Table Of Contents
radius start restart session-id
Command Reference
This appendix documents only new or modified commands necessary to configure and monitor the CSG for content billing. All other commands used with this product (those that already exist and have not been modified) are documented in either the Cisco IOS Release 12.2 command reference publications or in the Cisco IOS Server Load Balancing feature module.
•copy
•entries (modified command)
•entries idle (CSG billing) (new command)
•ip
•meter exclude (modified command)
•mode
•ping
•radius pod attribute (modified command)
•radius start restart session-id
•report radius attribute (modified command)
•show (modified command)
•variable (module csg) (modified command)
accounting (CSG policy)
To define the accounting type and a customer string for all flows that comply with a CSG billing policy, use the accounting command in CSG policy configuration mode. To delete the rules, use the no form of this command.
accounting [type {ftp | http | imap | other | pop3 | rtsp | smtp | wap {connection-oriented | connectionless}} [customer-string string]
no accounting [type {ftp | http | imap | other | pop3 | rtsp | smtp | wap {connection-oriented | connectionless}} [customer-string string]
Syntax Description
Defaults
The default accounting type is other.
Command Modes
CSG policy configuration
Command History
Usage Guidelines
This command is required if accounting records are to be generated for content that satisfies the associated CSG billing policy.
Prepaid service matches are on the basis of the IP address and port number of the control connection to the RTSP server IP.
The default setting for this command (accounting type other) is displayed in the output of the show run command.
Specifying type ftp requires a control TCP connection to server port 21.
Specifying type rtsp requires a control TCP connection to server port 554.
When configuring header and URL maps, keep the following considerations in mind:
•Header and URL maps are valid only with accounting types HTTP, RTSP, and WAP.
•If you do not specify an accounting type, the CSG assumes that the session is an HTTP session, and packets matching the policy are not billed (that is, no quota is used, and no CDR is generated).
Examples
The following example shows how to define accounting types and customer strings:
ip csg policy WSP_CON_Paccounting type wap connection-orientedip csg policy WAP_NOCON_Paccounting type wap connectionlessip csg content WAP_CONip any udp 9201policy WAP_CON_Pip csg content WAP_CONLESSip any udp 9200policy WAP_NOCON_Pip csg policy SMTPaccounting type smtpip csg policy POP3accounting type pop3ip csg content SMTPip any tcp 25policy SMTPinserviceip csg content POP3ip any tcp 110policy POP3inserviceip csg policy RTSPaccounting type rtspip csg content RTSPip any tcp 554policy RTSPinserviceip csg policy IMAPaccounting type imapip csg content IMAPip any tcp 143policy IMAPinserviceRelated Commands
Command DescriptionDefines a policy for qualifying flows for the CSG accounting services, and enters CSG policy configuration mode.
accounting (module CSG)
To download a configured accounting service to a CSG card, use the accounting command in module CSG configuration mode. To delete the downloaded accounting service, use the no form of this command.
accounting service-name
no accounting service-name
Syntax Description
Defaults
None
Command Modes
Module CSG configuration
Command History
Usage Guidelines
You must specify at least one client VLAN and one server VLAN in order for the accounting service to be placed in service. Otherwise, no traffic can flow to the accounting service.
You must configure at least one ruleset in order for the accounting service to be placed in service.
Examples
The following example shows how to download the CSG accounting service A1 to the CSG card in slot 4:
module csg 4accounting A1ruleset R1Related Commands
activation
To specify the activation mode for a Connection Duration service, use the activation command in CSG service configuration mode. To restore the default setting, use the no form of this command.
activation [automatic | user-profile]
no activation
Syntax Description
Defaults
The Connection Duration service is activated only if the billing profile specifies this service as the connect service.
Command Modes
CSG service configuration
Command History
Examples
The following example specifies automatic activation for Connection Duration service CONNECT.
ip csg service CONNECTbasis second connectactivation automaticRelated Commands
Command DescriptionConfigures a content billing service, and enters CSG service configuration mode.
agent (CSG accounting)
To define the active and standby Billing Mediation Agents (BMAs) to which billing records are to be sent, use the agent command in CSG accounting configuration mode. To remove a BMA from the list of agents, use the no form of this command.
agent ip-address port-number priority
no agent ip-address port-number priority
Syntax Description
Defaults
Active and standby BMAs are not defined.
Command Modes
CSG accounting configuration
Command History
Usage Guidelines
Accounting records are sent only to the agents identified in the agent command. This provides a measure of security to ensure that records are not sent to unauthorized systems.
Note The CSG does not support multiple agents with the same IP address.
Examples
The following example shows how to configure an active BMA with priority 1, and a standby BMA with priority 2, for the CSG accounting service A1:
ip csg accounting A1user-group G1agent activate 2agent local-port 3775agent 10.1.2.4 11112 10agent 10.1.2.5 11113 20keepalive 3records batchrecords http-statisticsrecords intermediate bytes 100000 time 3600records max 250inserviceRelated Commands
Command DescriptionEnables support for multiple active BMAs.
Defines the port on which the CSG listens for packets from the BMAs.
Configures content-based accounting as a service.
agent activate
To enable support for multiple active Billing Mediation Agents (BMAs), use the agent activate command in CSG accounting configuration mode. To disable support for multiple active BMAs, use the no form of this command.
agent activate [number [sticky seconds]]
no agent activate [number [sticky seconds]]
Syntax Description
Defaults
The default value for number is 1.
The default value for seconds is 30.
Command Modes
CSG accounting configuration
Command History
Usage Guidelines
Use this command to load-balance CDRs among multiple active BMAs.
When the CSG uses multiple active BMAs, it sends all CDRs for a given user to a particular BMA. The CSG stores that BMA assignment in the CSG User Table entry for that user.
For example, if a configuration has four active BMAs, and one of those BMAs fails, the CSG looks for a suitable standby BMA. If the CSG finds a suitable standby BMA, it transfers all of the CDRs from the failed BMA to the new BMA, and updates all of the affected User Table entries to reflect the new BMA assignment.
However, if the CSG cannot find a suitable standby BMA, it redistributes all of the CDRs from the failed BMA among the remaining three active BMAs. It does so by finding the User Table entries for the affected users in the CDRs. The CSG then assigns one of the active BMAs to each affected user, and updates the User Table entries to reflect the new BMA assignments. The CSG reassigns all CDRs for a given user to the same BMA.
If the CSG cannot find a User Table entry for a user (for example, the user has logged off), it creates a temporary sticky object as a placeholder and assigns a new BMA to the sticky object. This ensures that the remaining CDRs for that user are sent to the same BMA.
Note This command is valid only if your CSG uses multiple active BMAs. If your CSG uses one and only one active BMA, the default settings are sufficient (that is, agent activate 1 sticky 30).
Examples
The following example shows how to enable support for multiple active BMAs for the CSG accounting service A1. In this example, up to two BMAs can be active at the same time:
ip csg accounting A1user-group G1agent activate 2agent local-port 3775agent 10.1.2.4 11112 10agent 10.1.2.5 11113 20keepalive 3records batchrecords http-statisticsrecords intermediate bytes 100000 time 3600records max 250inserviceRelated Commands
agent local-port
To define the port on which the CSG will listen for packets from the Billing Mediation Agents (BMAs), use the agent local-port command in CSG accounting configuration mode. To revert to the default value, use the no form of this command.
agent local-port port-number
no agent local-port
Syntax Description
Defaults
The default port number is 3386.
Command Modes
CSG accounting configuration
Command History
Usage Guidelines
This command accommodates BMAs that configure a port number that is not the GTP' default.
This local port must be unique with respect to any other local port configured, such as the quota server local port.
Note The CSG drops requests (such as nodealive, echo, and redirect requests) unless they come from a configured BMA IP address. The CSG also verifies IP addresses against the configured list of BMAs. If there is no match, the CSG drops the request. The CSG does not look at a request's source port; instead, the CSG replies to the same port from which the request came.
Examples
The following example shows how to specify local port 3775 as the port on which the CSG listens for the CSG accounting service A1:
ip csg accounting A1user-group G1agent activate 2agent local-port 3775agent 10.1.2.4 11112 10agent 10.1.2.5 11113 20keepalive 3records batchrecords http-statisticsrecords intermediate bytes 100000 time 3600records max 250inserviceRelated Commands
Command DescriptionDefines the active and standby BMAs to which to send billing records.
Enables support for multiple active BMAs.
Configures content-based accounting as a service.
alias (module CSG VLAN)
To assign multiple IP addresses to the CSG, use the alias command in module CSG VLAN configuration mode. To remove an alias IP address from the configuration, use the no form of this command.
alias ip-address netmask
no alias ip-address netmask
Syntax Description
Defaults
None
Command Modes
Module CSG VLAN configuration
Command History
Usage Guidelines
This command allows you to configure the CSG on a different IP network than real servers without using a router.
You can also use this command in redundant configurations to ensure that the gateway can access the same IP address regardless of which CSG is active.
You can specify more than one alias command for each VLAN.
Examples
The following example shows how to use the alias command to assign multiple IP addresses to the CSG:
vlan 301 clientname TO-GGSN-MS-APNgateway 31.0.0.10ip address 31.0.0.21 255.255.255.0route 11.0.0.0 255.255.0.0 gateway 31.0.0.1route 11.1.0.0 255.255.0.0 gateway 31.0.0.2route 11.2.0.0 255.255.0.0 gateway 31.0.0.3route 11.3.0.0 255.255.0.0 gateway 31.0.0.4alias 31.0.0.51 255.255.255.0Related Commands
aoc confirmation
To configure a token for use in Advice of Charge (AoC) URL-rewriting, use the aoc confirmation command in CSG user group configuration mode. To remove the token, use the no form of this command.
aoc confirmation token
no aoc confirmation
Syntax Description
Defaults
None
Command Modes
CSG user group configuration
Command History
Release Modification3.1(3)C5(1)—12.2(17d)SXB
This command was introduced.
3.1(3)C5(5)—12.2(17d)SXD
Support was added for wireless application protocol (WAP) content authorization URL-rewriting.
Usage Guidelines
URL-rewriting allows a top-off server to append parameters to a URL in order to convey state information to the quota server during a Content Authorization Request. Whenever a Content Authorization Response contains the forward action code, and the URL contains the AoC confirmation token, the token and all trailing characters are removed from the URL before the request is forwarded to the server.
The token is used for both HTTP and WAP content authorization URL-rewriting.
Examples
The following example specifies a token for Advice of Charge (AoC) URL-rewriting:
ip csg user-group A1aoc confirmation ?CSG_AOC_OKRelated Commands
assign
To associate an IP address with a transport-type value, use the assign command in CSG transport-type configuration mode. To remove the association, use the no form of this command.
assign ip-address value
no assign ip-address value
Syntax Description
Defaults
None
Command Modes
CSG transport-type configuration
Command History
Usage Guidelines
The transport-type is used to classify data traffic based on the traffic's access path, using the Network Access Server (NAS) IP address reported in the RADIUS Accounting Start message. Use the assign command to associate IP addresses with transport-type values. Transport-type information is reported in fixed record format call detail records (CDRs).
Examples
The following example associates an IPv4 address with a transport-type value:
ip csg transport-typeassign 1.2.3.4 34Related Commands
authorize content
To enable Advice of Charge and Per-Event Filtering for the CSG, use the authorize content command in CSG service configuration mode.
authorize content
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
CSG service configuration mode
Command History
Usage Guidelines
If this command is configured, the CSG uses the new Content Authorization Request to alert the quota server of a new transaction, and allows it to direct the CSG (using Content Authorization Response) to perform any of four mutually exclusive actions:
•FORWARD: Instructs the CSG to forward the flow without altering the destination.
•DROP: Instructs the CSG to drop all packets for this flow.
•REDIRECT-NAT: Instructs the CSG to forward all packets for this flow to the IP address provided in the Content Authorization Response. The CSG translates the packet to the IP address and port that were provided.
•REDIRECT-URL: Instructs the CSG to redirect the client request to the URL provided in the Content Authorization Response. The CSG sends a Layer 7 redirect to the client (for example, HTTP 302 response) that contains the redirect URL.
Examples
The following example illustrates the authorize content command:
Router(config)# ip csg service service-nameRouter(config-csg-service)# authorize content
Related Commands
Command DescriptionConfigures a token for use in AoC URL-rewriting.
Configures a content billing service, and enters CSG service configuration mode.
basis
To specify the billing basis for a CSG content billing service, use the basis command in CSG service configuration mode. To use the default billing basis, use the no form of this command.
basis [byte [exclude mms] {ip | tcp} | {fixed [exclude mms] | second [connect]}]
no basis [byte {ip [exclude mms] | tcp} | {fixed [exclude mms] | second [connect]}]
Syntax Description
Defaults
The default setting is byte ip (billing charge is a function of the IP data volume processed).
Command Modes
CSG service configuration
Command History
Usage Guidelines
By default the CSG treats MMS traffic like any other wireless application protocol (WAP) traffic, and generates appropriate prepaid and postpaid WAP statistics reports. The content type distinguishes it as MMS traffic. MMS traffic is not counted against quota for prepaid users when either basis byte ip exclude mms or basis fixed exclude mms is configured on the service.
For HTTP billing, configuring basis byte tcp allows counting of only TCP payload and exclusion of overhead for network retransmission. With this option, the CSG excludes IP and TCP headers from volume counts:
•Prior to the CSG 3.1(3)C5(5), the byte counting is limited to TCP payload plus one byte representing each synchronization sequence number (SYN), and one byte representing the first Finish (FIN).
•In the CSG 3.1(3)C5(5) and later, the byte counting is limited to TCP payload.
Retransmitted packets are also not counted.
When a Service Duration Billing Service is a member of a billing plan, and an accounting definition is in service and downloaded to a CSG module, you cannot modify the basis or meter configuration. You are instructed at the console to configure no inservice on the downloaded Accounting definitions.
Note We recommend that you first remove the service from each billing plan, make the basis changes, and add it back to each billing plan. If you delete it, the service is automatically removed from each billing plan, and you must add it back to each plan after configuring it.
To enable Connection Duration Billing for a service, configure the service name as a service under one or more billing plans in CSG billing configuration mode, then enter the basis second connect command in CSG service configuration mode.
Because Internet Message Access Protocol (IMAP) metering is byte-based, you cannot configure both meter imap and basis fixed or basis second in the same service. Only basis byte is meaningful with meter imap.
You cannot configure both meter exclude svc-idle and basis byte or basis fixed in the same service. Only basis second is meaningful with meter exclude svc-idle.
Examples
The following example shows how to specify fixed billing for the CSG service MOVIES:
ip csg service MOVIESbasis fixedcontent MOVIES_COMEDY policy MOVIES_COMEDYcontent MOVIES_ACTION policy MOVIES_ACTION weight DOUBLEidle 12The following commands are used to configure Service Duration Billing for the OFF_NET service.
ip csg service OFF_NETbasis secondmeter minimum 60content ANY policy HTTPcontent ANY policy ANYRelated Commands
class
To specify a service class value, use the class command in CSG service configuration mode. To remove the owner ID, use the no form of this command.
class value
no class value
Syntax Description
Defaults
None
Command Modes
CSG service configuration
Command History
Usage Guidelines
The class command is used with fixed-record format to identify a service class value. This value is opaque to the CSG and has meaning only for the administrator. It is reported as tariff-class in fixed-record format call detail records (CDRs).
Examples
The following example specifies a class value for the service:
ip csg service FOOclass 7Related Commands
clear module csg
To clear the CSG, use the clear module csg command in privileged EXEC mode.
clear module csg {slot | all} {core-dump | counters}
Syntax Description
Defaults
None
Command Modes
Privileged EXEC
Command History
Examples
The following example clears all statistics for all of the CSGs in the switch:
clear module csg all counters
clear module csm
To clear the CSG, use the clear module csm command in privileged EXEC mode.
clear module csm {slot | all} {arp-cache ip-address | connections [real | vserver] | counters | ft active | linecard-configuration | sticky [sticky-group | all]}
Syntax Description
Defaults
If you specify the connections keyword and you do not specify real or vserver, all connections are cleared.
Command Modes
Privileged EXEC
Command History
Usage Guidelines
When a connection is closed, a reset (RST) is sent to both the client and the server. Counters reset all the CSG statistics information, except for the show module csg tech-support counters, which are reset any time you run the show command.
When the CSG is processing a large number of requests for new pipelined HTTP connections, processing high amounts of RTSP traffic, or clearing a large number of sessions, the message processing levels might exceed the CSG processing capability, entering the clear module csm arp-cache command or the clear module csm connections command might force the CSG to stop forwarding traffic and reboot.
Examples
The following example clears all connections for all of the CSGs in the switch:
clear module csm all connectionsclient (CSG content)
To define the client IP address spaces that can use the CSG content server, use the client command in CSG content configuration mode. To remove a client definition, use the no form of this command.
client [include | exclude] {any | ip-address [netmask]}
no client [include | exclude] {any | ip-address [netmask]}
Syntax Description
Defaults
All clients are included and can use the CSG content server.
The default client IP address is 0.0.0.0 (all clients).
The default client IP network mask is 0.0.0.0 or /0.
Command Modes
CSG content configuration
Command History
Release Modification3.1(1)C3(1)—12.2(14)ZA
This command was introduced.
3.1(3)C5(3)—12.2(18)SXD
The usage guidelines were modified.
Usage Guidelines
You can use more than one client command to define more than one client.
The include and exclude settings are used only with the "default" policy, which is used only if none of the customer-defined policies match.
The netmask argument is applied to the source IP address of incoming connections. The result must match the ip-address argument; otherwise, the include and exclude settings are not applied to the user packet.
The include and exclude settings are not applied if the ip csg block command is configured.
If you configure content with a network mask of 255.255.255.255 or /32, then a virtual server is created and the CSG's MAC address is entered as the host address in the CSG Address Resolution Protocol (ARP) cache. Therefore, you cannot have hosts directly connected to the CSG, coupled with content with a network mask of 255.255.255.255 or /32 that matches those hosts.
Examples
The following example allows only clients from 10.4.4.x access to the CSG content server:
ip csg content MOVIES_COMEDYclient 10.4.4.0 255.255.255.0idle 120ip 172.18.45.0/24 tcp 8080policy POLICY1pending 300replicate connection tcpvlan MOVIES_COMEDYinserviceRelated Commands
client-group (CSG policy)
To reference a standard access list that is part of a CSG billing policy, use the client-group command in CSG policy configuration mode. To delete the reference, use the no form of this command.
client-group {std-access-list-number | std-access-list-name}
no client-group {std-access-list-number | std-access-list-name}
Syntax Description
std-access-list-number
Standard IP access list number. The range is from 1 to 99.
std-access-list-name
Standard access list name.
Defaults
All clients can access the content.
Command Modes
CSG policy configuration
Command History
Usage Guidelines
The client-group command is used to qualify clients for the CSG accounting service. The conditions specified in the referenced access list must be true in order for the flows to be processed by the CSG accounting services. If the conditions are not true, the flows are not processed (that is, traffic flows through with no accounting).
If you reference an access list that includes a deny statement, and that deny statement is matched, then traffic is blocked, there is no accounting, and the CSG does not check the next policy.
The referenced access list is applied to the VLAN interfaces.
You can reference more than one access list for a single policy by using multiple client-group commands in CSG policy configuration mode.
For wireless application protocol (WAP) 1.x, URL maps take precedence over access lists.
For WAP 1.x and Real Time Streaming Protocol (RTSP), the policy used to determine the next hop address is chosen based solely on access control lists (ACLs), not URL maps. As a result, you can choose the next hop from one policy for routing and from a different policy for billing.
You can use next-hop with client groups as long as a given client group is always sent to the same next hop. You cannot send a given client group to two or more different next hops based on a policy. For example, the following configuration is valid, because both policies use client group 1 and next-hop 1:
policy Aaccounting type wap connection-orientedurl Aclient group 1next-hop 1policy Baccounting type wap connection-orientedurl Bclient group 1next-hop 1content WAP-CONpolicy Apolicy BThe following configuration is not valid, because policy A uses client group 1 and next-hop 1, but policy B uses client group 1 and next-hop 2:
policy Aaccounting type wap connection-orientedurl Aclient group 1next-hop 1policy Baccounting type wap connection-orientedurl Bclient group 1next-hop 2content WAP-CONpolicy Apolicy BExamples
The following example shows how to reference client group 44 for the CSG policy MOVIES_COMEDY:
ip csg policy MOVIES_COMEDYaccounting type http customer-string MOVIES_COMEDYclient-group 44client-ip http-header x-forwarded-forheader-map MOVIESurl-map MOVIESRelated Commands
Command DescriptionDefines a policy for qualifying flows for the CSG accounting services, and enters CSG policy configuration mode.
Defines a next-hop IP address.
client-ip (CSG policy)
To specify that the user's IP address is to be obtained from the URL header after the x-forwarded-for keyword, use the client-ip command in CSG policy configuration mode. To specify that the user's IP address is to be obtained from the IP header, use the no form of this command.
client-ip http-header x-forwarded-for
no client-ip http-header x-forwarded-for
Syntax Description
http-header x-forwarded-for
Specifies that the user's IP address is to be obtained from the URL header after the x-forwarded-for keyword.
Defaults
None
Command Modes
CSG policy configuration
Command History
Usage Guidelines
The conditions specified in the referenced header map must be true in order for the flows to be processed by the CSG accounting services. If the conditions are not true, the flows are not processed.
Examples
The following example shows how to reference a client IP address specification in a CSG policy:
ip csg policy MOVIES_COMEDYaccounting type http customer-string MOVIES_COMEDYclient-group 44client-ip http-header x-forwarded-forheader-map MOVIESurl-map MOVIESRelated Commands
Command DescriptionDefines a policy for qualifying flows for the CSG accounting services, and enters CSG policy configuration mode.
content (CSG ruleset)
To add a content reference to a CSG ruleset, use the content command in CSG ruleset configuration mode. To remove a content reference, use the no form of this command.
content content-name
no content content-name
Syntax Description
Defaults
None
Command Modes
CSG ruleset configuration
Command History
Usage Guidelines
The content-name argument must match the content-name argument on an ip csg content command.
If you have used multiple ip csg content commands to define more than one content name, you can configure more than one content command in CSG ruleset configuration mode. Each content must be associated with a different Layer 3 or Layer 4 definition, as configured with ip commands in CSG content configuration mode.
Note If you assign an inbound VLAN to each content, using the VLAN to differentiate the contents within the same ruleset, the contents can be associated with the same Layer 3 or Layer 4 definition.
Examples
The following example shows how to add references to contents MOVIES_COMEDY and MOVIES_ACTION to ruleset R1:
ip csg ruleset R1content MOVIES_COMEDYcontent MOVIES_ACTIONRelated Commands
content (CSG service)
To configure a content and policy as a member of a CSG billing service, and optionally to assign a weight to this content, use the content command in CSG service configuration mode. To remove a content name from the billing service, use the no form of this command.
content content-name policy policy-name [weight weight-name]
no content content-name policy policy-name [weight weight-name]
Syntax Description
Defaults
None
Command Modes
CSG service configuration
Command History
Usage Guidelines
Content can reference more than one policy. Therefore, you can have multiple content commands with the same content-name argument, but different policy-name arguments.
To make a specific content free, reference a weight-name that has a weight-value of 0.
Examples
The following example shows how to configure content for the CSG service MOVIES. In this example:
•Policy MOVIES_COMEDY is applied to content MOVIES_COMEDY.
•Policy MOVIES_ACTION is applied to content MOVIES_ACTION.
•Content MOVIES_ACTION is given a billing weight named DOUBLE.
ip csg service MOVIESbasis fixedcontent MOVIES_COMEDY policy MOVIES_COMEDYcontent MOVIES_ACTION policy MOVIES_ACTION weight DOUBLEidle 120Related Commands
Command DescriptionConfigures a content billing service, and enters CSG service configuration mode.
copy
To copy the CSG coredump to a file, use the copy command on the CSG console.
copy coredump {tftp ip-address filename | rcp ip-address filename [rcp-user]}
Syntax Description
Defaults
None
Command Modes
CSG console
Command History
Examples
The following example uses TFTP server 1.2.3.4 to copy the CSG coredump to file coredump1:
CSG> copy coredump 1.2.3.4 coredump1Related Commands
Command DescriptionDetermines whether the CSG can reach a remote host.
Displays information about the CSG.
Upgrades the CSG by loading a CSG image from the Supervisor Engine.
database
To identify the server that answers user ID queries, use the database command in CSG user group configuration mode. To disable the database server, use the no form of this command.
database ip-address port-number
no database ip-address port-number
Syntax Description
ip-address
IP address of the server that answers user ID queries.
port-number
Port number of the server that answers user ID queries. The range is from 1 to 65535.
Defaults
None
Command Modes
CSG user group configuration
Command History
Examples
The following example shows how to specify user database IP address 10.1.2.3 and port number 11111 for the CSG user-group G1:
ip csg user-group G1entries idle 3600entries max 100000database 10.1.2.3 11111quota local-port 6666quota server 10.1.4.5 888 1quota server 10.1.6.7 999 2radius acct-port 7777radius key SECRET_PASSWORDradius parse strictradius server 10.13.14.15radius userid User-Nameredirect nat 10.33.33.3debug ip csg
To set the flags to obtain debugging output for the various CSG components, use the debug ip csg command in privileged EXEC mode. To disable the debugging feature, use the no form of this command.
debug ip csg {all | agent | api | cpu | ftp | gtp | imap | module number | pop3 | quota | radius | record storage slot | rtsp | smtp | timer | tlv | udb | users [prepaid] | wap | xml}
no debug ip csg {all | agent | api | cpu | ftp | gtp | imap | module number | pop3 | quota | radius | record storage slot | rtsp | smtp | timer | tlv | udb | users [prepaid] | wap | xml}
Syntax Description
Defaults
The default values apply to all active CSG modules (cards). The module option restricts debugging to a specific card. If you enter the module command, debugging is turned off for all other cards; however, the debugging flags set remains in effect for the selected module.
To see most but not all debugging output, use the all option to turn on all debugging flags, and then use the no form of this command to exclude debugging output for any options that are not of interest to you.
Command Modes
Privileged EXEC
Command History
Usage Guidelines
Once the debug flags are set, they are automatically sent to the CSG cards when a configuration is downloaded. Similarly, changes in the debug settings are sent to the CSG cards that are being debugged.
You can use the show debug command to display the debug flag settings.
All CSG usage information has been consolidated into one number, CSG CPU Utilization (that is, the percent of the CSG CPU that is currently in use), which presents a good overall picture of CSG capacity. To display CSG CPU Utilization, first enable debugging output for the CPU, using the debug ip csg cpu command, then enter the show module csg slot tech-support utilization command. To calculate the remaining CSG CPU capacity, subtract the CSG CPU Utilization from 100%. So, if the CSG CPU Utilization is 32%, the CSG has 68% CPU capacity remaining.
Note You must re-enter the debug command after every reload because it is not saved in the startup configuration.
Examples
The following example shows how to turn on debugging for rtsp and udb on module 3:
debug ip csg module 3debug ip csg rtspdebug ip csg udbentries
To define settings for the CSG User Table, use the entries command in CSG user group configuration mode. To use the default settings, use the no form of this command.
entries {idle duration [pod] | max entries-number}
no entries {idle | max}
Syntax Description
Defaults
The default idle duration is 0 seconds, and the CSG does not send the RADIUS Packet of Disconnect message when an entry idles out.
The default maximum number of entries is 25,000.
Command Modes
CSG user group configuration
Command History
Release Modification2.2(1)C(1)—12.1(11b)E3
This command was introduced.
3.1(3)C7(1)—12.2(18)SXF1
or 12.2(18)SRAThe idle and pod keywords and duration argument were added.
Usage Guidelines
The User Table identifies all users known to the CSG. The table is populated on the basis of the contents of the RADIUS Accounting Start messages, or from the user database, if either feature is enabled in your configuration.
When setting the entry idle timer, keep the following considerations in mind:
•You can set the entry idle timer in either the user group or the billing plan. If you do not set the timer in the billing plan, the CSG uses the timer set in the user group. That is, if there is an entry idle timer value in the billing plan, it is used; otherwise, if there is a global entry idle timer value configured, it is used.
•If set, the idle timer starts when there are no billable sessions, and restarts whenever a RADIUS Accounting Start or an Interim Accounting message is received. The timer stops when a billable session is started.
•If you do not specify the pod keyword, the CSG deletes the idle entry when the timer expires.
•If you specify the pod keyword, and if RADIUS Packet of Disconnect (PoD) is configured for the CSG, the CSG sends a PoD message when the idle timer expires. The CSG deletes the idle entry when the PoD message is ACKed, NAKed, or when all retries have been sent.
•The idle timer enables the CSG to eliminate an idle User Table entry if the Network Access Server (NAS) fails to deliver a RADIUS Accounting Stop request for an idle user. Eliminating idle entries from the User Table frees up CSG resources.
•If Connection Duration Billing is enabled, you can use either the billing plan entry idle timer or the user group entry idle timer to release a user connection.
Examples
The following example shows how to specify an entry idle time of 1 hour and a maximum of 100,000 cache entries for CSG user group G1:
ip csg user-group G1entries idle 3600entries max 100000database 10.1.2.3 11111quota local-port 6666quota server 10.1.4.5 888 1quota server 10.1.6.7 999 2radius acct-port 7777radius key SECRET_PASSWORDradius parse strictradius server 10.13.14.15radius userid User-Nameredirect nat 10.33.33.3Related Commands
entries idle (CSG billing)
To set the time after which entries for idle users are deleted from the CSG User Table, use the entries idle command in CSG billing configuration mode. To use the default settings, use the no form of this command.
entries idle duration [pod]
no entries idle
Syntax Description
Defaults
The default idle duration is 0 seconds, and the CSG does not send the RADIUS Packet of Disconnect message when an entry idles out.
Command Modes
CSG billing configuration
Command History
Usage Guidelines
The User Table identifies all users known to the CSG. The table is populated on the basis of the contents of RADIUS Accounting Start messages, or from the user database, if either feature is enabled in your configuration.
When setting the entry idle timer, keep the following considerations in mind:
•You can set the entry idle timer in either the user group or the billing plan. If you do not set the timer in the billing plan, the CSG uses the timer set in the user group. That is, if there is an entry idle timer value in the billing plan, it is used; otherwise, if there is a global entry idle timer value configured, it is used.
•If set, the idle timer starts when there are no billable sessions, and restarts whenever a RADIUS Accounting Start or an Interim Accounting message is received. The timer stops when a billable session is started.
•If you do not specify the pod keyword, the CSG deletes the idle entry when the timer expires.
•If you specify the pod keyword, and if RADIUS Packet of Disconnect (PoD) is configured for the CSG, the CSG sends a PoD message when the idle timer expires. The CSG deletes the idle entry when the PoD message is ACKed, NAKed, or when all retries have been sent.
•If Connection Duration Billing is enabled, you can use either the billing plan entry idle timer or the user group entry idle timer to release a user connection.
Examples
The following example shows how to specify an entry idle time of 1 hour for CSG billing plan REGULAR:
ip csg billing REGULARentries idle 3600mode postpaidservice MOVIESservice BROWSINGRelated Commands
failover
To set the time for a standby CSG to wait before becoming an active CSG, use the failover command in fault-tolerant configuration mode. To remove the failover configuration, use the no form of this command.
failover failover-time
no failover failover-time
Syntax Description
Defaults
The default failover time is 3 seconds.
Command Modes
Fault-tolerant configuration
Command History
Examples
The following example shows how to set a failover period of 6 seconds:
ft group 123 vlan 5failover 6heartbeat-time 2priority 12Related Commands
Command DescriptionEnters fault-tolerant configuration mode and configures fault tolerance.
Displays statistics and counters for the CSG fault-tolerant pair.
flags
To specify IP, TCP, or wireless application protocol (WAP) flag bit masks and values for CSG Prepaid Error Reimbursement, use the flags command in CSG refund configuration mode. To remove the flags, use the no form of this command.
flags {ip mask | tcp mask | wap} value
no flags {ip mask | tcp mask | wap} value
Syntax Description
Defaults
None
Command Modes
CSG refund configuration
Command History
Release Modification3.1(3)C5(1)—12.2(17d)SXB
This command was introduced.
3.1(3)C5(5)—12.2(17d)SXD
Combined the flags and flags wap commands.
Usage Guidelines
The CSG supports flag-based refunding for all protocols.
The ip flag values are:
•0x01: Connection initiator.
–0: The connection was initiated by the subscriber. The source address is associated with the user ID.
–1: The connection was initiated by the network. The destination address is associated with the user ID.
•0x80: Connection terminated because of lack of authorization failure.
–0: The connection was not terminated as a result of an authorization failure.
–1: The connection was terminated as a result of an authorization failure.
•0x7E: Reserved.
The tcp flag values are:
•0x01: Connection initiator.
–0: The connection was initiated by the subscriber. The source address is associated with the user ID.
–1: The connection was initiated by the network. The destination address is associated with the user ID.
•0x02: TCP termination type.
–0: Normal TCP termination (FIN or RST).
–1: Connection timed out.
•0x04: Persistent Connection (multiple sequential transactions per TCP connection).
–0: The reported connection is not a persistent connection.
–1: The reported connection is a persistent connection.
•0x08: Destination Initiated Close (valid only if TCP termination type is 0).
–0: The connection teardown was initiated by the source IP in the flow.
–1: The connection teardown was initiated by the destination IP in the flow.
•0x10: Destination Side FIN (valid only if TCP termination type is 0).
–0: The destination side never sent a FIN (it might have sent an RST).
–1: The destination side sent a FIN.
•0x20: Source Side FIN (valid only if TCP termination type is 0).
–0: The source side never sent a FIN (it might have sent an RST).
–1: The source side sent a FIN.
•0x40: Connection not closed (valid only for HTTP 1.1).
–0: The connection has been closed.
–1: The connection is not closed yet, and TCP close bits have no meaning.
•0x80: Connection terminated because of lack of authorization failure.
–0: The connection was not terminated as a result of an authorization failure.
–1: The connection was terminated as a result of an authorization failure.
The wap flag values are:
•0x00: Normal.
•0x01: Aborted.
•0x02: Incomplete.
•0x04: Forced abort.
Examples
The following example shows how to set flags for IP, TCP, and WAP:
ip csg refund COMPANY-REFUNDretcode http 500 509retcode wap 0x44 0x50retcode ftp 454flags tcp 43 00flags ip 80 80flags wap 08Related Commands
ft group (module CSG)
To enter fault-tolerant configuration mode and configure fault tolerance, use the ft group command in module CSG configuration mode. To remove the fault-tolerant configuration, use the no form of this command.
ft group group-id vlan vlan-id
no ft group
Syntax Description
Defaults
None
Command Modes
Module CSG configuration
Command History
Usage Guidelines
A fault-tolerant group comprises two Catalyst 6000 series switches, each containing a CSG configured for fault-tolerant operation. Each fault-tolerant group appears to network devices as a single device. A network might have more than one fault-tolerant group, but the CSG supports only one fault-tolerant group per VLAN trunk.
The characteristics of each fault-tolerant group are defined by the following commands:
Examples
The following example shows how to configure a fault-tolerant group named 123, with heartbeat messages sent over VLAN 5:
module csg 4accounting A1ft group 123 vlan 5failover 6heartbeat-time 2priority 12ruleset R1vlan 30 clientvlan 40 serverRelated Commands
gateway (module CSG VLAN)
To configure a gateway IP address, use the gateway command in module CSG VLAN configuration mode. To remove the gateway from the configuration, use the no form of this command.
gateway ip-address
no gateway ip-address
Syntax Description
Defaults
None
Command Modes
Module CSG VLAN configuration
Command History
Usage Guidelines
You can configure up to 7 gateways per VLAN, with a total of up to 255 gateways for the entire system. A gateway must be in the same network as specified in the ip address VLAN command.
To support RADIUS endpoint, the CSG requires a route to 255.255.255.255. You can configure the route by using the gateway (module CSG VLAN) command or the route (module CSG VLAN) command. For example:
gateway 31.0.0.6
or:
route 255.255.255.255 255.255.255.255 gateway 31.0.0.6
Note If you already have a gateway configured, you do not need to configure an additional gateway for the RADIUS endpoint.
Examples
The following example shows how to configure a client-side gateway IP address:
vlan 301 clientname TO-GGSN-MS-APNgateway 31.0.0.10ip address 31.0.0.21 255.255.255.0route 11.0.0.0 255.255.0.0 gateway 31.0.0.1route 11.1.0.0 255.255.0.0 gateway 31.0.0.2route 11.2.0.0 255.255.0.0 gateway 31.0.0.3route 11.3.0.0 255.255.0.0 gateway 31.0.0.4alias 31.0.0.51 255.255.255.0Related Commands
header-map
To reference a header map that is part of a CSG billing policy, use the header-map command in CSG policy configuration mode. To delete the reference, use the no form of this command.
header-map header-map-name
no header-map header-map-name
Syntax Description
Defaults
None
Command Modes
CSG policy configuration
Command History
Usage Guidelines
The conditions specified in the referenced header map must be true in order for the flows to be processed by the CSG accounting services. If the conditions are not true, the flows are not processed.
Examples
The following example shows how to reference header map MOVIES for the CSG policy MOVIES_COMEDY:
ip csg policy MOVIES_COMEDYaccounting type http customer-string MOVIES_COMEDYclient-group 44client-ip http-header x-forwarded-forheader-map MOVIESurl-map MOVIESRelated Commands
heartbeat-time
To set the time before heartbeat messages are transmitted by the CSG, use the heartbeat-time command in fault-tolerant configuration mode. To restore the default heartbeat interval, use the no form of this command.
heartbeat-time heartbeat-time
no heartbeat-time heartbeat-time
Syntax Description
heartbeat-time
Time interval between heartbeat transmissions, in seconds. The range is from 1 to 65535. The default value is 1.
Defaults
The default heartbeat time is 1 second.
Command Modes
Fault-tolerant configuration
Command History
Examples
The following example shows how to set the heartbeat time to 2 seconds:
ft group 123 vlan 5failover 6heartbeat-time 2priority 12Related Commands
Command DescriptionEnters fault-tolerant configuration mode and configures fault tolerance.
Displays statistics and counters for the CSG fault-tolerant pair.
hostname
To specify a variable hostname for a CSG module, use the hostname command in module CSG configuration mode. To remove the hostname, use the no form of this command.
hostname name
no hostname
Syntax Description
Defaults
None
Command Modes
Module CSG configuration
Command History
Usage Guidelines
This command assigns a hostname to a CSG module that is reported in fixed-record format.
Examples
The following example specifies a hostname for the CSG module in slot 3:
module ContentServicesGateway 3hostname MYHOSTRelated Commands
idle (CSG content)
To specify the minimum amount of time that the CSG maintains an idle content connection, use the idle command in CSG content configuration mode. To restore the default idle duration value, use the no form of this command.
idle duration
no idle duration
Syntax Description
Defaults
The default idle duration is 3600 seconds (1 hour).
Command Modes
CSG content configuration
Command History
Usage Guidelines
Real Time Streaming Protocol (RTSP) billing in the CSG is based on inspection of the RTSP SETUP and TEARDOWN messages that are exchanged between the client and server. The CSG builds the RTSP call detail record (CDR) immediately after the RTSP TEARDOWN signal if the URL exactly matches that from the RTSP SETUP signal. Otherwise, the CSG builds the CDR after any condition that causes the flows to be terminated. Examples include:
•When the content idle timer expires. By default, this timer is set to 3600 seconds (1 hour). To receive the RTSP CDRs sooner, set the timer to a smaller value, such as 60 seconds. (For RTSP, do not set the timer to less than 60 seconds.)
•When a service_stop is triggered (for example, when the access server sends a RADIUS Accounting Stop for the user).
The CSG tracks usage on a per-session basis. User Datagram Protocol (UDP) does not have an end-of-session indicator and simply idles out. For that reason, for UDP and wireless application protocol (WAP) 1.x, setting the content idle timer to a low value (for example, 30) allows the CSG to quickly recognize that a session has ended and to generate billing records accordingly. Other service-level features of the CSG that count sessions (such as passthrough mode and service-level CDRs) are similarly affected by the content idle timer setting.
For a service configured with basis second, make sure the idle timeout value for the content configuration, set using the idle command in CSG content configuration mode, does not exceed the service idle timeout value, set using the idle command in CSG service configuration mode. Examples of these contents include:
•Non-TCP contents
•TCP contents with policies for HTTP or WAP2 where the client or server does not close the TCP connection at the end of the transaction
Content that is configured with ip any requires two upstream packets to trigger the idle (CSG content) timer. Therefore, if content is configured with ip any and the CSG receives only one upstream packet (as for a UDP session), the content timer is never triggered, and downstream traffic matches the ip any content connection entry until the timer expires. After the timer expires, the CSG treats all downstream traffic as server-initiated traffic an might block the traffic in certain configurations. To avoid this problem, configure a new content to match UDP traffic (ip any udp), referencing the same policy referenced by the ip any content.
Examples
The following example shows how to configure a 120-second idle timer for the CSG content MOVIES_COMEDY:
ip csg content MOVIES_COMEDYclient 10.4.4.0 255.255.255.0idle 120ip 172.18.45.0/24 tcp 8080policy POLICY1pending 300replicate connection tcpvlan MOVIES_COMEDYinserviceRelated Commands
idle (CSG service)
To specify the minimum amount of time that the CSG maintains a service with no user sessions, use the idle command in CSG service configuration mode. To restore the default idle duration value, use the no form of this command.
idle duration
no idle duration
Syntax Description
Defaults
The default idle duration is 300 seconds (5 minutes).
Command Modes
CSG service configuration
Command History
Usage Guidelines
For services configured with basis second, make sure the idle timeout value for the content configurations, set using the idle command in CSG content configuration mode, does not exceed the service idle timeout value, set using the idle command in CSG service configuration mode. Examples of these contents include:
•Non-TCP contents
•TCP contents with policies for HTTP or wireless application protocol (WAP) 2.x where the client or server does not close the TCP connection at the end of the transaction
For RTSP, do not set the timer to less than 60 seconds.
Examples
The following example shows how to configure a 120-second idle timer for the CSG service MOVIES:
ip csg service MOVIESbasis fixedcontent MOVIES_COMEDY policy MOVIES_COMEDYcontent MOVIES_ACTION policy MOVIES_ACTION weight DOUBLEidle 120Related Commands
Command DescriptionConfigures a content billing service, and enters CSG service configuration mode.
inservice (CSG content)
To activate the content service on each CSG, use the inservice command in CSG content configuration mode. To suspend the content service, use the no form of this command.
inservice
no inservice
Syntax Description
This command has no arguments or keywords.
Defaults
The default value is no inservice.
Command Modes
CSG content configuration
Command History
Usage Guidelines
When you activate the inservice command, the CSG verifies the parameters semantically. If the CSG detects an error, the command fails.
Examples
The following example shows how to place the CSG content MOVIES_COMEDY in service:
ip csg content MOVIES_COMEDYclient 10.4.4.0 255.255.255.0idle 120ip 172.18.45.0/24 tcp 8080policy POLICY1pending 300replicate connection tcpvlan MOVIES_COMEDYinserviceRelated Commands
ip
To define the subset of Layer 3 and Layer 4 flows that can be processed by the CSG accounting services, use the ip command in CSG content configuration mode. To delete the flow definition, use the no form of this command.
ip {any | ip-address [netmask]} [any | protocol [port-number [last-port-number]]]
no ip {any | ip-address}
Syntax Description
Defaults
If you specify an IP address but no network mask, the default network mask is 255.255.255.255 or /32 (flows to a specific host can be processed).
If you do not specify a protocol, flows of any protocol type can be processed.
If you specify a protocol but no port number, the default port number is 0, which means that flows from any port number can be processed.
Command Modes
CSG content configuration
Command History
Usage Guidelines
This command is required to place content in service.
UDP ports 9200 and 9201 are well-known Wireless Session Protocol (WSP) and Wireless Transaction Protocol (WTP) wireless application protocol (WAP) ports. When a policy with accounting type wap is associated with a content, use even-numbered UDP ports to designate WSP traffic, and use odd-numbered ports to designate WTP traffic.
Although you can use this command to specify a port number for Layer 3 content (ip any any port-number), the CSG does not support Layer 3 content rules. The CSG ignores the specified port number, and the show module csg content command displays the port number as 0.
Content that is configured with ip any requires two upstream packets to trigger the idle (CSG content) timer. Therefore, if content is configured with ip any and the CSG receives only one upstream packet (as for a UDP session), the content timer is never triggered, and downstream traffic matches the ip any content connection entry until the timer expires. After the timer expires, the CSG treats all downstream traffic as server-initiated traffic an might block the traffic in certain configurations. To avoid this problem, configure a new content to match UDP traffic (ip any udp), referencing the same policy referenced by the ip any content.
Examples
The following example shows how to specify that, for content MOVIES_COMEDY, only flows for IP address 172.18.45.0/24 and TCP port 8080 are to be processed by the CSG accounting services:
ip csg content MOVIES_COMEDYclient 10.4.4.0 255.255.255.0idle 120ip 172.18.45.0/24 tcp 8080policy POLICY1pending 300replicate connection tcpvlan MOVIES_COMEDYinserviceRelated Commands
ip address (module CSG VLAN)
To assign an IP address to the CSG VLAN, use the ip address command in module CSG VLAN configuration mode. To remove the CSG IP address from the configuration, use the no form of this command.
ip address ip-address netmask
no ip address ip-address netmask
Syntax Description
ip-address
IP address for the CSG; only one management IP address is allowed per VLAN.
netmask
Network mask.
Defaults
None
Command Modes
Module CSG VLAN configuration
Command History
Usage Guidelines
This command is applicable for both server-side VLANs and client-side VLANs.
Examples
The following example shows how to assign an IP address to the CSG VLAN:
vlan 301 clientname TO-GGSN-MS-APNgateway 31.0.0.10ip address 31.0.0.21 255.255.255.0route 11.0.0.0 255.255.0.0 gateway 31.0.0.1route 11.1.0.0 255.255.0.0 gateway 31.0.0.2route 11.2.0.0 255.255.0.0 gateway 31.0.0.3route 11.3.0.0 255.255.0.0 gateway 31.0.0.4alias 31.0.0.51 255.255.255.0Related Commands
ip csg accounting
To configure content-based client accounting as a service, and to enter CSG accounting configuration mode, use the ip csg accounting command in global configuration mode. To turn off the accounting service, use the no form of this command.
ip csg accounting service-name
no ip csg accounting service-name
Syntax Description
Defaults
None
Command Modes
Global configuration
Command History
Usage Guidelines
The characteristics of each accounting service are defined by the following commands:
Examples
The following example shows how to configure a CSG accounting service named A1:
ip csg accounting A1user-group G1agent activate 2agent local-port 3775agent 10.1.2.4 11112 10agent 10.1.2.5 11113 20keepalive 3records batchrecords http-statisticsrecords intermediate bytes 100000 time 3600records max 250inserviceRelated Commands
ip csg billing
To define a billing plan, and to enter CSG billing configuration mode, use the ip csg billing command in global configuration mode. To delete the billing plan, use the no form of this command.
ip csg billing billing-plan-name
no ip csg billing billing-plan-name
Syntax Description
Defaults
None
Command Modes
Global configuration
Command History
Usage Guidelines
The characteristics of each billing plan are defined by the following commands:
•mode
Examples
The following example shows how to define a CSG billing plan named REGULAR:
ip csg billing REGULARentries idle 3600mode postpaidservice MOVIESservice BROWSINGRelated Commands
ip csg block
To force the CSG to drop packets that do not match a configured billing policy, use the ip csg block command in global configuration mode. To restore the default behavior, enabling the CSG to forward the packets without billing, use the no form of this command.
ip csg block
no ip csg block
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
Global configuration
Command History
Usage Guidelines
By default, if packets do not match any billing policy, the CSG forwards the packets without billing. This command causes the CSG to drop the packets instead.
Examples
The following example shows how to force the CSG to drop packets that do not match any billing policy:
ip csg blockip csg content
To configure CSG content, and to enter CSG content configuration mode, use the ip csg content command in global configuration mode. To delete the content configuration, use the no form of this command.
ip csg content content-name
no ip csg content content-name
Syntax Description
Defaults
None
Command Modes
Global configuration
Command History
Usage Guidelines
The characteristics of each content configuration are defined by the following commands:
•ip
If the content configuration does not match any service listed under a user's billing plan, the CSG considers the service to be either free or postpaid. The CSG does not try to authorize the user with the quota server for the service.
If multiple policies are defined under ip csg content, they must all have the same accounting type. For example, if one of the policies is configured with accounting type wap, the policies all must have accounting type wap.
Examples
The following example shows how to define the CSG content named MOVIES_COMEDY:
ip csg content MOVIES_COMEDYclient 10.4.4.0 255.255.255.0idle 120ip 172.18.45.0/24 tcp 8080policy POLICY1pending 300replicate connection tcpvlan MOVIES_COMEDYinserviceRelated Commands
ip csg map
To define the CSG billing content filters (URL maps and header maps), and to enter CSG URL map or header map configuration mode, use the ip csg map command in global configuration mode. To turn off the service, use the no form of this command.
ip csg map map-name {url | header}
no ip csg map map-name {url | header}
Syntax Description
Defaults
None
Command Modes
Global configuration
Command History
Usage Guidelines
The CSG maps are used to match URLs or headers against a pattern to determine whether flows are to be processed by the CSG accounting services.
The URLs or headers that are to be matched against a pattern are defined by the following commands:
When configuring a map, keep the following considerations in mind:
•When you enter a new or changed URL match pattern using the match (URL map) command, the CSG console becomes non-responsive while the CSG downloads the entire configuration, which can take a long time. Therefore, we recommend that you configure the URL match pattern during your maintenance window, or during off-peak hours.
•You cannot specify different types of match patterns in a given map. For example, a map can include one or more match (header map) statements, but it cannot include both match (header map) statements and match (url map) statements.
•You can specify up to two maps in a given policy: one for header matching and one for URL matching. For example, the following is a valid configuration:
ip csg map HOSTMAPmatch header host1 value *.2.*.44!ip csg map URLMAPmatch url */mobile/index.wml!ip csg policy MAP-POLICYheader-map HOSTMAPurl-map URLMAPIn this example, a flow must match both HOSTMAP and URLMAP in order to match policy MAP-POLICY.
Examples
The following example shows how to configure a CSG URL map named MOVIES:
ip csg map MOVIES urlmatch url *.movies_(comedy|action|drama).com/*.mpegRelated Commands
ip csg policy
To define a policy for qualifying flows for the CSG accounting services, and to enter CSG policy configuration mode, use the ip csg policy command in global configuration mode. To turn off the service, use the no form of this command.
ip csg policy policy-name
no ip csg policy policy-name
Syntax Description
Defaults
None
Command Modes
Global configuration
Command History
Usage Guidelines
Because of limitations on the number of URL match patterns that the CSG can handle, do not define more than 16,000 policies. For more information on URL match patterns, see the description of the match (URL map) command.
The characteristics of each policy are defined by the following commands:
When configuring a map, keep the following considerations in mind:
•You cannot specify different types of match patterns in a given map. For example, a map can include one or more match (header map) statements, but it cannot include both match (header map) statements and match (url map) statements.
•You can specify up to two maps in a given policy: one for header matching and one for URL matching. For example, the following is a valid configuration:
ip csg map HOSTMAPmatch header host1 value *.2.*.44!ip csg map URLMAPmatch url */mobile/index.wml!ip csg policy MAP-POLICYheader-map HOSTMAPurl-map URLMAPIn this example, a flow must match both HOSTMAP and URLMAP in order to match policy MAP-POLICY.
Examples
The following example shows how to configure a CSG policy named MOVIES_COMEDY:
ip csg policy MOVIES_COMEDYaccounting type http customer-string MOVIES_COMEDYclient-group 44client-ip http-header x-forwarded-forheader-map MOVIESurl-map MOVIESRelated Commands
ip csg refund
To specify the refund policy to apply to the various services, and to enter CSG refund configuration mode, use the ip csg refund command in global configuration mode. To disable this feature, use the no form of the command.
ip csg refund refund-policy-name
no ip csg refund refund-policy-name
Syntax Description
Defaults
None
Command Modes
Global configuration
Command History
Usage Guidelines
The characteristics of each policy are defined by the following commands:
•flags—The CSG supports flag-based refunding for all protocols.
•retcode—The CSG supports return code-based refunding for all protocols except RTSP.
If refund is enabled for a CSG prepaid service, you cannot download more than 0x6FFFFFFF bytes of data in a given transaction.
Examples
The following example shows how to configure the ip csg refund command:
ip csg refund COMPANY-REFUNDretcode http 500 509retcode wap 0x44 0x50retcode ftp 454flags tcp FF 14flags wap FF 08Related Commands
ip csg ruleset
To configure a CSG billing ruleset, and to enter CSG ruleset configuration mode, use the ip csg ruleset command in global configuration mode. To delete the ruleset, use the no form of this command.
ip csg ruleset ruleset-name
no ip csg ruleset ruleset-name
Syntax Description
Defaults
None
Command Modes
Global configuration
Command History
Usage Guidelines
The characteristics of each ruleset are defined by the content (CSG ruleset) command.
Examples
The following example shows how to configure a CSG billing ruleset named R1:
ip csg ruleset R1content MOVIES_COMEDYcontent MOVIES_ACTIONRelated Commands
ip csg service
To configure a content billing service, and to enter CSG service configuration mode, use the ip csg service command in global configuration mode. To turn off the content billing service, use the no form of this command.
ip csg service service-name
no ip csg service service-name
Syntax Description
Defaults
None
Command Modes
Global configuration
Command History
Usage Guidelines
The CSG allows you to define a pool of up to 1024 services. You can authorize, for each user, any number of services from that pool, but we recommend that the billing system not authorize more than 10 active services for each user. Exceeding this guideline could lead to the following problems:
•The increase in the number of quota authorizations per user can overload both the quota server and the CSG.
•As the number of services for which a user is actively authorized increases, the user's quota becomes fragmented. Although the CSG allows the billing system to recall and redistribute the quota so that the user is not denied service because of quota fragmentation, the process increases overhead in both the quota server and the CSG.
The characteristics of each content billing service are defined by the following commands:
Examples
The following example shows how to define a CSG content billing service named MOVIES:
ip csg service MOVIESbasis fixedcontent MOVIES_COMEDY policy MOVIES_COMEDYcontent MOVIES_ACTION policy MOVIES_ACTION weight DOUBLEidle 120Related Commands
ip csg snmp timer
To define Simple Network Management Protocol (SNMP) timers for lost CSG records, and to enter CSG SNMP timer configuration mode, use the ip csg snmp timer command in global configuration mode. To restore the default setting, use the no form of this command.
ip csg snmp timer {agent | quota-server} interval
no ip csg snmp timer {agent | quota-server} interval
Syntax Description
Defaults
The default SNMP timer interval is 60 seconds.
Command Modes
Global configuration
Command History
Examples
The following example defines a 300-second CSG SNMP agent timer and enters CSG SNMP timer configuration mode:
ip csg snmp timer agent 300ip csg transport-type
To classify data traffic on the basis of its access path, and to enter CSG transport-type configuration mode, use the ip csg transport-type command in global configuration mode. To remove transport-type information, use the no form of this command.
ip csg transport-type
no ip csg transport-type
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
Global configuration
Command History
Usage Guidelines
Use the ip csg transport-type command to classify data traffic on the basis of its access path, using the Network Access Server (NAS) IP address reported in the RADIUS Accounting Start message. Use the assign command to associate IP addresses with transport-type values. Transport-type information is reported in fixed record format call detail records (CDRs).
Usage Guidelines
The characteristics of each ruleset are defined by the assign command.
Examples
The following example creates a transport-type table and enters transport-type configuration mode:
ip csg transport-typeassign 1.2.3.4 6assign 2.5.3.1 7assign 6.6.7.5 0Related Commands
ip csg user-group
To create a group of users for which you want to generate accounting records, and to enter CSG user group configuration mode, use the ip csg user-group command in global configuration mode. To delete a group of users, use the no form of this command.
ip csg user-group group-name
no ip csg user-group group-name
Syntax Description
Defaults
None
Command Modes
Global configuration
Command History
Usage Guidelines
The ip csg user-group command configures parameters related to mapping IP addresses to user IDs.
You cannot delete a user group that is referenced by an accounting service. First, you must disassociate the user group from the accounting service. See the user-group command in CSG accounting configuration mode for more details.
The characteristics of this group of users are defined by the following commands:
•radius start restart session-id
Examples
The following example shows how to create the CSG user group G1:
ip csg user-group G1entries idle 3600entries max 100000database 10.1.2.3 11111quota local-port 6666quota server 10.1.4.5 888 1quota server 10.1.6.7 999 2radius acct-port 7777radius key SECRET_PASSWORDradius parse strictradius server 10.13.14.15radius userid User-Nameredirect nat 10.33.33.3redirect wap www.topoff.com/wapredirect http www.topoff.com/httpaoc confirmation AOC_OKRelated Commands
ip csg weight
To define a symbolic name for a CSG billing weight, and to enter CSG weight configuration mode, use the ip csg weight command in global configuration mode. To remove the weight name, use the no form of this command.
ip csg weight weight-name weight-value
no ip csg weight weight-name weight-value
Syntax Description
Defaults
The default billing weight multiplier is 1.
Command Modes
Global configuration
Command History
Usage Guidelines
To make a content free, assign a weight-value of 0.
The same weight can occur in multiple rules, specified in multiple billing services. If a weight changes, and you use numeric constants for weights, each occurrence of the weight must be updated. However, if you define symbolic weight names, you need update only a single definition for each weight. The results are a more readable configuration and price lists that are easier to manage.
Examples
The following example shows how to define a CSG billing weight named DOUBLE with a weight value of 2 quadrans:
ip csg weight DOUBLE 2keepalive
To define the keepalive time interval that will be used to test the health of Billing Mediation Agents (BMAs) and quota servers, use the keepalive command in CSG accounting configuration mode. To reset the keepalive timer to the default value, use the no form of this command.
keepalive number-of-seconds
no keepalive
Syntax Description
number-of-seconds
Time, in seconds, that is used to determine the health of BMAs and quota servers. The range is 1 to 86,400. The default value is 60.
Defaults
The default value is 60 seconds.
Command Modes
CSG accounting configuration
Command History
Examples
The following example shows how to specify a keepalive time of 3 seconds for the CSG accounting service A1:
ip csg accounting A1user-group G1agent activate 2agent local-port 3775agent 10.1.2.4 11112 10agent 10.1.2.5 11113 20keepalive 3records batchrecords http-statisticsrecords intermediate bytes 100000 time 3600records max 250inserviceRelated Commands
match (header map)
To specify a header match pattern for a CSG billing map, use the match command in CSG header map configuration mode. To delete the header match pattern, use the no form of this command.
match protocol protocol header header-name [value pattern]
no match protocol protocol header header-name [value pattern]
Syntax Description
Defaults
The default protocol is HTTP.
If you specify a header-name argument and you do not specify a pattern argument, then the header match is TRUE if header-name is present in the HTTP flow.
Command Modes
CSG header map configuration
Command History
Release Modification3.1(1)C3(1)—12.2(14)ZA
This command was introduced.
3.1(3)C5(3)—12.2(18)SXD
The usage guidelines were modified.
Usage Guidelines
Header maps are valid only with accounting types HTTP, RTSP, and WAP (specified using the accounting command in CSG policy configuration mode). If you do not specify an accounting type, the CSG assumes that the session is an HTTP session, and packets matching the policy are not billed (that is, no quota is used, and no CDR is generated).
When configuring a map, keep the following considerations in mind:
•You cannot specify different types of match patterns in a given map. For example, a map can include one or more match (header map) statements, but it cannot include both match (header map) statements and match (url map) statements.
•You can specify up to two maps in a given policy: one for header matching and one for URL matching. For example, the following is a valid configuration:
ip csg map HOSTMAPmatch header host1 value *.2.*.44!ip csg map URLMAPmatch url */mobile/index.wml!ip csg policy MAP-POLICYheader-map HOSTMAPurl-map URLMAPIn this example, a flow must match both HOSTMAP and URLMAP in order to match policy MAP-POLICY.
•If you have configured too many maps, or if your maps are too complex, the CSG generates the following syslog message:
%CSM_SLB-3-UNEXPECTED: Module 3 unexpected error:
Current configuration exceed memory limit for rule table.If you see this message, you must reduce the number and complexity of the maps in your configuration.
To ensure that your maps are configured correctly, use the following command:
show module csg slot tech-support processor 4 | include LB common pool
If the last config change field in the output is zero, your maps are configured correctly.
You can specify more than one match command in CSG header map configuration mode to specify multiple header match expressions for a given header map:
•You can configure more than one match header command in a given header map, but they must reference different headers.
For example, the following is a valid configuration, because the first match header command references header Host and the other references header User-Agent:
ip csg map HDR1match header Host value www.cisco.commatch header User-Agent valuemyagentBut the following is not a valid configuration, because both match header commands reference header Host:
ip csg map HDR1match header Host valuewww.cisco.commatch header Host valuemy.cisco.com•If the header matches all of the header match expressions, then the match is TRUE, and the flows can be processed by the CSG accounting services, unless another map associated with this policy matches FALSE.
•If the header does not match even one of the header match expressions, then the match is FALSE, and the flows are not processed by the CSG accounting services, even if other maps for this policy match TRUE.
•The CSG treats each header match pattern as a double-wildcard match, which means that a header match pattern that includes even a single wildcard, such as match header host* 1.2.3.4, is treated as a triple-wildcard match. The more wildcard matches you use, the fewer header maps and header match patterns the CSG can handle, depending on your configuration. Therefore, to optimize the performance of the CSG, minimize the number of header match patterns that are applied to a CSG content configuration, and minimize the number of wildcards used in header match patterns.
•The header match expressions are case-sensitive. For example, if you define the following header match expression:
match header host1 value *.2.*.44
but the actual HTTP header keyword is HOST1, the header does not match the header match expression, the match is FALSE, and the flow is not processed by the CSG accounting services.
Table B-1 shows and describes the special characters that you can use in header match expressions.
Table B-1 Special Characters for Matching String Expressions
Examples
The following example shows how to specify header match patterns for map HDR1. In this example, the header match is TRUE only for host www.cisco.com and user agent myagent. Any other combination of host and IP address matches FALSE:
ip csg map HDR1match header Host value www.cisco.commatch header User-Agent value myagentRelated Commands
match (URL map)
To specify a URL match pattern for a CSG billing map, use the match command in CSG URL map configuration mode. To delete the match pattern, use the no form of this command.
match protocol protocol [method method] url pattern
no match protocol protocol [method method] url pattern
Syntax Description
Defaults
The default application protocol is HTTP.
Command Modes
CSG URL map configuration
Command History
Release Modification3.1(1)C3(1)—12.2(14)ZA
This command was introduced.
3.1(3)C5(3)—12.2(18)SXD
The usage guidelines were modified.
Usage Guidelines
URL maps are valid only with accounting types HTTP, RTSP, and WAP (specified using the accounting command in CSG policy configuration mode). If you do not specify an accounting type, the CSG assumes that the session is an HTTP session, and packets matching the policy are not billed (that is, no quota is used, and no CDR is generated).
When configuring a map, keep the following considerations in mind:
•When you enter a new or changed URL match pattern using the match (URL map) command, the CSG console becomes non-responsive while the CSG downloads the entire configuration, which can take a long time. Therefore, we recommend that you configure the URL match pattern during your maintenance window, or during off-peak hours.
•You cannot specify different types of match patterns in a given map. For example, a map can include one or more match (header map) statements, but it cannot include both match (header map) statements and match (url map) statements.
•You can specify up to two maps in a given policy: one for header matching and one for URL matching. For example, the following is a valid configuration:
ip csg map HOSTMAPmatch header host1 value *.2.*.44!ip csg map URLMAPmatch url */mobile/index.wml!ip csg policy MAP-POLICYheader-map HOSTMAPurl-map URLMAPIn this example, a flow must match both HOSTMAP and URLMAP in order to match policy MAP-POLICY.
•If you have configured too many maps, or if your maps are too complex, the CSG generates the following syslog message:
%CSM_SLB-3-UNEXPECTED: Module 3 unexpected error:
Current configuration exceed memory limit for rule table.If you see this message, you must reduce the number and complexity of the maps in your configuration.
To ensure that your maps are configured correctly, use the following command:
show module csg slot tech-support processor 4 | include LB common pool
If the last config change field in the output is zero, your maps are configured correctly.
You can use more than one match command in CSG URL map configuration mode to specify multiple URL match expressions for a URL map:
•If the URL matches any of the URL match expressions, then the match is TRUE, and the flows can be processed by the CSG accounting services, unless another map associated with this policy matches FALSE.
•If the URL does not match any of the URL match expressions, then the match is FALSE, and the flows are not processed by the CSG accounting services, even if other maps for this policy match TRUE.
•The URL match expressions are case-sensitive. For example, if you define the following URL match expression:
match protocol http url http://url-string
but a subscriber enters the following URL in a web browser:
HTTP://url-string
the URL does not match the URL match expression, the match is FALSE, and the flow is not processed by the CSG accounting services.
Therefore, consider uppercase and lowercase combinations carefully when you create URL match expressions.
•When you configure URL match patterns for Real Time Streaming Protocol (RTSP) streams, be sure to account for trailing stream IDs in RTSP stream names. For example, URL match pattern *.mpeg does not match rtsp://1.1.1.254:554/movie.mpeg/streamid=0 because the stream name has a trailing /streamid=0. To match such RTSP stream names, use a URL match pattern such as *.mpeg*.
•Depending on your configuration, the CSG can handle up to 1000 single-wildcard URL match patterns (such as *movies or movies*, but not *movies*) or up to 11 double-wildcard URL match patterns (for example, *movies* or http://test.*movies.com/*.mpeg). Double-wildcard URL match patterns are also known as keyword URL match patterns. If you want to use keyword URL match patterns, observe the following guidelines to optimize the performance of the CSG:
–Minimize the number of URL match patterns that are applied to a CSG content configuration.
–Minimize the number of keyword URL match patterns that you use. In general, it is better to use multiple single-wildcard URL match patterns instead of individual keyword URL match patterns.
–Combine several keyword URL match patterns into a single pattern by using UNIX string-matching special characters. For example, *.movies_comedy.com/*.mpeg, *.movies_action.com/*.mpeg, and *.movies_drama.com/*.mpeg can be combined into the following single pattern:
*.movies_(comedy|action|drama).com/*.mpeg
And these patterns
*.movies_comedy.com/*.mpeg
*.movies_action.com/*.mpeg
*.movies_drama.com/*.mpeg
*.clips_comedy.com/*.mpeg
*.clips_action.com/*.mpeg
*.clips_drama.com/*.mpeg
can be combined into the following single pattern:
*.(movies|clips)*?*(comedy|action|drama).com/*.mpeg
–Do not forget that the entire pattern, including wildcards and UNIX string-matching special characters, cannot exceed 128 characters.
•When you add or change URL match patterns, check their effect on the CSG memory:
1. To check the status of the configuration change, enter the show module csg status command in privileged EXEC mode.
2. When the status changes from PENDING (the change has not yet downloaded) to COMPLETE, SUCCESS (the change has downloaded successfully), enter the show module csm memory command in privileged EXEC mode. This command displays both the total memory used and the total memory available.
•For wireless application protocol (WAP) 1.x, URL maps take precedence over access lists.
•For WAP 1.x and RTSP, the policy used to determine the next hop address is chosen based solely on access control lists (ACLs), not URL maps. As a result, you can choose the next hop from one policy for routing and from a different policy for billing.
Table B-2 shows and describes the special characters that you can use in URL match expressions.
Table B-2 Special Characters for Matching String Expressions
Examples
The following example shows how to specify URL match patterns for map MOVIES. In this example, the URL match is TRUE for *.movies_comedy.com/*.mpeg, for *.movies_action.com/*.mpeg, for *.movies_drama.com/*.mpeg, and for any other URLs that match the pattern:
ip csg map MOVIES urlmatch url *.movies_(comedy|action|drama).com/*.mpegRelated Commands
meter exclude
To exclude timers from the usage calculation duration billing, use the meter exclude command in CSG service configuration mode. To return to the default behavior, use the no form of the command.
meter exclude {pause rtsp | svc-idle}
no meter exclude {pause rtsp | svc-idle}
Syntax Description
Defaults
The default behavior is to include the RTSP PAUSE time and the service-idle in the usage calculation.
Command Modes
CSG service configuration
Command History
Usage Guidelines
Configuration of this command with the svc-idle keyword specified can result in reduced charging because the next service access occurs after the service idles, rather than occurring before the service idles.
Examples
The following example shows how to exclude the RTSP PAUSE time from the duration billing calculation for the SERVICE-A service:
ip csg service SERVICE-Abasis secondmeter exclude pause rtspcontent RTSP policy RTSP-POLICYThe following example shows how to exclude the final service idle from the usage calculation for the OFF_NET service:
ip csg service OFF_NETmeter exclude svc-idleRelated Commands
meter imap
To specify which Internet Message Access Protocol (IMAP) bytes are billed for when doing prepaid debits, use the meter imap command in CSG service configuration mode. To return to the default behavior, use the no form of the command.
meter imap [body-only | body-header | body-other]
no meter imap
Syntax Description
Defaults
All IMAP bytes are to be counted when performing prepaid debits.
Command Modes
CSG service configuration
Command History
Usage Guidelines
You can configure only one meter imap command per service. The billing basis for the service must be byte. The three categories of bytes are BODY, HEADER, and OTHER, determined as follows:
•BODY—The bytes are classified as BODY if a fetch request or response is encountered for one of the following specifications (including any appended "<>" subset variants):
–BODY[]
–BODY[#]
–BODY[TEXT]
–BODY[#.TEXT]
–BODY.PEEK[]
–BODY.PEEK[#]
–BODY.PEEK[TEXT]
–BODY.PEEK[#.TEXT]
–RFC822
–RFC822.TEXT
•HEADER—If the bytes cannot be classified as BODY, then they are classified as HEADER if a fetch request or response is encountered for one of the following specifications (including any appended "<>" subset variants):
–BODY[HEADER]
–BODY[#.HEADER]
–BODY.PEEK[HEADER]
–BODY.PEEK[#.HEADER]
–RFC822.HEADER
•OTHER—If request or response cannot be classified as BODY or HEADER, then it is classified as OTHER. OTHER examples include:
–SYN/FIN/ACK/RST packets that do not contain a payload
–Non-HEADER or BODY IMAP commands such as 3 select inbox
–Retransmitted packets
–Anything else that is not considered BODY or HEADER
–If the session becomes encrypted or enters PASSTHRU mode, subsequent packets for the session cannot be parsed and are treated as OTHER.
Because IMAP metering is byte-based, you cannot configure both meter imap and basis fixed or basis second in the same service. Only basis byte is meaningful with meter imap.
Examples
The following example shows how to configure IMAP to count only BODY bytes when performing prepaid debits:
ip csg service S1meter imap body-onlymeter increment
To specify the increments for debiting quota upon completion of a service configured for Service Duration Billing, use the meter increment command in CSG service configuration mode. To restore the default behavior, use the no form of the command.
meter increment value
no meter increment value
Syntax Description
Defaults
The default increment is 1 second.
Command Modes
CSG service configuration
Command History
Usage Guidelines
If basis second is configured for the service, the network usage (usage excluding the initial charge) is rounded up to the nearest integer multiple of the increment value when the Service Stop is sent. For an increment value of 60, the CSG does not round up 120 seconds of network usage; however, the CSG does round up, say, 163 seconds of network usage to 180 quadrans before it calculates total usage for reporting in the Service Stop.
Note The rounding-up of network usage is not reflected in calculations for the Usage Tag-Length-Value (TLV) in Service Reauthorization Requests.
The increment value is considered when determining whether sufficient quota exists for granting network access for a session. For instance, if the increment is 60, the network usage is 50, and the balance is 10, network access is permitted. However, if the increment is 60, the network usage is 70, and the balance is 10, network access is not permitted because the balance is not sufficient to satisfy the entire increment (that is, a minimum of 1 minute of quota would be required to allow access for a portion of the minute).
Examples
The following example shows how to configure quota debit increments for Service Duration Billing for the OFF_NET service.
ip csg service OFF_NETbasis secondmeter minimum 60meter increment 100content ANY policy HTTPcontent ANY policy ANYRelated Commands
Command DescriptionConfigures a content billing service, and enters CSG service configuration mode.
meter initial
To specify the initial quota debited from the balance at the beginning of a service when the service is configured for Service Duration Billing, use the meter initial command in CSG service configuration mode. To restore the default behavior, use the no form of the command.
meter initial value
no meter initial value
Syntax Description
Defaults
The default quota is 0 quadrans.
Command Modes
CSG service configuration
Command History
Usage Guidelines
This command allows "connection setup charges" to be applied to a service.
Examples
The following example shows how to configure meter initial values for Service Duration Billing for the OFF_NET service.
ip csg service OFF_NETbasis secondmeter initial 60content ANY policy HTTPcontent ANY policy ANYRelated Commands
Command DescriptionConfigures a content billing service, and enters CSG service configuration mode.
meter minimum
To specify the minimum number of quadrans debited for a service or session, excluding the value in meter initial, use the meter minimum command in CSG service configuration mode. To return to the default behavior, use the no form of the command.
meter minimum value
no meter minimum value
Syntax Description
Defaults
The default number is 0 quadrans.
Command Modes
CSG service configuration
Command History
Usage Guidelines
If service duration is configured in the basis command, the usage is rounded up to the minimum value when the Service Stop is sent. For a minimum value of 90, 150 seconds of network usage is not rounded up for the purpose of calculating usage in the Service Stop, but, for example, 63 seconds of network usage is rounded up to 90 quadrans.
Note The rounding-up of network usage is not reflected in calculations for the Usage Tag-Length-Value (TLV) in Service Reauthorization Requests.
Examples
The following example shows how to configure meter minimum values for Service Duration Billing for the OFF_NET service.
ip csg service OFF_NETbasis secondmeter minimum 60content ANY policy HTTPcontent ANY policy ANYRelated Commands
Command DescriptionConfigures a content billing service, and enters CSG service configuration mode.
mode
To specify that a billing plan is postpaid or prepaid, use the mode command in CSG billing configuration mode. To use the default mode, use the no form of this command.
mode [postpaid | prepaid]
no mode
Syntax Description
postpaid
Specifies a postpaid billing service.
prepaid
Specifies a prepaid billing service. This is the default setting.
Defaults
The default mode is prepaid.
Command Modes
CSG billing configuration
Command History
Usage Guidelines
The mode command with the postpaid keyword is used with both fixed-record format and variable-record format to enable service correlation of postpaid CDRs.
Examples
The following example specifies postpaid mode for CSG billing plan REGULAR
ip csg billing REGULARentries idle 3600mode postpaidservice MOVIESservice BROWSINGRelated Commands
module csg
To enter module CSG configuration mode for a specified slot, use the module csg command in global configuration mode. To remove the module csg configuration, use the no form of this command.
module csg slot-number
no module csg slot-number
Caution For Cisco IOS releases prior to 12.2(18)SXD, entering the no form of this command ( no module csg slot-number) removes your existing module csg configuration with no warning message!
For Cisco IOS releases 12.2(18)SXD and later, the CSG issues a warning message and does not remove your existing module csg configuration unless you have already removed all underlying accounting.
Syntax Description
Defaults
None
Command Modes
Global configuration
Command History
Usage Guidelines
The full syntax for this command is module ContentServicesGateway slot-number; module csg slot-number is a valid shortcut.
The following commands in module CSG configuration mode specify which accounting services to download, as well as the binding of VLANs with the accounting service:
Examples
The following example shows how to configure the CSG in slot 4:
module csg 4accounting A1ft group 123 vlan 5ruleset R1vlan 30 clientvlan 32 clientvlan 40 serverRelated Commands
next-hop
To define a next-hop IP address, use the next-hop command in CSG policy configuration mode. To delete the next-hop IP address, use the no form of this command.
next-hop ip-address
no next-hop ip-address
Syntax Description
Defaults
None
Command Modes
CSG policy configuration
Command History
Usage Guidelines
You can use next-hop with client groups as long as a given client group is always sent to the same next hop. You cannot send a given client group to two or more different next hops based on a policy. For example, the following configuration is valid, because both policies use client group 1 and next-hop 1:
policy Aaccounting type wap connection-orientedurl Aclient group 1next-hop 1policy Baccounting type wap connection-orientedurl Bclient group 1next-hop 1content WAP-CONpolicy Apolicy BThe following configuration is not valid, because policy A uses client group 1 and next-hop 1, but policy B uses client group 1 and next-hop 2:
policy Aaccounting type wap connection-orientedurl Aclient group 1next-hop 1policy Baccounting type wap connection-orientedurl Bclient group 1next-hop 2content WAP-CONpolicy Apolicy BIf you associate more than one policy with the same content configuration, the CSG determines the next-hop on the basis of the first policy match within any data flow (TCP connection). The CSG reports all subsequent policy matches within that flow as configured, but ignores the next-hop information.
•For type http accounting, the first policy match is based on the first HTTP request within a persistent connection.
•For other Layer 7 inspection, the first policy match is based on the first packet. For example for type wap accounting, the first policy match is based on the Wireless Session Protocol (WSP) connection request.
Note Even if you have defined a next-hop IP address, traffic that matches the "default" policy of a content might not be routed with next-hop.
Examples
The following example specifies a next-hop.
ip csg policy FTP-MS-APNaccounting type ftp customer-string FTP-POLclient-group 11next-hop 33.0.0.150Related Commands
owner id
To specify an identifier for a service owner, use the owner id command in CSG service configuration mode. To remove the owner ID, use the no form of this command.
owner id id
no owner id id
Syntax Description
Defaults
None
Command Modes
CSG service configuration
Command History
Usage Guidelines
Use this command with fixed-record format to identify a service owner.
Examples
The following example specifies an owner ID for the service:
ip csg service FOOowner id ABC123456Related Commands
owner name
To specify the name of a service owner, use the owner name command in CSG service configuration mode. To remove the owner name, use the no form of this command.
owner name name
no owner name
Syntax Description
Defaults
None
Command Modes
CSG service configuration
Command History
Usage Guidelines
The owner name command is used with fixed-record format to identify a service owner.
Examples
The following example specifies an owner name for the service:
ip csg service FOOowner name ABC_CORPRelated Commands
passthrough
To enable passthrough mode for a service, use the passthrough command in CSG service configuration mode. To disable passthrough mode, use the no form of this command.
passthrough quota-grant
no passthrough quota-grant
Syntax Description
quota-grant
Size of each quota grant to give to the service. The quota-grant is also called the default quota. The range is from 1 to 2147483647.
Defaults
None
Command Modes
CSG service configuration
Command History
Usage Guidelines
Use this command to enable the CSG to grant quota to the service when when at least one quota server is configured, but none are active.
If you enable passthrough mode for a service, do not disable quota server reassignment for user groups associated with that service. That is, do not configure the no quota server reassign command in CSG user group configuration mode for user groups associated with the service.
Examples
The following example specifies that the CSG grants 65535 quadrans of quota to the service NAME each time the service runs low on quota:
ip csg service NAMEpassthrough 65535Related Commands
Command DescriptionConfigures a content billing service, and enters CSG service configuration mode.
pending
To set the pending connection timeout, use the pending command in CSG content configuration mode. To restore the default, use the no form of this command.
pending timeout
no pending
Syntax Description
timeout
Time, in seconds, for the pending connection timeout, which is the time to wait before a connection is considered unreachable. The range is from 4 to 65535. The default value is 30.
Defaults
The default pending connection timeout is 30 seconds.
Command Modes
CSG content configuration
Command History
Usage Guidelines
The pending connection timeout sets the response time for terminating connections if a switch becomes flooded with traffic. The pending connections are configurable on a per-content basis.
Examples
This example shows how to set the pending connection timer:
ip csg content MOVIES_COMEDYclient 10.4.4.0 255.255.255.0idle 120ip 172.18.45.0/24 tcp 8080policy POLICY1pending 300replicate connection tcpvlan MOVIES_COMEDYinserviceRelated Commands
Command DescriptionConfigures CSG content, and enters CSG accounting configuration mode.
Displays statistics and counters for the CSG content.
ping
To determine whether the CSG can reach a remote host, use the ping command on the CSG console.
ping ip-address
Syntax Description
Defaults
None
Command Modes
CSG console
Command History
Examples
The following example pings the remote host at IP address 1.2.3.4:
CSG> ping 1.2.3.4Related Commands
Command DescriptionCopies the CSG coredump.
Displays information about the CSG.
Upgrades the CSG by loading a CSG image from the Supervisor Engine.
policy (CSG content)
To reference a CSG billing policy, use the policy command in CSG content configuration mode. To delete a policy reference, use the no form of this command.
policy policy-name
no policy policy-name
Syntax Description
Defaults
None
Command Modes
CSG content configuration
Command History
Usage Guidelines
If accounting records are to be generated for flows matching this policy, you must configure the accounting command. If you do not want to bill for flows matching this policy, do not configure the accounting command.
To reference more than one policy in a content configuration, use multiple policy commands.
If multiple policies are defined under ip csg content, they must all have the same accounting type. For example, if one of the policies is configured with accounting type wap, they all must have accounting type wap.
Examples
The following example shows how to reference a policy named POLICY1:
ip csg content MOVIES_COMEDYclient 10.4.4.0 255.255.255.0idle 120ip 172.18.45.0/24 tcp 8080policy POLICY1pending 300replicate connection tcpvlan MOVIES_COMEDYinserviceRelated Commands
Command DescriptionConfigures CSG content, and enters CSG accounting configuration mode.
Displays statistics and counters for the CSG content.
priority
To set the priority of the CSG with respect to its peer fault-tolerant CSGs, use the priority command in fault-tolerant configuration mode. To restore the priority default value, use the no form of this command.
priority value
no priority
Syntax Description
value
Priority of the CSG with respect to its peer fault-tolerant CSGs. The range is from 1 to 254. A higher number indicates a higher priority. The default value is 10.
Defaults
The default priority value is 10.
Command Modes
Fault-tolerant configuration
Command History
Usage Guidelines
The CSG with the highest priority value is the active CSG in its set of fault-tolerant CSGs.
Examples
The following example shows how to set the priority value to 12:
ft group 123 vlan 5failover 6heartbeat-time 2priority 12Related Commands
Command DescriptionEnters fault-tolerant configuration mode and configures fault tolerance.
Displays statistics and counters for the CSG fault-tolerant pair.
quota activate
To simultaneously activate multiple quota servers and to assign a quota server to each user, use the quota activate command in CSG user group configuration mode. To deactivate quota servers, use the no form of this command.
quota activate number
no quota activate number
Syntax Description
number
Identifies a specific quota server to activate or assign to a specific user. The range is from 1 to 10. The default value is 1.
Defaults
The default value is 1.
Command Modes
CSG user group configuration
Command History
Examples
The following example shows how to activate quota 2 and assign it to user U1:
ip csg user U1quota activate 2quota local-port
To configure the local port on which the CSG receives communications from quota servers, use the quota local-port command in CSG user group configuration mode. To remove a quota local-port configuration, use the no form of this command.
quota local-port port-number
no quota local-port port-number
Syntax Description
Defaults
No quota local ports are configured.
Command Modes
CSG user group configuration
Command History
Usage Guidelines
For prepaid billing, you must specify a quota local port.
Note The CSG drops requests (such as nodealive, echo, and redirect requests) unless they come from a configured quota server IP address. The CSG also verifies IP addresses against the configured list of quota servers. If there is no match, the CSG drops the request. The CSG does not look at a request's source port; the CSG replies to the port from which the request came.
Examples
The following example configures quota local port 6666 for the CSG user group G1:
ip csg user-group G1entries idle 3600entries max 100000database 10.1.2.3 11111quota local-port 6666quota server 10.1.4.5 888 1quota server 10.1.6.7 999 2radius acct-port 7777radius key SECRET_PASSWORDradius parse strictradius server 10.13.14.15radius userid User-Nameredirect nat 10.33.33.3Related Commands
quota server
To configure the quota servers that return billing quota values for users, use the quota server command in CSG user group configuration mode. To remove a quota server configuration, use the no form of this command.
quota server {ip-address port-number priority | reassign}
no quota server {ip-address port-number priority | reassign}
Syntax Description
Defaults
No quota servers are configured, and quota servers are reassigned after a failure.
Command Modes
CSG user group configuration
Command History
Release Modification3.1(1)C3(1)—12.2(14)ZA
This command was introduced.
3.1(1)C6(2)—12.2(18)SXE
The reassign keyword was added.
Usage Guidelines
For prepaid billing, you must specify at least one quota server. You can specify up to 10 quota servers, each with a unique IP address and a unique priority.
A quota server can recognize a duplicate quota-download request, as when general packet radio service (GPRS) tunneling protocol (GTP) retransmits a packet. When the quota server detects a duplicate quota-download request, it resends the same quota that it sent for the original request.
Note The CSG does not support multiple quota servers that have the same IP address.
To disable quota server reassignment (that is, to prevent the CSG from assigning a new quota server to a user if the original quota server fails), use the no form of this command with the reassign keyword.
If you enable passthrough mode for a service (by using the passthrough command in CSG service configuration mode), do not disable quota server reassignment for user groups associated with that service. That is, do not configure the no quota server reassign command for user groups associated with the service.
Examples
The following example configures two quota servers for the CSG user group G1 with priorities 1 and 2:
ip csg user-group G1entries idle 3600entries max 100000database 10.1.2.3 11111quota local-port 6666quota server 10.1.4.5 888 1quota server 10.1.6.7 999 2radius acct-port 7777radius key SECRET_PASSWORDradius parse strictradius server 10.13.14.15radius userid User-Nameredirect nat 10.33.33.3Related Commands
radius acct-port
To configure the RADIUS listening port when it is not the established RADIUS default of 1813, use the radius acct-port command in CSG user group configuration mode. To use the default port number, use the no form of this command.
radius acct-port port-number
no radius acct-port
Syntax Description
port-number
Listening port number of the RADIUS server. The range is from 1 to 65535. The default port number is 1813.
Defaults
The default port number is 1813.
Command Modes
CSG user group configuration
Command History
Examples
The following example shows how to configure RADIUS listening port 7777 for the CSG user group G1:
ip csg user-group G1entries idle 3600entries max 100000database 10.1.2.3 11111quota local-port 6666quota server 10.1.4.5 888 1quota server 10.1.6.7 999 2radius acct-port 7777radius key SECRET_PASSWORDradius parse strictradius server 10.13.14.15radius userid User-Nameredirect nat 10.33.33.3Related Commands
radius ack error
To enable the CSG to generate a RADIUS response to a RADIUS Accounting Start Request or a RADIUS Accounting Interim Request when it encounters an error condition, use the radius ack error command in CSG user group configuration mode. To prevent RADIUS responses to errors, use the no form of this command.
radius ack error
no radius ack error
Syntax Description
This command has no arguments or keywords.
Defaults
The CSG generates a RADIUS response to a RADIUS Accounting Start Request or a RADIUS Accounting Interim Request when it encounters an error condition.
Command Modes
CSG user group configuration
Command History
Usage Guidelines
Use the no form of this command to prevent the CSG from acknowledging the following errors:
1. The User Table entry cannot be created because of resource constraints.
2. The CSG parses the RADIUS Accounting Request and encounters RADIUS protocol errors.
3. The CSG parses the RADIUS Accounting Request and a billing plan is specified in the RADIUS Accounting Request, but it does not match a billing plan in the CSG configuration.
4. The CSG parses the RADIUS Accounting Request and a quota server is specified in the RADIUS Accounting Request, but it does not match a quota server in the CSG configuration.
5. The CSG parses the RADIUS Accounting Request and a connect service is specified in the RADIUS Accounting Request, but it does not match a connect service in the CSG configuration.
For errors 3, 4, and 5, the CSG can parse the configuration vendor-specific attribute (VSA) from the RADIUS Access-Accept. If the CSG uses any attribute from the RADIUS Access-Accept that does not match the CSG configuration, the CSG does not send a RADIUS response to the Accounting Request.
For RADIUS Accounting requests processed as a result of matching a radius endpoint command, the CSG does not send a RADIUS acknowledgement.
For RADIUS Accounting requests processed as a result of matching a radius proxy command, the CSG does not forward the RADIUS Accounting Request to the RADIUS server.
To prevent existing entries from being reused for new users when the User Table is full, use the no form of this command, no radius ack error.
Examples
The following examples shows how to prevent RADIUS responses to RADIUS Accounting Start Requests and RADIUS Accounting Interim Requests when errors are encountered.
ip csg usergroup UGROUPno radius ack errorRelated Commands
Command Descriptionradius endpoint
Identifies the CSG as an endpoint for RADIUS Accounting messages.
radius proxy
Specifies that the CSG is to be a proxy for RADIUS messages.
radius endpoint
To identify the CSG as an endpoint for RADIUS Accounting messages, use the radius endpoint command in module CSG configuration mode. To remove the endpoint identification, use the no form of this command.
radius endpoint csg-addr key [encrypt] secret-string [table table-name]
no radius endpoint csg-addr key [encrypt] secret-string [table table-name]
Syntax Description
Defaults
The secret-string is stored in plain text.
Command Modes
Module CSG configuration
Command History
Release Modification3.1(3)C5(5)—12.2(17d)SXD
This command was introduced.
3.1(1)C6(2)—12.2(18)SXE
The table keyword and table-name argument were added.
Usage Guidelines
A RADIUS Accounting message sent to the specified csg-addr (and any port) is parsed, and is then acknowledged, by the CSG.
CSG User Table entries created as a result of RADIUS messaging through radius endpoint definition with a table configured are indexed by the configured table-name. This enables the CSG to segment the user space and removes ambiguity if multiple users share the same IP address, provided that their entries were instantiated by RADIUS flows to CSG radius definitions bound to different table-names.
To change the RADIUS endpoint table-name associated with a given csg-addr, you must first enter the no form of the radius endpoint command for that csg-addr, then enter the command with the new table-name.
To support RADIUS endpoint, the CSG requires a route to 255.255.255.255. You can configure the route by using the gateway (module CSG VLAN) command or the route (module CSG VLAN) command. For example:
gateway 31.0.0.6
or:
route 255.255.255.255 255.255.255.255 gateway 31.0.0.6
Note If you already have a gateway configured, you do not need to configure an additional gateway for the RADIUS endpoint.
When the CSG2 is configured as a RADIUS endpoint, the CSG2 drops all RADIUS packets other than RADIUS Accounting-Request messages.
Examples
The following example shows how to identify the CSG as a RADIUS endpoint:
module csg 3radius endpoint 1.2.3.4 key secretThe following example illustrates how to use the radius endpoint command to create an endpoint point that maps to table ACME_VLAN, to be used as part of a user index for users created as a result of traffic to this radius endpoint definition.
module csg 3radius endpoint 1.2.3.4 key secret table ACME_VLANRelated Commands
Command DescriptionSpecifies the RADIUS attribute used to extract the user identifier from a RADIUS record.
radius handoff
To configure RADIUS handoff support, use the radius handoff command in CSG user group configuration mode. To turn off the timer, use the no form of this command.
radius handoff [duration]
no radius handoff
Syntax Description
Defaults
The default is that no handoff timer is configured.
The default duration is 0 seconds (no handoff timer).Command Modes
CSG user group configuration
Command History
Examples
The following example shows how to specify a RADIUS handoff timer duration of 1000 seconds:
ip csg user-group G1radius handoff 1000radius key
To specify and configure the CSG to be the RADIUS endpoint for accounting records, and to designate that the CSG is to use the accounting records to maintain user IDs, use the radius key command in CSG user group configuration mode. To delete the key and disable RADIUS, use the no form of this command.
radius key [encrypt] secret-string
no radius key
Syntax Description
Defaults
The secret-string is stored in the plain text.
Command Modes
CSG user group configuration
Command History
Examples
The following example shows how to use the radius key command to specify a secret password for CSG user group G1:
ip csg user-group G1entries idle 3600entries max 100000database 10.1.2.3 11111quota local-port 6666quota server 10.1.4.5 888 1quota server 10.1.6.7 999 2radius acct-port 7777radius key SECRET_PASSWORDradius parse strictradius server 10.13.14.15radius userid User-Nameredirect nat 10.33.33.3Related Commands
Command DescriptionSpecifies the search RADIUS attribute used to extract the user identifier from a RADIUS record.
Configures the RADIUS listening port when it is not the RADIUS default of 1813.
radius monitor
To specify that the CSG is to monitor the RADIUS flows to the specified server, use the radius monitor command in CSG user group configuration mode. To stop monitoring the RADIUS flows, use the no form of this command.
radius monitor server-addr server-port [key [encrypt] secret-string]
no radius monitor server-addr server-port [key [encrypt] secret-string]
Syntax Description
Defaults
The secret-string is stored in plain text.
Command Modes
CSG user group configuration
Command History
Usage Guidelines
The RADIUS key and encryption level are optional; the CSG always forwards the message. If the RADIUS key and encryption level are specified, the CSG parses the message only if the RADIUS authenticator was created using encryption. If the key is not configured, the CSG always parses the message.
All RADIUS messages, including access messages, are forwarded, except when the IP or User Datagram Protocol (UDP) headers specify a length larger than the physical packet size.
Note The CSG is not a proxy. The network must be set up so that packets are sent through the CSG, not to the CSG.
Examples
The following example shows how to use the radius monitor command to enable the CSG to monitor the RADIUS flows:
ip csg user-group G1radius userid User-Nameradius monitor 1.2.3.4 1813 key secretRelated Commands
Command DescriptionSpecifies the RADIUS attribute used to extract the user identifier from a RADIUS record.
radius parse strict
To tighten the parsing rules for RADIUS flows, use the radius parse strict command in CSG user group configuration mode. To relax the parsing rules, use the no form of this command.
radius parse strict
no radius parse strict
Syntax Description
This command has no arguments or keywords.
Defaults
The parsing rules are relaxed.
Command Modes
CSG user group configuration
Command History
Usage Guidelines
When you configure this command, the CSG fails parsing if the length of the user ID (RADIUS Attribute 1 [User-Name] or RADIUS Attribute 31 [Calling-Station-Id], as configured) is less than the minimum (3).
Examples
The following example tightens the parsing rules for RADIUS flows for CSG user group G1:
ip csg user-group G1entries idle 3600entries max 100000database 10.1.2.3 11111quota local-port 6666quota server 10.1.4.5 888 1quota server 10.1.6.7 999 2radius acct-port 7777radius key SECRET_PASSWORDradius parse strictradius server 10.13.14.15radius userid User-Nameredirect nat 10.33.33.3Related Commands
Command DescriptionSpecifies the search RADIUS attribute used to extract the user identifier from a RADIUS record.
Configures the RADIUS listening port when it is not the RADIUS default of 1813.
radius pod attribute
To specify the RADIUS attributes and vendor-specific attribute (VSA) subattributes to be copied from the RADIUS Start message and sent to the Network Access Server (NAS) in the Packet of Disconnect (PoD) message, use the radius pod attribute command in CSG user group configuration mode. To disable this feature, use the no form of this command.
radius pod attribute {radius-attribute-number | {26 | vsa} {vendor-id | 3gpp} radius-subattribute-number}
no radius pod attribute {radius-attribute-number | {26 | vsa} {vendor-id | 3gpp} radius-subattribute-number}
Syntax Description
Defaults
No RADIUS attributes are sent in the PoD message.
Command Modes
CSG user group configuration
Command History
Usage Guidelines
You can specify up to 256 RADIUS attributes. If the RADIUS message does not contain an attribute, the PoD message attribute does not contain the attribute, either. If the list of configured attributes changes, only new RADIUS messages are affected by the new attributes. Attributes that are already saved will continue to be included in the PoD message.
When a RADIUS Start request is received, any attributes received from a previous Start request are deleted.
If there are multiple instances of an attribute, all instances are included.
Attributes are included in the PoD message in random order.
Examples
The following example shows how to specify RADIUS attributes:
ip csg user-group G1radius pod attribute 44radius pod attribute 26Related Commands
radius pod nas
To specify the Network Access Server (NAS) port to which the CSG is to send the Packet of Disconnect (PoD) message, and to specify the key to use in calculating the Authenticator, use the radius pod nas command in CSG user group configuration mode. To restore the default settings, use the no form of this command.
radius pod nas [start-ip end-ip] port key [encrypt] secret-string
no radius pod nas [start-ip end-ip] port key [encrypt] secret-string
Syntax Description
Defaults
The secret-string is stored in plain text.
Command Modes
CSG user group configuration
Command History
Usage Guidelines
The PoD message is sent to the NAS IP address that is specified in the NAS-IP-Address attribute (4) in the RADIUS Accounting Start message. This command specifies the NAS listening port, as well as the key to use in calculating the Authenticator.
The RADIUS Accounting Start must be received on an IP address that is specified in the enhanced proxy or endpoint (radius proxy or radius endpoint) command that is configured in module CSG configuration mode.
In some networks, many NASs might use the same listening port and key. In such networks, you can use this command to specify the range of NAS IP addresses.
If no IP addresses are specified, the port number and key apply to all NASes. The "global" definition is used if a specific range is not configured for the NAS when the PoD message is sent.
Examples
The following example shows how to specify NAS ports and keys:
ip csg user-group G1radius userid User-Nameradius pod attribute 44radius pod nas 1.1.1.0 1.1.1.255 1700 key secretradius pod nas 1701 key passwordmod csg 3radius proxy 1.2.3.4 5.6.7.8 key secretRelated Commands
radius pod timeout
To specify the number of times to retry the RADIUS Packet of Disconnect (PoD) message if it is not acknowledged by means of an ACK message, and the interval between retransmissions, use the radius pod timeout command in CSG user group configuration mode. To restore the default timeout, use the no form of this command.
radius pod timeout timeout retransmit retransmit
no radius pod timeout timeout retransmit retransmit
Syntax Description
Defaults
The default timeout is 5 seconds.
The default number of retransmits is 3 retransmits.
Command Modes
CSG user group configuration
Command History
Examples
The following example shows how to specify a RADIUS PoD timeout and the number of times to retransmit the message:
ip csg user-group G1radius pod timeout 30 retransmits 5Related Commands
radius proxy
To specify that the CSG is to be a proxy for RADIUS messages, use the radius proxy command in module CSG configuration mode. To stop the CSG from proxying for RADIUS messages, use the no form of this command.
radius proxy csg-addr server-addr [csg-source-addr] [key [encrypt] secret-string] [table table-name]
no radius proxy csg-addr server-addr [csg-source-addr] [key [encrypt] secret-string] [table table-name]
Syntax Description
Defaults
The secret-string is stored in plain text.
The csg-source-addr is set to csg-addr.Command Modes
Module CSG configuration
Command History
Usage Guidelines
A message sent to the specified csg-addr (and any port) is parsed and then forwarded to the specified server. When forwarded to the server, the source IP address is the csg-source-addr, if configured; otherwise, the source IP address is the csg-addr.
The source port is arbitrarily chosen by the CSG, and the destination port remains unchanged. When a message is received from the server and forwarded to the client, the source IP address is the csg-addr, and the source port remains unchanged. The source IP address and port are taken from the destination IP address and port in the original message from the client.
You can configure an optional RADIUS key. If you configure a key, the CSG parses and acts on the message only if the RADIUS authenticator is correct. If the key is not configured, the CSG always parses the message. Whether you configure a key or not, and whether it is correct or not, the CSG always forwards the message.
You can specify up to 32 radius proxy commands.
You can specify more than one RADIUS key by specifying more than one radius proxy command, but each command must specify a unique CSG IP address.
All RADIUS messages are forwarded, except when the IP or User Datagram Protocol (UDP) headers specify a length larger than the physical packet size.
CSG User Table entries created as a result of RADIUS messaging through radius proxy definition with a table configured are indexed by the configured table-name. This enables the CSG to segment the user space and removes ambiguity if multiple users share the same IP address, provided that their entries were instantiated by RADIUS flows to CSG radius definitions bound to different table-names.
You can define up to 64,511 clients; a client is defined by its IP address and port.
Note If your network is designed to check the authorization string in RADIUS messages, we recommend that you enter a secret-string. Additionally, if you configure the user-profile server radius remove command, you might need to configure a secret-string.
To change the RADIUS proxy table-name associated with a given csg-addr, you must first enter the no form of the radius proxy command for that csg-addr, then enter the command with the new table-name.
Examples
The following example illustrates how to use the radius proxy command to create a proxy point that maps to table ACME_VLAN, to be used as part of a user index for users created as a result of traffic to this radius proxy definition.
ip csg user-group G1radius userid User-Name!mod csg 3radius proxy 1.2.3.4 5.6.7.8 key secret table ACME_VLANRelated Commands
Command DescriptionSpecifies the RADIUS attribute used to extract the user identifier from a RADIUS record.
radius server
To configure a RADIUS server, use the radius server command in CSG user group configuration mode. To remove the RADIUS server configuration, use the no form of this command.
radius server ip-address [port-number]
no radius server ip-address [port-number]
Syntax Description
ip-address
IP address of the RADIUS server.
port-number
(Optional) Port number of the RADIUS server. The range is from 1 to 65535. The default port number is 1813 (the default RADIUS port).
Defaults
The default port number is 1813.
Command Modes
CSG user group configuration
Command History
Usage Guidelines
When the CSG is configured as a RADIUS proxy, proxied messages are forwarded to this RADIUS server.
Examples
The following example configures a RADIUS server for the CSG user group G1, with the IP address 10.13.14.15 and with the default RADIUS port, which is port number 1813:
ip csg user-group G1entries idle 3600entries max 100000database 10.1.2.3 11111quota local-port 6666quota server 10.1.4.5 888 1quota server 10.1.6.7 999 2radius acct-port 7777radius key SECRET_PASSWORDradius parse strictradius server 10.13.14.15radius userid User-Nameredirect nat 10.33.33.3Related Commands
Command DescriptionSpecifies the search RADIUS attribute used to extract the user identifier from a RADIUS record.
Configures the RADIUS listening port when it is not the RADIUS default of 1813.
radius start restart session-id
To delete an existing CSG User Table entry for a specific user, and to create a new entry for that user, use the radius start restart session-id command in CSG user group configuration mode.
radius start restart session-id {radius-attribute-number | {26 | vsa} {vendor-id | 3gpp} radius-subattribute-number}
Syntax Description
Defaults
The default behavior is that existing User Table entries are not deleted.
Command Modes
CSG user group configuration
Command History
Usage Guidelines
This command:
•Deletes an existing CSG User Table entry for a specific user (when a RADIUS Accounting Start or RADIUS Intermediate Accounting is received).
•Creates a new entry for that user (similar to when a RADIUS Accounting Stop has been received).
•Terminates all sessions for that user.
To detect duplicate RADIUS requests (in this situation, the existing entry is not deleted), specify the attribute (which might be a VSA) to be used. If the contents of the specified attribute in the original request match the contents of the attribute in the current request, the request is a duplicate and the existing entry is not deleted.
Examples
The following example shows how to enable the radius start restart session-id command:
ip csg user-group U1radius start restart session-id 44radius stop purge
To specify the attribute that must be included in the RADIUS Accounting Stop request in order for the User Table entry to be deleted, use the radius stop purge command in CSG user group configuration mode.
radius stop purge {radius-attribute-number | {26 | vsa} {vendor-id | 3gpp} radius-subattribute-number}
Syntax Description
Defaults
The user entry is deleted when a RADIUS Accounting Stop is received.
Command Modes
CSG user group configuration
Command History
Usage Guidelines
The radius stop purge command specifies the attribute (which might be a VSA) that must be included in the RADIUS Accounting Stop request in order for the User Table entry to be deleted. The contents of the specified attribute are not examined.
Examples
The following example shows how to enable the radius stop purge command for CSG user group U1:
ip csg user-group U1radius stop purge vsa 3gpp 11radius userid
To specify the RADIUS attribute used to extract the user identifier from a RADIUS record, use the radius userid command in CSG user group configuration mode. To specify that no RADIUS attributes are to be used, use the no form of this command.
radius userid {1 | 31 | User-Name | Calling-Station-Id}
no radius userid
Syntax Description
1
RADIUS attribute number 1.
31
RADIUS attribute number 31.
User-Name
Equivalent to RADIUS attribute number 1.
Calling-Station-Id
Equivalent to RADIUS attribute number 31.
Defaults
None
Command Modes
CSG user group configuration
Command History
Usage Guidelines
The radius userid command specifies that the CSG obtains the user ID from either attribute 1 or 31. If the no radius userid command is used, user IDs are not obtained from RADIUS messages.
Examples
The following example shows how to specify RADIUS attribute User-Name for the CSG user group G1:
ip csg user-group G1entries idle 3600entries max 100000database 10.1.2.3 11111quota local-port 6666quota server 10.1.4.5 888 1quota server 10.1.6.7 999 2radius acct-port 7777radius key SECRET_PASSWORDradius parse strictradius server 10.13.14.15radius userid User-Nameredirect nat 10.33.33.3Related Commands
Command DescriptionConfigures the RADIUS listening port when it is not the established RADIUS default of 1813.
Specifies the CSG to be the RADIUS endpoint for account records.
records batch
To batch billing records into a single message before sending them to the Billing Mediation Agent (BMA), use the records batch command in CSG accounting configuration mode. To send billing records to the BMA as soon as they are created, use the no form of this command.
records batch
no records batch
Syntax Description
This command has no arguments or keywords.
Defaults
The default is records batch, which batches billing records into a single message.
Command Modes
CSG accounting configuration
Command History
Usage Guidelines
The records batch command batches billing records into a single message. The message is sent when it is full, or when a short time has elapsed. Batching records reduces network overhead and improves the CSG performance.
Examples
The following example batches billing records for the CSG accounting service A1:
ip csg accounting A1user-group G1agent activate 2agent local-port 3775agent 10.1.2.4 11112 10agent 10.1.2.5 11113 20keepalive 3records batchrecords http-statisticsrecords intermediate bytes 100000 time 3600records max 250inserviceRelated Commands
Command DescriptionConfigures content-based client accounting as a service, and enters CSG accounting configuration mode.
records format
To specify variable, fixed, or variable-single call detail record (CDR) format, use the records format command in CSG accounting configuration mode. To use the default setting, use the no form of this command.
records format [fixed | variable | variable-single-cdr]
no records format
Syntax Description
fixed
Specifies fixed CDR format.
variable
Specifies variable CDR format.
variable-single-cdr
Specifies variable-single CDR format.
Defaults
The default setting is variable.
Command Modes
CSG accounting configuration
Command History
Release Modification3.1(3)C5(1)—12.2(17d)SXB
This command was introduced.
3.1(3)C5(5)—12.2(17d)SXD
The variable-single-cdr keyword was added.
Usage Guidelines
Fixed record format generates CDRs that always contain the same set of Tag-Length-Values (TLVs). Some might have a length of zero. This format is primarily used for integration with legacy billing systems.
Examples
The following example specifies fixed record format:
ip csg accountingrecords format fixedRelated Commands
records granularity
To specify the granularity at which billing call detail records (CDRs) are to be generated, use the records granularity command in CSG service configuration mode. To restore the default granularity, use the no form of this command.
records granularity {transaction | service {bytes bytes | time seconds | bytes bytes time seconds}}
no records granularity
Syntax Description
Defaults
If you do not specify the records granularity command, CDRs are generated for each transaction.
If you specify records granularity service, you must also specify the bytes keyword, the time keyword, or both:
•If you specify both the bytes keyword and the time keyword, a billing record is sent when either limit is reached. Then both limits are reset.
•If you specify only the bytes keyword and not the time keyword, the maximum time between billing records for a session is set to 0 seconds, indicating no time limit.
•If you specify only the time keyword and not the bytes keyword, the number of bytes of data that triggers the sending of a billing record is set to 0 bytes, indicating no maximum.
Command Modes
CSG service configuration
Command History
Usage Guidelines
You can use this command to reduce the number of records for services for which transaction-level billing is not required. For example, if a user is accessing the Internet, and the data is to be billed solely on the basis of volume, then generating records for each HTTP transaction is of little use. With service-level CDR summarization enabled, the CSG generates only consolidated records that contain service-level usage.
To enable service-level CDR summarization in postpaid mode, you must specify that the associated billing plan is postpaid by using the mode postpaid command in CSG billing configuration mode.
Service-level CDRs are generated only for subscribers with entries in the CSG User Table entry. If a subscriber does not have an entry in the User Table, the CSG generates transaction-level CDRs.
Examples
The following example shows how to specify a service granularity in both IP bytes and seconds:
ip csg service A1records granularity service byte 10000 time 120Related Commands
Command DescriptionConfigures a content billing service, and enters CSG service configuration mode.
records http-statistics
To send the HTTP Statistics data record to the Billing Mediation Agent (BMA), use the records http-statistics command in CSG accounting configuration mode. To send the HTTP Statistics data record to the BMA only when a session fails (for example, if a Reset [RST] without Finish [FIN] is received, or if the session times out), use the no form of this command.
records http-statistics
no records http-statistics
Syntax Description
This command has no arguments or keywords.
Defaults
The default is records http-statistics, which causes the HTTP Statistics data record to be sent to the BMA whenever the session terminates.
Command Modes
CSG accounting configuration
Command History
Examples
The following example sends the HTTP Statistics data record to the BMA for the CSG accounting service A1:
ip csg accounting A1user-group G1agent activate 2agent local-port 3775agent 10.1.2.4 11112 10agent 10.1.2.5 11113 20keepalive 3records batchrecords http-statisticsrecords intermediate bytes 100000 time 3600records max 250inservicerecords intermediate
To enable the generation of intermediate billing records, use the records intermediate command in CSG accounting configuration mode. To disable the generation of intermediate billing records, use the no form of this command.
records intermediate {bytes bytes | time seconds | bytes bytes time seconds}
no records intermediate {bytes bytes | time seconds | bytes bytes time seconds}
Syntax Description
Defaults
If you do not specify the records intermediate command, intermediate billing records are not generated.
If you specify the bytes keyword but not the time keyword, the maximum time between billing records for a session is set to 0 seconds, indicating no time limit.
If you specify the time keyword but not the bytes keyword, the number of bytes of data that triggers the sending of an intermediate billing record is set to 0 bytes, indicating no maximum.
If you specify both the bytes keyword and the time keyword, a billing record is sent when either limit is reached. Then both limits are reset.
Command Modes
CSG accounting configuration
Command History
Release Modification3.1(1)C3(1)—12.2(14)ZA
This command was introduced.
3.1(1)C5(5)—12.2(18)SXD
This command was introduced.
Examples
The following example shows how to enable intermediate billing records for the CSG accounting plan A1. In this example, intermediate records are generated after 100,000 IP bytes of data are sent and received, or after 3600 seconds (1 hour) elapse, whichever occurs first:
ip csg accounting A1user-group G1agent activate 2agent local-port 3775agent 10.1.2.4 11112 10agent 10.1.2.5 11113 20keepalive 3records batchrecords http-statisticsrecords intermediate bytes 100000 time 3600records max 250inserviceRelated Commands
Command DescriptionConfigures content-based client accounting as a service, and enters CSG accounting configuration mode.
records max
To define the maximum number of billing records that can be stored or queued in the CSG, use the records max command in CSG accounting configuration mode. To revert to the default setting, use the no form of this command.
records max number
no records max number
Syntax Description
Defaults
The default value is 10,000 records.
Command Modes
CSG accounting configuration
Command History
Usage Guidelines
This command sets:
•The maximum number of BMA records among all BMAs
•The maximum number of quota server records among all quota servers
•The maximum number of Cisco Persistent Storage Device (PSD) records in the PSD
For example, if you set the records max command to 5000, the CSG can store or queue:
•Up to 5,000 total BMA records, shared among all BMAs
•Up to 5,000 total quota server records, shared among all quota servers
•Up to 5,000 total PSD records
If the value configured on the records max command is very high, the CSG might crash or be unable to communicate with IOS when its memory is exhausted. The following message might appear on the syslog:
%ICC-4-HEARTBEAT: Card 9 failed to respond to heartbeat
If you see this message, you need to reduce the maximum number of billing records that the CSG is allowed to buffer in memory. To do so, set records max to a smaller value, such as 10000 (the default setting).
Examples
The following example shows how to specify that a maximum of 250 billing records can be can be queued in the CSG, for the CSG accounting service A1:
ip csg accounting A1user-group G1agent activate 2agent local-port 3775agent 10.1.2.4 11112 10agent 10.1.2.5 11113 20keepalive 3records batchrecords http-statisticsrecords intermediate bytes 100000 time 3600records max 250inserviceRelated Commands
record-storage
To define a Cisco Persistent Storage Device (PSD) to associate with this accounting group, use the record-storage command in CSG accounting configuration mode. To disable the record store, use the no form of the command.
record-storage ip-address [port]
no record-storage ip-address [port]
Syntax Description
Defaults
None
Command Modes
CSG accounting configuration
Command History
Usage Guidelines
The record-storage command sets the destination address for packets that are going to the storage device (PSD/CDRB). The PSD/CDRB listens only on port 3386. Therefore, when the record-storage command omits the port parameter, the CSG defaults to port 3386. If a storage device is listening on another port, you must specify that port in the record-storage local-port command.
Note Unless you are using a record-storage server other than the PSD, you need not specify the port parameter. Additionally, you must use the record-storage local-port command to specify the local port before you use the record-storage command to specify the IP address and port of the record-storage server.
Examples
The following example shows how to use the record-storage command to define a record storage destination address of 172.18.12.226:
ip csg accounting Drecord-storage local-port 5002record-storage 172.18.12.226Related Commands
Command DescriptionDefines the source port that the CSG will use for communicating with record storage.
record-storage local-port
To define the source port that the CSG will use for communicating with record storage, use the record-storage local-port command in CSG accounting configuration mode. To remove the source port for record storage, use the no form of the command.
record-storage local-port port
no record-storage local-port port
Syntax Description
Defaults
None
Command Modes
CSG accounting configuration
Command History
Usage Guidelines
The local port is the source port from which the CSG sends packets to the record-storage server; the local port is also the port on which the CSG listens for responses.
Note The record-storage local port must not conflict with either the quota server or the agent local port.
Examples
The following example shows how to define a record store local port of 5002:
ip csg accounting Drecord-storage local-port 5002record-storage 172.18.12.226Related Commands
redirect
To redirect client flows to an alternate IP address when the client's quota is exhausted, use the redirect command in CSG user group configuration mode. To remove the redirect, use the no form of this command.
redirect [nat ip-address [port-number]] [wap url] [http url]
no redirect [nat ip-address [port-number]] [wap url] [http url]
Syntax Description
Defaults
No redirect IP address is defined.
If you do not specify a port number, the port number in the user packet is not changed.
Command Modes
CSG user group configuration
Command History
Release Modification3.1(1)C3(1)—12.2(14)ZA
This command was introduced.
3.1(3)C4(1)—12.2(14)ZA2
The wap variable was added.
3.1(3)C5(1)—12.2(17d)SXB
The http variable was added.
Examples
The following example redirects NAT client flows for the CSG user group G1; the flows are redirected to IP address 10.33.33.3:
ip csg user-group G1entries idle 3600entries max 100000database 10.1.2.3 11111quota local-port 6666redirect wap http://172.18.12.219:80/redirect/topoff.wml/quota server 10.1.4.5 888 1quota server 10.1.6.7 999 2radius acct-port 7777radius key SECRET_PASSWORDradius parse strictradius server 10.13.14.15radius userid User-Nameredirect nat 10.33.33.3redirect http http://172.18.12.219:80/redirect/topoff.html/refund-policy
To enable and specify the refunding policy for a CSG prepaid service, use the refund-policy command in CSG service configuration mode. To disable the refunding policy, use the no form of this command.
refund-policy policy-name
no refund-policy policy-name
Syntax Description
Defaults
Refunding is not enabled.
Command Modes
CSG service configuration
Command History
Usage Guidelines
If refund is enabled for a CSG prepaid service, you cannot download more than 0x6FFFFFFF bytes of data in a given transaction.
Examples
The following example enables refund policy COMPANY-REFUND:
ip csg service BILLBYVOLUMEbasis byte tcprefund-policy COMPANY-REFUNDcontent BILLBYVOLUME policy BILLBYVOLUMERelated Commands
Command DescriptionConfigures a content billing service, and enters CSG service configuration mode.
replicate connection tcp
To replicate the connection state for all TCP connections to the CSG content servers on the standby system, use the replicate connection tcp command in CSG content configuration mode. To disable connection redundancy, use the no form of this command.
replicate connection tcp
no replicate connection tcp
Syntax Description
This command has no arguments or keywords.
Defaults
Connection redundancy is not enabled.
Command Modes
CSG content configuration
Command History
Usage Guidelines
This command is required for stateful failover for replicated TCP connections.
For replication to occur, you must enable Cisco IOS Server Load Balancing (SLB) fault tolerance with the ft group command.
With the replicate connection tcp command configured, when a connection is established or terminated, the active CSG sends a dummy synchronization sequence number (SYN) or Reset (RST), respectively, to the fault-tolerant VLAN. This is normal operation. The extra packets are not billed and the destination MAC address is unknown, so the packets do not reach the server. The destination MAC address for the dummy SYN or RST frame is structured as follows:
0x03:xx:yy:00:zz:zz
where:
•0x03:xx:yy is the Cisco Organizational Unique Identifier (OUI).
•zz is the VLAN of the SYN that initiated the connection.
Examples
The following example shows how to enable TCP replication for the CSG content MOVIES_COMEDY:
ip csg content MOVIES_COMEDYclient 10.4.4.0 255.255.255.0idle 120ip 172.18.45.0/24 tcp 8080policy POLICY1pending 300replicate connection tcpvlan MOVIES_COMEDYinserviceRelated Commands
report http header
To define the inclusion of multiple HTTP request headers in the CSG HTTP_Header call detail record (CDR), use the report http header command in CSG accounting configuration mode. To disable this configuration, use the no form of this command.
report http header header-name
no report http header header-name
Syntax Description
header-name
Name of the request header that you want to include in the CSG HTTP_Header CDR. You can specify any number of headers. Header names cannot exceed 224 characters.
Defaults
The default is to copy only the "host," "user-agent," and "from" HTTP headers into the CDRs. Any number of headers (up to 256) can be configured.
Command Modes
CSG accounting configuration
Command History
Examples
The following example shows how to enable reporting HTTP header information:
ip csg accounting namereport http header x-subnoreport http header x-al-session-id
report radius attribute
To specify the RADIUS attributes to be copied from the RADIUS Start message into call detail records (CDRs), use the report radius attribute command in CSG accounting configuration mode. To disable this feature, use the no form of this command.
report radius attribute {radius-attribute-number | {26 | vsa} {vendor-id | 3gpp} radius-subattribute-number}
no report radius attribute {radius-attribute-number | {26 | vsa} {vendor-id | 3gpp} radius-subattribute-number}
Syntax Description
Defaults
No RADIUS attributes are reported.
Command Modes
CSG accounting configuration
Command History
Usage Guidelines
You can specify as many attributes as you want.
If an attribute is not present in the RADIUS message, it is not present in the CDRs, unless records format fixed is configured. If the list of configured attributes changes, only new RADIUS messages are affected by the new attributes. Attributes that are already saved will continue to be included in the PoD message.
When a RADIUS Start request is received, any attributes that were received from a previous Start request are deleted.
If there are multiple instances of an attribute, they are all reported.
Attributes are reported in the order in which they are presented in the RADIUS message.
Examples
The following example shows how to enable the report radius attribute command:
ip csg accounting A1report radius attribute 3report radius attribute 5report radius attribute 7report radius attribute 44Related Commands
report usage
To enable supplemental usage reporting, use the report usage command in CSG accounting configuration mode. To disable supplemental usage reporting, use the no form of this command.
report usage {bytes ip | seconds}
no report usage {bytes ip | seconds}
Syntax Description
Defaults
None
Command Modes
CSG accounting configuration
Command History
Usage Guidelines
Interval report Tag-Length-Values (TLVs) are generated for Service Reauthorization Request, Service Stop, and Quota Return messages. Reports contain statistics since the last report.
If you want to report both IP bytes and usage in seconds, you can specify both report usage bytes ip and report usage seconds.
Examples
The following example shows how to enable supplemental usage reporting for both IP bytes and seconds:
ip csg accounting NAMEreport usage bytes ipreport usage secondsretcode
To specify the range of application return codes for which the CSG refunds quota for Prepaid Error Reimbursement, use the retcode command in CSG refund configuration mode. Use the no form of this command to disable this feature.
retcode {ftp | http | imap | pop3 | smtp | wap} rc-start [rc-end]
no retcode {ftp | http | imap | pop3 | smtp | wap} rc-start [rc-end]
Syntax Description
Defaults
None
Command Modes
CSG refund configuration
Command History
Release Modification3.1(3)C5(1)—12.2(17d)SXB
This command was introduced.
3.1(1)C6(2)—12.2(18)SXE
The imap keyword was added.
Usage Guidelines
The CSG supports return code-based refunding for all protocols except RTSP.
For IMAP, keep in mind the following considerations:
•Only return code 554 is used. Return code 554 is used when a transaction ending in an IMAP tagged response was not flagged OK.
•The CSG does not support refunding for IMAP. If configured, refunding for IMAP has no effect.
Examples
The following example shows how to use the retcode command to specify ranges of application return codes:
ip csg refund COMPANY-REFUNDretcode http 500 509retcode wap 0x44 0x50retcode ftp 454Related Commands
route (module CSG VLAN)
To configure networks that are not Layer 2-adjacent to the CSG, use the route command in module CSG VLAN configuration mode. To remove the subnet or gateway IP address from the configuration, use the no form of this command.
route ip-address netmask gateway gw-ip-address
no route ip-address netmask gateway gw-ip-address
Syntax Description
ip-address
Subnet IP address.
netmask
Network mask.
gateway
Specifies that the gateway is configured.
gw-ip-address
Gateway IP address.
Defaults
None
Command Modes
Module CSG VLAN configuration
Command History
Usage Guidelines
Specify the Layer 3 network subnet address and the gateway IP address to reach the next-hop router. The gateway address must be in the same network as specified in the ip address VLAN command.
You can specify up to 4095 route commands for each VLAN.
If you are adding a new route to an existing gateway, the new route might not take effect until you remove the gateway and reconfigure it to clear the gateway cached entries.
To support RADIUS endpoint, the CSG requires a route to 255.255.255.255. You can configure the route by using the gateway (module CSG VLAN) command or the route (module CSG VLAN) command. For example:
gateway 31.0.0.6
or:
route 255.255.255.255 255.255.255.255 gateway 31.0.0.6
Note If you already have a gateway configured, you do not need to configure an additional gateway for the RADIUS endpoint.
Examples
The following example shows how to configure a network to the CSG:
vlan 301 clientname TO-GGSN-MS-APNgateway 31.0.0.10ip address 31.0.0.21 255.255.255.0route 11.0.0.0 255.255.0.0 gateway 31.0.0.1route 11.1.0.0 255.255.0.0 gateway 31.0.0.2route 11.2.0.0 255.255.0.0 gateway 31.0.0.3route 11.3.0.0 255.255.0.0 gateway 31.0.0.4alias 31.0.0.51 255.255.255.0Related Commands
ruleset
To download all content configured by a ruleset to a CSG card, use the ruleset command in module CSG configuration mode. To delete the downloaded content, use the no form of this command.
ruleset ruleset-name
no ruleset ruleset-name
Syntax Description
Defaults
None
Command Modes
Module CSG configuration
Command History
Usage Guidelines
Configuration commands are sent to the CSG card to provision each content that is referenced in the ruleset.
Examples
The following example shows how to download the CSG ruleset R1 to the CSG card in slot 4:
module csg 4accounting A1ft group 123 vlan 5ruleset R1vlan 30 clientvlan 32 clientvlan 40 serverRelated Commands
service
To associate a service with a CSG billing plan, use the service command in CSG billing configuration mode. To remove the association, use the no form of this command.
service service-name
no service service-name
Syntax Description
Defaults
None
Command Modes
CSG billing configuration
Command History
Usage Guidelines
To associate more than one service with the same billing plan, use multiple service commands.
Examples
The following example shows how to associate services MOVIES and BROWSING with billing plan REGULAR:
ip csg billing REGULARentries idle 3600mode postpaidservice MOVIESservice BROWSINGRelated Commands
show
To display information about the CSG, use the show command on the CSG console.
show [buffer | cpu | csg | encap ip-address netmask | processes [detail] | version]
Syntax Description
Defaults
None
Command Modes
CSG console
Command History
Release Modification2.2(1)C(1)
This command was introduced.
3.1(3)C7(1)
The encap keyword and the ip-address and netmask arguments were added.
Usage Guidelines
You cannot use the encap keyword to display encapsulation information for locally defined interfaces. If you enter this command for a locally defined interface, the CSG displays an error message, as shown in the following example:
CSG> show encap 10.10.28.88 255.255.255.255Attempted to get info on RESERVED encap.10.10.28.88 /32 encap not found!Examples
The following example displays encapsulation information for IP address 172.18.45.1:
CSG> show encap 172.18.45.1 255.255.255.255
172.18.45.1 /32 00-d0-00-33-a8-0aRelated Commands
Command DescriptionCopies the CSG coredump.
Determines whether the CSG can reach a remote host.
Upgrades the CSG by loading a CSG image from the Supervisor Engine.
show ip csg accounting
To monitor and display configuration, operation, and statistical information for the CSG billing feature, use the show ip csg accounting command in privileged EXEC mode.
show ip csg accounting {agent | database | error | quota-server | radius | users {all | statistics | ip-address [ip-mask] | userid userid}} [detail] [module num] [psd module slot]
Syntax Description
Defaults
None
Command Modes
Privileged EXEC
Command History
Usage Guidelines
BMA statistics are kept for each BMA, in addition to an aggregate count for all BMAs.
Note Invoking the show ip csg accounting users all command might flood your screen with output.
Examples
The following example shows how to display information about the quota server:
Router# show ip csg accounting quota-server---------------------- CSG in slot 4 ----------------------charging gateway priority state----------------------------------------10.10.99.1:6923 2 NAWAITThe following example displays the RADIUS attributes that are sent to the BMA and the quota server, including a short description of the fields.
Note A good understanding of RADIUS protocol is needed to understand these RADIUS values.
The length of the RADIUS vendor-specific attribute (VSA) is not included in the output; this command shows the value field. In the case of VSA (26), the first four octets are the Vendor ID code.
Router# show ip csg accounting users all detail
---------------------- CSG in slot 4 ----------------------192.168.215.15 31608920094bma = 192.168.200.22:3338qs = 192.168.221.97:3338, nas = 192.168.210.170, flags = 0x01, sessions = 0billing = PREPAID, plan = PLAN1004:c0a8d2aa - NAS IP Address (192.168.210.170)030:41504e31 - Called Station ID (APN1)007:00000007 - Framed Protocol (GPRS PDP Context)008:c0a8d70f - Framed IP Address (192.168.215.15)026:000028af0111313038303133303038393230303934 (3GPP VSA 10415, IMSI 108013008920094)031:3331363038393230303934 - Calling Station ID (31608920094)show module csg accounting
To monitor and display configuration, operation, and statistical information for the CSG billing feature, use the show module csg accounting command in privileged EXEC mode.
show module csg slot accounting {agent | database | error | quota-server | radius | users {all | statistics | ip-address [ip-mask] | userid userid}} [detail]
Syntax Description
Defaults
None
Command Modes
Privileged EXEC
Command History
Usage Guidelines
BMA statistics are kept for each BMA, in addition to an aggregate count for all BMAs.
Note Invoking the show module csg accounting users all command might flood your screen with output.
Examples
The following example shows how to display detailed information about all accounting users on CSG 3:
Router# show module csg 3 accounting users all detail10.10.10.2 USER_1table name = Nonebma = 0.0.0.0:0, qs = 10.10.20.2:5000nexthop dl ip = 0.0.0.0, nas = 10.10.10.10, flags = 0x00000011, sessions = 0billing = PREPAID, plan = BILLBYTES, handoff timer OFFservice = SERVICEBYTES, basis = IP bytes, verify = Disabledbalance = 96607, consumed = 3393reserved = 0, pending = 0, trigger = 32768current time = TUE MAR 22 18:22:00 2005quota expiry = TUE MAR 22 18:25:57 2005idle expiry = TUE MAR 22 18:26:57 2005earliest reauth = TUE MAR 22 18:22:00 2005service id = 0x4240624800000000, transactions = 0, flags = 0x0020interval bytes up = 125interval bytes down = 3268interval seconds = 1interval first billable = TUE MAR 22 18:21:57 2005interval last billable = TUE MAR 22 18:21:57 2005Report attributes:008:0a0a0a02040:00000001044:303031004:0a0a0a0a001:555345525f31Table B-3 describes the fields shown in the display.
The following example shows how to display performance statistics for accounting users on CSG 4:
c6k-csg# show module csg 4 accounting users statisticsModule Max Entries Highwater Current Overflow------ ----------- --------- -------- --------4 250000 215282 212452 5778149Table B-4 describes the fields shown in the display.
show module csg arp
To display the CSG Address Resolution Protocol (ARP) cache, use the show module csg slot arp command in privileged EXEC mode.
show module csg slot arp
Syntax Description
Defaults
None
Command Modes
Privileged EXEC
Command History
Examples
The following example shows how to display the CSG ARP cache:
Router# show module csg 4 arp
Internet Address Physical Interface VLAN Type Status--------------------------------------------------------------------10.10.99.244 00-01-64-F9-1A-45 99 LEARNED up(0 misses)10.10.99.250 00-02-7E-39-2B-13 99 LEARNED up(0 misses)20.20.20.10 00-90-BF-99-B8-1C 820 LEARNED up(0 misses)20.20.20.103 00-02-7E-39-25-98 820 --SLB-- local20.20.30.103 00-02-7E-39-25-98 830 --SLB-- local20.20.20.240 00-00-00-00-00-00 820 ROUTER down(4 misses)20.20.30.250 00-00-00-00-00-00 830 ROUTER down(4 misses)10.10.99.1 08-00-20-B6-3E-7B 99 LEARNED up(0 misses)10.10.99.3 08-00-20-B6-27-7E 99 LEARNED up(0 misses)10.10.99.40 00-07-EC-CC-54-8A 99 LEARNED up(0 misses)10.10.99.41 00-02-7E-39-2B-14 99 LEARNED up(0 misses)10.10.99.52 00-02-FC-BD-70-0A 99 LEARNED up(0 misses)10.10.99.55 00-E0-34-B7-20-65 99 LEARNED up(0 misses)10.10.99.62 00-09-43-51-26-0A 99 LEARNED up(0 misses)10.10.99.67 00-02-FC-E0-80-4A 99 LEARNED up(0 misses)10.10.99.103 00-02-7E-39-25-98 99 --SLB-- localshow module csg billing
To display statistics and counters for CSG billing, use the show module csg slot billing command in privileged EXEC mode.
show module csg slot billing {all | plan billing-plan-name}
Syntax Description
slot
Slot in which the CSG resides.
all
Displays statistics for all CSG billing plans.
plan billing-plan-name
Displays statistics for only the specified CSG billing plan.
Defaults
None
Command Modes
Privileged EXEC
Command History
Examples
The following example shows how to display the statistics and counters for all CSG billing plans:
Router# show module csg 3 billing allCSG billing plan PLAN_Aservice = OFF_NET, basis = seconds (svc), idle = 300initial = 0, increment = 0, minimum= 60, exclude-svc-idle = 0rule = (TELNET, VANILLA), weight = 1rule = (BROWSE, ANYHTTP), weight = 1Related Commands
show module csg clock
To display time information for the CSG, use the show module csg slot clock command in privileged EXEC mode.
show module csg slot clock
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
Privileged EXEC
Command History
Usage Guidelines
The CSG reports all times in Coordinated Universal Time (UTC), regardless of the setting of the clock timezone or clock summer-time command.
Examples
The following example shows how to display time information for the CSG:
Router# show module csg 1 clockseconds = 1123757186, base = 1122382560, uptime = 1374626adjusted time = THU AUG 11 10:46:45 2005 UTClast sync time = THU AUG 11 10:46:11 2005 UTCTable B-5 describes the fields shown in the display.
show module csg conns
To display active CSG connections, use the show module csg slot conns command in privileged EXEC mode.
show module csg slot conns [vserver virtserver-name] [client ip-address] [detail]
Syntax Description
Defaults
If no options are specified, the command displays output for all active connections.
Command Modes
Privileged EXEC
Command History
Usage Guidelines
Entering this command might result in a sudden increase in CSG CPU utilization (that is, the percent of the CSG CPU that is in use).
Examples
The following example shows how to display active connection data:
Router# show module csg 4 conns
prot vlan source destination state----------------------------------------------------------------------In TCP 11 100.100.100.2:1754 10.10.3.100:80 ESTABOut TCP 12 100.100.100.2:1754 10.10.3.20:80 ESTABIn TCP 11 100.100.100.2:1755 10.10.3.100:80 ESTABOut TCP 12 100.100.100.2:1755 10.10.3.10:80 ESTABRouter# show module csg 4 conns detail
prot vlan source destination state----------------------------------------------------------------------In TCP 11 100.100.100.2:1754 10.10.3.100:80 ESTABOut TCP 12 100.100.100.2:1754 10.10.3.20:80 ESTABvs = WEB_VIP, ftp = No, csrp = FalseIn TCP 11 100.100.100.2:1755 10.10.3.100:80 ESTABOut TCP 12 100.100.100.2:1755 10.10.3.10:80 ESTABvs = WEB_VIP, ftp = No, csrp = Falseshow module csg content
To display statistics and counters for the CSG content, use the show module csg slot content command in privileged EXEC mode.
show module csg slot content [name content-name] [detail]
Syntax Description
slot
Slot in which the CSG resides.
name content-name
(Optional) Name of a configured content.
detail
(Optional) Displays more detailed information.
Defaults
None
Command Modes
Privileged EXEC
Command History
Examples
The following example shows how to display the statistics and counters for the CSG content:
Router# show module csg 4 content
content prot destination vlan state conns---------------------------------------------------------------------HTTP TCP 20.20.0.0/16:80 ALL OPERATIONAL 0OTHER any 20.20.0.0/16 ALL OPERATIONAL 0Table B-6 describes the fields shown in the display.
The following example shows how to display detailed statistics and counters for the CSG HTTP content named HTTP-MS:
Router# show module csg 4 content name HTTP-MS detail
HTTP-MS, state = OPERATIONAL, index = 10destination = 0.0.0.0/0:80, TCPidle = 10, replicate = connection, vlan = ALL, pending = 30max parse len = 4000, persist rebalance = TRUEconns = 0, total conns = 7policy total conn client pkts server pkts-----------------------------------------------------HTTP-MS-AHTML 1 0 0HTTP-MS-BJPG 2 0 0HTTP-FREE 0 0 0HTTP-DOUBLE 0 0 0HTTP-MS 28 0 0(default) 0 0 0
Note For HTTP accounting, the "client pkts" and "server pkts" columns always display zeros.
Related Commands
show module csg ft
To display statistics and counters for the CSG fault-tolerant pair, use the show module csg slot ft command in privileged EXEC mode.
show module csg slot ft [detail]
Syntax Description
Defaults
None
Command Modes
Privileged EXEC
Command History
Examples
The following example shows how to display the statistics and counters for the CSG fault-tolerant pair:
Router# show module csg 4 ft
FT group 2, vlan 30This box is activepriority 10, heartbeat 1, failover 3, preemption is offRelated Commands
show module csg stats
To display statistics, use the show module csg slot stats command in privileged EXEC mode.
show module csg slot stats
Syntax Description
Defaults
None
Command Modes
Privileged EXEC
Command History
Examples
The following example shows how to display the CSG statistics:
Router# show module csg 4 stats
Connections Created: 0Connections Destroyed: 0Connections Current: 0Connections Timed-Out: 0Connections Failed: 0Server initiated Connections:Created: 25, Current: 0, Failed: 24L4 Load-Balanced Decisions: 0L4 Rejected Connections: 25L7 Load-Balanced Decisions: 0L7 Rejected Connections:Total: 0, Parser: 0,Reached max parse len: 0, Cookie out of mem: 0,Cfg version mismatch: 0, Bad SSL2 format: 0L4/L7 Rejected Connections:No policy: 0, No policy match 0,No real: 0, ACL denied 0,Server initiated: 25Checksum Failures: IP: 0, TCP: 0Redirect Connections: 0, Redirect Dropped: 0FTP Connections: 0MAC Frames:Tx: Unicast: 15103, Multicast: 4, Broadcast: 25808,Underflow Errors: 0Rx: Unicast: 7618, Multicast: 2548994, Broadcast: 44518,Overflow Errors: 0, CRC Errors: 0show module csg status
To display the status of the CSG and, if it is online, its chassis slot location and the status of the configuration download, use the show module csg slot status command in privileged EXEC mode.
show module csg slot status
Syntax Description
Defaults
None
Command Modes
Privileged EXEC
Command History
Examples
The following example shows how to display the CSG status:
Router# show module csg 4 statusSLB Module is online in slot 4.Configuration Download state: COMPLETE, SUCCESSshow module csg tech-support
To display technical support information for the CSG, use the show module csg slot tech-support command in privileged EXEC mode.
show module csg slot tech-support [all | core-dump | csg | fpga | ft | processor number | slowpath | utilization]
Syntax Description
Defaults
If no options are specified, the command displays all information.
Command Modes
Privileged EXEC
Command History
Examples
The following example shows how to display utilization statistics for the CSG:
Router# show module csg 4 tech-support utilizationResource Utilization:MemoryAvailable Memory 61% 153MAllocated Memory 31% 79MOS Static Memory 8% 22MLowest Memory Available 153M THU MAR 23 21:53:31 2006You can also use this command to display the CSG CPU Utilization number (that is, the percent of the CSG CPU that is currently in use), which presents a good overall picture of CSG capacity. To do so, first enable debugging output for the CPU, using the debug ip csg cpu command in privileged EXEC mode, then enter the show module csg slot tech-support utilization command. To calculate the remaining CSG CPU capacity, subtract the CSG CPU Utilization from 100%. So, if the CSG CPU Utilization is 32%, the CSG has 68% CPU capacity remaining.
Note You must re-enter the debug command after every reload because it is not saved in the startup configuration.
Router# debug ip csg cpuCSG CPU Utilization debugging is onRouter# show module csg 3 tech-support utilizationResource Utilization:MemoryAvailable Memory 61% 153MAllocated Memory 31% 79MOS Static Memory 8% 22MLowest Memory Available 153M THU MAR 23 21:53:31 2006CSG CPU Utilization: 1m (55.0%), 5m (32.0%)The following example shows how to display buffer pool statistics for the CSG:
Router# show module csg 4 tech-support csgCSG KUT Stats:max = 25000, current = 0, highwater = 0, LRU-steals = 0requests = 0, responses = 0, resends = 0, timeouts = 0CSG Radius Stats:starts = 0, stops = 0, other = 0client messages received = 0, client messages sent = 0max proxy clients exceeded = 0CSG LogGen Stats:session: dups= 0, create err= 0, seq err= 0 (persist 0)no session= 0, bad ixp msg= 0alloc fail= 0, alloc interm fail= 0billing records= 0, no reserve= 0msg rcv err= 0, msg send err= 0csg_billing_url_rcv= 0, csg_billing_stat_rcv= 0csg_billing_ft_notify_rcv= 0, csg_billing_retcode_rcv= 0null buffer addr= 0, invalid vsid= 0dup url= 0, wap_url_no_sess= 0, wap_url_no_app= 0wap url req= 0, wap url resp= 0, wap url frag resp= 0nokut duplicate= 0 negative avail= 0 sess delete err= 0up-range= 0, down-range= 0gtp-rej-error= 0, exceed_sess_max= 0CSG record storage stats:Writes: = 0, Write Errors: = 0Reads: = 0, Read Errors: = 0Reads Pending: = 0, Alloc Errors: = 0CSG QM Stats:Errors: Alloc Error = 0, Too Many Requests = 0Badly formatted message = 0, No Active QS: 0GTP Application: CSG Billing Agent, Local Port: 3386, TID: b3025f0alloc failures = 0, no standby on CG failure = 0packets sent = 0, received = 3, failed acks = 0packets dropped = 0, rejected = 0, retransmissions = 0packets outstanding: current = 0, highwater = 1bad records = 0, unknown CG = 0, CG failures = 0Charging Gateways: defined = 1, max active = 110.10.99.1:2369 2 ACTIVEGTP Application: CSG Quota Manager, Local Port: 0, TID: 0alloc failures = 0, no standby on CG failure = 0packets sent = 0, received = 0, failed acks = 0packets dropped = 0, rejected = 0, retransmissions = 0packets outstanding: current = 0, highwater = 0bad records = 0, unknown CG = 0, CG failures = 0Charging Gateways: defined = 0, max active = 1GTP Application: CSG record storage, Local Port: 0, TID: 0alloc failures = 0, no standby on CG failure = 0packets sent = 0, received = 0, failed acks = 0packets dropped = 0, rejected = 0, retransmissions = 0packets outstanding: current = 0, highwater = 0bad records = 0, unknown CG = 0, CG failures = 0Charging Gateways: defined = 0, max active = 1CSG HTTP Stats:packets= 0, requests= 0, parse failures= 0alloc failures= 0, redirects= 0CSG FTP Stats:vserver: add = 0/0, remove = 0/0, lookup errors = 0ftp details: alloc = 0/0, no details = 0session lookup errors = 0, dropped data conns = 0killed data conns = 0CSG WAP Stats:parses= 0, wap sessions= 0, mms sessions= 0connection oriented packets= 0, connectionless packets= 0curr trans= 0, total trans= 0, incomplete trans= 0billing reports= 0, dup packets= 0, redirects= 0disconnects= 0, unknown packets= 0, concat packets= 0parse err= 0, alloc fail= 0, drops= 0, refunds= 0forced aborts= 0 concat frags= 0 aoc reqs= 0CSG Mail Stats:SMTP messages = 0SMTP packets = 0MAIL retransmits = 0MAIL tcp gaps = 0MAIL ip frags = 0MAIL aoc bypass = 0MAIL alloc fails = 0POP3 messages = 0POP3 packets = 0IMAP header retrievals = 0IMAP body retrievals = 0IMAP packets = 0CSG RTSP Stats:Conns: add = 0, fail = 0, cleanups = 0Allocs: sessions = 0, ctl_conns = 0, streams = 0,secondary = 0Timeouts: sessions = 0, ctl_conns = 0, streams = 0Misc: reuse = 0, reuse term = 0, teardowns = 0,suspends = 0, patches = 0, interleaved = 0,http = 0, no_policy = 0Errors: alloc = 0, dups = 0, session = 0,patch = 0, rejects = 0CSG Fragment Stats:creates= 0, destroys= 0, timeouts= 0, invalids= 0leaders= 0, trailers= 0, drops= 0, unknown= 0alloc failures= 0pkt_drive_bill_drop stats:kut_prepaid_nokut = 0, kut_prepaid = 0session = 0, session_kill = 0brec_url_msg_1 = 0, brec_url_msg_2 = 0, brec_stat_prepaid = 0brec_stat_msg_1 = 0, brec_stat_msg_2 = 0, brec_wap_url_msg = 0pkt_drive_drain = 0, pkt_drive_redir = 0mail_1 = 0, mail_2 = 0, mail_3 = 0mail_session_close = 0frag_1 = 0, frag_2 = 0, frag_3 = 0, frag_4 = 0http_resolved = 0pkt_drive_bill_queue stats:bill_q_ndx_in =0, bill_q_ndx_out =0csg_q_elem_hiwater =0, csg_q_elem_count =0send_threshold =520, BILL_MAX_SEND_QUEUE =65536csg_relinquish =0, csg_relinquish_cnt =2pkt_drops_q_full =0CSG Clock Stats:seconds = 1130322752, base = 1130322529, uptime = 223adjusted time = WED OCT 26 10:32:32 2005 UTClast sync time = WED OCT 26 10:28:49 2005 UTCTimer Wheel Stats:ticks = 228, starts = 126, stops = 4, timeouts = 119, longest = 2Tracebacks:None recorded.Buffer pools:Pool Name total in-use free max largest flags------------------------------------------------------------------------------CSG BRec 5000 0 5000 200000 5000 DYNCSG NoKut 0 0 0 200000 0 DYNCSG IntermBackup 0 0 0 1000000 0 DYNCSG Intermediate 0 0 0 1000000 0 DYNCSG Session 0 0 0 1000000 0 DYNCSG GTP Signals 50 0 50 0 50 DYNCSG GTP Data 10000 1 9999 0 10000 DYNCSG KUT Elems 12500 0 12500 0 12500 DYNCSG IMAP Data 0 0 0 200000 0 DYNCSG MAIL aoc 0 0 0 5000 0 DYNCSG Mail Details 0 0 0 200000 0 DYNCSG WAP URLs 0 0 0 50000 0 DYNCSG WAP session 0 0 0 50000 0 DYNCSG WAP details 0 0 0 50000 0 DYNCSG RTSP Buff 0 0 0 1000 0 DYNCSG RTSP Fixed 0 0 0 100000 0 DYNCSG RTSP Str 0 0 0 200000 0 DYNCSG RTSP Ctl 0 0 0 100000 0 DYNCSG RTSP Sess 0 0 0 100000 0 DYNCSG FTP 0 0 0 50000 0 DYNCSG HTTP FIXED 0 0 0 100000 0 DYNCSG HTTP Details 0 0 0 1600000 0 DYNCSG HTTP REQ 1 0 1 1600000 1 DYNCSG HTTP Header 4 0 4 6400000 4 DYNCSG buffers 0 0 0 10240 0 DYNCSG Frag 0 0 0 16384 0 DYNCSG AOC TokenPkt 0 0 0 10000 0 DYNCSG AOC TokenReq 0 0 0 10000 0 DYNCSG HTTPRedirDet 0 0 0 0 0 DYNCSG HTTPRedirUrl 0 0 0 0 0 DYNCSG PT Grant 0 0 0 0 0 DYNCSG KUT RedirNAT 0 0 0 0 0 DYNCSG KUT RedirURL 0 0 0 0 0 DYNCSG IMAPSvcStats 0 0 0 0 0 DYNCSG KUT SvcStats 0 0 0 1000000 0 DYNCSG KUT Svc 8000 0 8000 1000000 8000 DYNCSG Svc Connect 0 0 0 1024 0 DYNCSG Svc Name 8 3 5 255 8 DYNCSG Svc Rule 16 4 12 1024 16 DYNCSG QM Request 0 0 0 10000 0 DYNCSG BPlan Name 8 5 3 128 8 DYNThe following example shows how to display processor statistics for the CSG:
Router# show module csg 4 tech-support processor 2------------------------------------------------------------------------------------- TCP Statistics -------------------------------------------------------------------------------------Aborted rx 3350436013 66840864New sessions rx 180 0Total Packets rx 16940 0Total Packets tx 0 0Packets Passthrough 697 0Packets Dropped 0 0Persistent OOO Packets Dropped 0 0Persistent Fastpath Tx 0 0Total Persistent Requests 0 0Persistent Same Real 0 0Persistent New Real 0 0Data Packets rx 877 0L4 Data Packets rx 877 0L7 Data Packets rx 0 0Slowpath Packets rx 7851 0Relinquish Requests rx 8031 0TCP xsum failures 0 0Session Mismatch 0 0Session Reused while valid 0 0Unexpected Opcode rx 0 0Unsupported Proto 0 0Session Queue Overflow 0 0Control->Term Queue Overflow 0 0t_fifo Overflow 0 0L7 Analysis Request Sent 0 0L7 Successful LB decisions 0 0L7 Need More Data decisions 0 0L7 Unsuccessful LB decisions 0 0L4 Analysis Request Sent 180 0L4 Successful LB decisions 180 0L4 Unsuccessful LB decisions 0 0Transmit:SYN 0 0SYN/ACK 0 0ACK 0 0RST/ACK 0 0data 0 0Retransmissions: 0 0Receive:SYN 180 0SYN/ACK 0 0ACK 340 0FIN 0 0FIN/ACK 340 0RST 17 0RST/ACK 0 0data 0 0Session Redundancy Standby:Rx Fake SYN 0 0Rx Repeat Fake SYN 0 0Rx Fake Reset 0 0Fake SYN Sent to NAT 0 0Tx Port Sync 0 0Encap Not Found 0 0Fake SYN, TCP State Invalid 0 0Session Redundancy Active:L4 Requests Sent 0 0L7 Requests Sent 0 0Persistent Requests Sent 0 0Rx Fake SYN 0 0Fake SYN Sent to NAT 0 0Sessions torn down 180 0Rx Close session 1 0Slowpath(low pri) buffer allocs 7843 0Slowpath(high pri) buffer allocs 8 0Small buffer allocs 180 0Medium buffer allocs 0 0Large buffer allocs 0 0Session table allocs 180 0Slowpath(low pri) buffer alloc failures 0 0Slowpath(high pri) buffer alloc failures 0 0Small buffer allocs failures 0 0Medium buffer allocs failures 0 0Large buffer allocs failures 0 0Session table allocs failures 0 0Outstanding slowpath(low pri) buffers 0 0Outstanding slowpath(high pri) buffers 0 0Outstanding small buffers 0 0Outstanding medium buffers 0 0Outstanding large buffers 0 0Outstanding sessions 0 0show module csg variable
To display the CSG environmental variables in the configuration, use the show module csg variable command in privileged EXEC mode.
show module csg slot variable [name name] [detail]
Syntax Description
slot
Slot in which the CSG resides.
name
(Optional) Displays the named variable information.
detail
(Optional) Displays the map configuration details.
Defaults
If no variable name is specified, the command displays information for all variables.
Command Modes
Privileged EXEC
Command History
Release Modification3.1(1)C4(1)—12.2(14)ZA
This command was introduced.
3.1(3)C5(5)—12.2(17d)SXD
Added support for several new variables.
Examples
The following example shows how to display the variable configurations:
Router# show module csg 3 variable detailName: CSG_BASIS_BYTE_LOW_QUOTA_MAX Rights: RWValue: 10000000Default: 10000000Valid values: Integer (0 to 10000000)Description:Maximum value for the available quota threshold that triggers reauthorization for basis byte.For a list of all valid variables, see the description of the variable (module csg) command.
Related Commands
show module csg vlan
To display the list of VLANs for a CSG, use the show module csg slot vlan command in privileged EXEC mode.
show module csg slot vlan [client | server | ft] [id vlan-id] [detail]
Syntax Description
Defaults
If no options are specified, the command displays information about all the VLANs.
Command Modes
Privileged EXEC
Command History
Examples
The following example shows how to display the VLAN configurations:
Router# show module csg 4 vlanvlan IP address IP mask type---------------------------------------------------11 10.10.4.2 255.255.255.0 CLIENT12 10.10.3.1 255.255.255.0 SERVER30 0.0.0.0 0.0.0.0 FTRouter# show module csg 4 vlan detailvlan IP address IP mask type---------------------------------------------------11 10.10.4.2 255.255.255.0 CLIENTGATEWAYS10.10.4.112 10.10.3.1 255.255.255.0 SERVER30 0.0.0.0 0.0.0.0 FTRelated Commands
snmp-server enable traps csg
To enable Simple Network Management Protocol (SNMP) notification types that are available on the CSG, use the snmp-server enable traps csg command in global configuration mode. To disable CSG notifications, use the no form of this command.
snmp-server enable traps csg {agent | database | quota-server}
no snmp-server enable traps csg {agent | database | quota-server}
Syntax Description
agent
Enable SNMP agent server traps.
database
Enable SNMP CSG database traps.
quota-server
Enable SNMP quota server traps.
Command Default
If you do not enter the snmp-server enable traps csg command, no CSG notifications controlled by this command are sent.
Command Modes
Global configuration
Command History
Examples
The following example enables CSG database traps:
snmp-server enable traps csg databasetable (module CSG VLAN)
To associate a table name with a VLAN, use the table command in module CSG VLAN configuration mode. To remove the table association for the VLAN, use the no form of this command.
table table-name
no table table-name
Syntax Description
table-name
1- to 15-character string identifying the table. The CSG stores the table name as all-uppercase ASCII characters.
Defaults
None
Command Modes
Module CSG VLAN configuration
Command History
Usage Guidelines
When a table name is associated with a VLAN, User Table entries for user traffic arriving on the VLAN are classified using the configured table name as part of the User Table entry search.
You can associate only one table name with each VLAN.
Examples
The following example associates the ACME_VLAN table with VLAN 254 on module 5:
module csg 5vlan 254 clienttable ACME_VLANRelated Commands
upgrade
To upgrade the CSG by loading a CSG image from the Supervisor Engine, use the upgrade command on the CSG console.
upgrade {slot0: | 127.0.0.yz} filename
Syntax Description
Defaults
None
Command Modes
CSG console
Command History
Examples
The following example loads CSG image c6csg-apc.31-3.c7.1 from the Supervisor Engine 32 in slot 1 to the CSG:
CSG> upgrade 127.0.0.12 c6csg-apc.31-3.c7.1Related Commands
Command DescriptionCopies the CSG coredump.
Determines whether the CSG can reach a remote host.
Displays information about the CSG.
url-map
To reference a URL map that is part of a CSG billing policy, use the url-map command in CSG policy configuration mode. To delete the reference, use the no form of this command.
url-map url-map-name
no url-map url-map-name
Syntax Description
Defaults
None
Command Modes
CSG policy configuration
Command History
Usage Guidelines
The conditions specified in the referenced URL map must be true in order for the flows to be processed by the CSG accounting services. If the conditions are not true, the flows are not processed.
For wireless application protocol (WAP) 1.x, URL maps take precedence over access lists.
For WAP 1.x and Real Time Streaming Protocol (RTSP), the policy used to determine the next hop address is chosen based solely on access control lists (ACLs), not URL maps. As a result, you can choose the next hop from one policy for routing and from a different policy for billing.
Examples
The following example shows how to reference a URL map:
ip csg policy MOVIES_COMEDYaccounting type http customer-string MOVIES_COMEDYclient-group 44client-ip http-header x-forwarded-forheader-map MOVIESurl-map MOVIESRelated Commands
user-group
To associate a user group with a specific accounting service, use the user-group command in CSG accounting configuration mode. To disassociate a user group in order to delete it, use the no form of this command.
user-group group-name
no user-group group-name
Syntax Description
group-name
Name of a configured user group to be associated with this accounting service. Only one user group can be associated with each accounting service.
Defaults
None
Command Modes
CSG accounting configuration
Command History
Examples
The following example associates user group G1 with the CSG accounting group A1:
ip csg accounting A1user-group G1agent activate 2agent local-port 3775agent 10.1.2.4 11112 10agent 10.1.2.5 11113 20keepalive 3records batchrecords http-statisticsrecords intermediate bytes 100000 time 3600records max 250inserviceRelated Commands
Command DescriptionConfigures content-based accounting as a service.
Creates a group of users for which you want to generate accounting records, and enters CSG user group configuration mode.
user-profile server
To specify which server to use to obtain the user profile (or billing plan), use the user-profile server command in CSG user group configuration mode. To restore the default setting, use the no form of this command.
user-profile server {quota | radius {remove | pass}}
no user-profile server {quota | radius {remove | pass}}
Syntax Description
Defaults
The billing plan is obtained from the quota server.
Command Modes
CSG user group configuration
Command History
Usage Guidelines
If not specified, the quota server is used to obtain the billing plan. If radius is specified, the RADIUS Access-Accept and RADIUS Accounting-Request messages are parsed for the Cisco VSA, sub-attribute 1, which contains the billing plan name. The VSA is optionally removed from the RADIUS Access-Accept message before the message is sent to the RADIUS client or server.
Keep the following considerations in mind:
•The VSA is removed from the RADIUS Access-Accept message only if remove is specified. You should use remove only if the RADIUS client cannot tolerate the Cisco VSA in the message.
•We recommend that you use pass to reduce processing time on the CSG.
•The user ID must be in the message that contains the billing plan.
Examples
The following example illustrates the user-profile server command:
ip csg user-group G1radius userid User-Nameuser-profile server radius passRelated Commands
Command DescriptionSpecifies the RADIUS attribute used to extract the user identifier from a RADIUS record.
variable (module csg)
To specify the environmental variables in the configuration, use the variable command in module CSG configuration mode. To remove the specified environmental variables from the configuration, use the no form of this command.
variable name value
no variable name value
Syntax Description
name
Name string for the variable. See Table B-7 for a list of valid variable names.
value
Value string for the variable.
Defaults
None
Command Modes
Module CSG configuration
Command History
Usage Guidelines
Table B-7 lists the environmental values used by the CSG.
As part of the CSG's health monitoring process, the CSG monitors itself for low memory conditions.
•If CSG memory usage exceeds a user-specified warning threshold, the CSG issues the following message:
%CSM_SLB-3-ERROR: Module 3 error: WARN - CSG memory usage exceeded 85% (29M/256M)
By default, the CSG issues this warning message when memory usage exceeds 85%. To change that threshold, change the setting of the CSG_MEM_WARN_THRESHOLD variable. The valid range for this variable is 1% to 98%; the default setting is 85%.
By default, the CSG issues this warning message once a minute after the threshold has been exceeded. To change the time between warning messages, change the setting of the CSG_MEM_WARN_FREQUENCY variable. The valid range for the variable is 1 minute to 99 minutes; the default setting is 1 minute.
•If CSG memory usage exceeds a user-specified depletion threshold, the CSG issues the following message:
%CSM_SLB-3-ERROR: Module 3 error: CRITICAL - CSG max memory reached 98% (4M/256M)
By default, the CSG issues this depletion message when memory usage exceeds 98%. To change that threshold, change the setting of the CSG_MEM_MAX_THRESHOLD variable. The valid range for this variable is 1% to 98%; the default setting is 98%.
By default, the CSG issues this depletion message once a minute after the threshold has been exceeded. To change the time between depletion messages, change the setting of the CSG_MEM_MAX_FREQUENCY variable. The valid range for the variable is 1 minute to 99 minutes; the default setting is 1 minute.
•If CSG memory usage exceeds a user-specified failover threshold, the active CSG performs a core dump, fails over to the standby CSG, and issues the following message:
%CSM_SLB-3-ERROR: Module 3 error: FAILOVER - CSG memory usage exceeded 98% (1M/256M)
By default, the CSG does not perform a core dump or failover, nor does it issue this failover message. If you want the CSG to take these actions, you must set a failover threshold by setting the CSG_MEM_FAILOVER_THRESHOLD variable. The valid range for the variable is 0% to 98%; the default setting is 0% (no core dump, failover, or message).
Note Configure this variable on only the active CSG or on the standby CSG, not on both. If you configure this variable on both the active CSG and on the standby CSG, and both CSGs exceed their failover thresholds, then the active CSG fails over to the standby CSG, which fails over to the active CSG, which fails over again to the standby CSG, and so on.
If you see any of the preceding messages, you need to reduce the maximum number of billing records that the CSG is allowed to buffer in memory. To do so, set the records max command in CSG accounting configuration mode to a smaller value, such as 10,000.
Examples
This example shows how to enable the environmental variables configuration:
variable CSG_BASIS_FIXED_LOW_QUOTA_MAX 1000000Related Commands
Command DescriptionEnters module CSG configuration mode for a specified slot.
Displays the environmental variables in the configuration.
verify
To enable service verification, use the verify command in CSG service configuration mode. To disable this feature, use the no form of this command.
verify
no verify
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
CSG service configuration
Command History
Usage Guidelines
If this command is configured, the CSG uses the Service Verification Request to perform the following actions:
•Alert the quota server of a new transaction.
•Allow the quota server to direct the CSG to perform one of the following mutually exclusive actions:
–DROP—Drop all packets for this flow.
–FORWARD—Forward the flow without altering the destination.
–REDIRECT-NAT—Forward all packets for this flow to the IP address provided in the Content Authorization Response. The CSG uses NAT to translate the packet to the IP address and port provided in the Content Authorization Response.
–REDIRECT-URL—Redirect the client request to the URL provided in the Content Authorization Response. The CSG sends a Layer 7 redirect (for example, an HTTP 302 response) to the client; the Layer 7 redirect contains the redirect URL.
Examples
The following example specifies a token for service verification URL-rewriting:
ip csg service SERVICE_NAMEverifyRelated Commands
Command DescriptionConfigures a content billing service, and enters CSG service configuration mode.
Configures a token for use in service verification URL-rewriting.
verify confirmation
To configure a token for use in service verification URL-rewriting, use the verify confirmation command in CSG user group configuration mode. To remove the token, use the no form of this command.
verify confirmation token
no verify confirmation token
Syntax Description
Defaults
None
Command Modes
CSG user group configuration
Command History
Usage Guidelines
URL-rewriting allows a top-off server to append parameters to a URL in order to convey state information to the quota server during a Content Authorization Request. Whenever a Service Verification Response contains the forward action code, and the URL contains the verify confirmation token, the token and all trailing characters are removed from the URL before the request is forwarded to the server.
The token is used for both HTTP and wireless application protocol (WAP) service verification URL-rewriting.
Examples
The following example specifies a token for service verification URL-rewriting:
ip csg user-group A1verify confirmation ?CSG_VERIFY_OKRelated Commands
vlan (CSG content)
To restrict the CSG billing content to a single source VLAN, use the vlan command in CSG content configuration mode. To remove the restriction, use the no form of this command.
vlan vlan-name
no vlan vlan-name
Syntax Description
Defaults
None
Command Modes
CSG content configuration
Command History
Usage Guidelines
The VLAN number is dependent on the CSG card that receives the content. When the content is downloaded to a CSG card, the vlan-name argument is mapped to a specific VLAN number.
Examples
The following example shows how to restrict the CSG content billing to a single-source VLAN named MOVIES_COMEDY:
ip csg content MOVIES_COMEDYclient 10.4.4.0 255.255.255.0idle 120ip 172.18.45.0/24 tcp 8080policy POLICY1pending 300replicate connection tcpvlan MOVIES_COMEDYinserviceRelated Commands
vlan (module CSG)
To create a client VLAN or server VLAN that defines the Layer 2 paths for the CSG accounting service flows, assign a VLAN ID and an optional name, and enter module CSG VLAN configuration mode, use the vlan command in module CSG configuration mode. To remove the VLAN from the configuration, use the no form of this command.
vlan vlan-id {client | server} [vlan-name]
no vlan vlan-id {client | server} [vlan-name]
Syntax Description
Defaults
None
Command Modes
Module CSG configuration
Command History
Usage Guidelines
A VLAN database entry must exist for the given VLAN ID.
When a content configuration is downloaded that includes a vlan command that specifies the same vlan-name argument, the CSG translates the vlan-name argument to the correct vlan-id argument when the content is installed on the CSG card.
If the downloaded content configuration does not include a vlan command, or if the vlan command does not specify a valid vlan-name argument, then the content configuration cannot be brought into service because no source VLAN is defined.
The characteristics of each VLAN are defined by the following commands:
Examples
The following example shows how to create client-side VLANs with IDs 301, 320, and 400 for the CSG in slot 4:
module csg 4accounting A1ft group 123 vlan 5ruleset R1vlan 301 clientname TO-GGSN-MS-APNgateway 31.0.0.10ip address 31.0.0.21 255.255.255.0route 11.0.0.0 255.255.0.0 gateway 31.0.0.1route 11.1.0.0 255.255.0.0 gateway 31.0.0.2route 11.2.0.0 255.255.0.0 gateway 31.0.0.3route 11.3.0.0 255.255.0.0 gateway 31.0.0.4alias 31.0.0.51 255.255.255.0vlan 320 clientvlan 400 serverRelated Commands
zero-quota abort type
To force wireless application protocol (WAP) transactions to be terminated midstream when the user's quota is depleted, use the zero-quota abort type command in CSG service configuration mode. To return to the default behavior, use the no form of the command.
zero-quota abort type {wap}
no zero-quota abort type {wap}
Syntax Description
Defaults
None
Command Modes
CSG service configuration
Command History
Usage Guidelines
This command is configured on a per-service basis.
This command configures the WAP cutoff feature.
Examples
The following example shows how to enable the zero-quota abort type command:
ip csg service SERVIN_WAPzero-quota abort type wapcontent WAP_WTP_CONTENT policy WAP_WTPRelated Commands
Command DescriptionConfigures a content billing service, and enters CSG service configuration mode.