Command Line Interface Reference, Modes A - B, StarOS Release 21.12 - ACS Ruledef Configuration Mode Commands [Cisco ASR 5000 Series]

bearer 3gpp apn

This command allows you to define rule expressions to match Access Point Name (APN) of the bearer flow.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] bearer 3gpp apn [ case-sensitive ]  operator apn_name

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`apn_name`

Specifies name of the APN to match.

apn_name must be an alphanumeric string of 1 through 62 characters and may contain punctuation characters.

Usage Guidelines

Use this command to define rule expressions to match an APN in the bearer flow.

Example

The following command defines a rule expression to match user traffic based on APN named apn12 :

bearer 3gpp = apn12

bearer 3gpp imsi

This command allows you to define rule expressions to match International Mobile Station Identification (IMSI) number in the bearer flow.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] bearer 3gpp imsi {  operator imsi | { !range | range } imsi-pool  imsi_pool_name }

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`imsi`

Specifies the IMSI number to match.

!range | range

!range | range : Specifies the range criteria:

!range : Not in the range of
range : In the range of

imsi-pool `imsi_pool_name`

Specifies the IMSI pool.

imsi_pool_name must be the name of an IMSI pool, and must be an alphanumeric string of 1 through 63 characters.

Usage Guidelines

Use this command to define rule expressions to match an IMSI.

Example

The following command defines a rule expression to analyze user traffic for the IMSI number 9198838330912 :

bearer 3gpp imsi = 9198838330912

bearer 3gpp rat-type

This command allows you to define rule expressions to match Radio Access Technology (RAT) in the bearer flow.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] bearer 3gpp rat-type  operator rat_type

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`rat_type`

Specifies the RAT type to match.

rat_type must be one of the following:

geran : GSM EDGE Radio Access Network type
utran : UMTS Terrestrial Radio Access Network type
wlan : Wireless LAN type

Usage Guidelines

Use this command to define rule expressions to match a RAT type.

Example

The following command defines a rule expression to match user traffic based on RAT type wlan :

bearer 3gpp rat-type = wlan

bearer 3gpp sgsn-address

This command allows you to define rule expressions to match SGSN address associated in the bearer flow.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] bearer 3gpp sgsn-address  operator ipv4/ipv6_address

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`ipv4/ipv6_address`

Specifies the SGSN IP address to match.

ipv4/ipv6_address must be in IPv4 dotted-decimal or IPv6 colon-separated-hexadecimal notation.

Usage Guidelines

Use this command to define rule expressions to match IP address of an SGSN node. This command replaces the bearer sgsn-address command.

Example

The following command defines a rule expression to analyze user traffic for an SGSN node with IP address 10.1.1.1 :

bearer 3gpp sgsn-address = 10.1.1.1

bearer 3gpp2 bsid

This command allows you to define rule expressions to match Base Station Identifier (BSID) associated with the bearer.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] bearer 3gpp2 bsid [ case-sensitive ]  [ use-group-of-objects ]  operator string

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

use-group-of-objects

Specifies using a group-of-objects as a qualifier to match this rule.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`string`

Specifies the name of a group-of-objects to match.

If the use-group-of-objects keyword is not included in the command, string specifies name of the matching 3GPP2 service Base Station ID (BSID) in bearer flow.

If the use-group-of-objects keyword is included in the command, string must be the name of the group-of-objects to use. In this case, it is checked if the rule is satisfied for either one or none of the objects in the group-of-objects depending upon the operator used. For example, if the operator is contains , the expression would be true if any of the objects in the specified object group is contained in the BSID. If the operator is !contains , then the expression would be true if none of the objects in the object group is contained in the BSID.

string must be an alphanumeric string of 1 through 16 characters, and may contain punctuation characters.

Usage Guidelines

Use this command to define rule expressions to match a 3GPP2 Base Station Identifier (BSID).

Example

The following command defines a rule expression to analyze user traffic for 3GPP2 BSID named bs001_xyz :

bearer 3gpp2 bsid = bs001_xyz

bearer 3gpp2 service-option

This command allows you to define rule expressions to match 3GPP2 service with service options associated with the bearer.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] bearer 3gpp2 service-option  operator service_option_code

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`service_option_code`

Specifies the 3GPP2 service option code to match.

service_option_code must be an integer from 0 through 1000.

Usage Guidelines

Use this command to define rule expressions to match a 3GPP2 service's service option code.

Example

The following command defines a rule expression to analyze user traffic for a 3GPP2 service's service option matching 1034 :

bearer 3gpp2 service-option = 1034

bearer apn

This command allows you to define rule expressions to match the APN used for the subscriber session.

Important

In 8.1 and later releases, this command is deprecated and is replaced by the bearer 3gpp apn command.

Product

GGSN

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] bearer apn [ case-sensitive ]  operator apn_name

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`apn_name`

Specifies the APN to match.

apn_name must be the name of an APN, and must be an alphanumeric string of 1 through 62 characters and may contain punctuation characters.

Usage Guidelines

Use this command to define rule expressions to match APN used for subscriber session.

Example

The following command defines a rule expression to match user traffic based on APN name apn12 :

bearer apn = apn12

bearer imsi

This command allows you to define rule expressions to match IMSI number of the subscriber.

Important

In 8.1 and later releases, this command is deprecated and is replaced by the bearer 3gpp imsi command.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] bearer imsi {  operator imsi | { !range | range } imsi-pool  imsi_pool_name }

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`imsi`

Specifies the IMSI number to match.

!range | range

Specifies the range criteria:

!range : Not in the range of
range : In the range of

imsi-pool `imsi_pool_name`

Specifies an IMSI pool.

imsi_pool_name must be the name of an IMSI pool, and must be an alphanumeric string of 1 through 63 characters.

Usage Guidelines

Use this command to define rule expressions to match IMSI number of subscriber.

Example

The following command defines a rule expression to match user traffic based on IMSI number 9198838330912 :

bearer imsi = 9198838330912

bearer rat-type

This command allows you to define rule expressions to match Radio Access Technology (RAT) in the bearer flow.

Important

In 8.1 and later releases, this command is deprecated and is replaced by the command.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] bearer rat-type  operator rat_type

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`rat_type`

Specifies the RAT type to match.

rat_type must be one of the following:

geran : GSM EDGE Radio Access Network type
utran : UMTS Terrestrial Radio Access Network type
wlan : Wireless LAN type

Usage Guidelines

Use this command to define rule expressions to match a RAT type.

Example

The following command defines a rule expression to match user traffic based on RAT type wlan :

bearer rat-type = wlan

bearer sgsn-address

This command allows you to define rule expressions to match IP address of the SGSN (in acting as GGSN) / P-GW (if acting as S-GW) in the bearer flow.

Important

In 8.1 and later releases, this command is deprecated and is replaced by the command.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] bearer sgsn-address  operator ipv4/ipv6_address

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`ipv4/ipv6_address`

Specifies the SGSN IP address to match.

ipv4/ipv6_address must be in IPv4 dotted-decimal or IPv6 colon-separated-hexadecimal notation.

Usage Guidelines

Use this command to define rule expressions to match IP address of the SGSN (in acting as GGSN) / P-GW (if acting as S-GW).

Example

The following command defines a rule expression to match user traffic based on SGSN node IP address 10.1.1.1 :

bearer sgsn-address = 10.1.1.1

bearer traffic-group

This command allows you to define rule expressions to match traffic group number associated with the subscriber session.

Important

This functionality is available only if the Content Access Control license has been installed on the chassis.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] bearer traffic-group  operator group_number

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`group_number`

Specifies the traffic group number to match.

group_number must be an integer from 1 through 255.

Usage Guidelines

Use this command to define rule expressions to match traffic group of the subscriber session. See the fa-ha-spi command in the HA Service Configuration Mode Commands chapter for more information.

Example

The following command defines a rule expression to analyze all traffic groups assigned a value greater or equal to 23 :

bearer traffic-group >= 23

cca quota-state

Specifies the quota state of a subscriber for prepaid credit control service. In release 12.0 and later, this command should be used as a post-processing rule. For more information on post-processing policy command, refer to the ACS Rulebase Configuration Mode Commands chapter in this guide.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] cca quota-state  operator { limit-reached | lower-bandwidth  }

no

Disables the configured credit control quota state.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

limit-reached

This state matches an affirmative end-of-quota indication for the current ruledef from the prepay server.

lower-bandwidth

This state matches the lower-bandwidth quota state of a rating group.

Usage Guidelines

This command supports URL redirection and creates a rule for subscriber prepaid quota state as exhausted or not exhausted.

If a subscriber has exhausted the quota but has not exhausted the qualified period, a different charging-action can be applied via the cca quota-state command.

Example

The following command defines a rule expression to match user traffic based on the Credit-Control Application (CCA) quota state limit-reached :

cca quota-state = limit-reached

cca redirect-indicator

This command allows you to define rule expressions to match redirect-indicator state of the Credit Control Application. In release 12.0 and later, this command should be used as a post-processing rule. For more information on post-processing policy command, refer to ACS Rulebase Configuration Mode Commands chapter in this reference.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] cca redirect-indicator  operator redirect_indicator

no

Disables the configured CCA redirect-indicator in the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`redirect_indicator`

Specifies the redirect indicator for the AVP used for redirection of the URL in the RADIUS dictionary for prepaid service. It must be an integer from 0 through 4294967295.

Important

For the RADIUS server configured with different values to return for this AVP, the ACS requires ruledefs to match the different values for system to associate with charging actions that have different redirect URLs configured.

Usage Guidelines

This command is used to configure an AVP to be used from a dictionary that defines the AVP for the redirect-indicator.

For example, a RADIUS dictionary specifies the 3gpp2-release-indicator to be used for the redirect indicator when RADIUS is used as the Credit-Control Application. In this case, the value for 3gpp2-release-indicator that is returned by the RADIUS prepaid server for a quota request for a given content ID is retained by system and associated with the flow.

Example

The following command defines a rule expression to match redirect indicator 1234 for the URL Redirect AVP:

cca redirect-indicator = 1234

copy-packet-to-log

This command allows you to print every packet that hits the current ruledef to a log statement.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] copy-packet-to-log

no

Disables the copy-packet-to-log feature.

copy-packet-to-log

Specifies to print packets hitting the current ruledef to a log.

Usage Guidelines

Use this command to print every packet that hits a ruledef to a log statement. This facilitates debugging.

description

Allows you to enter descriptive text for this configuration.

Product

All

Privilege

Security Administrator, Administrator

Syntax

description  text 
no description

no

Clears the description for this configuration.

`text`

Enter descriptive text as an alphanumeric string of 1 to 100 characters.

If you include spaces between words in the description, you must enclose the text within double quotation marks (" "), for example, "AAA BBBB".

Usage Guidelines

The description should provide useful information about this configuration.

dns answer-name

This command allows you to define rule expressions to match answer name in the answer section of DNS response messages.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] dns answer-name [ case-sensitive ]  operator value

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`value`

Specifies the value to match.

value must be an alphanumeric string of 1 through 255 characters and may contain punctuation characters.

Usage Guidelines

Use this command to define rule expressions to match an answer name from the answer section of DNS response messages.

The answer section of a DNS response may contain more than one answer. A maximum of seven answers from the response packet are parsed. For the equality expressions (=, contains, starts-with, ends-with) a match is sought from any of the answers in the packet (up to the first seven answers). For the inequality expressions (!=, !contains, !starts-with, !ends-with), a non-match is sought from all answers (up to the first seven answers).

Example

The following command defines a rule expression to match user traffic for answer name test :

dns answer-name = test

dns any-match

This command allows you to define rule expressions to match all DNS packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] dns any-match  operator condition

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`condition`

Specifies the condition to match.

condition must be one of the following:

FALSE
TRUE

Usage Guidelines

Use this command to define an any-match rule expression to match all DNS packets.

Example

The following command defines an any-match rule expression to match all DNS packets:

dns any-match = TRUE

dns previous-state

This command allows you to define rule expressions to match previous state of the DNS FSM.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] dns previous-state  operator dns_previous_state

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`dns_previous_state`

Specifies the previous state to match.

dns_previous_state must be one of the following:

dns-timeout
init
req-sent
resp-error
resp-success

Usage Guidelines

Use this command to define rule expressions to match previous state of DNS FSM.

Example

The following command defines a rule expression to match the DNS FSM previous state req-sent :

dns previous-state = req-sent

dns query-name

This command allows you to define rule expressions to match query name in DNS request messages.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] dns query-name [ case-sensitive ]  operator query_name

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`query_name`

Specifies the query name to match.

query_name must be an alphanumeric string of 1 through 255 characters and may contain punctuation characters.

Usage Guidelines

Use this command to define rule expressions to match query name in DNS request messages.

Example

The following command defines a rule expression to match DNS query name test :

dns query-name = test

dns query-type

This command allows you to define rule expressions to match the query type in the DNS request messages.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] dns query-type  operator query_type

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

=: Specifies that the query-name must be equal to the one specified.
!=: Specifies that the query-name must not be equal to the one specified.

`query_type`

Specifies the query type to match.

The following query_type are supported:

A
CNAME
NS
PTR
SRV
AAA
TXT
ANY
NULL

Usage Guidelines

Use this command to define rule expressions to match the query type in the DNS request messages.

When enabled, the dns query-type CLI supports the following behavior:

DNS request with only one query is supported.
DNS response with multiple answers is supported. Query-type corresponding to all the answers is stored and matched to the highest priority ruledef.
For DNS response with multiple answers, unsupported query-type (mentioned previously) is skipped and parsing continues for remaining answers.
For 'TXT' and 'NULL' query types, minimal parsing occurs like only a DNS record is created and query-type is stored. 'Answer-name' is not extracted and hence the corresponding EDR field is not populated.
For NULL query types, response is not parsed and matching is based on the same ruledef as a Request.

This CLI is disabled by default.

Example

The following command defines a rule expression to match the DNS query type txt :

dns query-type = txt

dns return-code

This command allows you to define rule expressions to match response code in DNS response messages.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] dns return-code  operator return_code

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`return_code`

Specifies the response code to match.

return_code must be one of the following:

format-error
name-error
no-error
not-implemented
refused
server-failure

Usage Guidelines

Use this command to define rule expressions to match response code in DNS response messages.

Example

The following command defines a rule expression to match a DNS response code refused :

dns return-code = refused

dns state

This command allows you to define rule expressions to match current state of DNS FSM.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] dns state  operator dns_current_state

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`dns_current_state`

Specifies the current state to match.

dns_current_state must be one of the following:

dns-timeout
init
req-sent
resp-error
resp-success

Usage Guidelines

Use this command to define rule expressions to match DNS FSM current state.

Example

The following command defines a rule expression to match DNS FSM current state of req-sent :

dns state = req-sent

dns tid

This command allows you to define rule expressions to match Transaction Identifier (TID) field in DNS messages.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] dns tid  operator tid_value

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`tid_value`

Specifies the DNS transaction identifier to match.

tid_value must be an integer from 1 through 65535.

Usage Guidelines

Use this command to define rule expressions to match a TID field of DNS messages.

Example

The following command defines a rule expression to match DNS TID field value of test :

dns tid = test

email

This command allows you to define rule expressions to match generic e-mail message parameters. These expressions will be applicable for IMAP, MMS, POP3, and SMTP protocols.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] email { cc | content { class | type } | from | size | subject | to } [ case-sensitive ]  operator value

no

If previously configured, deletes the specified rule expression from the current ruledef.

cc

Specifies to match the "cc" field of standard e-mail message.

content { class | type }

Specifies to match the "content-type" or "content-class" field of standard e-mail message.

from

Specifies to match the "from" field of standard e-mail message.

subject

Specifies to match the "subject" field of standard e-mail message.

to

Specifies to match the "to" field of standard e-mail message.

size

Specifies to match with the total size of e-mail message specified in bytes.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following except for size :

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

operator must be one of the following for size :

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`value`

Specifies the value to match.

value must be an alphanumeric string and can contain punctuation characters.

cc : A string of 1 through 512 characters
content : A string of 1 through 128 characters
from : A string of 1 through 64 characters
size : A range of bytes from 1 through 4000000000 bytes
subject : A string of 1 through 128 characters
to : A string of 1 through 512 characters

Usage Guidelines

Use this command to define rule expressions to match different fields/parameters within standard e-mail messages.

Example

The following command defines a rule expression to analyze user traffic for the occurrence of triangle in the "cc" field of e-mail messages:

email cc contains triangle@xyz.com

end

Exits the current configuration mode and returns to the Exec mode.

Product

All

Privilege

Security Administrator, Administrator

Syntax

end

Usage Guidelines

Use this command to return to the Exec mode.

exit

Exits the current mode and returns to the parent configuration mode.

Product

All

Privilege

Security Administrator, Administrator

Syntax

exit

Usage Guidelines

Use this command to return to the parent configuration mode.

file-transfer any-match

This command allows you to define rule expressions to match all file-transfer packets. This expression applies to file transfers that use the FTP or HTTP protocols.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] file-transfer any-match  operator condition

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`condition`

Specifies the condition to match.

condition must be one of the following:

FALSE
TRUE

Usage Guidelines

Use this command to define rule expressions to match all file-transfer packets. This expression applies to file transfers that use the FTP or HTTP protocols.

Example

The following command defines a rule expression to match all file-transfer packets:

file-transfer any-match = TRUE

file-transfer chunk-number

This command allows you to define rule expressions to match the total number of chunks in an HTTP file as determined by the File Transfer analyzer.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] file-transfer chunk-number  operator chunks_number

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`chunks_number`

Specifies the number of chunks to match.

chunks_number must be an integer from 1 through 65535.

Usage Guidelines

Use this command to define rule expressions to match the total number of chunks in an HTTP file as determined by the File Transfer analyzer.

Example

The following command defines a rule expression to match 150 number of chunks:

file-transfer chunk-number = 150

file-transfer current-chunk-length

This command allows you to define rule expressions to match the length of an HTTP chunk currently in the File Transfer analyzer.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] file-transfer current-chunk-length  operator current_chunk_length

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`current_chunk_length`

Specifies the current chunk length value (in bytes) to match.

current_chunk_length must be an integer from 1 through 40000000.

Usage Guidelines

Use this command to define rule expressions to match the length of an HTTP chunk currently in the File Transfer analyzer.

Example

The following command defines a rule expression to match length of current HTTP chunk as 1500000 bytes:

file-transfer current-chunk-length = 1500000

file-transfer declared-chunk-length

This command allows you to define rule expressions to match the declared length of an HTTP chunk currently in the File Transfer analyzer.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] file-transfer declared-chunk-length  operator declared_chunk_length

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`declared_chunk_length`

Specifies the declared chunk length value (in bytes) to match.

declared_chunk_length must be an integer from 1 through 40000000.

Usage Guidelines

Use this command to define rule expressions to match the declared length of an HTTP chunk currently in the File Transfer analyzer.

Example

The following command defines a rule expression to match declared length of the current HTTP chunk as 2500000 bytes:

file-transfer declared-chunk-length = 2500000

file-transfer declared-file-size

This command allows you to define rule expressions to match the declared file size by the File Transfer analyzer decoding the FTP handshake.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] file-transfer declared-file-size  operator declared_file_size

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`declared_file_size`

Specifies the declared file size (in bytes) to match.

declared_file_size must be an integer from 1 through 40000000.

Usage Guidelines

Use this command to define rule expressions to match the declared file size by the File Transfer analyzer decoding the FTP handshake.

Example

The following command defines a rule expression to match declared file size as 2500000 bytes:

file-transfer declared-file-size = 2500000

file-transfer filename

This command allows you to define rule expressions to match file name.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] file-transfer filename [ case-sensitive ]  operator file_name

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`file_name`

Specifies the file name to match.

file_name must be an alphanumeric string of 1 through 127 characters and may contain punctuation characters.

Usage Guidelines

Use this command to define rule expressions to match file name in file-transfer.

Example

The following command defines a rule expression to match file name containing star1 :

file-transfer filename contains star1

file-transfer previous-state

This command allows you to define rule expressions to match previous state of File Transfer FSM.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] file-transfer previous-state  operator file_transfer_previous_state

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`file_transfer_previous_state`

Specifies the previous state to match.

file_transfer_previous_state must be one of the following:

init : Specifies previous state as initialization.
request-sent : Specifies previous state as request sent.
transfer-error : Specifies previous state as transfer error.
transfer-ok : Specifies previous state as transfer ok.

Usage Guidelines

Use this command to define rule expressions to match previous state of File Transfer FSM.

Example

The following command defines a rule expression to match previous state of init :

file-transfer previous-state = init

file-transfer state

This command allows you to define rule expressions to match the current state of File Transfer FSM.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] file-transfer state  operator file_transfer_current_state

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`file_transfer_current_state`

Specifies the current state to match.

file_transfer_current_state must be one of the following

init : Specifies current state as initialization.
request-sent : Specifies current state as request sent.
transfer-error : Specifies current state as transfer error.
transfer-ok : Specifies current state as transfer ok.

Usage Guidelines

Use this command to define rule expressions to match current state of File Transfer FSM.

The following table describes details of File Transfer FSM states with event:


Event	init	request-sent	transfer-ok	transfer-err
FTP "RETR" command or HTTP "GET" request received with chunk encoding	request-sent	Discarded	Discarded	Discarded
HTTP 2xx response received	transfer-ok	Discarded	Discarded	Discarded
HTTP 4xx or HTTP 5xx response received	transfer-error	Discarded	Discarded	Discarded
FTP reply received with reply status as file-transfer complete/successful	Discarded	transfer-ok	Discarded	Discarded
FTP reply received with reply status as file-transfer unsuccessful	Discarded	transfer-error	Discarded	Discarded

Example

The following command defines a rule expression to match file-transfer current state of init :

file-transfer state = init

file-transfer transferred-file-size

This command allows you to define rule expressions to match the size of a file that has been transferred so far, as detected by the File Transfer analyzer.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] file-transfer transferred-file-size  operator transferred_file_size

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`transferred_file_size`

Specifies the transferred file size (in bytes) to match.

transferred_file_size must be an integer from 1 through 4000000000.

Usage Guidelines

Use this command to define rule expressions to match the size of the file that has been transferred so far, as detected by the File Transfer analyzer.

Example

The following command defines a rule expression to match file transferred size of 2500 bytes:

file-transfer transferred-file-size = 2500

ftp any-match

This command allows you to define rule expressions to match all FTP packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] ftp any-match  operator condition

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`condition`

Specifies the condition to match.

condition must be one of the following:

FALSE
TRUE

Usage Guidelines

Use this command to define a rule expression to match all FTP packets.

Example

The following command defines a rule expression to match all FTP packets:

ftp any-match = TRUE

ftp client-ip-address

This command allows you to define rule expressions to match IP address of the FTP client.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] ftp client-ip-address  operator ipv4/ipv6_address

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`ipipv4/ipv6_address`

Specifies the FTP client IP address to match.

ipv4/ipv6_address must be in IPv4 dotted-decimal or IPv6 colon-separated-hexadecimal notation.

Usage Guidelines

Use this command to define rule expressions to match an FTP client IP address, which will be either the IP source address or the IP destination address, depending on the direction.

Example

The following command defines a rule expression to match client IP address 10.1.1.1 :

ftp client-ip-address = 10.1.1.1

ftp client-port

This command allows you to define rule expressions to match port number of the FTP client.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] ftp client-port  operator port_number

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`port_number`

Specifies the client port number to match.

port_number must be an integer from 1 through 65535.

Usage Guidelines

Use this command to define rule expressions to match port number of the FTP client, which will be either the TCP source port or the TCP destination port, depending on the direction.

Example

The following command defines a rule expression to match FTP client port number 10 :

ftp client-port = 10

ftp command args

This command allows you to define rule expressions to match arguments within an FTP command.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] ftp command args [ case-sensitive ]  operator argument

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`argument`

Specifies the argument to match.

argument must be an alphanumeric string of 1 through 127 characters.

Usage Guidelines

Use this command to define rule expressions to match arguments within an FTP command.

Example

The following command defines a rule expression to match argument ascii within an FTP command:

ftp command args = ascii

ftp command id

This command allows you to define rule expressions to match FTP command ID.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] ftp command id  operator command_id

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`command_id`

Specifies the command identifier to match.

In 8.3 and earlier releases, command_id must be an integer from 0 through 15.

In 9.0 and later releases, command_id must be an integer from 0 through 18.

Usage Guidelines

Use this command to define rule expressions to match FTP command ID.

Example

The following command defines a rule expression to match the FTP command ID 10 :

ftp command id = 10

ftp command name

This command allows you to define rule expressions to match FTP command name.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] ftp command name  operator command_name

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`command_name`

Specifies the command name to match.

command_name must be one of the following:

abor : Abort command
cwd : Current working directory command
eprt : eprt command
epsv : epsv command
list : List command
mode : Transfer mode command
pass : Password command
pasv : Passive command
port : Port command
quit : Quit command
rest : Restore command
retr : Retry command
stor : Store command
stru : File structure command
syst : System command
type : Type command
user : User command

Usage Guidelines

Use this command to define rule expressions to match FTP command name.

Example

The following command defines a rule expression to match FTP command name list :

ftp command name = list

ftp connection-type

This command allows you to define rule expressions to match FTP connection type.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] ftp connection-type  operator connection_type

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`connection_type`

Specifies the connection type to match.

connection_type must be one of the following:

0 : Unknown
1 : Control connection
2 : Data connection

Usage Guidelines

Use this command to define rule expressions to match an FTP connection type.

Example

The following command defines a rule expression to match FTP connection type 1 :

ftp connection-type = 1

ftp data-any-match

This command allows you to define rule expressions to match all FTP data packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] ftp data-any-match  operator condition

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`condition`

Specifies the condition to match.

condition must be one of the following:

FALSE
TRUE

Usage Guidelines

Use this command to define rule expressions to match all FTP data packets.

Example

The following command defines a rule expression to match all FTP data packets:

ftp data-any-match = TRUE

ftp filename

This command allows you to define rule expressions to match FTP file name.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] ftp filename [ case-sensitive ]  operator file_name

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`file_name`

Specifies the file name to match.

file_name must be an alphanumeric string of 1 through 127 characters and may contain punctuation characters.

Usage Guidelines

Use this command to define rule expressions to match an FTP file name.

Example

The following command defines a rule expression to match a file named testtransfer :

ftp filename = testtransfer

ftp pdu-length

This command allows you to define rule expressions to match the length of a current FTP packet.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] ftp pdu-length  operator pdu_length

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`pdu_length`

Specifies the FTP PDU length (in bytes) to match.

pdu_length must be an integer from 0 through 65535.

Usage Guidelines

Use this command to define rule expressions to match the length of a current FTP packet, that is, FTP PDU length (FTP header + FTP payload).

Example

The following command defines a rule expression to match an FTP PDU length of 9647 bytes:

ftp pdu-length = 9647

ftp pdu-type

This command allows you to define rule expressions to match FTP Protocol Data Unit (PDU) type.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] ftp pdu-type  operator pdu_type

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`pdu_type`

Specifies the PDU type to match.

pdu_type must be one of the following:

0 : Unknown
1 : Command
2 : Reply

Usage Guidelines

Use this command to define rule expressions to match a PDU type of FTP packet.

Example

The following command defines a rule expression to match FTP PDU type 1 :

ftp pdu-type = 1

ftp previous-state

This command allows you to define rule expressions to match previous state of FTP session.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] ftp previous-state  operator ftp_previous_state

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`ftp_previous_state`

Specifies the previous state to match.

ftp_previous_state must be one of the following:

command-sent
init
response-error
response-ok

Usage Guidelines

Use this command to define rule expressions to match a previous state of FTP session.

Example

The following command defines a rule expression to match previous FTP state init :

ftp previous-state = init

ftp reply code

This command allows you to define rule expressions to match FTP reply code.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] ftp reply code  operator reply_code

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`reply_code`

Specifies the FTP reply code to match.

reply_code must be an integer from 100 through 599.

Usage Guidelines

Use this command to define rule expressions to match an FTP reply code.

Example

The following command defines a rule expression to match FTP reply code 150 :

ftp reply code = 150

ftp server-ip-address

This command allows you to define rule expressions to match FTP server IP address.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] ftp server-ip-address  operator ipv4/ipv6_address

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`ipv4/ipv6_address`

Specifies IP address of the server to match

ipv4/ipv6_address must be in IPv4 dotted-decimal or IPv6 colon-separated-hexadecimal notation.

Usage Guidelines

Use this command to define rule expressions to match an FTP server IP address, which will be either the IP source address or the IP destination address, depending on the direction.

Example

The following command defines a rule expression to match the FTP server IP address 10.1.1.1 :

ftp server-ip-address = 10.1.1.1

ftp server-port

This command allows you to define rule expressions to match FTP server port number.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] ftp server-port  operator port

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`port`

Specifies the FTP server port number to match.

port must be an integer from 1 through 65535.

Usage Guidelines

Use this command to define rule expressions to match an FTP server port number, which will be either the TCP source port or the TCP destination port, depending on the direction.

Example

The following command defines a rule expression to analyze user traffic for FTP server port 21 :

ftp server-port = 21

ftp session-length

This command allows you to define rule expressions to match the total number of bytes sent on an FTP control connection.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] ftp session-length  operator session_length

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`session_length`

Specifies the FTP session length (in bytes) to match.

session_length must be an integer from 1 through 4000000000.

Usage Guidelines

Use this command to define rule expressions to match the total number of bytes sent on an FTP control connection.

Example

The following command defines a rule expression to match FTP session length of 40000 bytes:

ftp session-length = 40000

ftp state

This command allows you to define rule expressions to match the current state of an FTP session.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] ftp state  operator ftp_state

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`ftp_state`

Specifies the FTP state to match.

ftp_state must be one of the following:

close : FTP transmissions that are in closed state.
command-sent : FTP transmissions that are in command-sent state.
response-error : FTP transmissions that are in response-error state.
response-ok : FTP transmissions that are in response-ok state.

Usage Guidelines

Use this command to define rule expressions to match the current state of an FTP session.

Example

The following command defines a rule expression to match FTP current state close :

ftp state = close

ftp url

This command allows you to define rule expressions to match the FTP URL/path of a file being transferred.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] ftp url [ case-sensitive ]  operator url

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`url`

Specifies the URL to match.

url must be an alphanumeric string of 1 through 127 characters.

Usage Guidelines

Use this command to define rule expressions to match the FTP URL/path of a file being transferred.

Example

The following command defines a rule expression to match the URL ftp://rfc.ietf.org/rfc/rfc1738.txt :

ftp url = ftp://rfc.ietf.org/rfc/rfc1738.txt

ftp user

This command allows you to define rule expressions to match the user name FTP command packet.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] ftp user [ case-sensitive ]  operator ftp_user

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`ftp_user`

Specifies the FTP user name to match.

ftp_user must be an alphanumeric string of 1 through 127 characters and may contain punctuation characters.

Usage Guidelines

Use this command to define rule expressions to match a user name FTP command.

Example

The following command defines a rule expression to match FTP user name user1 :

ftp user = user1

http accept

This command allows you to define rule expressions to match content types that are acceptable for the response.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] http accept [ case-sensitive ]  operator accept_field

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!present : Not present
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
present : Present
starts-with : Starts with

`accept_field`

Specifies the ACCEPT field present in the HTTP header to be matched.

accept_field must be an alphanumeric string of 1 through 127 characters.

Usage Guidelines

Use this command to define rule expressions to match content types in the HTTP header that are acceptable for the response.

Example

The following command defines a rule expression to match content that contains cisco in HTTP ACCEPT field:

http accept contains cisco

http any-match

This command allows you to define rule expressions to match all HTTP and HTTPS Connect Method packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] http any-match  operator condition

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`condition`

Specifies the condition to match.

condition must be one of the following:

FALSE
TRUE

Usage Guidelines

Use this command to define rule expressions to match all HTTP packets.

Example

The following command defines a rule expression to match all HTTP packets:

http any-match = TRUE

http attribute-in-data

This command allows you to define rule expressions to match any arbitrary attribute in the payload following the HTTP headers.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] http attribute-in-data  attribute [ case-sensitive ]  operator value

no

If previously configured, deletes the specified rule expression from the current ruledef.

`attribute`

attribute must be an alphanumeric string of 1 through 31 characters.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`value`

Specifies the value as an alphanumeric string of 1 through 127 characters.

Usage Guidelines

Use this command to define rule expressions to match arbitrary attribute in the payload following the HTTP headers.

In 14.0 and later releases, the ECS HTTP analyzer supports both CRLF and LF as valid terminators for HTTP header fields.

http attribute-in-url

This command allows you to define rule expressions to match arbitrary attribute in the combined Host+URI HTTP headers.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] http attribute-in-url  attribute [ case-sensitive ]  operator value

no

If previously configured, deletes the specified rule expression from the current ruledef.

`attribute`

attribute must be an alphanumeric string of 1 through 31 characters.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`value`

Specifies the value as an alphanumeric string of 1 through 127 characters.

Usage Guidelines

Use this command to configure rule expression to match an arbitrary attribute in the combined Host+URI HTTP headers.

In 14.0 and later releases, the ECS HTTP analyzer supports both CRLF and LF as valid terminators for HTTP header fields.

http content disposition

This command allows you to define rule expressions to match optional content-disposition field of HTTP entity header.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] http content disposition [ case-sensitive ]  operator content_disposition

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`content_disposition`

This field offers a mechanism for the sender to transmit presentational information to the recipient, allowing each component of a message to be tagged with an indication of its desired presentation semantics.

content_disposition must be an alphanumeric string of 1 through 127 characters, and may contain punctuation characters.

Usage Guidelines

Use this command to define rule expressions to match optional content-disposition field of HTTP entity header. This feature supports RFC 2616 for HTTP and RFC 1806 for Content Disposition.

In 14.0 and later releases, the ECS HTTP analyzer supports both CRLF and LF as valid terminators for HTTP header fields.

Example

The following command defines a rule expression to match content disposition successful :

http content disposition = successful

http content length

This command allows you to define rule expressions to match the value in HTTP Content-Length entity-header field.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] http content length  operator content_length

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`content_length`

Specifies the HTTP body length (in bytes) to match.

content_length must be an integer from 1 through 4000000000.

Usage Guidelines

Use this command to define rule expressions to match value in HTTP Content-Length entity-header field.

In 14.0 and later releases, the ECS HTTP analyzer supports both CRLF and LF as valid terminators for HTTP header fields.

Example

The following command defines a rule expression to match value of 10000 bytes in HTTP Content-Length entity-header field:

http content length = 10000

http content range

This command allows you to define rule expressions for CAE re-addressing to verify if the HTTP Response has content-range header or not.

Important

In release 20.0, MVG is not supported. This command must not be used in release 20.0. For more information, contact your Cisco account representative.

Product

ACS

MVG

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] http content range = TRUE

no

If previously configured, deletes the specified rule expression from the current ruledef.

Usage Guidelines

Use this command to define rule expressions for CAE re-addressing to verify if the HTTP Response has content-range header or not. This header is useful in detecting HTTP video requests when using ECS DPI ruledefs based on HTTP headers/URI.

http content type

This command allows you to define rule expressions to match value in HTTP Content-Type entity-header field.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] http content type [ case-sensitive ]  operator content_type

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`content_type`

Specifies the content type to match.

content_type must be an alphanumeric string of 1 through 127 characters and may contain punctuation characters.

Usage Guidelines

Use this command to define rule expressions to match value in HTTP Content-Type entity-header field.

In 14.0 and later releases, the ECS HTTP analyzer supports both CRLF and LF as valid terminators for HTTP header fields.

Example

The following command defines a rule expression to match abc100 in HTTP Content-Type entity-header field:

http content type = abc100

http cookie

This command allows you to define rule expressions to match strings in the HTTP cookie header.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] http cookie [ case-sensitive ]  operator cookie_string

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!present : Not present
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
present : Present
starts-with : Starts with

`cookie_string`

Specifies the string to match in the HTTP cookie header.

cookie_string must be an alphanumeric string of 1 through 127 characters.

Usage Guidelines

Use this command to define rule expressions to match strings in an HTTP cookie header.

The cookie match ruleline can be combined with other rulelines having different match criteria. Multiple line cookie header strings can be combined together using a comma (,) separator.

Important

The HTTP parser can parse up to a maximum of 4096 bytes in the cookie header. In the case of multiple line cookie headers, the maximum of 4096 bytes includes the total size of all cookie header values, and the separators added to combine them.

Example

The following command defines a rule expression to match the HTTP cookie header with the string tollfree :

http cookie = tollfree

http domain

This command allows you to define rule expressions to match the domain portion of URIs in HTTP packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] http domain [ case-sensitive ]  operator domain

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`domain`

Specifies the domain to match.

domain must be an alphanumeric string of 1 through 127 characters.

Usage Guidelines

Use this command to define rule expressions to match the domain portion of URIs in HTTP packets.

From the URL, after http:// (if present) is removed, everything until the first "/" is the domain.

Example

The following command defines a rule expression to match user traffic based on domain name testdomain :

http domain = testdomain

http error

This command allows you to define rule expressions to match for errors in HTTP packets (for example, invalid HTTP header) and errors in the HTTP analyzer FSM (Finite State Machine) while parsing HTTP packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] http error  operator condition

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`condition`

Specifies the condition to match.

condition must be one of the following:

FALSE
TRUE

Usage Guidelines

Use this command to define rule expressions to match for errors in HTTP packets and other errors in HTTP analyzer FSM while parsing HTTP packets. For example, FSM error, invalid header field values, ACS memory and buffer limit, packet related errors, and so on.

ACS supports pipelining of up to 32 HTTP requests on the same TCP connection. Pipeline overflow requests are not analyzed. Such overflow requests are treated as HTTP error. The billing system, based on this information, decides to charge or not charge, or refund the subscriber accordingly.

In 14.0 and later releases, the ECS HTTP analyzer supports both CRLF and LF as valid terminators for HTTP header fields.

Example

The following command defines a rule expression to match user traffic based on HTTP error status of TRUE :

http error = TRUE

http first-request-packet

This command allows you to define rule expressions to match the GET or POST request, if it is the first HTTP request for the subscriber's session.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] http first-request-packet  operator condition

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`condition`

Specifies the condition to match.

condition must be one of the following:

FALSE
TRUE

Usage Guidelines

Use this command to define rule expressions to match the GET or POST request, if it is the first HTTP request for the subscriber's session.

This expression can be connected with a charging action, so the subscriber is redirected to a splash page for the first Web access attempted.

Example

The following command defines a rule expression to match first-request-packet:

http first-request-packet = TRUE

http header-length

This command allows you to define rule expressions to match HTTP header length.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] http header-length  operator header_length

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`header_length`

Specifies the HTTP header length (in bytes) to match.

header_length must be an integer from 0 through 65535.

Usage Guidelines

Use this command to define rule expressions to match the length of an HTTP header.

In 14.0 and later releases, the ECS HTTP analyzer supports both CRLF and LF as valid terminators for HTTP header fields.

Example

The following command defines a rule expression to match an HTTP header length of 8000 :

http header-length = 8000

http host

This command allows you to define rule expressions to match value in HTTP Host request-header field.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] http host [ case-sensitive ]  operator host_name

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
regex : Regular expression
starts-with : Starts with

`host_name`

Specifies the host name to match.

host_name must be an alphanumeric string of 1 through 127 characters and may contain punctuation characters.

Usage Guidelines

Use this command to define rule expressions to match value in HTTP Host request-header field.

In 14.0 and later releases, the ECS HTTP analyzer supports both CRLF and LF as valid terminators for HTTP header fields.

The following table lists the special characters that you can use in regex rule expressions. For more information on regex support, refer to the Enhanced Charging Service Administration Guide.

Table 1. Special Characters Supported in Regex Rule Expressions

Regex Character

Description

*

Zero or more characters

+

Zero or more repeated instances of the token preceding the +

?

Match zero or one character

Important

The CLI does not support configuring "?" directly, you must instead use "\077".

For example, if you want to match the string "xyz<any one character>pqr", you must configure it as:

http host regex "xyz\077pqr"

In another example, if you want to exactly match the string "url?resource=abc", you must configure it as:

http uri regex "url\\077resource=abc"

Where, the first "\" (backslash) is for the escaping of "?", and then "\077" for specifying "?" to the CLI.

\character

Escaped character

\?

Match the question mark (\<ctrl-v>?)

\+

Match the plus character

\*

Match the asterisk character

\a

Match the Alert (ASCII 7) character

\b

Match the Backspace (ASCII 8) character

\f

Match the Form-feed (ASCII 12) character

\n

Match the New line (ASCII 10) character

\r

Match the Carriage return (ASCII 13) character

\t

Match the Tab (ASCII 9) character

\v

Match the Vertical tab (ASCII 11) character

\0

Match the Null (ASCII 0) character

\\

Match the backslash character

Bracketed range [0-9]

Match any single character from the range

A leading ^ in a range

Do not match any in the range. All other characters represent themselves.

.\x##

Any ASCII character as specified in two-digit hex notation.

For example, \x5A yields a "Z".

|

Specify OR regular expression operator

Important

When using the regex operator "|" in regex expressions, always wrap the string in double quotes.

For example, if you want to match the string "pqr" OR "xyz", you must configure it as:

http host regex "pqr|xyz" .

Example

The following command defines a rule expression to match host1 in HTTP Host request-header field:

http host = host1

The following command defines a regex rule expression to match either of the following values in the HTTP Host request-header field: host1, host23w01.

http host regex "host1|host23w01"

http payload-length

This command allows you to define rule expressions to match HTTP payload length.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] http payload-length  operator payload_length

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`payload_length`

Specifies the HTTP payload (data) length (in bytes) to match.

payload_length must be an integer from 1 through 4000000000.

Usage Guidelines

Use this command to define rule expressions to match HTTP payload (data) length (pdu-length - header-length).

Example

The following command defines a rule expression to match HTTP payload length of 100000 bytes:

http payload-length = 100000

http pdu-length

This command allows you to define rule expressions to match the total length of a single HTTP packet.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] http pdu-length  operator pdu_length

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`pdu_length`

Specifies the HTTP PDU length (in bytes) to match.

pdu_length must be an integer from 0 through 65535.

Usage Guidelines

Use this command to define rule expressions to match the total length of a single HTTP packet. This will also match packets with partial HTTP message (due to fragmentation).

Example

The following command defines a rule expression to match an HTTP PDU length of 10000 bytes:

http pdu-length = 10000

http previous-state

This command allows you to define rule expressions to match previous state of HTTP sessions.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] http previous-state  operator http_previous_state

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`http_previous_state`

Specifies the previous state to match.

http_previous_state must be one of the following:

init : Initialized state
response-error : Response error state
response-ok : Response ok state
waiting-for-response : Waiting for response state

Usage Guidelines

Use this command to define rule expressions to match a previous state of HTTP sessions.

Example

The following command defines a rule expression to match HTTP previous state response-ok :

http previous-state = response-ok

http referer

This command allows you to define rule expressions to match the value in the HTTP Referer request-header field.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] http referer [ case-sensitive ]  operator referer_name

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!present : Not present
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
present : Present
regex : Regular expression
starts-with : Starts with

`referer_name`

Specifies the HTTP referer name to match.

referer_name must be an alphanumeric string of 1 through 127 characters and may contain punctuation characters.

Usage Guidelines

Use this command to define rule expressions to match value in HTTP Referer request-header field.

This feature allows an operator to collect or track all URLs visited during a particular subscriber session. These URLs include the entire string of visited URLs, including all referral links. This information is output in an Event Data Record (EDR) format to support reporting or billing functions.

For example, if a subscriber begins a mobile web session and clicks on the "Sports" link from the home deck, and then selects ESPN and moves to an advertiser link, the operator can capture all URLs for that entire session. During this period ACS collects the URLs for a particular subscriber session; collection can be limited by time duration or number of URLs visited.

ACS generates EDRs that contain HTTP URL and the HTTP referer fields along with other fields.

In 14.0 and later releases, the ECS HTTP analyzer supports both CRLF and LF as valid terminators for HTTP header fields.

The following table lists the special characters that you can use in regex rule expressions. For more information on regex support, refer to the Enhanced Charging Service Administration Guide.

Table 2. Special Characters Supported in Regex Rule Expressions

Regex Character

Description

*

Zero or more characters

+

Zero or more repeated instances of the token preceding the +

?

Match zero or one character

Important

The CLI does not support configuring "?" directly, you must instead use "\077".

For example, if you want to match the string "xyz<any one character>pqr", you must configure it as:

http host regex "xyz\077pqr"

In another example, if you want to exactly match the string "url?resource=abc", you must configure it as:

http uri regex "url\\077resource=abc"

Where, the first "\" (backslash) is for the escaping of "?", and then "\077" for specifying "?" to the CLI.

\character

Escaped character

\?

Match the question mark (\<ctrl-v>?) character

\+

Match the plus character

\*

Match the asterisk character

\a

Match the Alert (ASCII 7) character

\b

Match the Backspace (ASCII 8) character

\f

Match the Form-feed (ASCII 12) character

\n

Match the New line (ASCII 10) character

\r

Match the Carriage return (ASCII 13) character

\t

Match the Tab (ASCII 9) character

\v

Match the Vertical tab (ASCII 11) character

\0

Match the Null (ASCII 0) character

\\

Match the backslash character

Bracketed range [0-9]

Match any single character from the range

A leading ^ in a range

Do not match any in the range. All other characters represent themselves.

.\x##

Any ASCII character as specified in two-digit hex notation.

For example, \x5A yields a "Z".

|

Specify OR regular expression operator

Important

When using the regex operator "|" in regex expressions, always wrap the string in double quotes.

For example, if you want to match the string "pqr" OR "xyz", you must configure it as:

http host regex "pqr|xyz" .

Example

The following command defines a rule expression to match the HTTP referer cricket.espn.com :

http referer = cricket.espn.com

http reply code

This command allows you to define rule expressions to match status code associated with HTTP response packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] http reply code  operator reply_code

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`reply_code`

Specifies the HTTP reply code to match.

reply_code must be an integer from 100 through 599.

Usage Guidelines

Use this command to define rule expressions to match status code associated with HTTP response codes.

Example

The following command defines a rule expression to match HTTP response code 204 :

http reply code = 204

http reply payload

This command allows you to define rule expressions to enable video detection using HTTP payload content.

Important

In release 20.0, MVG is not supported. This command must not be used in release 20.0. For more information, contact your Cisco account representative.

Product

ACS

MVG

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] http reply payload type = video

no

If previously configured, deletes the specified rule expression from the current ruledef.

Usage Guidelines

Use this command to enable inspection for video in HTTP Response payload. Request payloads will not be inspected.

http request method

This command allows you to define rule expressions to match HTTP request method.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] http request method  operator request_method

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`request_method`

Specifies the HTTP request method to match.

request_method must be one of the following:

connect
delete
get
head
options
post
put
trace

Usage Guidelines

Use this command to define rule expressions to match an HTTP request method.

Example

The following command defines a rule expression to match user traffic based on HTTP request method connect :

http request method = connect

http session-length

This command allows you to define rule expressions to match HTTP session length.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] http session-length  operator session_length

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`session_length`

Specifies the HTTP total session length (in bytes) to match.

session_length must be an integer from 1 through 4000000000.

Usage Guidelines

Use this command to define rule expressions to match a total HTTP session length.

Example

The following command defines a rule expression to match an HTTP session length of 200000 :

http session-length = 200000

http state

This command allows you to define rule expressions to match current state of an HTTP session.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] http state  operator current_state

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`current_state`

Specifies the current state of HTTP session to match.

current_state must be one of the following:

close : Closed state
response-error : Response error state
response-ok : Response ok state
waiting-for-response : Waiting for response state

Usage Guidelines

Use this command to define rule expressions to match a current state of an HTTP session.

Example

The following command defines a rule expression to match current state close :

http state = close

http transaction-length

This command allows you to define rule expressions to match HTTP transaction length (combined length of one HTTP GET Request message and its associated response messages).

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] http transaction-length {  operator transaction_length | { { range | !range }  range_from to  range_to } }

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`transaction_length`

Specifies the HTTP transaction length (in bytes) to match.

transaction_length must be an integer from 1 through 4000000000.

{ range | !range } `range_from` to `range_to`

Enables or disables the range criteria for length of transaction.

range : Enables the range criteria for HTTP transaction length.
!range : Disables the range criteria for HTTP transaction length.
range_from : Specifies the start of range (in bytes) for HTTP transaction length.
range_to : Specifies the end of range (in bytes) for HTTP transaction length.

Usage Guidelines

Use this command to define rule expressions to match an HTTP transaction length [one HTTP GET Request message + associated response message(s)] in bytes.

Example

The following command defines a rule expression to match an HTTP transaction length of 10200 bytes:

http transaction-length = 10200

http transfer-encoding

This command allows you to define rule expressions to match the value in HTTP Transfer-Encoding general-header field.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] http transfer-encoding [ case-sensitive ]  operator transfer_encoding

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`transfer_encoding`

Specifies the HTTP transfer encoding to match.

transfer_encoding must be an alphanumeric string of 1 through 127 characters, and may contain punctuation characters.

Usage Guidelines

Use this command to define rule expressions to match the value in HTTP Transfer-Encoding general-header field.

In 14.0 and later releases, the ECS HTTP analyzer supports both CRLF and LF as valid terminators for HTTP header fields.

Example

The following command defines a rule expression to match the value chunked in HTTP Transfer-Encoding general-header field:

http transfer-encoding = chunked

http uri

This command allows you to define rule expressions to match HTTP URI.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] http uri [ case-sensitive ]  operator uri

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
regex : Regular expression
starts-with : Starts with

`uri`

Specifies the HTTP URI to match.

uri must be an alphanumeric string of 1 through 127 characters, and can contain punctuation characters, and excludes the "host" portion.

Usage Guidelines

Use this command to define rule expressions to match an HTTP URI, excluding the host portion.

The following table lists the special characters that you can use in regex rule expressions. For more information on regex support, refer to the Enhanced Charging Service Administration Guide.

Table 3. Special Characters Supported in Regex Rule Expressions

Regex Character

Description

*

Zero or more characters

+

Zero or more repeated instances of the token preceding the +

?

Match zero or one character

Important

The CLI does not support configuring "?" directly, you must instead use "\077".

For example, if you want to match the string "xyz<any one character>pqr", you must configure it as:

http host regex "xyz\077pqr"

In another example, if you want to exactly match the string "url?resource=abc", you must configure it as:

http uri regex "url\\077resource=abc"

Where, the first "\" (backslash) is for the escaping of "?", and then "\077" for specifying "?" to the CLI.

\character

Escaped character

\?

Match the question mark (\<ctrl-v>?) character

\+

Match the plus character

\*

Match the asterisk character

\a

Match the Alert (ASCII 7) character

\b

Match the Backspace (ASCII 8) character

\f

Match the Form-feed (ASCII 12) character

\n

Match the New line (ASCII 10) character

\r

Match the Carriage return (ASCII 13) character

\t

Match the Tab (ASCII 9) character

\v

Match the Vertical tab (ASCII 11) character

\0

Match the Null (ASCII 0) character

\\

Match the backslash character

Bracketed range [0-9]

Match any single character from the range

A leading ^ in a range

Do not match any in the range. All other characters represent themselves.

.\x##

Any ASCII character as specified in two-digit hex notation.

For example, \x5A yields a "Z".

|

Specify OR regular expression operator

Important

When using the regex operator "|" in regex expressions, always wrap the string in double quotes.

For example, if you want to match the string "pqr" OR "xyz", you must configure it as:

http host regex "pqr|xyz" .

Example

The following command defines a rule expression to match the HTTP URI string http://www.somehost.com :

http uri = http://www.somehost.com

The following command defines a regex rule expression to match either of the following or similar values in the HTTP URI string: http://server19.com/search?form=zip, http://server20.com/search?form=pdf

http uri regex "(http://|http://www).server[0-2][0-9].com/search?form=(pdf|zip)"

http url

This command allows you to define rule expressions to match HTTP URL.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] http url [ case-sensitive ]  operator url

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
regex : Regular expression
starts-with : Starts with

`url`

Specifies the HTTP URL to match.

url must be an alphanumeric string of 1 through 127 characters. that allows punctuation characters and includes "host + URI" for HTTP PDUs.

For example, in case of the URL "http://www.google.fr/", the host is "http://www.google.fr", and the URI is "/":

Hypertext Transfer Protocol 
  GET / HTTP/1.1\r\n 
    Request Method: GET 
    Request URI: / 
    Request Version: HTTP/1.1 
  Accept: */*\r\n 
  Accept-Language: fr\r\n 
  Accept-Encoding: gzip, deflate\r\n 
  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)\r\n 
  Host: www.google.fr\r\n 
  Connection: Keep-Alive\r\n 
  \r\n

Usage Guidelines

Use this command to define rule expressions to match HTTP URL.

Important

When rule lines are added or modified, the entire trie is recreated and it mallocs memory for every URL present in the configuration. This leads to huge memory allocation that gets freed once the trie is created.

The following table lists the special characters that you can use in regex rule expressions. For more information on regex support, refer to the ECS Administration Guide.

Table 4. Special Characters Supported in Regex Rule Expressions

Regex Character

Description

*

Zero or more characters

+

Zero or more repeated instances of the token preceding the +

?

Match zero or one character

Important

The CLI does not support configuring "?" directly, you must instead use "\077".

For example, if you want to match the string "xyz<any one character>pqr", you must configure it as:

http host regex "xyz\077pqr"

In another example, if you want to exactly match the string "url?resource=abc", you must configure it as:

http uri regex "url\\077resource=abc"

Where, the first "\" (backslash) is for the escaping of "?", and then "\077" for specifying "?" to the CLI.

\character

Escaped character

\?

Match the question mark (\<ctrl-v>?) character

\+

Match the plus character

\*

Match the asterisk character

\a

Match the Alert (ASCII 7) character

\b

Match the Backspace (ASCII 8) character

\f

Match the Form-feed (ASCII 12) character

\n

Match the New line (ASCII 10) character

\r

Match the Carriage return (ASCII 13) character

\t

Match the Tab (ASCII 9) character

\v

Match the Vertical tab (ASCII 11) character

\0

Match the Null (ASCII 0) character

\\

Match the backslash character

Bracketed range [0-9]

Match any single character from the range

A leading ^ in a range

Do not match any in the range. All other characters represent themselves.

.\x##

Any ASCII character as specified in two-digit hex notation.

For example, \x5A yields a "Z".

|

Specify OR regular expression operator

Important

When using the regex operator "|" in regex expressions, always wrap the string in double quotes.

For example, if you want to match the string "pqr" OR "xyz", you must configure it as:

http host regex "pqr|xyz" .

Example

The following command defines a rule expression to match the HTTP URL http://rfc.ietf.org/rfc/rfc1738.txt :

http url = http://rfc.ietf.org/rfc/rfc1738.txt

The following command defines a regex rule expression to match either of the following or similar values in the HTTP URL string: http://yahoo.com, http://www.yahoo.co.in, http://yahoo.com/news.

http url regex "(http://|http://www).yahoo.(co.in|com)*"

http user-agent

This command allows you to define rule expressions to match the User-Agent request-header field of HTTP packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] http user-agent [ case-sensitive ]  operator user_agent

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!present : Not present
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
present : Present
starts-with : Starts with

`user_agent`

Specifies the HTTP user agent value to match.

user_agent must be an alphanumeric string of 1 through 127 characters and may contain punctuation characters.

Usage Guidelines

Use this command to define rule expressions to match value in HTTP user-agent header field.

In 14.0 and later releases, the ECS HTTP analyzer supports both CRLF and LF as valid terminators for HTTP header fields.

Example

The following command defines a rule expression to match xyz.123 in HTTP user-agent header field:

http user-agent = xyz.123

http version

This command allows you to define rule expressions to match version information in HTTP headers.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] http version [ case-sensitive ]  operator http_version

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!present : Not present
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
present : Present
starts-with : Starts with

`http_version`

Specifies this HTTP version value to match.

http_version must be an alphanumeric string of 1 through 127 characters, and may contain punctuation characters.

Usage Guidelines

Use this command to define rule expressions to match HTTP version.

Example

The following command defines a rule expression to match HTTP version http4.2 :

http version = http4.2

http x-header

This command allows you to define rule expressions to match specified field within extension-headers (x-headers).

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] http x-header  field_name [ case-sensitive ]  operator string

no

If previously configured, deletes the specified rule expression from the current ruledef.

`field_name`

field_name must be an alphanumeric string of 1 through 31 characters.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!present : Not present
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
present : Present
starts-with : Starts with

`string`

Specifies the HTTP x-header value to match.

string must be an alphanumeric string of 1 through 127 characters and may contain punctuation characters.

Usage Guidelines

Use this command to define rule expressions to match specified fields within x-headers. The extension-header can be any header field not specified in RFCs.

All x-header fields must begin with "x-".

In 14.0 and later releases, the ECS HTTP analyzer supports both CRLF and LF as valid terminators for HTTP header fields.

Example

The following command defines a rule expression to match the extension-header test_field for the value test_string :

http x-header test_field = test_string

icmp any-match

This command allows you to define rule expressions to match all ICMP packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] icmp any-match  operator condition

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`condition`

Specifies the condition to match.

condition must be one of the following:

FALSE
TRUE

Usage Guidelines

Use this command to define rule expressions to match all ICMP packets.

Example

The following command defines a rule expression to match all ICMP packets:

icmp any-match = TRUE

icmp code

This command allows you to define rule expressions to match value in the Code field of ICMP packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] icmp code  operator code

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`code`

Specifies the ICMP code to match.

code must be an integer from 0 through 255.

Usage Guidelines

Use this command to define rule expressions to match a code field of ICMP packets.

Example

The following command defines a rule expression to match ICMP code 11 :

icmp code = 11

icmp type

This command allows you to define rule expressions to match value in Type field of ICMP packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] icmp type  operator type

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`type`

Specifies the ICMP type to match.

type must be an integer from 0 through 255. For example, 0 for Echo Reply, 3 for Destination Unreachable, and 5 for Redirect.

Usage Guidelines

Use this command to define rule expressions to match a type field of ICMP packets.

Example

The following command defines a rule expression to match user traffic based on ICMP type 3 :

icmp type = 3

icmpv6 any-match

This command allows you to define rule expressions to match all ICMPv6 packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] icmpv6 any-match  operator condition

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`condition`

Specifies the condition to match.

condition must be one of the following:

FALSE
TRUE

Usage Guidelines

Use this command to define rule expressions to match all ICMPv6 packets.

Example

The following command defines a rule expression to match all ICMPv6 packets:

icmpv6 any-match = TRUE

icmpv6 code

This command allows you to define rule expressions to match value in Code field of ICMPv6 packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] icmpv6 code  operator code

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`code`

Specifies the ICMPv6 code to match.

code must be an integer from 0 through 255.

Usage Guidelines

Use this command to define rule expressions to match a code field of ICMPv6 packets.

Example

The following command defines a rule expression to match ICMPv6 code 134 :

icmpv6 code = 134

icmpv6 type

This command allows you to define rule expressions to match type field of ICMPv6 packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] icmpv6 type  operator type

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`type`

Specifies the ICMPv6 type to match.

type must be an integer from 0 through 255. For example, 129 for Echo Reply, 3 for Time Exceeded, and 137 for Redirect Message.

Usage Guidelines

Use this command to define rule expressions to match type field of ICMPv6 packets.

Example

The following command defines a rule expression to match ICMPv6 type 133 :

icmpv6 type = 133

if-protocol

This command allows you to associate different content IDs with the same ruledef, depending on the protocol being used.

Product

Important

In StarOS 18.0 and later releases, this command has been deprecated.

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

if-protocol { http | wsp-connection-less | wsp-connection-oriented } content-id  content_id 
no if-protocol { http | wsp-connection-less | wsp-connection-oriented }

no

If previously configured, deletes the specified rule expression from the current ruledef.

http

Specifies HTTP protocol.

This is the same as the rule expression http any-match = true .

wsp-connection-less

Specifies WSP connection-less protocol.

This is the same as requiring "wsp any-match = true " but "wtp any-match = false " (that is, connection-less WAP1.x).

wsp-connection-oriented

Specifies WSP connection-oriented protocol.

This is the same as the combined rule expression "wsp any-match = true " and "wtp any-match = true " (that is, connection-oriented WAP1.x).

content-id `content_id`

Specifies the content ID for the specified protocol.

In 12.1 and earlier releases, content_id must be an integer from 1 through 65535.

In 12.2 and later releases, content_id must be an integer from 1 through 2147483647.

Usage Guidelines

Use this command to associate different content IDs with the same ruledef, depending on the protocol being used.

This command is only effective for charging ruledefs. See the command for information on how to configure charging ruledefs.

If a particular ruledef should have three different values for content-id, depending on whether the traffic is connection-oriented WAP1.x, connection-less WAP1.x, or WAP2.0, within the ruledef we should have configuration similar to the following:

if-protocol wsp-connection-oriented content-id 1

if-protocol wsp-connection-less content-id 2

if-protocol http content-id 3

Presumably, the ruledef would have another configurable like "www url contains foo ", which would cause it to use different content IDs when "foo" was accessed, depending upon the protocol being used.

Example

The following command associates HTTP protocol and a content ID of 23 :

if-protocol http content-id 23

imap any-match

This command allows you to define rule expressions to match all IMAP packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] imap any-match  operator condition

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`condition`

Specifies the condition to match.

condition must be one of the following:

FALSE
TRUE

Usage Guidelines

Use this command to define rule expressions to match all IMAP packets.

Example

The following command defines a rule expression to match all IMAP packets:

imap any-match = TRUE

imap cc

This command allows you to define rule expressions to match recipient address in the Carbon Copy (cc) field of e-mails in IMAP messages.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] imap cc [ case-sensitive ]  operator cc_address

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`cc_address`

Specifies the e-mail "cc" address/name to match.

cc_address must be an alphanumeric string of 1 through 127 characters and may contain punctuation characters.

Usage Guidelines

Use this command to define rule expressions to match recipient address in the "cc" field of e-mails in IMAP messages.

Example

The following command defines a rule expression to match recipient address triangle@xyz.com in the "cc" field of e-mails in IMAP messages:

imap cc contains triangle@xyz.com

imap command

This command allows you to define rule expressions to match embedded IMAP commands in IMAP messages.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] imap command  operator command

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`command`

Specifies the command to match.

command must be one of the following:

append
authenticate
capability
check
close
copy
create
delete
examine
expunge
fetch
list
login
logout
lsub
noop
rename
search
select
starttls
status
store
subscribe
uid-copy
uid-fetch
uid-search
uid-store
unsubscribe

Usage Guidelines

Use this command to define rule expressions to match an embedded command in the IMAP message.

Example

The following command defines a rule expression to match close command in IMAP messages:

imap command = close

imap content class

This command allows you to define rule expressions to match the content-class field of e-mails in IMAP messages.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] imap content class [ case-sensitive ]  operator content_class

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`content_class`

Specifies the content class to match.

content_class must be an alphanumeric string of 1 through 127 characters and may contain punctuation characters.

Usage Guidelines

Use this command to define rule expressions to match the content-class field of e-mails in IMAP messages.

Example

The following command defines a rule expression to analyze user traffic matching content class javax.mail.internet.MimeMultipart in the content-class field of e-mails in IMAP messages:

imap content class contains javax.mail.internet.MimeMultipart

imap content type

This command allows you to define rule expressions to match the content-type field of e-mails in IMAP messages.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] imap content type [ case-sensitive ]  operator content_type

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`content_type`

Specifies the content type field to match.

content_type must be an alphanumeric string of 1 through 127 characters and may contain punctuation characters.

Usage Guidelines

Use this command to define rule expressions to match the content-type field of e-mails in IMAP messages.

Example

The following command defines a rule expression to analyze user traffic matching content type TEXT/plain; charset=iso-8859-1 in the content-type field of e-mails in IMAP messages:

imap content type contains TEXT/plain; charset=iso-8859-1

imap date

This command allows you to define rule expressions to match the Date field of e-mails in IMAP messages.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] imap date [ case-sensitive ]  operator date

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`date`

Specifies the date to match.

date must be an alphanumeric string of 1 through 127 characters that may include punctuation marks and spaces as shown in the example below.

Usage Guidelines

Use this command to define rule expressions to match the date field of e-mails in IMAP messages.

Example

The following command defines a rule expression to analyze user traffic matching date Fri, 20 Jan 2012 11:00:00 -0600 in the "date" field of e-mails in IMAP messages:

imap date contains Fri, 21 Jan 2012 11:00:00 -0600

imap final-reply

This command allows you to define rule expressions to match final-reply value for the last IMAP final-reply message.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] imap final-reply  operator final_reply

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`final_reply`

Specifies the "final-reply" condition to match.

final_reply must be one of the following:

bad : Final reply is invalid or bad.
no : There is no final reply.
ok : Final reply is valid.

Usage Guidelines

Use this command to define rule expressions to match a final-reply value for the last IMAP final-reply message.

Example

The following command defines a rule expression to analyze user traffic matching the final-reply condition bad in the last IMAP final-reply message:

imap final-reply = bad

imap from

This command allows you to define rule expressions to match the from field of e-mails in IMAP messages.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] imap from [ case-sensitive ]  operator from_address

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`from_address`

Specifies the "from" address/value to match.

from_address must be an alphanumeric string of 1 through 127 characters.

Usage Guidelines

Use this command to define rule expressions to match the from field of e-mails in IMAP messages.

Example

The following command defines a rule expression to analyze user traffic matching triangle in the "from" field of e-mails in the IMAP messages:

imap from contains triangle

imap mail-size

This command allows you to define rule expressions to match IMAP e-mail users that have e-mails of a specified size in their mailboxes.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] imap mail-size  operator mail_size

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`mail_size`

Specifies the total size of mail, in bytes, to match.

mail_size must be an integer from 0 through 4000000000.

Usage Guidelines

Use this command to define rule expressions to discover the number of IMAP e-mail users that have e-mails of a specified size in their mailboxes.

Example

The following command defines a rule expression to match users with e-mail size less than or equal to 23400 bytes:

imap mail-size <= 23400

imap mailbox-size

This command allows you to define rule expressions to match IMAP e-mail user having a specified number of messages in their mailboxes.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] imap mailbox-size  operator number_of_email

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`number_of_email`

Specifies the total number of e-mail messages in mailbox of an IMAP user to match.

number_of_email must be an integer from 0 through 65535.

Usage Guidelines

Use this command to define rule expressions to match the number of IMAP e-mail users having a specified number of messages in their mailboxes.

Example

The following command defines a rule expression to match e-mail users having less than or equal to 1024 e-mail messages in their mailboxes:

imap mailbox-size <= 1024

imap message-type

This command allows you to define rule expressions to match the type of IMAP packet.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] imap message-type  operator message_type

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`message_type`

Specifies the IMAP packet message-type to match.

message_type must be one of the following:

command-continuation-reply : Message with command-continuation-reply type.
final-reply : Message is of final reply type.
request : There is of request type.
untagged-reply : Message of reply type, but without any tag.

Usage Guidelines

Use this command to define rule expressions to match the IMAP message type.

Example

The following command defines a rule expression to match IMAP sessions with message type request :

imap message-type = request

imap previous-state

This command allows you to define rule expressions to match the previous state of IMAP request sessions.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] imap previous-state  operator imap_previous_state

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`imap_previous_state`

Specifies the previous state to match.

imap_previous_state must be one of the following:

init : Message in initialization state.
request-sent : Message in request-sent state.

Usage Guidelines

Use this command to define rule expressions to match previous state of IMAP request session.

Example

The following command defines a rule expression to match IMAP sessions with previous state init :

imap previous-state = init

imap session-length

This command allows you to define rule expressions to match the total length of an IMAP session.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] imap session-length  operator session_length

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`session_length`

Specifies the total length of IMAP session (in bytes) to match.

session_length must be an integer from 1 through 4000000000.

Usage Guidelines

Use this command to define rule expressions to match the total length of IMAP sessions.

The session length is calculated by adding together the IP payloads (that is, starting after the IP header) of all relevant IMAP session packets.

Example

The following command defines a rule expression to match IMAP sessions with length less than or equal to 4000 bytes:

imap session-length <= 4000

imap session-previous-state

This command allows you to define rule expressions to match the previous state of an IMAP session.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] imap session-previous-state  operator imap_session_previous_state

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`imap_session_previous_state`

Specifies the previous state of IMAP session to match.

imap_session_previous_state must be one of the following:

authenticated : Session authenticated
connected : Session connected
init : Session initialized
mailbox-selected : Mailbox selected

Usage Guidelines

Use this command to define rule expressions to match the previous state of IMAP sessions.

Example

The following command defines a rule expression to match IMAP sessions with previous state init :

imap session-previous-state = init

imap session-state

This command allows you to define rule expressions to match the current state of IMAP sessions.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] imap session-state  operator session_current_state

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`session_current_state`

Specifies the current state to match.

session_current_state must be one of the following:

authenticated : Session authenticating.
connected : Session connecting.
logout : Session logged out.
mailbox-selected : Mailbox selecting.

Usage Guidelines

Use this command to define rule expressions to match the current state of IMAP sessions.

Example

The following command defines a rule expression to match IMAP sessions with current state connected :

imap session-state = connected

imap state

This command allows you to define rule expressions to match the current state of IMAP sessions.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] imap state  operator current_state

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`current_state`

Specifies current state of IMAP session to match.

current_state must be one of the following:

request-sent : Request message sent
response-fail : Request response failed
response-ok : Request response is good

Usage Guidelines

Use this command to define rule expressions to match the current state of IMAP session.

Example

The following command defines a rule expression to match IMAP sessions with current state response-fail :

imap state = response-fail

imap subject

This command allows you to define rule expressions to match the subject field of e-mails in IMAP messages.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] imap subject [ case-sensitive ]  operator subject

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`subject`

Specifies the "subject" to match.

subject must be an alphanumeric string of 1 through 127 characters, and may contain punctuation characters and space as shown in the example below.

Usage Guidelines

Use this command to define rule expressions to match "subject" field of e-mail in IMAP message.

Example

The following command defines rule expression to match occurrence of the string My test in the "subject" field of e-mails in IMAP message:

imap subject contains My test

imap to

This command allows you to define rule expressions to match the "to" field of e-mails in IMAP messages.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] imap to [ case-sensitive ]  operator to

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`to`

Specifies the "to" field value to match.

to must be an alphanumeric string of 1 through 127 characters and may contain punctuation characters.

Usage Guidelines

Use this command to define rule expressions to match "to" field of e-mails in IMAP messages.

Example

The following command defines a rule expression to analyze user traffic matching the occurrence xyz.com in the "to" field of e-mails in the IMAP message:

imap to contains xyz.com

ip any-match

This command allows you to define rule expressions to match all IPv4/IPv6 packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] ip any-match  operator condition

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`condition`

Specifies the condition to match.

condition must be one of the following:

FALSE
TRUE

Usage Guidelines

Use this command to define rule expressions to match IPv4/IPv6 packets.

Example

The following command defines a rule expression to match IPv4/IPv6 packets:

ip any-match = TRUE

ip dscp

This command enables you to configure a ruledef with the DSCP value and match it with the DSCP value in the incoming IP packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] ip dscp {  operator }  ipv4_tos_value | ipv6_tc_value [ mask  mask_value ]

no

If previously configured, removes the specified DSCP value and the mask from the configuration.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`ipv4_tos_value | ipv6_tc_value`

Specifies the DSCP value to match with the incoming IP packets.

The ipv4_tos_value or ipv6_tc_value must be an integer from 0 through 63.

mask `mask_value`

Specifies the mask for the number of bits in the DSCP value to be considered for matching.

mask_value must be an integer from 0 through 63. The default mask value is 63.

Usage Guidelines

Use this command to check if the DSCP value in the IPv4 ToS or IPv6 TC field of incoming IP packet matches with configured ToS/TC value.

Example

The following command will match all incoming packets which has DSCP value 20:

ip dscp = 20 mask 31

ip downlink

This command allows you to define rule expressions to match downlink (network to subscriber) packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] ip downlink  operator condition

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`condition`

Specifies the condition to match.

condition must be one of the following:

FALSE
TRUE

Usage Guidelines

Use this command to define rule expressions to match downlink (to subscriber) IP packets.

Example

The following command defines a rule expression to match IP packet in downlink direction:

ip downlink = TRUE

ip dst-address

This command allows you to define rule expressions to match IP destination address field within IP headers.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] ip dst-address {  operator {  ipv4/ipv6_address |  ipv4/ipv6_address/mask | address-group  ipv6_address }  | { !range | range } host-pool  host_pool_name }

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

operator : Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`ipv4/ipv6_address`

Specifies the IP address of the destination node for outgoing traffic. ipv4/ipv6_address must be an IP address in IPv4 dotted-decimal or IPv6 colon-separated-hexadecimal notation.

`ipv4/ipv6_address/mask`

Specifies the IP address of the destination node for outgoing traffic. ipv4/ipv6_address/mask must be an IP address in IPv4 dotted-decimal or IPv6 colon-separated-hexadecimal notation with subnet mask bit. The mask bit is a numeric value which corresponding to the number of bits in the subnet mask.

address-group `ipv6_address`

Important

The address-group keyword can be configured only after the = operator. The wildcard support has not been provided for IPv4 addresses.

Specifies a group of IPv6 addresses configured with wildcard input and/or specialized range input. Multiple wildcard characters can be accepted as input and only one 2 byte range input will be accepted. Both wildcard character input and 2 byte range input can be configured together within a given IPv6 address.

In the example — 2607:7700:*:[2020-3040]::ce1d:b083/128, * is a wildcard input and [2020-3040] is a 2 byte specialized range input.

{ !range | range } host-pool `host_pool_name`

!range | range : Specifies the range criteria:

!range : Not in the range of
range : In the range of

host-pool host_pool_name : Specifies the name of the host pool. host_pool_name must be an alphanumeric string of 1 through 63 characters.

Usage Guidelines

Use this command to define rule expressions to match the IP destination address field within IP headers.

Example

The following command defines a rule expression to match user traffic based on the IPv4 destination address 10.1.1.1 :

ip dst-address = 10.1.1.1

The following command defines a rule expression to match user traffic based on the given destination IPv6 address where * is the wildcard input and [2020-3040] is the 2 byte specialized range input:

ip dst-address = 2607:7700:*:[2020-3040]::ce1d:b083/128

ip error

This command allows you to define rule expressions to match user traffic for invalid IP packets and other errors, for example IP header error, while parsing IP packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] ip error  operator condition

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`condition`

Specifies the condition to match.

condition must be one of the following:

FALSE
TRUE

Usage Guidelines

Use this command to define rule expressions to match invalid IP packets and any other errors while parsing IP packets.

Example

The following command defines a rule expression to match user traffic for invalid IP packets and other errors:

ip error = TRUE

ip protocol

This command allows you to define rule expressions to match the protocol field in IP headers.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] ip protocol  operator {  protocol_assignment_no |  protocol }

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals—available only in 8.1 and later releases
= : Equals
>= : Greater than or equals—available only in 8.1 and later releases

`protocol_assignment_no`

Specifies the protocol by assignment number.

protocol_assignment_no must be an integer from 0 through 255.

For example, 1 for ICMP, 6 for TCP, and 17 for UDP.

`protocol`

Specifies the protocol by name.

protocol must be one of the following:

ah
esp
gre
icmp
icmpv6
tcp
udp

Usage Guidelines

Use this command to define rule expressions to match protocol field in IP packet headers.

Example

The following command defines a rule expression to match protocol assignment number 1 :

ip protocol = 1

ip server-domain-name

This command allows you to define rule expressions to match host names (domain names).

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] ip server-domain-name  operator domain_name

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`domain_name`

Specifies the domain name to match.

domain_name must be an alphanumeric string of 1 through 127 characters.

Usage Guidelines

Use this command to define rule expressions to match full or partial host names (domain names).

The rule will be matched for the learnt IP addresses resolved from DNS queries to the specified domain names. DNS responses for the specified domain names will be snooped and the learnt IP addresses stored.

Besides being used for standard rule matching, this command also enables the DNS Snooping feature if the rulebase references any ruledefs with this configuration. The DNS protocol analyzer must also be enabled in the rulebase.

Example

The following command defines a rule expression to match domain name values containing star :

ip server-domain-name contains star

ip server-ip-address

This command allows you to define rule expressions to match the IP address of the destination end of the connection.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] ip server-ip-address {  operator {  ipv4/ipv6_address |  ipv4/ipv6_address/mask | address-group  ipv6_address }  | { !range | range } host-pool  host_pool_name }

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

operator : Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`ipv4/ipv6_address`

Specifies the server IP address. For uplink packets (subscriber to network), this field matches the destination IP address in the IP header. For downlink packets (network to subscriber), this field matches the source IP address in the IP header.ipv4/ipv6_address must be an IP address in IPv4 dotted-decimal notation or IPv6 colon-separated-hexadecimal notation.

`ipv4/ipv6_address/mask`

Specifies the server IP address with subnet mask bit. For uplink packets (subscriber to network), this field matches the destination IP address in the IP header. For downlink packets (network to subscriber), this field matches the source IP address in the IP header. ipv4/ipv6_address/mask must be an IP address in IPv4 dotted-decimal notation or IPv6 colon-separated-hexadecimal notation with subnet mask bit. The mask bit is a numeric value which is the number of bits in the subnet mask.

address-group `ipv6_address`

Important

The address-group keyword can be configured only after the = operator. The wildcard support has not been provided for IPv4 addresses.

Specifies a group of IPv6 addresses configured with wildcard input and/or specialized range input. Multiple wildcard characters can be accepted as input and only one 2 byte range input will be accepted. Both wildcard character input and 2 byte range input can be configured together within a given IPv6 address.

In the example — 2607:7700:*:[2020-3040]::ce1d:b083/128, * is a wildcard input and [2020-3040] is a 2 byte specialized range input.

{ !range | range } host-pool `host_pool_name`

!range | range : Specifies the range criteria:

!range : Not in the range of
range : In the range of

host-pool host_pool_name : Specifies name of the host pool. host_pool_name must be an alphanumeric string of 1 through 63 characters.

Usage Guidelines

Use this command to define rule expressions to match the IP address of the destination end of the connection.

For uplink packets, this field matches the destination IP address in the IP header. For downlink packets, this field matches the source IP address in the IP header.

Example

The following command defines a rule expression to match user traffic based on IPv4 server address 10.1.1.1 :

ip server-ip-address = 10.1.1.1

The following command defines a rule expression to match user traffic based on the given destination IPv6 address where * is the wildcard input and [2020-3040] is the 2 byte specialized range input:

ip server-ip-address = 2607:7700:*:[2020-3040]::ce1d:b083/128

ip src-address

This command allows you to define rule expressions to match the source IP address field within IP headers.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] ip src-address {  operator {  ipv4/ipv6_address |  ipv4/ipv6_address/mask | address-group  ipv6_address }  | { !range | range } host-pool  host_pool_name }

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

operator : Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`ipv4/ipv6_address`

Specifies IP address of the source node for incoming traffic. ipv4/ipv6_address must be an IP address in IPv4 dotted-decimal or IPv6 colon-separated-hexadecimal notation.

`ipv4/ipv6_address/mask`

Specifies the IP address of the source node for incoming traffic with subnet mask bit. ipv4/ipv6_address/mask must be an IP address in IPv4 dotted-decimal or IPv6 colon-separated-hexadecimal notation with subnet mask bit. The mask bit is a numeric value which corresponds to the number of bits in the subnet mask.

address-group `ipv6_address`

Important

The address-group keyword can be configured only after the = operator. The wildcard support has not been provided for IPv4 addresses.

Specifies a group of IPv6 addresses configured with wildcard input and/or specialized range input. Multiple wildcard characters can be accepted as input and only one 2 byte range input will be accepted. Both wildcard character input and 2 byte range input can be configured together within a given IPv6 address.

In the example — 2607:7700:*:[2020-3040]::ce1d:b083/128, * is a wildcard input and [2020-3040] is a 2 byte specialized range input.

{ !range | range } host-pool `host_pool_name`

!range | range : Specifies the range criteria:

!range : Not in the range of
range : In the range of

host-pool host_pool_name : Specifies name of the host pool. host_pool_name must be a string of 1 through 63 characters.

Usage Guidelines

Use this command to define rule expressions to match IP source address field within IP header.

Example

The following command defines a rule expression to match user traffic based on IPv4 source address 10.1.1.1 :

ip src-address = 10.1.1.1

The following command defines a rule expression to match user traffic based on the given source IPv6 address where * is the wildcard input and [2020-3040] is the 2 byte specialized range input:

ip src-address = 2607:7700:*:[2020-3040]::ce1d:b083/128

ip subscriber-ip-address

This command allows you to define rule expressions to match the IP address of the subscriber, which will be either the source or destination address depending on the direction.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] ip subscriber-ip-address {  operator {  ipv4/ipv6_address |  ipv4/ipv6_address/mask | address-group  ipv6_address }  | { !range | range } host-pool  host_pool_name }

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

operator : Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`ipv4/ipv6_address`

Specifies the subscriber IP address. Depending on the direction of packet this IP address will be either the IP source address or the IP destination address. ipv4/ipv6_address must be an IP address in IPv4 dotted-decimal or IPv6 colon-separated-hexadecimal notation.

`ipv4/ipv6_address/mask`

Specifies the subscriber IP address with subnet mask bit. Depending on the direction of packet this IP address will either be the IP source address or the IP destination address. ipv4/ipv6_address/mask must be an IP address in IPv4 dotted-decimal or IPv6 colon-separated-hexadecimal notation with subnet mask bit. The mask bit is a numeric value which corresponds to the number of bits in the subnet mask.

address-group `ipv6_address`

Important

The address-group keyword can be configured only after the = operator. The wildcard support has not been provided for IPv4 addresses.

Specifies a group of IPv6 addresses configured with wildcard input and/or specialized range input. Multiple wildcard characters can be accepted as input and only one 2 byte range input will be accepted. Both wildcard character input and 2 byte range input can be configured together within a given IPv6 address.

In the example — 2607:7700:*:[2020-3040]::ce1d:b083/128, * is a wildcard input and [2020-3040] is a 2 byte specialized range input.

{ !range | range } host-pool `host_pool_name`

!range | range : Specifies the range criteria:

!range : Not in the range of
range : In the range of

host-pool host_pool_name : Specifies the name of the host pool. host_pool_name must be an alphanumeric string of 1 through 63 characters.

Usage Guidelines

Use this command to define rule expressions to match the IP address of the subscriber, which will be either the source or destination address depending on the direction.

Example

The following command defines a rule expression to match user traffic based on subscriber IPv4 address 10.1.1.1 :

ip subscriber-ip-address = 10.1.1.1

The following command defines a rule expression to match user traffic based on the given subscriber IPv6 address where * is the wildcard input and [2020-3040] is the 2 byte specialized range input:

ip subscriber-ip-address = 2607:7700:*:[2020-3040]::ce1d:b083/128

ip total-length

This command allows you to define rule expressions to match the total length field in IP headers.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] ip total-length  operator total_length

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`total_length`

Specifies the total length of the IP packet (including payload) to match.

total_length must be an integer from 0 through 4096.

Usage Guidelines

Use this command to define rule expressions to match the total length field in IP headers.

Example

The following command defines a rule expression to match user traffic based on IP total length of 2000 bytes:

ip total-length = 2000

ip uplink

This command allows you to define rule expressions to match uplink (subscriber to network) IP packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] ip uplink  operator condition

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`condition`

Specifies the condition to match.

condition must be one of the following:

FALSE
TRUE

Usage Guidelines

Use this command to define rule expressions to match uplink (subscriber to network) IP packets.

Example

The following command defines a rule expression to match uplink packets:

ip uplink = TRUE

ip version

This command allows you to define rule expressions to match the version number in IP headers.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] ip version  operator ip_version

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be = (equals).

`ip_version`

Specifies the IP version to match.

ip_version must be one of the following:

ipv4
ipv6

Usage Guidelines

Use this command to define rule expressions to match version number in IP header.

Example

The following command defines a rule expression to match user traffic for the IP version ipv6 :

ip version = ipv6

mms any-match

This command allows you to define rule expressions to match all Multimedia Messenging Service (MMS) packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] mms any-match  operator condition

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`condition`

Specifies the condition to match.

condition must be one of the following:

FALSE
TRUE

Usage Guidelines

Use this command to define rule expressions to match all MMS packets.

Example

The following command defines a rule expression to match all MMS packets:

mms any-match = TRUE

mms bcc

This command allows you to define rule expressions to match recipient addresses in the bcc field of MMS messages.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] mms bcc [ case-sensitive ]  operator bcc_address

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`bcc_address`

Specifies the "bcc" address/value to match.

bcc_address must be an alphanumeric string of 1 through 127 characters and may contain punctuation characters and space.

Usage Guidelines

Use this command to define rule expressions to match recipient address in the "bcc" field of MMS messages.

Example

The following command defines a rule expression to match recipient address containing test1 in "bcc" field of MMS messages:

mms bcc contains test1

mms cc

This command allows you to define rule expressions to match recipient addresses in the cc field of MMS messages.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] mms cc [ case-sensitive ]  operator cc_address

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`cc_address`

Specifies the "cc" address/value to match.

cc_address must be an alphanumeric string of 1 through 127 characters and may contain punctuation characters and space.

Usage Guidelines

Use this command to define rule expressions to match recipient addresses in "cc" field of MMS messages.

Example

The following command defines a rule expression to match recipient address containing test1 in the "cc" field of MMS messages:

mms cc contains test1

mms content location

This command allows you to define rule expressions to match the content-location field of MMS messages.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] mms content location [ case-sensitive ]  operator string

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`string`

Specifies the value to match.

string must be an alphanumeric string of 1 through 127 characters and may contain punctuation characters and space.

Usage Guidelines

Use this command to define rule expressions to match the content-location field of MMS messages.

Example

The following command defines a rule expression to match test1 in content-location field of MMS messages:

mms content location contains test1

mms content type

This command allows you to define rule expressions to match the content-type field of MMS messages.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] mms content type [ case-sensitive ]  operator content_type

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`content_type`

Specifies the MMS content type to match.

content_type must be an alphanumeric string of 1 through 127 characters and may contain punctuation characters and space.

Usage Guidelines

Use this command to define rule expressions to match content-type field of MMS messages.

Example

The following command defines a rule expression to match image in content-type field of MMS messages:

mms content type contains image

mms downlink

This command allows you to define rule expressions to match downlink (network to subscriber) MMS packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] mms downlink  operator condition

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`condition`

Specifies the downlink (from the Mobile Node direction) status to match.

condition must be one of the following:

FALSE
TRUE

Usage Guidelines

Use this command to define rule expressions to match downlink MMS packets.

Example

The following command defines a rule expression to match all downlink MMS packets:

mms downlink = TRUE

mms from

This command allows you to define rule expressions to match the "from" field in MMS messages.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] mms from [ case-sensitive ]  operator from_address

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`from_address`

Specifies the "from" address/value to match.

from_address must be an alphanumeric string of 1 through 127 characters and may contain punctuation characters and space.

Usage Guidelines

Use this command to define rule expressions to match the "from" field of MMS messages.

Example

The following command defines a rule expression to match test1 in the "from" field of MMS messages:

mms from contains test1

mms message-id

This command allows you to define rule expressions to match the message ID field of MMS messages.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] mms message-id [ case-sensitive ]  operator message_id

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`message_id`

Specifies the MMS message ID to match.

message_id must be an alphanumeric string of 1 through 127 characters and may contain punctuation characters.

Usage Guidelines

Use this command to define rule expressions to match the "message ID" field of MMS messages.

Example

The following command defines a rule expression to match test1 in the "message ID" field of MMS messages:

mms message-id contains test1

mms pdu-type

This command allows you to define rule expressions to match Protocol Data Unit (PDU) type in the current MMS packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] mms pdu-type  operator pdu_type

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`pdu_type`

Specifies the MMS PDU type to match.

pdu_type must be one of the following:

mms-pdu-type-m-acknowledge-ind
mms-pdu-type-m-delivery-ind
mms-pdu-type-m-http-get
mms-pdu-type-m-notification-ind
mms-pdu-type-m-notify-rsp-ind
mms-pdu-type-m-retrieve-conf
mms-pdu-type-m-send-conf
mms-pdu-type-m-send-request
mms-pdu-type-m-wsp-get
mms-pdu-type-response : This option is deprecated. Use the mms_pdu_type_m_retrieve_conf option instead.

Usage Guidelines

Use this command to define rule expressions to match the PDU type in the current MMS packet.

Example

The following command defines a rule expression to match PDU type mms-pdu-type-m-http-get in the current MMS packet:

mms pdu-type = mms-pdu-type-m-http-get

mms previous-state

This command allows you to define rule expressions to match the previous state of MMS sessions.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] mms previous-state  operator mss_previous_state

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`mms_previous_state`

Specifies the previous state to match.

mms_previous_state must be one of the following:

delayed-ack-pending : This option is deprecated, use retrieve-conf-received .
delayed-m-notify-rsp-sent : This option is deprecated, use notify-rsp-sent .
delayed-retrieval-pending : This option is deprecated, use retrieval-pending .
immediate-retrieval-pending : This option is deprecated, use retrieval-pending .
init
m-send-conf-rcvd : This option is deprecated, use send-success .
m-send-req-sent
notification-ind-rcvd
notify-rsp-sent
retrieval-pending
retrieve-conf-received
send-success

Usage Guidelines

Use this command to define rule expressions to match the previous state of MMS sessions.

Example

The following command defines a rule expression to match user traffic based on MMS previous state of retrieval-pending :

mms previous-state = retrieval-pending

mms response status

This command allows you to define rule expressions to match the response status code of MMS messages.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] mms response status  operator status_code

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`status_code`

Specifies the status code to match.

status_code must be an integer from 128 through 136.

Usage Guidelines

Use this command to define rule expressions to match response status code of MMS messages.

Example

The following command defines a rule expression to match user traffic based on MMS response status code 129 :

mms response status = 129

mms state

This command allows you to define rule expressions to match the current state of MMS sessions.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] mms state  operator current_state

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`current_state`

Specifies current state of MMS session to match.

current_state must be one of the following:

delayed-ack-pending : This option is deprecated, use retrieve-conf-received .
delayed-m-notify-rsp-sent : This option is deprecated, use notify-rsp-sent .
delayed-retrieval-pending : This option is deprecated, use retrieval-pending .
delivery-failed
delivery-success
immediate-retrieval-pending : This option is deprecated, use retrieval-pending .
m-send-conf-rcvd : This option is deprecated, use send-success .
m-send-req-sent
notification-ind-rcvd
notify-rsp-sent
retrieval-failed
retrieval-pending
retrieval-success
retrieve-conf-received
send-success

Usage Guidelines

Use this command to define rule expressions to match the current state of MMS session.

Example

The following command defines a rule expression to match user traffic based on the current state of MMS session as retrieval-failed :

mms state = retrieval-failed

mms status

This command allows you to define rule expressions to match the current status of MMS sessions.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] mms status  operator status

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`status`

Specifies the MMS status to match.

status must be an integer from 128 through 132.

Usage Guidelines

Use this command to define rule expressions to match current status of MMS sessions.

Example

The following command defines a rule expression to match user traffic based on MMS current status 130 :

mms status = 130

mms subject

This command allows you to define rule expressions to match the "subject" field of MMS messages.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] mms subject [ case-sensitive ]  operator subject_string

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`subject_string`

Specifies the value to match.

subject_string must be an alphanumeric string of 1 through 127 characters and may contain punctuation characters and space.

Usage Guidelines

Use this command to define rule expressions to match "subject" field of MMS messages.

Example

The following command defines a rule expression to match test1 in the "subject" field of MMS messages:

mms subject contains test1

mms tid

This command allows you to define rule expressions to match the "Transaction Identifier" (TID) field of MMS messages.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] mms tid [ case-sensitive ]  operator transaction_id

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`transaction_id`

Specifies the MMS TID to match.

transaction_id must be an alphanumeric string of 1 through 127 characters and may contain punctuation characters.

Usage Guidelines

Use this command to define rule expressions to match TID field of MMS messages.

Example

The following command defines a rule expression to match test in TID field of MMS messages:

mms tid = test

mms to

This command allows you to define rule expressions to match the "to" field of MMS messages.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] mms to  [ case-sensitive ]  operator to_address

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`to_address`

Specifies the "to" address/name to match.

to_address must be an alphanumeric string of 1 through 127 characters, and may contain punctuation characters and space.

Usage Guidelines

Use this command to define rule expressions to match "to" field of MMS messages.

Example

The following command defines a rule expression to match user traffic based on test in "to" field of MMS messages:

mms to = test

mms uplink

This command allows you to define rule expressions to match uplink (subscriber to network) MMS packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] mms uplink  operator condition

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`condition`

Specifies the uplink (from the Mobile Node direction) status to match.

condition must one of the following:

FALSE
TRUE

Usage Guidelines

Use this command to define rule expressions to match uplink MMS packets.

Example

The following command defines a rule expression to match uplink MMS packets:

mms uplink = TRUE

mms version

This command allows you to define rule expressions to match the MMS version in MMS packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] mms version  operator version

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`version`

Specifies the MMS version to match.

version must be an integer from 1 through 65535.

Important

MMS protocol analyzer supports decoding of only MMS version 1.0.

Usage Guidelines

Use this command to define rule expressions to match MMS version in MMS packets.

Example

The following command defines a rule expression to match MMS version 1.0 in MMS packets:

mms version = 1

multi-line-or all-lines

This command applies the OR operator to all lines in the current ruledef.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] multi-line-or all-lines

no

If previously configured, deletes this configuration in the current ruledef.

multi-line-or all-lines

Applies the OR operator to all lines in the current ruledef.

Usage Guidelines

When a ruledef is evaluated, if the multi-line-or all-lines command is configured, the logical OR operator is applied to all the rule expressions in the ruledef to decide if the ruledef matches or not. If the multi-line-or all-lines command is not configured, the logical AND operator is applied to all the rule expressions.

The intent of this command is to allow a single ruledef to specify multiple URL expressions. Otherwise, multiple ruledefs need to be created, each with one URL expression. When this CLI command is used, each expression in the ruledef impacts the total number of ruledefs allowed. So from a "maximum number of possible ruledefs" perspective, it makes no difference whether there are N ruledefs with one expression each, or one ruledef with N expressions.

p2p any-match

This command allows you to define rule expressions to match all Peer-to-Peer (P2P) packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] p2p any-match  operator condition

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

= : Equals

`condition`

Specifies the condition to match.

condition must be one of the following:

TRUE : The rule matches any P2P traffic.
FALSE : The rule does not match any P2P traffic.

Usage Guidelines

Use this command to define rule expressions to match all P2P packets.

Example

The following command defines a rule expression to match all P2P packets:

p2p any-match = TRUE

p2p app-identifier

This command allows you to configure application identifiers populated from the plugin and mark the matching flows to a custom-defined protocol (CDP) name.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] p2p app-identifier { quic-sni  operator quic_sni_string | tls-cname  operator tls_cname_string | tls-sni  operator tls_sni_string }

no

If previously configured, deletes the specified configuration from the current ruledef.

quic-sni `operator quic_sni_string`

Specifies the QUIC Server Name Indication (SNI) field value.

operator specifies how to match and must be one of the following:

!= : Does not equal
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

quic_sni_string specifies the QUIC server name and must be an alphanumeric string of 1 through 127 characters.

tls-cname `operator tls_cname_string`

Specifies the common name in the Server Hello message of TLS.

SSL renegotiation is supported for the flows that are marked using "tls-cname" rules. This feature is available only if the plugin is loaded with 20.2 or later builds.

operator specifies how to match and must be one of the following:

!= : Does not equal
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

tls_cname_string specifies the common name and must be an alphanumeric string of 1 through 127 characters.

tls-sni `operator tls_sni_string`

Specifies the TLS/SSL Server Name Indication (SNI) field.

operator specifies how to match and must be one of the following:

!= : Does not equal
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

tls_sni_string specifies the TLS/SSL server name and must be an alphanumeric string of 1 through 127 characters.

Usage Guidelines

Use this command to configure application identifiers populated from the plugin and mark the matching flows to a custom-defined protocol (CDP) name.

The SNI ruledef supports multi-line-or all-lines or default multi-line-and rule lines. The rule lines configured with "!=" operator will not be optimized.

Important

The QUIC SNI Detection feature requires the latest ADC Plugin to be loaded from the adc_v2.x stream along with StarOS changes. The default plugin does not support this feature. Contact your Cisco account representative for more information.

Example

The following command configures the QUIC SNI app-identifier that is set to fb.com :

p2p app-identifier quic-sni = fb.com

p2p behavioral

This command allows you to define rule expressions to match behavioral detection type — P2P, Video, VoIP, Behavioral Upload or Behavioral Download.

Product

ACS, ADC

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] p2p behavioral  operator behavioral_list

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!=: Does not equal
=: Equals

`behavioral_list`

Specifies the behavior to match. The behavioral list is the list of supported behavioral detection logic populated from the currently loaded ADC plugin.

behavioral_list must be one of the following:

download: Detects unknown flows which are data download using behavioral analysis
p2p: Detects P2P/file sharing protocols using behavioral analysis
upload: Detects unknown flows which are data upload using behavioral analysis
video: Detects video flows using behavioral analysis
voip: Detects VoIP (voice and video) protocols using behavioral analysis

Usage Guidelines

Use this command to define rule expressions to detect behavioral protocols. Behavioral P2P and behavioral VoIP are meant for zero day detection of P2P/file sharing protocols and VoIP traffic respectively. Behavioral upload/download is similar to client-server upload/download using HTTP, FTP, SFTP, etc. It must also detect flows of non-standard ports which ECS cannot detect and falls under the client-server model. This feature is disabled by default and meant only for statistical purposes (not for charging purposes). For detection purposes use the p2p-detection behavioral command in the ACS Configuration Mode.

Example

The following command specifies to configure behavioral VoIP:

p2p behavioral = voip

p2p protocol

This command allows you to define rule expressions to match P2P protocol. This command must be used for charging purposes. It must not be used for detection purposes.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] p2p protocol  operator protocol

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be = (equals).

`protocol`

Specifies the protocol to match.

protocol must be one of the following:

120Sports
8tracks
abcnetworks
abscbn
accuradio
actionvoip
actsync
adobeconnect
aenetworks
aimini
amazoncloud
amazonmusic
amazonvideo
android_messages
antsp2p
anyconnect
apple-push
apple-store
applejuice
applemaps
ares
armagettron
avi
badoo
baeblemusic
baidumovie
battlefld
bbm
beatport
betternet
bitcasa
bittorrent
bittorrent-sync
blackberry-store
blackberry
blackdialer
blackplanet-radio
box
btn
callofduty
cbssports
chikka
cisco-jabber
citrix
clubbox
clubpenguin
comodounite
crackle
crossfire
crunchyroll
curiosity-stream
cyberghost
danzwave
dashradio
ddlink
deezer
didi
directconnect
directv
discord
disneymovies
dish-anywhere
dns-tunneling
dofus
dramafever
dropbox
ebuddy
edonkey
epix
eros
espn
expressvpn
facebook

facetime

Important

The facetime protocol is available only in 9.0 and in 11.0 and later releases.

fandor
fasttrack
feidian
ficall
fiesta
filetopia
filmontv
fitradio
flash
flickr
flixea
florensia
foursquare
fox-business
fox-news
fox-now
fox-sports
foxsportsgo
freenet
friendster
fring
fubotv
funshion
fxnow
gaana
gadugadu

gamekit

Important

The gamekit protocol is available only in 9.0 and in 11.0 and later releases.

gmail
gnutella
go90
goober
google-music
google-push
google
googleplay
googleplus
gotomeeting
gtalk
guildwars
halflife2
hamachivpn
hayu
hbogo
hbonow
hbonordic
heytell
hgtv
hike-messenger
hls
hotspotvpn
http
hulu
hyves
iax
icall
icecast
icloud
idrive
igo
iheartradio
imesh
imessage
imgur
imo
implus
instagram
iplayer
iptv
irc
isakmp
iskoot
itunes
jabber
jap
jumblo
kakaotalk
kidoodle
kik-messenger
kiswe
klowdtv
kontiki
kugoo
kuro
linkedin
livestream
lync
magicjack
manolito
mapfactor
mapi
maplestory
meebo
meetic
mega
mgcp
mig33
mlb
mojo
monkey3
mozy
msn
msrp
mute
mypeople
myspace
nateontalk
natgeotv
naverline
navigon
nbc-sports
nbc-tv
netflix
netmotion
newsy
nick
nimbuzz
nokia-store
nrktv
octoshape
odkmedia
odnoklassniki
off
ogg
oist
oovoo
opendrive
openft
openvpn
operamini
orb
oscar
outlook
paltalk
pando
pandora
path
pbs
pcanywhere
periscope
pinterest
playstation
plingm
poco
pokemon-go
popo
pplive
ppstream
ps3
qello_concerts
qq
qqgame
qqlive
quake
quic
quicktime
radio-paradise
rdp
rdt
redbulltv
regram
rfactor
rhapsody
rmstream
reddit
rodi
rynga
samsung-store
scydo
secondlife
shalomworld
shoutcast
showtime
silverlight
siri
skinny
skydrive
skype
slacker-radio
slingbox
slingtv
smartvoip
smashcast
smule
snapchat
softether
sopcast
soribada
soulseek
soundcloud
subsplash
spark
spdy
speedtest
splashfighter
spotify
ssdp
ssl
starz
stealthnet
steam
stun
sudaphone
svtplay
tagged
talkatone
tango
taxify
teamspeak
teamviewer
telegram
thunder
tidal
tinder
tmo-tv
tor
truecaller
truphone
tumblr
tunein-radio
tunnelvoice
turbovpn
tvants
tvland
tvuplayer
tv2sumo
twitter
twitch
ultrabac
ultrasurf
univision
ufc
upc-phone
usenet
ustream
uusee
vchat
veohtv
vessel
vevo
viber
viki
vimeo
vine
voipdiscount
vopium
voxer
vpnmaster
vpnx
vtok
vtun
vudu
warcft3
waze
webex
wechat
weibo
whatsapp
wii
windows-azure
windows-store
winmx
winny
willow
wmstream
wofkungfu
wofwarcraft
wuala
wwe
xbox
xdcc
xfinity
xing
yahoo
yahoomail
yiptv
yogafree
youku
yourfreetunnel
youtube
zattoo
zello

Usage Guidelines

Use this command to define rule expressions to detect P2P protocols for charging purposes. For detection purposes use the p2p-detection protocol command in the ACS Configuration Mode.

Example

The following command specifies to detect orb protocol for charging purposes:

p2p protocol = orb

p2p protocol-group

This command allows you to define rule expressions to match ADC application/protocol group.

Product

ACS, ADC

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] p2p protocol-group  operator group_list

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!=: Does not equal
=: Equals

`group_list`

Specifies the ADC application/protocol group to match.

group_list must be one of the following:

anonymous-access: Anonymous internet access protocols mainly used for illegal purposes.
business: Applications/Protocols used for business purposes.
communicator: Applications/Protocols used mainly for messaging which includes IM, IM based file transfer, VoIP or video chats.
cloud: Applications/Protocols for cloud service.
e-mail: Applications/Protocols used for electronic mail.
e-news: Applications/Protocols used for internet news and magazine reading.
e-store: Applications/Protocols used for electronic stores.
internet-privacy: Applications/Protocols used for file transfers.
filesharing: Applications/Protocols used for gaming.
gaming: Standard protocols used in internet.
p2p-filesharing: Applications/Protocols used for creating a virtual network over internet mainly for business purposes.
p2p-anon-filesharing: Peer to Peer application/protocols used for anonymous filesharing.
remote-control: Peer to Peer application/protocols used for filesharing.
social-nw-game: Application/Protocols used for remote management.
social-nw-generic: Application/Protocols used for social networking games.
social-nw-videoconf: Application/Protocols used for social networking.
standard: Application/Protocols used for social network video conference.
streaming: Application/Protocols used for streaming audio and video.
untagged: Default group for protocols not otherwise classified.

Usage Guidelines

Use this command to define rule expressions to match ADC protocol group. The list of P2P applications/protocols is populated from the currently loaded P2P plugin.

Example

The following command specifies to detect the gaming protocol group:

p2p protocol-group = gaming

p2p set-app-proto

This command allows you to configure the custom-defined protocol (CDP) name.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] p2p set-app-proto  cdp_name_string

no

If previously configured, deletes the specified configuration from the current ruledef.

`cdp_name_string`

Specifies the name of the custom defined protocol (CDP) for TLS/SSL flows, QUIC flows or any app-identifier matching the ruledef. cdp_name_string must be an alphanumeric string of 1 through 19 characters.

Usage Guidelines

Use this command to set the CDP name. If the flow/packet matches the rule, the CDP name specified in the ruledef will be taken and the flow will be marked as CDP. If no CDP is configured in the rule, then the flow will be treated as TLS/SSL or QUIC flow.

Important

The QUIC SNI Detection feature requires the latest ADC Plugin to be loaded from the adc_v2.x stream along with StarOS changes. The default plugin does not support this feature. Contact your Cisco account representative for more information.

Example

The following command configures the custom-defined application protocol name set to facebook :

p2p set-app-proto facebook

p2p traffic-type

This command allows you to define rule expressions to match the traffic type.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] p2p traffic-type  operator traffic_type

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`traffic_type`

Specifies the traffic type to match.

In 11.0 and later releases, traffic_type must be one of the following:

ads
audio
file-transfer
im
streaming-video
unclassified
video
voipout

In 10.0 and earlier releases, the supported traffic_type was voice .

Usage Guidelines

Use this command to configure the system to detect voice or non-voice P2P traffic. When the detection of a protocol is enabled then the detection of sub-type is enabled by default.

Example

The following command configures the system to detect video traffic:

p2p traffic-type = video

pop3 any-match

This command allows you to define rule expressions to match all Post Office Protocol 3 (POP3) packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] pop3 any-match  operator condition

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`condition`

Specifies the condition to match.

condition must be one of the following:

FALSE
TRUE

Usage Guidelines

Use this command to define rule expressions to match all POP3 packets.

Example

The following command defines a rule expression to match all POP3 packets:

pop3 any-match = TRUE

pop3 command args

This command allows you to define rule expressions to match POP3 command arguments.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] pop3 command args [ case-sensitive ]  operator argument

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`argument`

Specifies the command argument to match.

argument must be an alphanumeric string of 1 through 40 characters, and may contain punctuation characters.

Usage Guidelines

Use this command to define rule expressions to match POP3 command argument.

Example

The following command defines a rule expression to match POP3 command argument test :

pop3 command args = test

pop3 command id

This command allows you to define rule expressions to match POP3 command ID.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] pop3 command id  operator command_id

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`command_id`

Specifies the command ID to match.

command_id must be an integer from 1 through 12.

Usage Guidelines

Use this command to define rule expressions to match a POP3 command ID.

Example

The following command defines a rule expression to match POP3 command ID 8 :

pop3 command id = 8

pop3 command name

This command allows you to define rule expressions to match command sent within a POP3 packet.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] pop3 command name  operator command_name

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`command_name`

Specifies the command name to match.

command_name must be one of the following:

apop
dele
list
noop
pass
quit
retr
reset
stat
top
uidl
user

Usage Guidelines

Use this command to define rule expressions to match commands sent within POP3 packets.

Example

The following command defines a rule expression to match the list command sent in POP3 packets:

pop3 command name = list

pop3 mail-size

This command allows you to define rule expressions to match POP3 mail size.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] pop3 mail-size {  operator mail_size | { range | !range  }  range_from to  range_to }

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

{ range | !range } `range_from` to `range_to`

Enables or disables the range criteria.

range : Enables the range criteria.
!range : Disables the range criteria.
range_from : Specifies start of the range.

range_from must be an integer from 1 through 4000000000.
range_to : Specifies the end range.

range_to must be an integer from 1 through 4000000000, and must be greater than range_from .

`mail_size`

Specifies the mail size to match.

mail_size must be an integer from 1 through 4000000000.

Usage Guidelines

Use this command to define rule expressions to match POP3 mail size.

Example

The following command defines a rule expression to match POP3 mail size of 40000 :

pop3 mail-size = 40000

pop3 pdu-length

This command allows you to define rule expressions to match the Protocol Data Unit (PDU) length of POP3 packets equal to the POP3 header plus POP3 payload.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] pop3 pdu-length {  operator pdu_length | { { range | !range }  range_from to  range_to } }

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

{ range | !range } `range_from` to `range_to`

Enables or disables the range criteria.

range : Enables the range criteria.
!range : Disables the range criteria.
range_from : Specifies the start of range as an integer from 0 through 65535.
range_to : Specifies the end range. range_to must be an integer from 0 through 65535, and must be greater than range_from .

`pdu_length`

Specifies the POP3 PDU length to match.

pdu_length must be an integer from 0 through 65535.

Usage Guidelines

Use this command to define rule expressions to match POP3 PDU length (header + payload) in bytes.

Example

The following command defines a rule expression to match PDU length of 1000 bytes:

pop3 pdu-length = 1000

pop3 pdu-type

This command allows you to define rule expressions to match POP3 Protocol Data Unit (PDU) type.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] pop3 pdu-type  operator pdu_type

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`pdu_type`

Specifies the POP3 PDU type to match.

pdu_type must be one of the following:

command-packet
data-packet
relay-packet

Usage Guidelines

Use this command to define rule expressions to match POP3 PDU type.

Example

The following command defines a rule expression to match POP3 PDU type relay-packet :

pop3 pdu-type = relay-packet

pop3 previous-state

This command allows you to define rule expressions to match the previous state of POP3 sessions.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] pop3 previous-state  operator pop3_previous_state

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`pop3_previous_state`

Specifies the previous state to match.

pop3_previous_state must be one of the following:

connected : Connected state
data transaction : Data transaction state
init : Initialized state
reply-error : Reply error state
reply-ok : Response ok state
waiting-for-reply : Waiting for reply state

Usage Guidelines

Use this command to define rule expressions to match a POP3 previous state.

Example

The following command defines a rule expression to match user traffic for a POP3 previous state of connected :

pop3 previous-state = connected

pop3 reply args

This command allows you to define rule expressions to match specified arguments with POP3 reply.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] pop3 reply args [ case-sensitive ]  operator argument

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`argument`

Specifies the reply argument to match.

In 11.0 and earlier releases, argument must be an alphanumeric string of 1 through 512 characters, and may contain punctuation characters.

In 12.0 and later releases, argument must be an alphanumeric string of 1 through 127 characters, and may contain punctuation characters.

Usage Guidelines

Use this command to define rule expressions to match specified arguments within a POP3 reply.

Example

The following command defines a rule expression to match the argument test with POP3 replies:

pop3 reply args = test

pop3 reply id

This command allows you to define rule expressions to match POP3 reply ID.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] pop3 reply id  operator reply_id

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`reply_id`

Specifies the POP3 reply ID to match.

reply_id must be one of the following:

0 : Unknown reply
1 : +OK
2 : -Error

Usage Guidelines

Use this command to define rule expressions to match POP3 reply ID.

Example

The following command defines a rule expression to match POP3 reply ID of 2 :

pop3 reply id = 2

pop3 reply status

This command allows you to define rule expressions to match POP3 reply status.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] pop3 reply status  operator reply_status

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`reply_status`

Specifies the reply status to match.

reply_status must be one of the following:

+OK : Reply OK
-ERR : Reply error

Usage Guidelines

Use this command to define rule expressions to match POP3 reply status.

Example

The following command defines a rule expression to match POP3 reply status +OK :

pop3 reply status = +OK

pop3 session-length

This command allows you to define rule expressions to match POP3 session-length.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] pop3 session-length {  operator session_length | { range | !range }  range_from to  range_to }

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`session_length`

Specifies the POP3 session length to match.

session_length must be an integer from 1 through 4000000000.

{ range | !range } `range_from` to `range_to`

Enables or disables the range criteria for PoP3 session length.

range : Enables the range criteria for POP3 session length.
!range : Disables the range criteria for POP3 session length.
range_from : Specifies the start of range of POP3 session as an integer from 1 through 4000000000, but less than or equal to range_to .
range_to : Specifies the end of range of POP3 session as an integer from 1 through 4000000000, but greater than or equal to range_from .

Usage Guidelines

Use this command to define rule expressions to match the total length of POP3 sessions.

Example

The following command defines a rule expression to match a POP3 session length of 40000 :

pop3 session-length = 40000

pop3 state

This command allows you to define rule expressions to match the current state of POP3 sessions.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] pop3 state  operator current_state

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`current_state`

Specifies the current state to match.

current_state must be one of the following:

close
connected
data-transaction
reply-error
reply-ok
waiting-for-reply

Usage Guidelines

Use this command to define rule expressions to match the current state of POP3 sessions.

Example

The following command defines a rule expression to match the POP3 current state close :

pop3 state = close

pop3 user-name

This command allows you to define rule expressions to match POP3 user name.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] pop3 user-name [ case-sensitive ]  operator user_name

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`user_name`

Specifies the POP3 user name to match.

user_name must be an alphanumeric string of 1 through 64 characters, and may contain punctuation characters and space.

Usage Guidelines

Use this command to define rule expressions to match POP3 user name.

Example

The following command defines a rule expression to match POP3 user name test :

pop3 user-name = test

pptp any-match

This command allows you to defines a rule expression to match all Point-to-Point Tunneling Protocol (PPTP) packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] pptp any-match  operator condition

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`condition`

Specifies the condition to match.

condition must be one of the following:

FALSE
TRUE

Usage Guidelines

Use this command to specify a ruledef to analyze user traffic based on the PPTP any match status.

Example

The following command creates a PPTP ruledef for analyzing user traffic using a PPTP any match status of FALSE :

pptp any-match = FALSE

pptp ctrl-msg-type

This command allows you to define rule expressions to match control message type in PPTP packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] pptp ctrl-msg-type =  message_type

no

If previously configured, deletes the specified rule expression from the current ruledef.

`message_type`

message_type must be one of the following:

call-clear-request
call-disconnect-notify
echo-reply
echo-request
incoming-call-connected
incoming-call-reply
incoming-call-request
outgoing-call-reply
outgoing-call-request
set-link-info
start-control-connection-reply
start-control-connection-request
stop-control-connection-reply
stop-control-connection-request
wan-error-notify

Usage Guidelines

Use this command to define rule expressions to match the control message type in PPTP packets.

Example

The following command specifies to match echo-reply message type:

pptp ctrl-msg-type = echo-reply

pptp gre any-match

This command allows you to define rule expressions to match all PPTP Generic Routing Encapsulation (GRE) packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] pptp gre any-match =  condition

no

If previously configured, deletes the specified rule expression from the current ruledef.

`condition`

condition must be one of the following:

FALSE
TRUE

Usage Guidelines

Use this command to define rule expressions to match all PPTP GRE packets.

Example

The following command defines a rule expression to match all PPTP GRE packets:

pptp gre any-match = TRUE

radius any-match

This command allows you to define rule expressions to match all RADIUS packets.

Product

GGSN

PDSN

PGW

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] radius any-match  operator condition

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`condition`

Specifies the condition to match.

condition must be one of the following:

FALSE
TRUE

Usage Guidelines

Use this command to define an any-match rule expression to match all RADIUS packets.

Example

The following command defines an any-match rule expression to match all RADIUS packets:

radius any-match = TRUE

radius error

This command allows you to define rule expressions to match for errors in RADIUS packets and errors in the RADIUS analyzer.

Product

GGSN

PDSN

P-GW

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] radius error  operator condition

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`condition`

Specifies the condition to match.

condition must be one of the following:

FALSE
TRUE

Usage Guidelines

Use this command to define rule expressions to match for errors in RADIUS packets and other errors in RADIUS analyzer.

Example

The following command defines a rule expression to match user traffic based on RADIUS error status of TRUE :

radius error = TRUE

radius state

This command allows you to define rule expressions to match the current state of an RADIUS session.

Product

GGSN

PDSN

P-GW

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] radius state  operator radius_state

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`radius_state`

Specifies the RADIUS state to match.

radius_state must be one of the following:

auth-req-rcvd : Analyzer received the Access-Request message from the client.
auth-rsp-fail : Analyzer received the Access-reject message from the server.
auth-rsp-success : Analyzer received the Access-Accept message from the server as a reply to Access-request.

Usage Guidelines

Use this command to define rule expressions to match the current state of an RADIUS session.

Example

The following command defines a rule expression to match RADIUS current state close :

radius state = close

rtcp any-match

This command allows you to define rule expressions to match all Real-Time Transport Control Protocol (RTCP) packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] rtcp any-match  operator condition

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`condition`

Specifies the condition to match.

condition must be one of the following:

TRUE : The rule matches any RTCP traffic.
FALSE : The rule does not match any RTCP traffic.

Usage Guidelines

Use this command to define rule expressions to match all RTCP packets.

Example

The following command defines a rule expression to match all RTCP packets:

rtcp any-match = TRUE

rtcp jitter

This command allows you to define rule expressions to match the jitter parameter in RTCP packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] rtcp jitter  operator jitter

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`jitter`

Specifies the RTCP inter-arrival jitter value (in milliseconds) to match.

jitter must be an integer from 0 through 4294967295.

Usage Guidelines

Use this command to define rule expressions to match jitter parameter found in the RTCP sender report or receiver report packets.

Example

The following command matches packets for jitter greater than or equal to 1295 milliseconds:

rtcp jitter >= 1295

rtcp parent-proto

This command allows you to define rule expressions to match the parent protocol of the RTCP flow.

Important

This command is available only in 8.1 and 9.0 and later releases.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] rtcp parent-proto  operator parent_protocol

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`parent_protocol`

Specifies the RTCP parent protocol to match.

parent_protocol must be one of the following:

rtsp : Real Time Streaming Protocol
sip : Session Initiation Protocol

Usage Guidelines

Use this command to define rule expressions to match user traffic based on the parent protocol of the RTCP flow.

Example

The following command defines a rule expression to match user traffic based on SIP being the parent protocol of the RTCP flow:

rtcp parent-proto = sip

rtcp pdu-length

This command allows you to define rule expressions to match Protocol Data Unit (PDU) length of RTCP packets, (RTCP header + RTCP payload).

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] rtcp pdu-length  operator pdu_length

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`pdu_length`

Specifies the RTCP length (in bytes) to match.

In 8.1 and later releases, pdu_length must be an integer from 1 through 65535.

In 8.0, pdu_length must be an integer from 1 through 2000.

Usage Guidelines

Use this command to define rule expressions to match RTCP PDU length (header + payload) in bytes.

Example

The following command defines a rule expression to match user traffic based on an RTCP PDU length of 10000 bytes:

rtcp pdu-length = 10000

rtcp rtsp-id

This command allows you to define rule expressions to match user traffic based on a Real-time Streaming Protocol (RTSP) ID associated with an RTCP flow.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] rtcp rtsp-id [ case-sensitive ]  operator rtsp_id

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`rtsp_id`

Specifies the value to match.

rtsp_id must be an alphanumeric string of 1 through 32 characters.

Usage Guidelines

Use this command to define rule expressions to match an RTSP ID associated with an RTCP flow.

Example

The following command defines a rule expression to match user traffic containing RTSP message ID of test1 :

rtcp rtsp-id contains test1

rtcp session-length

This command allows you to define rule expressions to match the total length of RTCP sessions.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] rtcp session-length  operator session_length

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`session_length`

Specifies the RTCP total session length (in bytes) to match.

In 8.1 and later releases, session_length must be an integer from 1 through 4000000000.

In 8.0, session_length must be an integer from 1 through 40000000.

Usage Guidelines

Use this command to define rule expressions to match RTCP total session length.

Example

The following command defines a rule expression to match user traffic for a total RTCP session length of 200000 :

rtcp session-length = 200000

rtcp uri

This command allows you to define rule expressions to match URI associated with RTCP flows.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] rtcp uri [ case-sensitive ]  operator uri

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`uri`

Specifies the URI to match.

uri must be an alphanumeric string of 1 through 127 characters and may include punctuation characters.

Usage Guidelines

Use this command to define rule expressions to match URI associated with RTCP flow.

Example

The following command defines a rule expression to match user traffic for RTCP URI rtsp://www.example.org :

rtcp uri = rtsp://www.example.org

rtp any-match

This command allows you to define rule expressions to match all Real-time Transport Protocol (RTP) packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] rtp any-match  operator condition

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`condition`

Specifies the condition to match.

condition must be one of the following:

FALSE
TRUE

Usage Guidelines

Use this command to define rule expressions to match all RTP packets.

Example

The following command defines a rule expression to match all RTP packets:

rtp any-match = TRUE

rtp parent-proto

This command allows you to define rule expressions to match the parent protocol of the RTP flow.

Important

This command is available only in 8.1 and in 9.0 and later releases.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] rtp parent-proto  operator parent_protocol

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`parent_protocol`

Specifies the RTP parent protocol to match.

parent_protocol must be one of the following:

rtsp : Real Time Streaming Protocol
sip : Session Initiation Protocol

Usage Guidelines

Use this command to define rule expressions to match user traffic based on the parent protocol of the RTP flow.

Example

The following command defines a rule expression to match user traffic with parent protocol of the RTP flow being SIP:

rtp parent-proto = sip

rtp pdu-length

This command allows you to define rule expressions to match PDU length of RTP packets, equal to the RTP header + RTP payload.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] rtp pdu-length  operator pdu_length

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`pdu_length`

Specifies the RTP PDU length (in bytes) to match.

In 8.1 and later releases, pdu_length must be an integer from 1 through 65535.

In 8.0, pdu_length must be an integer from 1 through 2000.

Usage Guidelines

Use this command to define rule expressions to match PDU length (header + payload) of RTP packets in bytes.

Example

The following command defines a rule expression to match an RTP PDU length of 1000 bytes:

rtp pdu-length = 1000

rtp rtsp-id

This command allows you to define rule expressions to match RTSP ID associated with RTP flows.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] rtp rtsp-id [ case-sensitive ]  operator rtsp_id

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`rtsp_id`

Specifies the RTSP ID to match.

rtsp_id must be an alphanumeric string of 1 through 32 characters.

Usage Guidelines

Use this command to define rule expressions to match RTSP ID associated with RTP flows.

Example

The following command defines a rule expression to match RTSP message ID of test1 :

rtp rtsp-id contains test1

rtp session-length

This command allows you to define rule expressions to match the total length of RTP sessions.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] rtp session-length  operator session_length

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`session_length`

Specifies the RTP total session length (in bytes) to match.

In 8.1 and later releases, session_length must be an integer from 1 through 4000000000.

In release 8.0, session_length must be an integer from 1 through 40000000.

Usage Guidelines

Use this command to define rule expressions to match the RTP total session length. The session-length is calculated by adding together the "rtp pdu-length" values of all relevant packets.

Example

The following command defines a rule expression to match a total RTP session length of 200000 :

rtp session-length = 200000

rtp uri

This command allows you to define rule expressions to match the media URI associated with RTP flows.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] rtp uri [ case-sensitive ]  operator uri

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`uri`

Specifies the RTP URI to match.

uri must be an alphanumeric string of 1 through 127 characters. uri allows punctuation characters and excludes the "host" portion.

Usage Guidelines

Use this command to define rule expressions to match media URI associated with RTP flow.

Example

The following command defines a rule expression to match the RTP URI string rtsp://www.example.org :

rtp uri = rtsp://www.example.org

rtsp any-match

This command allows you to define rule expressions to match all Real Time Streaming Protocol (RTSP) packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] rtsp any-match  operator condition

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`condition`

Specifies the condition to match.

condition must be one of the following:

FALSE
TRUE

Usage Guidelines

Use this command to define rule expressions to match all RTSP packets.

Example

The following command defines a rule expression to match all RTSP packets:

rtsp any-match = TRUE

rtsp content length

This command allows you to define rule expressions to match the content length field in RTSP header.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] rtsp content length  operator content_length

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`content_length`

Specifies the content length (in bytes) to match.

content_length must be an integer from 0 through 65535.

Usage Guidelines

Use this command to define rule expressions to match "content length" field in RTSP headers.

Example

The following command defines a rule expression to match content length of 10000 in RTSP headers:

rtsp content length = 10000

rtsp content type

This command allows you to define rule expressions to match the content type field in RTSP headers.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] rtsp content type [ case-sensitive ]  operator content_type

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`content_type`

Specifies the content type to match.

content_type must be an alphanumeric string of 1 through 127 characters, and may contain punctuation characters.

Usage Guidelines

Use this command to define rule expressions to match "content type" field in RTSP headers.

Example

The following command defines a rule expression to match RTSP content type abc100 :

rtsp content type = abc100

rtsp date

This command allows you to define rule expressions to match the date field in the RTSP message headers.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] rtsp date [ case-sensitive ]  operator date

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`date`

Specifies the date in RTSP header to match.

date must be an alphanumeric string of 1 through 127 characters, and may contain punctuation characters.

Usage Guidelines

Use this command to define rule expressions to match the "date" field in the RTSP message headers.

Example

The following command defines a rule expression to match the date 12_04_2006 in RTSP message headers:

rtsp date = 12_04_2006

rtsp previous-state

This command allows you to define rule expressions to match the previous state of RTSP sessions.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] rtsp previous-state  operator rtsp_previous_state

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`rtsp_previous_state`

Specifies the previous state to match.

rtsp_previous_state must be one of the following:

init
open
play
ready
record

Usage Guidelines

Use this command to define rule expressions to match the previous state of RTSP sessions.

Example

The following command defines a rule expression to match RTSP previous state ready :

rtsp previous-state = ready

rtsp reply code

This command allows you to define rule expressions to match the return code in RTSP responses.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] rtsp reply code  operator reply_code

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`reply_code`

Specifies the RTSP reply code to match.

reply_code must be an integer from 100 through 599.

Usage Guidelines

Use this command to define rule expressions to match the return code in RTSP response.

Example

The following command defines a rule expression to match RTSP return code 302 :

rtsp reply code = 302

rtsp request method

This command allows you to define rule expressions to match the method in RTSP responses.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] rtsp request method  operator request_method

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`request_method`

Specifies the RTSP request method to match.

request_method must be one of the following requests:

announce
describe
get-parameter
options
pause
play
record
redirect
set-parameter
setup
teardown

Usage Guidelines

Use this command to define rule expressions to match the method in RTSP responses.

Example

The following command defines a rule expression to match RTSP request method announce :

rtsp request method = announce

rtsp request packet

This command allows you to define rule expressions to match all RTSP request messages.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] rtsp request packet  operator condition

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`condition`

Specifies the condition to match.

condition must be one of the following:

TRUE : Is request
FALSE : Is response

Usage Guidelines

Use this command to define rule expressions to match all RTSP request messages.

Example

The following command defines a rule expression to match all RTSP request messages:

rtsp request packet = TRUE

rtsp rtp-seq

This command allows you to define rule expressions to match the "seq" field in the RTP-Info header of RTSP responses.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] rtsp rtp-seq  operator sequence_number

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`sequence_number`

Specifies the sequence number in the RTSP RTP-Info field to match.

sequence_number must be an alphanumeric string of 0 through 65535 characters in Normal Play Time (NPT) time format.

Usage Guidelines

Use this command to define rule expressions to match user traffic matching the "seq" field in the RTP-Info header of RTSP response for a PLAY request.

Example

The following command defines a rule expression to match user traffic based on RTP-seq number npt-12:34:59 :

rtsp rtp-seq = npt-12:34:59

rtsp rtp-time

This command allows you to define rule expressions to match the "time" field in RTP-Info header of RTSP responses.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] rtsp rtp-time  operator time

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`time`

Specifies the time to match.

time must be an alphanumeric string of 1 through 2147483647 characters in Normal Play Time (NPT) time format.

Usage Guidelines

Use this command to define rule expressions to match the "time" field in the RTP-Info header of RTSP response for a PLAY request.

Example

The following command defines a rule expression to match RTP timestamp of 20120123T153600Z :

rtsp rtp-time = 20120123T153600Z

rtsp rtp-uri

This command allows you to define rule expressions to match the URI field in the RTP-Info header of RTSP responses.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] rtsp rtp-uri [ case-sensitive ]  operator uri

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`uri`

Specifies the value to match with the URI in RTP-Info header of the RTSP message.

uri must be an alphanumeric string of 1 through 127 characters. uri allows punctuation characters and excludes the "host" portion.

Usage Guidelines

Use this command to define rule expressions to match the URI field in the RTP-Info header of the RTSP response for a PLAY request.

Example

The following command defines a rule expression to match user traffic based on RTP-URI string rtsp://www.foo.com in the RTP-info header of RTSP packet:

rtsp rtp-uri = rtsp://www.foo.com

rtsp session-id

This command allows you to define rule expressions to match the session ID in RTSP messages.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] rtsp session-id [ case-sensitive ]  operator session_id

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`session_id`

Specifies the session ID to match.

session_id must be an alphanumeric string of 1 through 127 characters.

Usage Guidelines

Use this command to define rule expressions to match the session ID in RTSP messages.

Example

The following command defines a rule expression to match the RTSP session ID 0123abc100 :

rtsp session-id = 0123abc100

rtsp session-length

This command allows you to define rule expressions to match the total length of RTSP sessions.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] rtsp session-length  operator session_length

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`session_length`

Specifies the RTSP session length (in bytes) to match.

session_length must be an integer from 1 through 40000000.

Usage Guidelines

Use this command to define rule expressions to match the total length of RTSP sessions. That is, the sum of the "rtsp pdu-length" values of all relevant packets.

Example

The following command defines a rule expression to match RTSP session length of 3000000 bytes:

rtsp session-length = 3000000

rtsp state

This command allows you to define rule expressions to match the current state of RTSP sessions.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] rtsp state  operator current_state

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`current_state`

Specifies the current state to match.

current_state must be one of the following:

end
init
open
play
ready
record

Usage Guidelines

Use this command to define rule expressions to match the current state of RTSP sessions.

Example

The following command defines a rule expression to match RTSP current state init :

rtsp state = init

rtsp uri

This command allows you to define rule expressions to match URI in RTSP request message.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] rtsp uri [ case-sensitive ]  operator uri

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
regex : Regular expression
starts-with : Starts with

`uri`

Specifies the URI to match.

uri must be an alphanumeric string of 1 through 127 characters. uri allows punctuation characters and excludes the "host" portion.

Usage Guidelines

Use this command to define rule expressions to match URI in RTSP request.

The following table lists the special characters that you can use in regex rule expressions. For more information on regex support, refer to the Enhanced Charging Service Administration Guide.

Table 5. Special Characters Supported in Regex Rule Expressions

Regex Character

Description

*

Zero or more characters

+

Zero or more repeated instances of the token preceding the +

?

Match zero or one character

Important

The CLI does not support configuring "?" directly, you must instead use "\077".

For example, if you want to match the string "xyz<any one character>pqr", you must configure it as:

http host regex "xyz\077pqr"

In another example, if you want to exactly match the string "url?resource=abc", you must configure it as:

http uri regex "url\\077resource=abc"

Where, the first "\" (backslash) is for the escaping of "?", and then "\077" for specifying "?" to the CLI.

\character

Escaped character

\?

Match the question mark (\<ctrl-v>?) character

\+

Match the plus character

\*

Match the asterisk character

\a

Match the Alert (ASCII 7) character

\b

Match the Backspace (ASCII 8) character

\f

Match the Form-feed (ASCII 12) character

\n

Match the New line (ASCII 10) character

\r

Match the Carriage return (ASCII 13) character

\t

Match the Tab (ASCII 9) character

\v

Match the Vertical tab (ASCII 11) character

\0

Match the Null (ASCII 0) character

\\

Match the backslash character

Bracketed range [0-9]

Match any single character from the range

A leading ^ in a range

Do not match any in the range. All other characters represent themselves.

.\x##

Any ASCII character as specified in two-digit hex notation.

For example, \x5A yields a "Z".

|

Specify OR regular expression operator

Important

When using the regex operator "|" in regex expressions, always wrap the string in double quotes.

For example, if you want to match the string "pqr" OR "xyz", you must configure it as:

http host regex "pqr|xyz" .

Example

The following command defines a rule expression to match user traffic based on RTSP URI rtsp://www.example.com:554/twister/audiotrack :

rtsp uri = rtsp://www.example.com:554/twister/audiotrack

The following command defines a regex rule expression to match either of the following or similar values in the RTSP URI string: rtsp://pvs29p.cvf.fr:554/t1/live/Oui17, rtsp://pvs00p.cvf.fr:554/t1/live/Nrj12, rtsp://pvs90p.cvf.fr:554/t1/live/France24_fr.

rtsp uri regex "rtsp://pvs([0-9][0-9])p.cvf.fr:554/t1/live/(Gulli|Tf1|Tmc|Nrj12|Star|France24_fr|Oui17)*"

rtsp uri sub-part

This command allows you to define rule expressions to match user traffic by parsing sub-parts of the URI in an RTSP request message.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] rtsp uri sub-part { { absolute-path | host | query } [ case-sensitive ]  operator string | port {  port_operator port_value | { range | !range }  range_from to  range_to } }

no

If previously configured, deletes the specified rule expression from the current ruledef.

absolute-path

Specifies the absolute path matching criteria to RTSP URI in an RTSP request message.

host

Specifies the host name matching criteria to RTSP URI in an RTSP request message.

query

Specifies the query string matching criteria to RTSP URI in an RTSP request message.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`string`

Specifies the absolute path/host name or query string to match with the URI in RTSP header.

string must be an alphanumeric string of 1 through 127 characters. string allows punctuation characters and excludes the "host" portion.

port

Specifies the port related matching for RTSP URI in an RTSP request message.

`port_operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`port_value`

Specifies the RTSP port number to match with port rule in the RTSP flow as an integer from 0 through 65535.

{ range | !range } `range_from` to `range_to` }

Enables or disables the range criteria for RTSP flow ports.

range : Enables the range criteria for RTSP flow ports.
!range : Disables the range criteria for RTSP flow ports.
range_from : Specifies the start of range of RTSP flow ports as an integer from 0 through 65535, but less than or equal to range_to .
range_to : Specifies the end of range of RTSP flow ports as an integer from 0 through 65535, but more than or equal to range_from .

Usage Guidelines

Use this command to define rule expressions to match URI sub parts like host, absolute path, port, and query in RTSP request messages.

Example

The following command defines a URI sub part rule expression to analyze user traffic based on an RTSP URI port number between 1023 and 1068 :

rtsp uri sub-part port range 1023 to 1068

rtsp user-agent

This command allows you to define rule expressions to match the user-agent field in RTSP headers.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] rtsp user-agent [ case-sensitive ]  operator user_agent

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`user_agent`

Specifies the user agent to match.

user_agent must be an alphanumeric string of 1 through 127 characters.

Usage Guidelines

Use this command to define rule expressions to match the "user-agent" field in RTSP header.

Example

The following command defines a rule expression to match test in "user-agent" field of RTSP header:

rtsp user-agent = test

rtsp-stream any-match

This command allows you to define rule expressions to match all user traffic of type RTSP, RTCP, and RTP to achieve an unified charging for RTSP correlated flows.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] rtsp-stream any-match  operator condition

no

If previously configured, deletes the rtsp-stream any match rule definition.

operator

Specifies how to logically match the information in the analyzed field.

operator must be one of the following:

!= : Does not equal
= : Equals

condition

Specifies the condition to match.

condition must be one of the following:

FALSE
TRUE

Usage Guidelines

Use this command to specify a rule definition to analyze all RTSP, RTCP, and RTP traffic.

Example

The following command defines a rule expression to match all RTSP, RTCP, and RTP user traffic:

rtsp-stream any-match = TRUE

rtsp-stream first-setup-url

This command allows you to define rule expressions to match user traffic of type RTSP, RTCP, and RTP on the first setup URL of the parent RTSP flow to achieve an unified charging for RTSP correlated flows.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] rtsp-stream first-setup-url [ case-sensitive ]  operator url

no

If previously configured, deletes the rtsp-stream any match rule definition.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to logically match the information in the analyzed field.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : contains
ends-with : Ends with
regex : Regular expression
starts-with : Starts with

`url`

Specifies the URL to match.

url must be an alphanumeric string of 1 through 127 characters.

Usage Guidelines

Use this command to specify a rule definition to analyze RTSP, RTCP, and RTP traffic based on the first setup URL of the parent RTSP flow.

The following table lists the special characters that you can use in regex rule expressions. For more information on regex support, refer to the Enhanced Charging Service Administration Guide.

Table 6. Special Characters Supported in Regex Rule Expressions

Regex Character

Description

*

Zero or more characters

+

Zero or more repeated instances of the token preceding the +

?

Match zero or one character

Important

The CLI does not support configuring "?" directly, you must instead use "\077".

For example, if you want to match the string "xyz<any one character>pqr", you must configure it as:

http host regex "xyz\077pqr"

In another example, if you want to exactly match the string "url?resource=abc", you must configure it as:

http uri regex "url\\077resource=abc"

Where, the first "\" (backslash) is for the escaping of "?", and then "\077" for specifying "?" to the CLI.

\character

Escaped character

\?

Match the question mark (\<ctrl-v>?) character

\+

Match the plus character

\*

Match the asterisk character

\a

Match the Alert (ASCII 7) character

\b

Match the Backspace (ASCII 8) character

\f

Match the Form-feed (ASCII 12) character

\n

Match the New line (ASCII 10) character

\r

Match the Carriage return (ASCII 13) character

\t

Match the Tab (ASCII 9) character

\v

Match the Vertical tab (ASCII 11) character

\0

Match the Null (ASCII 0) character

\\

Match the backslash character

Bracketed range [0-9]

Match any single character from the range

A leading ^ in a range

Do not match any in the range. All other characters represent themselves.

.\x##

Any ASCII character as specified in two-digit hex notation.

For example, \x5A yields a "Z".

|

Specify OR regular expression operator

Important

When using the regex operator "|" in regex expressions, always wrap the string in double quotes.

For example, if you want to match the string "pqr" OR "xyz", you must configure it as:

http host regex "pqr|xyz" .

Example

The following command defines a rule expression to match all RTSP, RTCP, and RTP traffic when the parent RTSP's first setup URL contains cisco.com :

rtsp-stream first-setup-url contains cisco.com

The following command defines a rule expression to match all RTSP, RTCP, and RTP traffic when the parent RTSP's first setup URL matches the given regular expression: rtsp://tvs100.google.fr/t1/M6

rtsp-stream first-setup-url regex rtsp://tvs(a|l|b)[0-9][0-9].google.(fr|:554)/t1/(M6|W9_)*

rule-application

This command allows you to specify the purpose of a ruledef, such as for charging, post-processing, routing, and so on.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

rule-application { charging | post-processing | routing  | tpo  }  
no rule-application

no

Disables the rule application configuration.

charging

Specifies that the current ruledef is for charging purposes.

Up to 2,048 rule definitions can be defined for the charging application in an Active Charging Service.

Default: Enabled

post-processing

Important

The post-processing keyword is available only in 8.3 and later releases.

Specifies that the current ruledef is for post-processing purposes. This enables processing of packets even if the rule matching for them has been disabled.

routing

Specifies that the current ruledef is for routing purposes. Up to 256 rule definitions can be defined for routing in an Active Charging Service. Default: Disabled

tpo

Important

The Traffic Performance Optimization (TPO) in-line service is not supported in this release.

Usage Guidelines

Use this command to specify the rule application for a rule definition.

If, when configuring a ruledef, the rule-application is not specified, by default the system configures the ruledef as a charging ruledef.

Example

The following command configures the rule application "charging" to the current rule definition:

rule-application charging

sdp any-match

This command allows you to define rule expressions to match all packets that contain Session Description Protocol (SDP) descriptions.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] sdp any-match  operator condition

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`condition`

Specifies the condition to match.

condition must be one of the following:

FALSE
TRUE

Usage Guidelines

Use this command to define rule expressions to match all packets containing SDP descriptions.

Example

The following command defines a rule expression to match all packets containing SDP descriptions:

sdp any-match = TRUE

sdp connection-ip-address

This command allows you to define rule expressions to match the IP address in the connection field of SDP descriptions.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] sdp connection-ip-address  operator ipv4_address

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`ipv4_address`

Specifies the IP address to match.

ipv4_address must be in IPv4 dotted-decimal notation.

Usage Guidelines

Use this command to define rule expressions to match IP address in the connection field of SDP descriptions.

Example

The following command defines a rule expression to match the IP address 10.1.1.1 in the connection field of SDP descriptions:

sdp connection-ip-address = 10.1.1.1

sdp media-audio-port

This command allows you to define rule expressions to match media audio ports specified in the media sections of SDP descriptions.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] sdp media-audio-port  operator port

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`port`

Specifies the port number to match.

port must be an integer from 0 through 65535.

Usage Guidelines

Use this command to define rule expressions to match media audio ports specified in the media sections of SDP descriptions.

Example

The following command defines a rule expression to match media audio port 100 in the media sections of SDP descriptions:

sdp media-audio-port = 100

sdp media-video-port

This command allows you to define rule expressions to match media video ports specified in the media sections of SDP descriptions.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] sdp media-video-port  operator port

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`port`

Specifies the port number to match.

port must be an integer from 0 through 65535.

Usage Guidelines

Use this command to define rule expressions to match media video ports specified in the media sections of SDP descriptions.

Example

The following command defines a rule expression to match media video port 100 in the media sections of SDP descriptions:

sdp media-video-port = 100

sdp uplink

This command allows you to define rule expressions to match SDP descriptions in the uplink (subscriber to network) direction.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] sdp uplink  operator condition

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`condition`

Specifies the condition to match.

condition must be one of the following:

FALSE : Is not uplink
TRUE : Is uplink

Usage Guidelines

Use this command to define rule expressions to match SDP descriptions in uplink direction.

Example

The following command defines a rule expression to match all SDP descriptions in the uplink direction:

sdp uplink = TRUE

secure-http any-match

This command allows to match traffic analyzed by the Secure HTTP (HTTPS) analyzer in uplink or downlink direction.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] secure-http any-match  operator condition

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`condition`

Specifies the condition to match.

condition must be one of the following:

FALSE
TRUE

Usage Guidelines

Use this command to define rule expressions to match traffic analyzed by the Secure HTTP (HTTPS) analyzer in uplink or downlink direction. The analysis does not differentiate between HTTPS and non-HTTP packets if the traffic is analyzed by HTTPS analyzer.

Example

The following command defines a rule expression to match HTTPS packets analyzed by the HTTPS analyzer:

secure-http any-match = TRUE

secure-http uplink

This command allows you to define rule expressions to match uplink (subscriber to network) HTTPS packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] secure-http uplink  operator condition

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`condition`

Specifies the condition to match.

condition must be one of the following:

FALSE : Is not uplink
TRUE : Is uplink

Usage Guidelines

Use this command to define rule expressions to match uplink HTTPS packets.

Example

The following command defines a rule expression to match all uplink HTTPS packets:

secure-http uplink = TRUE

sip any-match

This command allows you to define rule expressions to match all Session Initiation Protocol (SIP) packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] sip any-match  operator condition

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`condition`

Specifies the condition to match.

condition must be one of the following:

FALSE
TRUE

Usage Guidelines

Use this command to define rule expressions to match all SIP packets.

Example

The following command defines a rule expression to match all SIP packets:

sip any-match = TRUE

sip call-id

This command allows you to define rule expressions to match the Call ID in SIP messages.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] sip call-id [ case-sensitive ]  operator call_id

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`call-id`

Specifies the call ID to match.

call-id must be an alphanumeric string of 1 through 127 characters and may contain punctuation characters.

Usage Guidelines

Use this command to define rule expressions to match the call ID in SIP messages.

Example

The following command defines a rule expression to match the call ID test in SIP messages:

sip call-id = test

sip content length

This command allows you to define rule expressions to match the content-length field in SIP headers.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] sip content length  operator content_length

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`content_length`

Specifies the SIP content length to match.

content_length must be an integer from 0 through 65535.

Usage Guidelines

Use this command to define rule expressions to match the content-length field in SIP headers.

Example

The following command defines a rule expression to match the content length 10000 in SIP headers:

sip content length = 10000

sip content type

This command allows you to define rule expressions to match the content type field in SIP headers.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] sip content type [ case-sensitive ]  operator content_type

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`content_type`

Specifies the content type to match.

content_type must be an alphanumeric string of 1 through 127 characters.

Usage Guidelines

Use this command to define rule expressions to match the content type field in SIP headers.

Example

The following command defines a rule expression to match content type download_string in SIP headers:

sip content type = download_string

sip from

This command allows you to define rule expressions to match the from field in SIP messages.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] sip from [ case-sensitive ]  operator string

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`string`

Specifies the value to match.

string must be an alphanumeric string of 1 through 127 characters, and may contain punctuation characters.

Usage Guidelines

Use this command to define rule expressions to match the "from" field in SIP messages.

Example

The following command defines a rule expression to match test1 in the "from" field in SIP messages:

sip from contains test1

sip previous-state

This command allows you to define rule expressions to match previous state of SIP sessions.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] sip previous-state  operator sip_previous_state

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`sip_previous_state`

Specifies the previous state to match.

sip_previous_state must be one of the following:

init
provisional-response
request-sent
response-fail
response-ok

Usage Guidelines

Use this command to define rule expressions to match a previous state of SIP sessions.

Example

The following command defines a rule expression to match user traffic based on the SIP previous state of request-sent :

sip previous-state = request-sent

sip reply code

This command allows you to define rule expressions to match the reply code in SIP responses.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] sip reply code  operator reply_code

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`reply_code`

Specifies the SIP reply code to match.

reply_code must be an integer from 100 through 699.

Usage Guidelines

Use this command to define rule expressions to match the reply code in SIP responses.

Example

The following command defines a rule expression to match 180 in the reply code in SIP responses:

sip reply code = 180

sip request method

This command allows you to define rule expressions to match the method in SIP requests.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] sip request method  operator method

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`method`

Specifies the SIP method to match.

method must be one of the following:

ack
bye
cancel
info
invite
message
notify
options
prack
publish
refer
register
subscribe
update

Usage Guidelines

Use this command to define rule expressions to match the method in SIP requests.

Example

The following command defines a rule expression to match the method bye in SIP request messages:

sip request method = bye

sip request packet

This command allows you to define rule expressions to match all SIP request packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] sip request packet  operator condition

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

= : Equals
!= : Does not equal

`condition`

Specifies the condition to match.

condition must be one of the following:

FALSE : Is a response
TRUE : Is a request

Usage Guidelines

Use this command to define rule expressions to match all SIP request packets.

Example

The following command defines a rule expression to match all SIP request packets:

sip request packet = TRUE

sip state

This command allows you to define rule expressions to match current state of the SIP session.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] sip state  operator current_state

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`current_state`

Specifies the current state to match.

current_state must be one of the following:

ack-received
provisional-response
request-sent
response-fail
response-ok

Usage Guidelines

Use this command to define rule expressions to match the current SIP session.

Example

The following command defines a rule expression to match user traffic based on SIP current state request-sent :

sip state = request-sent

sip to

This command allows you to define rule expressions to match the "to" field in SIP messages.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] sip to [ case-sensitive ]  operator to_address

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`to_address`

Specifies the "to" address/name to match.

to_address must be an alphanumeric string of 1 through 127 characters and may contain punctuation characters.

Usage Guidelines

Use this command to define rule expressions to match the "to" field in SIP messages.

Example

The following command defines a rule expression to match test1 in the "to" field of SIP messages:

sip to contains test1

sip uri

This command allows you to define rule expressions to match the URI in SIP messages.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] sip uri [ sub-part { headers | host | parameters | port | userinfo } ] [ case-sensitive ]  operator uri

no

If previously configured, deletes the specified rule expression from the current ruledef.

sub-part { headers | host | parameters | port | userinfo }

This is an optional keyword that defines what sub-part of a SIP URI to check.

headers : Apply the rule to SIP URI header field.
host : Apply the rule the SIP URI host field.
parameters : Apply the rule to the SIP URI parameters field.
port : Apply the rule to the SIP URI port field.
userinfo : Apply the rule to the SIP URI userinfo field.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

The string for sub-part keyword port must be an integer and requires different operators. Use the following operators with the port keyword:

!= : Does not equal
<= : Is less than
= : Equals
>= : Is greater than

`uri`

Specifies the SIP URI to match.

uri must be an alphanumeric string of 1 through 127 characters and may contain punctuation characters.

The string for sub-part keyword port must be an integer from 0 through 65535.

Usage Guidelines

Use this command to define rule expressions to match the URI in SIP messages.

Example

The following command defines a rule expression to match the URI string sip:10.1.1.1:5060 in SIP messages:

sip uri = sip:10.1.1.1:5060

The following command defines a rule expression to match the URI string sip:nnnn@host:5060;user=phone in SIP messages:

sip uri = sip:nnnn@host:5060;user=phone

smtp any-match

This command allows you to define rule expressions to match all Simple Mail Transfer Protocol (SMTP) packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] smtp any-match  operator condition

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`condition`

Specifies the condition to match.

condition must be one of the following:

FALSE
TRUE

Usage Guidelines

Use this command to define rule expressions to match all SMTP packets.

Example

The following command defines a rule expression to match all SMTP packets:

smtp any-match = TRUE

smtp command arguments

This command allows you to define rule expressions to match SMTP command arguments.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] smtp command arguments [ case-sensitive ]  operator argument

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`argument`

Specifies the command argument to match.

argument must be an alphanumeric string of 1 through 63 characters and may contain punctuation characters.

Usage Guidelines

Use this command to define rule expressions to match SMTP command arguments.

Example

The following command defines a rule expression to match SMTP command argument test :

smtp command arguments = test

smtp command id

This command allows you to define rule expressions to match SMTP command IDs.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] smtp command id  operator command_id

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`command_id`

Specifies the command argument to match.

command_id must be an integer from 0 through 10.

Usage Guidelines

Use this command to define rule expressions to match SMTP command IDs.

Example

The following command defines a rule expression to match SMTP command ID 8 :

smtp command id = 8

smtp command name

This command allows you to define rule expressions to match commands sent in SMTP packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] smtp command name  operator command_name

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`command_name`

Specifies the command name to match.

command_name must be one of the following:

bdat
data
ehlo
expn
helo
mail-from
noop
quit
rcpt-to
rset
vrfy

Usage Guidelines

Use this command to define rule expressions to match commands sent in SMTP packets.

Example

The following command defines a rule expression to match data command in SMTP packets:

smtp command name = data

smtp mail-size

This command allows you to define rule expressions to match the size of mail sent by a SMTP client.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] smtp mail-size {  operator mail_size | { { range | !range }  range_from to  range_to } }

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`mail_size`

Specifies the mail size (in bytes) to match.

mail_size must be an integer from 1 through 40000000.

{ range | !range } `range_from` to `range_to`

Enables or disables the range criteria.

range : Enables the range criteria.
!range : Disables the range criteria.
range_from : Specifies the start of range as an integer from 1 through 40000000.
range_to : Specifies the end range. range_to must be an integer from 1 through 40000000, and must be greater than range_from .

Usage Guidelines

Use this command to define rule expressions to match the size of mail sent by an SMTP client.

Example

The following command defines a rule expression to match mail size of 40000 bytes:

smtp mail-size = 40000

smtp pdu-length

This command allows you to define rule expressions to match the Protocol Data Unit (PDU) length of SMTP packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] smtp pdu-length {  operator pdu_length | { { range | !range }  range_from to  range_to } }

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`pdu_length`

Specifies the SMTP PDU length (in bytes) to match.

pdu_length must be an integer from 1 through 65535.

{ range | !range } `range_from` to `range_to`

Enables or disables the range criteria.

range : Enables the range criteria.
!range : Disables the range criteria.
range_from : Specifies the start of range as an integer from 1 through 65535.
range_to : Specifies the end range. range_to must be an integer from 1 through 65535, and must be greater than range_from .

Usage Guidelines

Use this command to define rule expressions to match PDU length of SMTP packets, that is headers + payload.

Example

The following command defines a rule expression to match a PDU length of 1600 bytes:

smtp pdu-length = 1600

smtp previous-state

This command allows you to define rule expressions to match previous state of SMTP command sessions.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] smtp previous-state  operator smtp_previous_state

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`smtp_previous_state`

Specifies the previous state to match.

smtp_previous_state must be one of the following:

close : Closed state
init : Initialized state
response-error : Reply error state
response-ok : Response ok state
waiting-for-response : Waiting for response state

Usage Guidelines

Use this command to define rule expressions to match a previous state of SMTP command sessions.

Example

The following command defines a rule expression to match user traffic based on SMTP previous state close :

smtp previous-state = close

smtp recipient

This command allows you to define rule expressions to match the recipient e-mail ID in the current SMTP transaction.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] smtp recipient [ case-sensitive ]  operator argument

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`argument`

Specifies the response argument to match.

argument must be an alphanumeric string of 1 through 127 characters and may contain punctuation characters.

Usage Guidelines

Use this command to define rule expressions to match the recipient e-mail ID in the current SMTP transaction.

Example

The following command defines a rule expression to match recipient e-mail ID containing test in the current SMTP transaction:

smtp recipient contains test

smtp reply arguments

This command allows you to define rule expressions to match the arguments within SMTP responses.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] smtp reply arguments [ case-sensitive ]  operator argument

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`argument`

Specifies the reply argument to match.

argument must be an alphanumeric string of 1 through 63 characters and may contain punctuation characters.

Usage Guidelines

Use this command to define rule expressions to match the arguments with SMTP response.

Example

The following command defines a rule expression to match reply argument forward-path in SMTP response:

smtp reply arguments = forward-path

smtp reply id

This command allows you to define rule expressions to match reply ID assigned to SMTP responses.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] smtp reply id  operator reply_id

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`reply_id`

Specifies the reply ID to match.

reply_id must be one of the following:

0 : +NO reply
1 : +OK reply
2 : -ERR reply

Usage Guidelines

Use this command to define rule expressions to reply ID assigned to SMTP response.

Example

The following command defines a rule expression to match reply ID 2 assigned to SMTP response:

smtp reply id = 2

smtp reply status

This command allows you to define rule expressions to match the reply status in SMTP packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] smtp reply status  operator reply_status

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`reply_status`

Specifies the SMTP reply status to match.

reply_status must be one of the following:

+OK : Response OK
-ERR : Response error

Usage Guidelines

Use this command to define rule expressions to match reply status in SMTP packets.

Example

The following command defines a rule expression to match reply status +OK in SMTP packets:

smtp reply status = +OK

smtp sender

This command allows you to define rule expressions to match sender e-mail ID in the current SMTP transaction.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] smtp sender [ case-sensitive ]  operator sender

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`sender`

Specifies the sender value to match.

sender must be an alphanumeric string of 1 through 127 characters.

Usage Guidelines

Use this command to define rule expressions to match sender e-mail ID in the current SMTP transaction.

Example

The following command defines a rule expression to match sender e-mail ID containing test in the current SMTP transaction:

smtp sender contains test

smtp session-length

This command allows you to define rule expressions to match total length of SMTP sessions.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] smtp session-length {  operator session_length | { range | !range }  range_from to  range_to }

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`session_length`

Specifies the session length to match.

session_length must be an integer from 1 through 40000000.

{ range | !range } `range_from` to `range_to`

Enables or disables the range criteria.

range : Enables the range criteria.
!range : Disables the range criteria.
range_from : Specifies the start of range as an integer from 1 through 40000000.
range_to : Specifies the end range. range_to must be an integer from 1 through 40000000, and must be greater than range_from .

Usage Guidelines

Use this command to define rule expressions to match total length of SMTP session.

Example

The following command defines a rule expression to match SMTP session length of 4000000 :

smtp session-length = 4000000

smtp state

This command allows you to define rule expressions to match current state of a SMTP command session.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] smtp state  operator current_state

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`current_state`

Specifies the current state to match.

current_state must be one of the following:

close : Closed state
init : Initialized state
response-error : Response of error state
response-ok : Response of ok state
waiting-for-response : Waiting for response state

Usage Guidelines

Use this command to define rule expressions to match current state of SMTP command session.

Example

The following command defines a rule expression to match current state as close of SMTP command session:

smtp state = close

tcp analyzed out-of-order

This command allows you to define rule expressions to determine whether the received TCP packet was received before all of the earlier sequenced packets have been received. This functionality is for whether the packet was analyzed or discarded because the earlier sequenced packet(s) was (were) not received before a timeout expired.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] tcp analyzed out-of-order  operator condition

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`condition`

Specifies the condition to match.

condition must be one of the following:

FALSE : Not analyzed
TRUE : Analyzed

Usage Guidelines

This command is used to set the status flag to 'analyzed' or 'not analyzed' for all TCP packets received at the ACSMgr/SessMgr prior to their earlier packets.

When a packet reaches ACSMgr/SessMgr prior to earlier packet(s), it and subsequent packets are buffered at ACSMgr/SessMgr as TCP out-of-order packets and ACSMgr/SessMgr waits for missing packet(s) until the time-out duration expires. If the packet(s) with the missing sequence number(s) arrives within the time-out duration, all buffered packets with the correct sequence will be presented to upper layers (HTTP etc.) for analysis; otherwise buffered TCP out-of-order packets will be sent to charging with analysis done flag at the TCP/IP layer only.

If this command is enabled the TCP out-of-order packets are marked and sent to TCP analyzer as analyzed for charging action, otherwise they are discarded.

Example

The following command sets to analyze TCP out-of-order packets:

tcp analyzed out-of-order = TRUE

tcp any-match

This command allows you to define rule expressions to match all TCP packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] tcp any-match  operator condition

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`condition`

Specifies the condition to match.

condition must be one of the following:

FALSE : Not analyzed
TRUE : Analyzed

Usage Guidelines

Use this command to define rule expressions to match all TCP packets.

Example

The following command defines a rule expression to match all TCP packets:

tcp any-match = TRUE

tcp client-port

This command allows you to define rule expressions to match client port number in TCP headers.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] tcp client-port {  operator port_number | { !range | range } {  start_range to  end_range | port-map  port_map_name } }

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`port_number`

Specifies the port number to match.

port_number must be an integer from 1 through 65535.

range | !range

Specifies the range criteria.

!range : Not in the range
range : In the range

`start_range` to `end_range`

Specifies the starting and ending port numbers for the port range.

start_range must be an integer from 1 through 65535.
end_range must be an integer from 1 through 65535, and must be greater than start_range .

port-map `port_map_name`

Specifies the port map for the port range. port_map_name must be an alphanumeric string of 1 through 63 characters.

Usage Guidelines

Use this command to define rule expressions to match a client port number in TCP headers.

Example

The following command defines a rule expression to analyze user traffic matching TCP client port 5000 :

tcp client-port = 5000

tcp connection-initiator

This command allows you to define rule expressions to match the TCP connection initiator.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] tcp connection-initiator  operator subscriber

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

subscriber

Specifies that the connection is being initiated by the subscriber.

Usage Guidelines

Use this command to define rule expressions to match the TCP connection initiator, and to allow the operator to differentiate when the connection initiated by subscriber or the subscriber is acting as a Transaction Control Server (TCS) server.

Example

The following command defines a rule expression to match user traffic based on TCP connection initiator subscriber :

tcp connection-initiator = subscriber

tcp downlink

This command allows you to define rule expressions to match downlink (network to subscriber) TCP packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] tcp downlink  operator condition

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`condition`

Specifies the condition to match.

condition must be one of the following:

FALSE
TRUE

Usage Guidelines

Use this command to define rule expressions to match downlink (to subscriber) TCP packets.

Example

The following command defines a rule expression to match downlink TCP packets:

tcp downlink = TRUE

tcp dst-port

This command allows you to define rule expressions to match destination port number in TCP headers.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] tcp dst-port {  operator port_number | { !range | range } {  start_range to  end_range | port-map  port_map_name } }

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`port_number`

Specifies the port number to match.

port_number must be an integer from 1 through 65535.

range | !range

Specifies the range criteria:

!range : Not in the range
range : In the range

`start_range` to `end_range`

Specifies the starting and ending port numbers for the range of destination TCP ports.

start_range must be an integer from 1 through 65535.
end_range must be an integer from 1 through 65535, and must be greater than start_range .

port-map `port_map_name`

Specifies the port map for the port range. port_map_name must be an alphanumeric string of 1 through 63 characters.

Usage Guidelines

Use this command to define rule expressions to match destination port number in TCP headers.

Example

The following command defines a rule expression to match destination port number 10 in TCP headers:

tcp dst-port = 10

tcp duplicate

This command allows you to define rule expressions to match TCP retransmissions.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] tcp duplicate  operator condition

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`condition`

Specifies the condition to match.

condition must be one of the following:

FALSE : Not duplicated/retransmitted
TRUE : Duplicated/retransmitted

Usage Guidelines

Use this command to specify rule expressions to match TCP retransmission.

Example

The following command defines a rule expression to match TCP retransmissions:

tcp duplicate = TRUE

tcp either-port

This command allows you to define rule expressions to match either a destination or source port number in TCP headers.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] tcp either-port {  operator port_number | { !range | range } {  start_range to  end_range | port-map  port_map_name } }

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`port_number`

Specifies the port number to match.

port_number must be an integer from 1 through 65535.

range | !range

Specifies the range criteria:

!range : Not in the range
range : In the range

`start_range` to `end_range`

Specifies the starting and ending port numbers for the port range.

start_range must be an integer from 1 through 65535.
end_range must be an integer from 1 through 65535, and must be greater than start_range .

port-map `port_map_name`

Specifies the port map for the port range. port_map_name must be an alphanumeric string of 1 through 63 characters.

Usage Guidelines

Use this command to define rule expressions to match either a destination or source port number in TCP headers.

This command expression allows you to create a single ruledef using either-port, rather than needing two ruledefs (one with dst-port and one with src-port).

Example

The following command defines a rule expression to match destination/source port number 10 in TCP header:

tcp either-port = 10

tcp error

This command allows you to define rule expressions to identify errors, either in the packet (for example, TCP checksum error) or in the TCP analyzer's Finite State Machine (FSM).

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] tcp error  operator condition

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`condition`

Specifies the condition to match.

condition must be one of the following:

FALSE
TRUE

Usage Guidelines

Use this command to define a rule expression to identify errors, either in the packet (for example, TCP checksum error) or in the TCP analyzer's FSM.

Example

The following command defines a rule expression to match TCP errors:

tcp error = TRUE

tcp flag

This command allows you to define rule expressions to match bit within the flag field of TCP headers.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] tcp flag  operator flag

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!contains : Does not contain
contains : Contains
!= : Does not equal
= : Equals

`flag`

Specifies the flag value to match.

flag must be one of the following:

ack : TCP FLAG ACK
fin : TCP FLAG FIN
push : TCP FLAG PUSH
reset : TCP FLAG RESET
syn : TCP FLAG SYN

Usage Guidelines

Use this command to define rule expressions to match a bit within the flag field of TCP headers.

Example

The following command defines a rule expression to match reset within flag field of TCP headers:

tcp flag = reset

tcp initial-handshake-lost

This command allows you to define rule expressions to match data packets when there has been no TCP handshaking to establish TCP connection.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] tcp initial-handshake-lost  operator condition

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`condition`

Specifies the condition to match.

condition must be one of the following:

FALSE
TRUE

Usage Guidelines

Use this command to define rule expressions to match data packets when there has been no TCP handshaking to establish TCP connection.

Example

The following command defines a rule expression to identify TCP flow where the initial handshake was not seen:

tcp initial-handshake-lost = TRUE

tcp payload

This command allows you to define rule expressions to match hexadecimal or ASCII string content in the payload protocol-signature field of the TCP payload.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] tcp payload starts-with { hex-signature  hex_string | string-signature  string }

no

If previously configured, deletes the specified rule expression from the current ruledef.

hex-signature `hex_string`

Specifies hexadecimal protocol signature in payload field.

hex_string must be a dash-delimited list of hex data of size smaller than 32.

string-signature `string`

Specifies protocol signature in payload field.

string must be an alphanumeric string of 1 through 32 characters.

Usage Guidelines

Use this command to define rule expressions to match for Hex/ASCII string content in payload protocol-signature field.

This rule expression is useful for detecting certain applications.

Example

The following command defines a rule expression to identify user traffic based on TCP protocol signature tcp1 :

tcp payload starts-with string-signature tcp1

tcp payload-length

This command allows you to define rule expressions to match the length of a TCP payload.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] tcp payload-length  operator payload_length

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`payload_length`

Specifies the TCP payload length to match.

payload_length must be an integer from 0 through 40000000.

Usage Guidelines

Use this command to define rule expressions to match length of TCP payload, excluding the TCP or lower layer headers.

To match TCP control packets configure a payload-length of 0 (zero).

Example

The following command defines a rule expression to match TCP payload length of 10000 :

tcp payload-length = 10000

tcp previous-state

This command allows you to define rule expressions to match previous state of TCP connections.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] tcp previous-state  operator tcp_previous_state

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`tcp_previous_state`

Specifies the previous state to match.

tcp_previous_state must be one of the following:

close
close-wait
closing
established
fin-wait1
fin-wait2
last-ack
listen
syn-received
syn-sent
time-wait

Usage Guidelines

Use this command to define rule expressions to match a TCP previous state.

Example

The following command defines a rule expression to match user traffic based on previous state time-wait :

tcp previous-state = time-wait

tcp proxy-prev-state

This command allows you to define rule expressions to match TCP previous state on the ingress side of the TCP proxy.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] tcp proxy-prev-state  operator previous_state

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`previous_state`

Specifies the previous state to match.

previous_state must be one of the following:

close
close-wait
closing
established
fin-wait1
fin-wait2
last-ack
listen
syn-received
syn-sent
time-wait

Usage Guidelines

If there is no TCP proxy configured, this configuration is not applicable.

For proxy-enabled flows, TCP state handling interprets the ingress side as the radio side and the egress side as the Internet side of the TCP connection.

tcp state and tcp prev-state is the state of the client stack, which would be either the state of the subscriber's stack (if flow is not proxy enabled) or the MS state of proxy on the egress-side (if flow is proxy-enabled).

tcp proxy-state and tcp proxy-prev-state is the state of the embedded TCP proxy server, that is the proxy ingress-side.

So, depending on the use case, if using tcp state and tcp prev-state an existing configuration may work fine regardless of whether proxy is enabled. For other use cases, other ruledefs may have to be created.

Both tcp state and tcp proxy-state can be used in the same ruledef. If proxy was being used, they would map to the egress-side and ingress-side, respectively. If proxy was not being used, then this would not match ruledef because proxy state would not be applicable.

Example

The following command defines a rule expression to match user traffic based on TCP proxy previous state of established:

tcp proxy-prev-state = established

tcp proxy-state

This command allows you to define rule expressions to match the TCP state on the ingress side of the TCP proxy.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] tcp proxy-state  operator state

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`state`

Specifies the state to match.

state must be one of the following:

close
close-wait
closing
established
fin-wait1
fin-wait2
last-ack
listen
syn-received
syn-sent
time-wait

Usage Guidelines

If there is no TCP proxy configured, this configuration is not applicable.

For proxy-enabled flows, TCP state handling interprets the ingress side as the radio side and the egress side as the Internet side of the TCP connection.

tcp state and tcp prev-state is the state of the client stack, which would be either the state of the subscriber's stack (if flow is not proxy enabled) or the MS state of proxy on egress-side (if flow is proxy-enabled).

tcp proxy-state and tcp proxy-prev-state is the state of the embedded TCP proxy server, that is the proxy ingress-side.

So, depending on the use case, if using tcp state and tcp prev-state an existing configuration may work fine regardless of whether proxy is enabled. For other use cases, other ruledefs may have to be created.

Both tcp state and tcp proxy-state can be used in the same ruledef. If proxy was being used, they would map to the egress-side and ingress-side, respectively. If proxy was not being used, then this would not match the ruledef because proxy state would not be applicable.

Example

The following command defines a rule expression to match user traffic based on TCP proxy previous state of established:

tcp proxy-state = established

tcp server-port

This command allows you to define rule expressions to match server port number in TCP headers.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] tcp server-port {  operator port_number | { !range | range } {  start_range to  end_range | port-map  port_map_name } }

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`port_number`

Specifies the port number to match.

port_number must be an integer from 1 through 65535.

range | !range

Specifies the range criteria:

!range : Not in the range
range : In the range

`start_range` to `end_range`

Specifies the starting and ending port numbers for the port range.

start_range must be an integer from 1 through 65535.
end_range must be an integer from 1 through 65535, and must be greater than start_range .

port-map `port_map_name`

Specifies the port map for the port range. port_map_name must be an alphanumeric string of 1 through 63 characters.

Usage Guidelines

Use this command to define rule expressions to match server port number in TCP headers.

Example

The following command defines a rule expression to analyze user traffic matching TCP server port 10 :

tcp server-port = 10

tcp session-length

This command allows you to define rule expressions to match the total length of a TCP session.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] tcp session-length  operator session_length

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`session_length`

Specifies the TCP session length (in bytes) to match as be an integer from 0 through 4000000000.

Usage Guidelines

Use this command to define rule expressions to match the total length of a TCP session.

The session-length is calculated by adding together the TCP payload-length values of all relevant packets.

Example

The following command defines a rule expression to match user traffic based on TCP session length of 2000 bytes:

tcp session-length = 2000

tcp src-port

This command allows you to define rule expressions to match source a port number in TCP headers.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] tcp src-port {  operator port_number | { !range | range } {  start_range to  end_range | port-map  port_map_name } }

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`port_number`

Specifies the port number to match.

port_number must be an integer from 1 through 65535.

range | !range

Specifies the range criteria:

!range : Not in the range
range : In the range

`start_range` to `end_range`

Specifies the starting and ending port numbers for the port range.

start_range must be an integer from 1 through 65535.
end_range must be an integer from 1 through 65535, and must be greater than start_range .

port-map `port_map_name`

Specifies the port map for the port range. port_map_name must be an alphanumeric string of 1 through 63 characters.

Usage Guidelines

Use this command to define rule expressions to match source a port number in TCP headers.

Example

The following command defines a rule expression to analyze user traffic matching TCP source port 10 :

tcp src-port = 10

tcp state

This command allows you to define rule expressions to match current state of TCP connections.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] tcp state  operator current_state

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`current_state`

Specifies the current state to match.

current_state must be one of the following:

close
close-wait
closing
established
fin-wait1
fin-wait2
last-ack
listen
syn-received
syn-sent
time-wait

Usage Guidelines

Use this command to define rule expressions to match a current state of TCP connections.

Example

The following command defines a rule expression to match user traffic based on current state close :

tcp state = close

tcp uplink

This command allows you to define rule expressions to match uplink (subscriber to network) TCP packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] tcp uplink  operator condition

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`condition`

Specifies the condition.

condition must be one of the following:

FALSE
TRUE

Usage Guidelines

Use this command to define rule expressions to uplink TCP packets.

Example

The following command defines a rule expression to uplink TCP packets:

tcp uplink = TRUE

tethering-detection

This command allows you to define rule expressions to match tethered or non-tethered flows.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

tethering-detection  [  application |  dns-based |  ip-ttl | os-ua ]  { flow-not-tethered | flow-tethered }  
no tethering-detection

no

Deletes the tethering detection configuration from the ruledef.

application

Specifies to select flows that were tethered or non-tethered based on App-based detection solution.

With release 21.1.3, the App-based Tethering Detection is introduced only for Netflix and YouTube.

dns-based

Specifies to select flows that were tethered or non-tethered based on DNS-based detection solution.

ip-ttl

Specifies to select flows that were tethered or non-tethered as per IP-TTL values.

os-ua

Specifies to select flows that were tethered or non-tethered as per OS-UA lookups.

In 18 and later releases, IPv6 OS-based tethering detection is supported.

flow-not-tethered

Specifies to match if tethering is not detected on flow.

flow-tethered

Specifies to match if tethering is detected on flow.

Usage Guidelines

Use this command to define rule expressions to match tethered/non-tethered flows.

Note that in order for the rule containing the tethering-detection configuration to get matched, at least one valid rule line has to be present in it.

This configuration is treated in a special manner by the rule matching engine in that it is excluded from the condition multi-line-or all-lines . For example, if there are three rule-lines in a ruledef and multi-line-or is enabled as follows:

ruledef all-tethered-web-traffic 
     http any-match = TRUE 
     wsp any-match = TRUE 
     multi-line-or all-lines 
     tethering-detection flow-tethered 
     exit

In this case, if for a packet only the rule line tethering-detection flow-tethered matches, it is not sufficient to result in a rule match even though multi-line-or all-lines is enabled in the ruledef.

Example

The following command defines a rule expression to match tethered flows:

tethering-detection flow-tethered

tftp any-match

This command allows you to define rule expressions to match all Trivial File Transfer Protocol (TFTP) packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] tftp any-match  operator condition

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`condition`

Specifies the condition to match.

condition must be one of the following:

FALSE : Not analyzed
TRUE : Analyzed

Usage Guidelines

Use this command to define rule expressions to match all TFTP packets.

Example

The following command defines a rule expression to match all TFTP packets:

tftp any-match = TRUE

tftp data-any-match

This command allows you to define rule expressions to match all TFTP data packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] tftp data-any-match  operator condition

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`condition`

Specifies the condition to match.

condition must be one of the following:

FALSE : Not analyzed
TRUE : Analyzed

Usage Guidelines

Use this command to define rule expressions to match all TFTP data packets.

Example

The following command defines a rule expression to match all TFTP data packets:

tftp data-any-match = TRUE

tls

This command allows to configure TLS/SSL Server Name Indication (SNI) and corresponding custom defined protocol (CDP).

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] tls { set-app-proto  cdp_name_string | sni  operator server_name_string }

no

If previously configured, deletes the configuration in the current ruledef.

set-app-proto `cdp_name_string`

Specifies the name of the custom defined protocol (CDP) for TLS/SSL flows matching the ruledef.

cdp_name_string must be an alphanumeric string of 1 through 19 characters.

sni `operator server_name_string`

Specifies the TLS/SSL Server Name Indication (SNI) field value in the Client Hello packet.

operator : Specifies how to match and must be one of the following:

!= : Does not equal
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

server_name_string : Specifies the server name and must be an alphanumeric string of 1 through 127 characters.

Usage Guidelines

Use this command to configure the TLS/SSL SNI and corresponding CDP. The CDP name for a TLS/SSL flow must match a set of SNI rule lines in multiline-and or multiline-or manner.

Example

The following command configures the SNI to facebook.com :

tls sni = facebook.com

The following command configures the name of the corresponding protocol to facebook :

tls set-app-proto facebook

udp any-match

This command allows you to define rule expressions to match all UDP packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] udp any-match  operator condition

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`condition`

Specifies the condition to match.

condition must be one of the following:

FALSE
TRUE

Usage Guidelines

Use this command to define rule expressions to match all UDP packets.

Example

The following command defines a rule expression to match all UDP packets:

udp any-match = TRUE

udp client-port

This command allows you to define rule expressions to match client port number in UDP headers.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] udp client-port {  operator port_number | { !range | range } {  start_range to  end_range | port-map  port_map_name } }

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`port_number`

Specifies the port number to match.

port_number must be an integer from 1 through 65535.

range | !range

Specifies the range criteria.

!range : Not in the range
range : In the range

`start_range` to `end_range`

Specifies the starting and ending port numbers for the port range.

start_range must be an integer from 1 through 65535.
end_range must be an integer from 1 through 65535, and must be greater than start_range .

port-map `port_map_name`

Specifies the port map for the port range. port_map_name must be an alphanumeric string of 1 through 63 characters.

Usage Guidelines

Use this command to define rule expressions to match client port number in UDP headers.

Example

The following command defines a rule expression to analyze user traffic matching UDP client port 500 :

udp client-port = 500

udp downlink

This command allows you to define rule expressions to match downlink (network to subscriber) UDP packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] udp downlink  operator condition

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

= : Equals

`condition`

Specifies the condition to match.

condition must be one of the following:

FALSE
TRUE

Usage Guidelines

Use this command to define rule expressions to match downlink UDP packets.

Example

The following command defines a rule expression to match downlink UDP packets:

udp downlink = TRUE

udp dst-port

This command allows you to define rule expressions to match destination port number in UDP headers.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] udp dst-port {  operator port_number | { !range | range } {  start_range to  end_range | port-map  port_map_name } }

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`port_number`

Specifies the port number to match.

port_number must be an integer from 1 through 65535.

!range | range

Specifies the range criteria.

!range : Not in the range
range : In the range

`start_range` to `end_range`

Specifies the starting and ending port numbers for the port range.

start_range must be an integer from 1 through 65535.
end_range must be an integer from 1 through 65535, and must be greater than start_range .

port-map `port_map_name`

Specifies the port map for the port range. port_map_name must be an alphanumeric string of 1 through 63 characters.

Usage Guidelines

Use this command to define rule expressions to match destination port number in UDP headers.

Example

The following command defines a rule expression to match user traffic based on destination port number 10 :

udp dst-port = 10

udp either-port

This command allows you to define rule expressions to match either a destination or source port number in UDP headers.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] udp either-port {  operator port_number | { !range | range } {  start_range to  end_range | port-map  port_map_name } }

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`port_number`

Specifies the port number to match.

port_number must be an integer from 1 through 65535.

!range | range

Specifies the range criteria.

!range : Not in the range
range : In the range

`start_range` to `end_range`

Specifies the starting and ending port numbers for the port range.

start_range must be an integer from 1 through 65535.

end_range must be an integer from 1 through 65535, and must be greater than start_range .

port-map `port_map_name`

Specifies the port map for the port range. port_map_name must be an alphanumeric string of 1 through 63 characters.

Usage Guidelines

Use this command to define rule expressions to match either destination or source port number in UDP headers.

Example

The following command defines a rule expression to match user traffic based on match either source/destination port number 10 :

udp either-port = 10

udp payload starts-with

This command allows you to define rule expressions to match hex/ASCII string content in UDP payload protocol-signature field.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] udp payload starts-with { hex-signature  hex_string | string-signature  string }

no

If previously configured, deletes the specified rule expression from the current ruledef.

hex-signature `hex_string`

Specifies hexadecimal protocol signature in payload field.

hex_string must be a dash-delimited list of hex data of size smaller than 32.

string-signature `string`

Specifies protocol signature in payload field.

string must be an alphanumeric string of 1 through 32 characters.

Usage Guidelines

Use this command to define rule expressions to match for Hex/ASCII string content in UDP payload protocol-signature field.

This rule expression is useful for detecting certain applications.

Example

The following command defines a UDP rule expression to analyze user traffic based on UDP protocol signature udp1 :

udp payload starts-with string-signature udp1

udp server-port

This command allows you to define rule expressions to match server port number in UDP headers.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] udp server-port {  operator port_number | { !range | range } {  start_range to  end_range | port-map  port_map_name } }

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`port_number`

Specifies the port number to match.

port_number must be an integer from 1 through 65535.

range | !range

Specifies the range criteria.

!range : Not in the range
range : In the range

`start_range` to `end_range`

Specifies the starting and ending port numbers for the port range.

start_range must be an integer from 1 through 65535.
end_range must be an integer from 1 through 65535, and must be greater than start_range .

port-map `port_map_name`

Specifies the port map for the port range. port_map_name must be an alphanumeric string of 1 through 63 characters.

Usage Guidelines

Use this command to define rule expressions to match source a server port number in UDP headers.

Example

The following command defines a rule expression to analyze user traffic matching UDP server port 53 :

udp server-port = 53

udp src-port

This command allows you to define rule expressions to match source port number in UDP headers.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] udp src-port {  operator port_number | { !range | range } {  start_range to  end_range | port-map  port_map_name } }

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`port_number`

Specifies the port number to match.

port_number must be an integer from 1 through 65535.

!range | range

Specifies the range criteria.

!range : Not in the range
range : In the range

`start_range` to `end_range`

Specifies the starting and ending port numbers for the port range.

start_range must be an integer from 1 through 65535.

end_range must be an integer from 1 through 65535, and must be greater than start_range .

port-map `port_map_name`

Specifies the port map for the port range. port_map_name must be an alphanumeric string of 1 through 63 characters.

Usage Guidelines

Use this command to define rule expressions to match source port number in UDP headers.

Example

The following command defines a rule expression to match source port number 10 in UDP headers:

udp src-port = 10

udp uplink

This command allows you to define rule expressions to match uplink (subscriber to network) UDP packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] udp uplink  operator condition

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

= : Equals

`condition`

Specifies the condition to match.

condition must be one of the following:

FALSE
TRUE

Usage Guidelines

Use this command to define rule expressions to match uplink UDP packets.

Example

The following command defines a rule expression to match uplink (from subscriber) UDP packets:

udp uplink = TRUE

wsp any-match

This command allows you to define rule expressions to match all Wireless Session Protocol (WSP) packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] wsp any-match  operator condition

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`condition`

Specifies the condition to match.

condition must be one of the following:

FALSE
TRUE

Usage Guidelines

Use this command to specify a rule expression to match all WSP packets.

Example

The following command defines a rule expression to match all WSP packets:

wsp any-match = TRUE

wsp content type

This command allows you to define rule expressions to match the content type field in WSP headers.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] wsp content type [ case-sensitive ]  operator content_type

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`content_type`

Specifies content type to match.

content_type must be an alphanumeric string of 1 through 127 characters and may contain punctuation characters.

Usage Guidelines

Use this command to define rule expressions to match "content type" field in WSP headers.

Example

The following command defines a rule expression to WSP content type test :

wsp content type = test

wsp domain

This command allows you to define rule expressions to match domain portion of the URI for WSP packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] wsp domain [ case-sensitive ]  operator domain

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`domain`

Specifies the domain to match.

domain must be an alphanumeric string of 1 through 127 characters.

Usage Guidelines

Use this command to define rule expressions to match the domain portion of URIs in WSP packets.

From the URL, after http:// (if present) is removed, everything until the first "/" is the domain.

Example

The following command defines a rule expression to match user traffic based on domain name testdomain :

wsp domain = testdomain

wsp downlink

This command allows you to define rule expressions to match downlink (network to subscriber) WSP packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] wsp downlink  operator condition

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`condition`

Specifies the downlink (from the Mobile Node direction) status to match.

condition must be one of the following:

FALSE
TRUE

Usage Guidelines

Use this command to define rule expressions to match downlink WSP packets.

Example

The following command defines a rule expression to match downlink WSP packets:

wsp downlink = TRUE

wsp first-request-packet

This command allows you to define rule expressions to match WSP first-request-packet.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] wsp first-request-packet  operator condition

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`condition`

Specifies the condition to match.

condition must be one of the following:

FALSE
TRUE

Usage Guidelines

Use this command to define rule expressions to match the GET or POST request, if it is the first WSP request for the subscriber's session.

Example

The following command defines a rule expression to match WSP first-request-packet:

wsp first-request-packet = TRUE

wsp host

This command allows you to define rule expressions to match the host name header field in WSP headers.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] wsp host [ case-sensitive ]  operator host_name

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`host_name`

Specifies the WSP host name to match.

host_name must be an alphanumeric string of 1 through 127 characters and may contain punctuation characters.

Usage Guidelines

Use this command to define rule expressions to match host name header field in WSP headers.

Example

The following command defines a rule expression to match host name host1 in WSP headers:

wsp host contains host1

wsp pdu-length

This command allows you to define rule expressions to match WSP PDU length.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] wsp pdu-length  operator pdu_length

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`pdu_length`

Specifies the WSP PDU length (in bytes) to match.

pdu_length must be an integer from 1 through 65535.

Usage Guidelines

Use this command to define rule expressions to match WSP PDU length (header + payload) in bytes.

Example

The following command defines a rule expression to match user traffic based on WSP PDU length of 10000 bytes:

wsp pdu-length = 10000

wsp pdu-type

This command allows you to define rule expressions to match WSP PDU type in the current packet.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] wsp pdu-type  operator pdu_type

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`pdu_type`

Specifies the WSP PDU type to match.

pdu_type must be one of the following:

confirmed push
connect-reply
connect-request
data-fragment
delete
disconnect
get
head
options
post
push
put
redirect
reply
resume
suspend
trace

Usage Guidelines

Use this command to define rule expressions to match WSP PDU type value in current packet.

Example

The following command defines a rule expression to match WSP PDU type resume :

wsp pdu-type resume

wsp previous-state

This command allows you to define rule expressions to match previous WSP method invocation state.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] wsp previous-state  operator wsp_previous_state

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`wsp_previous_state`

Specifies the previous state to match.

wsp_previous_state must be one of the following:

init
response-error
response-ok
waiting-for-response

Usage Guidelines

Use this command to define rule expressions to match WSP previous state.

Example

The following command defines a rule expression to match WSP previous state of response-ok :

wsp previous-state = response-ok

wsp reply code

This command allows you to define rule expressions to match WSP reply code.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] wsp reply code  operator reply_code

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`reply_code`

Specifies the WSP reply code to match.

reply_code must be an integer from 0 through 101.

Usage Guidelines

Use this command to define rule expressions to match WSP reply code.

Example

The following command defines a rule expression to match WSP reply code of 50 :

wsp reply code = 50

wsp session-length

This command allows you to define rule expressions to match total length of a WSP session.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] wsp session-length  operator session_length

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : less than equals
= : Equals
>= : greater than equals

`session_length`

Specifies the WSP session length (in bytes) to match.

session_length must be an integer from 1 through 65535.

Usage Guidelines

Use this command to define rule expressions to match total length of WSP session.

Example

The following command defines a rule expression to match WSP session length of 2000 bytes:

wsp session-length = 2000

wsp session-management

This command allows you to define rule expressions to match WSP Session Management state.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] wsp session-management { previous-state | state }  operator state

no

If previously configured, deletes the specified rule expression from the current ruledef.

previous-state

Specifies the previous WSP Session Management state.

state

Specifies current WSP Session Management Finite State Machine (FSM) state.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`state`

Specifies the state to match.

For previous-state , state must be one of the following:

connected
connecting
init
resuming
suspended

For state , state must be one of the following:

close
connected
connecting
init
resuming
suspended

Usage Guidelines

Use this command to define rule expressions to match a WSP Session Management state.

Example

The following command defines a rule expression to match previous WSP Session Management state of connecting :

wsp session-management previous-state = connecting

wsp state

This command allows you to define rule expressions to match WSP Method Invocation state.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] wsp state  operator current_state

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`current_state`

Specifies the current state to match.

current_state must be one of the following:

close
response-error
response-ok
waiting-for-response

Usage Guidelines

Use this command to define rule expressions to match WSP Method Invocation state.

Example

The following command defines a rule expression to match a WSP Method Invocation state close :

wsp state = close

wsp status

This command has been deprecated. See the wsp reply-code command.

wsp tid

This command allows you to define rule expressions to match Transaction Identifier (TID) field for connection-less WSP.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] wsp tid  operator transaction_id

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`transaction_id`

Specifies the transaction identifier to match.

transaction_id must be an integer from 0 through 255.

Usage Guidelines

Use this command to define rule expressions to match TID field for connection-less WSP.

Example

The following command defines a rule expression to match a TID value of 22 for connection-less WSP:

wsp tid = 22

wsp total-length

This command has been deprecated. See the wsp session-length command.

wsp transfer-encoding

This command allows you to define rule expressions to match transfer encoding present in WSP headers.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] wsp transfer-encoding [ case-sensitive ]  operator transfer_encoding

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`transfer_encoding`

This must be an alphanumeric string of 1 through 127 characters.

Usage Guidelines

Use this command to define rule expressions to match transfer encoding present in WSP header.

Example

The following command defines a rule expression to match user traffic based on WSP transfer encoding 7 :

wsp transfer-encoding contains 7

wsp uplink

This command allows you to define rule expressions to match uplink (subscriber to network) WSP packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] wsp uplink  operator condition

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`condition`

Specifies the uplink (to the Mobile Node direction) status to match.

condition must be one of the following:

FALSE
TRUE

Usage Guidelines

Use this command to define rule expressions to match uplink WSP packets.

Example

The following command defines a rule expression to match uplink WSP packets:

wsp uplink = TRUE

wsp url

This command allows you to define rule expressions to match WSP URL.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] wsp url [ case-sensitive ]  operator url

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
regex : Regular expression
starts-with : Starts with

`url`

Specifies the URL to match.

url must be an alphanumeric string of 1 through 127 characters.

Usage Guidelines

Use this command to define rule expressions to match the complete URL, including the host portion.

The following table lists the special characters that you can use in regex rule expressions. For more information on regex support, refer to the Enhanced Charging Service Administration Guide.

Table 7. Special Characters Supported in Regex Rule Expressions

Regex Character

Description

*

Zero or more characters

+

Zero or more repeated instances of the token preceding the +

?

Match zero or one character

Important

The CLI does not support configuring "?" directly, you must instead use "\077".

For example, if you want to match the string "xyz<any one character>pqr", you must configure it as:

http host regex "xyz\077pqr"

In another example, if you want to exactly match the string "url?resource=abc", you must configure it as:

http uri regex "url\\077resource=abc"

Where, the first "\" (backslash) is for the escaping of "?", and then "\077" for specifying "?" to the CLI.

\character

Escaped character

\?

Match the question mark (\<ctrl-v>?) character

\+

Match the plus character

\*

Match the asterisk character

\a

Match the Alert (ASCII 7) character

\b

Match the Backspace (ASCII 8) character

\f

Match the Form-feed (ASCII 12) character

\n

Match the New line (ASCII 10) character

\r

Match the Carriage return (ASCII 13) character

\t

Match the Tab (ASCII 9) character

\v

Match the Vertical tab (ASCII 11) character

\0

Match the Null (ASCII 0) character

\\

Match the backslash character

Bracketed range [0-9]

Match any single character from the range

A leading ^ in a range

Do not match any in the range. All other characters represent themselves.

.\x##

Any ASCII character as specified in two-digit hex notation.

For example, \x5A yields a "Z".

|

Specify OR regular expression operator

Important

When using the regex operator "|" in regex expressions, always wrap the string in double quotes.

For example, if you want to match the string "pqr" OR "xyz", you must configure it as:

http host regex "pqr|xyz" .

Example

The following command defines a rule expression to match user traffic based on WSP URL wsp://wiki.tcl.tk :

wsp url = wsp://wiki.tcl.tk

The following command defines a regex rule expression to match any of the following or similar values in the WSP URL string: wsp://home.opera.yahoo.com, wsp://dwld.yahoo.com, wsp://dwld2.yahoo.com.

wsp url regex "wsp://(dwld|opera|home.opera|dwld[1-3]).yahoo.com"

wsp user-agent

This command allows you to define rule expressions to match user agent field in WSP headers.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] wsp user-agent [ case-sensitive ]  operator user_agent

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`user_agent`

Specifies the WSP user agent to match.

user_agent must be an alphanumeric string of 1 through 127 characters.

Usage Guidelines

Use this command to define rule expressions to match a user agent field in WSP headers.

Example

The following command defines a rule expression to match value test in user agent field in WSP headers:

wsp user-agent contains test

wsp x-header

This command allows you to define rule expressions to match WSP extension-headers (x-headers).

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] wsp x-header  name [ case-sensitive ]  operator string

no

If previously configured, deletes the specified rule expression from the current ruledef.

`name`

Specifies the x-header value as an alphanumeric string of 1 through 31 characters.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`string`

Specifies the value of the extension header as an alphanumeric string of 1 through 127 characters.

Usage Guidelines

Use this command to configure any x-header field in WSP and parse it. The extension-header mechanism allows additional header fields to be defined without changing the protocol. The extension-header can be any header fields that are not specified in the RFC standard.

Example

The following command defines a rule expression to analyze user traffic containing WSP extension-header of test_field and value of test_string :

wsp x-header test_field = test_string

wtp any-match

This command allows you to define rule expressions to match all Wireless Transaction Protocol (WTP) packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] wtp any-match  operator condition

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`condition`

Specifies the condition to match.

condition must be one of the following:

FALSE
TRUE

Usage Guidelines

Use this command to define rule expressions to match all WTP packets.

Example

The following command defines a rule expression to match all WTP packets:

wtp any-match = TRUE

wtp downlink

This command allows you to define rule expressions to match downlink (network to subscriber) WTP packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] wtp downlink  operator condition

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`condition`

Specifies the downlink (from the Mobile Node direction) status to match.

condition must be one of the following:

FALSE
TRUE

Usage Guidelines

Use this command to define rule expressions to match downlink WTP packets.

Example

The following command defines a rule expression to match all downlink WTP packets:

wtp downlink = TRUE

wtp gtr

This command allows you to define rule expressions to match Group Transmission (GTR) flag in the current WTP PDU.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] wtp gtr  operator condition

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`condition`

Specifies the condition to match.

condition must be one of the following:

FALSE
TRUE

Usage Guidelines

Use this command to define rule expressions to match the GTR flag (that indicates the last packet of a packet group) in the current WTP PDU.

Example

The following command defines a rule expression to match WTP user traffic based on WTP GTR:

wtp gtr = TRUE

wtp pdu-length

This command allows you to define rule expressions to match WTP PDU length.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] wtp pdu-length  operator pdu_length

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`pdu_length`

Specifies the WTP PDU length (in bytes) to match.

pdu_length must be an integer from 1 through 65535.

Usage Guidelines

Use this command to define rule expressions to match WTP PDU length (header + payload) in bytes.

Example

The following command defines a rule expression to match WTP PDU length of 9647 bytes:

wtp pdu-length = 9647

wtp pdu-type

This command allows you to define rule expressions to match WTP PDU type.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] wtp pdu-type  operator pdu_type

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`pdu_type`

Specifies the WTP PDU type to match.

pdu_type must be one of the following:

abort
ack
invoke
negative-ack
result
segment-invoke
segment-result

Usage Guidelines

Use this command to define rule expressions to match WTP PDU type.

Example

The following command defines a rule expression to match the WTP PDU type result :

wtp pdu-type = result

wtp previous-state

This command allows you to define rule expressions to match previous WTP state.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] wtp previous-state  operator wtp_previous_state

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`wtp_previous_state`

Specifies the previous state to match.

wtp_previous_state must be one of the following:

ack-sent
init
invoke-sent
rcvd
result-rcvd

Usage Guidelines

Use this command to define rule expressions to match WTP previous state.

Example

The following command defines a rule expression to match user traffic based on WTP previous state of ack-sent :

wtp previous-state = ack-sent

wtp rid

This command allows you to define rule expressions to match Re-transmission Indicator (RID) flag set in WTP traffic.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] wtp rid  operator condition

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`condition`

Specifies the condition to match.

condition must be one of the following:

FALSE
TRUE

Usage Guidelines

Use this command to define rule expressions to match WTP RID flag.

Example

The following command defines a rule expression to match user traffic containing WTP RID flag:

wtp rid = TRUE

wtp state

This command allows you to define rule expressions to match current WTP state.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] wtp state  operator current_state

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`current_state`

Specifies the current state to match.

current_state must be one of the following:

ack-sent
close
init
invoke-sent
rcvd
result-rcvd

Usage Guidelines

Use this command to define rule expressions to match current WTP state.

Example

The following command defines a rule expression to match user traffic based on current WTP state close :

wtp state = close

wtp tid

This command allows you to define rule expressions to match WTP Transaction Identifier (TID).

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] wtp tid  operator transaction_id

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`transaction_id`

Specifies the transaction identifier to match.

transaction_id must be an integer from 0 through 65535.

Usage Guidelines

Use this command to define rule expressions to match WTP TID. This expression ignores the high order bit in the protocol that indicates the direction.

Example

The following command defines a rule expression to match user traffic containing WTP TID value of 22 :

wtp tid = 22

wtp transaction class

This command allows you to define rule expressions to match WTP Transaction Class (TCL) state.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] wtp transaction class  operator transaction_class

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`transaction_class`

Specifies the WTP TCL to match.

transaction_class must be an integer from 0 through 2.

Usage Guidelines

Use this command to define rule expressions to match WTP transaction class.

Example

The following command defines a rule expression to match WTP traffic based on WTP transaction class 2 :

wtp transaction class = 2

wtp ttr

This command allows you to define rule expressions to match WTP Trailer Transmission (TTR) flag.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] wtp ttr  operator condition

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`condition`

Specifies the condition to match.

condition must be one of the following:

FALSE
TRUE

Usage Guidelines

Use this command to define rule expressions to match TTR flag (used to indicate the last packet in a segmented message) in the current WTP PDU.

Example

The following command defines a rule expression to match WTP traffic based on the presence of the WTP TTR flag:

wtp ttr = TRUE

wtp uplink

This command allows you to define rule expressions to match uplink (subscriber to network) WTP packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] wtp uplink  operator condition

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`condition`

Specifies the condition to match.

condition must be one of the following:

FALSE
TRUE

Usage Guidelines

Use this command to define rule expressions to match uplink WTP packets.

Example

The following command defines a rule expression to match all uplink WTP packets:

wtp uplink = TRUE

www any-match

This command allows you to define rule expressions to match all WWW packets. It is true for HTTP, WAP1.x, and WAP2.0 protocols.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] www any-match  operator condition

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`condition`

Specifies the condition to match.

condition must be one of the following:

FALSE
TRUE

Usage Guidelines

Use this command to define rule expressions to match all WWW packets. This expression is true for HTTP, WAP1.x, and WAP2.0 protocols

Example

The following command defines a rule expression to match all WWW packets:

www any-match = TRUE

www content type

This command allows you to define rule expressions to match the Content-Type field of HTTP/WSP headers.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] www content type [ case-sensitive ]  operator content_type

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`content_type`

Specifies the value to match.

content_type must be an alphanumeric string of 1 through 127 characters and may contain punctuation characters.

Usage Guidelines

Use this command to define rule expressions to match the "content type" field of HTTP/WSP header.

Example

The following command defines a rule expression to match the WWW content type Accept :

www content type = Accept

www domain

This command allows you to define rule expressions to match the domain portion of URIs in WSP/HTTP packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] www domain [ case-sensitive ]  operator domain

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`domain`

Specifies the domain to match.

domain must be an alphanumeric string of 1 through 127 characters.

Usage Guidelines

Use this command to define rule expressions to match the domain portion of URIs in WSP/HTTP packets.

From the URL, after http:// (if present) is removed, everything until the first "/" is the domain.

Example

The following command defines a rule expression to match user traffic based on domain name testdomain :

www domain = testdomain

www downlink

This command allows you to define rule expressions to match downlink (network to subscriber) HTTP/WSP packets.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] www downlink  operator condition

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`condition`

Specifies the condition to match.

condition must be one of the following:

FALSE
TRUE

Usage Guidelines

Use this command to define rule expressions to match downlink HTTP/WSP packets.

Example

The following command defines a rule expression to match all downlink WWW packets:

www downlink = TRUE

www first-request-packet

This command allows you to define rule expressions to match the GET or POST request, if it is the first WSP/HTTP request for the subscriber's session.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] www first-request-packet  operator condition

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`condition`

Specifies the condition to match.

condition must be one of the following:

FALSE
TRUE

Usage Guidelines

Use this command to define rule expressions to match the GET or POST request, if it is the first WSP/HTTP request for the subscriber's session.

Example

The following command defines a rule expression to match user traffic based on the WWW first-request-packet:

www first-request-packet = TRUE

www header-length

This command allows you to define rule expressions to match WWW packet header length.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] www header-length  operator header_length

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`header_length`

Specifies the WWW packet header length (in bytes) to match, header_length must be an integer from 0 through 65535.

Usage Guidelines

Use this command to define rule expressions to match WWW packet header length.

Example

The following command defines a rule expression to match user traffic based on WWW packet header length of 10000 bytes:

www header-length = 10000

www host

This command allows you to define rule expressions to match the "host name" header field present in HTTP/WSP headers.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] www host [ case-sensitive ]  operator host_name

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`host_name`

Specifies the WWW host name to match.

host_name must be an alphanumeric string of 1 through 127 characters and may contain punctuation characters.

Usage Guidelines

Use this command to define rule expressions to match the host name header field present in HTTP/WSP headers.

Example

The following command defines a rule expression to match user traffic based on WWW host name host1 :

www host = host1

www payload-length

This command allows you to define rule expressions to match WWW payload length.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] www payload-length  operator payload_length

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`payload_length`

Specifies the payload length (in bytes) to match.

payload_length must be an integer from 1 through 4000000000.

Usage Guidelines

Use this command to define rule expressions to match WWW payload length.

Example

The following command defines a rule expression to match user traffic based on WWW payload length of 10000 :

www payload-length = 10000

www pdu-length

This command allows you to define rule expressions to match WWW PDU length.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] www pdu-length  operator pdu_length

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`pdu_length`

Specifies the WWW PDU length (in bytes) to match.

pdu_length must be an integer from 0 through 65535.

Usage Guidelines

Use this command to define rule expressions to match WWW PDU length (header + payload) in bytes.

Example

The following command defines a rule expression to match user traffic based on WWW PDU length of 9767 bytes:

www pdu-length = 9767

www previous-state

This command allows you to define rule expressions to match previous HTTP/WSP(HTTP) state.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] www previous-state  operator www_previous_state

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`www_previous_state`

Specifies the previous state to match.

www_previous_state must be one of the following:

init
response-error
response-ok
waiting-for-response

Usage Guidelines

Use this command to define rule expressions to match a previous HTTP/WSP(HTTP) state.

Example

The following command defines a rule expression to match user traffic based on WWW previous state init :

www previous-state = init

www reply code

This command allows you to define rule expressions to match WWW reply code arguments.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] www reply code  operator reply_code

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
<= : Lesser than or equals
= : Equals
>= : Greater than or equals

`reply_code`

Specifies the reply code to match.

reply_code must be an integer from 100 through 599.

Usage Guidelines

Use this command to define rule expressions to match HTTP 1.1 status code, or WSP status code that has been remapped to the corresponding HTTP value.

WSP status codes 0 – 101 are automatically remapped to the HTTP status code values, as defined by Table 36 WAP-230-WSP Version 5.

Example

The following command defines a rule expression to analyze WWW user traffic based on reply code of 125 :

www reply code = 125

www state

This command allows you to define rule expressions to match current HTTP/WSP(HTTP) state.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] www state  operator current_state

no

If previously configured, deletes the specified rule expression from the current ruledef.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
= : Equals

`current_state`

Specifies the current state to match.

current_state must be one of the following:

close
response-error
response-ok
waiting-for-response

Usage Guidelines

Use this command to define rule expressions to match current HTTP/WSP state.

Example

The following command defines a rule expression to match user traffic based on the current WWW state close :

www state = close

www transfer-encoding

This command allows you to define rule expressions to match the transfer encoding field present in HTTP/WSP(HTTP) headers.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] www transfer-encoding [ case-sensitive ]  operator transfer_encoding

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
starts-with : Starts with

`transfer_encoding`

Specifies the WWW transfer encoding to match.

transfer_encoding must be an alphanumeric string of 1 through 127 characters and may contain punctuation characters.

Usage Guidelines

Use this command to define rule expressions to match the "transfer encoding" field present in HTTP/WSP(HTTP) headers.

Example

The following command defines a rule expression to match user traffic based on the WWW transfer encoding user1 :

www transfer-encoding = user1

www url

This command allows you to define rule expressions to match URL for any Web protocol analyzer—HTTP, WAP1.X, WAP2.0.

Product

ACS

Privilege

Security Administrator, Administrator

Mode

Exec > ACS Configuration > Ruledef Configuration

active-charging service service_name > ruledef ruledef_name

Entering the above command sequence results in the following prompt:

[local]host_name(config-acs-ruledef)#

Syntax

[ no ] www url [ case-sensitive ]  operator url

no

If previously configured, deletes the specified rule expression from the current ruledef.

case-sensitive

Specifies that the rule expression be case-sensitive. By default, rule expressions are not case-sensitive.

`operator`

Specifies how to match.

operator must be one of the following:

!= : Does not equal
!contains : Does not contain
!ends-with : Does not end with
!starts-with : Does not start with
= : Equals
contains : Contains
ends-with : Ends with
regex : Regular expression
starts-with : Starts with

`url`

Specifies the URL to match.

url must be an alphanumeric string of 1 through 127 characters and may contain punctuation characters.

Usage Guidelines

Use this command to define rule expressions to match the URL for any Web protocol analyzer—HTTP, WAP1.X, WAP2.0.

The following table lists the special characters that you can use in regex rule expressions. For more information on regex support, refer to the Enhanced Charging Service Administration Guide.

Table 8. Special Characters Supported in Regex Rule Expressions

Regex Character

Description

*

Zero or more characters

+

Zero or more repeated instances of the token preceding the +

?

Match zero or one character

Important

The CLI does not support configuring "?" directly, you must instead use "\077".

For example, if you want to match the string "xyz<any one character>pqr", you must configure it as:

http host regex "xyz\077pqr"

In another example, if you want to exactly match the string "url?resource=abc", you must configure it as:

http uri regex "url\\077resource=abc"

Where, the first "\" (backslash) is for the escaping of "?", and then "\077" for specifying "?" to the CLI.

\character

Escaped character

\?

Match the question mark (\<ctrl-v>?) character

\+

Match the plus character

\*

Match the asterisk character

\a

Match the Alert (ASCII 7) character

\b

Match the Backspace (ASCII 8) character

\f

Match the Form-feed (ASCII 12) character

\n

Match the New line (ASCII 10) character

\r

Match the Carriage return (ASCII 13) character

\t

Match the Tab (ASCII 9) character

\v

Match the Vertical tab (ASCII 11) character

\0

Match the Null (ASCII 0) character

\\

Match the backslash character

Bracketed range [0-9]

Match any single character from the range

A leading ^ in a range

Do not match any in the range. All other characters represent themselves.

.\x##

Any ASCII character as specified in two-digit hex notation.

For example, \x5A yields a "Z".

|

Specify OR regular expression operator

Important

When using the regex operator "|" in regex expressions, always wrap the string in double quotes.

For example, if you want to match the string "pqr" OR "xyz", you must configure it as:

http host regex "pqr|xyz" .

Example

The following command defines a rule expression to match user traffic based on WWW URL www.abc.com :

www url = www.abc.com

The following command defines a regex rule expression to match either of the following values in the WWW URL string: http://tp2.site.com/httppvc_clnsssite.com.wap.symphonieserver.musicwaver.com/, http://134.210.11.13/httppvc_clnsssite.com.wap.symphonieserver.musicwaver.com/.

www url regex "http://(tp2.site.com|134.210.11.3)/httppvc_clnsssite.com.wap.symphonieserver.musicwaver.com/"

Command Line Interface Reference, Modes A - B, StarOS Release 21.12

Bias-Free Language

Results

Chapter: ACS Ruledef Configuration Mode Commands

ACS Ruledef Configuration Mode Commands

Mode

bearer 3gpp apn

Product

Privilege

Mode

Syntax

no

case-sensitive

operator

apn_name

Usage Guidelines

Example

bearer 3gpp imsi

Product

Privilege

Mode

Syntax

no

operator

imsi

!range | range

imsi-pool imsi_pool_name

Usage Guidelines

Example

bearer 3gpp rat-type

Product

Privilege

Mode

Syntax

no

operator

rat_type

Usage Guidelines

Example

bearer 3gpp sgsn-address

Product

Privilege

Mode

Syntax

no

operator

ipv4/ipv6_address

Usage Guidelines

Example

bearer 3gpp2 bsid

Product

Privilege

Mode

Syntax

no

case-sensitive

use-group-of-objects

operator

string

Usage Guidelines

Example

bearer 3gpp2 service-option

Product

Privilege

Mode

Syntax

no

operator

service_option_code

Usage Guidelines

Example

bearer apn

Product

Privilege

Mode

Syntax

no

case-sensitive

operator

apn_name

`operator`

`apn_name`

`operator`

`imsi`

imsi-pool `imsi_pool_name`

`operator`

`rat_type`

`operator`

`ipv4/ipv6_address`

`operator`

`string`

`operator`

`service_option_code`

`operator`

`apn_name`

`operator`

`imsi`

imsi-pool `imsi_pool_name`

`operator`

`rat_type`

`operator`

`ipv4/ipv6_address`

`operator`

`group_number`

`operator`

`operator`

`redirect_indicator`