This command allows you to create/configure/delete Flow Aware Packet Acceleration (FAPA) feature.

no

If previously configured, disables the feature.

accelerate-flow

Enables and configures the FAPA feature.

This command allows you to create/configure/delete access rule definitions (ruledefs).

no

If previously configured, deletes the specified access ruledef.

access_ruledef_name

Specifies the access ruledef to add/configure/delete.

access_ruledef_name must be the name of an access ruledef, and must be an alphanumeric string of 1 through 63 characters, and can contain punctuation characters. Each access ruledef must have a unique name.

If the named access ruledef does not exist, it is created, and the CLI mode changes to the Firewall-and-NAT Access Ruledef Configuration Mode wherein the ruledef can be configured.

If the named access ruledef already exists, the CLI mode changes to the Firewall-and-NAT Access Ruledef Configuration Mode for that access ruledef.

-noconfirm

Specifies that the command must execute without prompting for confirmation.

This command allows you to create/configure/delete bandwidth policies.

no

If previously configured, deletes the specified bandwidth policy from the active charging service.

bandwidth_policy_name

Specifies the bandwidth policy to add/configure/delete.

bandwidth_policy_name must be the name of a bandwidth policy, and must be an alphanumeric string of 1 through 63 characters. Each bandwidth policy must have a unique name.

If the named bandwidth policy does not exist, it is created, and the CLI mode changes to the ACS Bandwidth Policy Configuration Mode wherein the bandwidth policy can be configured.

If the named bandwidth policy already exists, the CLI mode changes to the ACS Bandwidth Policy Configuration Mode for that bandwidth policy.

-noconfirm

Specifies that the command must execute without prompting for confirmation.

This command allows you to configure packet buffering limits.

default

Configure this command with the default setting.

no

Disable the buffering limit configuration.

far-max-packets far_max_packets

Specify the maximum number of packets that can be buffered per FAR.

far_max_packets must be an integer from 1 to 128.

flow-max-packets flow_max_packets

Specify the maximum number of packets that can be buffered per flow.

flow_max_packets must be an integer from 1 to 255.

subscriber-max-packets subscriber_max_packets

Specify the maximum number of packets that can be buffered per subscriber.

subscriber_max_packets must be an integer from 1 to 255.

This command allows you to create/configure/delete ACS charging actions.

no

If previously configured, deletes the specified charging action from the active charging service.

charging_action_name

Specifies the charging action to add/configure/delete.

charging_action_name must be the name of a charging action, and must be an alphanumeric string of 1 through 63 characters and can contain punctuation characters. Each charging action must have a unique name.

If the named charging action does not exist, it is created, and the CLI mode changes to the ACS Charging Action Configuration Mode wherein the charging action can be configured.

If the named charging action already exists, the CLI mode changes to the ACS Charging Action Configuration Mode for that charging action.

-noconfirm

Specifies that the command must execute without prompting for confirmation.

This command configures micro checkpoint syncup timer for ICSR and Session Recovery for Rf-Gy synchronization.

no

If the micro checkpoint syncup timer is already configured, then the no variant will delete the configuration.

sr timer_value

Configures micro check-pointing timer for Session Recovery (SR). By default, the session recovery check-pointing will be done on 8 seconds.

timer_value : Time configured will be in multiples of 2 seconds. Note that the timer value less than 4 seconds and greater than 60 seconds will not be accepted.

icsr timer_value

Configures micro check-pointing timer for ICSR. By default, the ICSR check-pointing will be done on 18 seconds.

timer_value : Time configured will be in multiples of 2 seconds. Note that the timer value less than 4 seconds and greater than 60 seconds will not be accepted.

Content Filtering Range, Trigger Action, Trigger Condition, edns static prefix, edns fields and edns tags under the active changing service. This option is disabled by default.

default

By default, the content-filtering range is 1 to 4294967295. Any value in CF-Policy-ID AVP is considered for CF. It will not be shown by default and will be shown in verbose config. To restore default functionality, use the cli default content-filtering range

content-filtering

content-filtering range : Enter start number and end number for the cf-policy-id. range_values can be integers. For example, 1-4294967295.

If range parameter is set to 1-1000, any subscriber with a content filtering policy ID greater than or equal to 1 and lower than or equal to 1000 should use the standard content filtering functionality. And any subscriber profile with a content filter policy ID outside the range of 1-1000 can trigger the new EDNS0 functionality.

app-proto=dns

Avoids the IP readdressing of the non-DNS traffic. If this CLI is enabled with multiline-or cli, then all DNS traffic will be EDNS encoded.

external-content-filtering

Enables EDNS0 feature.When this flag is true along with the range criteria, EDNS0 feature is enabled. By default, this flag is disabled.

range

Specifies policy-id range for content filtering feature.

range

content-filtering range : Enter start number and end number for the content filtering range_start_number to range_end_number can be integers. For example, 1-4294967295.

no content-filitering range

When chassi comes up, the no content-filitering range CLI is displayed in verbose.

default

Configures the range between 1 to 4294967295. The CF-Policy-ID value that comes up in Gx event is considered for Content Filtering. You can view this range in both verbose and non- verbose mode.

This command allows you to specify the match method to look up URLs in the Category-based Content Filtering database.

default

Configures this command with its default setting.

Default: generic

exact

Specifies the exact-match method, wherein URLs are rated only on exact match with URLs present in the Category-based Content Filtering database.

generic

Specifies the generic match method, wherein normalization, multi-lookups, and rollback algorithms are applied to URLs during look up. URLs are rated on generic match with URLs present in the Category-based Content Filtering database.

This command allows you to create/configure/delete Content Filtering Category Policies for Category-based Content Filtering support.

no

If previously configured, deletes the specified Content Filtering Category Policy from the active charging service.

cf_policy_id

Specifies the Content Filtering Category Policy ID to add/configure/delete.

cf_policy_id must be an integer from 1 through 4294967295.

If the specified policy ID does not exist, it is created and the CLI mode changes to the Content Filtering Policy Configuration Mode, wherein the policy can be configured.

If the specified policy ID already exists, the CLI mode changes to the Content Filtering Policy Configuration Mode for that policy.

description [ description_string ]

Specifies a description for the Content Filtering Category Policy.

description_string must be an alphanumeric string of 1 through 31 characters.

Note that both description and description_string are optional.

"description description_string " saves description_string as the new description.

"description " removes the previously specified description.

This description is displayed in the output of the "show content-filtering category policy-id id id " and "show active-charging service name service_name " commands.

-noconfirm

Specifies that the command must execute without prompting for confirmation.

This command allows you to enable/disable Prepaid Credit Control Configuration Mode.

no

Disables the specified Prepaid Credit Control Application configuration.

group cc_group_name

Important

This option is only available in StarOS 8.1 and later releases.

Specifies the credit control group to add/configure/delete.

cc_group_name must be the name of a credit control group, and must be an alphanumeric string of 1 through 63 characters. Each credit control group must have a unique name.

If the named credit control group does not exist, it is created, and the CLI mode changes to the Credit Control Configuration Mode, wherein the credit control group can be configured.

If the named credit control group already exists, the CLI mode changes to the Credit Control Configuration Mode for that credit control group.

Creating different credit control groups enables applying different credit control configurations (DCCA dictionary, failure-handling, session-failover, Diameter endpoint selection, etc.) to different subscribers on the same system.

Without credit control groups, only one credit control configuration is possible on a system. All the subscribers in the system will have to use the same configuration.

Important

ICSR support for credit-control group is limited to a maximum of three bearers (one default and two dedicated bearers).

This command has been deprecated, and is replaced by the credit-control command.

Important

This is a licensed controlled feature. Contact your Cisco account representative for detailed information on specific licensing requirements.

This command allows you to configure EDNS format and fields. This configuration can be used whenever the DNS traffic needs to be converted to an EDNS request.

no

If previously configured, deletes the specified EDNS mode from the active charging service.

edns

This command allows you to configure EDNS format and fields.

security-profile

Specifies security profile is used to configure the 32 MS bit static value.

cf-policy-id-static-prefix static_prefix_value

Enter the integer value. The 32 bit static ID is used as MSB bytes in 64 bit device ID. If security-profile static prefix does not have any cf-policy-id-prefix defined, then device-id is encoded with only 32 bit cf-policy-id.

tag val cf-policy-id

This is a tag field to insert CF Policy ID in the EDNS0 Resource Record (RR) data.

payload-length ( tcp | udp )

Specifies the RR UDP or TCP Payload-length value. You can enter the value ranging from 512 to 4096.

default tag

Resets the UDP or TCP payload-length field to an unconfigured default value of 1280.

Note	If you enter a default tag number on a tag number that is not configured, the following error message is displayed:

This command allows you to create/configure/delete ACS Event Data Record (EDR) formats.

no

If previously configured, deletes the specified EDR format from the active charging service.

edr_format_name

Specifies the EDR format to add, configure, and delete.

edr_format_name must be an alphanumeric string of 1 through 63 characters. Each EDR format must have a unique name.

If the specific EDR format does not exist, it is created, and the CLI mode changes to the EDR Format Configuration Mode wherein the EDR format can be configured.

If the named EDR format already exists, the CLI mode changes to the EDR Format Configuration Mode for that EDR format.

-noconfirm

Specifies that the command must execute without prompting for confirmation.

attribute attribute_name

Specifies the attribute to configure an EDR.

This command enables IP protocol and server port mapping for Event Data Records (EDR).

default

Configures this command with its default setting.

Default: Disabled

no

If previously enabled, disables the IP protocol and server port mapping for EDR.

This command allows you to enable/disable flow control between Session Managers (SessMgrs) and the CDRMOD process.

no

If previously enabled, disables the flow control configuration.

default

Configures this command with its default setting.

Default: Flow control is enabled; unsent-queue-size : 375

unsent-queue-size unsent_queue_size

Specifies the flow control unsent queue size at Session Manager (SessMgr) level.

unsent_queue_size must be an integer from 1 through 2500.

Exits the current configuration mode and returns to the Exec mode.

Exits the current mode and returns to the parent configuration mode.

This command allows you to configure the deactivate margin for the Fair Usage feature.

default

Configures this command with its default setting.

Default: 5 percent

deactivate_margin

Specifies that Fair Usage monitoring must be disabled when the instance-level credit usage goes deactivate_margin percentage below usage_threshold .

deactivate_margin is a percentage value, and must be an integer from 1 through 100.

This command allows you to configure the maximum number of flows for which TCP Proxy can be used per subscriber, and what portion of ECS memory should be reserved for TCP Proxy flows.

default

Configures this command with its default setting.

max-flows-per-subscriber max_flows_subscriber

Specifies the maximum number of flows for which TCP Proxy can be used per subscriber.

This limit is per Session Manager.

max_flows_subscriber must be an integer from 1 through 1000.

Default: 5

memory-share memory_share

Specifies what portion of ECS memory should be reserved for TCP Proxy flows.

memory_share is a percentage value, and must be an integer from 1 through 100.

Default: 10%

This command allows you to configure the usage threshold to start Fair Usage monitoring.

default

Configures this command with its default setting.

Default: 50 percent

usage_threshold

Specifies the threshold to start Fair Usage monitoring. Until the credit usage hits this threshold, all session resource allocation is allowed. On crossing this threshold, any new resource allocation request is evaluated before being allowed or denied.

usage_threshold is a percentage value, and must be an integer from 1 through 100.

This command is configured to protect servers from mobile subscribers in the uplink direction.

no

Disables Stateful Firewall protection for subscribers against the specified Denial of Service (DoS) attack(s).

default

Disables Stateful Firewall protection for subscribers against all DoS attacks.

flooding { icmp | tcp-syn | udp } protect-servers { all | host-pool hostpool_name

Enables protection against the specified flooding attack:

all : Enables protection for all the servers.

host-pool hostpool_name : Specifies the name of the host pool. hostpool_name must be an alphanumeric string of 1 through 63 characters.

packet limit packet_limit

Specifies the maximum number of packets allowed during a sampling interval.

packet_limit must be an integer from 1 through 4294967295.

Default: 1000 packets per sampling interval for all protocols.

inactivity-timeout inactivity_timeout

Specifies the inactivity timeout period, in seconds. This allows flooding traffic if the destination is inactive for more than the configured period.

inactivity_timeout must be an integer from 1 through 4294967295.

Default: 300 seconds

uplink-sample-interval interval

Specifies the uplink sampling interval, in seconds. The maximum sampling-interval configurable is 60 seconds.

interval must be an integer from 1 through 60.

Default: 1 second

This command is configured to detect Source IP-based flooding attacks in the uplink direction.

default

Disables Stateful Firewall protection for subscribers against all DoS attacks.

no

Disables Stateful Firewall protection for subscribers against the specified Denial of Service (DoS) attack(s).

ip-sweep { icmp | tcp-syn | udp } protect-servers { all | host-pool hostpool_name

Enables protection against the specified flooding attack:

all : Enables protection for all the servers.

host-pool hostpool_name : Specifies the name of the host pool. hostpool_name must be an alphanumeric string of 1 through 63 characters.

packet limit packet_limit

Specifies the maximum number of packets allowed during a sampling interval for uplink and downlink.

packet_limit must be an integer from 1 through 4294967295.

Default: 1000 packets per sampling interval for all protocols.

downlink-server-limit server_limit

Specifies the number of internet hosts that can be blocked in the uplink and downlink direction.

server_limit must be an integer from 2 through 999.

Default: 100

inactivity-timeout inactivity_timeout

Specifies the inactivity timeout period for uplink and downlink, in seconds. This allows flooding traffic if the destination is inactive for more than the configured period.

inactivity_timeout must be an integer from 1 through 4294967295.

Default: 300 seconds

sample-interval interval

Specifies the IP Sweep sample interval, in seconds. The maximum sampling-interval configurable is 60 seconds.

interval must be an integer from 1 through 60.

Default: 1 second

Description In StarOS 8.1 and later releases, for Rulebase-based Stateful Firewall this command is available in the ACS Rulebase Configuration Mode, and for Policy-based Stateful Firewall in the Firewall-and-NAT Policy Configuration Mode. In StarOS 8.3, this command is available in the ACS Rulebase Configuration Mode.

This command allows you to configure the Stateful Firewall's Flow Recovery feature.

default

Configures this command with its default setting.

Default: Downlink and uplink flow recovery enabled, 300 seconds

no

Disables the flow recovery configuration.

downlink | uplink

Specifies the packets:

timeout timeout

Specifies the Stateful Firewall Flow Recovery Timeout setting, in seconds.

timeout must be an integer from 1 through 86400.

Default: 300 seconds

no-flow-creation

Specifies not to create data session/flow-related information for downlink-initiated packets (from the Internet to the subscriber) while the firewall downlink flow-recovery timer is running, but send to subscriber.

Description In StarOS 8.1 and later releases, for Rulebase-based Stateful Firewall this command is available in the ACS Rulebase Configuration Mode, and for Policy-based Stateful Firewall in the Firewall-and-NAT Policy Configuration Mode. In StarOS 8.3, this command is available in the ACS Rulebase Configuration Mode.

This command allows you to configure the license related parameters for Stateful Firewall.

exceed-action { disable-feature | drop-call | ignore }

Configures one of the following parameters when license is exceeded.

Description In StarOS 8.1 and later releases, for Rulebase-based Stateful Firewall this command is available in the ACS Rulebase Configuration Mode, and for Policy-based Stateful Firewall in the Firewall-and-NAT Policy Configuration Mode. In StarOS 8.3, this command is available in the ACS Rulebase Configuration Mode.

Description In StarOS 8.1 and later releases, for Rulebase-based Stateful Firewall this command is available in the ACS Rulebase Configuration Mode, and for Policy-based Stateful Firewall in the Firewall-and-NAT Policy Configuration Mode. In StarOS 8.3, this command is available in the ACS Rulebase Configuration Mode.

This command enables/disables Network Address Translation (NAT) Application Level Gateways (ALGs).

default

Configures this command with the default setting for the specified parameter.

Default:

no

Disables all/ or the specified NAT ALG configuration. When disabled, the ALG(s) will not do any payload translation for NATd calls.

all | ftp | h323 | pptp | rtsp | sip

Specifies the NAT ALG to enable/disable.

ipv4-and-ipv6 | ipv4-only | ipv6-only

Specifies to enable/disable NAT44/NAT64 ALG.

Description In StarOS 8.1 and later releases, this command is available in the ACS Rulebase Configuration Mode.

This command allows you to configure Stateful Firewall's Port Scan Detection algorithm.

default

Configures this command with its default setting.

connection-attempt-success-percentage { non-scanner | scanner } percentage

Specifies the connection attempt success percentage.

inactivity-timeout inactivity_timeout

Specifies the port scan inactivity timeout period, in seconds.

inactivity_timeout must be an integer from 60 through 1800.

Default: 300 seconds

protocol { tcp | udp } response-timeout response_timeout

Specifies transport protocol and response-timeout period.

Default: 3 seconds

scanner-policy { block inactivity-timeout inactivity_timeout | log-only }

Specifies how to treat packets from a source address that has been detected as a scanner.

Default: log-only

This command is configured to protect ISP servers from mobile space devices.

default

Configures this command with its default setting.

no

Disables protection of the servers.

all

Configured to protect all servers from attacking mobile nodes.

host-pool hostpool_name

Specifies the name of the host pool where all servers in that host pool need to protected.

hostpool_name must be an alphanumeric string of 1 through 63 characters.

policy policy_name

Specifies the Firewall-and-NAT policy to be applied to packets that are destined to the IPs mentioned in the host pool.

policy_name must be the name of a Firewall-and-NAT policy, and must be an alphanumeric string of 1 through 63 characters

This command allows you to create/configure/delete Stateful Firewall ruledefs.

no

If previously configured, deletes the specified Stateful Firewall ruledef from the active charging service.

firewall_ruledef_name

Specifies the Stateful Firewall ruledef to add/configure/delete.

firewall_ruledef_name must be the name of a Stateful Firewall ruledef, and must be an alphanumeric string of 1 through 63 characters and can contain punctuation characters. Each ruledef must have a unique name.

If the named ruledef does not exist, it is created, and the CLI mode changes to the Firewall Ruledef Configuration Mode wherein the ruledef can be configured.

If the named Stateful Firewall ruledef already exists, the CLI mode changes to the Firewall Ruledef Configuration Mode for that ruledef.

-noconfirm

Specifies that the command must execute without prompting for confirmation.

Description In StarOS 8.1 and later releases, for Rulebase-based Stateful Firewall this command is available in the ACS Rulebase Configuration Mode, and for Policy-based Stateful Firewall in the Firewall-and-NAT Policy Configuration Mode. In StarOS 8.3, this command is available in the ACS Rulebase Configuration Mode.

This command allows you to configure the maximum number of server IP addresses to be tracked that are involved in any kind of denial-of-service (DoS) attacks.

default

Configures this command with its default setting.

Default: 10 servers

no

Important

This command variant is available only in StarOS 8.3 and later releases.

If previously configured, deletes the configuration from the active charging service.

attacking-servers no_of_servers

Specifies the maximum number of servers to track.

no_of_servers must be an integer from 1 through 100.

This command allows you to create/configure/delete Firewall-and-NAT actions.

no

If previously configured, deletes the specified Firewall-and-NAT action from the active charging service.

action_name

Specifies the Firewall-and-NAT action to add/configure/delete.

action_name must be the name of a Firewall-and-NAT action, and must be an alphanumeric string of 1 through 63 characters. Each Firewall-and-NAT action must have a unique name.

-noconfirm

Specifies that the command must execute without prompting for confirmation.

This command allows you to create/configure/delete Firewall-and-NAT policies.

no

If previously configured, deletes the specified Firewall-and-NAT policy from the active charging service.

Important

When a Firewall-and-NAT policy is deleted, for all subscribers using the policy, Stateful Firewall and NAT processing is disabled, also ACS sessions for the subscribers are dropped. In case of session recovery, the calls are recovered but with Stateful Firewall and NAT disabled.

fw_nat_policy_name

Specifies the Firewall-and-NAT policy to add/configure/delete.

fw_nat_policy_name must be the name of a Firewall-and-NAT policy, and must be an alphanumeric string of 1 through 63 characters. Each Firewall-and-NAT policy must have a unique name.

-noconfirm

Specifies that the command must execute without prompting for confirmation.

This command allows you to create/configure/delete an ACS group-of-objects.

no

If previously configured, deletes the specified group-of-objects from the active charging service.

objects_group_name

Specifies the group-of-objects to add/configure/delete.

objects_group_name must be the name of a group-of-objects, and must be an alphanumeric string of 1 through 63 characters. Each group-of-objects must have a unique name.

If the named group-of-objects does not exist, it is created, and the CLI mode changes to the ACS Group-of-Objects Configuration Mode wherein the group can be configured.

If the named group-of-objects already exists, the CLI mode changes to the ACS Group-of-Objects Configuration Mode for that group.

type

Specifies the data type for the group-of-objects.

Important

"string" is the only data type supported in this release.

string

Specifies the data type as string.

When creating a group, specifying the data type is mandatory.

When modifying an existing group, specifying the data type is optional.

-noconfirm

Specifies that the command must execute without prompting for confirmation.

This command allows you to create/configure/delete an ACS group-of-prefixed-URLs.

no

If previously configured, deletes the specified group-of-prefixed-urls from the active charging service.

prefixed_urls_group_name

Specifies the group-of-prefixed-urls to add/configure/delete.

prefixed_urls_group_name must be the name of a group-of-prefixed-urls, and must be an alphanumeric string of 1 through 63 characters. Each group-of-prefixed-urls must have a unique name.

If the named group-of-prefixed-urls does not exist, it is created, and the CLI mode changes to the ACS Group-of-Prefixed-URLs Configuration Mode wherein the group can be configured.

If the named group-of-prefixed-urls already exists, the CLI mode changes to the ACS Group-of-Prefixed-URLs Configuration Mode for that group.

-noconfirm

Specifies that the command must execute without prompting for confirmation.

This command allows you to create/configure/delete an ACS group-of-ruledefs.

no

If previously configured, deletes the specified group-of-ruledefs from the active charging service.

ruledefs_group_name

Specifies the group-of-ruledefs to add/configure/delete.

ruledefs_group_name must be unique within the active charging service, and must be an alphanumeric string of 1 through 63 characters. Each group-of-ruledefs must have a unique name.

If the named group-of-ruledefs does not exist, it is created, and the CLI mode changes to the ACS Group-of-Ruledefs Configuration Mode wherein the group can be configured.

If the named group-of-ruledefs already exists, the CLI mode changes to the ACS Group-of-Ruledefs Configuration Mode for that group.

-noconfirm

Specifies that the command must execute without prompting for confirmation.

This command allows you to configure the time period for which an endpoint's registration to an H.323 gatekeeper is valid.

default

Configures this command with its default setting.

Default: 3600 seconds

timeout

Specifies the timeout setting, in seconds.

timeout must be an integer from 1 through 2147483647.

This command allows you to configure the timeout intervals for various H.323 requests.

default

Configures this command with the default setting for the specified parameters.

admission admission_timeout

Configures the timeout value for the admission request sent to the gatekeeper.

admission_timeout must be an integer from 1 through 20.

Default: 10 seconds

discovery discovery_timeout

Configures the timeout value for the gatekeeper request message sent to the Gatekeeper.

discovery_timeout must be an integer from 1 through 20.

Default: 10 seconds

location location_timeout

Configures the timeout value for the location request message sent to the Gatekeeper.

location_timeout must be an integer from 1 through 20.

Default: 10 seconds

registration registration_timeout

Configures the timeout value for the registration request message sent to the Gatekeeper.

registration_timeout must be an integer from 1 through 20.

Default: 6 seconds

unregistration unregistration_timeout

Configures the timeout value for the unregistration request message sent to the Gatekeeper.

unregistration_timeout must be an integer from 1 through 20.

Default: 3 seconds

This command allows you to configure the maximum size of Transport Protocol Data Unit Packets (TPKT) that the H.323 Application Layer Gateway (ALG) can handle.

default

Configures this command with its default setting.

Default: 2048 bytes

max_tpkt_size

Specifies the maximum TPKT size, in bytes.

max_tpkt_size must be an integer from 4 through 4096.

This command allows you to configure the H.323 version number supported by an H.323 Application Layer Gateway (ALG).

default

Configures this command with its default setting.

Default: 5

h323_version_number

Specifies the H.323 version number.

h323_version_number must be an integer from 1 through 7.

This command allows you to create/configure/delete host pools.

no

If previously configured, deletes the specified host pool from the active charging service.

host_pool_name

Specifies the host pool to add/configure/delete.

host_pool_name must be the name of a host pool, and must be an alphanumeric string of 1 through 63 characters and can contain punctuation characters. Each host pool must have a unique name.

If the named host pool does not exist, it is created, and the CLI mode changes to the ACS Host Pool Configuration Mode wherein the host pool can be configured.

If the named host pool already exists, the CLI mode changes to the ACS Host Pool Configuration Mode for that host pool.

-noconfirm

Specifies that the command must execute without prompting for confirmation.

extend_host_pool_limit

Increases the number of host pools from 512 to 1024 and IP related configuration lines per host pool from 20 to 32.

no

Unconfigures or disables the feature. If the configured hostpools are more than 512 or configured entries in hostpool are more than 20 then error is displayed.

Note	Remove the hostpools manually and then try to disable the feature.

This command allows you to configure the maximum duration a flow can remain idle for, after which the system automatically terminates the flow.

default

Configures this command with the default setting for the specified parameter.

Default:

no

Disables the idle-timeout configuration for the specified flow.

alg-media

Configures the ALG media for the specified flow.

flow-mapping { tcp | udp }

The Flow Mapping timer is an extension to the existing flow idle-timeout in ACS. This flow mapping timeout applies only for NAT enabled calls and is supported only for TCP and UDP flows. The purpose of this timer is to hold the resources (NAT IP, NAT port, Private IP NPU flow) associated with a 5-tuple flow until Mapping timeout expiry.

If the Flow Mapping timer is disabled, then the Mapping timeout will not get triggered for UDP/TCP idle timed out flows. The resources such as NAT mapping will be released along with the 5-tuple flow.

icmp

Configures the ICMP protocol for the specified flow.

tcp [ half-open ]

Configures the TCP protocol for the specified flow.

Use the half-open keyword to configure timeout interval for half-open TCP flows.

udp

Configures the UDP protocol for the specified flow.

idle_timeout

Specifies the timeout duration, in seconds, and must be an integer from 0 through 86400.

For alg-media specifies the media inactivity timeout. The idle_timeout value gets applied on RTP and RTCP media flows that are created for SIP/H.323 calls. The timeout is applied only on those flows that actually match the RTP and RTCP media pinholes that are created by the SIP/H.323 ALG.

A value of 0 disables the idle-timeout setting.

This command allows you to create/configure/delete International Mobile Subscriber Identity (IMSI) pools.

no

If previously configured, deletes the specified IMSI pool from the active charging service.

imsi_pool_name

Specifies the IMSI pool to add/configure/delete.

imsi_pool_name must be the name of an IMSI pool, and must be an alphanumeric string of 1 through 63 characters, and can contain punctuation characters. Each IMSI pool must have a unique name.

If the named IMSI pool does not exist, it is created, and the CLI mode changes to the ACS IMSI Pool Configuration Mode wherein the IMSI pool can be configured.

If the named IMSI pool already exists, the CLI mode changes to the ACS IMSI Pool Configuration Mode for that IMSI pool.

-noconfirm

Specifies that the command must execute without prompting for confirmation.

This command allows you to configure how long to keep the snooped IPv4 addresses that were extracted from DNS responses.

default

Configures this command with the default DNS-learnt-entries timeout setting.

Default: 300 seconds

no

Specifies to always use the TTL value in the DNS response, and not the timeout configured with this command.

timeout_period

Specifies the DNS-learnt-entries timeout period, in seconds.

timeout_period must be an integer from 1 through 2147483647.

This command allows you to limit the maximum number of IPv4/IPv6 fragments per fragment chain.

default

Configures this command with its default setting.

Default: 45

max_fragments

Specifies the maximum number of IPv4/IPv6 fragments per fragment chain.

max_fragments must be an integer from 1 through 300.

This command allows you to specify a label (text string) to associate with a content ID for UDRs/EDRs/eG-CDRs.

no

If previously configured, deletes the specified label.

content-id content_id

Specifies the content ID to associate with the label.

content_id must be an integer from 1 through 65535.

text label_text

Specifies the label to associate with the specified content ID.

label_text must be an alphanumeric string of 1 through 64 characters.

This command allows you to load specified databases.

no

If configured, removes the database.

uidh

Configures the UIDH database.

wl-url-host-db

Loads URL Host database.

This command allows you to configure the action to take when NAT IP/Port allocation fails.

default

Configures this command with its default setting.

Default: Packets are dropped silently

no

If previously enabled, disables the NAT Allocation Failure configuration. Packets are dropped silently.

nat allocation-failure send-icmp-dest-unreachable

Specifies to send ICMP Destination Unreachable message when NAT IP/Port allocation fails.

This command allows you to configure the action to take on packets when NAT IP/NPU allocation is in progress.

default

Configures this command with its default setting.

Default: buffer

buffer | drop

Specifies the action to take on packets when NAT IP/NPU allocation is in progress:

This command configures the downlink IP reassembly timer.

default

Configures this command with its default setting.

Default: 2000 milliseconds

timeout

The maximum duration for which IP packet fragments can be retained, in milliseconds.

timeout must be an integer from 1 through 30000.

This command allows you to configure the TCP 2MSL (Maximum Segment Lifetime) timeout value for NAT.

default

Configures this command with its default setting.

Default: 60 seconds

timeout

Specifies the TCP 2MSL timeout period, in seconds.

timeout must be an integer from 30 through 240.

This command allows you to configure unsolicited packets.

default

Configures this command with its default setting.

Default: Disabled

no

Configures this command with its default setting.

icmp-host-unreachable max-rate packets_max

Configures the maximum number of allowed ICMP response packets, in seconds.

packets_max must be an integer from 1 through 100.

server-list max-limit servers_num

Configures the maximum number of servers to be stored per Session Manager instance.

servers_num must be an integer from 2 through 50.

This command configures the P2P Advertisement server and associated protocols/applications.

no

If previously configured, disables the configured correlation group.

ads_group_name

Specifies the name of the P2P Advertisement correlation group. ads_group_name must be an alphanumeric string of 1 through 63 characters.

[ -noconfirm ]

Specifies that the command must execute without prompting for confirmation.

This command enables or disables the detection of SSL renegotiation flows.

no

If previously enabled, disables detection of SSL renegotiation flows.

attribute_list

List of configurable P2P detection attributes populated from the currently loaded P2P plugin.

Supported attribute: ssl-renegotiation

sub_attribute_name

List of configurable P2P detection sub-attributes related to the attribute selected from the attribute list. This list is populated from the currently loaded P2P plugin.

Supported sub-attributes if selected attribute is ssl-renegotiation :

sub_attribute_value

Value of the selected sub-attribute. If sub-attribute is not specified, the default value set in the P2P plugin will be used.

The value for max-entry-per-sessmgr must be an integer from 1 through 65535. Default: 20000

Possible values for id-reduce-factor are 1,2,4. Default: 4

This command enables or disables behavioral detection for unidentified traffic.

no

If previously configured, disables the behavioral configuration.

behavioral_list

Specifies the behavior to match. The behavioral list is the list of supported behavioral detection logic populated from the currently loaded ADC plugin.

behavioral_list must be one of the following:

This command enables or disables ECS analysis for analyzers — FTP, HTPP, HTTPS, RTSP and SIP.

no

If previously enabled, disables the configured analyzers.

all

ECS analysis for all analyzers — FTP, HTPP, RTSP and SIP.

ftp

ECS analysis for FTP analyzer.

http

ECS analysis for HTTP analyzer.

https

ECS analysis for HTTPS analyzer.

rtsp

ECS analysis for RTSP analyzer.

sip

ECS analysis for SIP analyzer.

This command enables/disables the detection of all or specified peer-to-peer (P2P) protocols.

no

If previously enabled, disables the detection of the specific peer-to-peer protocol.

all

Specifies to detect all supported P2P protocols.

In 12.2 and earlier releases: Specifying all is the same as configuring each of the following protocols individually.

In 14.0 and later releases: Specifying all means all of the protocols supported by the currently loaded plugin.

120Sports

Specifies to detect 120Sports protocol.

8tracks

Specifies to detect 8tracks protocol.

abcnetworks

Specifies to detect Abcnetworks protocol.

abscbn

Specifies to detect ABSCBN protocol.

accuradio

Specifies to detect Accuradio protocol.

actionvoip

Specifies to detect ActionVoip protocol.

actsync

Specifies to detect ActiveSync protocol.

adobeconnect

Specifies to detect Adobe Connect protocol.

aenetworks

Specifies to detect AENetworks protocol.

aimini

Specifies to detect Aimini protocol.

amazoncloud

Specifies to detect AmazonCloud protocol.

amazonmusic

Specifies to detect Amazon Music protocol.

amazonvideo

Specifies to detect Amazon Video protocol.

android_messages

Specifies to detect Android Messages for Web P2P protocol.

antsp2p

Specifies to detect ANts P2P protocol.

anyconnect

Specifies to detect AnyConnect protocol.

apple-push

Specifies to detect Apple Push Notification protocol.

apple-store

Specifies to detect iPhone Appstore protocol.

applejuice

Specifies to detect Applejuice protocol.

applemaps

Specifies to detect Apple Maps protocol.

ares

Specifies to detect Ares Galaxy protocol.

armagettron

Specifies to detect Armagetron protocol.

avi

Specifies to detect AVI protocol.

badoo

Specifies to detect Badoo protocol.

baeblemusic

Specifies to detect Baeble Music protocol.

baidumovie

Specifies to detect Baidumovie protocol.

battlefld

Specifies to detect Battlefield protocol.

bbm

Specifies to detect BBM protocol.

beatport

Specifies to detect Beatport protocol.

betternet

Specifies to detect Betternet protocol.

bitcasa

Specifies to detect Bitcasa protocol.

bittorrent

Specifies to detect BitTorrent protocol.

bittorrent-sync

Specifies to detect BitTorrent Sync protocol.

blackberry-store

Specifies to detect Blackberry World protocol.

blackberry

Specifies to detect BlackBerry protocol.

blackdialer

Specifies to detect Blackdialer protocol.

blackplanet-radio

Specifies to detect BlackPlanet Radio protocol.

box

Specifies to detect BOX protocol.

btn

Specifies to detect BTN protocol.

callofduty

Specifies to detect Call of Duty protocol.

cbssports

Specifies to detect Cbs Sports protocol.

chikka

Specifies to detect Chikka protocol.

cisco-jabber

Specifies to detect Cisco Jabber protocol.

citrix

Specifies to detect Citrix Independent Computing Architecture (ICA) protocol.

clubbox

Specifies to detect Clubbox protocol.

clubpenguin

Specifies to detect Club Penguin protocol.

comodounite

Specifies to detect Comodo EasyVPN protocol.

cyberghost

Specifies to detect CyberGhost VPN protocol.

crackle

Specifies to detect Crackle protocol.

crossfire

Specifies to detect Crossfire protocol.

crunchyroll

Specifies to detect Crunchyroll protocol.

curiosity-stream

Specifies to detect CuriosityStream protocol.

dashradio

Specifies to detect Dashradio protocol.

danzwave

Specifies to detect Danzwave protocol.

ddlink

Specifies to detect DDLink protocol.

deezer

Specifies to detect Deezer protocol.

didi

Specifies to detect DiDi protocol.

directconnect

Specifies to detect Direct Connect protocol.

directv

Specifies to detect DirecTV protocol.

discord

Specifies to detect Discord protocol.

disneymovies

Specifies to detect Disney Movies protocol.

dish-anywhere

Specifies to detect Dish Anywhere protocol.

dns-tunneling

Specifies to detect DNS Tunneling protocol.

dofus

Specifies to detect DOFUS protocol.

dramafever

Specifies to detect DramaFever protocol.

dropbox

Specifies to detect Dropbox protocol.

ebuddy

Specifies to detect eBuddy protocol.

edonkey

Specifies to detect eDonkey protocol.

epix

Specifies to detect Epix protocol.

eros

Specifies to detect Eros Now protocol.

espn

Specifies to detect ESPN protocol.

expressvpn

Specifies to detect ExpressVPN protocol.

facebook

Specifies to detect Facebook protocol.

facetime

Specifies to detect FaceTime protocol.

fandor

Specifies to detect Fandor protocol.

fasttrack

Specifies to detect FastTrack protocol.

feidian

Specifies to detect Feidian protocol.

ficall

Specifies to detect Ficall protocol.

fiesta

Specifies to detect FIESTA protocol.

filetopia

Specifies to detect Filetopia protocol.

filmontv

Specifies to detect FilmOn TV protocol.

fitradio

Specifies to detect Fit Radio protocol.

flash

Specifies to detect Flash protocol.

flickr

Specifies to detect Flickr protocol.

flixea

Specifies to detect Flixea protocol.

florensia

Specifies to detect Florensia protocol.

foursquare

Specifies to detect Foursquare protocol.

fox-business

Specifies to detect Fox Business protocol.

fox-news

Specifies to detect Fox News protocol.

fox-now

Specifies to detect FoxNow protocol.

fox-sports

Specifies to detect Fox Sports protocol.

foxsportsgo

Specifies to detect Fox Sports Go protocol.

freenet

Specifies to detect Freenet protocol.

friendster

Specifies to detect Friendster protocol.

fring

Specifies to detect Fring SIP protocol.

fubotv

Specifies to detect fuboTV protocol.

funshion

Specifies to detect Funshion protocol.

fxnow

Specifies to detect FxNow protocol.

gaana

Specifies to detect Gaana protocol.

gadugadu

Specifies to detect Gadu-Gadu protocol.

gamekit

Specifies to detect GameKit protocol.

gmail

Specifies to detect Gmail protocol.

gnutella

Specifies to detect Gnutella protocol.

go90

Specifies to detect Go90 protocol.

goober

Specifies to detect Goober protocol.

googlemaps

Specifies to detect Google Maps protocol.

google-music

Specifies to detect Google Music protocol.

google-push

Specifies to detect Google Push Notification protocol.

google

Specifies to detect Google protocol.

googleplay

Specifies to detect GooglePlay protocol.

googleplus

Specifies to detect GooglePlus protocol.

gotomeeting

Specifies to detect Gotomeeting protocol.

gtalk

Specifies to detect Google Talk protocol.

guildwars

Specifies to detect GuildWars protocol.

halflife2

Specifies to detect Half-Life 2 protocol.

hamachivpn

Specifies to detect Hamachi VPN protocol.

hayu

Specifies to detect HAYU protocol.

hbogo

Specifies to detect HBO Go protocol.

hbonow

Specifies to detect HBO NOW protocol.

hbonordic

Specifies to detect HBO Nordic protocol.

heytell

Specifies to detect HeyTell protocol.

hgtv

Specifies to detect HGTV protocol.

hike-messenger

Specifies to detect Hike Messenger protocol.

hls

Specifies to detect HLS protocol.

hotspotvpn

Specifies to detect HotSpot VPN protocol.

http

Specifies to detect HTTP protocol.

hulu

Specifies to detect Hulu protocol.

hyves

Specifies to detect Hyves protocol.

iax

Specifies to detect Inter-Asterisk eXchange protocol.

icall

Specifies to detect iCall protocol.

icecast

Specifies to detect Icecast protocol.

icloud

Specifies to detect iCloud protocol.

idrive

Specifies to detect iDrive protocol.

igo

Specifies to detect IGO protocol.

iheartradio

Specifies to detect iHeartRadio protocol.

imesh

Specifies to detect iMesh protocol.

imessage

Specifies to detect iMessage protocol.

imgur

Specifies to detect Imgur protocol.

imo

Specifies to detect Imo.im instant messenger protocol.

implus

Specifies to detect IM+ protocol.

instagram

Specifies to detect Instagram protocol.

iplayer

Specifies to detect BBC iPlayer protocol.

iptv

Specifies to detect IPTV protocol.

irc

Specifies to detect Internet Relay Chat protocol.

isakmp

Specifies to detect Internet Security Association and Key Management Protocol.

iskoot

Specifies to detect iSkoot VoIP protocol.

itunes

Specifies to detect iTunes protocol.

jabber

Specifies to detect Jabber XMPP protocol.

jumblo

Specifies to detect Jumblo protocol.

jap

Specifies to detect Jap protocol.

kakaotalk

Specifies to detect Kakao Talk protocol.

kidoodle

Specifies to detect Kidoodle protocol.

kik-messenger

Specifies to detect Kik Messenger protocol.

kiswe

Specifies to detect Kiswe protocol.

klowdtv

Specifies to detect KlowdTV protocol.

kontiki

Specifies to detect Kontiki delivery protocol.

kugoo

Specifies to detect Kugoo protocol.

kuro

Specifies to detect Kuro protocol.

linkedin

Specifies to detect Linkedin protocol.

livestream

Specifies to detect Livestream protocol.

lync

Specifies to detect Microsoft Lync protocol.

magicjack

Specifies to detect MagicJack protocol.

manolito

Specifies to detect MANOLITO protocol.

mapfactor

Specifies to detect Mapfactor GPS Navigation protocol (Navigator Free, GPS Navigation).

mapi

Specifies to detect MAPI protocol.

maplestory

Specifies to detect MapleStory protocol.

meebo

Specifies to detect Meebo protocol.

meetic

Specifies to detect MEETIC protocol.

mega

Specifies to detect MEGA protocol.

mgcp

Specifies to detect Media Gateway Control Protocol.

mig33

Specifies to detect Mig33 protocol.

mlb

Specifies to detect MLB protocol.

mojo

Specifies to detect Mojo protocol.

monkey3

Specifies to detect Monkey3 protocol.

mozy

Specifies to detect Mozy protocol.

msn

Specifies to detect MSN Messenger protocol.

msrp

Specifies to detect MSRP protocol.

mute

Specifies to detect MUTE protocol.

mxtp

Specifies to detect My Mixtapez protocol.

mypeople

Specifies to detect My People protocol.

myspace

Specifies to detect MySpace protocol.

nateontalk

Specifies to detect NateOn Talk protocol.

natgeotv

Specifies to detect NatGeoTV protocol.

naverline

Specifies to detect Naver Line protocol.

navigon

Specifies to detect Navigon protocol.

nbc-sports

Specifies to detect NBC Sports protocol.

nbc-tv

Specifies to detect NBC TV protocol.

netflix

Specifies to detect Netflix protocol.

netmotion

Specifies to detect NetMotion Internet Mobility Protocol.

newsy

Specifies to detect Newsy protocol.

nick

Specifies to detect Nick and Noggin protocol.

nimbuzz

Specifies to detect Nimbuzz protocol.

nokia-store

Specifies to detect Nokia Ovi Store protocol.

nrktv

Specifies to detect NRK TV Store protocol.

odkmedia

Specifies to detect ODK Media protocol.

odnoklassniki

Specifies to detect Odnoklassniki protocol.

octoshape

Specifies to detect Octoshape protocol.

off

Specifies to detect Off-The-Record protocol.

ogg

Specifies to detect Ogg multimedia streaming protocol.

ohiofm

Specifies to detect Ohio FM streaming protocol.

oist

Specifies to detect Oist protocol.

oovoo

Specifies to detect ooVoo protocol.

opendrive

Specifies to detect Opendrive protocol.

openft

Specifies to detect OpenFT protocol.

openvpn

Specifies to detect OpenVPN protocol.

operamini

Specifies to detect Operamini protocol.

orb

Specifies to detect Internet Inter-ORB Protocol.

oscar

Specifies to detect Open System for CommunicAtion in Realtime protocol.

outlook

Specifies to detect Outlook protocol.

paltalk

Specifies to detect Paltalk protocol.

pando

Specifies to detect Pando protocol.

pandora

Specifies to detect Pandora protocol.

path

Specifies to detect Path protocol.

pbs

Specifies to detect PBS protocol.

pcanywhere

Specifies to detect PCAnywhere protocol.

periscope

Specifies to detect Periscope protocol.

pinterest

Specifies to detect Pinterest protocol.

playstation

Specifies to detect Playstation protocol.

plingm

Specifies to detect Plingm protocol.

poco

Specifies to detect Poco protocol.

pokemon-go

Specifies to detect Pokemon GO protocol.

popo

Specifies to detect Popo protocol.

pplive

Specifies to detect PPlive protocol.

ppstream

Specifies to detect PPstream protocol.

ps3

Specifies to detect PS3 protocol.

qello_concerts

Specifies to detect Qello Concerts instant messaging protocol.

qq

Specifies to detect Tencent QQ instant messaging protocol.

qqgame

Specifies to detect QQgame protocol.

qqlive

Specifies to detect QQlive protocol.

quake

Specifies to detect Quake network protocol.

quic

Specifies to detect QUIC protocol.

quicktime

Specifies to detect QuickTime protocol.

radiocom

Specifies to detect Radio.com protocol.

radio-paradise

Specifies to detect Radio Paradise protocol.

rdp

Specifies to detect Remote Desktop protocol.

rdt

Specifies to detect Real Data Transport (RDT) protocol.

redbulltv

Specifies to detect Red Bull TV protocol.

regram

Specifies to detect Regram protocol.

rfactor

Specifies to detect rFactor protocol.

rhapsody

Specifies to detect Rhapsody protocol.

rmstream

Specifies to detect RealMedia streaming protocol.

rodi

Specifies to detect Rodi protocol.

reddit

Specifies to detect Reddit protocol.

rynga

Specifies to detect Rynga protocol.

samsung-store

Specifies to detect Samsung App Store protocol.

scydo

Specifies to detect Scydo VoIP protocol.

secondlife

Specifies to detect Second Life protocol.

shalomworld

Specifies to detect Shalom World protocol.

shoutcast

Specifies to detect SHOUTcast protocol.

showtime

Specifies to detect Showtime protocol.

silverlight

Specifies to detect Silverlight protocol.

siri

Specifies to detect Apple Siri protocol.

skinny

Specifies to detect Skinny Call Control Protocol (SCCP).

skydrive

Specifies to detect Skydrive protocol.

skype

Specifies to detect Skype protocol.

slacker-radio

Specifies to detect Slacker Radio protocol.

slingbox

Specifies to detect Slingbox protocol.

slingtv

Specifies to detect Slingtv protocol.

smartvoip

Specifies to detect SmartVoip protocol.

smule

Specifies to detect Smule protocol.

snapchat

Specifies to detect SnapChat protocol.

softether

Specifies to detect Softether protocol.

somafm

Specifies to detect Soma FM protocol.

sopcast

Specifies to detect Sopcast streaming protocol.

soribada

Specifies to detect Soribada protocol.

soulseek

Specifies to detect Soulseek chat and file transfer protocol.

spark

Specifies to detect Spark protocol.

spdy

Specifies to detect SPDY protocol.

spike

Specifies to detect Spike protocol.

speedtest

Specifies to detect Speedtest protocol.

splashfighter

Specifies to detect SplashFighter protocol.

spotify

Specifies to detect Spotify music streaming protocol.

ssdp

Specifies to detect Simple Service Discovery Protocol.

ssl

Specifies to detect SSL Protocol.

starz

Specifies to detect Starz Play protocol.

stealthnet

Specifies to detect StealthNet RShare network protocol.

steam

Specifies to detect Steam file transfer protocol.

stun

Specifies to detect Session Traversal Utilities for NAT protocol.

subsplash

Specifies to detect Ligonier Ministries protocol.

sudaphone

Specifies to detect Sudaphone protocol.

svtplay

Specifies to detect SVTPlay protocol.

tagged

Specifies to detect Tagged protocol.

talkatone

Specifies to detect Talkatone protocol.

taxify

Specifies to detect Taxify protocol.

tango

Specifies to detect TAco Next Generation Objects hardware control system protocol.

teamspeak

Specifies to detect TeamSpeak VoIP gaming client protocol.

teamviewer

Specifies to detect TeamViewer remote control protocol.

telegram

Specifies to detect Telegram protocol.

thunder

Specifies to detect Thunder (Xunlei) download manager protocol.

tidal

Specifies to detect TIDAL protocol.

tinder

Specifies to detect Tinder protocol.

tmo-tv

Specifies to detect TMO TV protocol.

tor

Specifies to detect Tor hidden service (anonymizer) protocol.

truecaller

Specifies to detect Truecaller protocol.

truphone

Specifies to detect Truphone WiFi VoIP protocol.

tumblr

Specifies to detect Tumblr protocol.

tunein-radio

Specifies to detect TuneIn Radio protocol.

tunnelvoice

Specifies to detect Tunnel VoIP protocol.

turbovpn

Specifies to detect TurboVPN protocol.

tvants

Specifies to detect TVAnts protocol.

tvland

Specifies to detect TV Land protocol.

tvuplayer

Specifies to detect TVUPlayer protocol.

tv2sumo

Specifies to detect Tv2Sumo protocol.

twitch

Specifies to detect Twitch protocol.

twitter

Specifies to detect Twitter protocol.

ufc

Specifies to detect UFC and UFC Fight Pass protocols.

ultrabac

Specifies to detect UltraBac protocol.

ultrasurf

Specifies to detect UltraSurf protocol.

univision

Specifies to detect Univision Deportes protocol.

upc-phone

Specifies to detect UPC Phone protocol.

usenet

Specifies to detect Usenet Network News Transfer Protocol (NNTP) protocol.

ustream

Specifies to detect Ustream protocol.

uusee

Specifies to detect UUSee on-demand streaming protocol.

vchat

Specifies to detect VChat protocol.

veohtv

Specifies to detect VeohTV television via Internet protocol.

vessel

Specifies to detect Vessel protocol.

vevo

Specifies to detect Vevo protocol.

viber

Specifies to detect Viber VoIP protocol.

viki

Specifies to detect Viki protocol.

vimeo

Specifies to detect Vimeo protocol.

vine

Specifies to detect Vine protocol.

voipdiscount

Specifies to detect VoipDiscount protocol.

vopium

Specifies to detect Vopium protocol.

voxer

Specifies to detect Voxer Walkie Talkie protocol.

vpnmaster

Specifies to detect VPN Master protocol.

vpnx

Specifies to detect VPN-X cross-platform protocol.

vtok

Specifies to detect Vtok protocol.

vtun

Specifies to detect VTun (Virtual Tunnel) protocol.

vudu

Specifies to detect Vudu protocol.

warcft3

Specifies to detect Warcraft 3 game protocol.

waze

Specifies to detect Waze protocol.

webex

Specifies to detect Webex protocol.

wechat

Specifies to detect Wechat protocol.

weibo

Specifies to detect Weibo protocol.

whatsapp

Specifies to detect WhatsApp messaging protocol.

wii

Specifies to detect Wii Remote Bluetooth protocol.

windows-azure

Specifies to detect Windows Azure Cloud Services protocol.

windows-store

Specifies to detect Windows Phone App Store protocol.

winmx

Specifies to detect WinMX Peer Network Protocol (WPNP).

winny

Specifies to detect Winny anonymizing protocol.

wmstream

Specifies to detect Windows Media HTTP Streaming Protocol.

wofkungfu

Specifies to detect wofkungfu protocol.

wofwarcraft

Specifies to detect World of Warcraft gaming protocol.

wuala

Specifies to detect Wuala protocol.

wwe

Specifies to detect WWE protocol.

xbox

Specifies to detect Xbox protocol.

xdcc

Specifies to detect eXtended Direct Client-to-Client protocol.

xing

Specifies to detect Xing protocol.

xfinity

Specifies to detect Xfinity TV protocol.

yahoo

Specifies to detect Yahoo! Messenger protocol.

yahoomail

Specifies to detect Yahoo Mail protocol.

yiptv

Specifies to detect YipTV protocol.

yogafree

Specifies to detect Yogafree protocol.

youku

Specifies to detect Youku protocol.

yourfreetunnel

Specifies to detect your free Tunnel chat protocol.

youtube

Specifies to detect Youtube protocol.

zattoo

Specifies to detect Zattoo IPTV protocol.

zello

Specifies to detect Zello protocol.

+

More than one of the above keywords can be entered within a single command.

This command enables/disables the detection of all or specified peer-to-peer (P2P) debug parameters.

Syntax

p2p-detection protocol debug-param protocol-param p2p_force_bailout_value value   snapchat_story_spotlight value  

p2p_force_bailout_value

Specifies that based on the number of packets configured, p2p analysis will be forced to bailout. p2p uses maxmium packets per flow for analysis.The values are:

• Default value is 300

• Minimum value allowed is 2

• Maximum value allowed is 300

Note	It is recommended to use 300 as the maximum value. Lower values will have an impact on detection.

fb_insta_video_detection value

Enables or disables subtype (unknown,streaming-video) detection for TLS flows in Facebook and IInstagram, with multiplex multiple media types in a single TCP 5-tuple.

• If value is set to 1, enables video detection for Facebook and Instagram. The flows with certain SNI for Instagram/ and Facebook will permanently remain in slow path to detect the media types exchanged in the flow.

• If value is set to 0, disables video detection for Facebook and Instagram.The flow is marked based on the first subtype exchanged in the flow and offloaded.

The values are:

• Default value is 0, which indicates disabled.

• Allowed values 0 (disable) or 1 (enable)

voip_subtype_detection value

Enable this keyword to differentiate audio and video flows in a VOIP call from Facebook and Viber application.

• If the voip_subtype_detection configuration iis disabled, both audio and video is detected as audio.

• To retain the voip_subtype_detection keyword across reloads, enter the configuration in the boot configuration file.

Values: Disabled by default. The allowed range value is 0 or 1, where 0 indicates disabled.

snapchat_story_spotlight value

The P2P parameter snapchat_story_spotlight value is added with the existing snapchat protocool to classify snapchat stories and spotlight to streaming-video. value indicates that the snapchat stories are classified based on the following specified values:

• 0: The snapchat streaming video is disabled. By default, the snapchat_story_spotlight value is 0 and it is disabled.

  1: The snapchat streaming video is enabled with minimum number of p2p packet analysis. This is the recommended value.

  2: The snapchat streaming video is enabled with more number of p2p packets.

This command allows you to create/configure/delete ACS packet filters.

no

If previously configured, deletes the specified packet filter from the active charging service.

packet_filter_name

Specifies the packet filter to add/configure/delete.

packet_filter_name must be the name of a packet filter, and must be an alphanumeric string of 1 through 63 characters. Each packet filter must have a unique name.

If the named packet filter does not exist, it is created, and the CLI mode changes to the ACS Packet Filter Configuration Mode wherein the packet filter can be configured.

If the named packet filter already exists, the CLI mode changes to the ACS Packet Filter Configuration Mode for that packet filter.

-noconfirm

Specifies that the command must execute without prompting for confirmation.

This command allows you to configure the Active Charging Service to operate in passive mode, wherein ACS passively monitors copies of packets.

no

If previously enabled, disables the passive mode configuration.

default

Configures this command with its default setting.

Default: Disabled

Creates or deletes a Port Control Protocol (PCP) service.

no

If previously configured, deletes the specified PCP service.

pcp_service_name

Specifies the name of a PCP service.

pcp_service_name must be the name of a PCP service, and must be an alphanumeric string of 1 through 63 characters. A maximum of 5 PCP services can be configured in the active charging service.

If the named PCP service does not exist, it is created, and the CLI mode changes to the PCP Configuration Mode wherein the service can be configured. If the named PCP service already exists, the CLI mode changes to the PCP Configuration Mode.

-noconfirm

Specifies that the command must execute without any additional prompt and confirmation from the user.

This command allows you to enable/disable per-bearer MBR policing—bandwidth limiting.

default

Configures this command with its default setting.

Default: Enable; by default, per-bearer MBR policing is enabled.

no

Disables per-bearer MBR policing.

For PCEF Bearer Binding in 3G and when BCM mode is UE only, this command allows you to enable/disable binding rules having QoS of default bearer to the default bearer and to not ignore/ignore other rules.

default

Configures this command with its default setting.

Default: Disables only binding those rules having QoS of default bearer to the default bearer and specifies to not ignore other rules. Rules having respective QoS will get attached to the relevant bearers. Also TFT updates towards the UE (access side) will not be suppressed.

no

The no keyword functionality is same as the default setting.

This command allows you to configure the burst size for bandwidth limiting per dynamic-rule or per bearer.

default | no

Configures this command with its default setting.

Default: 65535 bytes

duration duration

Configures the burst size equal to <seconds> of traffic.

duration must be an integer from 1 through 20.

Default: In 12.1 and earlier releases, 10 seconds. In 12.2 and later releases, 5 seconds.

bytes bytes

Specifies the burst size, in bytes.

bytes must be an integer from 1 through 4000000000.

This command has been removed from the ACS Configuration Mode, and replaced by the charging-action-override command in the ACS Rulebase Configuration Mode.

This command allows you to configure how the Charging-Rule-Base-Name AVP from PCRF is interpreted, either as ACS rulebase or ACS group-of-ruledefs.

default

Configures this command with its default setting(s).

Default:

no

If multiple Charging-Rule-Base-Name are received from the PCRF, specifies to select the last rulebase. This is the default behavior.

active-charging-group-of-ruledefs

Specifies interpreting Charging-Rule-Base-Name as ACS group-of-ruledefs.

active-charging-rulebase [ ignore-when-removed ] [ use-first ]

Specifies interpreting Charging-Rule-Base-Name as ACS rulebase.

When Charging-Rule-Base-Name AVP is interpreted as ACS rulebase, if PCRF requests the removal of a Charging-Rule-Base-Name, which is the same as the rulebase used for that PDP context, the PDP context is terminated. This is because after removal of the rulebase, the PDP context will have no rulebase. This is the default behavior.

ignore-when-removed : Specifies to ignore PCRF request for removal of Charging-Rule-Base-Name, and take no action. If this keyword is not configured, the PDP context from which the rulebase is removed gets terminated.

use-first : If multiple Charging-Rule-Base-Name are received from the PCRF, since a call can only have one ACS rulebase applied, specifies to select the first rulebase. If previously enabled, to disable this configuration, use the no policy-control charging-rule-base-name active-charging-rulebase use-first command. If this keyword is not configured, by default, the last rulebase is selected.

For each call, this interpretation is decided at call setup, and will not be changed during the life of that call. Change will only apply to new calls coming up after the change.

This command allows you to increase the buffer that is used for storing PCRF messages when the Default-Bearer-QoS change is in pending state.

no

Configures this command with its default setting.

Default: 2

def-bearer-qos-change

Sets the Default-Bearer-QoS change parameters.

pending-buffer-size buffer_size

Specifies the buffer size for storing the PCRF messages when Default-Bearer-QoS change is pending. The buffer_size is an integer ranging from 2 through 4.

This command allows you to enable/disable per-dynamic-rule MBR policing—bandwidth limiting.

default

Configures this command with its default setting.

Default: Enable; by default, per-dynamic-rule MBR policing is enabled.

no

Disables per-dynamic-rule MBR policing.

This command allows you to enable/disable the L7 capabilities through Charging-Rule-Definition AVP received over Gx interface.

default

Configures this command with its default setting.

Default: Disabled i.e. activation of L7 dynamic rules through Charging-Rule-Definition AVP will be disabled.

no

Disables the activation of L7 dynamic rules through Charging-Rule-Definition AVP if already activated.

This command enables or disables the feature which prevents the rule failure loop between PCRF and PCEF.

default

Configures this command with its default setting.

Default: Disabled.

no

The no keyword functionality is same as the default setting.

This command allows you to enable/disable charging of retransmitted packets when they hit a dynamic rule.

default | no

Disables charging of retransmitted packets when they hit a dynamic rule.

Default: Disabled; no retransmissions counted.