This command allows you to configure the action priority for a ruledef / group-of-ruledefs in the current rulebase.

no

If previously configured, deletes the specified action priority configuration from the current rulebase.

priority action_priority

Specifies a priority for the specified ruledef / group-of-ruledefs in the current rulebase.

action_priority must be unique in the current rulebase, and must be an integer from 1 through 65535.

The priority controls the order in which this instance of the CLI command will be examined. Lower numbered priorities are examined first.

Up to 2048 instances may be configured, totaled among all rulebases in releases prior to 21.1. In 21.1 and later releases, up to 2500 instances can be configured.

Important

If there are any changes to action priority and the Override Control/Inheritance feature is enabled, then execute the CLI command "update active-charging override-control rulebase-config ". For more information on this command, see the Command Line Interface Reference.

dynamic-only

Enables matching of dynamic rules with static rules for this action priority on a flow.

Configuring the dynamic-only keyword causes the configuration to be defined, but not enabled. If enabled, the action associated with this option will not be matched against a flow until it is enabled from a dynamic charging interface like Gx. Gx can disable or enable this action entry in the rulebase using Gx messages.

Default: Disabled

adc

Specifies the ruledef to-be given as ADC rule. This keyword is optional and only visible when configured with the dynamic-only keyword.

Default: Disabled

mute

Disables application reporting to PCRF. This keyword is optional and visible only after configuring the adc keyword.

Default: Disabled

static-and-dynamic

The static-and-dynamic option causes the configuration to be defined and enabled, and allows a dynamic protocol (such as the Gx interface) to disable or re-enable the configuration.

Default: Enabled

Important

When R7 Gx is enabled, "static-and-dynamic" rules behave exactly like "dynamic-only" rules. That is, they must be activated explicitly by the Policy and Charging Rules Function (PCRF). When Gx is not enabled, "static-and-dynamic" rules behave exactly like static rules.

timedef timedef_name

Important

This keyword is only available in StarOS 8.1 and StarOS 9.0 and later releases.

Associates the specified time definition with the ruledef / group-of-ruledefs. Timedefs activate or deactivate ruledefs / groups-of-ruledefs, making them available for rule matching only when they are active.

timedef_name must be the name of a timedef, and must be an alphanumeric string of 1 through 63 characters.

A timedef can be used with several ruledefs / group-of-ruledefs. When a packet is received, and a ruledef / group-of-ruledefs is eligible for rule matching, if a timedef is associated with the ruledef / group-of-ruledefs, before rule matching the packet-arrival time is compared with the timeslots configured in the timedef. If the packet arrived in any of the timeslots configured in the associated timedef, rule matching is undertaken, else the next ruledef / group-of-ruledefs is considered.

Important

The time considered for timedef matching is the system's local time.

ruledef ruledef_name

Adds the specified ruledef to the current rulebase.

ruledef_name must be the name of a ruledef, and must be an alphanumeric string of 1 through 63 characters.

If the specified ruledef does not exist, there will be no ruledef triggers for this action priority within the current rulebase.

Important

If the ruledef specified here is deleted or is not configured, the system accepts it without applying any ruledef under current rulebase for this action priority.

group-of-ruledefs ruledefs_group_name

Adds the specified group-of-ruledefs to the current rulebase.

ruledefs_group_name must be the name of a group-of-ruledefs, and must be an alphanumeric string of 1 through 63 characters.

When a group-of-ruledefs is specified, if any of the ruledefs within the group matches, the specified charging-action is applied, any more of the action instances are not processed.

Important

If the group-of-ruledefs specified here is deleted or is not configured, the system accepts it without applying any ruledefs under current rulebase for this action priority.

charging-action charging_action_name

Specifies the charging action.

charging_action_name must be the name of a charging action, and must be an alphanumeric string of 1 through 63 characters.

If the specified charging action does not exist, there will be no charging action triggers for this action priority within the current rulebase.

Important

If the charging action specified here is not configured or is later deleted, the system will not apply any charging action under current rulebase for this action priority.

monitoring-key monitoring_key

Associates the specified monitoring-key with ruledefs for usage monitoring.

monitoring_key must be an integer from 1 through 4000000000.

description description

Adds specified text to the rule and action.

description must be an alphanumeric string of 1 through 63 characters.

This command allows you to enforce default rating group / service identifier on all PCC rules, predefined ACS rules, and static ACS rules for Rf-based accounting.

default

Configures this command with its default setting.

Default: Override configuration is disabled; same as no.

no

Disables the override configuration.

no active-charging rf rating-group-override : Rating group override will not be enforced on the PCC rules, predefined ACS rules, and static ACS rules. If any of these rules have their own rating group, it will continue to use that.

no active-charging rf service-id-override : Service ID override will not be enforced on the PCC rules, predefined ACS rules, and static ACS rules. If any of these rules have their own service ID, it will continue to use that.

rating-group-override rating_group

Enforces the specified rating group on all PCC rules, predefined ACS rules, and static ACS rules. If any of these rules have their own rating group, it will be overridden by the specified rating group.

rating_group must be an integer from 1 through 65535.

service-id-override service_id

Enforces the specified service ID on all PCC rules, predefined ACS rules, and static ACS rules. If any of these rules have their own service ID, it will be overridden by the specified service ID.

service_id must be an integer from 1 through 65535.

This command allows you to configure a single "application start" or "application stop" notification for the ADC flow matching per rule is sent to the PCRF.

no

Disables the ADC notifications and ADC notifications are sent as per default behavior.

adc

Configures the ADC notifications.

notify

Configures the application notification. If this keyword is not configured, ADC notifications are sent as per default behavior.

once

Configures the application notification only once. PCRF takes the priority.

This command enables APP_STOP buffering.

Note	In 21.3.12 and later releases, the notify command is deprecated. The notify command has been replaced by the app-notification command.

no

Disables the ADC notifications and ADC notifications are sent as per default behavior.

adc

Configures the ADC notifications.

app-notification

This command enables APP_STOP buffering. A maximum of five APP_STOP messages is buffered per flow.

once-per-app

Notifies APP_START or APP_STOP notification once per App ID.

once-per-ipflow

Notifies APP_START or APP_STOP notifications per App ID per IP flow.

This command allows you to configure the default bandwidth policy for the current rulebase.

no

If previously configured, deletes the bandwidth default-policy configuration from the current rulebase.

bandwidth_policy_name

Specifies the default bandwidth policy for the current rulebase.

bandwidth_policy_name must be the name of a bandwidth policy, and must be an alphanumeric string of 1 through 63 characters.

fallback-enabled

Determines whether policy under rulebase can be applied as a fallback value. Fallback is disabled by default.

This command allows you to configure the type of billing to be performed for subscriber sessions.

no

If previously configured, deletes the billing-records configuration from the current rulebase.

egcdr

Generates an enhanced G-CDR (eG-CDR) for GGSN / P-GW-CDR for P-GW, and/or UDR with specified format on the occurrence of an interim trigger condition at the end of a subscriber session, or an SGSN-to-SGSN handoff.

radius

Generates postpaid RADIUS accounting records at the start and end of a subscriber session, and on the occurrence of an interim trigger condition. RADIUS accounting records are generated for each content ID.

Important

In the GGSN, if in the APN configuration the "accounting-mode" is set to "none", the system continues to send ACS-generated RADIUS accounting messages. In the PDSN, if in the subscriber default configuration the "accounting-mode" is set to "none", the system does not send any RADIUS accounting messages (including ACS accounting messages).

rf

Enables Rf accounting.

Rf accounting is applicable only for dynamic and predefined rules that are marked for it. Dynamic rules have a field offline-enabled to indicate this. To mark a predefined rule as offline-enabled, use this keyword and the billing-action command in the ACS Charging Action Configuration Mode.

udr udr-format udr_format_name

Generates UDRs with specified the format on the occurrence of an interim trigger condition, at the end of a subscriber session, or a handoff.

udr_format_name must be the name of an UDR format, and must be an alphanumeric string of 1 through 63 characters.

+

Indicates that more than one of the keywords can be entered in a single command.

This command allows you to specify the Diameter sub-AVPs to be included in the Diameter group AVP "Requested-Service-Unit" sent with DCCA Credit Control Requests (CCRs).

no

No sub-AVPs are included in the Requested-Service-Unit grouped AVP.

time cc-time duration

Specifies requested service unit for charging time duration in seconds in included sub-AVP.

duration specifies charging time in seconds, and must be an integer from 1 through 4000000000.

units cc-service-specific-units charging_unit

Specifies requested service unit by service specific units in bytes/packets in included sub-AVP.

charging_unit specifies service-specific charging unit and must be an integer from 1 through 4000000000.

volume { cc-input-octets bytes | cc-output-octets bytes | cc-total-octets bytes } +

Specifies requested service unit for charging octets by input, output, and total volume in included sub AVP.

+ : Indicates that more than one of the previous keywords can be entered within a single command.

This command allows you to configure various time- and threshold-based quotas in the Prepaid Credit Control Service (Credit Control Application).

holding-time holding_time

Specifies the value for the Quota Holding Time (QHT). QHT is used with both time-based and volume-based quotas. After holding_time seconds has passed without user traffic, the quota is reported back and the charging stops until new traffic starts.

holding_time must be an integer from 1 through 4000000000.

content-id content_id

Specifies the content ID (Rating group AVP) to use for the Quota holding time for the current rulebase.

content_id is the content ID specified for credit control service in ACS.

In 12.1 and earlier releases, content_id must be an integer from 1 through 65535.

In 12.2 and later releases, content_id must be an integer from 1 through 2147483647.

retry-time retry_time [ max-retries retries ]

Specifies the retry time for the quota request, in seconds.

retry_time must be an integer from 0 through 86400. To disable this assign 0.

Default: 60

This parameter defines the maximum frequency at which the Credit-Control Application (CCA) tries to obtain quota for a subscriber passing traffic for a category with no/exhausted quota.

For a subscriber not passing traffic, the CCA will not try to obtain quota (except once at session start time, if so configured). The quota request from the no quota state is sent in response to user packets only (never based on a timer).

When subscriber hits a charging action that is a flow redirect, the operator can optionally specify that this redirection shall clear the retry-time timer.

This allows the immediately following chargeable user traffic to trip a quota request, even if it would otherwise have been subject to the retry time limit. Such configuration allows quite a large value for retry-time in quota charging or a top-up scenario.

max-retries retries configures the maximum number of retries allowed for blacklisted categories. This option has a default value of 65535 retries (the maximum value).

retries must be an integer from 1 through 65535. To disable the max-retries CLI command, use the cca quota retry-time retry_time CLI command.

To disable the cca quota retry-time command, use the no variant of the command, that is to say no cca quota retry-time .

This command allows you to specify the algorithm to compute time duration for Prepaid Credit Control Application quotas in the current rulebase.

no

If previously configured, deletes the quota time-duration algorithm configuration from the current rulebase.

default

Configures this command with its default setting.

consumed-time seconds

Specifies the Quota Consumption Time (QCT) in seconds. QCT is used with active time-based quotas and to determine chargeable time envelopes for consuming time quota.

seconds must be an integer from 1 through 4294967295.

Default: 0 (disabled)

A time envelope is the basis for reporting active usage. For each time envelope, the quota consumption includes the last QCT (duration between first packet and last packet + QCT).

plus-idle

Specifies the idle time for QCT.

When used along with consumed-time it indicates the active usage + idle time, when no traffic flow occurs.

continuous-time-periods seconds

Specifies the charging quota continuous period, in seconds.

seconds must be an integer from 1 through 4294967295.

Default: 0 (disabled)

The Continuous Time Periods (CTP) mechanism constructs time-envelopes from consecutive base time intervals in which traffic has occurred up to and including a base time interval which contains no traffic. As with Quota-Consumption-Time envelopes, the end of an envelope can only be determined "retrospectively". Again, as with Quota-Consumption-Time, the envelope for CTP includes the last base time interval (the one which contained no traffic).

parking-meter seconds

Specifies the Parking Meter (PM) period, in seconds, for a particular rating group.

seconds must be an integer from 1 through 4294967295.

Default: 0 (disabled)

This mechanisms utilizes time quota, but instead of consuming linearly—once a decision to consume has been taken—the granted quota is consumed discretely in "chunks" of the base time interval at the start of each base time interval. Traffic is then allowed to flow for the period of the consumed quota.

The time interval seconds defines the length of the Parking Meter. A time-envelope corresponds to exactly one PM (and thus to one base time interval).

content-id content_id

Specifies the content ID (Rating group AVP) to use for the CCA Quota time duration algorithm selection in the current rulebase.

content_id is the content ID specified for credit control service in ACS.

In 12.1 and earlier releases, content_id must be an integer from 1 through 65535.

In 12.2 and later releases, content_id must be an integer from 1 through 2147483647.

This command allows you to configure how often interim updates are generated by the RADIUS Credit Control Application to be sent to the prepaid server.

default

Configures the command with its default setting.

Default: Disabled; same as no cca radius accounting interval

no

Disables interim updates.

interval

Specifies the time interval, in seconds, between interim updates generated by the RADIUS Credit Control Application.

interval must be an integer from 1 through 3600.

Default: 1 (Disabled)

This command allows you to specify the RADIUS servers used for the current rulebase when RADIUS credit control is enabled.

no

RADIUS credit control will not be performed.

vpn_context

Specifies the charging context where RADIUS prepaid charging parameters are configured.

vpn_context must be an alphanumeric string of 1 through 79 characters.

group server_group_name

Specifies the RADIUS server group.

server_group_name must be the name of a RADIUS server group, and must be an alphanumeric string of 1 through 63 characters.

This command allows you to configure the value to use for the "User-Password" attribute in RADIUS messages sent to the prepaid server.

no

If previously configured, deletes the RADIUS prepaid service user password configured in the current rulebase.

[ encrypted ] password password

Specifies the password for prepaid services within the current rulebase.

In 12.1 and earlier releases, password must be an alphanumeric string of 1 through 63 characters with or without encryption.

In 12.2 and later releases, password must be an alphanumeric string of 1 through 63 characters without encryption, and 1 through 132 characters with encryption enabled.

The encrypted keyword is intended only for use by the system while saving configuration scripts. The system displays the encrypted keyword in the configuration file as a flag that the variable following the password keyword is the encrypted version of the plain text password. Only the encrypted password is saved as part of the configuration file.

This command allows you to enable/disable overriding charging parameters of static rule with those of an ip-any rule or a specified dynamic rule.

default

Configures this command with its default setting.

Default: Disables overriding charging parameters of static rule with those of an ip-any or a specified dynamic rule.

no

Disables overriding charging parameters of static rule with those of an ip-any or a specified dynamic rule.

custom1

Specifies overriding Online/Offline, Service ID, Content ID, Flow Control, ARP, and QCI.

use-rule dynamic_rule_name

Optional: Specifies the dynamic rule to inherit charging parameters from. If a dynamic rule name is not specified, the charging properties will be inherited from any dynamic rule.

dynamic_rule_name specifies name of the dynamic rule, and must be an alpha and/or numeric string of 1 through 63 characters in length.

This command allows you to configure the internal optimization level to use, for improved performance, when evaluating each instance of the action priority command.

default

Configures this command with its default setting.

Default: In 11.0 and later releases: high In 10.0 and earlier releases: low

high

Enables the highest level of optimization with high memory utilization.

low

Enables minimal level of optimization with minimal memory utilization.

medium

Important

In 11.0 and later releases, the medium keyword is deprecated.

Enables medium level of optimization with moderate memory utilization.

This command configures micro checkpoint syncup timer for ICSR and Session Recovery for Rf-Gy synchronization.

no

If the micro checkpoint syncup timer is already configured, then the no variant will delete the configuration.

sr timer_value

Configures micro check-pointing timer for Session Recovery (SR). By default, the session recovery check-pointing will be done on 8 seconds.

timer_value : Time configured will be in multiples of 2 seconds. Note that the timer value less than 4 seconds and greater than 60 seconds will not be accepted.

icsr timer_value

Configures micro check-pointing timer for ICSR. By default, the ICSR check-pointing will be done on 18 seconds.

timer_value : Time configured will be in multiples of 2 seconds. Note that the timer value less than 4 seconds and greater than 60 seconds will not be accepted.

This command allows you to configure the Bandwidth, Content Based Billing (CBB), and Firewall/Firewall-and-NAT constituent policies. The combination of the values of all three policies will uniquely identify the associated rulebase.

no

If previously configured, deletes the constituent-policies configuration from the current rulebase.

bandwidth-policy bandwidth_policy_name

Specifies the Bandwidth policy.

bandwidth_policy_name must be the name of a bandwidth policy, and must be an alphanumeric string of 1 through 63 characters.

cbb-policy cbb_policy_name

Specifies the Content Based Billing (CBB) policy.

cbb_policy_name must be the name of a CBB policy, and must be an alphanumeric string of 1 through 63 characters.

firewall-policy fw_policy_name

Important

This keyword is customer specific. For more information, please contact your Cisco account representative.

Specifies the Stateful Firewall policy.

fw_policy_name must be the name of a Stateful Firewall policy, and must be an alphanumeric string of 1 through 63 characters.

fw-and-nat-policy fw_nat_policy_name

Important

This keyword is customer specific, and is only available in StarOS 8.1 and in StarOS 9.0 and later releases.

Specifies the Firewall-and-NAT policy.

fw_nat_policy_name must be the name of a Firewall-and-NAT policy, and must be an alphanumeric string of 1 through 63 characters.

This command allows you to configure the Content Filtering Category Policy Identifier for Policy-based Content Filtering support in the current rulebase.

no

If previously configured, deletes the configuration from the current rulebase.

In StarOS 8.1 and later releases, optionally the policy ID can be specified. If the specified policy ID is invalid, or is not configured in the rulebase, an error message is displayed. If no policy ID is specified, whatever policy is configured, if any, is removed from the rulebase.

content-filtering category policy-id cf_policy_id

Configures the specified Content Filtering Category Policy in the current rulebase.

cf_policy_id must be the ID of an existing Content Filtering Category Policy, and must be an integer from 1 through 4294967295.

Important

If the specified Content Filtering Category Policy does not exist, all packets will be passed regardless of the categories/actions determined for such packets.

Important

The category policy ID that is configured using the category policy-id cf_policy_id command in the APN/Subscriber Configuration Mode prevails over this configuration.

This command allows you to specify action to take on Content Filtering packets in the case of ACS error scenarios.

default

Configures this command with its default setting.

Default: permit

deny

Configures flow-any-error configuration as deny.

All the denied packets will be accounted for by the discarded-flow-content-id configuration in the Content Filtering Policy Configuration Mode. This content ID will be used to generate UDRs for packets denied via content filtering.

permit

Configures flow-any-error configuration as permit.

This command allows you to enable/disable the specified Category-based Content Filtering mode in the current rulebase.

no

If previously configured, deletes the content-filtering mode configuration from the current rulebase. Content filtering will not to be performed for the current rulebase. This is the default setting.

category { static-and-dynamic | static-only }

Specifies the Category-based Content Filtering mode.

Important

Before enabling static-and-dynamic rating in the rulebase, it must be enabled at the global level as the resources required for dynamic rating are allocated at the global level. To enable static-and-dynamic rating at the global level, in the Global Configuration Mode use the require active-charging content-filtering category static-and-dynamic command.

server-group cf_server_group

Enables and configures the Content Filtering Server Group (CFSG) mode within the rulebase to manage an external content filtering server with an Internet Content Adaptation Protocol (ICAP) client system.

cf_server_group must be the name of a CFSG, and must be unique, and must be an alphanumeric string of 1 through 63 characters.

If configured, ACS attempts to establish TCP connections to every server in the named group.

Configures the credit control group to be used for subscribers who use this rulebase.

no

Removes the credit-control group configuration from the current rulebase, if previously configured. This is the default setting.

cc_group_name

Specifies name of the credit-control group as an alphanumeric string of 1 through 63 characters.

Allows you to enter descriptive text for this configuration.

no

Clears the description for this configuration.

text

Enter descriptive text as an alphanumeric string of 1 to 100 characters.

If you include spaces between words in the description, you must enclose the text within double quotation marks (" "), for example, "AAA BBBB".

This command allows you to specify whether dynamic rules are matched before statically configured rules.

no

If previously configured, deletes the dynamic-rule order configuration from the current rulebase. By default, dynamic rules are matched against the flow prior to static rules.

always-first

Specifies to match all the dynamic rules against the flow prior to any static rule. This is the default value.

first-if-tied

Specifies to match rules against the flow based on their priority with the condition that dynamic rules match before a static rule of the same priority.

A rule is a combination of a ruledef, charging action, and precedence. Static rules are defined by the action CLI command in the ACS Rulebase Configuration Mode, and are applicable to all subscribers that are associated with the rulebase. Dynamic rules are obtained via a dynamic protocol, such as, the Gx-interface for a particular subscriber session.

This command configures generation of EDRs when the OCS is in unreachable state.

default

Configures this command with its default setting.

Default: Disabled

no

If previously configured, deletes the configuration from the current rulebase.

charging-edr charging_edr_format_name

Specifies to generate charging EDR during OCS unreachable period.

charging_edr_format_name must be the name of a charging EDR format, and must be an alphanumeric string of 1 through 63 characters.

edr-format edr_format_name

Specifies to generate EDR during OCS unreachable period.

edr_format_name must be the name of an EDR format, and must be an alphanumeric string of 1 through 63 characters.

reporting-edr reporting_edr_format_name

Specifies to generate reporting EDR during OCS unreachable period.

reporting_edr_format_name must be the name of a reporting EDR format, and must be an alphanumeric string of 1 through 63 characters.

This command configures generation of Event Detail Records (EDR) for P2P events. This command is associated with the Dynamic Software Upgrade process.

default

Configures this command with its default setting.

Default: Disabled

no

If previously configured, deletes the configuration from the current rulebase.

p2p_event_list

Specifies the name of the P2P EDR Event. The plugin supports only the "audio-end" and "video-end" events. This P2P event list can be any P2P event that is supported by the plugin.

p2p_event_list must be an alphanumeric string of 1 through 128 characters.

charging-edr charging_edr_format_name

Specifies to generate charging EDR for P2P events.

charging_edr_format_name must be the name of a charging EDR format, and must be an alphanumeric string of 1 through 63 characters.

edr-format edr_format_name

Specifies to generate EDR for P2P events.

edr_format_name must be the name of an EDR format, and must be an alphanumeric string of 1 through 63 characters.

reporting-edr reporting_edr_format_name

Specifies to generate reporting EDR for P2P events.

reporting_edr_format_name must be the name of a reporting EDR format, and must be an alphanumeric string of 1 through 63 characters.

This command enables/disables the NEMO feature for populating the EDRs with source IP, destination IP and VRF name of the NEMO Mobile Router (MR) host.

default

Configures this command with its default setting.

Default: Disabled

no

If previously configured, deletes the configuration from the current rulebase.

nemo-call

This keyword controls the feature of populating the EDRs with source IP, destination IP and VRF name associated with UEs behind the NEMO MRs.

By default this keyword option will be disabled i.e. this CLI should be configured if the feature needs to be turned ON.

This command allows you to exclude/include packets/bytes that are dropped/retransmitted by the ACS in the total charge volume — "sn-charge-volume" EDR attribute.

default

Configures this command with its default setting.

Default: Exclude, in the total charge volume, packets/bytes dropped/retransmitted by ACS.

no

Exclude, in the total charge volume, packets/bytes dropped/retransmitted by ACS.

count-dropped-units

Specifies to include dropped units in the total charge volume.

count-retransmitted-units

Specifies to include retransmitted units in the total charge volume.

This command disables/enables the creation of EDRs when there is no data for the flows.

default

Configures this command with its default setting.

Default: Disabled; same as no edr suppress-zero-byte-records

no

Disables the suppression of zero-byte EDRs.

edr suppress-zero-byte-records

Suppresses zero-byte EDRs.

This command enables/disables the generation of an EDR on the completion of a transaction.

default

Configures this command with its default setting.

Default: Disabled; same as no edr transaction-complete

no

If previously configured, deletes the configuration from the current rulebase.

dns | http

• dns : DNS protocol related configuration

• http : HTTP protocol related configuration

edr-format edr_format_name

Specifies to generate EDR on transaction completion for DNS or HTTP protocol.

edr_format_name must be the name of an EDR format, and must be an alphanumeric string of 1 through 63 characters.

charging-edr charging_edr_format_name

Specifies to generate charging EDR on transaction completion.

charging_edr_format_name must be the name of a charging EDR format, and must be an alphanumeric string of 1 through 63 characters.

reporting-edr reporting_edr_format_name

Specifies to generate reporting EDR on transaction completion.

reporting_edr_format_name must be the name of a reporting EDR, and must be an alphanumeric string of 1 through 63 characters.

This command enables/disables generation of EDRs on the completion of Voice over IP (VoIP) calls. This command is no longer supported for ADC in 14.0 and later releases.

default

Configures this command with its default setting.

Default: Disabled; same as no edr voip-call-end

no

If previously configured, deletes the edr voip-call-end configuration from the current rulebase.

edr-format edr_format_name

Important

This option is available only in 12.1 and earlier releases. In 12.2 and later releases, it has been deprecated and is replaced by the charging-edr option.

Specifies to generate an EDR when a VoIP call ends.

edr_format_name must be the name of an EDR format, and must be an alphanumeric string of 1 through 63 characters.

charging-edr charging_edr_format_name

Important

This option is available only in 12.2 and later releases.

Specifies to generate a charging EDR when a VoIP call ends.

charging_edr_format_name must be the name of a charging EDR format, and must be an alphanumeric string of 1 through 63 characters.

reporting-edr reporting_edr_format_name

Important

This option is available only in 12.2 and later releases.

Specifies to generate a reporting EDR when a VoIP call ends.

reporting_edr_format_name must be the name of a reporting EDR format, and must be an alphanumeric string of 1 through 63 characters.

Description This command has been deprecated. It is included in the CLI for backward compatibility with older configuration files. When executed performs no function. Use the egcdr threshold interval interval [ regardless-of-other-triggers ] command for this functionality.

This command allows you to configure the eG-CDR encoding type.

default

Configures the default eG-CDR CDR-encoding format.

Default: asn.1

ascii [ delimiter { colon | comma | pipe } ]

Specifies to use ASCII encoding type to generate eG-CDR in ASCII format.

delimiter { colon | comma | pipe } : Specifies the delimiter character to use in eG-CDRs in ASCII format.

Default: pipe

asn.1

Specifies to use ASN.1 encoding type to generate eG-CDR in ASN.1 format.

This is the default setting.

This command allows you to configure the eG-CDR tariff time to generate new eG-CDRs for GGSN and P-GW-CDRs for P-GW.

no

If previously configured, deletes the configuration from the current rulebase.

minute minute

Specifies the minute for the time-of-day configuration.

minute must be an integer from 0 through 59.

hour hour

Specifies the hour for the time-of-day configuration.

hour must be an integer from 0 through 23.

This command allows you to configure the thresholds for generating eG-CDRs for GGSN and P-GW-CDRs for P-GW.

no

If previously configured, deletes the eG-CDR threshold configuration from the current rulebase.

default

Configures this command with the default settings.

Default: Disabled; same as no egcdr threshold interval and no egcdr threshold interval volume commands.

interval interval [ regardless-of-other-triggers ]

Specifies the time interval, in seconds, for closing the eG-CDR/P-GW-CDR if the minimum time duration thresholds are satisfied.

interval must be an integer from 60 through 40000000.

regardless-of-other-triggers : This option enables eG-CDR/P-GW-CDR generation at the fixed time interval irrespective of any other eG-CDR/P-GW-CDR triggers that may have happened in between.

Default: Disabled.

volume { downlink | total | uplink } bytes

Specifies the uplink/downlink volume octet counts for the generation of the interim eG-CDRs/P-GW-CDRs.

This command allows you to specify the algorithm to compute the duration of time utilization in an eG-CDR for the current rulebase.

no

If previously configured, deletes the eG-CDR time-duration algorithm configuration from the current rulebase.

default

Configures this command with its default setting.

Default: Algorithm configured for CCA, or the CCA default if none is configured.

consumed-time consumed_time [ plus-idle ]

Specifies the actual consumption time in seconds. This is used to determine the actual used chargeable time envelopes for the purpose of consuming time quota.

consumed_time must be an integer from 1 through 4294967295.

Default: 0 (disabled)

Time envelope is the basis for reporting active usage. For each time envelope, the time consumption includes the time duration between arrival of last packet and first packet only.

plus-idle : Specifies the idle time between arrival of two packets to include in time usage record in eG-CDR.

When used along with consumed-time it indicates the active usage + idle time, when no traffic flow occurs.

continuous-time-periods ctp_time

Specifies the continuous time period to compute the usage record in eG-CDR.

ctp_time sets the audition, in seconds, to start a counter on arrival of the first packet and thereafter include only that period in charging in which one or more packets arrived. For the period where no packets arrived or no traffic was detected, usage will not be computed.

ctp_time must be an integer from 1 through 4294967295.

parking-meter seconds

Specifies the Parking Meter (PM) period, in seconds.

seconds must be an integer from 1 through 4294967295.

Parking meter is the method with which the usage time is set in the content-id containers in eG-CDRs. When a parking meter value is set, the user is charged for time in increments of the value set. For example, if the parking meter is set to 300 seconds (5 minutes) and the subscriber only uses one minute, the charge is for 5 minutes.

Exits the current configuration mode and returns to the Exec mode.

Exits the current mode and returns to the parent configuration mode.

This command allows you to configure whether to use the host name embedded in the URI as the host field, when the host field option in the HTTP or Wireless Session Protocol (WSP) header is absent.

default

Configures this command with its default setting.

Default: Disabled; same as no extract-host-from-uri

no

If previously configured, disables the extract-host-from-uri configuration, for both HTPP and WSP, from the current rulebase.

http | wsp

Specifies the protocol(s).

+

Indicates that more than one of the previous keywords can be entered within a single command.

This command allows you to configure Stateful Firewall protection for subscribers from Denial-of-Service (DoS) attacks.

no

If previously enabled, disables Stateful Firewall protection for subscribers from all or specified DoS attack(s).

default

Configures this command with its default setting.

Default: Protection from all DOS attacks is disabled.

all

Enables protection against all DoS attacks supported by the Stateful Firewall in-line service.

flooding { icmp | tcp-syn | udp }

Enables protection against specified flooding attacks:

ftp-bounce

Enables protection against FTP Bounce attacks.

In an FTP Bounce attack, an attacker is able to use the PORT command to request access to ports indirectly through a user system as an agent for the request. This technique is used to port scan hosts discreetly, and to access specific ports that the attacker cannot access through a direct connection.

ip-unaligned-timestamp

Enables protection against IP Unaligned Timestamp attacks.

In an IP Unaligned Timestamp attack, certain operating systems crash if they receive a frame with the IP timestamp option that is not aligned on a 32-bit boundary.

mime-flood

Enables protection against HTTP Multiple Internet Mail Extension (MIME) Header Flooding attacks.

In a MIME Flood attack an attacker sends huge amount of MIME headers which consumes a lot of memory and CPU usage.

port-scan

Enables protection against Port Scan attacks.

tcp-window-containment

Enables protection against TCP Sequence Number Out-of-Range attacks.

In a Sequence Number Out-of-Range attack the attacker sends packets with out-of-range sequence numbers forcing the system to wait for missing sequence packets.

source-router

Enables protection against IP Source Route IP Option attacks.

Source routing is an IP option mainly used by network administrators to check connectivity. When an IP packet leaves a system, its path through various networks to its destination is controlled by the routers and their current configuration. Source routing provides a means to override the control of the routers. Strict source routing specifies the path through all the routers to the destination. The same path in reverse is used to return responses. Loose source routing allows the attacker to spoof both an address and sets the loose source routing option to force the response to return to the attacker's network.

teardrop

Enables protection against Teardrop attacks.

In a Teardrop attack, overlapping IP fragments are exploited causing the TCP/IP fragmentation re-assembly to improperly handle overlapping IP fragments.

winnuke

Enables protection against WIN-NUKE attacks.

This is a type of Nuke denial-of-service attack against networks consisting of fragmented or otherwise invalid ICMP packets sent to the target, achieved by using a modified ping utility to repeatedly send this corrupt data, thus slowing down the affected computer until it comes to a complete stop.

The WinNuke exploits the vulnerability in the NetBIOS handler and a string of out-of-band data sent to TCP port 139 of the victim machine causing it to lock up and display a Blue Screen of Death.

This command allows you to configure Stateful Firewall protection from Packet Flooding attacks.

default

Configures this command the default setting for the specified keyword.

protocol { icmp | tcp-syn | udp }

Specifies the transport protocol:

packet limit packets

Specifies the maximum number of specified packets a subscriber can receive during a sampling interval.

packets must be an integer from 1 through 4294967295.

Default: 1000 packets per sampling interval for all protocols.

sampling-interval interval

Specifies the flooding sampling interval, in seconds.

interval must be an integer from 1 through 60.

Default: 1 second

This command allows you to configure a threshold on the number of ICMP error messages sent by the subscriber for a particular data flow.

default

Configures this command with its default setting.

Default: No limit

no

If previously configured, deletes the configuration from the current rulebase.

messages

Specifies the threshold on the number of ICMP error messages sent by the subscriber for a particular data flow.

messages must be an integer from 1 through 100.

This command allows you to configure the maximum IP packet size (after IP reassembly) allowed over Stateful Firewall.

default

Configures the default maximum IP packet size configuration.

Default: 65535 bytes (for both ICMP and non-ICMP)

packet_size

Specifies the maximum packet size.

packet_size must be an integer from 30000 through 65535.

protocol { icmp | non-icmp }

Specifies the transport protocol:

This command allows you to configure Stateful Firewall protection from Multipurpose Internet Mail Extensions (MIME) Flood attacks.

default

Configures this command with its default setting.

http-headers-limit max_limit

Specifies the maximum number of headers allowed in an HTTP packet. If the number of HTTP headers in a page received is more than the specified limit, the request will be denied.

max_limit must be an integer from 1 through 256.

Default: 16

max-http-header-field-size max_size

Specifies the maximum header field size allowed in the HTTP header, in bytes. If the size of HTTP header in the received page is more than the specified number of bytes, the request will be denied.

max_size must be an integer from 1 through 8192.

Default: 4096 bytes

This command allows you to configure the default action for packets when no Stateful Firewall ruledef matches.

default

Configures the default action for packets with no Stateful Firewall ruledef match.

downlink | uplink

Specifies the packet type:

action { deny [ charging-action charging_action_name ] | permit [ bypass-nat | nat-realm nat_realm_name ] }

Specifies the default action for packets with no Stateful Firewall ruledef match.

permit [ bypass-nat | nat-realm nat_realm_name ] : Permit packets.

Important

The bypass-nat keyword is only available in StarOS 8.3 and later releases.

Optionally specify:

Important

If neither bypass-nat or nat-realm are configured, NAT is performed if the nat policy nat-required CLI command is configured with the default-nat-realm option.

deny [ charging-action charging_action_name ] : Denies specified packets.

Optionally, a charging action can be specified.

charging_action_name must be the name of a charging action, and must be an alphanumeric string of 1 through 63 characters.

This command allows you to enable/disable Stateful Firewall support for all subscribers using the current rulebase.

default

Configures this command with its default setting.

Default: Stateful Firewall support is disabled for all subscribers using the current rulebase.

no

If previously enabled, disables Stateful Firewall support for all subscribers using the current rulebase.

firewall-required

Enables Stateful Firewall support for all subscribers using the current rulebase.

This command allows you to add and specify the priority and type of a Stateful Firewall ruledef in the current rulebase, and allows you to configure a single or range of ports to be allowed on the server for auxiliary/data connections.

no

If previously configured, deletes the specified Stateful Firewall ruledef priority configuration from the current rulebase.

priority

Specifies the Stateful Firewall ruledef's priority in the current rulebase.

priority must be a unique value in the current rulebase, and must be an integer from 1 through 65535.

[ dynamic-only | static-and-dynamic ] firewall-ruledef firewall_ruledef_name

Specifies the Stateful Firewall ruledef to add to the rulebase. Optionally, the Stateful Firewall ruledef type can be specified.

deny [ charging-action charging_action_name ]

Denies packets if the rule is matched. An optional charging action can be specified. If a packet matches the deny rule, action is taken as configured in the charging action. For Stateful Firewall ruledefs, only the terminate-flow action is applicable, if configured in the specified charging action.

charging_action_name must be the name of a charging action, and must be an alphanumeric string of 1 through 63 characters.

permit [ nat-realm nat_realm_name | [ bypass-nat ] [ trigger open-port { aux_port_number | range start_port_number to end_port_number } ] ]

Permits packets.

direction { both | reverse | same }

Specifies the direction from which the auxiliary connection is initiated. This direction can be same as the direction of control connection, or the reverse of the control connection direction, or in both directions.

This command allows you to configure the action to take on TCP flows starting with a non-syn packet.

default

Configures this command with its default setting.

Default: drop

drop

Specifies to drop the packet or session.

reset

Specifies to send reset.

This command allows you to configure the Stateful Firewall action to be taken on TCP idle timeout expiry.

default

Configures this command with its default setting.

Default: reset

drop

Specifies to drop the packet or session on TCP timeout expiry.

reset

Specifies to send reset on TCP timeout expiry.

This command allows you to configure a threshold on the number of TCP reset messages sent by the subscriber for a particular data flow. After this threshold is reached, further downlink traffic to the subscriber on the unwanted flow is blocked.

default

Configures this command with its default setting.

Default: no firewall tcp-reset-message-threshold

no

If previously configured, deletes the firewall tcp-reset-message-threshold configuration from the current rulebase.

messages

Specifies the threshold on the number of TCP reset messages sent by the subscriber for a particular data flow.

messages must be an integer from 1 through 100.

This command allows you to configure the TCP intercept parameters to prevent TCP SYN flooding attacks by intercepting and validating TCP connection requests for DoS protection mechanism configured with the dos-protection command.

default

Sets the default values of TCP intercept parameters for SYN Flood DoS protection.

mode { none | watch [ aggressive ] }

Specifies the TCP SYN flood intercept mode:

Default: none

watch-timeout intercept_watch_timeout

Specifies the TCP intercept watch timeout, in seconds.

intercept_watch_timeout must be an integer from 5 through 30.

Default: 30

This command allows you to specify the charging action to be used for packets dropped by Stateful Firewall due to any error conditions.

default

Configures the default action for packets dropped by Stateful Firewall due to any errors.

Default: Update the flow statistics if flow is available

charging_action_name

Specifies the charging action based on which accounting action is taken on packets dropped by Stateful Firewall due to any errors.

charging_action_name must be the name of a charging action, and must be an alphanumeric string of 1 through 63 characters.

Important

The charging action specified here should preferably not be used for action on packets dropped due to Stateful Firewall ruledef match or no-match (in the firewall priority and firewall no-ruledef-matches commands) and the content ID within the charging action must be unique so that dropped counts will not interfere with other content IDs.

This command allows you to specify how to charge for the control traffic associated with an application.

default flow control-handshaking

Configures this command with its default setting.

Default: Same as no flow control-handshaking

no flow control-handshaking [ charge-to-application ]

If previously configured, deletes the flow control-handshaking configuration from the current rulebase. The control packets will use whatever content-id is determined by the normal use of the action commands.

In this command, the optional keyword charge-to-application is deprecated and has no effect.

charge-to-application { [ all-packets ] [ initial-packets ] [ mid-session-packets ] [ tear-down-packets ] }

Configures the charging action to include the flow control packets either during initial handshaking only or specified control packets during session for charging.

charge-separate-from-application

Configures the charging action to separate the charging of the initial control packets or all subsequent control packets from regular charging.

This command allows you to configure the end condition of the session flows related to a user session and triggers EDR generation.

no

If previously configured, deletes the flow end-condition configuration from the current rulebase.

hagr

Creates an EDR with the specified EDR format whenever a flow is terminated due to Inter-chassis Session Recovery action.

handoff

Creates an EDR with the specified EDR format whenever a flow ends due to hand-off. Whenever a handoff occurs, ACS closes the EDRs for all current flows using the specified EDR format, and begins new statistics collection for the flows for the EDRs that will be generated when the flows actually end.

normal-end-signaling

Creates an EDR with the specified EDR format whenever flow end is signaled normally, for example like detecting FIN and ACK for a TCP flow, or a WSP-DISCONNECT terminating a connection-oriented WSP flow over UDP) and create an EDR for the flow using the specified EDR format.

session-end

Creates an EDR with the specified EDR format whenever a subscriber session ends. By this option ACS creates an EDR with the specified format name for every flow that has had any activity since last EDR was created for the flow on session end.

tethering-signature-change

Creates an EDR with specified EDR format for tethering signature change of a flow because of mid flow SYN packets.

Whenever a tethering signature change occurs, ACS closes the EDR with the specified closure reason and begins new statistics collection for the flow. If enabled, flow statistics may get split across multiple EDRs of the flow if tethering signature change occurs.

The maximum limit for tethering signature change detection depends on the tethering-detection max-syn-packet-in-flow CLI command. EDR/REDR generation for tethering signature change is also dependent on this CLI configuration.

timeout

Creates an EDR with the specified EDR format whenever a flow ends due to a timeout condition.

flow-overflow

Important

This keyword is applicable only when used with the hagr , handoff , tethering-signature-change , and session-end keywords.

Creates an EDR with the specified EDR format whenever there is a flow-overflow condition. If any of the specified end-conditions that affect subscriber information stored at ACS (such as call line) is configured, the "flow-overflow" EDR is generated.

+

Indicates that more than one of the keywords can be entered within a single command.

charging-edr charging_edr_format_name

Specifies the charging EDR format.

charging_edr_format_name must be the name of a charging EDR format, and must be an alphanumeric string of 1 through 63 characters.

reporting-edr reporting_edr_format_name

Specifies the reporting EDR format.

reporting_edr_format_name must be the name of a reporting EDR format, and must be a unique alphanumeric string of 1 through 63 characters.

This command allows you to limit the total number of simultaneous flows per Subscriber/APN sent to a rulebase regardless of the flow type, or limit flows based on the protocol type under the Session Control feature.

no

If previously configured, deletes the flow limit-across-applications configuration from the current rulebase.

flow limit-across-applications limit

Specifies the maximum number of flows across all applications for the rulebase.

limit must be an integer from 1 through 4000000000.

Default: No limits

non-tcp limit

Specifies the maximum limit of non-TCP type flows.

limit must be an integer from 1 through 4000000000.

Default: No limits

tcp limit

Specifies the maximum limit of TCP flows.

limit must be an integer from 1 through 4000000000.

Default: No limits

This command allows you to delay charge packets in an RTSP flow.

no

If previously configured, deletes the flow rtsp-all-pkts configuration from the current rulebase.

default

Configures this command with its default setting.

Default: Same as no flow rtsp-all-pkts charge-to-application .

flow rtsp-all-pkts charge-to-application

Configures delay charging for RTSP traffic. When this configuration is enabled, all packets (TCP control packets and RTSP packets) prior to the RTSP SETUP will be charged to application as per the application ruledef. In other words, they will be charged to the content-id established by the first SETUP of the RTSP flow.

This command allows you to configure the default Firewall-and-NAT policy for the current rulebase. This command must be used to configure the Policy-based Firewall-and-NAT feature.

no

If previously configured, deletes the Firewall-and-NAT default policy configuration from the current rulebase.

fw_nat_policy_name

Specifies the default Firewall-and-NAT policy for the current rulebase.

fw_nat_policy_name must be the name of a Firewall-and-NAT policy, and must be an alphanumeric string of 1 through 63 characters.

This command allows you to configure the HTTP header parse limit, on exceeding which the flow is marked as permanent failure and is matched and charged against http error = TRUE ruledef.

default

Configures the default setting for this command.

Default: 12000 bytes

no

If enabled, disables the header-parse-limit configuration in the current rulebase.

Important

Disabling header parse limit may lead to uncharged bytes (due to no rule-matching until header is complete) if header is not correctly terminated.

parse_limit_bytes

Specifies the header-parse-limit, number of bytes.

parse_limit_bytes must be an integer from 1 through 256000.

This command allows you to configure the LBO restriction on Downlink and Uplink data volume transfer.

default

Configures the default setting for this command.

no

If previously configured, disables the LBO restriction on Downlink and Uplink data volume transfer.

ip readdress

Configures the IP Readdress options.

failure-action

Configures the failure action for IP Readdress.

terminate

Terminates the flow.

This command allows you to configure how long to hold onto IP fragments for reassembly, while waiting for the complete packet to arrive.

default

Configures the default setting for this command.

Default: 5000 milliseconds

timeout_duration

Specifies the timeout duration, in milliseconds, to hold fragmented packets before reassembly.

timeout_duration must be an integer from 100 through 30000.

This command allows you to reset the IP Type of Service (ToS) value of incoming packets to the default QCI value, before proceeding with the rest of ACS processing.

default

Configures this command with its default setting.

Default: Disabled

no

If previously configured, deletes the IP reset-tos configuration from the current rulebase.

This command allows you to configure NAT Binding Record (NBR) generation.

default

Configures this command with its default setting.

Default: port-chunk-release

no

If previously configured, deletes the configuration from the current rulebase.

edr-format edr_format_name

Specifies the EDR format.

edr_format_name must be the name of an EDR format, and must be an alphanumeric string of 1 through 63 characters.

port-chunk-allocation

Specifies generating NBR when a port chunk is allocated.

port-chunk-release

Specifies generating NBR when a port chunk is released.

+

Indicates that more than one of the previous keywords can be entered within a single command.

This command allows you to enable/disable Network Address Translation (NAT) processing for all subscribers using the current rulebase.

default

Configures this command with its default setting.

Default: NAT processing is disabled for all subscribers using the current rulebase.

no

If previously enabled, disables NAT processing for all subscribers using the current rulebase.

nat policy nat-required

Enables NAT processing for all subscribers using the current rulebase.

default-nat-realm nat_realm_name

Important

This keyword is only available in StarOS 8.3 and later releases.

Specifies the default NAT realm to be used if one is not already configured.

nat_realm_name must be the name of a NAT realm, and must be an alphanumeric string of 1 through 31 characters.

Important

Including the default NAT realm, a maximum of three NAT realms are supported.

This command allows you to suppress sending NAT Bind Updates (NBU) to the AAA server when a call gets terminated.

default

Configures this command with its default setting.

Default: Disabled. No suppression of AAA updates.

This command enables or disables Override Control (OC) feature. The Diameter capability exchange message should indicate support for OC feature when this CLI command is enabled.

default

Configures this command with its default setting.

Default: Disabled

In 20 and later releases: If with-oc-name option is not configured in rulebase, OC will be identified using the Rule/CA and exclude rule as keys. This is the default behavior.

no

If previously enabled, disables Override control in the current rulebase.

align-with-gor

Resolves ambiguity when same ruledefs are defined in multiple Group of Ruledefs.

with-oc-name

This optional keyword specifies to use OC-name as the unique key to identify an OC for a subscriber session.

Default: Disabled

In releases prior to 20, PCRF uses a combination of the following key parameters for identification of OC.

• Rule names

• Charging-action names

• Exclude-rule names

There is no unique OC name or ID to identify the OC for a particular subscriber session. In release 20, a new Diameter AVP "Override-Control-Name" is defined in the Override-Control grouped AVP. This OC name is used as the unique key to identify OC for any further updates like OC modification or deletion.

This keyword "with-oc-name " is added to the override-control CLI command to support Override-Control-Name AVP in the Override-Control AVP. If the override-control with-oc-name CLI is configured in rulebase, only OCs with Override-Control-Name AVP are supported and the OCs without name AVP are rejected.

If Override-Control-Name AVP is received when the override-control CLI command is configured, i.e. OC install is supported without OC name, appropriate error is reported in error logs. Then OC is dropped and OC failure statistics is incremented. Similarly if override-control with-oc-name CLI is configured and OC is received without the name AVP, appropriate error is reported, OC is dropped and OC failure statistics is incremented. On receiving an OC without name, installed OC list (without name) is searched for secondary identification criteria. If no OC with same rule/charging-action/exclude rule list is found, it is installed as a different OC.

Also, for OCs with the name AVP, operator can add rule/charging-action/exclude rule to the existing OC in the same category. That means, the rules can be added to a rule level OC, CA names can be added to a CA level OC, and exclude rules can be added to a wildcard or CA level OC.

OCs received with Override-Control-Name AVP are uniquely identified by the OC name. When the Override-Control-Name AVP is not present in Override-Control AVP, the OCs are identified based on the secondary identification criteria, i.e., the list of rule names, charging-action names, and exclude-rule names as these were the criteria before this feature change.

During rulebase change, the feature to support OC name will be controlled based on the configuration of new rulebase. After rulebase change OC will be accepted as per the CLI configured in new rulebase. This is the only scenario where for a single call session, OC can be installed with both OC name and without OC name.

When software upgrade is done on a standby setup where same rulebase is configured with the CLI override-control with-oc-name , then no calls are dropped and OC installation status will remain the same as before upgrade. Any new call which is established after upgrade and OC is installed with-oc-name then this will be accepted and applied on new call. Any calls which were established pre-upgrade will accept OC without name and will be identified uniquely by rule/charging-action/exclude rule.

During the downgrade, OC-name will be dropped and OCs will be recreated assuming Rule/CA/Exclude rule name list as the primary key for unique identification.

This command allows you to enable/disable the P2P analyzer to detect peer-to-peer (P2P) applications.

default

Configures this command with its default setting.

Default: Disabled

no

If previously enabled, disables P2P dynamic flow detection in the current rulebase.

p2p dynamic-flow-detection

Enables dynamic P2P flow detection.

This command allows you to configure the PCP service for the current rulebase.

no

If previously configured, deletes the PCP service configuration from the current rulebase. This service is disabled by default.

pcp_service_name

Specifies the PCP service name for the current rulebase.

pcp_service_name must be the name of a PCP service, and must be an alphanumeric string of 1 through 63 characters.

This command allows you to specify ruledefs/group-of-ruledefs as dynamic post-processing ruledefs/group-of-ruledefs. This allows the system to differentiate normal post-processing rules from preconfigured ones. By default, this configuration is disabled.

no

If previously configured, deletes the specified configuration from the current rulebase.

group-of-ruledefs ruledefs_group_name

Adds the specified group-of-ruledefs to the current rulebase.

ruledefs_group_name must be the name of a group-of-ruledefs, and must be an alphanumeric string of 1 through 63 characters.

ruledef ruledef_name

Adds the specified ruledef to the current rulebase.

ruledef_name must be the name of a ruledef, and must be an alphanumeric string of 1 through 63 characters.

charging-action charging_action_name

Specifies the charging action.

charging_action_name must be the name of a charging action, and must be an alphanumeric string of 1 through 63 characters.

description description

Specifies an optional description for this configuration.

description must be an alphanumeric string of 1 through 31 characters.

This command allows you to specify the post-processing policy to be applied on Limit-Reached packets.

default

Configures this command with its default setting.

Default: not-for-dynamic-discard

always

Specifies to apply post-processing even if the Credit Control Application (CCA) decides to discard packets due to limit-reached condition. If there are post-processing priority-based rules, CCA will check for any redirection rules. Otherwise, by default, CCA will discard the packets. No other post-processing actions like forward, next-hop, or xheader-insertion will be applied on the limit-reached packets.

not-for-dynamic-discard

Specifies to apply post-processing only if CCA decides not to discard packet. Will directly discard the limit-reached context and will not apply post-processing priority based rules.

This command allows you to configure the post-processing priority and action to be taken on specific ruledef in the current rulebase.

no

If previously configured, deletes the specified post-processing priority configuration from the current rulebase.

priority priority

Specifies priority for the ruledef/group-of-ruledefs in the current rulebase.

priority must be a unique value in the current rulebase, and must be an integer from 1 through 65535.

group-of-ruledefs ruledefs_group_name

Important

Post-processing with group-of-ruledefs is not supported in this release.

Specifies the group-of-ruledefs.

ruledefs_group_name must be the name of a group-of-ruledefs, and must be an alphanumeric string of 1 through 63 characters.

Important

The group-of-ruledefs specified must be configured for post-processing. See the group-of-ruledefs-application command in the ACS Group-of-Ruledefs Configuration mode.

ruledef ruledef_name

Specifies the ruledef.

ruledef_name must be the name of a ruledef, and must be an alphanumeric string of 1 through 63 characters.

Important

The ruledef specified must be configured for post-processing. See the rule-application command in the ACS Ruledef Configuration Mode Commands chapter.

charging-action charging_action_name

Specifies the charging action.

charging_action_name must be the name of a charging action, and must be an alphanumeric string of 1 through 63 characters.

description description

Specifies an optional description for this configuration.

description must be an alphanumeric string of 1 through 31 characters.

This command allows you to configure the timeout setting for the Quality of Service (QoS) Renegotiation feature.

no

If previously configured, deletes the qos-renegotiate timeout configuration from the current rulebase.

timeout

Specifies the timeout period for the QoS Renegotiation feature in the current rulebase.

timeout is the timeout period in seconds, and must be an integer from 0 through 4294967295. If set to 0, timeout is disabled.

This command allows you to configure the interval and volume thresholds to generate interim RADIUS Charging Data Records (CDRs) and write them to CDR file for ACS postpaid billing.

no

If previously configured, deletes the RADIUS threshold configuration from the current rulebase.

default

Configures this command with the default settings.

Default: Disabled

interval interval

Specifies the time interval, in seconds, for generating RADIUS interim accounting requests.

interval must be an integer from 60 through 40000000.

Default: Disabled

volume total volume

Specifies the limit for the total number of octets (uplink+downlink) after which a stop-start pair will be sent to RADIUS.

volume must be an integer from 100000 through 4000000000.

Default: Disabled

This command allows to count retransmissions in all charging modules.

no

Retransmissions will be counted for all the charging modules. This command will override the CLI at the charging action as well as the CLI pertaining to the retransmissions at the rulebase.

This command is used to enable optimized calculation of [MBR, GBR] when a subscriber (voice) call is put on hold in case of VoLTE.

no

If previously configured, disables the optimization feature for calculating [MBR, GBR] values based on Flow-Status AVP value.

This command allows you to configure the routing of packets to protocol analyzers.

no

If previously configured, deletes the specified route priority configuration from the current rulebase.

route priority route_priority

Specifies the route priority for the specified ruledef in the current rulebase.

route_priority must be an integer from 1 through 65535.

Lower numbered priorities are examined first. Up to 1024 instances can be configured across all rulebases.

ruledef ruledef_name

Specifies the ruledef to evaluate packets to determine analyzer.

ruledef_name specifies the name of the ruledef configured for the route application using the rule-application command in the ACS Ruledef Configuration Mode.

ruledef_name must be the name of a ruledef, and must be an alphanumeric string of 1 through 63 characters.

analyzer

Specifies the analyzer for the ruledef, and must be one of the following:

Important

To route packets to the P2P analyzer, the ruledef should have rules to match all IP packets. Otherwise, the analyzer may not detect all P2P traffic.

Important

Use the show active-charging analyzer statistics command in the Exec Mode to see the list of supported analyzers.

description description

Enables to add a description to the rule and action for later reference in saved configuration file.

description must be an alphanumeric string of 1 through 63 characters.

This command allows you to enable/disable the Real Time Streaming Protocol (RTSP) and Session Description Protocol (SDP) analyzers to detect the start/stop of RTP and RTCP flows.

default

Configures this command with its default setting.

Default: Disabled; same as no rtp dynamic-flow-detection .

no

If previously configured, deletes this configuration from the current rulebase.

This command allows to set the maximum number of uplink and downlink bytes, added together to accumulate, while rule matching and charging is being delayed for RTSP flows. The limit is per RTSP flow.

default

Configures the RTSP initial packets limit to 6000 bytes.

RTSP_bytes

Specifies the maximum number of uplink and downlink bytes limit.

rtsp_bytes must be an integer from 1 through 256000.

This command allows you to configure whether to consider or ignore the port number embedded in the application header (for example, the ":80" in www.star.com:80) when comparing the ruledef expressions to the packet contents.

no

If previously configured, deletes the ruledef-parsing configuration from the current rulebase.

default

Configures this command with its default setting.

Default: Same as no ruledef-parsing ignore-port-numbers-embedded-in-application-headers analyzers { http rstp sip wsp } — not ignoring port numbers that are embedded in application headers.

ignore-port-numbers-embedded-in-application-headers analyzers { http rtsp sip wsp }

Ignore the port numbers present in application header.

Specifies analyzers for which the port number must be ignored.

This command allows you to configure how long to retain the TCP flow after the FIN has been acknowledged.

default

Configures this command with its default setting.

Default: 2 seconds

no

Disables the timeout and sets the system to delete the flow immediately upon seeing the FIN acknowledged.

tcp 2msl-timeout 2msl_timeout

Specifies the duration to keep the TCP flow.

2msl_timeout specifies the timeout duration, in seconds, and must be an integer from 1 through 20.

Allows the source port reuse to reopen the TCP flow in 2msl timeout.

This command allows you to enable/disable TCP window-size checking.