New command added to create new configuration mode named IP VRF Context Configuration Mode to configure the parameters for GRE tunnel interface support. This command configures Virtual Routing and Forwarding (VRF) parameters and also creates IP VRF Context instance for GRE tunnel interface configuration. For more information, refer
IP VRF Context Configuration Mode Commands chapter in
Command Line Interface Reference.
New command added to create new configuration mode named OSPF VRF Configuration Mode to configure the virtual routing and forwarding (VRF) context instances for OSPF routing protocol. This mode includes commands that configure VRF instance for OSPF routing parameters. For more information, refer
OSPF VRF Context Configuration Mode Commands chapter in
Command Line Interface Reference.
New command added to configure the parameters for GRE tunnel interface support. This command configures the IP VRF forwarding and associates preconfigured VRF context with the current interface for GRE tunnel interface configuration.
New command added to configure the parameters for GRE tunnel interface support. This command associates the Virtual Routing and Forwarding (VRF) Context instance for GRE tunnel interface configuration with specific AAA group.
New command added to configure the parameters for GRE tunnel interface support. This command associates the Virtual Routing and Forwarding (VRF) Context instance for GRE tunnel interface configuration with default AAA group.
New optional keyword added to configure the RADIUS client to sent VLAN ID with nexthop forwarding address to system when running in single nexthop gateway mode.
[ no ] radius attribute nas-ip-address address primary_address [ nexthop-forwarding-address nexthop_address [ vlan vlan_id ] ]
group-of-prefixed-urls group_name [ -noconfirm ]
This command configures the maximum number of outstanding ICMP requests to store for ICMP reply matching. This command will be available to all products using Enhanced Charging Service.
This command defines a rule definition to analyze and charge user traffic based on any match (catch-all) expression for Internet Control Message Protocol Version 6 (ICMPv6).
[ no ] ip version operator ip_version
This command configures specified ruledefs/group-of-ruledefs as dynamic post-processing ruledefs/group-of-ruledefs enabling to differentiate between normal post-processing rules from pre-configured ones.
post-processing dynamic { group-of-ruledefs group_name | ruledef ruledef_name } charging-action charging_action [ description description ]
This command adds URLs to be filtered to a group-of-prefixed-URLs. This command used for the URL Filtering feature, and is available in the new ACS Group-of-Prefixed-URLs Configuration Mode.
New command added to configure the GGSN to enable the RAN Procedure Ready feature for the particular GGSN service and specify the timeout period for RAN procedure timer in GGSN which is started on arrival of every secondary Create PDP Context request.
Once a “Create PDP Context Request” is received by GGSN from SGSN, a timer will be started at GGSN and GGSN will wait till the Radio Access Bearer setup is completed and “Update PDP Context Request” is sent by SGSN. If any downlink data is received before arrival of “Update PDP Context Request” or before timer expire, that downlink packets will be queued or buffered.
To support this feature each sub-session uses a common flag ‘ran procedure ready state’, whenever a “Create PDP Context Request” is received for secondary PDP context and sub-session is allocated, this flag will be set to TRUE by default. This common flag is checked while sending downlink traffic, if this flag is FALSE then GGSN permit flow of downlink data but, if it is TRUE, GGSN will queue the downlink packets.
If “Update PDP Context Request” is received by GGSN with RAN Procedure flag set or if timer expires the ‘ran-procedure ready state’ flag in sub-session will be reset and hence GGSN will start sending queued packets in ‘first-in first-out’ manner and buffering will be disabled for further downlink traffic.
gtpc private-extension {{{focs | odb} access-list acl_name in disconnect-on-violation }| ggsn-preservation-mode | insk | loss-of-radio-coverage | none}
This command configures action to take on TCP idle timeout expiry. In this release, this CLI configuration is also available to NAT with the “[600-00-7805]
NAT/PAT With DPI” license.
This command configures the Private IP NPU Flow Timeout setting. By default, for NAT-enabled calls the downlink private IP NPU flow will not be installed at call setup for a subscriber session. The flow will only be installed on demand. When there is no traffic on the private flow, the private IP flow will be removed after the configurable timeout period.
New command added to enable the L2TP LAC to send accounting correlation information (Correlation-Id, NAS-IP-Address and NAS-ID) in L2TP control message (ICRQ) during session setup to LNS. LNS can be configured to include this information in ECS billing records, so that billing servers can easily correlate accounting records from PDSN/LAC and LNS.
p2p-dynamic-rules { { file location [ force ] } | { protocol [ all | bittorrent | directconnect | edonkey | gnutella | skype | yahoo + ] } }
apn-selection-default network-identifier <apn_net_id> [ require-subscription-apn network-identifier <apn_net_id>]
New command to enable/disable the GTPC private extension in cases of loss of radio coverage (LORC). This is one of the two commands required to enable the overcharging protection feature.
New CLI has been added to enable configuration of the SGSN to negotiate or change or "not" to negotiate or change the value of the ARP received from the GGSN. This configuration of the SGSN will allow the ARP sent by GGSN in CPCR / UPCR / UPCQ to be applicable as an overriding value.
ranap { paging-cause-ie { all | background-data <value> | conversational-data <value> | gmm-signalling <value>| gs-signalling <value> | interactive-data <value> | sm-signalling <value> | sms-signalling <value> | streaming-data <value> } | { signalling-indication-ie { rab-assignment-request [ relocation-request ] | relocation-request [ rab-assignment-request ] } }
New command to include the detection cause for loss of radio coverage in the Iu Release message. This is one of the two commands required to enable the overcharging protection feature.
This command specifies the Diameter Credit Control primary and secondary host for credit control. This command now enables specifying IMSI prefix or suffix, or IMSI prefix or suffix ranges for peer selection. In this release, this change is only available to UMTS networks.
diameter peer-select peer peer_name [realm realm_name] [secondary-peer sec_peer_name [ realm realm_name ] ] [ imsi-based { [ prefix | suffix ] imsi/prefix/suffix_start_value } [ to imsi/prefix/suffix_end_value ]]
no diameter peer-select [ imsi-based { [ prefix | suffix ] imsi/prefix/suffix_start_value } [ to imsi/prefix/suffix_end_value ]
ip arp ip_address mac_address [vrf
vrf_name]
[ no ] ip route {ip_address/ip_mask | ip_address ip_mask}
{ gateway_ip_address | next-hop next_hop_ip_address | point-to-point | tunnel} egress_intrfc_name [ cost cost ]
[ precedence precedence ] [vrf vrf_name] +
ospf graceful-restart { grace-period grace_period | helper { never | policy { only-reload | only-upgrade } }
This command configures interpretation of Charging-Rule-Base-Name AVP from PCRF either as active-charging rulebase or active-charging group-of-ruledefs. The optional keyword
ignore-when-removed was added to this command.
When Charging-Rule-Base-Name AVP is interpreted as active-charging rulebase, if PCRF requests the removal of a Charging-Rule-Base-Name, which is the same as the rulebase used for that PDP context, the PDP context is terminated. This is because after removal of the rulebase, the PDP context will have no rulebase. This is the default behavior.
When the ignore-when-removed option is configured, PCRF request for removal of Charging-Rule-Base-Name is ignored and no action is taken.
This command enables/disables Active Charging Service (ACS) with or without Category-based Content Filtering application. The
static-and-dynamic keyword was added to this command, which for Dynamic Content Filtering support, specifies that the Dynamic Rater Package (model and feature files) must be distributed to rating modules on startup, recovery, etc.
This command configures the current context’s RADIUS accounting function options. The stop-only keyword was added to this command, which specifies archiving of STOP accounting messages only.
radius accounting { archive [ stop-only ] | deadtime dead_minutes | detect-dead-server { consecutive-failures count | keepalive | response-timeout seconds } | interim interval seconds | max-outstanding msgs | max-pdu-size octets | max-retries tries | max-transmissions trans | timeout idle_seconds | unestablished-sessions }
default radius accounting { deadtime | detect-dead-server | interim interval seconds | max-outstanding | max-pdu-size | max-retries | max-transmissions | timeout }
A new security level, priv-auth, has been added to the
snmp target command to support SNMPv3 notifications. When the security level is set to
priv-auth, both authentication and encryption are enabled.
snmp target name ip_address [ port number ] [ non-default ] [ security-name string ] [ version { 1 | 2c | 3| view ] [security-level { noauth | { auth | priv-auth privacy [encrypted] des } authentication [encrypted] { md5 | sha } } } [ informs | traps ]
New configuration keyword added to create new configuration mode named GRE Tunnel Interface Configuration Mode for GRE interface configuration. Refer
GRE Tunnel Interface Configuration Mode Commands chapter in
Command Line Interface Reference.
This command enables the specified Content Filtering mode within a rulebase. In this release, specifying the static-and-dynamic mode enables dynamic rating in the rulebase after static rating fails.
This command upgrades the Static Rating Database (SRDB) for Category-based Content Filtering application. The
rater-pkg option was added to this command. This enables manual upgrades of the Dynamic Content-Filtering Rater Package (
rater.pkg file). The
rater.pkg file contains the models and feature counters that are used to return the dynamic content rating. The upgrade will trigger distribution of the
rater.pkg to all the SRDBs.
This command configures the type of billing to be performed for subscriber sessions. The rf keyword was added to this command. This keywords enables Rf accounting. Rf accounting is applicable only for dynamic and predefined rules that are marked for it. Dynamic rules have a field offline-enabled to indicate this. To mark a predefined rule as offline-enabled, use this keyword and the billing-action CLI in the Charging Action Configuration Mode.
billing-records { egcdr | radius | rf | udr udr-format udr_format_name } +
This command defines a rule definition to analyze and charge user traffic based on FTP command ID. This release onwards, the command identifier for a rule definition can be specified as an integer from 0 through 18.
This command defines a rule definition to analyze and charge user traffic based on FTP command name. This release onwards, the following options are supported for FTP analyzer:
[ no ] ip dst-address { operator { ip_address | ip_address/mask } | { !range | range } host-pool host_pool }
ip protocol = protocol_number
This command defines a rule definition to analyze and charge user traffic based on the protocol being transported by IP packets. This command now accepts
icmpv6 protocol option.
[ no ] ip protocol operator { protocol_assignment | ah | esp | gre | icmp | icmpv6 | tcp | udp }
ip remote-address = { ip_address | ip_address/mask }
This command defines a rule definition to analyze and charge user traffic matching the IP address of the destination, i.e. from the subscriber, of the connection. This command now accepts IPv6 addresses.
[ no ] ip server-ip-address { operator { ip_address | ip_address/mask } | { !range | range } host-pool host_pool }
[ no ] ip src-address { operator { ip_address | ip_address/mask } | { !range | range } host-pool host_pool }
This command defines a rule definition to analyze and charge user traffic matching the IP address of the subscriber (either source address or destination address). This command now accepts IPv6 addresses.
[ no ] ip subscriber-ip-address { operator { ip_address | ip_address/mask } | { !range | range } host-pool host_pool }
This command configures the post-processing action to be taken on the specified ruledef in the rulebase. The
group-of-ruledefs keyword was added to the command. This enables assigning the specified group-of-ruledefs to the rulebase.
post-processing priority priority { group-of-ruledefs group_name | ruledef ruledef_name } charging-action charging_action_name [ description description ]
rule-variable protocol rule priority priority [ in-quotes ]
no rule-variable protocol rule [ priority priority ]
New keyword custom8 added to define customized CDR file format It uses
node-id-suffix_
date_
time_
fixed-length-seq-num.
u format for file naming where:
|
l
|
date is date in MMDDYYYYY (01312010) for mat
|
|
l
|
time is time in HHMMSS (023508) format
|
|
l
|
fixed-length-seq-num is the fixed length of sequence number for specific file having 6 digit counter starting from 000001 and end to 999999. Once file sequence reached to 999999 the sequence will be reset to 000001.
|
gtpp storage-server local file { compression { gzip | none } | format { custom1 | custom2 | custom3 | custom4 | custom5 | custom6 | custom7 | custom8 } | name prefix prefix | purge-processed-files [ purge-interval purge_dur ] | rotation { cdr-count count | time-interval time | volume size} }
default gtpp storage-server local file { compression | format | name prefix | purge-processed-files | rotation { cdr-count | time-interval | volume } }
New optional keywords username-strip-apn and
password-use-pco added to configure support for AAA Auth user name as MSISDN/IMSI and password as PCO received password for APN.
authentication {[ msid-auth | imsi-auth [username-strip-apn] [password-use-pco] | msisdn-auth [username-strip-apn] [password-use-pco]]| [ allow-noauth ][ chap preference ][ mschap preference ] [ pap preference ]}
With the NAT-only license [600-00-7805] NAT/PAT With DPI, the
trigger open-port keyword is no longer available with this command. In the earlier releases, for NAT this keyword was not functional.
access-rule { no-ruledef-matches { downlink | uplink } action { deny [ charging-action charging_action ] | permit [ bypass-nat | nat-realm nat_realm ] } | priority priority { [ dynamic-only | static-and-dynamic ] access-ruledef ruledef_name { deny [ charging-action charging_action ] | permit [ bypass-nat | nat-realm nat_realm ] } } }
This command enables adding, modifying, and deleting an IP address pool in the current context. The following keywords and associated options were added to this command for the Network Address Translation (NAT) feature:
|
l
|
nat-one-to-one: This keyword and associated options enable configuring one-to-one NAT realms.
|

IMPORTANT:
On upgrading from StarOS 8.1 to StarOS 9.0, all NAT realms configured in StarOS 8.1 using the
nat-realm keyword must in StarOS 9.0 be reconfigured using one of the following keywords:
- nat-one-to-one
- napt-users-per-ip-address
For example, the following command in StarOS 8.1 configuration:
ip pool pool1 range 11.22.33.44 55.66.77.88 nat-realm ...
must in StarOS 9.0 be reconfigured to one of the following:
ip pool pool1 range 11.22.33.44 55.66.77.88 nat-one-to-one ...
ip pool pool1 range 11.22.33.44 55.66.77.88 napt-users-per-ip-address ...
ip pool name { ip_address subnet_mask | ip_addr_mask_combo | range start_ip_address end_ip_address } [ private [ priority ] | public [ priority ] | static ] [ tag { none | pdif-setup-addr } ] [ address-hold-timer seconds | alert-threshold [ group-available | pool-free | pool-hold | pool-release | pool-used ] low_thresh [ clear high_thresh ] ] [ group-name group_name ] [ include-nw-bcast ] [ nat priority ] [ nexthop-forwarding-address ip_address [ overlap vlanid vlan_id ] [ nw-reachability server server_name ] [ respond-icmp-echo ip_address ] [ resource ] [ send-icmp-dest-unreachable ] [ explicit-route-advertise ] [ srp-activate ] [ suppress-switchover-arp ] [ unicast-gratuitous-arp-address ip_address ] [ policy allow-static-allocation ] [ nat-one-to-one [ [ alert-threshold [ { pool-free | pool-hold | pool-release | pool-used } low_thresh [ clear high_thresh ] + ] [ nat-binding-timer binding_timer ] [ on-demand ] [ send-nat-binding-update ] + ] | napt-users-per-ip-address users [ [ alert-threshold [ { pool-free | pool-hold | pool-release | pool-used } low_thresh [ clear high_thresh ] + ] [ max-chunks-per-user chunks ] [ nat-binding-timer timer ] [ on-demand ] [ port-chunk-size size ] [ port-chunk-threshold chunk_threshold ] [ send-nat-binding-update ] + ]
no ip pool name [ tag { none | pdif-setup-addr } ] [ address-hold-timer | alert-threshold [ group-available | pool-free | pool-hold | pool-release | pool-used ] ] [ group-name ] [ include-nw-bcast ] [ nexthop-forwarding-address ] [ nw-reachability server ] [ respond-icmp-echo ip_address ] [ send-icmp-dest-unreachable ] [ explicit-route-advertise ] [ send-nat-binding-update ] [ srp-activate ] [ suppress-switchover-arps ] [ unicast-gratuitous-arp-address ] [ policy allow-static-allocation ]
[ no ] p2p-detection protocol [ all | applejuice | ares | bittorrent | ddlink | directconnect | edonkey | fasttrack | feidian | filetopia | fring | gadugadu | gnutella | gtalk | halflife2 | hamachivpn | imesh | irc | iskoot | jabber | manolito | msn | mute | oovoo | orb | oscar | pando | popo | pplive | ppstream | qq | qqlive | skinny | skype | slingbox | sopcast | soulseek | steam | tvants | tvuplayer | uusee | vpnx | vtun | winmx | winny | wofwarcraft | xbox | yahoo | zattoo ] +
[ no ] p2p-detection protocol [ all | applejuice | ares | bittorrent | ddlink | directconnect | edonkey | fasttrack | feidian | filetopia | fring | gadugadu | gnutella | gtalk | halflife2 | hamachivpn | imesh | irc | iskoot | jabber | manolito | msn | mute | oovoo | orb | oscar | pando | popo | pplive | ppstream | qq | qqlive | skinny | skype | slingbox | sopcast | soulseek | steam | tvants | tvuplayer | uusee | vpnx | vtun | winmx | winny | wofwarcraft | xbox | yahoo | zattoo | freenet | aimini | battlefld | openft | qqgame | quake | secondlife | actsync | nimbuzz | iax | paltalk | warcft3 | rdp | iptv | pandora ] +
show active-charging analyzer statistics [ name protocol [ verbose ] ] [ | { grep grep_options | more } ]
show active-charging flows { all | [ connected-time [ < | > | greater-than | less-than ] seconds ] [ flow-id flow_id ] [ full ] [ idle-time [ < | > | greater-than | less-than ] seconds ]
[ ip-address [ server | subscriber ] [ < | > | IPv4 | greater-than | less-than ] address ] [ nat { not-required | required [ nat-ip nat_ip_address ] } ] [ port-number [ server | subscriber ] [ < | > | IPv4 | greater-than | less-than ] number ] [ rx-bytes [ < | > | greater-than | less-than ] number ]
[ rx-packets [ < | > | greater-than | less-than ] number ] [ session-id session_id ] [ summary ] [ trans-proto { icmp | tcp | udp } ] [ tx-bytes [ < | > | greater-than | less-than ] number ] [ tx-packets [ < | > | greater-than | less-than] number ] [ type flow_type ] } [ | { grep grep_options | more } ]
show active-charging sessions [ full [ wide ] | summary | display-dynamic-charging-rules | dynamic-charging ] { [ all ] | [ filter_keyword ] + } [ | { grep grep_options | more } ]
The use-serviceport-towards-network keyword has been added.
bind address ip_address [ access-ipsec-crypto-template template ]
[ cscf-hostname host_name ] [ max-sessions max# ] [ port number ]
[ reserved-call-capacity percentage] [ transport tcp ] [ use-serviceport-towards-network ]
The request-timeout sec, Rq-custom, and Rx-rel8 keywords have been added.
diameter location-info { dictionary { e2custom01 | e2custom02 | e2custom03 | e2custom04 | e2custom05 | e2custom06 | e2custom07 | e2custom08 | e2custom09 | e2standard } | origin endpoint endpoint_name | peer-select peer peer_name [ peer-realm realm_name ] [ secondary-peer peer_name
[ sec-peer-realm realm_name ] ] | request-timeout sec }
diameter policy-control { dictionary { Gq-custom | Gq-standard | Rq-custom| Rx-rel8 | Rx-standard | Tx-standard | custom01 | custom02 | custom03 | custom04 | custom05 | custom06 | custom07 | custom08 | custom09 } |
origin endpoint endpoint_name | peer-select peer peer_name [ peer-realm realm_name ] [ secondary-peer peer_name [ sec-peer-realm realm_name ] ] | request-timeout sec }
The n201u-max keyword has been added to the
llc command to allow the operator to set the maximum size that can be negotiated for the downlink data packet (information field length for U/UI frames.
llc { iov-ui-in-xid-reset | n201u-max | pdu-lifetime secs | T200 sapi1 time | T200 sapi11 t time | T200 sapi3 time | T200 sapi5 time | T200 sapi7 time | T200 sapi9 time }
The uplink-pdu-len-validation keyword has been added to the
llc command to provide the operator the ability to validate or ignore the negotiated uplink N201_U packet size.
llc { iov-ui-in-xid-reset | n201u-max | pdu-lifetime secs | T200 sapi1 time | T200 sapi11 t time | T200 sapi3 time | T200 sapi5 time | T200 sapi7 time | T200 sapi9 time | uplink-pdu-len-validation }
The qos command, in the SGSN operator policy's APN policy configuration mode, has been modified to support capping of the local QoS bit rate when the subscribed QoS provided by the HLR is lower than the locally configured value.
apn { network-identifier apn_net_id | operator-identifier apn_op_id }
application-context-name application operator timer time
css service name [ -noconfirm ]
css server name keepalive [ interval seconds ] [ local-address localIP ] [ num-retry number ] [ protocol { icmp | tcp } ] [ remote-address remIP ] [ timeout seconds ]
This command configures the action to take on TCP flows starting with a non-syn packet. In StarOS 9.0, this command is deprecated. This configuration is now available as the “
firewall tcp-fsm [ first-packet-non-syn { drop | permit | send-reset } ]” command.
The attach keyword has been modified and the
inter-rat keyword has been included to enable or disable (default) authentication for Inter-RAT Attaches.
The authentica rau update-type command has been enhanced to include the
with inter-rat-local-ptmsi qualifier to enable or disable (default) authentication for Inter-RAT RAUs.
authenticate rau update-type { ra-update with inter-rat-local-ptmsi | combined-update with inter-rat-local-ptmsi | imsi-combined-update with inter-rat-local-ptmsi }