Reject Sessions from Blocked APGROUPNAME

Feature Summary and Revision History

Summary Data

Applicable Product(s) or Functional Area

SaMOG

Applicable Platform(s)

  • ASR 5500

  • VPC-DI

Feature Default

Enabled - Always-on

Related Changes in This Release

Not Applicable

Related Documentation

  • SaMOG Administration Guide

  • Command Line Interface Reference

  • Statistics and Counters Reference - Bulkstatistic Descriptions

  • Statistics and Counters Reference

Revision History

Revision Details

Release

First Introduced.

  • 21.28.mx

  • 21.28.m1

Feature Description

The SaMOG supports the configuration of a list of APGROUPNAME for which session authentication is to be blocked, and the rejection of incoming sessions (For example, AP group name) belongs to the configured APGROUPNAME block list.

The rejection of incoming sessions is applicable only for the combination of RADIUS Access-Request-based triggers, EoGRE user-plane, Diameter-based authentication with AAA on an STa interface, and GTPv2-based S2A interface.

Configuring APGROUPNAME List

Use the following commands to configure apgroupname-list under the samog context with blocked apgroupnames. 

configure 
   context context_name 
     apgroupname-list aplistname1 
        apgrp apgrpname1 
   end

NOTES:

  • apgroupname-list : Configures the APGROUPNAME list.

    Only 25 AP group names are allowed to be configured in the list. You can create a maximum of 10 AP group name lists per context.

    If the apgroupname-list is dis-associated for any specific samog-service, then AP group names under the list are considered as allowed for the session continuation.

  • apgrp : Configures blocked apgroup names within the list.

Associate APGROUPNAME-list to SaMOG Service

Use the following configuration to associate the configured apgroupname-list with samog-service.

configure 
   context context_name 
   samog-service samog1 
   associate apgroupname-list aplistname1 reject-call 
   end
NOTES:

  • associate apgroupname-list : Associates the configured apgroupname-list with samog-service.

Remove the APGROUPNAME List Configuration

Use the following configuration to remove the configured apgroupname-list with samog-service and allows the AP group names to establish session. 

configure 
   context context_name 
     [ no ] apgroupname-listaplistname1 
    end
NOTES:

  • no : Removes the blocked APGROUPNAME list from SaMOG.

Remove the APGROUPNAME from APGROUPNAME-list

Use the following configuration to remove the APGROUPName from APGROUPNAME-list.

configure 
   context context_name 
     apgroupname-list  aplistname1 
      [ no ] apgrp apgrpname1   
    end
NOTES:

  • no : Removes APGROUPNAME entry from APGROUPNAME list.

Dis-associate APGROUPNAME List to SaMOG Service

Use the following configuration to dis-associate the configured apgroupname-list from samog-service.

configure 
   context context_name 
   samog-service samog1 
   [ no ] associate apgroupname-list reject-call  
    end
NOTES:

  • no associate apgroupname-list reject-call : Dis-associates APGROUPNAME list from the SaMOG and all the AP group names present in the list are allowed to establish session.

Monitoring and Troubleshooting

This section provides information on how to monitor and troubleshoot using show commands to support this feature.

Show Commands and Outputs

This section provides information regarding show commands and their outputs for this feature.

show samog-service name

Use the following command to verify the association of apgroupname-list.

Table 1. show samog-service name Command Output Description

Field

Description

Service Name :

Associated APGROUPNAME List

Displays the associated APGROUP name list.

show apgroupname-list summary

You can verify the apgroupname-list configuration. The output of this command is enhanced to display the following field.

Table 2. show appgroupname-list summary Command Output Description

Field

Description

Context

Displays the context within which the apgroupname list is created.

Apgroupname-List

Displays the list name configured.

show apgroupname-list name

You can verify the apgroupname-list configuration. The output of this command is enhanced to display the following field.

Table 3. show appgroupname-list name aplistname Command Output Description

Field

Description

List name

Displays the list name.

Associated with SAMOGService

Displays the SAMOG service that the blocked APgroupname-list is associated with.

Service context

Displays the context within which blocked APgroupname-list is created.

Number of APGROUPNAMEs in list

Displays number of apgroupnames configured within the list.

List of APGROUPNAMEs in list

Displays a space separated list of names.

show config

Using the show config commnad you can view the associate apgroup-name list and apgroup-name lists.

Sample output:

[samog]asr5500# show config
config
  cli hidden
  tech-support test-commands encrypted password ***
  cli test-commands encrypted password ***
		:
samog-service samog1
  associate mrme-service mrme1
  associate cgw-service cgw1
  associate dhcp-service dhcp1 level system
  associate subscriber-map smap4g
  associate apgroupname-list aplistname1 reject-call
  timeout setup 120
  timeout absolute 600
  plmn id mcc 777 mnc 109 
#exit
 
apgroupname-list aplistname1
  apgrp myapg1
  apgrp myapg2
  apgrp myapg3
  apgrp myapg4
  apgrp myapg5
  apgrp myapg6
#exit

show samog-service statistics name

Use the show samog-service statistics name command to verify the counter for blocked apgroupname. In the sample output, when samog-service performs UE initiated attach with Radius session triggered over EoGRE access type with Diameter-based authentication, and EPC connectivity over GTPv2 to P-GW from blocked apgroupname, the session gets rejected and the blocked counter value is incremented. 

[samog]qvpc-di# show samog-service statistics name samog1
SaMOG statistics for Service: samog1
MRME Service Stats:
Session Stats:
  Total Attempted:                                         0
  Total Setup:                                             0
  Total Current:                                           0
  Total Released:                                          0
    Total Aborted:                                           0
    Total Disconnected:                                      0
      Disconnected locally:                                  0
      Disconnected by UE:                                    0
      Disconnected by NAS:                                   0
      Disconnected by CGW:                                   0
      Disconnected by AAA:                                   0
Radius Message Stats:
  Total Start Req rcvd:                                    0
  Total Start Req (Retransmitted) rcvd:                    0
  Total Start Rsp sent:                                    0
  Total Interim Updt rcvd:                                 0
  Total Interim Updt (Retransmitted) rcvd:                 0
  Total Interim Updt Rsp sent:                             0
  Total Stop Req rcvd:                                     0
  Total Stop Req (Retransmitted) rcvd:                      0
  Total Stop Rsp sent:                                     0
  Total Accounting On rcvd:                                0
  Total Accounting Off rcvd:                               0
  Total Access Req rcvd:                                   0
  Total Access Req (Retransmitted) rcvd:                   0
  Total Access Challenge sent:                             0
  Total Access Accept sent:                                0
  Total Access Reject sent:                                0
     Congestion control policy applied:                    0
     No Policy Match:                                      0
  Total Unknown Req rcvd:                                  0
  Total Send Failure:                                      0
  Total Discarded:                                         0
    Mandatory Attr Missing:                                0
    Start For Non-Existing Session:                        0
    Interim For Non-Existing Session:                      0
    Stop For Non-Existing Session:                         0
    Unknown Client:                                        0
    Invalid Authenticator:                                 0
    Stale Packets:                                         0
    Service Not Supported:                                 0
    No Resource:                                           0
    Internal Error:                                        0
    License Limit Exceeded:                                0
    Service Limit Exceeded:                                0
    Invalid Length:                                        0
    Invalid EAP:                                           0
    Pending server response:                               0
    Congestion control policy applied:                     0
    Newcall policy applied:                                 0
    Blocked APGroupName:                                   0

Bulk Statistics

The following bulk statistics are added to the SaMOG schema as part of this feature:.

SaMOG Schema

The following bulks statistics included in the SaMOG schema to support this feature:

Table 4. Bulk Statistic Variables in the SaMOG Schema

Variables

Description

mrme-total-discard-blocked-apgroupname

Displays total number of sessions discarded due to blocked apgroupname.