Sets the attributes that the system uses in AAA messages.

3gpp-negotiated-qos-profile string

Specifies the 3GPP negotiated QoS profile to use in AAA messages during IMS emergency call handling as an alphanumeric string of 1 through 31 characters.

no aaa attribute

Removes a previously configured AAA attribute.

Identifies the SGTP service to be associated with the PDG service to enable TTG functionality on the PDG/TTG. TTG functionality supports GTP-C (GTP control plane) messaging and GTP-U (GTP user data plane) messaging between the TTG and the GGSN over the Gn' interface.

no

Removes the service association definition from the configuration.

sgtp-service sgtp_service_name

Specifies which SGTP service configuration, by naming the SGTP service instance, to associate with this PDG service.

sgtp_service_name is an alphanumeric string of 1 through 63 characters with no spaces.

context sgpt_context_name

Defines the context in which the SGTP service was created. If no context is specified, the current context is used.

sgtp_context_name is an alphanumeric string of 1 through 63 characters with no spaces.

Configures the PDG/TTG to select the trusted certificate (and the private key for calculating the AUTH payload) to be included in the first IKE_AUTH message from the PDG/TTG based on the APN (Access Point Name). The selected certificate is associated with the APN included in the IDr payload of the first IKE_AUTH message from the UE.

certificate-selection apn-based

Selects a trusted certificate for the first IKE-AUTH message based on the APN.

no certificate-selection

Disables APN-based certificate selection and resumes sending a certificate bound to a crypto template.

default certificate-selection

Sets the default certificate selection method to a certificate bound to a crypto template.

Binds the PDG service IP address to a crypto template and specifies the maximum number of sessions the PDG service supports.

no

Removes a previously configured binding.

bind address ipv4_address

Specifies the IPv4 address of the PDG service with which the UE attempts to establish an IKEv2/IPSec tunnel. This address must be a valid IP address within the context.

This is a mandatory parameter.

crypto-template string

Specifies the name of the crypto template to be bound to the PDG service. This is the name of the IPSec policy to be used as a template for PDG/TTG subscriber session IPSec policies. The crypto template includes most of the IPSec and IKEv2 parameters for keepalive, lifetime, NAT-T, and cryptographic and authentication algorithms. There must be one crypto template per PDG service.

This is a mandatory parameter.

string is an alphanumeric string of 0 through 127 characters.

mode { ttg | pdg }

Default: There is no default value.

This is a mandatory parameter.

Important

PDG mode is not supported in this software release.

Dependencies:

When you configure the PDG service to be in TTG mode, you must also configure the SGTP service using the associate sgtp-service command, as the TTG needs to connect with the GGSN to complete the PDG functionality.

Note that starting or stopping the PDG service has no impact on the SGTP service.

max-sessions number

Specifies the maximum number of sessions to be supported by the PDG service as an integer from 0 through 1000000. Default: 1000000

If the max-sessions value is changed on an existing system, the new value takes effect immediately if it is higher than the current value. If the new value is lower than the current value, existing sessions remain established, but no new sessions are permitted until usage falls below the newly-configured value.

Configures the quality of service (QoS) differentiated service code point (DSCP) used when sending data packets over the Gn' interface in the uplink direction.

no

Disables the overriding of the ToS (Type of Service) field and enables the pass-through option.

background dscp

Specifies the DSCP marking to be used for packets of sessions subscribed to the 3GPP background class, in which the data transfer is not time-critical (for example, in e-mail exchanges). This traffic class is the lowest QoS.

dscp : Sets the DSCP for the specified traffic class. See the dscp section below.

conversational dscp

Specifies the DSCP marking to be used for packets of sessions subscribed to the 3GPP conversational class, in which there is a constant flow of traffic in both the uplink and downlink direction. This traffic class is the highest QoS.

dscp : Sets the DSCP for the specified traffic pattern. See the dscp section below.

interactive [ traffic-handling-priority traffic_priority ]

Specifies the DSCP marking to be used for packets of sessions subscribed to three possible traffic priorities in the 3GPP interactive class, in which there is an intermittent flow of packets in the uplink and downlink direction. This traffic class has a higher QoS than the background class, but not as high as the streaming class.

traffic_priority is the 3GPP traffic handling priority and can be the integers 1, 2 or 3.

allocation-retention-priority allocation_retention_priority

Specifies the DSCP for the interactive class if the allocation priority is present in the QoS profile.

allocation-retention-priority can be the integers 1, 2, or 3.

DSCP uses the values in the following table based on the traffic handling priority and allocation/retention priority if the allocation priority is present in the QOS profile.

Important

If you only configure DCSP marking for interactive traffic classes without specifying ARP, it may not properly take effect. The CLI allows this scenario for backward compatibility however, it is recommended that you configure all three values.

streaming dscp

Specifies the DSCP marking to be used for packets of sessions subscribed to the 3GPP streaming class, in which there is a constant flow of data in either in the uplink or downlink direction. This traffic class has a higher QoS than the interactive class, but not as high as the conversational class.

dscp: Set the DSCP for the specified traffic pattern. See the dscp section below.

dscp

Specifies the DSCP for the specified traffic pattern. dscp can be configured to any one of the following:

+

More than one of the above keywords can be entered within a single command.

Configures the quality of service (QoS) differentiated service code point (DSCP) used when sending data packets over the Wu interface in the downlink direction.

allocation-retention-priority

Specifies the DSCP for interactive class if the allocation priority is present in the QOS profile.

allocation-retention-priority can be the integers 1, 2, or 3.

DSCP values use the following matrix to map based on traffic handling priority and Alloc/Retention priority if the allocation priority is present in the QOS profile.

The following table shows the DSCP value matrix for allocation-retention-priority .

qci

Configures the QCI attribute of QoS. Here the qci_val is the QCI for which the negotiate limit is being set, it ranges from 1 to 9.

dscp

Specifies the DSCP for the specified traffic pattern. dscp can be configured to any one of the following:

+

More than one of the above keywords can be entered within a single command.

Sets the parameters for IP source validation. Source validation is useful if packet spoofing is suspected, or for verifying packet routing and labeling within the network.

clear-on-valid-packet

Configures the service to reset the drop-limit counters upon receipt of a properly addressed packet. Default: disabled

drop-limit num

Sets the maximum number of allowed IP source violations within the detection period before dropping a call. If num is not specified, the value is set to the default value.

num is an integer from 1 to 1000000. Default: 10

period secs

Sets the detection period (in seconds) for IP source violations as an integer from 1 through 1000000. If secs is not specified, the value is set to the default value. Default: 120

default ip source-violation { drop-limit num period secs }

no ip source-violation clear-on-valid-packet

The drop-limit counters are not reset upon receipt of a properly addressed packet.

Specifies the maximum number of IKEv2/IPSec tunnels allowed per UE by the PDG/TTG. This maximum number is specified per PDG service.

integer

Specifies the maximum number of IKEv2/IPSec tunnels allowed per UE as an integer from 1 to 11. Default: 11

default max-tunnels-per-ue

Sets the maximum number of IKEv2/IPSec tunnels allowed per UE to its default value, which is 11.

Configures location specific mobile network identifiers used to help translate local emergency and service-related numbers. Default is disabled.

mcc mnc_number

Specifies the mobile country code (MCC) portion of the PLMN identifier as an integer from 200 through 999.

mnc mnc_number

Specifies the mobile network code (MNC) portion of the PLMN identifier as a 2- or 2-digit integer from 00 through 999.

no plmn id mcc mcc_number mnc mnc_number

Removes a previously configured PLMN identifier for the PDG service.

Specifies the maximum time allowed to set up a session.

setup-timeout integer

Sets the session setup timeout value (in seconds) as an integer from 2 through 300. Default: 60

default setup-timeout

Sets or restores the default session setup timer value to 60 seconds.