Cisco IOS Mobile Wireless Gateway GPRS Support Node Command Reference

Cisco IOS Mobile Wireless GGSN Commands

This book documents the Cisco Gateway GPRS Support Note (GGSN) commands available with Cisco IOS Release 12.4(24)T, in alphabetical order.

aaa accounting

To enable authentication, authorization, and accounting (AAA) accounting of requested services for billing or security purposes when you use RADIUS or TACACS+, use the aaa accounting command in global configuration mode. To disable AAA accounting, use the no form of this command.

aaa accounting {auth-proxy | system | network | exec | connection | commands level | dot1x} {default | list-name | guarantee-first} [vrf vrf-name] {start-stop | stop-only | none} [broadcast] group group-name

no aaa accounting {auth-proxy | system | network | exec | connection | commands level | dot1x} {default | list-name | guarantee-first} [vrf vrf-name] {start-stop | stop-only | none} [broadcast] group group-name

Syntax Description

Defaults

AAA accounting is disabled.

Command Modes

Global configuration (config)

Command History

Usage Guidelines

General Information

Use the aaa accounting command to enable accounting and to create named method lists that define specific accounting methods on a per-line or per-interface basis.

Table 1 contains descriptions of keywords for AAA accounting methods.

In Table 1, the group radius and group tacacs+ methods refer to a set of previously defined RADIUS or TACACS+ servers. Use the radius-server host and tacacs-server host commands to configure the host servers. Use the aaa group server radius and aaa group server tacacs+ commands to create a named group of servers.

Cisco IOS software supports the following two methods of accounting:

•RADIUS—The network access server reports user activity to the RADIUS security server in the form of accounting records. Each accounting record contains accounting attribute-value (AV) pairs and is stored on the security server.

•TACACS+—The network access server reports user activity to the TACACS+ security server in the form of accounting records. Each accounting record contains accounting AV pairs and is stored on the security server.

Method lists for accounting define the way accounting will be performed. Named accounting method lists enable you to designate a particular security protocol to be used on specific lines or interfaces for particular types of accounting services. Create a list by entering values for the list-name argument where list-name is any character string used to name this list (excluding the names of methods, such as RADIUS or TACACS+) and method list keywords to identify the methods to be tried in sequence as given.

If the aaa accounting command for a particular accounting type is issued without a named method list specified, the default method list is automatically applied to all interfaces or lines (where this accounting type applies) except those that have a named method list explicitly defined. (A defined method list overrides the default method list.) If no default method list is defined, then no accounting takes place.

Note System accounting does not use named accounting lists; you can define the default list only for system accounting.

For minimal accounting, include the stop-only keyword to send a "stop" record accounting notice at the end of the requested user process. For more accounting, you can include the start-stop keyword, so that RADIUS or TACACS+ sends a "start" accounting notice at the beginning of the requested process and a "stop" accounting notice at the end of the process. Accounting is stored only on the RADIUS or TACACS+ server. The none keyword disables accounting services for the specified line or interface.

To specify an accounting configuration for a particular VRF, specify a default system accounting method list, and use the vrf keyword and vrf-name argument. System accounting does not have knowledge of VRF unless specified.

When AAA accounting is activated, the network access server monitors either RADIUS accounting attributes or TACACS+ AV pairs pertinent to the connection, depending on the security method you have implemented. The network access server reports these attributes as accounting records, which are then stored in an accounting log on the security server. For a list of supported RADIUS accounting attributes, see the appendix "RADIUS Attributes" in the Cisco IOS Security Configuration Guide. For a list of supported TACACS+ accounting AV pairs, see the appendix "TACACS+ Attribute-Value Pairs" in the Cisco IOS Security Configuration Guide.

Note This command cannot be used with TACACS or extended TACACS.

Cisco Service Selection Gateway Broadcast Accounting

To configure Cisco Service Selection Gateway (SSG) broadcast accounting, use ssg_broadcast_accounting for the list-name argument. For more information about configuring SSG, see the chapter "Configuring Accounting for SSG" in the Cisco IOS Service Selection Gateway Configuration Guide, Release 12.4.

Layer 2 LAN Switch Port

You must configure the RADIUS server to perform accounting tasks, such as logging start, stop, and interim-update messages and time stamps. To turn on these functions, enable logging of "Update/Watchdog packets from this AAA client" in your RADIUS server Network Configuration tab. Next, enable "CVS RADIUS Accounting" in your RADIUS server System Configuration tab.

You must enable AAA before you can enter the aaa accounting command. To enable AAA and 802.1X (port-based authentication), use the following global configuration mode commands:

•aaa new-model

•aaa authentication dot1x default group radius

•dot1x system-auth-control

Use the show radius statistics command to display the number of RADIUS messages that do not receive the accounting response message.

Establishing a Session with a Router if the AAA Server is Unreachable

The aaa accounting system guarantee-first command guarantees system accounting as the first record, which is the default condition. In some situations, users may be prevented from starting a session on the console or terminal connection until after the system reloads, which can take more than three minutes.

To establish a console or telnet session with the router if the AAA server is unreachable when the router reloads, use the no aaa accounting system guarantee-first command.

Note Entering the no aaa accounting system guarantee-first command is not the only condition by which the console or telnet session can be started. For example, if the privileged EXEC session is being authenticated by TACACS and the TACACS server is not reachable, then the session cannot start.

Examples

The following example defines a default commands accounting method list, where accounting services are provided by a TACACS+ security server, set for privilege level 15 commands with a stop-only restriction.

aaa accounting commands 15 default stop-only group tacacs+

The following example defines a default auth-proxy accounting method list, where accounting services are provided by a TACACS+ security server with a start-stop restriction. The aaa accounting command activates authentication proxy accounting.

aaa new-model

aaa authentication login default group tacacs+

aaa authorization auth-proxy default group tacacs+

aaa accounting auth-proxy default start-stop group tacacs+

The following example defines a default system accounting method list, where accounting services are provided by RADIUS security server "server1" with a start-stop restriction. The aaa accounting command specifies accounting for vrf "vrf1."

aaa accounting system default vrf vrf1 start-stop group server1

The following example defines a default IEEE 802.1x accounting method list, where accounting services are provided by a RADIUS server. The aaa accounting command activates IEEE 802.1x accounting.

aaa new model

aaa authentication dot1x default group radius

aaa authorization dot1x default group radius

aaa accounting dot1x default start-stop group radius

The following example shows how to enable network accounting and send tunnel and tunnel-link accounting records to the RADIUS server. (Tunnel-Reject and Tunnel-Link-Reject accounting records are automatically sent if either start or stop records are configured.)

aaa accounting network tunnel start-stop group radius

aaa accounting network session start-stop group radius

The following example shows how to enable IEEE 802.1x accounting:

aaa accounting dot1x default start-stop group radius

aaa accounting system default start-stop group radius

Related Commands

aaa group server diameter

To group different server hosts into distinct lists and distinct methods, use the aaa group server diameter command in access-point configuration mode. To remove a group, use the no form of this command

aaa group server diameter group-name

no aaa group server diameter group-name

Syntax Description

Defaults

No default behavior or values.

Command Modes

Access-point configuration

Command History

Usage Guidelines

The AAA server-group feature provides a way to group existing server hosts. The feature enables you to select a subset of the configured server hosts and use them for a particular service.

A server group is a list of server hosts of a particular type. Currently supported server host types are RADIUS server hosts, TACACS+ server hosts, and Diameter server hosts. A server group is used in conjunction with a global server host list. The server group lists the IP addresses of the selected server hosts.

Note Using the aaa group server diameter command you can configure a primary and secondary Diameter credit control applicaiton (DCCA) server. If the transport connection to the primary DCCA server should fail, a connection to the secondary DCCA server in the group will be established.

Examples

The following example shows the configuration of two AAA consisting of DCCA server hosts named dcca-sg1 and dcca-sg2:

aaa group server diameter dcca-sg1

  server dcca1

aaa group server diameter dcca-sg2

  server dcca2

Related Commands

aaa-group

To specify an authentication, authorization, and accounting (AAA) server group and assign the type of AAA services to be supported by the server group for a particular access point on the gateway GPRS support node (GGSN), use the aaa-group command in access-point configuration mode. To remove an AAA server group, use the no form of this command.

aaa-group {authentication | accounting} server-group

no aaa-group {authentication | accounting} server-group

Syntax Description

Defaults

No default behavior or values.

Command Modes

Access-point configuration

Command History

Usage Guidelines

The Cisco GGSN supports authentication and accounting at APNs using AAA server groups. By using AAA server groups, you gain the following benefits:

•You can selectively implement groups of servers for authentication and accounting at different APNs.

•You can configure different server groups for authentication services and accounting services in the same APN.

•You can control which RADIUS services you want to enable at a particular APN, such as AAA accounting.

The GGSN supports the implementation of AAA server groups at both the global and access-point configuration levels. You can minimize your configuration by specifying the configuration that you want to support across most APNs, at the global configuration level. Then, at the access-point configuration level, you can selectively modify the services and server groups that you want to support at a particular APN. Therefore, you can override the AAA server global configuration at the APN configuration level.

To configure a default AAA server group to be used for all APNs on the GGSN, use the gprs default aaa-group global configuration command. To specify a different AAA server group to be used at a particular APN for authentication or accounting, use the aaa-group access-point configuration command.

If accounting is enabled on the APN, then the GGSN looks for an accounting server group to be used for the APN in the following order:

•First, at the APN for an accounting server group—configured in the aaa-group accounting command.

•Second, for a global GPRS default accounting server group—configured in the gprs default aaa-group accounting command.

•Third, at the APN for an authentication server group—configured in the aaa-group authentication command.

•Last, for a global GPRS default authentication server group—configured in the gprs default aaa-group authentication command.

If none of the above commands is configured on the GGSN, then AAA accounting is not performed.

If authentication is enabled on the APN, then the GGSN first looks for an authentication server group at the APN, configured in the aaa-group authentication command. If an authentication server group is not found at the APN, then the GGSN looks for a globally configured, GGSN default authentication server group, configured in the gprs default aaa-group authentication command.

To complete the configuration, you also must specify the following configuration elements on the GGSN:

•Enable AAA services using the aaa new-model global configuration command.

•Configure the RADIUS servers using the radius-server host command.

•Define a server group with the IP addresses of the RADIUS servers in that group using the aaa group server global configuration command.

•Configure the following AAA services:

–AAA authentication using the aaa authentication global configuration command

–AAA authorization using the aaa authorization global configuration command

–AAA accounting using the aaa accounting global configuration command

•Enable the type of AAA services (accounting and authentication) to be supported on the APN.

–The GGSN enables accounting by default for non-transparent APNs.

You can enable or disable accounting services at the APN using the aaa-accounting command.

–Authentication is enabled by default for non-transparent APNs. There is not any specific command to enable or disable authentication. Authentication cannot be enabled for transparent APNs.

You can verify the AAA server groups that are configured for an APN using the show gprs access-point command.

Note For more information about AAA and RADIUS global configuration commands, see the Cisco IOS Security Command Reference.

Examples

The following configuration example defines four AAA server groups on the GGSN: foo, foo1, foo2, and foo3, shown by the aaa group server commands.

Using the gprs default aaa-group command, two of these server groups are globally defined as default server groups: foo2 for authentication, and foo3 for accounting.

At access-point 1, which is enabled for authentication, the default global authentication server group of foo2 is overridden and the server group named foo is designated to provide authentication services on the APN. Notice that accounting services are not explicitly configured at that access point, but are automatically enabled because authentication is enabled. Because there is a globally defined accounting server-group defined, the server named foo3 will be used for accounting services.

At access-point 2, which is enabled for authentication, the default global authentication server group of foo2 is used. Because there is a globally defined accounting server-group defined, the server named foo3 will be used for accounting services.

At access-point 4, which is enabled for accounting using the aaa-accounting enable command, the default accounting server group of foo3 is overridden and the server group named foo1 is designated to provide accounting services on the APN.

Access-point 5 does not support any AAA services because it is configured for transparent access mode, and accounting is not enabled.

aaa new-model

!

aaa group server radius foo

 server 10.2.3.4

 server 10.6.7.8

aaa group server radius foo1

 server 10.10.0.1

aaa group server radius foo2

 server 10.2.3.4

 server 10.10.0.1

aaa group server foo3

 server 10.6.7.8

 server 10.10.0.1

!

aaa authentication ppp foo group foo

aaa authentication ppp foo2 group foo2

aaa authorization network default group radius 

aaa accounting exec default start-stop group foo

aaa accounting network foo1 start-stop group foo1

aaa accounting network foo2 start-stop group foo2

aaa accounting network foo3 start-stop group foo3

!

gprs access-point-list gprs

 access-point 1

  access-mode non-transparent

  access-point-name www.pdn1.com

  aaa-group authentication foo

!

 access-point 2

  access-mode non-transparent

  access-point-name www.pdn2.com

!

 access-point 4

  access-point-name www.pdn4.com

  aaa-accounting enable

  aaa-group accounting foo1

!

 access-point 5

  access-point-name www.pdn5.com

!

gprs default aaa-group authentication foo2

gprs default aaa-group accounting foo3

!

radius-server host 10.2.3.4 auth-port 1645 acct-port 1646 non-standard

radius-server host 10.6.7.8 auth-port 1645 acct-port 1646 non-standard

radius-server host 10.10.0.1 auth-port 1645 acct-port 1646 non-standard

radius-server key ggsntel

Related Commands

access-mode

To specify whether the gateway GPRS support node (GGSN) requests user authentication at the access point to a public data network (PDN), use the access-mode command in access-point configuration mode. To remove an access mode and return to the default value, use the no form of this command.

access-mode {transparent | non-transparent}

no access-mode {transparent | non-transparent}

Syntax Description

Defaults

transparent

Command Modes

Access-point configuration

Command History

Usage Guidelines

Use the access-mode command to specify whether users accessing a PDN through a particular access point associated with the virtual template interface will have transparent or non-transparent access to the network.

Transparent access means that users who access the PDN through the current virtual template are granted access without further authentication.

Non-transparent access means that users who access the PDN through the current virtual template must be authenticated by the GGSN. You must configure non-transparent access to support RADIUS services at an access point. Authentication is performed by the GGSN while establishing the PDP context.

Examples

Example 1

The following example specifies transparent access to the PDN, gprs.pdn2.com, through access point 2:

interface virtual-template 1

 gprs access-point-list abc

!

gprs access-point-list abc

 access-point 2

  access-point-name gprs.pdn2.com

Example 2

The following example specifies non-transparent access to the PDN, gprs.pdn.com, through access point 1:

interface virtual-template 1

 gprs access-point-list abc

!

gprs access-point-list abc

 access-point 1

  access-point-name gprs.pdn.com 
  access-mode non-transparent

Note Because transparent is the default access mode, it does not appear in the output of the show running-configuration command for the access point.

Related Commands

access-point

To specify an access point number and enter access-point configuration mode, use the access-point command in access-point list configuration mode. To remove an access point number, use the no form of this command.

access-point access-point-index

no access-point access-point-index

Syntax Description

Defaults

No default behavior or values.

Command Modes

Access-point list configuration

Command History

Usage Guidelines

Use the access-point command to create an access point to a public data network (PDN).

To configure an access point, first set up an access-point list using the gprs access-point-list command, and then add the access point to the access-point list.

You can specify access point numbers in any sequence.

Note Memory constraints might occur if you define a large number of access points to support VPN routing and forwarding (VRF).

Examples

The following example configures an access point with an index number of 7 in an access-point-list named "abc" on the GGSN:

gprs access-point-list abc

 access-point 7

Related Commands

access-point-name

To specify the network (or domain) name for a public data network (PDN) that users can access from the gateway GPRS support node (GGSN) at a defined access point, use the access-point-name command in access-point configuration mode. To remove an access point name, use the no form of this command.

access-point-name apn-name

no access-point-name

Syntax Description

Defaults

There is no default value for this command.

Command Modes

Access-point configuration

Command History

Usage Guidelines

Use the access-point-name command to specify the PDN name of a network that can be accessed through a particular access point. An access-point name is mandatory for each access point.

To configure an access point, first set up an access-point list using the gprs access-point-list command, and then add the access point to the access-point list.

The access point name typically is the domain name of the service provider that users access—for example, www.isp.com.

Examples

The following example specifies the access-point name for a network:

 access-point 1

  access-point-name www.isp.com

  exit

Related Commands

access-type

To specify whether an access point is real or virtual on the gateway GPRS support node (GGSN), use the access-type command in access-point configuration mode. To return to the default value, use the no form of this command.

access-type {virtual [pre-authenticate [default-apn apn-name]] | real}

no access-type

Syntax Description

Defaults

real

Command Modes

Access-point configuration

Command History

Usage Guidelines

Use the access-type command to specify whether an access point is real or virtual on the GGSN.

The default access-type is real. Therefore, you need to configure this command only if the APN needs to be a virtual access point.

Virtual access types are used to configure virtual APN support on the Cisco GGSN to minimize provisioning issues in other GPRS/UMTS network entities that require configuration of APN information.

By default, using the virtual APN feature on the GGSN, home location register (HLR) subscription data can simply provide the name of the virtual APN. Users can still request access to specific target networks that are accessible by the GGSN without requiring each of those destination APNs to be provisioned at the HLR.

The default keyword, real, identifies a physical target network that the GGSN can reach. Real APNs must always be configured on the GGSN to reach external networks.

Virtual APNs can be configured in addition to real access points to ease provisioning in the GPRS/UMTS public land mobile network (PLMN).

Note If the access type is virtual, some of the access-point configuration commands are not applicable, and if configured, will be ignored.

The default virtual APN support relies on the domain portion of the username to resolve the target APN. Once, the target is resolved, the user is then connection to that APN on the GGSN.

Cisco GGSN Release 6.0, Cisco IOS Release 12.3(14) and later, supports pre-authentication-based virtual access points. The pre-authentication-based virtual APN feature utilizes AAA servers to provide dynamic, per-user mapping of a virtual APN to a target (real) APN.

When the pre-authenticate keyword option is specified when configuring a virtual APN, a pre-authentication phase is applied to Create PDP Context requests received that include a virtual APN in the APN information element.

Pre-authentication-based virtual APN requires that the AAA server be configured to provision user profiles to include the target APN. The AAA maps a user to the target using user identifications such as the IMSI, user name, or MSISDN, etc. Additionally, the target APN must be locally configured on the GGSN.

The following is the typical call flow with regard to external AAA servers when a virtual APN is involve:

1. The GGSN receives a Create PDP Context Request that includes a virtual APN. It locates the virtual APN and starts a pre-authentication phase for the PDP context by sending an Access-Request message to an AAA server.

2. The AAA server does a lookup based on the user identification (username, MSISDN, IMSI, etc.) included in the Access-Request message, and determines the target-APN for the user from the user profile. The target APN is returned as a Radius attribute in the Access-Accept message to the GGSN.

3. The GGSN checks for a locally-configured APN that matches the APN name in the target APN attribute in the Access-Accept message.

–If a match is found, the virtual APN is resolved and the Create PDP Context Request is redirected to the target APN and is further processed using the target APN (just as if the target APN was included in the original Create PDP Context request). If the real APN is non-transparent, another Access-Request is sent out. Typically, the AAA server should be different.

–If a match is not found, the Create PDP Context Request is rejected.

–If there is no target APN included in the RADIUS attribute in the access-accept message to the GGSN, or if the target APN is not locally configured, the Create PDP Context Request is rejected.

4. GGSN receives an access-accept from the AAA server for the second round of authentication.

When configuring pre-authentication-based virtual APN functionality, please note the following:

When configuring pre-authentication-based virtual APN functionality, please note the following:

•If a user profile on the AAA server is configured to include a target APN, then the target APN should be a real APN, and it should be configured on the GGSN.

•An APN can only be configured for domain-based virtual APN functionality or pre-authentication-based APN functionality, not both.

•The target APN returned from AAA must be a real APN, and if more than one APN is returned, the first one is used and the rest ignored.

•Configure anonymous user access under the virtual APN (using the anonymous user access-point configuration command) to mobile stations (MS) to access without supplying the username and password (the GGSN uses the common password configured on the APN).

•At minimum, an AAA access-method must be configured under the virtual APN, or globally. If a method is not configured, the create PDP request will be rejected.

•The associated real APN name is used in G-CDRs and authentication requests sent to a virtual APN

Note For virtual APNs, the domain is always removed from the username attribute. The associated real APN name is used in G-CDRs and authentication requests sent to a virtual APN.

Examples

Example 1

The following example shows configuration of a virtual access point type and a real access point type:

 access-point 1

  access-point-name corporate

  access-type virtual

  exit

 access-point 2

  access-point-name corporatea.com

  ip-address-pool dhcp-client

  dhcp-server 10.21.21.1

Example 2

The following example enables pre-authentication-based virtual APN functionality for virtual access point and specifies "cisco.com" as the default APN if a target APN is not resolved.

 access-point 1

  access-point-name virtual-apn-all

  access-type virtual pre-authenticate default-apn cisco.com

  anonymous user anyone abc

  radius attribute user-name msisdn

  exit

Related Commands

access-violation deactivate-pdp-context

To specify that a user's session be ended and the user packets discarded when a user attempts unauthorized access to a public data network (PDN) through an access point, use the access-violation deactivate-pdp-context command in access-point configuration mode. To return to the default value, use the no form of this command.

access-violation deactivate-pdp-context

no access-violation deactivate-pdp-context

Syntax Description

This command has no arguments or keywords.

Defaults

The user's session remains active and the user packets are discarded.

Command Modes

Access-point configuration

Command History

Usage Guidelines

Use the access-violation deactivate-pdp-context command to specify the action that is taken if a user attempts unauthorized access through the specified access point.

The default is that the gateway GPRS support node (GGSN) simply drops user packets when an unauthorized access is attempted. However, if you specify access-violation deactivate-pdp-context, the GGSN terminates the user's session in addition to discarding the packets.

Examples

The following example shows deactivation of a user's access and discarding of the user packets:

 access-point 1

  access-point-name pdn.aaaa.com

  ip-access-group 101 in

  access-violation deactivate-pdp-context

  exit

Related Commands

address ipv4

To configure a route to the host of the Diameter peer using IPv4, use the address ipv4 command in Diameter peer configuration mode. To remove the address, use the no form of this command.

address ipv4 ip-address

no address ipv4 ip-address

Syntax Description

Defaults

No default behavior or values.

Command Modes

Diameter peer configuration

Command History

Usage Guidelines

Use the address ipv4 command to define the IP address of the host of the Diameter peer using IPv4.

Examples

The following configuration example defines the IP address of the host of the Diameter peer as 10.10.10.1:

diameter peer dcca1

 address ipv4 10.10.10.1

Related Commands 

.

advertise downlink next-hop

To configure the next hop address (the user address) on the gateway GPRS support node (GGSN) downlink traffic to be advertised in Accounting Start requests, use the advertise downlink next-hop command in access-point configuration mode. To remove a next hop address configuration, use the no form of this command.

advertise downlink next-hop ip-address

no advertise downlink next-hop ip-address

Syntax Description

Defaults

No default behavior or values.

Command Modes

Access-point configuration

Command History

Usage Guidelines

Use the advertise downlink next-hop command to configure the next hop IP address, to which downlink traffic destined for the GGSN is to be routed (Cisco Content Services Gateway [CSG]-to-GGSN) , to be advertised in Accounting Start requests.

Examples

The following configuration example configures 10.10.150.2 as the next hop address to be advertised:

advertise downlink next-hop 10.10.150.2

Related Commands 

aggregate

To configure the gateway GPRS support node (GGSN) to create an aggregate route in its IP routing table, when receiving packet data protocol (PDP) requests from mobile stations (MSs) on the specified network, for a particular access point on the GGSN, use the aggregate command in access-point configuration mode. To remove an aggregate route, use the no form of this command.

aggregate {auto | ip-network-prefix{/mask-bit-length | ip-mask}}

no aggregate {auto | ip-network-prefix{/mask-bit-length | ip-mask}}

Syntax Description

Defaults

No default behavior or values.

Command Modes

Access-point configuration

Command History

Usage Guidelines

The GGSN uses a static host route to forward user data packets received from the Gi interface to the Gn interface, using the virtual template interface of the GPRS tunneling protocol (GTP) tunnel.

Without the aggregate command or gprs default aggregate command, the GGSN creates a static host route for each PDP context. For example, for 45,000 PDP contexts supported, the GGSN creates 45,000 static host routes in its IP routing table.

You can use the aggregate command to reduce the number of static routes implemented by the GGSN for PDP contexts at a particular access point. The aggregate command allows you to specify an IP network prefix to combine the routes of PDP contexts from the same network as a single route on the GGSN.

To configure the GGSN to automatically aggregate routes that are returned by a DHCP or RADIUS server, use the aggregate auto command at the APN.

Note The aggregate auto command will not aggregate routes when using local IP address pools.

Automatic route aggregation can be configured only at the access-point configuration level on the GGSN. The gprs default aggregate global configuration command does not support the auto option; therefore, you cannot configure automatic route aggregation globally on the GGSN.

You can specify multiple aggregate commands at each access point to support multiple network aggregates. However, if you use the aggregate auto command at the access point name (APN), you cannot specify any other aggregate route ranges at the APN.

To globally define an aggregate IP network address range for all access points on the GGSN for statically derived addresses, you can use the gprs default aggregate command. You can use the aggregate command to override this default address range at a particular access point.

The GGSN responds in the following manner to manage routes for MSs through an access point, when route aggregation is configured in the following scenarios:

•No aggregation is configured on the GGSN, at the APN or globally—The GGSN inserts the 32-bit host route of the MS into its routing table as a static route.

•A default aggregate route is configured globally, but no aggregation is configured at the APN:

–If a statically or dynamically derived address for an MS matches the default aggregate route range, the GGSN inserts an aggregate route into its routing table.

–If the MS address does not match the default aggregate route, the GGSN inserts the 32-bit host route as a static route into the routing table.

•A default aggregate route is configured globally, and automatic route aggregation is configured at the APN:

–If a statically derived address for an MS matches the default aggregate route range, the GGSN inserts an aggregate route into its routing table.

–If a statically derived address for an MS does not match the default aggregate route, the GGSN inserts the 32-bit host route as a static route into its routing table.

–If a dynamically derived address for an MS is received, the GGSN aggregates the route, based on the address and mask returned by the DHCP or RADIUS server.

•A default aggregate route is configured globally, and an aggregate route is also configured at the APN:

–If a statically or dynamically derived address for an MS matches the aggregate range at the APN through which it was processed, or otherwise matches the default aggregate range, the GGSN inserts an aggregate route into its routing table.

–If a statically or dynamically derived address for an MS does not match either the aggregate range at the APN or the global default aggregate range, the GGSN inserts the 32-bit host route as a static route into its routing table.

Use care when assigning IP addresses to an MS before you configure the aggregation ranges on the GGSN. A basic guideline is to aggregate as many addresses as possible, but to minimize your use of aggregation with respect to the total amount of IP address space being used by the access point.

Note The aggregate command and gprs default aggregate commands affect routing on the GGSN. Use care when planning and configuring IP address aggregation.

Use the show gprs access-point command to display information about the aggregate routes that are configured on the GGSN. The aggregate output field appears only when aggregate routes have been configured on the GGSN or when the auto option is configured.

Use the show ip route command to verify whether the static route is in the current IP routing table on the GGSN. The static route created for any PDP requests (aggregated or non-aggregated) appears with the code "U" in the routing table, indicating a per-user static route.

Note The show ip route command displays a static route for aggregated PDP contexts only if PDP contexts on that network have been created on the GGSN. If you configure route aggregation on the GGSN, but no PDP requests have been received for that network, the static route does not appear.

Examples

Example 1

The following example specifies two aggregate network address ranges for access point 8. The GGSN will create aggregate routes for PDP context requests received from MSs with IP addresses on the networks 172.16.0.0 and 10.0.0.0:

gprs access-point-list gprs

 access-point 8

   access-point-name pdn.aaaa.com

   aggregate 172.16.0.0/16

   aggregate 10.0.0.0/8

Note Regardless of the format in which you configure the aggregate command, the output from the show running-configuration command always displays the network in the dotted decimal/integer notation.

Example 2

The following example shows a route aggregation configuration for access point 8 using DHCP on a GGSN implement on the Cisco 7200 series router platform, along with the associated output from the show gprs gtp pdp-context all command and the show ip route commands.

Notice that the aggregate auto command is configured at the access point where DHCP is being used. The dhcp-gateway-address command specifies the subnet addresses to be returned by the DHCP server. This address should match the IP address of a loopback interface on the GGSN. In addition, to accommodate route aggregation for another subnet 10.80.0.0, the gprs default aggregate global configuration command is used.

In this example, the GGSN aggregates routes for dynamically derived addresses for MSs through access point 8, based on the address and mask returned by the DHCP server. For PDP context requests received for statically derived addresses on the 10.80.0.0 network, the GGSN also implements an aggregate route into its routing table, as configured by the gprs default aggregate command.

interface Loopback0

 ip address 10.80.0.1 255.255.255.255

!

interface Loopback2

 ip address 10.88.0.1 255.255.255.255

!

gprs access-point-list gprs

 access-point 8

   access-point-name pdn.aaaa.com

   ip-address-pool dhcp-proxy-client

   aggregate auto

   dhcp-server 172.16.43.35

   dhcp-gateway-address 10.88.0.1

   exit

!

gprs default aggregate 10.80.0.0 255.255.255.0

In the following output for the show gprs gtp pdp-context all command, 5 PDP context requests are active on the GGSN for pdn.aaaa.com from the 10.88.0.0/24 network:

GGSN# show gprs gtp pdp-context all

TID              MS Addr         Source  SGSN Addr       APN

6161616161610001 10.88.0.1       DHCP    172.16.123.1    pdn.aaaa.com

6161616161610002 10.88.0.2       DHCP    172.16.123.1    pdn.aaaa.com

6161616161610003 10.88.0.3       DHCP    172.16.123.1    pdn.aaaa.com

6161616161610004 10.88.0.4       DHCP    172.16.123.1    pdn.aaaa.com

6161616161610005 10.88.0.5       DHCP    172.16.123.1    pdn.aaaa.com

The following output for the show ip route command shows a single static route in the IP routing table for the GGSN, which routes the traffic for the 10.88.0.0/24 subnet through the virtual template (or Virtual-Access1) interface:

GGSN# show ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter

area

       * - candidate default, U - per-user static route, o - ODR

       P - periodic downloaded static route

Gateway of last resort is not set

     10.80.0.0/16 is subnetted, 1 subnets

C       10.80.0.0 is directly connected, Loopback0

     10.113.0.0/16 is subnetted, 1 subnets

C       10.113.0.0 is directly connected, Virtual-Access1

     172.16.0.0/16 is variably subnetted, 3 subnets, 3 masks

C       172.16.43.192/28 is directly connected, FastEthernet0/0

S       172.16.43.0/24 is directly connected, FastEthernet0/0

S       172.16.43.35/32 is directly connected, Ethernet2/3

     10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

U       10.88.0.0/24 [1/0] via 0.0.0.0, Virtual-Access1

C       10.88.0.0/16 is directly connected, Loopback2

Related Commands

anonymous user

To configure anonymous user access at an access point, use the anonymous user command in access-point configuration mode. To remove the username configuration, use the no form of this command.

anonymous user username [password]

no anonymous user

Syntax Description

Defaults

No default behavior or values.

Command Modes

Access-point configuration

Command History

Usage Guidelines

Use this command to allow a mobile station (MS) to access a non-transparent mode access point name (APN) without supplying the username and password in the GPRS tunneling protocol (GTP) protocol configuration option (PCO) information element (IE) of the Create PDP Context request message. The GGSN will use the username and password configured on the APN for the user session.

This command enables anonymous access, which means that a PDP context can be created by an MS to a specific host without specifying a username and password.

Examples

The following example specifies the username george and the password abcd123 for anonymous access at access point 49:

gprs access-point-list abc

 access-point 49

   access-point-name www.pdn.com

   anonymous user george abcd123

authorization

To define a method of authorization (AAA method list), in the Diameter credit control application (DCCA) client profile, that is used to specify the Diameter server groups, use the authorization command in DCCA client profile configuration mode. To remove the method list configuration, use the no form of this command

authorization method-list

no authorization method-list

Syntax Description

Defaults

No default behavior or values.

Command Modes

DCCA client profile configuration

Command History

Usage Guidelines

Use the authorization command to define the method list to be used by the DCCA client to authorize users. The method list specifies the Diameter server groups to use for authorization and was created using the aaa authorization global configuration command.

Examples

The following configuration example defines dcca-method1 as the method of authorization for a DCCA client:

gprs dcca profile dcca-profile1

  authorization dcca-method

Related Commands 

auto-retrieve

To configure the gateway GPRS support node (GGSN) to automatically initiate a G-CDR retrieval from the PSDs defined in a Cisco Persitent Storage Device (PSD) server group when a charging gateway becomes active, use the auto-retrieve command in PSD group configuration mode. To return to the default value, use the no form of this command.

auto-retrieve max-retrieve-rate

no auto-retrieve max-retrieve-rate

Syntax Description

Defaults

60.

Command Modes

Global configuration

Command History

Usage Guidelines

Use the auto-retrieve command to configure the GGSN to automatically retrieve G-CDRs from a PSD. When the auto-retrieve command is configured, the GGSN retrieves G-CDRs from the PSDs defined in the PSD server group. It initiates a retrieval from the "retrieve-only" PSD first, and then retrieves the G-CDRs from the local PSD.

If a retrieve-only PSD has been configured without the auto-retrieve command configured, the GGSN will not initiate a start retrieve when a retrieving event occurs.

Note PSD auto-retrieval is supported for GTPv0 and GTPv1 IP PDP type PDP contexts on the Cisco 7600 series router platform.

Examples

The following example configures the GGSN to automatically retrieve G-CDRs from the PSDs, using the default 60 as the number of retrieval requests that can be sent from the GGSN to the PSD per minute:

auto-retrieve

Command History

bandwidth

To define the total bandwidth for a bandwidth pool, use the bandwidth command in bandwidth pool configuration mode. To return to the default value, use the no form of this command.

bandwidth value

no bandwidth value

Syntax Description

Defaults

No default behavior or values.

Command Modes

Bandwidth pool configuration

Command History

Usage Guidelines

Use the bandwidth bandwidth pool configuration command to define the total bandwidth for a bandwidth pool.

Note Before configuring the total bandwidth for a bandwidth pool, the pool must be created using the gprs qos bandwidth-pool global configuration command.

The total bandwidth defined for a bandwidth pool can be subdivided among traffic classes using the traffic-class bandwidth pool configuration command.

Examples

The following example allocates 10000 kilobits per second for the bandwidth pool "poolA":

gprs qos bandwidth-pool poolA

 bandwidth 10000

Related Commands

bandwidth-pool

To enable the Call Admission Control (CAC) bandwidth management function and apply a bandwidth pool to anaccess point name (APN), use the bandwidth-pool command in access-point configuration mode. To return to the default value, use the no form of this command.

bandwidth-pool {input | output} pool-name

no bandwidth-pool {input | output} pool-name

Syntax Description

Defaults

Disabled

Command Modes

Access-point configuration

Command History

Usage Guidelines

Use the bandwidth-pool access-point configuration command to enable the CAC bandwidth management function and apply a bandwidth pool to an APN.

Note A CAC bandwidth pool can be applied to one or multiple APNs. If a bandwidth pool is not applied to an APN, the bandwidth management function is disabled.

Examples

The following example enables the CAC bandwidth management function and applies bandwidth pool "pool A" to the Gn interface of an APN:

bandwidth-pool input poolA

Related Commands

block-foreign-ms

To restrict GPRS access based on the mobile user's home public land mobile network (PLMN) (where the MCC and MNC are used to determine the point of origin), use the block-foreign-ms command in access-point configuration mode. To disable blocking of foreign subscribers, use the no form of this command.

block-foreign-ms

no block-foreign-ms

Syntax Description

This command has no arguments or keywords.

Defaults

Disabled

Command Modes

Access-point configuration

Command History

Usage Guidelines

The block-foreign-ms command enables the gateway GRPS support node (GGSN) to block foreign mobile stations (MSs) from accessing the GGSN via a particular access point.

When you use this command, the GGSN determines if an MS is inside or outside of the PLMN, based on the MCC and MNC. The MCC and MNC are specified using the gprs mcc mnc command.

Note The MCC and MNC values used to determine whether a request is from a roaming MS must be configured using the gprs mcc mnc global configuration command before the GGSN can be enabled to block foreign mobile stations.

Additionally, before a GGSN is enabled to block foreign MSs, a valid PLMN should be configured using the gprs plmn ip address command. The block foreign MS feature will not take affect until a valid PLMN is configured and the GGSN will allow Create PDP Context requests from foreign MSs until then.

Examples

The following example blocks access to foreign MSs at access point 49:

gprs access-point-list abc

 access-point 49

   access-point-name www.pdn.com

   block-foreign-ms

Related Commands

cac-policy

To enable the maximum quality of service (QoS) policy function of the Call Admission Control (CAC) feature and apply a policy to an access point name (APN), use the cac-policy command in access-point configuration mode. To return to the default value, use the no form of this command.

cac-policy policy-name

cac-policy policy-name

Syntax Description

Defaults

There is no policy attached to an APN.

Command Modes

Access-point configuration

Command History

Usage Guidelines

Use the cac-policy command to enable maximum QoS policy function of the CAC feature and apply a policy to an APN.

Note The CAC feature requires that UMTS QoS has been configured. For information on configuring UMTS QoS, see the GGSN Release 5.1 Configuration Guide.

Examples

The following example attaches maximum QoS policy A to an access point:

cac-policy A

Related Commands

category

To identify the subscriber billing method category to which a charging profile applies, enter the category command in charging profile configuration mode. To return to the default value, issue the no form of this command.

category {hot | flat | prepaid | normal}

no category {hot | flat | prepaid | normal}

Syntax Description

Defaults

Flat

Command Modes

Charging profile configuration

Command History

Usage Guidelines

Use the category charging profile configuration command to identify to which subscriber billing method category a charging profile applies.

Examples

The following example indicates hot is the subscriber billing method category to which the profile applies:

category hot

Related Commands

.

ccfh

To configure a default Credit Control Failure Handling (CCFH) action to apply to credit control (CC) sessions (PDP context) when a failure occurs and the credit control answer (CCA) received from the Diameter credit control application (DCCA) server does not contain a value for the CCFH attribute-value pair (AVP), use the ccfh command in DCCA client profile configuration mode. To return to the default value, use the no form of this command

ccfh [continue | terminate | retry_terminate]

no ccfh [continue | terminate | retry_terminate]

Syntax Description

Defaults

Terminate.

Command Modes

DCCA client profile configuration

Command History

Usage Guidelines

Use the ccfa command to configure the CCFH AVP locally. The CCFH determines the behavior of the DCCA client in fault situations. The CCFH AVP can also be received from the Diameter home authentication, authorization, and accounting (AAA) server and DCCA server. A CCFH value received from the DCCA server in a CCA overrides the value configured locally.

The CCFH AVP is determines the action the DCCA client takes on a session, when the following fault conditions occur:

•Transmission time (Tx timeout) expires.

•CCA message containing protocol error (Result-Code 3xxx) is received.

•CCA fails (for example, a CCA with a permanent failure notification [Result-Code 5xxx]) is received).

•Failure-to-send condition exists (the DCCA client is not able to communicate with the desired destination).

•An invalid answer is received

Examples

The following configuration example configures the DCCA client to allow a CC session and user traffic for the relevant category (or categories) to continue:

gprs dcca profile dcca-profile1

  authorization dcca-method

  tx-timeout 12

  ccfh continue

Related Commands 

cdr suppression

To specify that call detail records (CDRs) be suppressed as a charging characteristic in a charging profile, use the cdr suppression command in charging profile configuration mode. To return to the default value, use the no form of the command.

cdr suppression

no cdr suppression

Syntax Description

This command has no arguments or keywords.

Defaults

CDRs are not suppressed.

Command Modes

Charging profile configuration

Command History

Usage Guidelines

Use the cdr suppression charging profile configuration command to specify that CDRs be suppressed as a charging characteristic in a charging profile.

Examples

The following example specifies that CDRs be suppressed:

cdr suppression

Related Commands

.

cdr suppression prepaid

To specify that call detail records (CDRs) be suppressed for prepaid users, use the cdr suppression command in charging profile configuration mode. To return to the default value, use the no form of the command.

cdr suppression prepaid

no cdr suppression prepaid

Syntax Description

This command has no arguments or keywords.

Defaults

Disabled (CDRs are generated for users).

Command Modes

Charging profile configuration

Command History

Usage Guidelines

Use the cdr suppression prepaid charging profile configuration command to specify that CDRs be suppressed users with an active connection to a DCCA server.

Charging for prepaid users is handled by the DCCA client, therefore G-CDRs do not need to be generated for prepaid users.

Note When CDR suppression for prepaid users is enabled, if a Diameter server error occurs while a session is active, the user is reverted to postpaid status, but CDRs for the PDP context are not generated.

Examples

The following example specifies that CDRs be suppressed for online users:

cdr suppression prepaid

Related Commands

.

charging profile

To specify a default charging profile for a user type for an access point, use the charging profile command in access-point configuration mode. To remove the profile, use the no form of this command.

charging profile {home | roaming | visiting | any} [trusted] profile-number [override]

no charging profile {home | roaming | visiting | any} profile-number [trusted] profile-number [override]

Syntax Description

Defaults

No profile is associated with an APN.

Command Modes

Access-point configuration

Command History

Usage Guidelines

Use the charging profile access-point configuration command to apply a default charging profile to an access point name (APN) for a specific type of use.

For complete information on configuring and using charging profiles, and the order in which charging profiles are selected for a PDP context, see the "Configuring Charging Profiles" section of the "Configuring Charging on the GGSN" chapter of the Cisco GGSN Configuration Guide.

Examples

The following example specifies charging profile number 10 to be the APN default for home users:

charging profile 10 home

Related Commands

.

clear aaa counters server sg

To clear the counters for all RADIUS servers that are part of a specific server group, use the clear aaa counters servers sg command in privileged EXEC mode.

clear aaa counters servers sg sg-name

Syntax Description

Defaults

No default behavior or values.

Command Modes

Privileged EXEC

Command History

Usage Guidelines

Use the clear aaa counters server sg command to clear counters for all the RADIUS servers in a specific server-group, and to reset the counters to 0.

Use the show aaa servers sg command to display the counters that are reset by this command.

Examples

The following example clears the counters for all the RADIUS servers in server group "group1":

clear aaa counters servers sg group1

Related Commands

clear data-store statistics

To clear Persistent Storage Device (PSD)-related statistics, use the clear data-store statistics command in privilege EXEC mode.

clear data-store statistics

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

Privileged EXEC

Command History

Usage Guidelines

Use the clear data-store statistics command to clear PSD-related statistics. These statistics are displayed using the show data-store statistics command.

Examples

The following example clears PSD-related statistics on the GGSN:

clear data-store statistics

Related Commands

clear ggsn quota-server statistics

To clear statistics (message and error counts) related to quota server processing, use the clear ggsn quota-server statistics command in privilege EXEC mode.

clear ggsn quota-server statistics

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

Privilege EXEC

Command History

Usage Guidelines

Use the clear ggsn quota-server statistics command to clear statistics related to quota server process operations (displayed using the show ggsn quota server statistics command).

Examples

The following configuration example clears all statistics related to quota server operations:

clear ggsn quota-server statistics

Related Commands 

.

clear gprs access-point statistics

To clear statistics counters for a specific access point or for all access points on the gateway GPRS support node (GGSN), use the clear gprs access-point statistics command in privileged EXEC mode.

clear gprs access-point statistics {access-point-index | all}

Syntax Description

Defaults

No default behavior or values.

Command Modes

Privileged EXEC

Command History

Usage Guidelines

This command clears the statistics that are displayed by the show gprs access-point statistics command and show policy-map apn command.

Examples

The following example clears the statistics at access point 2:

clear gprs access-point statistics 2

The following example clears the statistics for all access points:

clear gprs access-point statistics all

Related Commands

clear gprs charging cdr

To clear GPRS call detail records (CDRs), use the clear gprs charging cdr command in privileged EXEC configuration mode.

clear gprs charging cdr {access-point access-point-index | all | partial-record | tid tunnel-id}

Syntax Description

Defaults

No default behavior or values.

Command Modes

Privileged EXEC

Command History

Usage Guidelines

Use the clear gprs charging cdr command to clear the CDRs for one or more PDP contexts.

To clear CDRs by tunnel ID (TID), use the clear gprs charging cdr command with the tid keyword and specify the corresponding TID for which you want to clear the CDRs. To determine the tunnel ID (TID) of an active PDP context, you can use the show gprs gtp pdp-context all command to obtain a list of the currently active PDP contexts (mobile sessions).

To clear CDRs by access point, use the clear gprs charging cdr command with the access-point keyword and specify the corresponding access-point index for which you want to clear CDRs. To obtain a list of access points, you can use the show gprs access-point command.

When you clear CDRs for a tunnel identifier (TID), an access point, or for all access points, charging data records for the specified TID or access point(s) are sent immediately to the charging gateway. When you run these versions of this command, the following things occur:

•The GGSN no longer sends charging data that has been accumulated for the PDP context to the charging gateway.

•The GGSN closes the current CDRs for the specified PDP contexts.

•The GGSN no longer generates CDRs for existing PDP contexts.

To close all CDRs and open partial CDRs for existing PDP contexts on the GGSN, use the clear gprs charging cdr partial-record command.

The clear gprs charging cdr command is normally used before disabling the charging function.

Examples

The following example shows how to clear CDRs by tunnel ID:

Router# show gprs gtp pdp-context all

TID              MS Addr         Source  SGSN Addr       APN

1234567890123456 10.11.1.1       Radius  10.4.4.11       www.pdn1.com

2345678901234567 Pending         DHCP    10.4.4.11       www.pdn2.com

3456789012345678 10.21.1.1       IPCP    10.1.4.11       www.pdn3.com

4567890123456789 10.31.1.1       IPCP    10.1.4.11       www.pdn4.com

5678901234567890 10.41.1.1       Static  10.4.4.11       www.pdn5.com

Router# clear gprs gtp charging cdr tid 1234567890123456

The following example shows how to clear CDRs for access point 1:

Router# clear gprs charging cdr access-point 1

Related Commands

clear gprs charging cdr all no-transfer

To clear all stored call detail records (CDRs) when a gateway GPRS support node (GGSN) is in charging and global maintenance mode, including those in the pending queue, use the clear gprs charging cdr all no-transfer command in privileged EXEC configuration mode.

clear gprs charging cdr all no-transfer

Syntax Descriptionclear gprs charging cdr no-transfer

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

Privileged EXEC

Command History

Usage Guidelines

Use the clear gprs cdr all no-transfer command to clear stored and pending CDRs when the GGSN is in charging and global maintenance modes.

When you clear stored CDRs, the GGSN does not send the charging data accumulated for packet data protocol (PDP) contexts to the charging gateway when the global and charging service-mode states are returned to operational. Additionally, once the service-mode states are returned to operational, the GGSN no longer generates CDRs for the existing PDP contexts. Therefore, to return to normal CDR generation, clear existing PDP contexts using the clear gprs gtp pdp-context global configuration command.

Note To clear CDRs, the GGSN must be in global maintenance mode (using the gprs service-mode maintenance command) and charging maintenance mode (using the gprs charging service-mode maintenance command.

Note When the GGSN is in charging and global maintenance mode, the GGSN no longer creates CDRs for existing PDPs.

Examples

The following example shows how to clear CDRs:

Router# clear gprs cdr all no-transfer

Related Commands

clear gprs gtp pdp-context

To clear one or more packet data protocol (PDP) contexts (mobile sessions), use the clear gprs gtp pdp-context command in privileged EXEC configuration mode.

clear gprs gtp pdp-context {tid tunnel-id | imsi imsi_value | path ip-address [remote_port_num] | access-point access-point-index [no-wait-sgsn | local-delete | pdp-type {ipv6 | ipv4} | all]}

Syntax Description

Defaults

No default behavior or values.

Command Modes

Privileged EXEC

Command History

Usage Guidelines

Use the clear gprs gtp pdp-context command to clear one or more PDP contexts (mobile sessions). Use this command when operator intervention is required for administrative reasons—for example, when there are problematic user sessions or when the system must be taken down for maintenance.

After the clear gprs gtp pdp-context command is issued, those users who are accessing the public data network (PDN) through the specified TID, IMSI, path, or access point are disconnected.

Caution In a GTP session redundancy (GTP-SR) environment, do not use the clear gprs gtp pdp-context command on the Standby gateway GPRS support node (GGSN). If you issue this command on the Standby GGSN, you are prompted to confirm before the command is processed. Issue the show grps redundancy command to confirm which GGSN is the Standby GGSN in a GTP-SR configuration before you use this command.

TID

To determine the tunnel ID of an active PDP context, you can use the show gprs gtp pdp-context command to obtain a list of the currently active PDP contexts (mobile sessions). Then, to clear a PDP context by tunnel ID, use the clear gprs gtp pdp-context command with the tid keyword and the corresponding tunnel ID that you want to clear.

IMSI

If you know the IMSI of the PDP context, you can use the clear gprs gtp pdp-context with the imsi keyword and the corresponding IMSI of the connected user to clear the PDP context. If you want to determine the IMSI of a PDP context, you can use the show gprs gtp pdp-context all command, which displays a list of the currently active PDP contexts. Then, after finding the TID value that corresponds to the session that you want to clear, you can use the show gprs gtp pdp-context tid command to display the IMSI.

Access Point

To clear PDP contexts by access point, use the clear gprs gtp pdp-context command with the access-point keyword and the corresponding access point index. To display a list of access points that are configured on the GGSN, use the show gprs access-point command.

Access Point, Fast PDP Delete

As defined by 3GPP standards, by default, the GGSN sends a delete PDP context request to the SGSN, and waits for a response from the SGSN before deleting the PDP context. Also, only a certain number of PDP contexts can be deleted at one time when multiple PDP contexts are being deleted.

If an SGSN is not responding to the GGSN's delete PDP context requests, a long delay can occur before the task is completed. Therefore, you can use the Fast PDP Delete feature (the no-wait-sgsn and local-delete access point keyword options) when an access point is in maintenance mode. The Fast PDP Delete feature enables you to configure the GGSN to delete a PDP context without waiting for a response from the SGSN, or to delete PDP contexts locally without sending a delete PDP context request to the SGSN at all.

When using the Fast PDP Delete feature, note the following:

•The no-wait-sgsn and local-delete keyword options are available only when the APN is in maintenance mode.

•The no-wait-sgsn and local-delete keyword options are not available in a Standby GGSN.

•When the no-wait-sgsn and local-delete keyword options are specified, and the command entered, the GGSN prompts you with the following caution:

Deleting all PDPs without successful acknowledgements from the SGSN will result in the 
SGSN and GGSN going out of sync. Do you want to proceed ? [n]:

The default is no. To cancel the delete, type n and press enter. To proceed with the delete, type y and press enter.

•When processing service-aware PDPs, while the GGSN does not wait for a response from the SGSN when the Fast PDP Delete feature is used, the GGSN must wait for a response from the Cisco CSG and Diameter server. Therefore, the Fast PDP Delete feature is not as useful for service-aware PDPs.

•If a delete PDP context requests is lost, the SGSN will not be able to delete the PDP context. This condition might result in inconsistent CDRs generated by the GGSN and the SGSN.

•When the no-wait-sgsn keyword option is specified, the GGSN does not throttle the delete PDP context requests to the SGSN, and therefore, the GGSN might flood the SGSN with delete PDP context requests.

•If the Fast PDP Delete feature is used when an SGSN is responding, the EXEC interface will be busy for a several seconds and then display normally.

•The Fast PDP Delete feature applies only to PDP deletion initiated by the clear gprs gtp-context privilege EXEC command. PDP deletion due to other circumstances, such as PDP deletion during a failure condition, is not impacted.

Examples

The following example shows how to clear PDP contexts by tunnel ID:

GGSN# show gprs gtp pdp-context all

TID              MS Addr         Source  SGSN Addr       APN

1234567890123456 10.11.1.1       Radius  10.4.4.11       www.pdn1.com

2345678901234567 Pending         DHCP    10.4.4.11       www.pdn2.com

3456789012345678 10.21.1.1       IPCP    10.1.4.11       www.pdn3.com

4567890123456789 10.31.1.1       IPCP    10.1.4.11       www.pdn4.com

5678901234567890 10.41.1.1       Static  10.4.4.11       www.pdn5.com

GGSN# clear gprs gtp pdp-context tid 1234567890123456

The following example shows how to clear PDP contexts at access point 1:

GGSN# clear gprs gtp pdp-context access-point 1

clear gprs gtp statistics

To clear the current gateway GPRS support node (GGSN) GPRS tunneling protocol (GTP) statistics, use the clear gprs gtp statistics command in privileged EXEC configuration mode.

clear gprs gtp statistics

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

Privileged EXEC

Command History

Usage Guidelines

Use the clear gprs gtp statistics command to clear the current GPRS GTP statistics. This command clears the counters that are displayed by the show gprs gtp statistics command.

Note The clear gprs gtp statistics command does not clear the counters that are displayed by the show gprs gtp status command.

Examples

The following example clears the GPRS GTP statistics:

GGSN# clear gprs gtp statistics

clear gprs iscsi statistics

To clear the current GPRS-related iSCSI statistics, use the clear gprs iscsi statistics command in privileged EXEC configuration mode.

clear gprs iscsi statistics

Syntax Description

This command has no arguments or keywords.

Command Default

No default behavior or values.

Command Modes

Privileged EXEC

Command History

Usage Guidelines

The clear gprs iscsi statistics command clears the statistics displayed using the show gprs iscsi statistics privileged EXEC command.

Examples

The following example clears GGSN iSCSI-related statistics:

clear gprs iscsi statistics

Related Commands

clear gprs redundancy statistics

To clear statistics related to GPRS tunneling protocol (GTP) session redundancy (GTP-SR), use the clear gprs redundancy statistics command in privileged EXEC configuration mode.

clear gprs redundancy statistics

Syntax Description

This command has no arguments or keywords.

Defaults

Disabled.

Command Modes

Privileged EXEC

Command History

Usage Guidelines

Use the clear gprs redundancy statistics command to clear the GTP-SR statistics that are displayed using the show gprs redundancy command.

Examples

The following example clears all redundancy-related statistics:

clear gprs redundancy statistics

Related CommandsRouter# debug gprs gtp events

clear gprs service-aware statistics

To clear statistics (message and error counts) related to the service-aware features of the gateway GPRS support node (GGSN), use the clear ggsn quota-server statistics command in privilege EXEC configuration mode.

clear gprs service-aware statistics

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

Privilege EXEC

Command History

Usage Guidelines

Use the clear gprs service-aware statistics command to clear statistics related to the service-aware features of the GGSN (displayed using the show gprs service-aware statistics command).

Examples

The following configuration example clears all statistics related to the service-aware features of the GGSN:

clear gprs service-aware statistics

Related Commands 

.

clear gprs slb statistics

To clear Cisco IOS Server Load Balancing (SLB) statistics, use the clear gprs slb statistics command in privileged EXEC configuration mode.

clear gprs slb statistics

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

Privileged EXEC

Command History

Usage Guidelines

Use the clear gprs slb statistics command to clear Cisco IOS SLB statistics. This command clears the counters that are displayed by the show gprs slb statistics command.

Examples

The following example clears the Cisco IOS SLB statistics:

GGSN# clear gprs slb statistics

Related Commands

clear gprs statistics all

To clear all gateway GPRS support node (GGSN) counters and statistics (both global and per-access point name [APN]), use the clear gprs statistics command in privileged EXEC mode.

clear gprs statistics all

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

Privileged EXEC

Command History

Usage Guidelines

Use the clear gprs statistics all command to clear, and to reset to 0, the global and per-APN GPRS and Universal Mobile Telecommunication Systems (UMTS) statistics displayed by the following show commands:

•show gprs service-aware statistics

•show ggsn quota-server statistics

•show ggsn csg statistics

•show gprs gtp path statistics remote-address

•show gprs access-point statistics

•show gprs gtp statistics

After issuing the clear gprs statistics all command, you will be prompted for confirmation before the counters and statistics are cleared.

Examples

The following example clears all GPRS/UMTS global and access point counters and statistics:

clear gprs statistics all

Related Commands

.

clear ip iscsi statistics

To clear current iSCSI statistics, use the clear ip iscsi statistics command in privileged EXEC configuration mode.

clear ip iscsi statistics

Syntax Description

This command has no arguments or keywords.

Command Default

No default behavior or values.

Command Modes

Privileged EXEC

Command History

Usage Guidelines

The clear ip iscsi statistics command clears the statistics displayed using the show ip iscsi stats privileged EXEC command.

Examples

The following example clears iSCSI-related statistics:

clear ip iscsi statistics

Related Commands

clear record-storage-module stats

To clear current record storage module (RSM) statistics, use the clear record-storage-module stats command in privileged EXEC configuration mode.

clear record-storage-module stats

Syntax Description

This command has no arguments or keywords.

Command Default

No default behavior or values.

Command Modes

Privileged EXEC

Command History

Usage Guidelines

The clear record-storage-module stats command clears the statistics displayed using the show record-storage-module stats privileged EXEC command.

Examples

The following example clears RSM-related statistics:

clear record-storage-module stats

Related Commands

content dcca profile

To specify a Diameter credit control application (DCCA) client to use to communicate with a DCCA server in a gateway GPRS support node (GGSN) charging profile, use the dcca profile command in charging profile configuration mode. To remove the profile configuration, use the no form of this command.

content dcca profile dcca-profile-name

no content dcca profile

Syntax Description

Defaults

No default behavior or values.

Command Modes