/DD/YYYY-HH:MM:SS | YYYY/MM/DD-HH:MM:SS | YYYYMMDDHHMMSS | seconds } [ localtime ] | [ { bytes | pkts } { downlink | uplink } ] ] priority priority }
no attribute attribute [ priority priority ]
This command has been modified by adding the optional keyword encrypted so the password
grppasswd can be sent either encrypted or clear.
This command configures the CDR file transfer parameters. The transfer-mode keyword was enhanced to support EDR/UDR push via SPIO. Previously, the push was support only via LC.
cdr [ [ push-interval value ] [ remove-file-after-transfer ] [ transfer-mode { pull | push primary { encrypted-url enc_url | url url } [ via local-context ] [ secondary { encrypted-secondary-url enc_sec_url | url sec_url } ] } ] + | use-harddisk ]
The no keyword has been added to the iiop port command.
This command enables creating/configuring/deleting an IP Access List in the current context. The access list name to be specified has been restricted to be an alpha and/or numeric string of 1 through 47 characters in length. In StarOS 8.0, it can be an alpha and/or numeric string of 1 through 79 characters in length.
The nat-realm keyword was added to this command. This enables to designate an IP address pool as a Firewall Network Address Translation (NAT) realm pool.
ip pool name { ip_address subnet_mask | ip_addr_mask_combo |
range start_address end_address } [ private [ priority ] |
public [ priority ] | static ] [ tag { none | pdif-setup-addr } ] [ address-hold-timer seconds | alert-threshold [ group-available | pool-free | pool-hold | pool-release | pool-used ] low_thresh [ clear high_thresh ] ] [ group-name group_name ] [ include-nw-bcast ] [ nat priority ] [ nat-realm users-per-nat-ip-address users [ on-demand [ address-hold-timer address_hold_timer ] ] ] [ nexthop-forwarding-address ip_address [ overlap vlanid vlan_id ] [ nw-reachability server server_name ] [ respond-icmp-echo ip_address ] [ resource ] [ send-icmp-dest-unreachable ] [ explicit-route-advertise ] [ srp-activate ] [ suppress-switchover-arp ] [ unicast-gratuitous-arp-address ip_address ] [ policy allow-static-allocation ]
no ip pool name [ tag { none | pdif-setup-addr } ] [ address-hold-timer | alert-threshold [ group-available | pool-free | pool-hold | pool-release | pool-used ] ] [ group-name ] [ include-nw-bcast ] [ nexthop-forwarding-address ] [ nw-reachability server ] [respond-icmp-echo ip_address ] [ send-icmp-dest-unreachable ] [ explicit-route-advertise ] [ srp-activate ] [ suppress-switchover-arps ] [ unicast-gratuitous-arp-address ] [ policy allow-static-allocation ]
radius charging accounting server ip_address [ encrypted ] key string max msgs
radius charging server ip_address [ encrypted ] key string max msgs
radius server ip_address [ encrypted ] key string max msgs
show srp { call-loss statistics | checkpoint statistics [verbose ] | info | statistics } | [ grep grep_options | more ]
attribute attribute { [ format { MM/DD/YY-HH:MM:SS | MM/DD/YYYY-HH:MM:SS | YYYY/MM/DD-HH:MM:SS | YYYYMMDDHHMMSS | seconds } ] [ localtime ] | [ { ip | tcp } { bytes | pkts } { downlink | uplink } ] priority priority }
no attribute attribute [ priority priority ]
|
l
|
nat-one-to-one: This keyword enables configuring one-to-one NAT realm pool.
|
|
l
|
napt-users-per-ip-address: This keyword enables configuring the number of users sharing a single NAT IP address for a many-to-one NAT realm.
|
ip pool name { ip_address subnet_mask | ip_addr_mask_combo | range start_ip_address end_ip_address } [ private [ priority ] | public [ priority ] | static ] [ tag { none | pdif-setup-addr } ] [ address-hold-timer seconds | alert-threshold [ group-available | pool-free | pool-hold | pool-release | pool-used ] low_thresh [ clear high_thresh ] ] [ group-name group_name ] [ include-nw-bcast ] [ nat priority ] [ nexthop-forwarding-address ip_address [ overlap vlanid vlan_id ] [ nw-reachability server server_name ] [ respond-icmp-echo ip_address ] [ resource ] [ send-icmp-dest-unreachable ] [ explicit-route-advertise ] [ srp-activate ] [ suppress-switchover-arp ] [ unicast-gratuitous-arp-address ip_address ] [ policy allow-static-allocation ] [ nat-one-to-one [ [ alert-threshold [ { pool-free | pool-hold | pool-release | pool-used } low_thresh [ clear high_thresh ] + ] [ nat-binding-timer binding_timer ] [ on-demand ] [ send-nat-binding-update ] + ] | napt-users-per-ip-address users [ [ alert-threshold [ { pool-free | pool-hold | pool-release | pool-used } low_thresh [ clear high_thresh ] + ] [ max-chunks-per-user chunks ] [ nat-binding-timer timer ] [ on-demand ] [ port-chunk-size size ] [ port-chunk-threshold chunk_threshold ] [ send-nat-binding-update ] + ]
no ip pool name [ tag { none | pdif-setup-addr } ] [ address-hold-timer | alert-threshold [ group-available | pool-free | pool-hold | pool-release | pool-used ] ] [ group-name ] [ include-nw-bcast ] [ nexthop-forwarding-address ] [ nw-reachability server ] [ respond-icmp-echo ip_address ] [ send-icmp-dest-unreachable ] [ explicit-route-advertise ] [ send-nat-binding-update ] [ srp-activate ] [ suppress-switchover-arps ] [ unicast-gratuitous-arp-address ] [ policy allow-static-allocation ]
Prior to Release 8.3, for packets received from the packet data network destined for a subscriber's UE, the system applied logic to reset the source address of a packet to the original destination address of the input packet before applying the outbound ACL (access control list). In Release 8.3 and higher, the system reverses the order and applies the outbound ACL before resetting the source address. This change impacts all current readdress server rules in inbound IPv4 ACLs.
After upgrading to Release 8.3, for every readdress server rule in an inbound IPv4 ACL, customers must now add a permit rule to an outbound ACL that explicitly permits packets from the readdress rule's redirect address and port number. If customers omit this permit rule, the system will reject all packets destined for the subscriber's UE from the readdress rule's redirect address and port number.
permit { tcp | udp } [ range start_port end_port ]
threshold cpu-orbs-warn high_thresh [ clear low_thresh ]
threshold cpu-orbs-crit high_thresh [ clear low_thresh ]
The cat_string variable in
category keyword in this command is now changed to provide explicit category name to configure analysis priority.
analyze priority priority { all | category cat_string } action { allow | content-insertion content_string | discard | redirect-url url | terminate-flow }
This command specifies the action to take for the indicated result after content filtering analysis. An optional keyword “
edr edr_format_name” was added to this command for EDR generation based on content category and action.
analyze priority priority { all | category cat_string } action { allow | content-insertion content_string | discard | redirect-url url | terminate-flow } [edr edr_format_name]
edr_format_name is the name of a pre-defined EDR file format name in the
EDR Format Configuration Mode.
analyze priority priority { all | category cat_string | x-category string } action { allow | content-insert content_string | discard | redirect-url url | terminate-flow | www-reply-code-and-terminate-flow reply_code } [ edr edr_format_name ]
This command enables/disables the Category Policy Identifier for Content Filtering support, and enters the Content Filtering Policy Configuration Mode. The description option allows the operator to provide a description for the CF Category Policy ID. Both the
description keyword and the argument
desc_string are now optional. This enables adding and removing the descriptions.
content-filtering category policy-id cf_policy_id [ description [ desc_string ] ] [ -noconfirm ]
This command configures the Content Filtering Category Policy Identifier for Policy-based Content Filtering support in a rulebase. Now, while removing the configured category policy from the rulebase, optionally the policy ID can be specified. If the specified policy ID is invalid, or is not configured in the rulebase, an error message is displayed. If no policy ID is specified, whatever policy is configured, if any, is removed from the rulebase.
This command specifies the actions when the content filtering analysis results are not available to analyze. The
www-reply-code-and-terminate-flow keyword was added to this command.
timeout action { allow | content-insert content_string | discard | redirect-url url | terminate-flow | www-reply-code-and-terminate-flow reply_code } [ edr edr_format_name ]
This command assigns an action priority to a rule definition. The group-of-ruledefs keyword was added to this command. This enables assigning a group of rule definitions to the rulebase.
action priority action_priority { [ dynamic-only | static-and-dynamic ] { ruledef name | group-of-ruledefs name } charging-action name [ description desc ] }
This command defines a rule definition to analyze and charge user traffic using an International Mobile Station Identification number (IMSI) in bearer flow. The
{ !range | range } imsi-pool imsi_pool } option was added to this command. This enables the IMSI number to be selected from a range configured in an IMSI pool.
[ no ] bearer imsi { operator msid | { !range | range } imsi-pool imsi_pool }
This command configures the volume counter for eG-CDR and DCCA charging calculation. The packet-length keyword was added to this command. This enables to configure charge volume for packet length.
charge-volume { protocol { bytes | packet-length | packets } [ downlink | uplink ] | constant value }
This command configures the amount of internal optimization for improved performance when evaluating each instance of the action CLI command. There is no external change to this command, only that now “www url =” kind of rules under the ambit of charging-rule-optimization in rulebase. Until now, setting “charging-rule-optimization” to “medium” or “high” would only optimize the “starts-with” and “contains” rules, not the “=” rules. Now the “=” rules are also optimized.
|
l
|
The discard keyword now includes the downlink and uplink options. This enables selecting specific packets.
|
|
l
|
The readdress keyword was added to this command. This enables specifying a re-address server for the charging action.
|
flow action { conditional user-agent end-token end_token_name | discard [ downlink | uplink ] | readdress { server ip_address [ port port_number ] | port port_number } | redirect-url url [ clear-quota-retry-timer ] | terminate-flow }
The non-tcp limit and
tcp limit keywords were added to this command. This command can now also be used to limit the total number of flows per Subscriber/APN sent to a rulebase based on the protocol type.
flow limit-across-applications { limit | non-tcp limit | tcp limit }
[ no | default ] flow limit-for-bandwidth direction { downlink | uplink } peak-data-rate bps peak-burst-size bytes violate-action { discard | lower-ip-precedence } [ committed-data-rate bps committed-burst-size bytes [ exceed-action { discard | lower-ip-precedence } ] ]
This command defines rule definition to analyze and charge user traffic based on Internet Protocol (IP) destination address. The “
{ !range | range } host-pool host_pool” option was added to this command. This enables the IP destination address to be selected from a range configured in a host pool.
[ no ] ip dst-address { operator { ip_address | ip_address/mask } | { !range | range } host-pool host_pool }
This command defines rule definition to analyze and charge user traffic matching the Internet Protocol (IP) address of the destination, i.e. from the subscriber, of the connection. The
{ !range | range } host-pool host_pool option was added to this command. This enables the IP address to be selected from a range configured in a host pool.
[ no ] ip server-ip-address { operator { ip_address | ip_address/mask } | { !range | range } host-pool host_pool }
This command defines rule definition to analyze and charge user traffic based on Internet Protocol (IP) source address. The
{ !range | range } host-pool host_pool option was added to this command. This enables the IP source address to be selected from a range configured in a host pool.
[ no ] ip src-address { operator { ip_address | ip_address/mask } | { !range | range } host-pool host_pool }
This command defines rule definition to analyze and charge user traffic matching the Internet Protocol (IP) address of the subscriber (either source address or destination address). The
{ !range | range } host-pool host_pool option was added to this command. This enables the IP address to be selected from a range configured in a host pool.
[ no ] ip subscriber-ip-address { operator { ip_address | ip_address/mask } | { !range | range } host-pool host_pool }
This command sets the IP Type of Service (ToS) octets being used in the charging action. The option to allow the IP TOS to be set using a numeric value was added to this command.
ip tos { tos_value | af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | be | ef } [ uplink | downlink ]
The “case-sensitive” keyword was added to this command.
The “case-sensitive” keyword was added to this command.
The “case-sensitive” keyword was added to this command.
The “case-sensitive” keyword was added to this command.
The “case-sensitive” keyword was added to this command.
The “case-sensitive” keyword was added to this command.
The “case-sensitive” keyword was added to this command.
The “case-sensitive” keyword was added to this command.
[ no ] p2p protocol = { applejuice | ares | bittorrent | directconnect | edonkey | fasttrack | feidian | filetopia | gadugadu | gnutella | imesh | jabber | manolito | msn | mute | orb | pando | pplive | ppstream | qq | qqlive | skinny | skype | slingbox | sopcast | soulseek | winny | yahoo | zattoo }
[ no ] p2p-detection protocol [ all | applejuice | ares | bittorrent | directconnect | edonkey | fasttrack | feidian | filetopia | gadugadu | gnutella | imesh | jabber | manolito | msn | mute | orb | pando | pplive | ppstream | qq | qqlive | skinny | skype | slingbox | sopcast | soulseek | winny | yahoo | zattoo ]+
This command creates a rule definition for the Active Charging Service, and enters ACS Ruledef Configuration Mode. The “
description string” keyword was removed from this command.
[ no ] ruledef ruledef_name [ -noconfirm ]
rule-variable protocol rule priority priority [ in-quotes ]
no rule-variable protocol rule [ priority priority ]
This command defines rule definition to analyze and charge user traffic using either (destination or source) TCP port. The
{ !range | range } port-map port_map option was added to this command. This enables the port number to be selected from a range configured in a port map.
[ no ] tcp either-port { operator port_number | { !range | range } { start_range to end_range | port-map port_map } }
This command defines rule definition to analyze and charge user traffic based on destination Transmission Control Protocol (TCP) port. The
{ !range | range } port-map port_map option was added to this command. This enables the port number to be selected from a range configured in a port map.
[ no ] tcp dst-port { operator port_number | { !range | range } { start_range to end_range | port-map port_map } }
This command defines rule definition to analyze and charge user traffic based on source Transmission Control Protocol (TCP) port. The
{ !range | range } port-map port_map option was added to this command. This enables the port number to be selected from a range configured in a port map.
[ no ] tcp src-port { operator port_number | { !range | range } { start_range to end_range | port-map port_map } }
This command defines rule definition to analyze and charge user traffic based on destination User Datagram Protocol (UDP) port number. The
{ !range | range } port-map port_map option was added to this command. This enables the port number to be selected from a range configured in a port map.
[ no ] udp dst-port { operator port_number | { !range | range } { start_range to end_range | port-map port_map } }
This command defines rule definition to analyze and charge user traffic using either (destination or source) User Datagram Protocol (UDP) port. The
{ !range | range } port-map port_map option was added to this command. This enables the port number to be selected from a range configured in a port map.
[ no ] udp either-port { operator port_number | { !range | range } { start_range to end_range | port-map port_map } }
This command defines rule definition to analyze and charge user traffic based on source User Datagram Protocol (UDP) port number. The
{ !range | range } port-map port_map option was added to this command. This enables the port number to be selected from a range configured in a port map.
[ no ] udp src-port { operator port_number | { !range | range } { start_range to end_range | port-map port_map } }
license key key_value [ -force ] session-limit
no license key key_value [ -force ] session-limit
|
l
|
timedef timedef_name: Associates the specified time definition with the ruledef/group-of-ruledefs. Timedefs enable activation/deactivation of ruledefs/groups-of-ruledefs such that they are available for rule matching only when they are active.
|
action priority action_priority { [ dynamic-only | static-and-dynamic | timedef timedef_name ] { group-of-ruledefs group_name | ruledef ruledef_name } charging-action charging_action_name [ monitoring-key monitoring_key ] [ description description ] }
Also, a new closure reason for EDRs has been added: “ACS_EDR_TRANSACTION_COMPLETE_EVENT”. So “attribute sn-closure-reason” in EDRs will populate value 12 (corresponding to closure-reason “ACS_EDR_TRANSACTION_COMPLETE_EVENT”) in EDRs.
attribute attribute { [ format { MM/DD/YY-HH:MM:SS | MM/DD/YYYY-HH:MM:SS | YYYY/MM/DD-HH:MM:SS | YYYYMMDDHHMMSS | seconds } ] [ localtime ] | [ { ip | tcp } { bytes | pkts } { downlink | uplink } ] priority priority }
no attribute attribute [ priority priority ]
This command enables/disables Prepaid Credit Control Configuration mode. The group keyword was added to this command. This enables configuring credit control groups. This enables applying different credit control configurations (DCCA dictionary, failure-handling, session-failover, Diameter endpoint selection, etc.) to different subscribers on the same system.
This command specifies the actions for packets that match a rule definition. The terminate-session keyword was added to this command. This enables specifying the flow action to terminate session. When a rule pointing to a charging action configured with the terminate-session keyword is hit, then the corresponding session will be terminated.
flow action { conditional user-agent end-token end_token_name | discard [ downlink | uplink ] | readdress { server ip_address [ port port_number ] | port port_number } | redirect-url url [ clear-quota-retry-timer ] | terminate-flow | terminate-session }
This command specifies the redirection of URL for packets that matches a rule definition. This command also specifies the redirect-URL action on packet and flow for Session Control functionality. This CLI can now be used to redirect SIP requests as well.
flow action redirect-url url/%3furl=dynamic_field [ clear-quota-retry-timer ]
This command enables and configures bandwidth limits for Session Control functionality to the subscriber. Uplink and downlink limits are configured separately. The
id keyword was added to this command. This enables configuring identifier for bandwidth limiting.
flow limit-for-bandwidth { { direction { downlink | uplink } peak-data-rate bps peak-burst-size bytes violate-action { discard | lower-ip-precedence } [ committed-data-rate bps committed-burst-size bytes [ exceed-action { discard | lower-ip-precedence } ] ] } | { id id } }
This command adds an Internet Content Adaptation Protocol (ICAP) server configuration to a Content Filtering Server Group. The
priority keyword was added to this command. This enables specifying the priority of an ICAP server in a Content Filtering Server Group.
icap server ip_address [ port port_number ] [ max msgs ] [ priority priority ]
no icap server ip_address [ port port_number ] [ priority priority ]
The following keywords were moved from under “
insert xheader_field_name variable bearer”
to under
“
insert xheader_field_name variable bearer 3gpp”:
insert xheader_field_name { string-constant xheader_field_value | variable { bearer { 3gpp { charging-characteristics | charging-id | imei | imsi | sgsn-address } | customer-id | ggsn-address | radius-calling-station-id | sn-rulebase | subscriber-ip-address } | http { host | url } }
no insert xheader_field_name
|
l
|
protocol: Enables specifying a protocol by its name.
|
|
l
|
operator protocol_assignment: Enables specifying a protocol lesser than or equal to, or greater than or equal to a protocol assignment number.
|
[ no ] ip protocol { { operator { protocol | protocol_assignment } } | { operator protocol_assignment } }
This command configures IPv6 ping options. A new keyword interface name has been added that specifies the originating source interface name.
[ no ] p2p protocol = { applejuice | ares | bittorrent | ddlink | directconnect | edonkey | fasttrack | feidian | filetopia | gadugadu | gnutella | halflife2 | hamachivpn | imesh | irc | jabber | manolito | msn | mute | orb | oscar | pando | popo | pplive | ppstream | qq | qqlive | skinny | skype | slingbox | sopcast | soulseek | steam | tvants | tvuplayer | uusee | vpnx | vtun | winmx | winny | wofwarcraft | xbox | yahoo | zattoo }
[ no ] p2p-detection protocol [ all | applejuice | ares | bittorrent | ddlink | directconnect | edonkey | fasttrack | feidian | filetopia | gadugadu | gnutella | halflife2 | hamachivpn | imesh | irc | jabber | manolito | msn | mute | orb | oscar | pando | popo | pplive | ppstream | qq | qqlive | skinny | skype | slingbox | sopcast | soulseek | steam | tvants | tvuplayer | uusee | vpnx | vtun | winmx | winny | wofwarcraft | xbox | yahoo | zattoo ]+
This command enables/disables Enhanced Charging Service with or without Category-based Content Filtering application. The following changes were made to this command:
|
l
|
The optimized-mode keyword was added to this command. This enables ECS in Optimized mode, wherein enhanced charging facilities run as part of the SessMgr.
|

IMPORTANT:
By default, on installing Release 8.1, the system comes up with ECS in non-optimized mode. To change to the optimized mode, the
require active-charging optimized-mode command must be saved to the configuration from the CLI, and the system rebooted for the change to take effect.
If the enhanced-charging mode is changed from the default (non-optimized) mode to the Optimized mode, or vice-versa, the system must be rebooted for the change to take effect.
|
l
|
The isolated-mode keyword was removed from this command. This keyword is still supported on Release 8.0 and earlier, wherein it enables ECS, and separates ECS-related resources from other sub-system resource sharing.
|
rule-variable protocol rule priority priority [ in-quotes ]
no rule-variable protocol rule [ priority priority ]
This command configures EDR file parameters. The length option was added to the
sequence-number keyword, this enables to specify the file sequence number length.
file [ charging-service-name { include | omit } ] [ compression { gzip | none } ] [ current-prefix string ] [ delete-timeout seconds ] [ directory dir_name ] [ edr-format-name ] [ exclude-checksum-record ] [ field-separator { hyphen | omit | underscore } ] [ file-sequence-number rulebase-seq-num ] [ headers ] [ name file_name ] [ reset-indicator ] [ rotation [ num-records number | time seconds | volume bytes ] ] [ sequence-number { length length | omit | padded | padded-six-length | unpadded } ] [ storage-limit limit ][ time-stamp { expanded-format | rotated-format | unix-format } ] [ trailing-text string ] [ trap-on-file-delete ] [ xor-final-record ] +
default file [ charging-service-name ] [ compression ] [ current-prefix ] [ delete-timeout ] [ directory ] [ edr-format-name ] [ field-separator ] [ file-sequence-number ] [ headers ] [ name ] [ reset-indicator ] [ rotation { num-records | time | volume } ] [ sequence-number ] [ storage-limit ][ time-stamp ] [ trailing-text ] +
This command enables/disables Enhanced Charging Service with or without Category-based Content Filtering application. The
optimized-mode keyword was obsoleted. With or without this keyword ECS is always enabled in Optimized mode.
This command specifies the application rule for a rule definition. The post-processing keyword was added to this command, this enables to specify rule definitions for post-processing purposes.
This command configures firewall protection from Denial-of-Service (DoS) attacks. In 8.0 this command was available in the Active Charging Service Configuration mode. In 8.1 it was moved to the Rulebase Configuration mode. Also, in 8.1, the
port-scan option was added to this command.
[ no ] firewall dos-protection { all | flooding { icmp | tcp-syn | udp } | ftp-bounce | ip-unaligned-timestamp | mime-flood | port-scan | seq-number-out-of-range | seq-number-prediction | source-router | teardrop | winnuke }
This command configures firewall protection from packet flooding attacks. In 8.0 this command was available in the Active Charging Service Configuration mode. In 8.1 it is moved to the Rulebase Configuration mode.
This command configures a threshold on the number of ICMP error messages sent by the subscriber for a particular data flow. In 8.0 this command was available in the Active Charging Service Configuration mode. In 8.1 it is moved to the Rulebase Configuration mode.
This command configures the maximum IP packet size allowed over firewall. In 8.0 this command was available in the Active Charging Service Configuration mode. In 8.1 it is moved to the Rulebase Configuration mode.
firewall max-ip-packet-size packet_size protocol { icmp | non-icmp }
This command configures firewall protection from MIME Flooding attacks. In 8.0 this command was available in the Active Charging Service Configuration mode. In 8.1 it was moved to the Rulebase Configuration mode.
firewall mime-flood { http-headers-limit max_limit | max-http-header-field-size max_size }
The nat-realm keyword was added to this command. This enables to optionally specify a NAT realm to be used for performing NAT on subscriber packets.
firewall no-ruledef-matches { downlink | uplink } action { deny [ charging-action charging_action ] | permit [ nat-realm nat_realm ] }
This command adds and specifies the priority and type of a firewall rule definition in the rulebase, and allows to configure a single or range of ports to be allowed on the server for auxiliary/data connections.
The nat-realm keyword was added to this command. This enables to optionally specify a NAT realm to be used for performing NAT on subscriber packets matching the firewall ruledef.
firewall priority priority [ dynamic-only | static-and-dynamic ] firewall-ruledef firewall_ruledef { { deny [ charging-action charging_action ] } | { permit [ nat-realm nat_realm | trigger open-port { aux_port_number | range start_port_number to end_port_number } direction { both | reverse | same } ] } }
This command enables and configures the TCP intercept parameters to prevent TCP SYN flooding attacks by intercepting and validating TCP connection requests for DoS protection mechanism configured with the
dos-protection command. In v8.0 this command was available in the Active Charging Service Configuration mode. In v8.1 it is moved to the Rulebase Configuration mode.
firewall tcp-syn-flood-intercept { max-attempts max_attempts | mode { none | { intercept | watch } [ aggressive ] } | retransmit-timeout retransmit_timeout | watch-timeout intercept_watch_timeout }
|
l
|
protocol: Enables specifying a protocol by its name.
|
|
l
|
operator protocol_assignment: Enables specifying a protocol lesser than or equal to, or greater than or equal to a protocol assignment number.
|
[ no ] ip protocol { { operator { protocol | protocol_assignment } } | { operator protocol_assignment } }
This command configures the default action for packets when no Firewall Ruledef matches. The optional keyword
bypass-nat was added to this command. This enables to configure packets permitted to pass to bypass Network Address Translation (NAT).
firewall no-ruledef-matches { downlink | uplink } action { deny [ charging-action charging_action ] | permit [ bypass-nat | nat-realm nat_realm ] }
This command adds and specifies the priority and type of a firewall rule definition in the rulebase, and allows to configure a single or range of ports to be allowed on the server for auxiliary/data connections.
The optional keyword bypass-nat was added to this command. This enables to configure packets to bypass NAT.
firewall priority priority [ dynamic-only | static-and-dynamic ] firewall-ruledef firewall_ruledef { { deny [ charging-action charging_action ] } | { permit [ nat-realm nat_realm | [ byass-nat ] [ trigger open-port { aux_port_number | range start_port_number to end_port_number } direction { both | reverse | same } ] ] } }
Existing command now modified to accommodate new keyword to configure the system to allow different attributes in the LAC Hostname AVP and Called-Number AVP for L2TP messages exchanged between LAC and LNS.
New keyword none added to exclude the bearer control mode information elements and BCM information in PCO IE in GTP messages in a network where unknown information elements are not ignored by AGWs or firewall results in message drop/reject.
[ default ] bearer-control-mode
cc profile 10 tariff time1 0 7 time2 30 19 time3 0 7 time4 30 19 time5 30 26 time4 0 7
gtpp dictionary { custom1 | custom10 | custom11 | custom12 | custom13 | custom14 | custom15 | custom16 | custom17 | custom18 | custom19 | custom2 | custom20 | custom3 | custom4 | custom5 | custom6 | custom7 | custom8 | custom9 | standard }
This command check points current GTPP accounting messages and identifies which types of interim CDRs are to be generated and sent to the external charging/storage servers (e.g., a CFG or a GSS). The impact of this command is immediate. Two new keywords have been added to assist with fine tuning the GTPP messages:
callid and
dhcp-server.
gtpp interim now [ active-charging egcdr | apn apn_name | callid call_id | cdr-types { mcdr | scdr } | dhcp-server ip_address | gprs-service svc_name | ggsn-service svc_name | imsi imsi [ ip-address sub_address [ username name ] now | nsapi nsapi [ ip-address sub-address [ username name ] | username name ] ] | ip-address sub_address [ username name ] | ip-pool pool_name | mcc mcc_number mnc mnc_number | msisdn msisdn_num | sgsn-address ip_address | sgsn-service svc_name | username name ] +
The default keyword was added to the syntax.
[ default ] gtpp max-cdrs number [ wait-time seconds ]
New keywords GAN and
HSPA added to support Generic Access Network and High Speed Packet Access type of radio access technology with SGSN address in GGSN service configuration mode.
sgsn address {{ip_address [ subnetmask netmask ]} | ip_address/netmask}[plmn-foreign [ reject-foreign-subscriber ]
| mcc mcc_code mnc mnc_code [ reject-foreign-subscriber ] ] [ rat-type { GAN | GERAN | HSPA | UTRAN | WLAN }] [ description description ]
[ disable-gtpc-echo ]
no sgsn { address ip_address [ subnetmask netmask ] }
[ no ] sgsn multiple-address-group grp_name [ disable-gtpc-echo ]
[ mcc mcc_code mnc mnc_code [ reject-foreign-subscriber ] ]
[ plmn-foreign [ reject-foreign-subscriber ] [ rat-type { GAN | GERAN | HSPA | UTRAN | WLAN }] [ description description ]
gtpp dictionary {custom1 | custom10 | custom11 | custom12 | custom13 | custom14 | custom15 | custom16 | custom17 | custom18 | custom19 | custom20 | custom21 | custom22 | custom23 | custom24 | custom25 | custom26 | custom27 | custom28 | custom29 | custom3 | custom30 | custom4 | custom5 | custom6 | custom7 | custom8 | custom9 | standard }
This command configures the parameters and triggers for eG-CDRs. This command has a new keyword set - final-record, with multiple options - to fine-tune the configuration of the final eG-CDRs.
gtpp egcdr { final-record [ closing-cause [ same-in-all-partials | unique ] | include-content-ids [ all | only-with-traffic ] ] | losdv-max-containers number | lotdv-max-containers number | service-data-flow threshold [ interval seconds | volume { downlink | total | uplink } bytes ] | service-idle-timeout seconds }
New keyword default added to this command and now system sends UDP checksum in outgoing UPD packets by default.
New keyword purge-processed-files added in this command to configure the periodic deletion of local processed (*.p) CDR files from the Hard disk on SMC card. This keyword deletes the processed CDR files in every 4 minutes.
gtpp storage-server local file { compression { gzip | none } | format { custom1 | custom2 | custom3 | custom4 | custom5 } | name prefix prefix | purge-processed-files | rotation { cdr-count count | time-interval time | volume size } }
New keyword auto-readjust [ duration dur ] added in this command to configure the burst size dynamically. It also provides different burst size for Peak and Committed data rate-limiting through an APN.
qos rate-limit { downlink | uplink } [ class { background | conversational | interactive traffic_priority | streaming } ] [ burst-size { bytes | auto-readjust [ duration dur ] } ] [ exceed-action { drop | lower-ip-precedence | transmit } [ violate-action { drop | lower-ip-precedence | shape [transmit-when-buffer-full] | transmit }]] | [ violate-action { drop | lower-ip-precedence | shape [transmit-when-buffer-full] | transmit } [ exceed-action { drop | lower-ip-precedence | transmit }]] +
no qos rate-limit direction { downlink | uplink } [ class { background | conversational | interactive traffic_priority | streaming } ]
The dup-addr-detection option has been added to the policy keyword. This configuration allows an IPv6 shared pool prefix to be shared in multiple call sessions with different interface IDs for an IPv6 address, and duplicate interface IDs are detected.
ipv6 pool name prefix
ip_address/len shared policy dup-addr-detection
New keyword local-hostname hostname added to this command to
configures the LAC-Hostname AVP to be used for the communication with the LNS peer for an APN.
tunnel l2tp [peer-address lns-address [[encrypted] secret l2tp_secret] [preference num] [tunnel-context name] [local-address ip-address] [crypto-map map_name {[encrypted] isakmp-secret crypto_secret}] [local-hostname hostname]
New keyword added to authentication command in HA Configuration mode to configure the usage of AAA distributed MIP keys for authenticating RRQ for WiMax HA calls.
authentication {aaa-distributed-mip-keys [disabled | optional | required]| imsi-auth | mn-aaa {allow-noauth | always | dereg-noauth | noauth | renew-reg-noauth | renew-and-dereg-noauth} | mn-ha {allow-noauth | always}}
This command identifies DNS IP addresses from foreign networks that are to be redirected to the home DNS. A maximum of 16 intercept rules (either redirect or pass-thru) are allow for each intercept list.
Since this command is configured in the source context, the destination context containing the path to the home network DNS is identified using the Context Configuration Mode command ip dns-proxy source-address.
This command enables/disables Network Address Translation (NAT) processing for all subscribers using this rulebase. The optional keyword
default-nat-realm was added to this command. This enables to configure the default NAT realm to be used if one is not already configured.
PDIF decides the radius attributes values and inclusion/exclusion criteria normally through configured radius dictionaries. However, generation of each new dictionary requires a new ST40 PDIF image. The above command is an exception for specifying the required values for the attribute without building a new software image. 3gpp2-serving-pcf is an addition to the existing aaa attribute CLI under PDIF-service config mode.
Sets the aaa authentication for first and second phase authentication when multiple authentication is configured on the system. Two phase-authentication happens in IKEv2 setup for setting up the IPSec session. The first authentication uses Diameter AAA EAP method and second authentication uses RADIUS AAA authentication. The same AAA context may be used for both authentications. PDIF service allows you to specify only a single AAA group, which could normally be used for the first authentication method.
A given AAA group only supports either Diameter or RADIUS authentication. If the NAI in the first authentication is different from NAI in the second authentication each NAI can point to a different domain profile in the PDIF. Each domain profile may be configured with each AAA group, one for Diameter and the other for RADIUS.
{ context-name name aaa-group name } }
The authentication command has a new keyword gateway to configure the pre-shared gateway key. The key is either encrypted or clear.
There is also a new keyword second-phase eap-profile for installations using multiple authentication and need to configure a second EAP profile
authentication eap-profile name [ second-phase eap-profile name ]
PDIF now supports encryption at Diffie-Hellman Group level 14. Selecting any group automatically enables Perfect Forward Secrecy. Selecting the new keyword
none disables PFS.
none is the default setting.
The NULL encryption algorithm represents the optional use of applying encryption within ESP. ESP can then be used to provide authentication and integrity without confidentiality.
ikev2-ikesa { keepalive-user-activity | max-retransmissions number | retransmission-timeout msec |
policy error-notification [ invalid-message-id | invalid-syntax ] | setup-timer sec | transform-set list name }
The peer command has been amended so the user can administratively enable and disable a Diameter peer. If the peer is disabled, it still retains its configuration. The default option is to Enable.
peer peer_name admin-status { enable | disable }
default peer peer_name admin-status
The dup-addr-detection option has been added to the policy keyword. This configuration allows an IPv6 shared pool prefix to be shared in multiple call sessions with different interface IDs for an IPv6 address, and duplicate interface IDs are detected.
ipv6 pool name prefix
ip_address/len shared policy dup-addr-detection
The auto option has been added to the rate keyword. This configuration allows the rate to be set by the peer.
link aggregation { master | member | group N }
[ lacp { active | passive } ] [ rate { auto | slow | fast } ]
This ue-ip-address-range has been added to specify a UE IP address/range for a specific access type.
access-type { 3gpp-geran | 3gpp-utran-fdd | 3gpp-utran-tdd | 3gpp2-1x | 3gpp2-1x-hrpd | 3gpp2-umb | adsl | adsl2 | adsl2p | docsis | gshdsl | hdsl | hdsl2 | idsl | ieee-80211 | ieee-80211a | ieee-80211b | ieee-80211g | ieee-80216e | radsl | sdsl | vdsl } access-profile { default | name access_profile_name } | ue-ip-address-range name ue_ip_name { address ip_address_mask | range start_ip_address end_ip_address }
no access-type { 3gpp-geran | 3gpp-utran-fdd | 3gpp-utran-tdd | 3gpp2-1x | 3gpp2-1x-hrpd | 3gpp2-umb | adsl | adsl2 | adsl2p | docsis | gshdsl | hdsl | hdsl2 | idsl | ieee-80211 | ieee-80211a | ieee-80211b | ieee-80211g | ieee-80216e | radsl | sdsl | vdsl } [ access-profile | ue-ip-address-range [ name ue_ip_name ] ]
The content-type keyword has been added.
[ no ] cnsa-media-profile profile_id cscf-service-policy policy_name content-type { application-3gpp-ims-xml | application-pidf-diff-xml | application-pidf-partial-xml | application-pidf-xml | application-reginfo-xml | application-sdp | application-xml | message-sipfrag | multipart-mixed | multipart-related | text-plain }
The location-info keyword has been added to specify the E2-interface for location-information.
diameter location-info { dictionary { e2custom01 | e2custom02 | e2custom03 | e2custom04 | e2custom05 | e2custom06 | e2custom07 | e2custom08 | e2custom09 | e2standard } | origin endpoint endpoint_name | peer-select peer peer_name [ peer-realm realm_name ] [ secondary-peer peer_name
[ sec-peer-realm realm_name ] ] }
diameter policy-control { dictionary { Gq-custom | Gq-standard | Rx-standard | Tx-standard | custom01 | custom02 | custom03 | custom04 | custom05 | custom06 | custom07 | custom08 | custom09 } | origin endpoint endpoint_name | peer-select peer peer_name [ peer-realm realm_name ]
[ secondary-peer peer_name [ sec-peer-realm realm_name ] ] }
The threshold congestion-control keyword has been added to configure the congestion control threshold values that are to be monitored on this CSCF service.
policy { allow-early-media | threshold congestion-control
[ system-cpu-utilization percent ] [ tolerance percent ] }
The foreign-network keyword has been added to specify that an entity belongs to a Foreign Network.
trusted-domain-entity address [ foreign-network ]
The gtpp group keyword has been added to this command to associate a defined GTPP group with the SGSN operator policy for accounting (CDR) purposes.
accounting context ctxt_name [ gtpp group grp_name ]
application-context-name application operation-timer value
The all-event keyword has been added to the
authenticate command that all procedures - attaches, service requests, RAUs, detaches, and activations - are to be authenticated for a specific SGSN operator policy.
The attach keyword has been modified and the
inter-rat keyword has been included to enable or disable (default) authentication for Inter-RAT Attaches.
The frequency keyword has been added to the
authenticate command to enable the configuration of 1-in-N selective authentication of subscriber events such as attach, RAU, service request, detach, activate primary PDP context requests.
authenticate { activate | all-events | attach | detach | rau | service-request } [ frequency frequency ] [ access-type
gprs |
umts ]
The authentica rau update-type command has been enhanced to include the
with inter-rat-local-ptmsi qualifier to enable or disable (default) authentication for Inter-RAT RAUs.
authenticate rau update-type { ra-update with inter-rat-local-ptmsi | combined-update with inter-rat-local-ptmsi | imsi-combined-update with inter-rat-local-ptmsi }
For this command, the nsei keyword has been changed to be
peer-nsei
This modified command defines an instance of the CC profile with the charging triggers, configured with modified keywords, the SGSN will use to generate various types of CDRs for the SGSN service.
cc profile profile_bits [ buckets number | interval time | tariff time1 mins hours [ time2 mins hours ] [ time3 mins hours ] [ time4 mins hours ] | volume { downlink down_vol uplink up_vol | total total_vol } ] +
New filter keyword nsapi added to this existing command to clear the subscriber and session information on the basis of network service access point identifier (NSAPI).
clear subscribers [
command_keyword ] [
filter_keywords ] [
| {
grep grep_options |
more}]
New filter keyword check-imei-every-n-events added to this existing command to set the frequency (1-in-N) of sending ‘check IMEI’ messages to the EIR. This reduces EIR-SGSN traffic.
equipment-identity-register { isdn E.164_num | point code pt_code }
[ source-ssn ssn | check-imei-every-n-events times ]
frame-relay path path_id { ds1 connects | e1 connects }
timeslots slot# [ intf-type intf_type ] [ lmi_type lmi_type ]
[ default ] gmm { mobile-reachable-timeout mins | negotiate-t3314-timeout secs | purge-timeout mins | T3302-timeout mins | T3312-timeout mins | T3313-timeout secs | T3350-timeout secs | T3360-timeout secs | T3370-timeout secs } +
The negotiate-t3314-timeout keyword has been modified in two way:
[ no | default ] gmm negotiate-t3314-timeout
[
<0-11160> seconds ]
gtpp dictionary { custom1 | custom10 | custom11 | custom12 | custom13 | custom14 | custom15 | custom16 | custom17 | custom18 | custom19 | custom2 | custom20 | custom3 | custom4 | custom5 | custom6 | custom7 | custom8 | custom9 | standard }
This command check points current GTPP accounting messages and identifies which types of interim CDRs are to be generated and sent to the external charging/storage servers (e.g., a CFG or a GSS). The impact of this command is immediate. The following keywords have been added to assist with fine tuning the GTPP messages:
gtpp interim now [ active-charging egcdr | apn apn_name | callid call_id | cdr-types { mcdr | scdr } | dhcp-server ip_address | gprs-service svc_name | ggsn-service svc_name | imsi imsi [ ip-address sub_address [ username name ] now | nsapi nsapi [ ip-address sub-address [ username name ] | username name ] ] | ip-address sub_address [ username name ] | ip-pool pool_name | mcc mcc_number mnc mnc_number | msisdn msisdn_num | sgsn-address ip_address | sgsn-service svc_name | username name ] +
The default keyword was added to the syntax.
[ default ] gtpp max-cdrs number [ wait-time seconds ]
The plmn-id-change keyword has been added to this command to enable the PLMN-ID-change trigger for S-CDRs if the dictionary specified in the
gtpp dictionary configuration supports the PLMN-ID change. If enabled, the SGSN generates a partial S-CDR when the MS changes the PLMN while under the same 2G SGSN. Currently, custom18 dictionary supports this trigger.
Two new keywords, interception-point-policy ( sms-mt or sms-mo) and
reprovision-target-policy resend-pdp-context-active-iri have been added to the
lawful-intercept command for use with an SGSN license to support interception of SMS messages.
lawful-intercept { acked-udp [ num-retry number ] [ timeout time ] | hand-off-policy send-start-intercept-with-pdp-active-iri | interception-point-policy { { sms-mo | sms-mt } { message-delivered | request-received } } | reprovision-target-policy resend-pdp-context-active-iri | src-ip-addr ip_address | tcp tcp_option | unack-format use-service-address }
A new keyword, hand-off-policy send-start-intercept-with-pdp-active-iri, has been added to the
lawful-intercept command for use with an SGSN license to enable/disable configuration to send ‘start intercept’ messages in the event of an ISRAU.
lawful-intercept { acked-udp [ num-retry number ] [ timeout time ] | hand-off-policy send-start-intercept-with-pdp-active-iri | interception-point-policy { { sms-mo | sms-mt } { message-delivered | request-received } } | reprovision-target-policy resend-pdp-context-active-iri | src-ip-addr ip_address | tcp tcp_option | unack-format use-service-address }
A new keyword, tcp, has been added to the
lawful-intercept command for use with an SGSN license to enable use of the TCP interface in place of the UPD interface. The new keyword includes timer and addressing options.
lawful-intercept { acked-udp [ num-retry number ] [ timeout time ] | hand-off-policy send-start-intercept-with-pdp-active-iri | interception-point-policy { { sms-mo | sms-mt } { message-delivered | request-received } } | reprovision-target-policy resend-pdp-context-active-iri | src-ip-addr ip_address | tcp
{ [ application-heartbeat-messages timeout time ] | [ connection-retry-timer time ] | [ content-delivery { dest-addr ipv4_add dest-port port } ]
[ event-delivery { dest-addr ipv4_add dest-port port } ]
| unack-format use-service-address }
The pdu-lifetime parameter has been moved from the
gmm command in the GPRS Service Configuration Mode to the
llc command in the same mode and the parameter’s default has been changed from 60 seconds to 6 seconds. As well, all the t200 timer names have been simplified.
llc { pdu-lifetime secs | T200 sapi1 time | T200 sapi11 t time | T200 sapi3 time | T200 sapi5 time | T200 sapi7 time | T200 sapi9 time }
The iov-ui-in-xid-reset keyword has been added to the
llc command to allow the operator to configure whether or not the SGSN sends IOV-UI in XID-RESET messages. The SGSN sends the IOV-UI by default.
llc { iov-ui-in-xid-reset | pdu-lifetime secs | T200 sapi1 time | T200 sapi11 t time | T200 sapi3 time | T200 sapi5 time | T200 sapi7 time | T200 sapi9 time }
The n201u-max keyword has been added to the
llc command to allow the operator to set the maximum size that can be negotiated for the downlink data packet (information field length for U/UI frames.
llc { iov-ui-in-xid-reset | n201u-max | pdu-lifetime secs | T200 sapi1 time | T200 sapi11 t time | T200 sapi3 time | T200 sapi5 time | T200 sapi7 time | T200 sapi9 time }
The uplink-pdu-len-validation keyword has been added to the
llc command to provide the operator the ability to validate or ignore the negotiated uplink N201_U packet size.
llc { iov-ui-in-xid-reset | n201u-max | pdu-lifetime secs | T200 sapi1 time | T200 sapi11 t time | T200 sapi3 time | T200 sapi5 time | T200 sapi7 time | T200 sapi9 time | uplink-pdu-len-validation }
This existing command is now enhanced with new keyword imeisv to include the International Mobile Equipment Identity-Software Version (IMEI-SV) information to include in GPRS Location Update (GLU) request message.
The network-service-entity frame-relay and
network-service-entity ip commands have been combined under this new command name -
network-service entity.
ip-local - to create an NSE instance within an IP environment and enter NSE-IP configuration mode, a sub-mode of the Global Configuration Mode . The Network Service Entity - IP mode enables you to configure the management functionality for the Gb interface between a BSS and an SGSN over a 2.5G GPRS IP network connection. This configuration mode includes the following commands.
peer-nsei - to create an NSE instance within a Frame Relay environment and enter the NSE-FR configuration mode, a sub-mode of the Global Configuration mode. The NSE-FR configuration mode enables you to define and manage the functionality for the Gb interface between a BSS and an SGSN over a 2.5G GPRS frame relay network connection. This configuration mode includes the following command:
|
l
|
nsvc to create a network service virtual connection instance and enter the NSVC configuration mode.
|
A new keyword - all-nsvc-failure-action - has been added to this command to configure how the SGSN handles the NSE when NSVC, connected to the BSC, go down. Options include:
Two new keywords - null-nri-value and
non-broadcast lac/rac - have been added to this command to facilitate the SGSN off loading procedure which is part of Gb flex (SGSN) pooling.
nri length length null-nri-value null_nri_value non-broadcast lac lac_id rac rac_id nri-value nri_value
The default value of the test keyword for the
ns-timer command has been increased from 5 to 30 seconds:
The command creates Network Service Virtual Connection Configuration sub-mode in the Network Service Entity Frame Relay configuration mode to define the management functionality for a specific network service virtual connection of the Gb interface between a BSS and an SGSN in a 2.5G GPRS frame relay network connection.
|
l
|
retries - command has been deprecated
|
|
l
|
timer - command has been deprecated
|
This command name has been modified - it was originally ns-vl - it is now
nsvl. Nothing else about this command has changed.
The command creates Network Service Virtual Link Configuration sub-mode in the Network Service Entity IP configuration mode to define the management functionality for a specific network service virtual link in a 2.5G GPRS IP network connection.
The command name has changed from paging-scheme to paging policy but it still configures the paging parameters for the GPRS service. Keywords (parameters) have been modified and combined to enhance efficiency:
With the addition of the zero (‘0’) to the value range for the max-retransmissions keyword,
it is now possible to disable retransmissions for paging policy so only a single 2G PS-paging request will be sent to the BSC.
New keyword (partial-apn-match) has been added to the
sm command to optimize radio resource usage by managing signaling between the MS and the SGSN. Specifically, this keyword enables partial matching of a requested APN during APN selection.
sm { activate-max-retransmissions num_retries | deactivate-max-
retransmissions num_retries | ignore-pco-decode-error | modify-max-retransmissions num_retries | partial-apn-match | requested-apn-from-first-subrec | t3385-timeout secs | t3386-timeout secs | t3395-timeout secs | trim-trailing-spaces-in-apn }
This command has a new keyword - pooled - which enables
pooling with non-pooled BSCs within the pool area.
peer-nsei nse_id { lac lac_id rac rac_id | pooled }
[ no ] peer-nsei nse_id { lac lac_id rac rac_id | pooled }
The qos command, in the SGSN operator policy's APN policy configuration mode, has been modified to support capping of the local QoS bit rate when the subscribed QoS provided by the HLR is lower than the locally configured value.
This new CLI keyword enables the operator to configure the GMM cause code that will be included in the Routing Area Update Reject message sent to the MS when the peer SGSN address resolution process fails during Inter SGSN RAU.
This new keyword for the sm command enables use of a ‘requested APN’ from the first subscription record.
[ default | no ] sm requested-apn-from-first-subrec
The words gprs-only and s
gsn-only have been added to various show session commands to limit output to MM and PDP context information.
A new keyword has been added to the sm command,
ignore-pco-decode-error. This option enables the SGSN to ignore received decode errors that are due to incorrectly encoded PCO IE length in SM Requests.
New keyword (trim-trailing-spaces-in-apn) has been added to the
sm command to optimize radio resource usage by managing signaling between the MS and the SGSN. Specifically, this keyword enables the SGSN to strip off any trailing space(s) in the requested APN.
sm { activate-max-retransmissions num_retries | deactivate-max-
retransmissions num_retries | ignore-pco-decode-error | modify-max-retransmissions num_retries | partial-apn-match | requested-apn-from-first-subrec | t3385-timeout secs | t3386-timeout secs | t3395-timeout secs | trim-trailing-spaces-in-apn }
apn { network-identifier apn_net_id | operator-identifier apn_op_id }
The authentica rau update-type command has been enhanced to include the
with inter-rat-local-ptmsi qualifier to enable or disable (default) authentication for Inter-RAT RAUs.
authenticate rau update-type { ra-update with inter-rat-local-ptmsi | combined-update with inter-rat-local-ptmsi | imsi-combined-update with inter-rat-local-ptmsi }
frame-relay path path_id { ds1 connects | e1 connects }
timeslot slot# [ intf-type intf_type ] [ lmi_type lmi_type ]
New keyword purge-processed-files added in this command to configure the periodic, every 4 minutes, deletion of local processed (*.p) CDR files from the hard disk on SMC card.
gtpp storage-server local file { compression { gzip | none } | format { custom1 | custom2 | custom3 | custom4 | custom5 } | name prefix prefix | purge-processed-files | rotation { cdr-count count | time-interval time | volume size } }
The keyword imsi has been added to the
imsi command to enable the IMSI (E.212 address) to be used as the destination address in the HLR configuration.
imsi { any | starts-with prefix_number } { imsi [ sgsn-source-address-format point-code-ssn [ source-ssn ssn ] | isdn isdn_number | mobile-global-title mgt_number | point-code pt-code } }
imsi { any | starts-with prefix_number } { imsi [ sgsn-source-address-format point-code-ssn [ source-ssn ssn ] | isdn isdn_number | mobile-global-title mgt_number | point-code pt-code } }
The n201u-max keyword has been added to the
llc command to allow the operator to set the maximum size that can be negotiated for the downlink data packet (information field length for U/UI frames.
llc { iov-ui-in-xid-reset | n201u-max | pdu-lifetime secs | T200 sapi1 time | T200 sapi11 t time | T200 sapi3 time | T200 sapi5 time | T200 sapi7 time | T200 sapi9 time }
The non-broadcast keyword in this command has been modified to include the values of the PLMN’s MCC and MNC to enable support for multiple IuPS Services when Iu-Flex is utilized.
nri length nri_length { nri-value nri_value | null-nri-value null_nri_value non-broadcast mcc
mcc mnc
mnc lac lac_id rac rac_id [ nri-value value }
The qos command, in the SGSN operator policy's APN policy configuration mode, has been modified to support capping of the local QoS bit rate when the subscribed QoS provided by the HLR is lower than the locally configured value.
Keyword auto-readjust and keyword
duration have been added as options to the
burst-size keyword to expand functionality and provide dynamic burst-size calculation support for traffic policing.
|
l
|
readjust : This keyword enables dynamic burst-size calculation support for traffic policing.
|
|
l
|
duration < seconds> : Must be an integer from 1 to 30. This keyword sets the number of seconds that the dynamic burst-size calculation will last.
|
qos rate-limit direction { downlink | uplink } class <traffic-class> [burst-size { auto-readjust [ duration <seconds> ] | <bytes> } ]
The radio-network-controller command has been changed to make it easier for the operator to enter the command. The new command to create an RNC configuration instance is
rnc. Identification of the MCC and MNC are no longer associated with the configuration instance.
ranap allocation-retention-priority-ie subscription-priority priority class { { background | conversational | interactive | streaming } { not-pre-emptable | priority | queuing-disallowed | shall-not-trigger-pre-emptable } + }
[ default | remove | no ] ranap allocation-retention-priority-ie [ subscription-priority priority class { background | conversational | interactive | streaming } ]
This command is deprecated. The Diameter dictionaries for accounting and authentication can now be configured using the
diameter accounting dictionary and
diameter authentication dictionary commands.
diameter dictionary { aaa-custom1 | aaa-custom10 | aaa-custom2 | aaa-custom3 | aaa-custom4 | aaa-custom5 | aaa-custom6 | aaa-custom7 | aaa-custom8 | aaa-custom9 | nasreq | rf-plus }
The fragment-size command has been removed from DLCI Configuration Mode.
The header-type command has been removed from DLCI Configuration Mode.
The pwe3-cseopsn keyword has been obsoleted and replaced with the
mtp2 keyword.
The tx-priority command has been removed from DLCI Configuration Mode.
The vc-mapping command has been deprecated and removed from the Channelized Port Configuration Mode. Frame mapping is now completely standards compliant and done through
path command configuration explained in the
Channelized Port Configuration Mode chapter in the
Command Line Interface Reference.
Removed “treatment { conversational | streaming | background | interactive-1 | interactive-2 | interactive-3}” keyword from this command:
{ deny | permit } [ log ] { tcp | udp } { { source_address source_wildcard | any | host source_host_address } [ eq source_port | gt source_port | lt source_port | neq source_port ] } { { dest_address dest_wildcard | any |
host dest_host_address } [ eq dest_port | gt dest_port | lt dest_port | neq dst_port ] | treatment { conversational | streaming | background | interactive-1 | interactive-2 | interactive-3}}
This command deprecated and replaced with ikev1 disable-phase1-rekey command.
This command deprecated and replaced with ikev1 keepalive dpd command.
[ no ] isakmp keepalive dpd interval interval timeout time num-retry retries
This command deprecated and replaced with ikev1 policy command.
[ no ] isakmp policy priority
timeout action { allow | content-insertion content_string | discard | redirect-url url | terminate-flow }
timeout action { allow | content-insert content_string | discard | redirect-url url | terminate-flow | www-reply-code-and-terminate-flow reply_code } [ edr edr_format_name ]
This command defines a rule definition to analyze and charge user traffic based on APN bearer. In StarOS 8.1 and later, this command is deprecated and is replaced by the
bearer 3gpp apn command.
This command defines a rule definition to analyze and charge user traffic based on International Mobile Station Identification number (IMSI) in bearer flow. In StarOS 8.1 and later, this command is deprecated and is replaced by the bearer
3gpp imsi command.
[ no ] bearer imsi { operator imsi | { !range | range } imsi-pool imsi_pool }
This command defines a rule definition to analyze and charge user traffic based on the Radio Access Technology (RAT) in bearer flow. In StarOS 8.1 and later, this command is deprecated and is replaced by the
bearer 3gpp rat-type command.
This command defines a rule definition to analyze and charge user traffic based on SGSN address associated in bearer flow. This command is deprecated and replaced by the
bearer 3gpp sgsn-address command.
This command is deprecated for GGSN service from APN configuration mode and Subscriber Configuration Mode. Dynamic QoS renegotiation support is now in Enhanced Charging Service configuration.
Keyword qos-renegotiate time is removed from this command for GGSN service from APN configuration mode and Subscriber Configuration Mode. Dynamic QoS renegotiation support is now in Enhanced Charging Service configuration.
- T10-timeout
- T12-1-timeout
- T12-2-timeout
- T6-1-timeout
- T8-timeout
- T9-timeout
- access-protocol
- location-area-code-list
- max-N10-retransmission
- max-N12-retransmission
- max-N8-retransmission
- max-N9-retransmission
- vlr-hash
Replacement commands have been documented in the NSE-IP Configuration Mode chapter of the
CLI Reference Guide.
- page-timer
- path-failure
- periodic-ra-upd-timer
- plmn
- purge-timer