This command allows you to specify the GTPP accounting context.

Product

eWAG

Privilege

Security Administrator, Administrator

Mode

Exec > Global Configuration > Context Configuration > IPSG RADIUS Server Configuration

configure > context context_name > ipsg-service service_name mode radius-server

Entering the above command sequence results in the following prompt:

[context_name]host_name(config-ipsg-service-radius-server)#

Syntax

Syntax Description

accounting-context context_name
no accounting-context

no

If previously configured, removes the accounting context configuration.

context_name

Specifies name of the GTPP accounting context.

context_name must be an alphanumeric string of 1 through 79 characters in length.

Usage Guidelines

Use this command to specify the GTPP accounting context.

This command allows you to associate an SGTP service with the current eWAG service.

Product

eWAG

Privilege

Security Administrator, Administrator

Mode

Exec > Global Configuration > Context Configuration > IPSG RADIUS Server Configuration

configure > context context_name > ipsg-service service_name mode radius-server

Entering the above command sequence results in the following prompt:

[context_name]host_name(config-ipsg-service-radius-server)#

Syntax

Syntax Description

associate sgtp-service sgtp_service_name [ context sgtp_context_name ]
no associate sgtp-service

no

If previously configured, removes the service association from the configuration.

sgtp-service sgtp_service_name

Specifies name of the SGTP service to associate with this service.

sgtp_service_name must be the name of an SGTP service, and must be an alphanumeric string of 1 through 63 characters in length.

context sgtp_context_name

Specifies name of the context in which the SGTP service is configured.

sgtp_context_name must be the name of the context, and must be an alphanumeric string of 1 through 63 characters in length.

If a context is not specified, the current context is used.

Usage Guidelines

Use this command to associate an SGTP service with the IPSG service. This enables the GTP functionality for eWAG supporting GTP-C (GTP Control Plane) messaging and GTP-U (GTP User Data Plane) messaging between eWAG and GGSN over the Gn' interface.

This command allows you to bind the current IPSG/eWAG service to a logical AAA interface, and specify the number of subscriber sessions allowed.

Product

eWAG

IPSG

Privilege

Security Administrator, Administrator

Mode

Exec > Global Configuration > Context Configuration > IPSG RADIUS Server Configuration

configure > context context_name > ipsg-service service_name mode radius-server

Entering the above command sequence results in the following prompt:

[context_name]host_name(config-ipsg-service-radius-server)#

Syntax

Syntax Description

bind accounting-proxy address ipv4_address [ max-subscribers max_sessions | port port_number | source-context source_context ]
bind address ipv4_address [ disconnect-message [ src-port source_port_number ] | max-subscribers max_sessions | port port_number | source-context source_context ]+
bind authentication-proxy address ipv4_address [ acct-port port_number | auth-port port_number | max-subscribers max_sessions | source-context source_context ]
no bind

no

If previously configured, removes the binding for the service.

bind accounting-proxy address ipv4_address [ max-subscribers max_sessions | port port_number | source-context source_context ]

bind address ipv4_address [ disconnect-message [ src-port source_port_number ] | max-subscribers max_sessions | port port_number | source-context source_context ]+

bind authentication-proxy address ipv4_address [ acct-port port_number | auth-port port_number | max-subscribers max_sessions | source-context source_context ]

Usage Guidelines

Use this command to bind the IPSG RADIUS Server/eWAG service to a logical AAA interface and specify the number of allowed subscriber sessions. If the AAA interface is not located in this context, configure the source-context parameter.

Use the accounting and authentication proxy settings to enable RADIUS proxy server functionality on the IPSG. These commands are used when the NAS providing the RADIUS request messages is incapable of sending them to two separate devices. The IPSG in RADIUS Server mode proxies the RADIUS request and response messages while performing the user identification task in order to provide services to the session.

This command allows you to configure the RADIUS authorization password that must be matched by the RADIUS accounting requests received by the current IPSG service.

Product

IPSG

Privilege

Security Administrator, Administrator

Mode

Exec > Global Configuration > Context Configuration > IPSG RADIUS Server Configuration

configure > context context_name > ipsg-service service_name mode radius-server

Entering the above command sequence results in the following prompt:

[context_name]host_name(config-ipsg-service-radius-server)#

Syntax

Syntax Description

connection authorization [ encrypted ] password password
no connection authorization

no

Deletes the RADIUS authorization from the current IPSG RADIUS Server service.

[ encrypted ] password password

Usage Guidelines

The IPSG RADIUS server service does not terminate RADIUS user authentication so the user password is unknown.

Use this command to configure the authorization password that the RADIUS accounting requests must match in order for the service to examine and extract user information.

Exits the current configuration mode and returns to the Exec mode.

Product

All

Privilege

Security Administrator, Administrator

Syntax

Syntax Description

end

Usage Guidelines

Use this command to return to the Exec mode.

Exits the current mode and returns to the parent configuration mode.

Product

All

Privilege

Security Administrator, Administrator

Syntax

Syntax Description

exit

Usage Guidelines

Use this command to return to the parent configuration mode.

This command allows you to configure multiple primary contexts having the same IMSI number.

Product

eWAG

Privilege

Security Administrator, Administrator

Mode

Exec > Global Configuration > Context Configuration > IPSG RADIUS Server Configuration

configure > context context_name > ipsg-service service_name mode radius-server

Entering the above command sequence results in the following prompt:

[context_name]host_name(config-ipsg-service-radius-server)#

Syntax

Syntax Description

gtp max-contexts-per-imsi max_value min-nsapi min_nsapi_value
default gtp max-contexts-per-imsi

default

Configures this command to disable use of multiple primary contexts. Only one PDP context per user is allowed.

max-contexts-per-imsi: 1

min-nsapi: 15

max-contexts-per-imsi max_value

Specifies the limit for the maximum number of contexts per IMSI.

max_value must be an integer from 1 through 11.

min-nsapi min_nsapi_value

Specifies the range of NSAPI values to be assigned to different PDP context of the same subscriber.

min_nsapi_valuemust be an integer from 5 through 15.

Usage Guidelines

Use this command to configure the maximum number of contexts per IMSI, and the range of NSAPI values to be assigned to different PDP context.

This command allows you to configure GGSN IP address under the eWAG service.

Product

eWAG

Privilege

Security Administrator, Administrator

Mode

Exec > Global Configuration > Context Configuration > IPSG RADIUS Server Configuration

configure > context context_name > ipsg-service service_name mode radius-server

Entering the above command sequence results in the following prompt:

[context_name]host_name(config-ipsg-service-radius-server)#

Syntax

Syntax Description

gtp peer-ip-address ipv4_address
no gtp peer-ip-address

no

Deletes the configuration, if previously configured.

gtp peer-ip-address ipv4_address

Specifies the GGSN IP address.

ipv4_address

Usage Guidelines

Use this command to configure the GGSN IP address under the eWAG service.

This command replaces the hidden mode command [ no ] ggsn-ip-address ipv4_address

This command enables you to configure IP parameters for the current eWAG service.

Product

eWAG

Privilege

Security Administrator, Administrator

Mode

Exec > Global Configuration > Context Configuration > IPSG RADIUS Server Configuration

configure > context context_name > ipsg-service service_name mode radius-server

Entering the above command sequence results in the following prompt:

[context_name]host_name(config-ipsg-service-radius-server)#

Syntax

Syntax Description

ip { gnp-qos-dscp | qos-dscp } qci { { { 1 | 2 | 3 | 4 | 9 } | { 5 | 6 | 7 | 8 } allocation-retention-priority { 1 | 2 | 3 } } { af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | be | ef | pt } } +
default ip { gnp-qos-dscp | qos-dscp }
no ip { gnp-qos-dscp | qos-dscp } qci { { 1 | 2 | 3 | 4 | 9 } | { 5 | 6 | 7 | 8 } allocation-retention-priority { 1 | 2 | 3 } } +

default

Configures this command, for specified option, with default setting for all QoS Class Identifier (QCI) values.

no

Resets configured value for specified QCI with its default setting.

gnp-qos-dscp

Specifies, for uplink direction, the DiffServ Code Point marking to be used for sending packets of a particular 3GPP QoS class.

qos-dscp

Specifies, for downlink direction, the DiffServ Code Point marking to be used for sending packets of a particular 3GPP QoS class.

qci { 1 | 2 | 3 | 4 | 9 }

Specifies the QCI attribute of QoS.

qci { 5 | 6 | 7 | 8 } allocation-retention-priority { 1 | 2 | 3 }

Specifies the QCI attribute of QoS with ARP.

allocation-retention-priority { 1 | 2 | 3 }: Specifies the ARP.

af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | be | ef | pt

Specifies the Per-Hop Forwarding Behavior (PHB) to use.

Usage Guidelines

Use this command to configure IP parameters for the eWAG service.

This command allows you to map the UE MAC received in the Calling-Station-Id RADIUS attribute to IMEIsV in order to forward it in the GTP CPC message to the GGSN.

Product

eWAG

Privilege

Security Administrator, Administrator

Mode

Exec > Global Configuration > Context Configuration > IPSG RADIUS Server Configuration

configure > context context_name > ipsg-service service_name mode radius-server

Entering the above command sequence results in the following prompt:

[context_name]host_name(config-ipsg-service-radius-server)#

Syntax

Syntax Description

[ default | no ] map ue-mac-to-imei 

default

If previously configured, disables mapping of UE MAC address to IMEIsV IE of GTP message in order to forward it to GGSN.

Default: Mapping is disabled.

no

If previously configured, disables mapping of UE MAC address to IMEIsV IE of GTP message in order to forward it to GGSN.

Usage Guidelines

Use this command to enable or disable mapping of UE MAC address to IMEIsV IE of GTP message in order to forward it to GGSN.

This command allows you to enable or disable overlapping of IP addresses which enables multiple users to use the same IP address.

Product

IPSG

Privilege

Security Administrator, Administrator

Mode

Exec > Global Configuration > Context Configuration > IPSG RADIUS Server Configuration

configure > context context_name > ipsg-service service_name mode radius-server

Entering the above command sequence results in the following prompt:

[context_name]host_name(config-ipsg-service-radius-server)#

Syntax

Syntax Description

[ default | no ] overlapping-ip-address 

default

If previously configured, disables IPSG support of overlapping IP addresses.

Using overlapping IP addresses is disabled by default.

no

If previously configured, disables IPSG support of overlapping IP addresses.

Usage Guidelines

Use this command to enable or disable overlapping IP addresses for subscribers on different networks that are independent of each other.

This command allows you to configure Public Land Mobile Network (PLMN) identifier for the current eWAG service.

Product

eWAG

Privilege

Security Administrator, Administrator

Mode

Exec > Global Configuration > Context Configuration > IPSG RADIUS Server Configuration

configure > context context_name > ipsg-service service_name mode radius-server

Entering the above command sequence results in the following prompt:

[context_name]host_name(config-ipsg-service-radius-server)#

Syntax

Syntax Description

plmn id mcc mcc_number mnc mnc_number
no plmn id

no

If previously configured, deletes the PLMN ID configuration.

mcc mcc_number

Specifies the mobile country code (MCC) part of the PLMN identifier for the eWAG service.

mcc_number must be a three-digit number ranging from 200 to 999.

mnc mnc_number

Specifies the mobile network code (MNC) part of the PLMN identifier for the eWAG service.

mnc_number must be a two- or three-digit number ranging from 00 to 999.

Usage Guidelines

Use this command to configure the location-specific mobile network identifiers included in the Routing Area Identity (RAI) field of the PDP Create Request messages sent to the GGSN.

This command allows you to configure the IPSG/eWAG service to use APN or subscriber profile.

Product

eWAG

IPSG

Privilege

Security Administrator, Administrator

Mode

Exec > Global Configuration > Context Configuration > IPSG RADIUS Server Configuration

configure > context context_name > ipsg-service service_name mode radius-server

Entering the above command sequence results in the following prompt:

[context_name]host_name(config-ipsg-service-radius-server)#

Syntax

Syntax Description

profile { APN [ default-apn apn_name ] | subscriber }
default profile

default

Configures this command with its default setting.

Default: APN

APN

Specifies to use APN profile for the service.

default-apn apn_name

Specifies the default APN to be used for the eWAG service.

apn_name must be the name of an APN, it must be an alphanumeric string of 1 through 62 characters in length, and can consist only of the alphabetic characters (A–Z and a–z), digits (0–9), dot (.), and the hyphen (-).

subscriber

Specifies to use subscriber profile for the service.

Usage Guidelines

Use this command to set the service to support APN profiles (supporting Gx through the enabling of ims-auth-service) or for basic subscriber profile lookup.

For the DeWAG service, this command must be configured with the subscriber option. This is because DeWAG will operate based on subscriber template profile selection only for connecting users. If the APN profile selection is configured, the DeWAG service will not be started.

This command allows you to specify the IP address and shared secret of the RADIUS accounting client from which RADIUS accounting requests are received. The RADIUS client can be either the access gateway or the RADIUS accounting server depending on which device is sending accounting requests.

Product

eWAG

IPSG

Privilege

Security Administrator, Administrator

Mode

Exec > Global Configuration > Context Configuration > IPSG RADIUS Server Configuration

configure > context context_name > ipsg-service service_name mode radius-server

Entering the above command sequence results in the following prompt:

[context_name]host_name(config-ipsg-service-radius-server)#

Syntax

Syntax Description

radius accounting { client { ipv4_address | ipv4_address/mask } [ encrypted ] key key [ acct-onoff [ aaa-context aaa_context_name ] [ aaa-group aaa_server_group_name ] [ clear-sessions ] + ] [ dictionary dictionary ] [ disconnect-message [ release-on-acct-stop acct_stop_wait_timeout  ] [ dest-port destination_port_number ] + | interim create-new-call | validate-client-ip }
no radius accounting { client { ipv4_address | ipv4_address/mask } | interim create-new-call | validate-client-ip }
default radius accounting { interim create-new-call | validate-client-ip }

no

If previously configured, removes the specified configuration.

ipv4_address | ipv4_address/mask

Specifies the IP address, and optionally subnet mask of the RADIUS client from which RADIUS accounting requests are received.

ipv4_address/ipv4_address/mask must be in IPv4 dotted-decimal notation.

A maximum of 16 IP addresses can be configured.

[ encrypted ] key key

acct-onoff [ aaa-context aaa_context_name ] [ aaa-group aaa_server_group_name ] [ clear-sessions ] +

Specifies to proxy accounting On/Off messages to AAA server.

dictionary dictionary

Specifies the dictionary to use.

dictionary can be one of the following.

disconnect-message [ release-on-acct-stop acct_stop_wait_timeout ] [ dest-port destination_port_number ]

Specifies to send RADIUS disconnect message to the configured RADIUS accounting client in call failure scenarios.

• release-on-acct-stop acct_stop_wait_timeout: Specifies to wait for the accounting stop request after sending the Packet of Disconnect (PoD) to the client for the specified time. This keyword is disabled by default.

  acct_stop_wait_timeout must be an integer from 10 through 300 seconds. This indicates the time to wait to clear the call in case IPSG does not receive any accounting stop for the subscriber after sending the PoD.

  This keyword is configured on a per RADIUS accounting client basis and not for the entire service.

• dest-port destination_port_number: Specifies the port number to which the disconnect message must be sent.

  destination_port_number must be an integer from 1 through 65535.

interim create-new-call

Specifies to create a new session upon receipt of a RADIUS interim message.

Default: Disabled

validate-client-ip

Specifies to enable the ipsgmgr to validate RADIUS accounting messages from different configured RADIUS client IP address, and forward requests to the session manager.

Default: The RADIUS client IPs are validated.

Usage Guidelines

Use this command to configure the communication parameters for the RADIUS client from which RADIUS accounting requests are received.

This command allows you to specify the RADIUS dictionary for the current IPSG/eWAG service.

Product

eWAG

IPSG

Privilege

Security Administrator, Administrator

Mode

Exec > Global Configuration > Context Configuration > IPSG RADIUS Server Configuration

configure > context context_name > ipsg-service service_name mode radius-server

Entering the above command sequence results in the following prompt:

[context_name]host_name(config-ipsg-service-radius-server)#

Syntax

Syntax Description

radius dictionary dictionary_name
default radius dictionary

default

Specifies to use the default dictionary.

Default: starent-vsa1

dictionary dictionary_name

Specifies the dictionary to use.

dictionary_name must be one of the following.

Usage Guidelines

Use this command to specify the RADIUS dictionary to use for the IPSG RADIUS Server/eWAG service.

Configures the IPSG service to respond to Radius Accounting-Stop messages even if a session does not exist.

Product

IPSG

Privilege

Security Administrator, Administrator

Mode

Exec > Global Configuration > Context Configuration > IPSG RADIUS Server Configuration

configure > context context_name > ipsg-service service_name mode radius-server

Entering the above command sequence results in the following prompt:

[context_name]host_name(config-ipsg-service-radius-server)#

Syntax

Syntax Description

[ default | no ] respond-to-non-existing-session

default

Configures this command with its default setting.

Default: Disabled. IPSG service drops packets containing the Radius Accounting-Stop message if the session does not exist.

no

If previously enabled, disables the configuration.

Usage Guidelines

Use this command to enable/disable the IPSG service to respond to Radius Accounting-Stop messages with a Radius Accounting-Response message for non-existing sessions.

This command allows you to enable/disable the Session Replacement feature for eWAG and IPSG services.

Product

eWAG

IPSG

Privilege

Security Administrator, Administrator

Mode

Exec > Global Configuration > Context Configuration > IPSG RADIUS Server Configuration

configure > context context_name > ipsg-service service_name mode radius-server

Entering the above command sequence results in the following prompt:

[context_name]host_name(config-ipsg-service-radius-server)#

Syntax

Syntax Description

sess-replacement { with-diff-acct-sess-id | with-diff-ip | with-diff-key [ with-diff-acct-sess-id ] }
{ default | no } sess-replacement

default

Configures this command with its default setting.

Default: Disabled.

no

If previously configured, deletes the configuration.

with-diff-acct-sess-id

Specifies to replace current session when a new session request comes with same IP address and same user name/IMSI but different accounting session ID.

with-diff-ip

Specifies to replace current session when a new session request comes with same user name/IMSI but different IP address.

with-diff-key [ with-diff-acct-sess-id ]

Specifies to replace current session when a new session request comes with same IP address but different user name/IMSI.

For IPSG, you can also use a combination of replacement options of different key and different account session ID.

Usage Guidelines

Use this command to enable/disable the Session Replacement feature. By default, the Session Replacement feature is disabled.

This command allows you to configure a timeout for session setup attempts for the current IPSG/eWAG service.

Product

eWAG

IPSG

Privilege

Security Administrator, Administrator

Mode

Exec > Global Configuration > Context Configuration > IPSG RADIUS Server Configuration

configure > context context_name > ipsg-service service_name mode radius-server

Entering the above command sequence results in the following prompt:

[context_name]host_name(config-ipsg-service-radius-server)#

Syntax

Syntax Description

setup-timeout setup_timeout_seconds
default setup-timeout

default

Configures this command with its default setting.

Default: 60 seconds

setup_timeout_seconds

Specifies the time period, in seconds, for which a session setup attempt is allowed to continue before being terminated.

setup_timeout_seconds must be an integer from 1 through 1000000.

Usage Guidelines

Use this command to configure a timeout for IPSG/eWAG session setup attempts.

This command allows you to configure the W-APNs that can be connected through DeWAG, and the default-gateway IP addresses to be used by the UEs for connecting to the W-APN network.

Product

eWAG

Privilege

Security Administrator, Administrator

Mode

Exec > Global Configuration > Context Configuration > IPSG RADIUS Server Configuration

configure > context context_name > ipsg-service service_name mode radius-server

Entering the above command sequence results in the following prompt:

[context_name]host_name(config-ipsg-service-radius-server)#

Syntax

Syntax Description

w-apn apn_name default-gw ipv4/ipv6_address/maskbits +
no w-apn apn_name

no

If previously configured, removes the specified configuration.

apn-name apn_name

Specifies the APN name.

apn_name must be the name of an APN and must be a string of 1 to 62 characters in length consisting of alphabetic characters (A-Z and a-z), digits (0-9), dot(.) and the dash (-).

This value is compared against the subscribed APN returned by the AAA server or locally configured APN in the subscriber-template configuration to find the default-gateway IP address to be used in DHCP signaling packets.

default-gw ipv4/ipv6_address/maskbits

Specifies the IP address of the default gateway to be used by UE for W-APN access.

You can configure a maximum of four default gateways per W-APN. Multiple default-gateways are possible as the APN can have different pools of different subnet with different default-gateway IP addresses.

ipv4/ipv6_address/maskbits must be an IPv4/IPv6 address and subnet-mask, for example 192.168.1.1/24.

This value should be in the same subnet as that of UE allocated IP address from GGSN for the W-APN. GGSN does not supply subnet-mask along with IP address. Therefore, the identification of whether GGSN-allocated IP address is in same subnet or not is done with the help of configured "/maskbits". This default-gateway value is sent to the UE as default-gateway IP address using "Router" option in DHCP-OFFER message. The maskbits is sent to the UE as subnet-mask using the "Subnet Mask" option in DHCP-OFFER message.

Usage Guidelines

Use this command to configure the list of W-APN names that can be connected through DeWAG and the default-gateway IP addresses to be used by UE for connecting to the W-APN network. During DHCP signaling the configured default-gateway value will be notified to UE as the router. This command also configures the subnet-mask to be used for the respective default-gateway IP address in order to find the network prefix of the default-gateway.

Note that DeWAG will be acting as 'default-gateway' for the UE in its connected network.