This command configures Overload Protection Policy for accounting requests.

default

Configures the default setting.

Default: no priority assigned

no

Disables the Overload Protection configuration.

prioritize-gtpp

Gives higher priority to GTPP requests among the other outstanding requests. So while purging the lower priority requests will be selected first.

Configure global accounting and authentication default domain for subscriber and context-level administrative user sessions.

no

Removes all or only the specified configured domain.

administrator | subscriber

administrator : Configures the default domain for context-level administrative users.

subscriber : Configures the default domain for subscribers.

domain_name

Sets the default context.

domain_name must be an alphanumeric string of 1 through 79 characters.

This command disables case sensitivity when performing domain matching. When this command is enabled, the system disregard case when matching domains.

default

Configures ignore-case as the domain matching method.

no

Specifies that the system consider case when domain matching.

Enables domain lookup for session based on the International Mobile Subscriber Identity (IMSI) prefix length. Default: Disabled

no

Specifies the system must not consider imsi-prefix domain matching method.

prefix-length

Specifies the IMSI length to be matched with the domain.

prefix_length must be an integer from 1 through 15.

This command enables or disables the system to accept a large number of RADIUS configurations to be defined and stored.

no

Disables AAA large configuration support.

Configure global accounting and authentication last resort domain for subscriber and context-level administrative user sessions.

no

Removes all or only the specified previously configured authentication last resort domain name.

administrator | subscriber

administrator : Configures the last resort domain for context-level administrative.

subscriber : Configures the last resort domain for the subscribers.

context_name

Specifies the context which is to be set as the last resort. context_name must be an alphanumeric string of 1 to 79 characters.

This command allows you to create access-link to the Mobile Node. PPP and GTP.

no

Deletes the configured access-link.

access-link

Configures the access-link to the Mobile Node. PPP and GTP.

fastpath

Enables the fastpath option for apn mtu enforce.

apn-ppp-mtu-enforce

Enforces APN MTU to VPP based fastpath IPv4 data streams.

-noconfirm

Specifies that the command must execute without any additional prompt and confirmation from the user.

Enables or disables system-wide TACACS+ AAA (authentication, authorization and accounting) services for administrative users. This command is valid only if TACACS+ servers and related services have been configured in TACACS Configuration Mode.

no

Disables TACACS+ AAA authentication.

noconsole

Disables TACACS+ authentication on the Console line only. By default this option is disabled; TACACS+ server authentication is performed for login via SSH or telnet (vty line) and a connection to the Console port.

With noconsole enabled, TACACS+ authentication is bypassed; the authentication request goes directly to the local database. Effectively TACACS+ authentication on the Console port is disabled. However, TACACS+ authentication remains enabled via vty lines.

Important

When aaa tacacs+ noconsole is configured, a local user with valid credentials can log into a Console port even if on-authen-fail stop and on-unknown-user stop are enabled via the TACACS+ Configuration mode. If the user is not a TACACS+ user, he/she cannot login on a vty line.

Configure global accounting and authentication user name formats for AAA (authentication, authorization and accounting) functions. Up to six formats may be configured.

no

Removes the specified user name format from the configuration.

domain | username

Default: username @

domain : indicates the left side of the string from the separator character is a domain name and the right side is the user name.

username : indicates the left side of the string from the separator character is a user name and the right side is the domain name.

Important

The user name string is always searched from right to left for the first occurrence of the separator character.

separator

Specifies the character to use to delimit the domain from the user name for global AAA functions.Permitted characters include: @, %, -, \, #, or /. To specify a back slash ('\') as the separator, you must enter a double back slash ('\\') on the command line.

This command allows you to create/configure/delete the access-policy.

no

Deletes the configured access-policy.

access-policy policy_name

Specifies the name of the access-policy.

policy_name must be an alphanumeric string of 1 through 64 characters.

If the named access-policy does not exist, it is created, and the CLI mode changes to the Access Policy Configuration Mode. If the named access-policy already exists, the CLI mode changes to the Access Policy Configuration Mode.

-noconfirm

Specifies that the command must execute without any additional prompt and confirmation from the user.

This command allows you to create/configure/delete the access-profile.

no

Deletes the configured access-profile.

access-profile profile_name

Specifies the name of the access-profile.

profile_name must be an alphanumeric string of 1 through 64 characters.

If the named access-profile does not exist, it is created, and the CLI mode changes to the Access Profile Configuration Mode. If the named access-profile already exists, the CLI mode changes to the Access Profile Configuration Mode.

-noconfirm

Specifies that the command must execute without any additional prompt and confirmation from the user.

This command allows you to create/configure/delete the Active Charging Service (ACS)/Enhanced Charging Service (ECS).

no

Deletes the specified Active Charging Service.

acs_service_name

Specifies name of the Active Charging Service.

acs_service_name must be the name of an Active Charging Service, and must be an alphanumeric string of 1 through 15 characters.

If the named Active Charging Service does not exist, it is created, and the CLI mode changes to the ACS Configuration Mode wherein the service can be configured. If the named Active Charging Service already exists, the CLI mode changes to the ACS Configuration Mode.

-noconfirm

Specifies that the command must execute without any additional prompt and confirmation from the user.

Enables or disables alarming options for the SSC internal alarm and the central-office external alarms. To verify the state of the alarms, refer to the show alarm command.

no

Disables the option specified.

audible

Enables the internal audible alarm on ASR 5500 SSCs.

central-office

Enables the central office (external relay) alarms.

Creates an instance of an Access Point Name (APN) profile.

no

Deletes the APN profile instance from the configuration.

apn_profile_name

Specifies the name of the APN profile. Enter an alphanumeric string of 1 through 64 characters.

Creates an instance of an Access Point Name (APN) remap table.

no

Deletes the APN remap table instance from the configuration.

apn_remap_table_name

Specifies the name of the APN remap table. Enter an alphanumeric string of 1 through 65 characters.

Configures a system-wide time interval for performing Address Resolution Protocol (ARP) refresh.

default

Restores the parameter to its default setting.

time

Default: 30

Specifies the ARP refresh interval (in seconds) as an integer from 30 through 86400.

This command disables or enables confirmation for certain commands. This command affects all future CLI sessions and users.

no

Disables the autoconfirm feature.

This command is obsolete. It is included in the CLI for backward compatibility with older configuration files. When executed, this command issues a warning and performs no function.

Configures the CLI banner which is displayed upon the start of a CLI session.

no

Removes the banner message by setting it to be a string of zero length.

charging-service

Specifies the Active Charging Service banner message. The banner is displayed upon initialization of an SSH CLI session with ACS-admin privileges (whenever anyone with the CLI privilege bit for ACS logs on).

lawful-intercept

Refer to the Lawful Intercept Configuration Guide for a description of this parameter.

motd

Configures the CLI banner message of the day which is displayed upon the initialization of any CLI session.

pre-login

Configures the CLI banner displayed before a CLI user logs in.

Important

This banner is displayed only for serial port and telnet log ins. It is not supported in ssh and, therefore, will not be displayed before ssh log ins.

string

Specifies the banner or message to be displayed at session initialization. string may be an alphanumeric string of 0 through 2048 characters. The string must be enclosed in double quotation marks if the banner or message is to include spaces.

This command creates an instance of a Bearer Control profile, a key element of the MME QoS Profile feature.

no

Including this command prefix causes the MME to delete the named instance of the bearer control profile from the MME's configuration.

bcprofile_name

Enter an alphanumeric string of 1 through 64 characters to identify a specific bearer control profile.

Configures the delay period, in seconds, before attempting to boot the system from a software image file residing on an external network server.

no

Deletes the setting for the boot delay. The boot process executes immediately.

time

Specifies the amount of time (in seconds) to delay prior to requesting the software image from the external network server as an integer from 1 through 300.

Configures Ethernet network interfaces for obtaining a system software image during the system boot process.

no

Removes the boot interface configuration from the boot.sys file. Only files from the local file system can be loaded.

local-eth1 | local-eth2

Specifies the network interface to be configured where local-eth1 is the primary ethernet interface and local-eth2 is the secondary ethernet interface.

For the ASR 5500, the primary interface is port 1 (1000Base-T) on the MIO and the secondary interface is port 2 (1000Base-T) on the MIO.

medium { auto | speed medium_speed duplex medium_duplex }

Default: auto

auto : Configures the interface to auto-negotiate the interface speed. and duplex.

media medium_media

Default: rj45

Optionally sets the physical interface where medium_media must be either rj45 or sfp .

Configures the IP address of the DNS (Domain Name Service) server to use when looking up hostnames in URLs for network booting.

no

Removes the network boot nameserver information from the boot.sys file.

ip_address

IPv4 dotted-decimal address of the DNS server the system uses to lookup hostnames in URLs for a software image from the network during the system boot process.

Configures the networking parameters for the Switch Processor I/O card network interfaces to use when obtaining a software image from an external network server during the system boot process.

no

Removes the network configuration information from the boot.sys file.

dhcp

Indicates that a Dynamic Host Control Protocol (DHCP) server is used for communicating with the external network server.

dhcp-static-fallback | static

dhcp-static-fallback : provides static IP address fallback network option when a DHCP server is unavailable.

static : specifies a fixed network IP address for the external network server that hosts the software image.

spio24 ip_address [ spio25 ip_address ] netmask ip_mask [ gateway gw_address ]

spio24 ip_address [ spio25 ip_address ]: the IP address to use for the SPIO in slot 24 and optionally the SPIO in slot 25 for network booting. ip_address must be specified using IPv4 dotted-decimal notation.

netmask ip_mask : the network mask to use in conjunction with the IP address(es) specified for network booting. ip_mask must be specified using IPv4 dotted-decimal notation.

gateway gw_address : the IP address of a network gateway to use in conjunction with the IP address(es) specified for network booting. gw_address must be entered using IPv4 dotted-decimal notation.

Important

If gw_address is not specified, the network server must be on the same LAN as the system. Since both SPIOs must be in the same network, the netmask and gateway settings are shared.

Specifies the priority of a boot stack entry to use when the system first initializes or restarts. Up to 10 boot system priorities (entries in the boot.sys file located in the /flash device in the SPC, SMC or MIO) can be configured.

no

Remove a boot stack entry at the priority specified from the boot stack when it is no longer used.

priority number

Specifies the priority for the file group (consisting of an image (.bin) and its corresponding configuration (.cfg) file) specified in the boot stack. The value must be in the range from 1 through 100 where a priority of 1 is the highest. Up to 10 boot system priorities (boot stack entries) can be configured.

Important

When performing a software upgrade it is important that the new file group have the highest priority (lowest number) configured.

Important

To ensure that higher priority numbers remain open, use an "N-1" priority numbering methodology, where "N" is the first priority in the current boot stack.

image image_url

Specifies the location of a image file to use for system startup. The URL may refer to a local or a remote file. The URL must be formatted according to the following format:

Important

Use of the SMC hard drive is not supported in this release.

Important

Do not use the following characters when entering a string for the field names below: "/" (forward slash), ":" (colon) or "@" (at sign).

directory is the directory name.

filename is the actual file of interest.

host is the IP address or host name of the server.

port# is the logical port number that the communication protocol is to use.

Important

A file intended for use on an ASR 5000 uses the convention xxxxx.asr5000.bin, where xxxxx is the software build number.

Important

A file intended for use on an ASR 5500 uses the convention xxxxx.asr5500.bin, where xxxxx is the software build number.

Important

When using the TFTP, it is advisable to use a server that supports large blocks, per RFC 2348. This can be implemented by using the "block size option" to ensure that the TFTP service does not restrict the file size of the transfer to 32MB.

config config_path

Specifies the location of a configuration file to use for system startup. This must be formatted according to the following format:

Important

Use of the SMC hard drive is not supported in this release.

Where path is the directory structure to the file of interest, and filename is the name of the configuration file. This file typically has a .cfg extension.

Enables the collection of bulk statistics and/or enters the bulk statistics configuration mode.

no

Disables the collection of bulk statistics.

default

Restores the bulkstats configuration to its default value.

ssd-samples: Disabled

collection

Enables the statistics collection process. Collects a periodic snapshot of activity and performance data as configured via the Bulk Statistics Configuration mode.

config [ schema | supplement ] url

Enables bulkstats configuration replacement with contents of file if present. If no file is present, bulkstats mode configuration will be saved in the file of the given name when issuing a save configuration url command.

schema : This keyword takes a local URL keyword as a parameter. It performs a full bulkstats schema configuration replacement with the contents of the file provided. If the file exists, no schema will be saved when issuing a save configuration url command.

supplemental : This keyword takes a local URL keyword as a parameter. It supplements running bulkstats configuration with the contents of the configuration file provided.

url: Specifices the URL where the [file:]{/flash | /hd-raid | /usb1 | /usb2 | /usb3 | /rmm1 | /cdrom1 | /sftp}[/directory]/filename

The system allows configuration of only 1 of these options. They are mutually exclusive.

Note	The bulkstats config schema url takes precedence over manual configuration. With respect to schema, adding, modifying, or deleting any configurations manually through CLI, the changes will not be applied.

historical collection

Enables the collection of historical bulk statistics.

If enabled, StarOS tracks activities that require the storing of more data, such as "the highest value that's been seen over the last 24 hours".

mode

[<context-name>]host_name(config-bulkstats)# 

ssd-samples { 1 | 2 }

Enables the collection of bulk statistics samples in the SSD archive. In the current release, a maximum of two bulkstats samples can be collected in the SSD archive. Each sample contains all the bulkstats collected during the configured transfer interval.

Also see the show support details command under the Exec Mode Commands for more information on excluding the bulkstats samples from the SSD archive.

name ca_certificate_list_name

Specifies the CA certificate list as an alphanumeric string of 1 through 128 characters.

ca-cert-name ca-cert-name_1 to ca-cert-name_4

Specifies the the CA certificate name as an string of size 1 through 128.

Configuring atleat one ca-cert-name is mandatory.

Configures and selects an X.509 CA certificate to enable a security gateway to perform certificate-based peer (client) authentication. StarOS supports a maximum of 16 certificates and 16 CA (Certificate Authrority) root certificates. A maximum of four CA root certificates can be bound to a crypto or SSL (Secure Sockets Layer) template.

no

Disables ca-certificate.

Note	If the CA-CERT is mandatory for the service to be up and running, then the removal of that CA-CERT is not allowed.

name name

Specifies the name the CA certificate as an alphanumeric string of 1 through 128 characters.

der url

Specifies the use of the Distinguished Encoding Rules (DER) binary format.

url is the Universal Reosurce Locator of the file containing certificate in der format.

pem

Specifies that the Privacy-enhanced Electronic Mail (PEM) format is to be used.

data pemdata

ndicates that the CA certificate data will be in PEM format. pemdata must be an alphanumeric string of 1 through 4095 characters.

cert-enc

Specifiesa certificate encoding type other than default encoding type.

cert-hash-url

Specifies a hash of X.509 Certificate.

url

Specifes the Universal Resource Locator of the file containing the CA certificate.

url_format

When read via a file, note that show configuration will not contain the URL reference, but will instead output the data via data pemdata , such that the configuration file is self-contained.

Configures the name and URL path of a Certificate Authority-Certificate Revocation List (CA-CRL).

no

Removes the named CA-CRL.

name

Provides a name of the CA-CRL. name must be an alphanumeric string of 1 through 128 characters.

der

Specifies that Distinguished Encoding Rules (DER) format is to be used for the source format.

pem

Specifies that Privacy-enhanced Electronic Mail (PEM) format is to be used for the source format.

url url

Creates an instance of a call-control profile.

no

Deletes the Call-Control Profile instance from the configuration.

cc_profile_name

Specifies the name of the call-control profile. Enter an alphanumeric string of 1 through 64 characters.

Enters the Card Configuration mode for the specified card.

slot_number

Specifies the slot number of the card for which the card configuration mode is to be entered. slot_number must be an integer from 1 to 20.

Configures the redundancy priorities for packet processing cards by specifying the slot number search order for a standby card when needed.

slot_num

Specifies the slot of the card for the order of the standby cards. slot_num must be in the range from 1 through 10 excluding slots 5 and 6 (on the ASR 5500).

+

Indicates that you may enter as many slot numbers (separated by a space) as necessary to indicate the complete search order.

This command enables multiple instances of CDRMOD, one per packet processing card.

default

Configures this command with its default setting.

Default: Single-CDRMOD mode

Configures and selects an X.509 Trusted Author certificate.

no

Disables certificate.

name name

Names the certificate. name must be from 1 to 128 alphanumeric characters.

der url

Specifies that the Distinguished Encoding Rules (DER) binary format is to be used.

pem

Specifies that the Privacy-enhanced Electronic Mail (PEM) format is to be used.

data pemdata

Certificate/private key data in PEM format. pemdata must be an alphanumeric string of 1 through 4095 (if private key is not implmented) or 1 through 8191 (if private key is implemented) characters.

cert-enc

Specifies a certificate encoding type other than default encoding type.

cert-hash-url

Specifes a hash and URL of the X.509 Certificate.

url url

Specifies the Universal Resource Locator (URL) of the file containing certificate/private key.

url_format

When read via a file, show configuration will not contain the URL reference, but instead outputs the data via data pemdata , such that the configuration file is self-contained.

private-key pem

Specifies use of private key PEM data.

encrypted

Specifs the use of encrypted private key data.

Configures global Command Line Interface (CLI) parameters.

no

Removes the specified option.

default

Resets the keywords to their default values.

access { monitor-protocol | monitor-subscriber | show-configuration } { operator | administrator }

Sets access privileges on the monitor protocol and monitor subscriber commands:

monitor-protocol : Selects privileges for the monitor protocol command.

monitor-subscriber : Selects privileges for the monitor subscriber command.

show-configuration : Selects privileges for the show-configuration command. However the default access level for this command is the user with operator privileges.

operator : Sets the privileges for the selected command to allow use by users with operator privileges.

administrator : Restricts use of the selected command to administrators only.

configuration-monitor

When this keyword is enabled, the system executes a show configuration checksum command every 15-minutes. The resulting checksum is compared with the previous checksum.

When a configuration change is detected, a log message and SNMP notification are generated. The SNMP notification only indicates that a change has occurred without identifying what change had been made.

The 15-minute interval is fixed and cannot be configured. By default configuration monitoring is disabled.

Note	When enabled, the system's Shared Configuration Task (SCT) process may experience CPU spikes when the underlying show configuration checksum command is executed. This is most noticable with large StarOS configurations.

hidden

Allows a Security Administrator to enable access to hidden cli test-commands command.

The no cli hidden command disables access to the cli test-commands command. This is the default mode. Refer to the description of the test-commands keyword below for additional information.

login-failure-delay number

Specifies the time to wait before a login failure is returned and another login may be attempted. Default is five seconds.

max-sessions number

Sets the number of allowed simultaneous CLI sessions on the system. If this value is set to a number below the current number of open CLI sessions, the open sessions will continue until closed. number must be an integer from 2 through 100.

Caution

Use caution when setting this command. Limiting simultaneous CLI sessions prevents authorized users from accessing the system if the maximum number allowed has been reached. The system already limits CLI sessions based on available resources. Additional limitation could have adverse effects.

operator clear-subscriber-one-only

Restricts Operator to clearing only one subscriber session at a time.

test-commands [encrypted] password password_string

Enables access to the CLI test-commands. The commands and keywords made available under this mode are for internal testing and debugging.

Caution

CLI test-commands are intended for diagnostic use only. Access to these commands is not required during normal system operation. These command are intended for use only by Cisco TAC personnel. Some of these commands can slow system performance, drop subscribers, and/or render the system inoperable

Important

An SNMP trap is generated when a user enables cli test-commands (starTestModeEntered). Refer to the SNMP MIB Reference for additional information.

encrypted : Specifies that the system will save the password in an encrypted format in the configuration file. The system displays the encrypted keyword in the configuration file as a flag indicating that the variable following the password keyword is the encrypted version of the plain text password. Only the encrypted password is saved as part of the configuration file.

password password_string : Prompts for the password required to access CLI test-commands. This password must have been previously configured by a Security Administrator via the tech-suport test-commands password command. The password is an alphanumeric string of 1 through 64 characters (plain text password) or 1 through 524 characters (encrypted password).

If the password keyword is not entered, the user is prompted (no-echo) to enter the password. If tech-support test-commands password has not been enabled, you will be unable to execute cli test-commands .

Once this test mode is entered under Global Configuration mode, CLI test-commands become part of the current configuration. Therefore, any generated configuration file will contain the cli test-commands command as the first configuration command.

Caution

Use of CLI test-commands may cause significant service interruption. Contact Cisco TAC before executing any commands while in this mode.

The no cli test-commands command disables access to the CLI test-commands mode.

trap config-mode

Enables sending an SNMP trap (starCLIConfigMode) when a CLI user enters the configuration mode.

Specifies the type of encryption algorithm to be used for passwords and secrets.

default

Resets the encryption algorithm to "A" (prior to release 21.0) or "B" (release 21.0 and higher).

A

Specifies MD5-based cipher encryption algorithm. This is the default for StarOS releases prior to 21.0. Passwords encrypted with this key will have "+A" prefixes in the configuration file.

B

Specifies the AES-CTR-128 cipher algorithm for encryption and the HMAC-SHA1 cipher algorithm for authentication. Passwords encrypted with this key will have "+B" prefixes in the configuration file. Algorithm B is the default for release 21.0 and higher.

C

Specifies HMAC-SHA512 cipher algorithm for encryption and authentication. Passwords encrypted with this key will have "+C" prefixes in the configuration file.

Enters the SSH Client Configuration mode.

no

Removes the SSH client key pair configuration.

Configures system clock timezone and what local time zone to use.

no

Resets the system timezone to the system default UTC.

tz

local

Indicates the timezone specified by tz is to be considered the local time zone for local time display and conversion.

Use this command to add a fetch configuration for each certificate for which automatic update is required. This is a Certificate Management Protocol v2 command.

no

Removes auto-fetch configuration for a certificate.

current-name cert-name

Specifies a valid security gateway certificate as an alphanumeric string of 1 through 129 characters.

ca-root ca_name

Specifies the filename of the root certificate of the CA server. ca_name is an alphanumeric string of 1 through 129 characters.

time days

Specifies the number of days before the certificate expires as the time when the auto fetch should be triggered. days is specified as an integer from 1 through 256.

Use this command to add a file location on /flash disk where the certificates and private keys will be stored. This is a Certificate Management Protocol v2 command.

no

Removes the certificate storage location configuration.

pathname

Defines when an SNMP MIB certificate expiry trap should be sent as the number of hours before expiration.

no

Removes the certificate expiry MIB trap notification.

time hours

Specifies the number of hours before certificate expiry when a MIB trap should be sent. hours is an integer from 1 through 1024.

Forces mandatory confirmation prompting for the autoconfirm (Exec mode and Global Configuration mode) and configure (Exec mode).

no

Disables commandguard functionality if enabled.

exec-command exec_mode_category

Applies mandatory prompting for specified categories of Exec mode configuration commands, even when autoconfirm is enabled.

You can enter multiple commandguard exec-command exec_mode_category commands.

This command enables and disables the congestion control functionality on the system.

default

Sets the congestion control to its default value.

no

Disables the congestion control functionality. This is the default behavior.

This command enables and disables the policy for disconnecting passive calls (chassis-wide) during an overload situation. It also configures and fine-tunes the overload-disconnect congestion control policy for an entire chassis.

default

When "default" and one of the keywords is added to the command, the policy remains in its current state and the value for the specified keyword is reset to its default value.

When "default" and the command are entered without keywords, the overload-disconnect policy for congestion control is disabled.

no

Disables the overload-disconnect policy for congestion control.

iterations-per-stage integer

Specifies the number of calls to be disconnected during the defined number of seconds. integer is a value from 2 through 8. The default value is 8.

percent percentage_value

Specifies the percentage of calls to be disconnected, in stages, during an overload situation. percentage_value is an integer from 1 through 100. The default value is 5.

threshold

license-utilization: Specifies the license-utilization percentage threshold for overload situations. If candidates are available, passive calls are disconnected when this threshold is exceeded. percentage_value is an integer from 1 through 100. The default value is 80.

max-sessions-per-service-utilization: Specifies a percentage of the maximum sessions per service. If candidates are available, passive calls are disconnected when this threshold is exceeded. percentage_value is an integer from 1 through 100. The default value is 80.

tolerance: Specifies the percentage of calls the system disconnects below the values set for the other two thresholds. In either case, a Clear Traps message is sent after the number of calls goes below the corresponding threshold value. number is an integer from 1 through 25. The default value is 10.

Configures congestion control policies.

default

Specifies the Congestion Control policy action for the selected service to its default value.

asngw-service

Specifies the Congestion Control policy action for the ASN-GW service.

asnpc-service

Specifies the Congestion Control policy action for the ASN PC-LR service.

critical

For MME (starting with Release 14.0), or ePDG (starting with Release 14.1), or for SGSN (starting with Release 17.0), this keyword associates the action-profile to be used for critical congestion thresholds for the MME or SGSN's service.

epdg-service action

Specifies the Congestion Control policy action for the ePDG service.

Supported policy actions are:

For ePDG type of session/calls, redirect action is not supported.

fng-service

Specifies the Congestion Control policy action for the FNG service.

ggsn-service

Specifies the Congestion Control policy action for the GGSN service.

ha-service

Specifies the Congestion Control policy action for the HA service.

hnbgw-service

Important

In Release 20 and later, HNBGW is not supported. This keyword must not be used for HNBGW in Release 20 and later. For more information, contact your Cisco account representative.

Specifies the Congestion Control policy action for the HNB-GW service.

Supported policy actions are:

hsgw-service

Specifies the Congestion Control policy action for the HSGW service.

Supported policy actions are:

ipsg-service

Specifies the Congestion Control Policy action for the IPSG service. The policy specifies how the IPSG service will respond when the system detects that a congestion condition threshold has been crossed.

Supported policy actions are:

Default: none

lma-service

Specifies the Congestion Control policy action for the LMA service

lns-service

Specifies the Congestion Control policy action for the LNS service.

mipv6ha-service

Specifies the Congestion Control policy action for the MIPv6-HA service.

major

For MME (starting with Release 14.0), or ePDG (starting with Release 14.1), or for SGSN (starting with Release 17.0), this keyword associates the action-profile to be used for major congestion thresholds for the MME or SGSN's service.

minor

For MME (starting with Release 14.0), or ePDG (starting with Release 14.1), or for SGSN (starting with Release 17.0), this keyword associates the action-profile to be used for minor congestion thresholds for the MME or SGSN's service.

mme-service

Sets the congestion control policy for action to take when subscriber sessions exceeds the defined threshold limit.

For MME type of session/calls, redirect action is not supported.

Important

The mme-service keyword option is available only in releases prior to 14.0. In 14.0 and higher, you must first select either the critical, major or minor policy level first. Refer to the congestion-action-profile command in the LTE Policy Configuration mode to create action-profiles which in turn define the actions to be taken when thresholds are exceeded in Release 14.0 and higher for MME.

pcc-af-service

Specifies the Congestion Control policy action for the PCC Application Function (AF) service.

pcc-policy-service

Specifies the Congestion Control policy action for the PCC Policy service.

pcc-quota-service

Specifies the Congestion Control policy action for the PCC Quota service.

pdg-service

Specifies the Congestion Control policy action for the PDG service.

pdif-service

Specifies the Congestion Control policy action for the PDIF service.

pdsn-service

Specifies the Congestion Control policy action for the PDSN service.

pdsnclosedrp-service

Specifies the Congestion Control policy action for the PDSN Closed R-P service.

pgw-service

Specifies the Congestion Control policy action for the P-GW service.

Supported policy actions are:

saegw-service

Specifies the Congestion Control policy action for the SAEGW service.

Supported policy actions are:

samog-service

Specifies the Congestion Control policy action for the SaMOG service.

sgsn-service

Specifies the Congestion Control policy - the congestion response actions for the SGSN service.

With Release 17.0 and higher, to define a policy you must first select one of the three congestion levels: critical, major or minor. Next select the service with the sgsn-service keyword and then associate a congestion-action-profile. Refer to the congestion-action-profile command in the SGSN-Global Configuration mode to create the congestion-action-profiles which define the congestion response actions to be taken when thresholds are exceeded for the SGSN.

sgw-service

Specifies the Congestion Control policy action for the S-GW service.

Supported policy actions are:

wsg-service

Specifies the Congestion Control policy action for the WSG service.

Supported policy actions are:

action { drop | none | redirect | reject }

Specifies the policy action:

report-overload { permit-emergency-sessions | reject-new-sessions | reject-non-emergency-sessions } enodeb-percentage percentage

Important

This set of keywords is supported only by the MME.

Enables the MME to report overload conditions to eNodeBs and take additional action to alleviate congestion situations.

permit-emergency-sessions : Specifies that only emergency sessions are allowed to access the MME during the overload period.

reject-new-sessions : Specifies that all new sessions destined for the MME will be rejected during the overload period.

reject-non-emergency-sessions : Specifies that all non-emergency sessions will be rejected during the overload period.

enodeb-percentage percentage : Configures the percentage of known eNodeBs that will receive the overload report. percentage must be an integer from 1 to 100.

Configures the congestion control threshold values that are to be monitored.

default congestion-control threshold keyword

Sets the threshold keyword to its default value.

no congestion-control threshold port-specific { slot/port | all }

This command disables port specific threshold monitoring on the specified port or on all ports.

slot/port : Specifies the port for which port specific threshold monitoring is being configured. The slot and port must refer to an installed card and port.

all : Set port specific threshold monitoring for all ports on all cards.

no congestion-control threshold port-specific-rx-utilization critical

This command disables specific receive port utilization.

no congestion-control threshold port-specific-tx-utilization critical

This command disables specific transmit port utilization.

license-utilization percent

Default: 100

The percent utilization of licensed session capacity as measured in 10 second intervals.

percent can be configured to any integer value from 0 to 100.

max-sessions-per-service-utilization percent

Default: 80

The percent utilization of the maximum sessions allowed per service as measured in real-time. This threshold is based on the maximum number of sessions or PDP contexts configured for the a particular service. (Refer to the bind command for the PDSN, GGSN, SGSN, or HA services.)

percent can be an integer from 0 through 100.

message-queue-utilization percent

Default: 80

The percent utilization of the Demux Manager software task's message queue as measured in 10 second intervals. The queue is capable of storing a maximum of 10000 messages.

percent can be an integer from 0 through 100.

message-queue-wait-time time

Default: 5

The maximum time (in seconds) messages can be held in queue as measured by packet time stamps.

time is measured in seconds and can be an integer from 1 through 30.

Important

In the event that this threshold is crossed, an SNMP trap is not triggered. The service congestion policy invocation resulting from the crossing of this threshold is enforced only for the packet that triggered the action.

[ no ] port-rx-utilization percent

Default: 80

The average percent utilization of port resources for all ports by received data as measured in 5-minute intervals.

percent can be an integer from 0 through 100.

[ no ] port-specific { slot/port | all } [ rx-utilization percent ] [ tx-utilization percent ]

Default: Disabled

Sets port-specific thresholds. If you set port-specific thresholds, when any individual port-specific threshold is reached, congestion control is applied system-wide.

slot/port : Specifies the port for which port-specific threshold monitoring is being configured. The slot and port must refer to an installed card and port.

all : Set port specific threshold monitoring for all ports on all cards.

rx-utilization percent : Default 80%. The average percent utilization of port resources for the specified port by received data as measured in 5-minute intervals. percent must an integer from 0 through 100.

tx-utilization percent : Default 80%. The average percent utilization of port resources for the specified port by transmitted data as measured in 5-minute intervals. percent must be an integer from 0 through 100.

[ no ] port-tx-utilization percent

Default: 80

The average percent utilization of port resources for all ports by transmitted data as measured in 5-minute intervals.

percent can be an integer from 0 through 100.

service-control-cpu-utilization percent

Default: 80

The average percent utilization of CPUs on which a Demux Manager software task instance is running as measured in 10-second intervals.

percent can be an integer from 0 through 100.

system-cpu-utilization percent

Default: 80

The average percent utilization for all PAC/PSC/PSC2 CPUs available to the system as measured in 10-second intervals.

percent can be an integer from 0 through 100.

This threshold setting can be disabled with no congestion-control threshold system-cpu-utilization command. In case later you want to enable the same threshold setting congestion-control threshold system-cpu-utilization command will enable the CPU utilization threshold to preconfigured level.

system-memory-utilization percent

Default: 80

The average percent utilization of all CPU memory available to the system as measured in 10-second intervals.

percent can be an integer from 0 through 100.

tolerance percent

Default: 10

The percentage under a configured threshold that dictates the point at which the condition is cleared.

percent can be an integer from 0 through 100.

Supports congestion based on the total number of utilized connected sessions.

default congestion-control threshold connected-sessions-utilization

Sets all connected-sessions-utilization thresholds to the default values.

critical percent

Default: 80

The critical threshold value of utilized connected sessions.

percent can be configured to any integer value from 0 to 100.

major percent

Default: 0

The major threshold value of utilized connected sessions.

percent can be configured to any integer value from 0 to 100.

minor percent

Default: 0

The minor threshold value of utilized connected sessions.

percent can be configured to any integer value from 0 to 100.

Configures a demux manager facility type to be monitored for an average CPU utilization along with the threshold values.

default congestion-control threshold demuxmgr-cpu-utilization

Sets all demuxmgr-cpu-utilization thresholds to the default values.

facility

Specifies the specific facility.

egtpegmgr

Specifies the EGTP egress demux manager.

egtpinmgr

Specifies the EGTP ingress demux manager.

gtpumgr

Specifies the GTPUMGR demux manager.

critical percent

Default: 0

The critical threshold value for average percent CPU utilization to trigger the congestion control based on the configured congestion control policy.

percent can be configured to any integer value from 0 to 100.

Important

The recommended critical threshold value percent is 80.

major percent

Default: 0

The major threshold value for average percent CPU utilization to trigger the congestion control based on the configured congestion control policy.

percent can be configured to any integer value from 0 to 100.

minor percent

Default: 0

The minor threshold value for average percent CPU utilization to trigger the congestion control based on the configured congestion control policy.

percent can be configured to any integer value from 0 to 100.

Configures the congestion threshold levels for license utilization on the system.

default congestion-control threshold license-utilization

Sets all license-utilization thresholds to the default values.

critical percent

Default: 100

The critical threshold value for percent utilization of licensed session capacity, measured in 10-second intervals.

percent can be configured to any integer value from 0 to 100.

major percent

Default: 0

The major threshold value for percent utilization of licensed session capacity, measured in 10-second intervals.

percent can be configured to any integer value from 0 to 100.

minor percent

Default: 0

The minor threshold value for percent utilization of licensed session capacity, measured in 10-second intervals.

percent can be configured to any integer value from 0 to 100.

Configures the congestion thresholds for the maximum sessions allowed per service.

default congestion-control threshold max-sessions-per-service-utilization

Sets all max-sessions-per-service-utilization thresholds to the default values.

critical percent

Default: 80

The critical threshold value for percent utilization of the maximum sessions allowed per service.

percent can be configured to any integer value from 0 to 100.

major percent

Default: 0

The major threshold value for percent utilization of the maximum sessions allowed per service.

percent can be configured to any integer value from 0 to 100.

minor percent

Default: 0

The minor threshold value for percent utilization of the maximum sessions allowed per service.

percent can be configured to any integer value from 0 to 100.

Configures the congestion thresholds for the percent utilization of the Demux Manager software task's message queue.

default congestion-control threshold message-queue-utilization

Sets all max-sessions-per-service-utilization thresholds to the default values.

critical percent

Default: 80

The critical threshold value for percent utilization of the Demux Manager software task's message queue as measured in 10-second intervals.

percent can be configured to any integer value from 0 to 100.

major percent

Default: 0

The major threshold value for percent utilization of the Demux Manager software task's message queue as measured in 10-second intervals.

percent can be configured to any integer value from 0 to 100.

minor percent

Default: 0

The minor threshold value for percent utilization of the Demux Manager software task's message queue as measured in 10-second intervals.

percent can be configured to any integer value from 0 to 100.

Configures the congestion thresholds for the maximum time (in seconds) messages can be held in queue as measured by packet time stamps.

default congestion-control threshold message-queue-wait-time

Sets all max-queue-wait-time thresholds to the default values.

critical time

Default: 5

The critical threshold value for the maximum time (in seconds) that messages can be held in queue as measured by packet time stamps.

time is measured in seconds and can be an integer from 1 through 30.

major time

Default: 0

The major threshold value for the maximum time (in seconds) that messages can be held in queue as measured by packet time stamps.

time is measured in seconds and can be an integer from 1 through 30.

minor time

Default: 0

The minor threshold value for the maximum time (in seconds) that messages can be held in queue as measured by packet time stamps.

time is measured in seconds and can be an integer from 1 through 30.

Configures MMEMgr-specific thresholds to monitor the MMEMgrs' average CPU utilization.

default

Resets the configured thresholds to the system defaults.

no

Disables the configured thresholds and removes them from the MME's configuration.

critical percent

Default: 80

The critical threshold value for the average percent utilization of all the CPU memory available to the MMEMgr measured in 10-second intervals.

percent can be configured to any integer value from 1 to 100.

major percent

Default: 0

The major threshold value for the average percent utilization of all the CPU memory available to the MMEMgr measured in 10-second intervals.

percent can be configured to any integer value from 0 to 100.

minor percent

Default: 0

The minor threshold value for the average percent utilization of the all the CPU memory available to the MMEMgr measured in 10-second intervals.

percent can be configured to any integer value from 1 to 100.

Configures the congestion thresholds for average percent utilization of port resources for all ports by received data as measured in 5-minute intervals.

default congestion-control threshold port-rx-utilization

Sets all port-rx-utilization thresholds to the default values.

critical percent

Default: 80

The critical threshold value for average percent utilization of port resources for all ports by received data as measured in 5-minute intervals.

percent can be configured to any integer value from 0 to 100.

major percent

Default: 0

The major threshold value for average percent utilization of port resources for all ports by received data as measured in 5-minute intervals.

percent can be configured to any integer value from 0 to 100.

minor percent

Default: 0

The minor threshold value for average percent utilization of port resources for all ports by received data as measured in 5-minute intervals.

percent can be configured to any integer value from 0 to 100.

Configures the congestion thresholds for specific port utilization.

no congestion-control threshold port-specific { slot/port { critical | major | minor } | all { critical | major | minor } }

Sets all port-specific utilization thresholds to the default values.

slot/port

Default: Disabled

Specifies the port for which port specific threshold monitoring is being configured. The slot and port must refer to an installed card and port. If you set port-specific thresholds, when any individual port-specific threshold is reached, congestion control is applied system-wide.

all

Set threshold monitoring for all ports on all cards.

rx-utilization

Set threshold monitoring for received data only.

tx-utilization

Set threshold monitoring for transmitted data only.

critical percent

Default: 80

The critical threshold value for average percent utilization of the specified port resources as measured in 5-minute intervals.

percent can be configured to any integer value from 0 to 100.

major percent

Default: 0

The major threshold value for average percent utilization of the specified port resources as measured in 5-minute intervals.

percent can be configured to any integer value from 0 to 100.

minor percent

Default: 0

The minor threshold value for average percent utilization of the specified port resources as measured in 5-minute intervals.

percent can be configured to any integer value from 0 to 100.

Configures the congestion thresholds for average percent utilization of port resources for all ports by received data as measured in 5-minute intervals.

default congestion-control threshold port-rx-utilization

Sets all port-rx-utilization thresholds to the default values.

critical percent

Default: 80

The critical threshold value for average percent utilization of port resources for all ports by received data as measured in 5-minute intervals.

percent can be configured to any integer value from 0 to 100.

major percent

Default: 0

The major threshold value for average percent utilization of port resources for all ports by received data as measured in 5-minute intervals.

percent can be configured to any integer value from 0 to 100.

minor percent

Default: 0

The minor threshold value for average percent utilization of port resources for all ports by received data as measured in 5-minute intervals.

percent can be configured to any integer value from 0 to 100.

Configures the congestion thresholds for average percent utilization of port resources for all ports by transmitted data as measured in 5-minute intervals.

default congestion-control threshold port-tx-utilization

Sets all port-tx-utilization thresholds to the default values.

critical percent

Default: 80

The critical threshold value for average percent utilization of port resources for all ports by transmitted data as measured in 5-minute intervals.

percent can be configured to any integer value from 0 to 100.

major percent

Default: 0

The major threshold value for average percent utilization of port resources for all ports by transmitted data as measured in 5-minute intervals.

percent can be configured to any integer value from 0 to 100.

minor percent

Default: 0

The minor threshold value for average percent utilization of port resources for all ports by transmitted data as measured in 5-minute intervals.

percent can be configured to any integer value from 0 to 100.

Configures the congestion thresholds for average percent utilization of CPUs on which a Demux Manager software task instance is running as measured in 10-second intervals.

default congestion-control threshold service-control-cpu-utilization

Sets all service-control-cpu-utilization thresholds to the default values.

critical percent

Default: 80

The critical threshold value for average percent utilization of CPUs on which a Demux Manager software task instance is running as measured in 10-second intervals.

percent can be configured to any integer value from 0 to 100.

major percent

Default: 0

The major threshold value for average percent utilization of CPUs on which a Demux Manager software task instance is running as measured in 10-second intervals.

percent can be configured to any integer value from 0 to 100.

minor percent

Default: 0

The minor threshold value for average percent utilization of CPUs on which a Demux Manager software task instance is running as measured in 10-second intervals.

percent can be configured to any integer value from 0 to 100.

Configures the congestion thresholds for average percent CPU utilization of all packet processing cards available to the system as measured in 10-second intervals.

default congestion-control threshold system-cpu-utilization

Sets all system-cpu-utilization thresholds to the default values.

critical percent

Default: 80

The critical threshold value for average percent CPU utilization of all packet processing cards available to the system.

percent can be configured to any integer value from 0 to 100.

major percent

Default: 0

The major threshold value for average percent CPU utilization of all packet processing cards available to the system.

percent can be configured to any integer value from 0 to 100.

minor percent

Default: 0

The minor threshold value for average percent CPU utilization of all packet processing cards available to the system.

percent can be configured to any integer value from 0 to 100.

exclude demux

Configures exclusion from the system CPU utilization calculation.

If exclude demux is not configured, then the demux CPU will be included while calculating the system CPU utilization. It is recommended to use this keyword to ensure accurate values of system CPU utilization.

demux Removes the demux DPC from the system CPU utilization calculation.

Configures the congestion thresholds for the average percent utilization of all CPU memory available to the system as measured in 10-second intervals.

default congestion-control threshold system-memory-utilization

Sets all system-memory-utilization thresholds to the default values.

critical percent

Default: 80

The critical threshold value for the average percent utilization of all CPU memory available to the system as measured in 10-second intervals.

percent can be configured to any integer value from 0 to 100.

major percent

Default: 0

The major threshold value for the average percent utilization of all CPU memory available to the system as measured in 10-second intervals.

percent can be configured to any integer value from 0 to 100.

minor percent

Default: 0

The minor threshold value for the average percent utilization of all CPU memory available to the system as measured in 10-second intervals.

percent can be configured to any integer value from 0 to 100.

exclude demux

Configures exclusion from the system CPU utilization calculation.

If exclude demux is not configured, then the demux CPU will be included while calculating the system CPU utilization. It is recommend to use this keyword to ensure accurate values of system memory utilization.

demux Removes the demux DPC from the system CPU utilization calculation.

Configures the percentage under a configured threshold value that dictates the point at which the condition is cleared.

default congestion-control threshold tolerance

Sets all threshold tolerances to the default values.

critical percent

Default: 10

The tolerance percentage for critical thresholds. When a critical threshold drops below this level, the condition is cleared.

percent can be configured to any integer value from 0 to 100.

major percent

Default: 0

The tolerance percentage for major thresholds. When a major threshold drops below this level, the condition is cleared.

percent can be configured to any integer value from 0 to 100.

minor percent

Default: 0

The tolerance percentage for minor thresholds. When a minor threshold drops below this level, the condition is cleared.

percent can be configured to any integer value from 0 to 100.

Enables the configuration of Connected Apps (CA) client communication with the IOS-XR CA server on an ASR 9000. This command sends you to the Connected Apps Configuration mode.

This command configures the base directory to be used for storing all content-rating databases that are required for Category-based Content Filtering application.

default

Specifies the default base directory and directory path for Category-based Content Filtering application.

directory_path

Default: /pcmcia1/cf

Specifies the base directory and its path to store all of the full or incremental content rating databases for the Category-based Content Filtering application.

directory_path must be an alphanumeric string of 1 through 255 characters.

This command configures the number of full content-rating databases to maintain/archive in the base directory for category-based content filtering application.

default

Sets the default number of full databases for specified directory path/location.

num_archive

Default: 2

Specifies the maximum number of database to be archived or maintained in the specific location.

num_archive must be an integer from 1 through 3.

This command specifies the name of a file to be used by the category-rating database load process for category-based content filtering application.

default

Sets the default content rating database file name; for example, optcmd.bin.

file file_name . extension

Specifies the header of the file in the database directory path location to determine the newest full database.

file_name must be an alphanumeric string of up to 10 characters with an extension of 3 characters after a period (.) as extension .

Creates or specifies an existing StarOS context and enters the Context Configuration mode.

no

Removes the specified context from the configuration.

name

Specifies the name of a context to enter, add, or remove. When creating a new context, the context name must be unique.

Important

When creating a new context, the context_name specified must not conflict with the name of any existing context or domain names.

-noconfirm

Indicates that the command is to execute without any additional prompt and confirmation from the user.

Enables or disables the copying of crash data to a specified location.

no

Disables the specified option.

Important

System crash information is generated and stored in the crash list even when the no keyword is specified. The information maintained in the crash lists is minimal crash information when the no keyword has been specified.

async-core-transfer

Maintains the transfer of the core dump to the management card while asynchronously beginning proclet recovery which can reduce the total outage. This feature is enabled by default.

Important

When a proclet crashes, a minimum 10% of the available total memory must be free in the CPU to start a new or rename the standby proclet.

critical-task-core

Limits core collections from critical task on the active management card. This feature is enabled by default.

encrypted

Indicates that the URL is encrypted for security reasons.

filename-pattern pattern

Specifies an alphanumeric string containing any or all of the following variables:

• %hostname% - The system hostname

• %ip% - A SPIO IP address

• %cpu% - CPU number

• %card% - Card number

• %time% - POSIX timestamp in hexadecimal notation

• %filename% - Alias for crash -%card% -%cpu% -%time -core%

• %% - A single % sign

If no pattern is specified, the result is the same as the pattern filename .

Use '/' characters in the filename pattern part to store crashes in per-system subdirectories.

url crash_url

Specifies the location to store crash files. crash_url may refer to a local or a remote file. crash_url must be entered using the following format:

For the ASR 5500:

• [ file: ]{/flash|/usb1|/hd}[/ directory ]/

• tftp://{ host [: port# ]}[/ directory ]/

• [ ftp:| sftp: ]//[ username [: password ]@] { host }[ :port# ][/ directory ]/

Important

Do not use the following characters when entering a string for the field names below: "/" (forward slash), ":" (colon) or "@" (at sign).

Important

Support for FTP is disabled in release 20 and higher Trusted builds.

directory is the directory name.

filename is the actual file of interest.

username is the user to be authenticated.

password is the password to use for authentication.

host is the IP address or host name of the server.

port# is the logical port number that the communication protocol is to use.

restrict mbyte

Specifies a maximum amount of memory (in megabytes) to use for storing crash files as an integer from 1 to 128.

The restrict keyword is only applicable to local URLs.

Default: 128

rotate num_cores

Specifies the number of core dumps to retain on the local storage. num_cores must be an integer from 1 to 256.

Default: 15

vpp-core-transfer

Specifies to enable or disable mandating VPP core transfer along with non-VPP.

Default: Enabled

Configures a blockedlist(access denied) file to be used by a Wireless Security Gateway (WSG).

no

Removes the blacklist file from the system.

pathname

Enables an SecGW to initiate an IKEv2 session setup request when the peer does not initiate a setup request within a specified time interval. Executing this command moves you to the Peer List Configuration mode. This functionality is only applicable for site-to-site (S2S) based tunnels within a WSG service. For remote access tunnels the peer is always the initiator. (VPC-VSM only)

no

Disables the specified crypto peer list.

peer_list_name

Specifies the name of the peer list as an alphanumeric string of one through 32 characters.

Specifies the remote secret list for storing remote secrets based on the ID type. This command sends you to the Remote Secret List Configuration mode. Only one active remote-secret-list is supported per system.