- gprs gtp-director retry-timeout
- gprs gtp echo-timer dynamic enable
- gprs gtp echo-timer dynamic minimum
- gprs gtp echo-timer dynamic smooth-factor
- gprs gtp error-indication throttle
- gprs gtp ip udp ignore checksum
- gprs gtp map signalling tos
- gprs gtp n3-buffer-size
- gprs gtp n3-requests
- gprs gtp path-echo-interval
- gprs gtp ppp vtemplate
- gprs gtp ppp-regeneration vtemplate
- gprs gtp response-message wait-accounting
- gprs gtp t3-response
- gprs idle-pdp-context purge-timer
- gprs maximum-pdp-context-allowed
- gprs mcc mnc
- gprs ms-address exclude-range
- gprs ni-pdp cache-timeout
- gprs ni-pdp discard-period
- gprs ni-pdp ip-imsi single
- gprs ni-pdp pdp-buffer
- gprs ni-pdp percentage
- gprs qos default-response requested
- gprs qos map canonical-qos
- gprs qos map delay
- gprs radius msisdn first-byte
- gprs slb cef
- gtp response-message wait-accounting
- ip-access-group
- ip-address-pool
- msisdn suppression
- network-request-activation
- ppp-regeneration
- radius attribute suppress imsi
- radius attribute suppress qos
- radius attribute suppress sgsn-address
- redirect intermobile ip
- security verify
- service gprs ggsn
- service gprs gtp-director
- session idle-time
gprs gtp-director retry-timeout
To specify the amount of time during which GDM forwards all retries of create PDP context requests for a specific TID from an SGSN to the same GGSN, use the gprs gtp-director retry-timeout global configuration command. To return to the default value, use the no form of this command.
gprs gtp-director retry-timeout seconds
no gprs gtp-director retry-timeout seconds
Syntax Description
seconds |
Number of seconds (between 1 and 65535) during which GDM forwards retries for a specific TID to the same GGSN. The default is 30 seconds. |
Defaults
30 seconds
Command Modes
Global configuration
Command History
Usage Guidelines
Use the gprs gtp-director retry-timeout command only when configuring the GTP Director Module (GDM). Do not configure this command on a GGSN.
Use the gprs gtp-director retry-timeout command to specify how long GDM forwards all retries of create PDP context requests for a specific TID from an SGSN to the same GGSN. The retry-timeout value represents the maximum period of time during which GDM expects the real GGSN to establish or reject the PDP context request.
It is recommended that the retry-timeout value be specified according to the following formula:
,
where
•
T is the GDM retry-timeout. This is the value that you need to determine for the gprs gtp-director retry-timeout command on the GDM router.
•N3 is the retry count that is configured on the SGSN.
•T3 is the retry timer that is configured on the SGSN.
•B is some integer that you choose as a buffer factor. The buffer factor is suggested to allow sufficient time for routing and processing the request by the real GGSN.
Note You can configure the gprs gtp-director retry-timeout command in real time for GDM. The new value will be used for create PDP context requests coming in for any new TIDs. The new value is not retroactive for existing TIDs. Therefore, the old value is used for any PDP context requests for an existing TID.
Examples
The following example configures GDM to forward all retries of create PDP context requests for a specific TID to the same GGSN for 1 minute:
gprs gtp-director retry-timeout 60
Related Commands
|
|
|
|---|---|
Configures a router for GTP director module functions. |
gprs gtp echo-timer dynamic enable
To enable the dynamic echo timer on the GGSN, use the gprs gtp echo-timer dynamic enable global configuration command. To disable the dynamic echo timer, use the no form of this command.
gprs gtp echo-timer dynamic enable
no gprs gtp echo-timer dynamic enable
Syntax Description
This command has no arguments or keywords.
Defaults
Disabled
Command Modes
Global configuration
Command History
Usage Guidelines
For a GTP path to be active, the SGSN needs to be active. To determine that an SGSN is active, the GGSN and SGSN exchange echo messages. Although the GGSN supports different methods of echo message timing, the basic echo flow begins when the GGSN sends an echo request message to the SGSN. The SGSN sends a corresponding echo response message back to the GGSN.
If the GGSN does not receive a response after a certain number of retries (a configurable value), the GGSN assumes that the SGSN is not active. This indicates a GTP path failure, and the GGSN clears all PDP context requests associated with that path.
The GGSN supports two different methods of echo timing—the default echo timer and the dynamic echo timer.
The GGSN's default echo timer can not be configured to accommodate network congestion and therefore the GTP path could be cleared prematurely. The dynamic echo timer feature enables the GGSN to better manage the GTP path during periods of network congestion. Use the gprs gtp echo-timer dynamic enable command to enable the GGSN to perform dynamic echo timing.
Default echo timer
The dynamic echo timer is based on the default echo timer in the GGSN. A description of the default echo timer follows as a means of comparison.
The default echo timer configuration uses the following commands:
•gprs gtp n3-requests—Specifies maximum number of times that the GGSN attempts to send a echo-request message. The default is 5 times.
•gprs gtp path-echo-interval—Specifies the number of seconds that the GGSN waits before sending an echo-request message to the SGSN. The default is 60 seconds.
•gprs gtp t3-response—Specifies the number of seconds that the GGSN waits before resending an echo-request message after the path echo interval has expired and the echo response from the SGSN has not been received. The default is 1 second.
If the GGSN receives the echo response within the path echo interval (as specified in the gprs gtp path-echo-interval command; default is 60 seconds), it sends another echo request message after 60 seconds (or whatever time was configured in the gprs gtp path-echo-interval command). This message flow continues as long as the GGSN receives an echo response message from the SGSN within the specified path echo interval.
If the GGSN fails to receive an echo response message from the SGSN within the path echo interval, it resends echo request messages until the N3-requests counter is reached (as specified by the gprs gtp n3-requests command; default is 5). Because the initial request message is included in the N3-requests counter, the total number of retries is N3-1. The T3 timer increases by a factor of two for each retry (the factor value is not configurable).
For example, if N3 is set to the default of 5, and T3 is set to the default of 1 second, the GGSN will resend 4 echo request messages (the initial request + 4 retries=5). The T3 time increments for each additional echo request, by a factor of 2 seconds. So, the GGSN resends a message in 2 seconds, 4 seconds, 8 seconds, and 16 seconds. If the GGSN fails to receive an echo response message from the SGSN within the time period of the N3-requests counter, it clears the GTP path and deletes all of the PDP contexts.
For the above example, the total elapsed time from when the first request message is sent, to when the GTP path is cleared, is: 60+2+4+8+16=90 seconds,
where 60 is the initial value of the path echo interval, and the remaining 4 time periods are the increments of the T3 timer for the subsequent retries.
Dynamic echo timer
The dynamic echo timer method is different from the default echo timer method on the GGSN because it uses a calculated round-trip timer (RTT), as well as a configurable factor or multiplier to be applied to the RTT statistic.
The dynamic echo timer configuration uses the following commands:
•gprs gtp echo-timer dynamic enable—Enables the dynamic echo timer on the GGSN.
•gprs gtp echo-timer dynamic minimum—Specifies the minimum time period (in seconds) for the dynamic echo timer. If the RTT is less than this value, the GGSN uses the value set in this command.
•gprs gtp echo-timer dynamic smooth-factor—Configures the multiplier that the dynamic echo timer uses when calculating the time to wait to send retries, when it has not received a response from the SGSN within the path echo interval.
•gprs gtp n3-requests—Specifies the maximum number of times that the GGSN attempts to send an echo-request message. The default is 5 times.
•gprs gtp path-echo-interval—Specifies the number of seconds within which the GGSN expects to receive an echo response from the SGSN. This is the period of time that the GGSN waits before sending another echo-request message. The default is 60 seconds.
The GGSN calculates the RTT statistic for use by the dynamic echo timer feature. The RTT is the amount of time between sending a particular echo request message and receiving the corresponding echo response message. RTT is calculated for the first echo response received; the GGSN records this statistic. Because the RTT value might be a very small number, there is a minimum time for the dynamic echo timer to use. This value is configured using the gprs gtp echo-timer dynamic minimum command.
If the GGSN fails to receive an echo response message from the SGSN within the path echo interval, it goes into retransmission, or path failure mode. During path failure mode, the GGSN uses a value referred to as the T-dynamic. The T-dynamic is the greater of either the dynamic minimum, or the RTT statistic multiplied by the smooth factor.
The T-dynamic essentially replaces the use of the gprs gtp t3-response command, which is used in the default echo timer method on the GGSN. The T-dynamic timer increases by a factor of two for each retry (again, this factor is not configurable), until the N3-requests counter is reached (N3-requests counter includes the initial request message).
For example, if the RTT is 6 seconds, N3 is set to 5, and the smooth factor is set to 3, the GGSN will resend 4 echo request messages in path failure mode. The T-dynamic value is 18 (RTT x smooth factor), so the GGSN sends a retry echo request message in 36 seconds, 72 seconds, 144 seconds, and 288 seconds. If the GGSN fails to receive an echo response message from the SGSN in this time period, it clears the GTP path and deletes all PDP contexts. The total elapsed time from when the first request message is sent to when the GTP path is cleared is: 60+36+72+144+288=600 seconds, where 60 is the initial value of the path echo interval, and the remaining 4 time periods are the increments of the T-dynamic for the subsequent retries.
Examples
The following example turns on the dynamic echo timer, sets the minimum value to 5 seconds, and configures a smooth factor of 3:
gprs gtp echo-timer dynamic enable
gprs gtp echo-timer dynamic minimum 5
gprs gtp echo-timer dynamic smooth-factor 3
Related Commands
gprs gtp echo-timer dynamic minimum
To specify the minimum time period used by the dynamic echo timer, use the gprs gtp echo-timer dynamic minimum global configuration command. To return to the default value, use the no form of this command.
gprs gtp echo-timer dynamic minimum number
no gprs gtp echo-timer dynamic minimum number
Syntax Description
number |
Minimum time period (between 1 and 60 seconds) of the dynamic echo timer. Value must be an integer. The default value is 5 seconds. |
Defaults
5 seconds
Command Modes
Global configuration
Command History
Usage Guidelines
Use this command to specify the minimum time period (in seconds) used by the dynamic echo timer, also referred to as the T-dynamic. If the GGSN's current calculation of the round-trip timer (RTT) statistic, multiplied by the smooth factor, is less than the configured dynamic minimum value, then the GGSN uses the configured minimum as the T-dynamic.
The GGSN calculates the RTT statistic for use by the dynamic echo timer feature. The RTT is the amount of time between sending a particular echo request message and receiving the corresponding echo response message. RTT is calculated for the first echo response received; the GGSN records this statistic. Because the RTT value might be a very small number, there is a minimum time for the dynamic echo timer to use. This value is configured using the gprs gtp echo-timer dynamic minimum command.
If the GGSN fails to receive an echo response message from the SGSN within the path echo interval, it goes into retransmission, or path failure mode. During path failure mode, the GGSN uses a value referred to as the T-dynamic. The T-dynamic is the greater of either the dynamic minimum, or the RTT statistic multiplied by the smooth factor.
The T-dynamic essentially replaces the use of the gprs gtp t3-response command, which is used in the default echo timer method on the GGSN. The T-dynamic timer increases by a factor of two for each retry (again, this factor is not configurable), until the N3-requests counter is reached (N3-requests counter includes the initial request message).
Note For more information about the dynamic echo timer on the GGSN, refer to the Usage Guidelines section for the gprs gtp echo-timer dynamic enable command.
Examples
The following example turns on the dynamic echo timer, sets the minimum value to 6 seconds, and configures a smooth factor of 2:
gprs gtp echo-timer dynamic enable
gprs gtp echo-timer dynamic minimum 6
gprs gtp echo-timer dynamic smooth-factor 2
Related Commands
gprs gtp echo-timer dynamic smooth-factor
To configure the multiplier that the GGSN uses to calculate the time to wait to send retries of the dynamic echo timer, use the gprs gtp echo-timer dynamic smooth-factor global configuration command. To return to the default value, use the no form of this command.
gprs gtp echo-timer dynamic smooth-factor number
no gprs gtp echo-timer dynamic smooth-factor number
Syntax Description
number |
Integer (between 1 and 100) used by the GGSN as a multiplier for the RTT statistic, to calculate the T-dynamic. The default is 2. |
Defaults
2
Command Modes
Global configuration
Command History
Usage Guidelines
The dynamic echo timer uses the smooth factor to calculate what is known as the T-dynamic. The T-dynamic is calculated by multiplying the RTT (or the value configured in the gprs gtp echo-timer dynamic minimum, whichever is greater) times the smooth-factor.
Note Refer to the Usage Guidelines section for the gprs gtp echo-timer dynamic enable command for a detailed explanation of how the dynamic echo timer works.
Examples
The following example turns on the dynamic echo timer, sets the minimum value to 1 second, and configures a smooth factor of 2:
gprs gtp echo-timer dynamic enable
gprs gtp echo-timer dynamic minimum 1
gprs gtp echo-timer dynamic smooth-factor 2
Related Commands
gprs gtp error-indication throttle
To specify the maximum number of error indication messages that the GGSN sends out in one second, use the gprs gtp error-indication throttle command. To disable the GGSN from sending error indication messages, use the no form of this command.
gprs gtp error-indication throttle window-size size
no gprs gtp error-indication throttle
Syntax Description
size |
Integer (between 0 and 256) that specifies the maximum number of error indication messages that the GGSN sends in one second. |
Defaults
Disabled
Command Modes
Global configuration
Command History
Usage Guidelines
Use the gprs gtp error-indication throttle command to specify the maximum number of error indication messages that are sent by the GGSN in one second. This provides a way to implement flow control for transmission of GTP error messages. The GGSN maintains a counter that decrements each time that an error indication message is sent. The GGSN resets this counter to the configured throttle value after one second.
If you do not issue the command, error indication throttling is not enabled. To restore the default value (error indication throttling is disabled) use the no form of this command.
Examples
The following example shows a throttle value of 150:
gprs gtp error-indication throttle window-size 150
gprs gtp ip udp ignore checksum
To disable verification of the user datagram protocol (UDP) checksum to support CEF switching on the GGSN, use the gprs gtp ip udp ignore checksum global configuration command. To enable UDP checksum verification on the GGSN, use the no form of this command.
gprs gtp ip udp ignore checksum
no gprs gtp ip udp ignore checksum
Syntax Description
This command has no arguments or keywords.
Defaults
UDP checksum verification is enabled on the GGSN.
Command Modes
Global configuration
Command History
Usage Guidelines
UDP checksum verification can prohibit operation of CEF switching processing on the GGSN if the checksum should have a non-zero result. Therefore, if you want to enable CEF switching on the GGSN, you should configure the gprs gtp ip udp ignore checksum command.
If UDP checksum verification remains enabled on the GGSN and a non-zero result occurs, the GTP T-PDUs will be process switched, even if you have configured the GGSN for CEF switching.
The gprs gtp ip udp ignore checksum command does not apply if you are only using process switching on the GGSN.
For more information about switching processes on the router, refer to the Cisco IOS Switching Services Configuration Guide.
Examples
The following example disables UDP checksum verification on the GGSN:
gprs gtp ip udp ignore checksum
Related Commands
|
|
|
|---|---|
ip cef |
Enables CEF on the route processor card. |
gprs gtp map signalling tos
To specify an IP ToS mapping for GPRS tunneling protocol (GTP) signaling packets, use the gprs gtp map signalling tos global configuration command. To return to the default value, use the no form of this command.
gprs gtp map signalling tos tos-value
no gprs gtp map signalling tos tos-value
Syntax Description
tos-value |
Value between 0 and 7 that specifies the IP ToS mapping. The default value is 5. |
Defaults
ToS value 5
Command Modes
Global configuration
Command History
Usage Guidelines
Use the gprs gtp map signalling tos command to specify the IP ToS mapping for GTP signaling packets transmitted by the GGSN. The higher the value, the higher the class of service provided to the packets.
Examples
The following example specifies a IP ToS mapping value of 3:
gprs gtp map signalling tos 3
Related Commands
gprs gtp n3-buffer-size
To specify the size of the receive buffer that the GGSN uses to receive GTP signaling messages and packets sent through the tunneling protocol, use the gprs gtp n3-buffer-size global configuration command. To return to the default value, use the no form of this command.
gprs gtp n3-buffer-size bytes
no gprs gtp n3-buffer-size
Syntax Description
bytes |
Number of bytes (between 2048 and 65535) that specifies the size of the N3 buffer. The default is 8192 bytes. |
Defaults
8192 bytes
Command Modes
Global configuration
Command History
Usage Guidelines
Use the gprs gtp n3-buffer-size command to specify the size of the GTP N3 buffer on the GGSN. The N3 buffer is a receive buffer that the GGSN uses to receive GTP signaling messages and packets sent through the tunneling protocol. The recommended value for the N3 buffer size is 8192 (the default size).
Examples
The following example specifies a buffer size of 2084 bytes:
gprs gtp n3-buffer-size 2048
gprs gtp n3-requests
To specify the maximum number of times that the GGSN attempts to send a signaling request to an SGSN, use the gprs gtp n3-requests global configuration command. To return to the default value, use the no form of this command.
gprs gtp n3-requests requests
no gprs gtp n3-requests requests
Syntax Description
requests |
A number between 1 and 65535 that specifies the number of times a request is attempted. The default is 5 requests. |
Defaults
5 requests
Command Modes
Global configuration
Command History
Usage Guidelines
The value of the gprs gtp n3-requests command is used for all signaling requests on the GGSN.
The GGSN supports two different methods of echo timing—the default echo timer and the dynamic echo timer. The gprs gtp n3-requests command is used by the GGSN to perform either type of echo processing.
Examples
The following example shows the GGSN attempting to send a signaling request 3 times:
gprs gtp n3-requests 3
Related Commands
gprs gtp path-echo-interval
To specify the number of seconds that the GGSN waits before sending an echo-request message to the SGSN, use the gprs gtp path-echo-interval global configuration command. To return to the default value, use the no form of this command.
gprs gtp path-echo-interval interval
no gprs gtp path-echo-interval interval
Syntax Description
Defaults
60 seconds
Command Modes
Global configuration mode
Command History
Usage Guidelines
The GGSN supports two different methods of echo timing—the default echo timer and the dynamic echo timer. The gprs gtp path-echo-interval command is used on the GGSN to perform either type of echo processing.
Use the gprs gtp path-echo-interval command to specify the interval that the GGSN waits before sending an echo-request message to the SGSN to check for GTP path failure.
Note A value of 0 seconds disables echo requests on the GGSN.
Examples
The following example shows the GGSN waiting 90 seconds before sending an echo-request message:
gprs gtp path echo-interval 90
Related Commands
gprs gtp ppp vtemplate
To associate the virtual template interface that defines the PPP characteristics with support for the PPP PDP type over GTP on the GGSN, use the gprs gtp ppp vtemplate global configuration command. To remove specification of the PPP virtual template interface for GTP on the GGSN, use the no form of this command.
gprs gtp ppp vtemplate number
no gprs gtp ppp vtemplate number
Syntax Description
Defaults
No default behavior or values.
Command Modes
Global configuration
Command History
Usage Guidelines
Before you configure the gprs gtp ppp vtemplate command, you must configure the virtual template interface with the necessary PPP characteristics. The number that you configure for the virtual template interface that defines the PPP characteristics, must correspond to the number that you specify in the gprs gtp ppp vtemplate command.
Examples
The following example configures two virtual template interfaces on the GGSN, one for GTP encapsulation and one for PPP, and specifies the PPP virtual template interface for GTP on the GGSN.
Note The virtual template interface for PPP is a different virtual template interface than the GPRS virtual template interface for GTP encapsulation.
The first section of commands configures the GPRS virtual template interface for GTP:
interface Virtual-Template 1
ip address 10.1.1.1 255.0.0.0
no ip directed-broadcast
encapsulation gtp
no ip route-cache
gprs access-point-list gprs
The following example configures a virtual template interface for PPP and associates the virtual template for support of the PPP PDP type over GTP on the GGSN:
interface Virtual-Template 2
ip unnumbered FastEthernet 1/0
no ip directed-broadcast
no peer default ip address
ppp authentication chap
ppp timeout retry 30
gprs gtp ppp vtemplate 2
Related Commands
|
|
|
|---|---|
interface virtual-template |
Creates a virtual template interface that can be configured and applied dynamically in creating virtual access interfaces. |
gprs gtp ppp-regeneration vtemplate
To associate the virtual template interface that is configured for PPP encapsulation with support for regenerated PPP sessions on the GGSN, use the gprs gtp ppp-regeneration vtemplate global configuration command. To remove specification of the PPP virtual template interface for regenerated PPP sessions on the GGSN, use the no form of this command.
gprs gtp ppp-regeneration vtemplate number
no gprs gtp ppp-regeneration vtemplate number
Syntax Description
Defaults
No default behavior or values.
Command Modes
Global configuration
Command History
Usage Guidelines
Before you configure the gprs gtp ppp-regeneration vtemplate command, you must configure the virtual template interface for PPP encapsulation using the encapsulation ppp command. In addition, you must also configure the ip address negotiated command and the no peer neighbor-route command at the virtual template interface for PPP encapsulation.
The number that you configure for the virtual template interface to support PPP encapsulation, must correspond to the number that you specify in the gprs gtp ppp-regeneration vtemplate command.
Examples
The following example configures two virtual template interfaces on the GGSN, one for GTP encapsulation for communication between the GGSN and the SGSN, and one for PPP regeneration. The virtual template interface for PPP regeneration supports the creation of PPP sessions from the GGSN over Layer 2 Tunneling Protocol (L2TP) tunnels to an L2TP network server (LNS).
Note The virtual template interface for PPP regeneration is a different virtual template interface than the GPRS virtual template interface for PPP PDP type support and for GTP encapsulation.
The first section of commands configures the GPRS virtual template interface for GTP:
interface Virtual-Template 1
ip address 10.1.1.1 255.0.0.0
no ip directed-broadcast
encapsulation gtp
no ip route-cache
gprs access-point-list gprs
The following example configures a virtual template interface for PPP regeneration:
interface Virtual-Template 11
ip address negotiated
no peer neighbor-route
encapsulation ppp
The following example specifies virtual template interface 11 for PPP regeneration on the GGSN:
gprs gtp ppp-regeneration vtemplate 11
Related Commands
|
|
|
|---|---|
interface virtual-template |
Creates a virtual template interface that can be configured and applied dynamically in creating virtual access interfaces. |
gprs gtp response-message wait-accounting
To configure the GGSN to wait for a RADIUS accounting response before sending a create PDP context response to the SGSN, for create PDP context requests received across all access points, use the gprs gtp response-message wait-accounting global configuration command. To configure the GGSN to send a create PDP context response to the SGSN after sending a RADIUS start accounting message to the RADIUS server (without waiting for a response from the RADIUS accounting server), use the no form of this command.
gprs gtp response-message wait-accounting
no gprs gtp response-message wait-accounting
Syntax Description
This command has no arguments or keywords.
Defaults
The GGSN sends a create PDP context response to the SGSN after sending a RADIUS start accounting message to the RADIUS accounting server. The GGSN does not wait for a RADIUS accounting response from the RADIUS accounting server.
Command Modes
Global configuration
Command History
Usage Guidelines
Use the gprs gtp response-message wait-accounting command to configure the GGSN to wait for a RADIUS accounting response from the RADIUS accounting server, before sending a create PDP context response to the SGSN, for create PDP context requests received across all access points.
If the GGSN does not receive a response from the RADIUS accounting server when you have configured the gprs gtp response-message wait-accounting command, then the GGSN rejects the PDP context request.
The GGSN supports configuration of RADIUS response message waiting at both the global and access-point configuration levels. You can minimize your configuration by specifying the configuration that you want to support across most APNs, at the global configuration level. Then, at the access-point configuration level, you can selectively modify the behavior that you want to support at a particular APN. Therefore, at the APN configuration level, you can override the global configuration of RADIUS response message waiting.
To configure the GGSN to wait for a RADIUS accounting response as the default behavior for all APNs, use the gprs gtp response-message wait-accounting global configuration command. To disable this behavior for a particular APN, use the no response-message wait-accounting access-point configuration command.
To verify whether RADIUS response message waiting is enabled or disabled at an APN, you can use the show gprs access-point command and observe the value reported in the wait_accounting output field.
Examples
The following example globally configures the GGSN to wait for a RADIUS accounting response from the RADIUS accounting server before sending an activate PDP context response to the SGSN, for PDP context requests received across all access points except access-point 1. RADIUS response message waiting has been overridden at access-point 1 using the no gtp response-message wait-accounting command:
Note This example shows only a partial configuration of the GGSN, to highlight those commands related to implementing RADIUS response message waiting. Additional configuration statements are required to complete a full configuration of the GGSN.
aaa new-model
!
aaa group server radius foo
server 10.2.3.4
server 10.6.7.8
!
aaa authentication ppp foo group foo
aaa authorization network default group radius
aaa accounting exec default start-stop group foo
!
gprs access-point-list gprs
access-point 1
access-mode non-transparent
access-point-name www.pdn1.com
aaa-group authentication foo
no gtp response-message wait-accounting
exit
access-point 2
access-mode non-transparent
access-point-name www.pdn2.com
aaa-group authentication foo
!
gprs gtp response-message wait-accounting
!
radius-server host 10.2.3.4 auth-port 1645 acct-port 1646 non-standard
radius-server host 10.6.7.8 auth-port 1645 acct-port 1646 non-standard
radius-server key ggsntel
Related Commands
gprs gtp t3-response
To specify the initial time that the GGSN waits before resending a signaling request message when a response to a request has not been received, use the gprs gtp t3-response global configuration command. To return to the default value, use the no form of this command.
gprs gtp t3-response response-interval
no gprs gtp t3-response response-interval
Syntax Description
response-interval |
A value between 1 and 65535 that specifies the length of the T3 response interval, in seconds. The default is 1 second. |
Defaults
1 second
Command Modes
Global configuration
Command History
Usage Guidelines
The gprs gtp t3-response command is used by the GGSN to process delete PDP context requests and to perform the default method of echo timing.
For delete PDP context requests, the gprs gtp t3-response command is used by the GGSN to specify how long the GGSN waits before sending a retry of the delete PDP context request when a response is not received from the SGSN, until the gprs gtp n3-requests limit is reached.
The GGSN supports two echo timer implementations—the default echo timer and the dynamic echo timer. The gprs gtp t3-response command also is used on the GGSN to perform the default type of echo processing, when the dynamic echo timer is not enabled.
If the GGSN receives the echo response within the path echo interval (as specified in the gprs gtp path-echo-interval command; default is 60 seconds), it sends another echo request message after 60 seconds (or whatever time was configured in the gprs gtp path-echo-interval command). This message flow continues as long as the GGSN receives an echo response message from the SGSN within the specified path echo interval.
If the GGSN fails to receive an echo response message from the SGSN within the path echo interval, it resends echo request messages until the N3-requests counter is reached (as specified by the gprs gtp n3-requests command; default is 5). Because the initial request message is included in the N3-requests counter, the total number of retries is N3-1. The T3 timer increases by a factor of two for each retry (the factor value is not configurable).
For example, if N3 is set to the default of 5, and T3 is set to the default of 1 second, the GGSN will resend 4 echo request messages (the initial request + 4 retries=5). The T3 time increments for each additional echo request, by a factor of 2 seconds. So, the GGSN resends a message in 2 seconds, 4 seconds, 8 seconds, and 16 seconds. If the GGSN fails to receive an echo response message from the SGSN within the time period of the N3-requests counter, it clears the GTP path and deletes all of the PDP contexts.
For the above example, the total elapsed time from when the first request message is sent, to when the GTP path is cleared, is: 60+2+4+8+16=90 seconds,
where 60 is the initial value of the path echo interval, and the remaining 4 time periods are the increments of the T3 timer for the subsequent retries.
Examples
The following example shows a T3 interval response interval of 524 seconds:
gprs gtp t3-response 524
Related Commands
gprs idle-pdp-context purge-timer
To specify the time that the GGSN waits before purging idle mobile sessions, use the gprs idle-pdp-context purge-timer global configuration command. To return to the default value, use the no form of this command.
gprs idle-pdp-context purge-timer hours
no gprs idle-pdp-context purge-timer hours
Syntax Description
hours |
Value between 0 and 255 that specifies the number of hours that the GGSN waits before purging idle sessions. The value 0 disables the purge timer. The default is 72 hours. |
Defaults
72 hours
Command Modes
Global configuration
Command History
Usage Guidelines
To specify the time that the GGSN waits before purging idle mobile sessions, use the gprs idle-pdp-context purge-timer command. To disable this feature, specify a purge-timer value of 0.
You can override the value of the global purge timer using the session idle-time access-point configuration command.
Examples
The following example specifies that the GGSN wait for 60 hours before purging idle sessions:
gprs idle-pdp-context purge-timer 60
Related Commands
|
|
|
|---|---|
Specifies the time that the GGSN waits before purging idle mobile sessions for the current access point. |
gprs maximum-pdp-context-allowed
To specify the maximum number of PDP contexts (mobile sessions) that can be activated on the GGSN, use the gprs maximum-pdp-context-allowed global configuration command. To return to the default value, use the no form of this command.
gprs maximum-pdp-context-allowed pdp-contexts
no gprs maximum-pdp-context-allowed pdp-contexts
Syntax Description
pdp-contexts |
Integer between 1 and 4294967295 that specifies the number of active PDP contexts allowed. The default is 10000 PDP contexts. |
Defaults
10000 PDP contexts
Command Modes
Global configuration
Command History
Usage Guidelines
Use the gprs maximum-pdp-context-allowed command to specify the maximum number of PDP contexts allowed on the GGSN. When the maximum allowable number of PDP contexts is reached, the GGSN refuses new PDP contexts (mobile sessions) until sessions are available.
Note The practical upper limit for the maximum number of PDP contexts depends on the router platform that you are using, the amount of memory available on the router, and the type of configuration configured (whether a method of Point to Point Protocol [PPP] has been configured to forward packets beyond the terminal equipment and mobile termination and the rate of PDP context creation to be supported).
If you use DFP with GPRS load balancing, you must also specify a maximum number of PDP contexts for each GGSN, using the gprs maximum-pdp-context-allowed command. Do not accept the default value of 10000 PDP contexts. A value of 45000 is recommended. Significantly lower values can impact performance in a GPRS load-balancing environment.
Note For more information about configuring GPRS load balancing, see the IOS Server Load Balancing, 12.1(9)E documentation located at Cisco.com at the following URL:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121limit/121e/121e9/index.htm
Examples
In the following example 15000 PDP contexts are allowed on the GGSN:
gprs maximum-pdp-context-allowed 15000
Related Commands
|
|
|
|---|---|
Specifies the time that the GGSN waits before purging idle mobile sessions. |
gprs mcc mnc
To configure the mobile country code and mobile network node that the GGSN uses to determine whether a create PDP context request is from a roamer, use the gprs mcc mnc global configuration command. To return to the default values, use the no form of this command.
gprs mcc mcc-num mnc mnc-num
no gprs mcc mcc-num mnc mnc-num
Syntax Description
Defaults
000—For both the MCC and MNC. A valid code must be a non-zero value.
Command Modes
Global configuration
Command History
Usage Guidelines
Use the gprs mcc mnc command as part of the configuration required on the GGSN to support creation of CDRs for roaming mobile subscribers, or to block roamers from being able to create PDP context requests.
The GGSN uses the values that you configure in this command to compare with the tunnel ID (TID) in a create PDP context request.
The GGSN automatically specifies values of 000 for the MCC and MNC. However, you must configure non-zero values for both the MCC and MNC before you can enable the GGSN to create charging CDRs for roamers.
To properly issue the gprs mcc mnc command, you must specify both the mcc keyword with its argument and the mnc keyword with its argument. You cannot issue the command without specifying both keywords.
It is important that you configure the gprs mcc mnc and gprs charging roamers commands in their proper order. After you configure the MCC and MNC values, use the gprs charging roamers command to enable charging for roamers on the GGSN. You can change the MCC and MNC values by reissuing the gprs mcc mnc command.
To verify your configuration of these codes on the GGSN, use the show gprs charging parameters command.
Note To see a list of some established MCC and MNC codes, refer to the "Table of MCC and MNC Codes" section on page 263. To find more information about MCC and MNC codes, see the ITU E.212 recommendation, Identification Plan for Land Mobile Stations.
Examples
The following example replaces the default values of 000 on the GGSN, and specifies an MCC code of 310 for the USA and an MNC code of 15 for the Bell South service provider:
gprs mcc 310 mnc 15
Related Commands
|
|
|
|---|---|
Restricts GPRS access based on the mobile user's home PLMN. |
|
Enables charging for roamers on the GGSN. |
|
Displays information about the current GPRS charging configuration. |
gprs ms-address exclude-range
To specify the IP address range(s) used by the GPRS network, and thereby excluded from the mobile station (MS) IP address range, use the gprs ms-address exclude-range global configuration command. To remove the specified range(s), use the no form of this command.
gprs ms-address exclude-range start-ip end-ip
no gprs ms-address exclude-range start-ip end-ip
Syntax Description
start-ip |
IP address at the beginning of the range. |
end-ip |
IP address at the end of the range. |
Defaults
No default behavior or values.
Command Modes
Global configuration
Command History
Usage Guidelines
An MS can not have the same IP address as another GPRS network entity. Use the gprs ms-address exclude-range command to reserve certain IP address ranges for use by the GPRS network, and to disallow them from use by an MS.
During a create PDP context request, the GGSN verifies whether the IP address of an MS falls within the specified excluded range. If there is an overlap of the MS IP address with an excluded range, then the PDP context request is rejected. This measure prevents duplicate IP addressing in the network.
You can configure up to 100 IP address ranges. A range can be one or more addresses. However, you can configure only one IP address range per command entry. To exclude a single IP address, you can repeat the IP address in the start-ip and end-ip arguments. IP addresses are 32-bit values.
Examples
Example 1
The following example specifies the IP address ranges used by the GPRS network (which are thereby excluded from the MS IP address range:
gprs ms-address exclude-range 10.0.0.1 10.20.40.50
gprs ms-address exclude-range 172.16.150.200 172.30.200.255
gprs ms-address exclude-range 192.168.100.100 192.168.200.255
Example 2
The following example excludes an MS from using the IP address of 10.10.10.1:
gprs ms-address exclude-range 10.10.10.1 10.10.10.1
Related Commands
|
|
|
|---|---|
Displays the IP address range(s) configured on the GGSN for the GPRS network. |
gprs ni-pdp cache-timeout
To specify the maximum amount of time that the GGSN caches an SGSN address for an MS after an unsuccessful network-initiated PDP context attempt, use the gprs ni-pdp cache-timeout global configuration command. To return to the default value, use the no form of this command.
gprs ni-pdp cache-timeout number
no gprs ni-pdp cache-timeout number
Syntax Description
number |
Number of seconds from 0 to 65535. The default value is 600 (10 minutes). |
Defaults
600 seconds (10 minutes)
Command Modes
Global configuration
Command History
Usage Guidelines
The GGSN obtains the SGSN address for an MS from the HLR and caches it for the period of time specified by the gprs ni-pdp cache-timeout command, for unsuccessful network-initiated PDP context attempts with a cause of "MS not reachable" or "MS refuses." The GGSN needs the SGSN address if the MS is not reachable or if the MS refuses the PDP PDU.
Examples
The following example specifies that the GGSN caches the SGSN address for an MS for 300 seconds (5 minutes):
gprs ni-pdp cache-timeout 300
Related Commands
gprs ni-pdp discard-period
To specify the amount of time that the GGSN discards subsequent PDP PDUs received on the Gi interface for an MS, after an unsuccessful network-initiated PDP context attempt, use the gprs ni-pdp discard-period global configuration command. To return to the default value, use the no form of this command.
gprs ni-pdp discard-period number
no gprs ni-pdp discard-period number
Syntax Description
number |
Number of seconds from 0 to 65535. The default value is 300 (5 minutes). |
Defaults
300 seconds (5 minutes)
Command Modes
Global configuration
Command History
Usage Guidelines
Used the gprs ni-pdp discard-period command to specify how long the GGSN discards subsequent PDUs for a PDP context from an MS, after an unsuccessful network-initiated PDP context attempt.
Examples
The following example specifies that, after an unsuccessful network-initiated PDP delivery attempt, the GGSN discards subsequent PDP PDUs received on the Gi interface for 180 seconds (3 minutes):
gprs ni-pdp discard-period 180
Related Commands
gprs ni-pdp ip-imsi single
To specify a static IP address to IMSI mapping for a single MS for network-initiated PDP requests from a particular APN, use the gprs ni-pdp ip-imsi single global configuration command. To remove the static mapping, use the no form of this command.
gprs ni-pdp ip-imsi single apn-index ip-address imsi
no gprs ni-pdp ip-imsi single apn-number ip-address imsi
Syntax Description
Defaults
No default behavior or values.
Command Modes
Global configuration
Command History
Usage Guidelines
The GGSN supports a single IP address and APN combination for the gprs ni-pdp ip-imsi single command. The IMSI must be unique for each IP and APN combination.
You can configure multiple instances of the gprs ni-pdp ip-imsi single command.
In addition to configuring the gprs ni-pdp ip-imsi single command, you must configure the following other commands to support network-initiated PDP requests on the GGSN:
•gprs default map-converting-gsn
•network-request-activation
Note The IMSI digits are packed in the same format as the TID. The second to last hexadecimal digit is overwritten as "F", resulting in a 15-digit hexadecimal IMSI.
Examples
The following example configures a static IP address 10.10.10.10 for a network-initiated PDP request from access point 200 for an MS with an IMSI of 18273645546374.
gprs ni-pdp ip-imsi single 200 10.10.10.10 18273645546374
gprs default map-converting-gsn 172.16.10.10
!
gprs access-point-list abc
access-point 200
network-request-activation
Note that the gprs default map-converting-gsn global configuration command and the network-request-activation command at access point 200 are also required to implement the network-initiated PDP support at access point 200.
Related Commands
gprs ni-pdp pdp-buffer
To specify the maximum size of the GGSN buffer to be used for each network-initiated PDP request, use the gprs ni-pdp pdp-buffer global configuration command. To return to the default value, use the no form of this command.
gprs ni-pdp pdp-buffer number
no gprs ni-pdp pdp-buffer number
Syntax Description
number |
Number of bytes from 0 to 65535. The default is 2000. |
Defaults
2000 bytes
Command Modes
Global configuration
Command History
Usage Guidelines
The GGSN supports three options that together determine the maximum possible memory that the GGSN allocates to buffer any PDU data before a network-initiated PDP request has completed:
•Maximum number of PDP contexts allowed
•Maximum network-initiated PDP percentage
•Maximum buffer size per network-initiated PDP request
Use the following formula to determine the maximum possible memory that the GGSN allocated for buffering of any PDU data for each network-initiated PDP request. The corresponding value for each command should be substituted into the following equation:
(gprs maximum-pdp-context-allowed x gprs ni-pdp percentage / 100) x gprs ni-pdp pdp-buffer
By default, the GGSN allocates the following amount of memory for network-initiated PDP request data buffering: (10000 x 10/100) x 2000 bytes = 2,000,000 bytes.
Use the gprs maximum-pdp-context-allowed command to configure the total maximum number of active PDP contexts supported by the GGSN—both mobile-initiated and network-initiated PDP requests combined. The maximum number of PDP contexts supported on the GGSN is router dependent. For more information, see the "Restrictions" section in the "Planning to Configure the GGSN" chapter of the Cisco IOS Mobile Wireless Configuration Guide.
The GGSN allocates buffer space as needed and does not preallocate memory. Therefore, it is possible that other functions requiring memory by the GGSN can prevent memory from being available for allocation to the network-initiated PDP requests—even though the buffer has been configured.
In addition, if an entire PDU requiring caching does not fit in the remaining available buffer space, the PDU is discarded.
Examples
The following example configures 3000 bytes as the maximum size of the GGSN buffer to be used for each network-initiated PDP request:
gprs ni-pdp pdp-buffer 3000
Related Commands
gprs ni-pdp percentage
To specify the maximum number of PDP contexts on the GGSN that can be network-initiated, as a percentage of the maximum number of PDP contexts allowed on the GGSN, use the gprs ni-pdp percentage global configuration command. To return to the default value, use the no form of this command.
gprs ni-pdp percentage percentage-number
no gprs ni-pdp percentage percentage-number
Syntax Description
percentage-number |
Percentage from 0 to 100 of the total number of PDP contexts that can be network-initiated. The default is 10 percent. |
Defaults
10 percent
Command Modes
Global configuration
Command History
Usage Guidelines
The GGSN supports three options that together determine the maximum possible memory that the GGSN allocates to buffer any PDU data before a network-initiated PDP request has completed:
•Maximum number of PDP contexts allowed
•Maximum network-initiated PDP percentage
•Maximum buffer size per network-initiated PDP request
Use the following formula to determine the maximum possible memory that the GGSN allocated for buffering of any PDU data for each network-initiated PDP request. The corresponding value for each command should be substituted into the following equation:
(gprs maximum-pdp-context-allowed x gprs ni-pdp percentage / 100) x gprs ni-pdp pdp-buffer
By default, the GGSN allocates the following amount of memory for network-initiated PDP request data buffering: (10000 x 10/100) x 2000 bytes = 2,000,000 bytes.
Use the gprs maximum-pdp-context-allowed command to configure the total maximum number of active PDP contexts supported by the GGSN—both mobile-initiated and network-initiated PDP requests combined. The maximum number of PDP contexts supported on the GGSN is router dependent. For more information, see the Restrictions section of the "Planning to Configure the GGSN" chapter in the Cisco IOS Mobile Wireless Configuration Guide.
The GGSN allocates buffer space as needed and does not preallocate memory. Therefore, it is possible that other functions requiring memory by the GGSN can prevent memory from being available for allocation to the network-initiated PDP requests—even though the buffer has been configured.
Examples
The following example configures 25 percent as the maximum number of network-initiated PDP requests supported by the GGSN:
gprs ni-pdp percentage 25
Related Commands
gprs qos default-response requested
To specify that the GGSN sets its default QoS values in the response message exactly as requested in the create PDP context request message, use the gprs qos default-response requested global configuration command. To return to the default QoS, use the no form of this command.
gprs qos default-response requested
no gprs qos default-response requested
Syntax Description
This command has no arguments or keywords.
Defaults
Disabled. The GGSN sets its QoS default to the best-effort class.
Command Modes
Global configuration
Command History
Usage Guidelines
The gprs qos default-response requested command is only useful when canonical QoS is not configured on the GGSN. Canonical QoS is enabled using the gprs qos map canonical-qos command.
When canonical QoS is not enabled, and the gprs qos default-response requested command has not been configured on the GGSN, the GGSN always sets its QoS values to best-effort in the response message.
Examples
The following example enables the GGSN to set its QoS values in the response message according to the QoS values requested in the create PDP context request message:
gprs qos default-response requested
Related Commands
|
|
|
|---|---|
Enables mapping of GPRS QoS categories to a canonical QoS method that includes best-effort, normal, and premium QoS classes. |
gprs qos map canonical-qos
To enable mapping of GPRS QoS categories to a canonical QoS method that includes best-effort, normal, and premium QoS classes, use the gprs qos map canonical-qos global configuration command. To disable canonical mapping, use the no form of this command.
gprs qos map canonical-qos
no gprs qos map canonical-qos
Syntax Description
This command has no arguments or keywords.
Defaults
Canonical QoS mapping is disabled.
Command Modes
Global configuration
Command History
Usage Guidelines
Use the qprs qos map canonical-qos command to map GPRS QoS into the following canonical categories: best effort, normal, and premium.
Examples
The following example shows canonical QoS mapping enabled:
qos map canonical-qos
Related Commands
gprs qos map delay
To enable mapping of GPRS QoS categories to delay QoS classes, use the gprs qos map delay global configuration command. To disable delay mapping, use the no form of this command.
gprs qos map delay
no gprs qos map delay
Syntax Description
This command has no arguments or keywords.
Defaults
Disabled
Command Modes
Global configuration
Command History
Usage Guidelines
Use the gprs qos map delay command to enable QoS delay mapping on the GGSN. To map the QoS delay classes (class 1, class 2, class 3, and best effort) to IP type of service (ToS) categories, use the gprs delay-qos map tos command.
Examples
The following example enables delay QoS mapping:
gprs qos map delay
Related Commands
gprs radius msisdn first-byte
To specify that the first byte of the Mobile Stations International PSTN/ISDN (MSISDN) information element (IE) is included in a Remote Access Dial-In User Service (RADIUS) request, use the gprs radius msisdn first-byte global configuration command. To remove the first byte from the MSISDN IE in a RADIUS request, use the no form of this command.
gprs radius msisdn first-byte
no gprs radius msisdn first-byte
Syntax Description
This command has no arguments or keywords.
Defaults
The first byte is not included.
Command Modes
Global configuration
Command History
Usage Guidelines
Use the gprs radius msisdn first-byte command when configuring RADIUS security on the GGSN.
The first octet of an MSISDN IE using E.164 addressing is 91 in hexadecimal, that is 10010001. In this 91 code, the 1 is the extension bit, 001 is the international number, and 0001 indicates E.164 numbering.
Examples
The following example specifies that the first byte of the MSISDN IE is included in a RADIUS request:
gprs radius msisdn first-byte
gprs slb cef
To identify the IP address of the GGSN virtual server to CEF, use the gprs slb cef global configuration command. To remove the IP address identification, use the no form of this command.
gprs slb cef virtual-server-address
no gprs slb cef virtual-server-address
Syntax Description
virtual-server-address |
IP address of the GGSN virtual server instance used by clients to connect to the server farm. (This virtual IP address is also a loopback address on the GGSN.) |
Defaults
No default behavior or values.
Command Modes
Global configuration
Command History
Usage Guidelines
This command is required if the GGSN is using CEF switching. If the GGSN is not using CEF switching, do not use this command.
Note For more information about configuring GPRS load balancing, see the IOS Server Load Balancing, 12.1(9)E documentation located at Cisco.com at the following URL:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121limit/121e/121e9/index.htm
Examples
The following example identifies the IP address of the GGSN virtual server, 10.0.0.13, to CEF:
gprs slb cef 10.0.0.13
Related Commands
|
|
|
|---|---|
interface loopback |
Creates a loopback interface. |
ip cef |
Enables CEF on the RP card. |
virtual (virtual server) |
Configures the virtual server attributes. |
gtp response-message wait-accounting
To configure the GGSN to wait for a RADIUS accounting response before sending a create PDP context response to the SGSN, for create PDP context requests received at a particular APN, use the gtp response-message wait-accounting access-point configuration command. To configure the GGSN to send a create PDP context response to the SGSN after sending a RADIUS start accounting message to the RADIUS server (without waiting for a response from the RADIUS accounting server), use the no form of this command.
gtp response-message wait-accounting
no gtp response-message wait-accounting
Syntax Description
This command has no arguments or keywords.
Defaults
The GGSN sends a create PDP context response to the SGSN after sending a RADIUS start accounting message to the RADIUS accounting server. The GGSN does not wait for a RADIUS accounting response from the RADIUS accounting server.
Command Modes
Access-point configuration
Command History
Usage Guidelines
Use the gtp response-message wait-accounting command to configure the GGSN to wait for a RADIUS accounting response from the RADIUS accounting server, before sending a create PDP context response to the SGSN.
If the GGSN does not receive a response from the RADIUS accounting server when you have configured the gtp response-message wait-accounting command, then the GGSN rejects the PDP context request.
The GGSN supports configuration of RADIUS response message waiting at both the global and access-point configuration levels. You can minimize your configuration by specifying the configuration that you want to support across most APNs, at the global configuration level. Then, at the access-point configuration level, you can selectively modify the behavior that you want to support at a particular APN. Therefore, at the APN configuration level, you can override the global configuration of RADIUS response message waiting.
To configure the GGSN to wait for a RADIUS accounting response as the default behavior for all APNs, use the gprs gtp response-message wait-accounting global configuration command. To disable this behavior for a particular APN, use the no gtp response-message wait-accounting access-point configuration command.
To verify whether RADIUS response message waiting is enabled or disabled at an APN, you can use the show gprs access-point command and observe the value reported in the wait_accounting output field.
Examples
The following examples show only a partial configuration of the GGSN, to highlight those commands related to implementing RADIUS response message waiting. Additional configuration statements are required to complete a full configuration of the GGSN.
Example 1
The following example configures the GGSN to wait for an accounting response from the RADIUS server before sending a create PDP context response to the SGSN, for PDP context requests at access-point 1:
aaa new-model
!
aaa group server radius foo
server 10.2.3.4
server 10.6.7.8
!
aaa authentication ppp foo group foo
aaa authorization network default group radius
aaa accounting exec default start-stop group foo
!
gprs access-point-list gprs
access-point 1
access-mode non-transparent
access-point-name www.pdn1.com
aaa-group authentication foo
gtp response-message wait-accounting
!
radius-server host 10.2.3.4 auth-port 1645 acct-port 1646 non-standard
radius-server host 10.6.7.8 auth-port 1645 acct-port 1646 non-standard
radius-server key ggsntel
Example 2
The following example globally configures the GGSN to wait for a RADIUS accounting response from the RADIUS server before sending a create PDP context response to the SGSN. The GGSN waits for a response for PDP context requests received across all access points, except access-point 1. RADIUS response message waiting has been overridden at access-point 1 using the no gtp response-message wait-accounting command:
aaa new-model
!
aaa group server radius foo
server 10.2.3.4
server 10.6.7.8
!
aaa authentication ppp foo group foo
aaa authorization network default group radius
aaa accounting exec default start-stop group foo
!
gprs access-point-list gprs
access-point 1
access-mode non-transparent
access-point-name www.pdn1.com
aaa-group authentication foo
no gtp response-message wait-accounting
exit
access-point 2
access-mode non-transparent
access-point-name www.pdn2.com
aaa-group authentication foo
!
gprs gtp response-message wait-accounting
!
radius-server host 10.2.3.4 auth-port 1645 acct-port 1646 non-standard
radius-server host 10.6.7.8 auth-port 1645 acct-port 1646 non-standard
radius-server key ggsntel
Related Commands
ip-access-group
To specify access permissions between an MS and a PDN through the GGSN at a particular access point, use the ip-access-group access-point configuration command. To disable the input access list, use the no form of this command.
ip-access-group access-list-number {in | out}
no ip-access-group access-list-number {in | out}
Syntax Description
Defaults
No access list is enforced.
Command Modes
Access-point configuration
Command History
Usage Guidelines
Use the ip-access-group command to specify an access list that indicates whether users are given or denied permission to access the mobile station from the PDN through the GGSN using a specified access point.
Examples
The following example grants access-list 101 inbound access to the mobile station from the PDN through the GGSN:
access-list 101 permit ip 10.0.0.2 0.255.255.255 any
interface virtual-template 1
ip address 172.16.10.1 255.255.255.0
no ip directed-broadcast
encapsulation gtp
gprs access-point-list abc
!
gprs access-point-list abc
access-point 1
access-point-name gprs.somewhere.com
dhcp-server 10.100.0.3
ip-access-group 101 in
exit
!
ip-address-pool
To specify a dynamic address allocation method using IP address pools for the current access point, use the ip-address-pool access-point configuration command. To return to the default value, use the no form of this command.
ip-address-pool {dhcp-proxy-client | radius-client | disable}
no ip-address-pool {dhcp-proxy-client | radius-client | disable}
Syntax Description
Defaults
The global setting specified with the gprs default ip-address-pool command is used. The default value for the global configuration command is that IP address pools are disabled.
Command Modes
Access-point configuration
Command History
Usage Guidelines
You can specify an IP allocation method for an access point in two ways:
•Enter access-point configuration mode and use the ip-address-pool command to specify an IP address allocation method for the current access point.
•Specify a global value for the IP address pool by issuing the gprs default ip-address-pool command. In that case, you do not need to specify an address-pool method for the specific access point.
If you specify dhcp-proxy-client as the method for allocating IP addresses, then you must configure a DHCP server for IP address allocation. You can do this at the global configuration level using the gprs default-dhcp server command, or at the access point level using the dhcp-server command.
If you specify radius-client as the method for allocating IP addresses, then you must configure a RADIUS server for IP address allocation, configure AAA on the GGSN, and configure AAA server groups globally on the GGSN or at the access point. For more information about configuring RADIUS on the GGSN, refer to the Usage Guidelines section for the aaa-group and gprs default aaa-group commands.
Examples
The following example configures DHCP as the IP address pool allocation method for access-point 1 and specifies that the other access points use the global default, which is specified as RADIUS:
aaa new-model
!
aaa group server radius foo
server 10.2.3.4
server 10.6.7.8
aaa group server radius foo1
server 10.10.0.1
!
aaa authentication ppp foo group foo
aaa authentication ppp foo group foo1
aaa authorization network default group radius
aaa accounting exec default start-stop group foo
aaa accounting network foo1 start-stop group foo1
!
interface Loopback0
ip address 10.88.0.1 255.255.255.255
interface virtual-template 1
ip address 172.16.10.1 255.255.255.0
no ip directed-broadcast
encapsulation gtp
gprs access-point-list abc
!
gprs access-point-list abc
access-point 1
access-point-name gprs.pdn1.com
ip address-pool dhcp-proxy-client
aggregate auto
dhcp-server 10.100.0.3
dhcp-gateway-address 10.88.0.1
exit
!
access-point 2
access-point-name gprs.pdn2.com
access-mode non-transparent
aaa-group authentication foo
exit
!
gprs default ip-address-pool radius-client
!
radius-server host 10.2.3.4 auth-port 1645 acct-port 1646 non-standard
radius-server host 10.6.7.8 auth-port 1645 acct-port 1646 non-standard
radius-server host 10.10.0.1 auth-port 1645 acct-port 1646 non-standard
radius-server key ggsntel
Related Commands
msisdn suppression
To specify that the GGSN overrides the mobile station integrated services digital network (MSISDN) number with a pre-configured value in its authentication requests to a RADIUS server, use the msisdn suppression access point configuration command. To enable the GGSN to send the MSISDN number in authentication requests to a RADIUS server, use the no form of the command.
msisdn suppression [value]
no msisdn suppression [value]
Syntax Description
Defaults
The MSISDN number is suppressed, and no ID string is sent to the RADIUS server in place of the MSISDN number.
Command Modes
Access point configuration
Command History
Usage Guidelines
Certain countries have privacy laws which prohibit service providers from identifying the MSISDN number of mobile stations in authentication requests. Use the msisdn suppression command to specify a value that the GGSN sends in place of the MSISDN number in its authentication requests to a RADIUS server. If no value is configured, then no number is sent to the RADIUS server.
To use the msisdn suppression command, you must configure a RADIUS server either globally or at the access point and specify non-transparent access mode.
Examples
The following example will override the MSISDN ID sent in the create request and will not send any ID to the RADIUS server:
gprs access-point-list abc
access-point 1
radius-server 192.168.1.1
access-mode non-transparent
msisdn suppression
Related Commands
network-request-activation
To enable an access point to support network-initiated PDP requests, use the network-request-activation access-point configuration command. To disable support for network-initiated PDP requests at an access point, use the no form of this command.
network-request-activation
no network-request-activation
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
Access-point configuration
Command History
Usage Guidelines
In addition to configuring the network-request-activation command, you must configure the following other commands to support network-initiated PDP requests on the GGSN:
•gprs ni-pdp ip-imsi single
•gprs default map-converting-gsn
Examples
The following example shows how to enable support for network-initiated PDP requests at access point 200:
gprs access-point-list abc
access-point 200
network-request-activation
Related Commands
ppp-regeneration
To enable an access point to support PPP regeneration, use the ppp-regeneration access-point configuration command. To disable support for PPP regeneration at an access point, use the no form of this command.
ppp-regeneration [max-session number] [setup-time seconds]
no ppp-regeneration [max-session number] [setup-time seconds]
Syntax Description
Defaults
The default max-session value is 65535.
The default setup-time is 60 seconds.
Command Modes
Access-point configuration
Command History
Usage Guidelines
Use the ppp-regeneration command to enable an access point to support PPP regeneration and to specify parameters for PPP regeneration sessions on the GGSN.
Note PPP regeneration support at an access point requires CEF to be enabled on the RP using the ip cef command.
The maximum setup-time value should allow for the total amount of time required to create the PPP virtual access (VA) and to establish a PPP session. If the setup-time is reached before the PPP IP Control Protocol (IPCP) is up, the GGSN tears down the L2TP session, PPP VA, and PDP context.
The method of PPP configured to forward packets beyond the terminal equipment and mobile termination affects the maximum number of PDP contexts supported on the GGSN. For more information, see the "Configuring PPP Support on the GGSN" chapter of the Cisco IOS Mobile Wireless Configuration Guide for Cisco IOS Release 12.2(8)YD.
Examples
The following example shows a partial GGSN configuration for PPP regeneration, where PPP regeneration is enabled at access point 1. It specifies a maximum of 100 PPP regeneration sessions, with a limit of 30 seconds to create the PPP VA and establish a PPP session:
gprs access-point-list abc
access-point 1
access-point-name gprs.corporate.com
ppp-regeneration max-session 100 setup-time 30
exit
Related Commands
radius attribute suppress imsi
To specify that the GGSN suppress the Third Generation Partnership Project (3GPP) vendor-specific attribute (VSA) 3GGP-IMSI number in its authentication and accounting requests to a RADIUS server, use the radius attribute suppress imsi access point configuration command. To enable the GGSN to send the 3GPP VSA 3GPP-IMSI number in authentication and accounting requests to a RADIUS server, use the no form of the command.
radius attribute suppress imsi
no radius attribute suppress imsi
Syntax Description
This command has no arguments or keywords.
Defaults
The default is to send the 3GPP VSA 3GPP-IMSI number in authentication and accounting requests to a RADIUS server.
Command Modes
Access point configuration
Command History
|
|
|
|---|---|
12.2(8)YD |
This command was introduced. |
12.2(8)B |
This command was incorporated in Cisco IOS Release 12.2(8)B. |
Usage Guidelines
Use the radius attribute suppress imsi command to have GGSN suppress the 3GPP VSA 3GPP-IMSI number in its authentication and accounting requests to a RADIUS server.
Examples
The following example will not send the 3GPP VSA 3GPP-IMSI to the RADIUS server:
gprs access-point-list abc
access-point 1
radius attribute suppress imsi
Related Commands
radius attribute suppress qos
To specify that the GGSN suppress the 3GPP VSA 3GPP-GPRS-QoS-Profile in its authentication and accounting requests to a RADIUS server, use the radius attribute suppress qos access point configuration command. To enable the GGSN to send the 3GPP VSA 3GPP-GPRS-QoS-Profile in authentication and accounting requests to a RADIUS server, use the no form of the command.
radius attribute suppress qos
no radius attribute suppress qos
Syntax Description
This command has no arguments or keywords.
Defaults
The default is to send the 3GPP VSA 3GPP-GPRS-QoS-Profile in authentication and accounting requests to a RADIUS server.
Command Modes
Access point configuration
Command History
|
|
|
|---|---|
12.2(8)B |
This command was introduced. |
Usage Guidelines
Use the radius attribute suppress qos command to have GGSN suppress the 3GPP VSA 3GPP-GPRS-QoS-Profile in its authentication and accounting requests to a RADIUS server.
Examples
The following example will not send the 3GPP VSA 3GPP-GPRS-QoS-Profile to the RADIUS server:
gprs access-point-list abc
access-point 1
radius attribute suppress qos
Related Commands
radius attribute suppress sgsn-address
To specify that the GGSN suppress the 3GPP VSA 3GPP-SGSN-Address in its authentication and accounting requests to a RADIUS server, use the radius attribute suppress sgsn-address access point configuration command. To enable the GGSN to send the 3GPP VSA 3GPP-SGSN-Address in authentication and accounting requests to a RADIUS server, use the no form of the command.
radius attribute suppress sgsn-address
no radius attribute suppress sgsn-address
Syntax Description
This command has no arguments or keywords.
Defaults
The default is to send the 3GPP VSA 3GPP-SGSN-Address in authentication and accounting requests to a RADIUS server.
Command Modes
Access point configuration
Command History
|
|
|
|---|---|
12.2(8)B |
This command was introduced. |
Usage Guidelines
Use the radius attribute suppress sgsn-address command to have GGSN suppress the 3GPP VSA 3GPP-SGSN-Address in its authentication and accounting requests to a RADIUS server.
Examples
The following example will not send the 3GPP VSA 3GPP-SGSN-Address to the RADIUS server:
gprs access-point-list abc
access-point 1
radius attribute suppress sgsn-address
Related Commands
redirect intermobile ip
To redirect mobile-to-mobile traffic to an external device, use the redirect intermobile interface ip access-point configuration command. To disable the redirection of mobile-to-mobile traffic, use the no form of this command.
redirect intermobile ip ip-address
no redirect intermobile ip ip-address
Syntax Description
ip-address |
IP address of the external device to which you want to redirect mobile-to-mobile traffic. |
Defaults
Disabled
Command Modes
Access-point configuration
Command History
|
|
|
|---|---|
12.2(8)B |
This command was introduced. |
Usage Guidelines
Use the redirect intermobile ip access-point command to redirect mobile-to-mobile traffic to an external device (such as an external firewall) for verification.
Redirection of intermobile traffic does not occur on an ingress APN unless the TPDUs are exiting the same APN. In addition, redirection of TPDUs tunneled by L2TP from the ingress APN to the LNS of the PDN does not occur.
Note Redirection of intermobile traffic does not occur on an ingress APN unless the TPDUs are exiting the same APN. In addition, redirection of TPDUs tunneled by L2TP from the ingress APN to the LNS of the PDN does not occur.
Examples
The following example redirects mobile-to-mobile traffic to 5.5.5.13:
redirect intermobile ip 5.5.5.13
Related Commands
|
|
|
|---|---|
gprs plmn ip address |
Specifies the IP address range of a PLMN. |
security verify |
Specifies the verification of source and/or destination addresses. |
security verify
To enable the GGSN to verify the IP verification of IP addresses in TPDUs, use the security verify access-point configuration command. To disable the verification of IP addresses, use the no form of this command.
security verify {source | destination}
no security verify {source | destination}
Syntax Description
Defaults
Disabled
Command Modes
Access-point configuration
Command History
|
|
|
|---|---|
12.2(8)B |
This command was introduced. |
Usage Guidelines
Use the security verify source access point configuration command to configure the GGSN to verify the source IP address of an upstream TPDU against the address previously assigned to an MS.
When the security verify source command is configured on an APN, the GGSN verifies the source address of a TPDU before GTP will accept and forward it. If the GGSN determines that the address differs from that previously assigned to the MS, it drops the TPDU and accounts it as an illegal packet in its PDP context and APN. Configuring the security verify source access point configuration command protects the GGSN from faked user identities.
Use the security verify destination access point configuration command to have the GGSN verify the destination addresses of upstream TPDUs against global lists of PLMN addresses specified using the gprs plmn ip address command. If the GGSN determines that a destination address of a TPDU is within the range of a list of addresses, it drops the TPDU. If it determines that the TPDU contains a destination address that does not fall within the range of a list, it forwards the TPDU to its final destination.
Note The security verify destination command is not applied to APNs using VRF. In addition, the verification of destination addresses does not apply to GTP-PPP regeneration or GTP-PPP with L2TP.
Examples
The following example enables the verification of source IP addresses received in upstream TPDUs:
security verify source
Related Commands
service gprs ggsn
To configure a router for gateway GPRS support node functions, use the service gprs ggsn command. To disable GGSN functionality, use the no form of this command.
service gprs ggsn
no service gprs ggsn
Syntax Description
This command has no keywords or arguments.
Defaults
Disabled
Command Modes
Global configuration
Command History
Usage Guidelines
Use the service gprs ggsn command to configure the router as a gateway GPRS support node.
Examples
The following example configures the router as a GGSN:
service gprs ggsn
service gprs gtp-director
To configure a router for GTP Director Module (GDM) functions, use the service gprs gtp-director command. To disable GDM functionality, use the no form of this command.
service gprs gtp-director
no service gprs gtp-director
Syntax Description
This command has no keywords or arguments.
Defaults
Disabled
Command Modes
Global configuration
Command History
Usage Guidelines
Use the service gprs gtp-director command to configure the router for GTP director module (GDM) services. The router cannot be configured to provide GGSN and GDM services at the same time.
Examples
The following example configures the router as a GTP director:
service gprs gtp-director
Related Commands
session idle-time
To specify the time that the GGSN waits before purging idle mobile sessions for the current access point, use the session idle-time access-point configuration command. To disable the idle timer at the access point, use the no form of this command.
session idle-time number
no session idle-time number
Syntax Description
number |
Number of hours between 1 and 168. |
Defaults
No session idle timer is configured on the access point.
Command Modes
Access-point configuration
Command History
Usage Guidelines
The GGSN implements the idle timer in 3 ways. These implementations are listed in the order in which the GGSN processes them.
•Radius server—If the access-point is configured for non-transparent access mode and the Radius server returns a session timeout attribute, then the GGSN uses the session idle timeout value from the Radius server.
•Access-point—If the access-point is configured for transparent access mode, or is in non-transparent access mode and the Radius server does not return a session idle timeout value, the GGSN uses the value that you specified for the session idle-time command.
•Global timer—If the GGSN does not get a session idle timeout value from the Radius server or the access-point, it uses the value that you specified in the gprs idle-pdp-context purge-timer command.
The session idle-time command value overrides the value configured in the gprs idle-pdp-context purge-timer command for that access-point.
When the session reaches the timeout value, the PDP context is deleted.
Use the show gprs gtp pdp-context tid command to view the session idle-time value. The value is shown in the "gtp pdp idle time" field.
Examples
The following example specifies that the GGSN waits for 5 hours before purging idle time sessions for access-point 1. The GGSN waits for 60 hours before purging idle time sessions for all access points except access-point 1:
gprs access-point-list abc
access-point 1
access-point-name gprs.pdn1.com
session idle-time 5
gprs idle-pdp-context purge-timer 60
Related Commands
|
|
|
|---|---|
Specifies the time that the GGSN waits before purging idle mobile sessions. |
|
Displays a list of the currently active PDP contexts (mobile sessions). |
Feedback