WiFi Command Reference

Command Hierarchies

  1. WLAN-GW Commands
  2. WLAN-GW Service Commands
  3. RADIUS Server and Proxy Commands
  4. LUDB Matching for RADIUS Proxy Cache
  5. Data Plane Related Commands
  6. Port Policy Commands
  7. WIFI Aggregation and Offload – Migrant User Support Commands
  8. Distributed Subscriber Management Commands
  9. Show Commands
  10. Debug Commands
  11. Tools Commands
  12. Clear Commands

WLAN-GW Commands

Note:

The wlan-gw commands apply only to the 7750 SR platform.

config
subscriber-mgmt
wlan-gw
distributed-sub-mgt
virtual-chassis-identifier dual-homing-key
— no virtual-chassis-identifier
configure
— router
wlan-gw
distributed-sub-mgmt
ipv6-tcp-mss-adjust segment-size
— no ipv6-tcp-mss-adjust
mobility-triggered-acct
interim-update
— no interim-update

Subscriber Management BRG Commands

configure
— subscriber-mgmt
brg-profile profile-name [create]
— no brg-profile profile-name
connectivity-verification [count nr-of-attempts] [timeout timeout-seconds] [retry-time retry-seconds]
— no connectivity-verification
description description-string
— no description
dhcp-pool
lease-time seconds
— no lease-time
options
custom-option option-number address [ip-address (up to 4 max)]
custom-option option-number hex hex-string
custom-option option-number string ascii-string
— no custom-option option-number
standby-ip-lifetime [seconds]
— no standby-ip-lifetime
subnet ip-prefix/prefix-length start ip-address end ip-address
hold-time seconds
— no hold-time
initial-hold-time seconds
— no initial-hold-time
radius-authentication
password password [hash | hash2]
— no password
radius-server-policy policy-name
— no radius-server-policy
[no] radius-proxy-server router router-instance name server-name
radius-server-policy string
— no radius-server-policy
sla-profile-string string
— no sla-profile-string
sub-profile-string string
— no sub-profile-string

DSM Call Trace Commands

configure
call-trace
location {cf1 | cf2}
[no] disable
size-limit limit-value
— no size-limit
max-files-number number
primary-cf cflash-id
trace-profile profile-name [create]
— no trace-profile profile-name
description description-string
— no description
live-output ip-address | fqdn [port port] [router {router-instance |service-name service-name}]
— no live-output
size-limit limit-value
time-limit limit-value

WLAN-GW Service Commands

configure
— service
— vprn service-id/ies service-id
wlan-gw
distributed-sub-mgmt
ipv6-tcp-mss-adjust segment-size
— no ipv6-tcp-mss-adjust
mobility-triggered-acct
interim-update
— no interim-update
— subscriber-interface ip-int-name
group-interface ip-int-name [create]
group-interface ip-int-name [create] lns
group-interface ip-int-name [create] wlangw
— no group-interface ip-int-name
brg
[no] authenticated-brg-only
default-brg-profile profile-name
— no default-brg-profile
[no] shutdown
ip-mtu octets
— no ip-mtu
dhcp
l2-aware-ip-address ip-address
l2-aware-ip-address from-pool
— no l2-aware-ip-address
sap-parameters
anti-spoof {ip-mac | nh-mac}
— no anti-spoof
description description-string
— no description
sub-sla-mgmt
def-app-profile app-profile-name
— no def-app-profile
def-sla-profile sla-profile-name
— no def-sla-profile
def-sub-id {use-auto-id | string sub-id}
— no def-sub-id
def-sub-profile sub-profile-name
— no def-sub-profile
sub-ident-policy policy-name
— no sub-ident-policy
egress
[no] agg-rate-limit
[no] limit-unused-bandwidth
[no] queue-frame-based-accounting
rate kilobits-per-second
— no rate
hold-time infinite
hold-time [1..86400]
— no hold-time
qos policy-id
— no qos
scheduler-policy scheduler-policy-name
— no scheduler-policy
[no] shape-multi-client-only
shaping {per-retailer | per-tunnel}
— no shaping
gw-address ip-address
— no gw-address
gw-ipv6-address ipv6-address
— no gw-ipv6-address
learn-ap-mac [delay-auth]
— no learn-ap-mac
l2-access-points
l2-ap sap-id [create]
— no l2-ap sap-id
encap-type {default | null | dot1q | qinq}
— no encap-type
epipe-sap-template name
— no epipe-sap-template
[no] shutdown
l2-ap-encap-type {null | dot1q | qinq}
— no l2-ap-encap-type
mobility
hold-time time in s
— no hold-time
trigger [data] [iapp] [control]
— no trigger
[no] multi-tunnel-type
[no] oper-down-on-group-degrade
router router-instance
— no router
[no] shutdown
tcp-mss-adjust segment-size
— no tcp-mss-adjust
tunnel-encaps
learn-l2tp-cookie {if-match | never | always} [cookie hex string]
— no learn-l2tp-cookie
vlan-tag-ranges
range start [0 to 4096] end [0 to 4096]
range default
— no range start [0 to 4096] end [0 to 4096]
authenticate-on-dhcp
authentication
authentication-policy policy-name
— no authentication-policy
hold-time [hrs hours] [min minutes] [sec seconds]
vlan-mismatch-timeout seconds
— no vlan-mismatch-timeout
brg
[no] authenticated-brg-only
default-brg-profile profile-name
— no default-brg-profile
[no] shutdown
[no] data-triggered-ue-creation
dhcp
active-lease-time [hrs hours] [min minutes] [sec seconds]
— no active-lease-time
initial-lease-time [hrs hours] [min minutes] [sec seconds]
— no initial-lease-time
l2-aware-ip-address ip-address
l2-aware-ip-address from-pool
— no l2-aware-ip-address
primary-dns ip-address
— no primary-dns
primary-nbns ip-address
— no primary-nbns
secondary-dns ip-address
— no secondary-dns
secondary-nbns ip-address
— no secondary-nbns
[no] shutdown
dhcp6
active-preferred-lifetime [hrs hours] [min minutes] [sec seconds]
— no active-preferred-lifetime
active-valid-lifetime [hrs hours] [min minutes] [sec seconds]
— no active-valid-lifetime
initial-preferred-lifetime [hrs hours] [min minutes] [sec seconds]
— no initial-preferred-lifetime
initial-valid-lifetime [hrs hours] [min minutes] [sec seconds]
— no initial-valid-lifetime
[no] shutdown
distributed-sub-mgmt
accounting-policy policy-name
— no accounting-policy
accounting-update-interval [5..259200]
— no accounting-update-interval
[no] collect-aa-acct-stats
def-app-profile
def-app-profile profile-name
— no def-app-profile
dsm-ip-filter dsm-ip-filter-name
— no dsm-ip-filter
egress-policer [256 chars max]
— no egress-policer
ingress-policer policer-name
— no ingress-policer
one-time-redirect url rdr-url-string port port-num
— no one-time-redirect
[no] shutdown
idle-timeout action idle-timeout-action
— no idle-timeout
http-redirect-policy policy-name
— no http-redirect-policy
l2-service service-id
— no l2-service
description description-string
— no description
[no] shutdown
nat-policy policy-name
— no nat-policy
retail-svc-id service-id
[no] router-advertisements
[no] current-hop-limit limit
[no] track-mobility
default-retail-svc-id service-id
— no default-retail-svc-id
vlan start [0..4095] end [0..4095] retail-svc-id service-id
— no vlan start [0..4095] end [0..4095]
wlan-gw-group group-id
— no wlan-gw-group
— no] shutdown
pool-manager
dhcpv6-client
dhcpv4-nat
link-addr ipv6-address
— no link-addr
pool-name name
— no pool-name
[no] shutdown
ia-na
link-addr ipv6-address
— no link-addr
pool-name name
— no pool-name
[no] shutdown
lease-query [max-retry Max nbr of retries]
— no lease-query
server ipv6-address [ipv6-address... (up to 8 max)]
— no server [ipv6-address [ipv6-address... (up to 8 max)]]
slaac
link-addr ipv6-address
— no link-addr
pool-name name
— no pool-name
[no] shutdown
source-ip ipv6-address
— no source-ip
watermarks high high-percentage low low-percentage
— no watermarks
wlan-gw-group nat-group-id
— no wlan-gw-group
redundancy
export ip-prefix/length
— no export
monitor ip-prefix/length
— no monitor
[no] shutdown
configure
— service
— vpls service-id
— wlan-gw
description description-string
— no description
sap-template sap template
— no sap-template
[no] shutdown

RADIUS Server and Proxy Commands

configure
— aaa
acct-on-off-group group-name [create]
— no acct-on-off-group group-name
description description-string
— no description
radius-server-policy policy-name [create]
— no radius-server-policy policy-name
accept-script-policy policy-name
— no accept-script-policy
acct-on-off monitor-group group-name
acct-on-off oper-state-change [group group-name]
— no acct-on-off
acct-request-script-policy policy-name
— no acct-request-script-policy
auth-request-script-policy policy-name
— no auth-request-script-policy
[no] buffering
acct-interim min min-val max max-val lifetime lifetime
— no acct-interim
acct-stop min min-val max max-val lifetime lifetime
— no acct-stop
description description-string
— no description
servers
access-algorithm {direct | round-robin | hash-based}
— no access-algorithm
[no] disable-stickiness
health-check
test-account
interval seconds
— no interval
password password [hash | hash2]
— no password
[no] shutdown
user-name user-name
— no user-name
hold-down-time [sec seconds] [min minutes] [hrs hours] [days days]
— no hold-down-time
ipv6-source-address ipv6-address
— no ipv6-source-address
router router-instance
router service-name service-name
— no router
server server-index name server-name
— no server server-index
source-address ip-address
— no source-address
timeout [sec seconds] [min minutes]
— no timeout
configure
— router
radius-server
server server-name [address ip-address] [secret key ] [hash | hash2] [port port] [create]
— no server server-name
[no] accept-coa
acct-port port
— no acct-port
auth-port port
— no auth-port
coa-script-policy script-policy-name
— no coa-script-policy
description description-string
— no description
pending-requests-limit limit
— no pending-requests-limit
configure
— router
radius-proxy
server server-name [create] [purpose {[accounting | authentication ]}] [wlan-gw-group group-id]
— no server server-name
attribute-matching
entry [1..32] [prefix-string prefix-string] [accounting-server-policy policy-name] [authentication-server-policy policy-name] [suffix-string suffix-string]
— no entry [1..32] [
type [1..255] [vendor-id vendor-id]
— no type
cache
key packet-type {accept | request} attribute-type attribute-type [vendor vendor-id]
— no key
[no] shutdown
timeout [hrs hours] [min minutes] [sec seconds]
— no timeout
track-accounting [start] [stop] [interim-update] [accounting-on] [accounting-off]
— no track-accounting
track-authentication [accept]
— no track-authentication
track-delete-hold-time seconds
— no track-delete-hold-time
default-accounting-server-policy policy-name
— no default-accounting-server-policy
default-authentication-server-policy policy-name
— no default-authentication-server-policy
description description-string
— no description
[no] interface interface-name
load-balance-key [vendor vendor-id [vendor-id...(upto 5 max)]] attribute-type attribute-type [attribute-type...(upto 5 max)]
load-balance-key source-ip-udp
— no load-balance-key
python-policy name
— no python-policy
secret secret [hash | hash2]
— no secret
[no] send-accounting-response
[no] shutdown
configure
— service
— vprn
radius-proxy
server server-name [create] [purpose {[accounting | authentication ]}] [wlan-gw-group group-id]
— no server server-name
[no] accept-coa
acct-port port
— no acct-port
attribute-matching
entry [1..32] [prefix-string prefix-string] [accounting-server-policy policy-name] [authentication-server-policy policy-name] [suffix-string suffix-string]
— no entry [1..32]
type [1..255] [vendor-id vendor-id]
— no type
auth-port port
— no auth-port
cache
key packet-type {accept | request} attribute-type attribute-type [vendor vendor-id]
— no key
[no] shutdown
timeout [hrs hours] [min minutes] [sec seconds]
— no timeout
track-accounting [stop] [interim-update] [accounting-on] [accounting-off]
— no track-accounting
coa-script-policy script-policy-name
— no coa-script-policy
default-accounting-server-policy policy-name
— no default-accounting-server-policy
default-authentication-server-policy policy-name
— no default-authentication-server-policy
description description-string
— no description
[no] interface interface-name
load-balance-key [vendor vendor-id [vendor-id...(upto 5 max)]] attribute-type attribute-type [attribute-type...(upto 5 max)]
load-balance-key source-ip-udp
— no load-balance-key
pending-requests-limit limit
— no pending-requests-limit
secret secret [hash | hash2]
— no secret
[no] send-accounting-response
[no]shutdown

LUDB Matching for RADIUS Proxy Cache

config
— subscriber-mgmt
local-user-db local-user-db-name [create]
— no local-user-db local-user-db-name
dhcp
— host
match-radius-proxy-cache
fail-action {continue | drop}
— no fail-action
mac-format mac-format
— no mac-format
match {circuit-id | mac | remote-id}
match option [1..254]
— no match
server [service service-id] name server-name
— no server

Data Plane Related Commands

config
— isa
wlan-gw-group wlan-gw-group-id [create]
— no wlan-gw-group wlan-gw-group-id
active-iom-limit number
— no active-iom-limit
description description-string
— no description
[no] distributed-sub-mgmt
isa-aa-group aa-group-id
— no isa-aa-group
iom slot-number type {[load-balancer] [ue-anchor]}
— no iom slot-number
nat
radius-accounting-policy nat-accounting-policy
— no radius-accounting-policy
session-limits
reserved num-sessions
— no reserved
watermarks high percentage low percentage
— no watermarks
[no] description

Port Policy Commands

config
port-policy policy-name [create]
— no port-policy policy-name
description description-string
— no description
egress-scheduler-policy port-sched-plcy
— no egress-scheduler-policy

WIFI Aggregation and Offload – Migrant User Support Commands

configure
— subscriber-mgmt
http-redirect-policy policy-name [create]
— no http-redirect-policy policy-name
description description-string
— no description
dst-port tcp-port
— no dst-port
forward-entries
dst-ip ip-address protocol ip-protocol dst-port port-number
dst-ip ip-address protocol ip-protocol dst-port port-number prefix-length prefix-length
— no dst-ip ip-address protocol ip-protocol dst-port port-number
portal-hold-time seconds
— no portal-hold-time
url rdr-url-string
— no url

Distributed Subscriber Management Commands

config
— router
— subscriber-management
— wlan-gw
dsm-ip-filter name [create]
— no dsm-ip-filter name
default-action {drop | forward}
— no default-action
description description-string
— no description
entry entry-id [create]
— no entry entry-id
action {drop | forward | none}
— no action
description description-string
— no description
match protocol {any | icmp | tcp | udp | gre}
— no match
dst-ip ip-prefix/length
— no dst-ip
dst-port operator port-number
— no dst-port
— ipv6
default-action {drop | forward}
— no default-action
entry entry-id [create]
— no entry entry-id
action {drop | forward | none}
— no action
description description-string
— no description
match protocol {any | icmp | tcp | udp | gre}
— no match
dst-ip ipv6-address/prefix-length
— no dst-ip
dst-port operator port-number
— no dst-port
dsm-policer policer-name [type policer-type] [create]
— no dsm-policer policer-name
action {permit-deny | priority-mark}
— no action
adaptation-rule pir {max | min | closest} [cir {max | min | closest}]
— no adaptation-rule
cbs burst-size
— no cbs
description description-string
— no description
mbs burst-size
— no mbs
rate rate [cir rate]
— no rate
config
— service
— vprn service-id/ies service-id
— subscriber-inteface
group-interface ip-int-name [create]
group-interface ip-int-name [create] lns
group-interface ip-int-name [create] wlangw
— no group-interface ip-int-name
wlan-gw
vlan-tag-ranges
range start [0..4096] end [0..4096]
range default
— no range start [0..4096] end [0..4096]
distributed-sub-mgmt
accounting-policy policy-name
— no accounting-policy
accounting-update-interval
accounting-update-interval [5..259200]
— no accounting-update-interval
def-app-profile
def-app-profile profile-name
— no def-app-profile
dsm-ip-filter
dsm-ip-filter dsm-ip-filter-name
— no dsm-ip-filter
egress-policer
egress-policer [256 chars max]
— no egress-policer
ingress-policer
ingress-policer policer-name
— no ingress-policer
one-time-redirect
one-time-redirect url rdr-url-string port port-num
— no one-time-redirect
[no] shutdown

Show Commands

show
call-trace
files [running|finished] [detail]
status
trace-profile [detail]
trace-profile profile-name
wlan-gw
ue [ieee-address] [detail]
— router
radius-proxy-server server-name
radius-proxy-server server-name cache
radius-proxy-server server-name cache hex-key hex-string
radius-proxy-server server-name cache string-key string
radius-proxy-server server-name cache summary
radius-proxy-server server-name statistics
radius-proxy-server
wlan-gw
isa-subnets [detail]
isa-subnets [detail] interface interface-name
isa-subnets prefix ipv6-address/prefix-length
mgw-address-cache [arec] [snaptr] [srv]
mgw-address-cache apn apn-domain-string
mgw-map
mobile-gateway [mgw-profile profile-name] [local-address ip-address] [control protocol] [interface-type interface-type]
mobile-gateway remote-address ip-address [udp-port port]
mobile-gateway remote-address ip-address [udp-port port] statistics
soft-gre-tunnel-qos [detail]
soft-gre-tunnel-qos remote-ip ip-address [local-ip ip-address] [detail]
soft-gre-tunnels local-ip ip-address remote-ip ip-address ue
soft-gre-tunnels [local-ip ip-address] [remote-ip ip-address] [isa-group wlan-gw-group-id] [member [1..255]] [summary] [detail]
soft-gre-tunnels local-ip ip-address remote-ip ip-address ue
tunnels [local-ipip-address] [remote-ip ip-address] [isa-group wlan-gw-group-id] [member [1..255]] [summary] [detail]
tunnels local-ip ip-address remote-ip ip-address ue
show
— aaa
acct-on-off-group group-name
radius-server-policy policy-name [acct-on-off]
radius-server-policy policy-name associations
radius-server-policy policy-name msg-buffer-stats
radius-server-policy policy-name statistics
radius-server-policy [acct-on-off]
show
— isa
wlan-gw-group wlan-gw-group-id
wlan-gw-group wlan-gw-group-id associations
wlan-gw-group wlan-gw-group-id member [1..255] [statistics]
wlan-gw-group
show
— subscriber-mgmt
— brg
gateway brg-id brg-ident standby-ip-addresses
— wlan-gw
gtp-session imsi imsi apn apn-string
gtp-session [mgw-address ip-address] [mgw-router router-instance] [remote-control-teid teid] [local-control-teid teid] [detail]
gtp-session imsi imsi
gtp-statistics
mgw-profile profile-name
mgw-profile profile-name associations
mgw-profile
ssid
statistics
ue [vlan qtag] [mpls-label label] [retail-svc-id service-id] [ssid service-set-id] [previous-access-point ip-address]
ue mac ieee-address

Debug Commands

debug
call-trace
[no] wlan-gw
ue ieee-address [profile trace-profile-name]
— no ue ieee-address

Tools Commands

tools
— perform
— aaa
acct-on [radius-server-policy policy-name] [force]
acct-off acct-off [radius-server-policy policy-name] [force] [acct-terminate-cause number]
— dump
— aaa
radius-acct-terminate-cause
radius-server-policy policy-name msg-buffer [session-id acct-session-id]]
— wlan-gw
ue

Clear Commands

clear
— aaa
radius-server-policy policy-name msg-buffer [acct-session-id acct-session-id]
radius-server-policy policy-name statistics [msg-buffer-only]
radius-server-policy policy-name server server-index statistics
clear
— router
— wlan-gw
isa-subnets all
isa-subnets interface intfip-int-name
isa-subnets prefix ipv6-address/prefix-length

WIFI Aggregation and Offload Commands

WIFI Aggregation and Offload Commands

Generic Commands

description

Syntax 
description description-string
no description
Context 
config>aaa>acct-on-off-grp
config>aaa>radius-srv-plcy
config>isa>wlan-gw-group
config>router>radius-server>server
config>router>radius-proxy>server
config>service>vprn>radius-proxy>server
config>service>vprn>radius-server>server
config>subscr-mgmt>wlan-gw>mgw-profile
config>service>ies>sub-if>grp-if>wlan-gw
config>service>vprn>sub-if>grp-if>wlan-gw
config>service>ies>sub-if>grp-if>sap-parameters
config>service>vprn>sub-if>grp-if>sap-parameters
config>subscr-mgmt>wlan-gw>dsm>dsm-ip-filter
config>subscr-mgmt>wlan-gw>dsm>dsm-ip-filter>ipv6
config>call-trace>trace-profile
Description 

This command creates a text description stored in the configuration file for a configuration context.

The description command associates a text string with a configuration context to help identify the context in the configuration file.

The no form of this command removes any description string from the context.

Default 

No description is associated with the configuration context.

Parameters 
description-string—
A text string describing the entity. Allowed values are any string up to 80 characters long composed of printable, 7-bit ASCII characters excluding double quotes. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes.

shutdown

Syntax 
[no] shutdown
Context 
config>router>radius-proxy>cache
config>router>radius-proxy>server>cache
config>router>radius-proxy>server
config>service>vprn>radius-proxy>server>cache
config>service>vprn>radius-proxy>server
config>service>ies>sub-if>grp-if>wlan-gw
config>service>vprn>sub-if>grp-if>wlan-gw
config>service>ies>sub-if>grp-if>wlan-gw>pool-mgr>dhcpv6-clnt>slaac
config>service>vprn>sub-if>grp-if>wlan-gw>pool-mgr>dhcpv6-clnt>slaac
config>service>ies >sub-if>grp-if>wlan-gw>pool-mgr>dhcpv6-clnt>ia-na
config>service>vprn>sub-if>grp-if>wlan-gw>pool-mgr>dhcpv6-clnt>ia-na
config>service>ies>sub-if>grp-if>wlan-gw>pool-manager>dhcpv6-clnt>dhcpv4-nat
config>service>vprn>sub-if>grp-if>wlan-gw>pool-manager>dhcpv6-clnt>dhcpv4-nat
config>service>vprn>sub-if>grp-if>wlan-gw>vlan-ranges>range>brg config>service>ies>sub-if>grp-if>wlan-gw>vlan-ranges>range>brg config>service>vprn>sub-if>grp-if>brg config>service>ies>sub-if>grp-if>brg
Description 

The shutdown command administratively disables the entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics. Many entities must be explicitly enabled using the no shutdown command.

The shutdown command administratively disables an entity. The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they can be deleted.

Unlike other commands and parameters where the default state is not indicated in the configuration file, shutdown and no shutdown are always indicated in system generated configuration files.

The no form of the command puts an entity into the administratively enabled state.

Default 

no shutdown

subscriber-mgmt

Syntax 
subscriber-mgmt
Context 
config
Description 

This command enables the context to configure subscriber management entities. A subscriber is uniquely identified by a subscriber identification string. Each subscriber can have several DHCP sessions active at any time. Each session is referred to as a subscriber host and is identified by its IP address and MAC address.

All subscriber hosts belonging to the same subscriber are subject to the same hierarchical QoS (HQoS) processing. The HQoS processing is defined in the sub-profile (the subscriber profile). A sub-profile refers to an existing scheduler policy (configured in the config>qos>scheduler-policy context) and offers the possibility to overrule the rate of individual schedulers within this policy.

Because all subscriber hosts use the same scheduler policy instance, they must all reside on the same complex.

WLAN-GW Commands

Note:

The wlan-gw commands apply only to the 7750 SR platform.

wlan-gw

Syntax 
[no] wlan-gw
Context 
config>subscriber-mgmt
config>router
config>service>vprn
Description 

This command enables the context to configure WLAN Gateway parameters.

distributed-sub-mgt

Syntax 
distributed-sub-mgmt
Context 
config>subscr-mgmt>wlan-gw
Description 

This command enables the context to configure profiles, templates, and policies that can be applied to DSM subscribers.

dsm-ip-filter

Syntax 
dsm-ip-filter filter-name
no dsm-ip-filter filter-name
Context 
config>subscr-mgmt>wlan-gw>dsm
Description 

This command configures a set of filter rules that can be applied to a DSM UE.

The no form of the command can only be executed if no entries are configured under this filter.

Default 

none

Parameters 
filter-name
Specifies the name of the filter.

description

Syntax 
description description-string
no description
Context 
config>subscr-mgmt>wlan-gw>dsn>dsm-ip-filter
config>subscr-mgmt>wlan-gw>dsm>dsm-ip-filter>ipv6>entry
config>subscr-mgmt>wlan-gw>dsm>dsm-policer
Description 

This command creates a text description stored in the configuration file for a configuration context.

The description command associates a text string with a configuration context to help identify the context in the configuration file.

The no form of the command removes any description string from the context.

Default 

none

Parameters 
description-string
A text string describing the entity. Allowed values are any string up to 80 characters long composed of printable, 7-bit ASCII characters, excluding double quotation marks (“ ”). If the string contains special characters (such as #, $, spaces, etc.), the entire string must be enclosed in double quotation marks (“ ”).

default-action

Syntax 
default-action {drop | forward}
no default-action
Context 
config>subscr-mgmt>wlan-gw>dsm>dsm-ip-filter
config>subscr-mgmt>wlan-gw>dsm>dsm-ip-filter>ipv6
Description 

This command specifies what should happen to packets that do not match any of the configured entries.

The no form of the command reverts to the default value.

Default 

default-action drop

Parameters 
drop
Specifies that packets matching the filter entry are dropped.
forward
Specifies that packets matching the filter entry are forwarded.

entry

Syntax 
entry entry-id [create]
no entry entry-id
Context 
config>subscr-mgmt>wlan-gw>dsm>dsm-ip-filter
config>subscr-mgmt>wlan-gw>dsm>dsm-ip-filter>ipv6
Description 

This command creates a new entry for this filter. When processing a packet, entries are matched in order, starting with the lowest entry-id. A maximum of 128 IPv4 and 128 IPv6 DSM filter entries are allowed.

The no form of the command reverts to the default value.

Default 

none

Parameters 
entry-id
The numeric identifier for the filter entry.

action

Syntax 
action {drop | forward | none}
no action
Context 
config>subscr-mgmt>wlan-gw>dsm>dsm-ip-filter
config>subscr-mgmt>wlan-gw>dsm>dsm-ip-filter>ipv6>entry
Description 

This command specifies what should happen to packets that do match this entry. If the configured action is none, this entry is not applied and processing continues to match against subsequent entries.

The no form of the command reverts to the default value.

Default 

action none

Parameters 
drop
Drops the packet.
forward
Forwards the packet.
none
Disables this entry. Packet processing continues with the next entry.

match

Syntax 
match protocol {any | icmp | tcp | upd | gre}
no match
Context 
config>subscr-mgmt>wlan-gw>dsm>dsm-ip-filter
config>subscr-mgmt>wlan-gw>dsm>dsm-ip-filter>ipv6>entry
Description 

This command creates a match context for this entry. The protocol value specifies which Layer-4 protocol the packet should match.

The no form of the command removes the match context of this entry.

Default 

no match

Parameters 
protocol
The only supported match context is protocol.
any
Specifies to match any protocol.
icmp
Specifies to match ICMP packets in a v4 filter.
tcp
Specifies to match TCP packets.
udp
Specifies to match UDP packets.
gre
Specifies to match GRE over IP packets.

dst-port

Syntax 
dst-port operator port-number
no dst-port
Context 
config>subscr-mgmt>wlan-gw>dsm>dsm-ip-filter>entry>match
config>subscr-mgmt>wlan-gw>dsm>dsm-ip-filter>ipv6>entry>match
Description 

This command specifies that the packet’s UDP/TCP dst-port must match a specific value. This command is not valid in a match context that is not specific to UDP or TCP.

The no form of the command removes matching of the layer-4 port.

Default 

no dst-port

Parameters 
operator
The only supported value is eq (equal to); the destination port value must be equal to the port-number value.
port-number
[0..65535] The number of the port to match.

dst-ip

Syntax 
dst-ip ip-prefix/length
no dst-ip
Context 
config>subscr-mgmt>wlan-gw>dsm>dsm-ip-filter>entry
Description 

This command specifies that the packet’s destination IP address must match the specified IP prefix and mask.

The no form of the command disables the match on the destination IP.

Default 

no dst-ip

Parameters 
ip-prefix/length
The IP prefix to match.

dsm-policer

Syntax 
dsm-policer policer-name [type policer-type] [create]
no dsm-policer policer-name
Context 
config>subscr-mgmt>wlan-gw>dsm
Description 

This command creates a policer profile that can be applied to a DSM host. When creating a profile the first time, the create and type parameters are required.

The WLAN-GW allows configuration of single-rate and dual-rate bucket policers.

The no form of the command removes the profile.

Default 

none

Parameters 
policer-name
The name by which this policer is referenced.
type policer-type
Specifies the policer type. The dual-bucket-bandwidth policer applies both a CIR and PIR.
Values—
single-bucket-bandwidith, dual-bucket-bandwidith

action

Syntax 
action {permit-deny | priority-mark}
no action
Context 
config>subscr-mgmt>wlan-gw>dsm>dsm-policer
Description 

This command specifies what happens to packets that are in-profile and out-of-profile.

The no form of the command reverts to the default value.

Default 

action permit-deny

Parameters 
permit-deny
Drop all packets that are out of profile (do not conform to the PIR).
priority-mark
Currently not supported. The policer will take no action.

adaptation-rule

Syntax 
adaptation-rule pir {max | min | closest} [cir {max | min | closest}]
no adaptation-rule
Context 
config>subscr-mgmt>wlan-gw>dsm>dsm-policer
Description 

This command specifies what happens to packets that are in-profile and out-of-profile.

The no form of the command reverts to the default value.

Default 

action permit-deny

Parameters 
max
The operational rate at its maximum may be the configured rate. The first operational value that is smaller or equal to the configured rate will be chosen.
min
The operational rate at its minimum must be the configured rate. The first operational value that is bigger or equal to the configured rate will be chosen.
closest
The system chooses the operational value—either lower or higher—that is closest to the configured value.

cbs

Syntax 
cbs burst-size
no cbs
Context 
config>subscr-mgmt>wlan-gw>dsm>dsm-policer
Description 

This command specifies the committed burst-size value of this policer. This can only be set on dual-bucket-bandwidth policers.

The no form of the command reverts to the default value.

Default 

cbs 0

Parameters 
burst-size
[0..131071] The committed burst-size in kilobytes.

mbs

Syntax 
mbs burst-size
no mbs
Context 
config>subscr-mgmt>wlan-gw>dsm>dsm-policer
Description 

This command specifies the maximum burst-size value of this policer. This can only be set on dual-bucket-bandwidth policers.

The no form of the command reverts to the default value.

Default 

mbs 0

Parameters 
burst-size
[0..131071] The maximum burst-size in kbytes.

rate

Syntax 
rate rate [cir rate]
no rate
Context 
config>subscr-mgmt>wlan-gw>dsm>dsm-policer
Description 

This command specifies the rate at which the policer drains packets. The cir rate value is only supported on dual-bucket-bandwidth policers. If rate max is configured, no rate limitations are applied.

The no form of the command reverts to the default value.

Default 

rate max

Parameters 
rate
[1..100000000|max] the rate in kb/s

virtual-chassis-identifier

Syntax 
virtual-chassis-identifier dual-homing-key
no virtual-chassis-identifier
Context 
config>subscr-mgmt>wlan-gw>mgw-profile
Description 

This command specifies a virtual chassis identifier that can link two wlan-gw’s together.

The no form of the command removes the dual-homing-key

Default 

none

Parameters 
dual-homing-key—
Specifies the name of the dual homing key up to 16 characters.

distributed-sub-mgmt

Syntax 
distributed-sub-mgmt
Context 
config>router>wlan-gw
config>service>vprn>wlan-gw
Description 

This command enables the context to configure profiles, templates and policies that can be applied to DSM subscribers.

ipv6-tcp-mss-adjust

Syntax 
ipv6-tcp-mss-adjust segment-size
no ipv6-tcp-mss-adjust
Context 
config>router>wlan-gw>dsm
config>service>wlan-gw>dsm
Description 

This command specifies the value used for TCP-MSS-adjust in the IPv6 upstream direction for DSM. The downstream direction for both IPv4 and IPv6 are both configured under the group-interface. The upstream direction for IPv4 NAT hosts is configured under the NAT policy.

The defined segment size is inserted in a TCP SYN message if there is no existing MSS option or the value in the MSS option is bigger than the configured value.

The no form of the command disables upstream TCP MSS adjust for IPv6 DSM.

Default 

no ipv6-tcp-mss-adjust

Parameters 
segment-size—
Specifies the segment size to be inserted.
Values—
160 to 10240

mobility-triggered-acct

Syntax 
mobility-triggered-acct
Context 
config>router>wlan-gw
config>service>vprn>wlan-gw
Description 

This command enters the configuration context of mobility-triggered-accounting in wlan-gw context under router or VPRN service.

Default 

none

interim-update

Syntax 
interim-update
no interim-update
Context 
config>router>wlan-gw>mobility-triggered-acct
config>service>vprn>wlan-gw>mobility-triggered-acct
Description 

This command enables generation of a flash interim accounting-update to the accounting service when change in location of the UE is detected.

The no form of the command disables generation of flash interim accounting- update to RADIUS when change in location of the UE is detected.

Default 

Not enabled

Bridged Residential Gateway Commands

brg-profile

Syntax 
brg-profile profile-name [create]
Context 
config>subscr-mgmt
Description 

This command creates the profile Bridged Residential Gateway (BRG) devices. The BRG profile specifies default parameters that are used for host management under a single BRG.

The no form of the command removes the profile name from the configuration.

Default 

none

Parameters 
profile-name—
Specifies the name of the BRG profile.

connectivity-verification

Syntax 
connectivity-verification [count nr-of-attempts] [timeout timeout-seconds] [retry-time retry-seconds]
Context 
config>subscr-mgmt>brg-profile
Description 

This command configures the BRG connectivity verification. The system uses ICMP Echo request messages for connectivity verification.

When the last host associated to a BRG is removed, a ping mechanism is used to verify if the BRG is still active. This command specifies the parameters used in this mechanism.

The no form of this command disables the BRG ping mechanism and removes the BRG without verification. Any configured hold-time still applies.

Default 

count 3 timeout 30 retry-time 900

Parameters 
count nr-of-attempts
Specifies the number of connectivity verification attempts this system makes before a BRG is considered down.
Values—
1 to 5
timeout timeout-seconds
Specifies the time, in seconds, after which an unanswered ping is considered failed.
Values—
5 to 60
retry-time retry-seconds
Specifies the time, in seconds, that the system waits while it considers a BRG down, before it starts a new connectivity verification cycle. If a ping succeeds, the mechanism will be retried after this time.
Values—
300 to 3600

dhcp-pool

Syntax 
dhcp-pool
Context 
config>subscr-mgmt>brg-profile
Description 

This command enables the context to configure per-subscriber IPv4 address pool parameters to be used for address allocation. Pools for different subscribers can overlap. Specific pool parameters can be overridden by RADIUS.

lease-time

Syntax 
lease-time seconds
no lease-time
Context 
config>subscr-mgmt>brg-profile>dhcp-pool
Description 

This command configures the lease time, in seconds, to be used when allocating addresses from the pool. This time should always be larger than the renew/rebind time.

The no form of the command reverts to the default.

Default 

600

Parameters 
seconds—
Specifies the lease time.
Values—
300 to 315446399

options

Syntax 
options
Context 
config>subscr-mgmt>brg-profile>dhcp-pool
Description 

This command enables the context to configure options that are reflected in DHCP.

Default 

none

custom-option

Syntax 
custom-option option-number address [ip-address (up to 4 max)]
custom-option option-number hex hex-string
custom-option option-number string ascii-string
no custom-option option-number
Context 
config>subscr-mgmt>brg-profile>dhcp-pool>options
Description 

This command configures DHCP options.

Default 

none

Parameters 
option-number—
Specifies the number of this DHCP option.
address [ip-address...(upto 4 max)]
Specifies the IP address.
hex hex-string
Specifies a hex string.
string ascii-string
Specifies the ASCII string.

standby-ip-lifetime

Syntax 
standby-ip-lifetime [seconds]
standby-ip-lifetime
Context 
config>subscr-mgmt>brg-profile>dhcp-pool
Description 

This command defines how long these addresses will be kept aside when standby addresses are signaled to the pool. During this time these addresses can only be used by devices explicitly requesting the IP (for example datatrigger or DHCP renew/rebind). When the timer expires the addresses will again become available for dynamic allocation.

Default 

21600

Parameters 
seconds—
Specifies the lifetime in seconds
Values—
300 to 315446399

subnet

Syntax 
subnet ip-prefix/prefix-length start ip-address end ip-address
Context 
config>subscr-mgmt>brg-profile>dhcp-pool
Description 

This command configures the subnet that will be used for the l2aware-subscriber. This subnet is only locally significant and can overlap with other subscribers. The subnet is derived by ignoring the host-bits of the ip-address. The ip address specifies the default gateway that will be signaled in DHCP along with the netmask derived from the prefix-length.

The start and end addresses specify the addresses that are suitable for allocation within the given subnet, the start and end address included. If the subnet address (host-bits 0), broadcast address (host-bits 1) or default-gw address fall in this range, they will not be considered for allocation.

Changing the subnet will only have effect for new subscribers. New and existing hosts for existing subscribers will keep allocating from the original subnet.

The no form of this command removes the subnet configuration. New l2-aware subscribers will no longer use this pool and fall back to a pool from radius. Existing subscribers will keep using the original subnet.

Default 

no subnet

Parameters 
ip-prefix/prefix-length—
Specifies the IP prefix and prefix length.
start ip-address
Specifies the starting IP address.
end ip-address
Specifies the ending IP address.

hold-time

Syntax 
hold-time seconds
no hold-time
Context 
config>subscr-mgmt>brg-profile
Description 

When the BRG should be deleted this still holds the BRG object for the specified time. This applies when connectivity-verification fails or when the last host is removed and no connectivity-verification is enabled. Hold time does not apply to an explicit removal via radius or clear commands.

The no form of the command deletes the hold-time.

Default 

no hold-time

Parameters 
seconds—
Specifies the time to hold on to a BRG after this system considered it down.
Values—
30 to 86400

initial-hold-time

Syntax 
initial-hold-time seconds
no initial-hold-time
Context 
config>subscr-mgmt>brg-profile
Description 

This command configures the time to hold on to a BRG immediately after the system detected its presence. The hold time does not apply in case this system removes the BRG context upon an explicit request

Default 

300

Parameters 
seconds —
Specifies the initial time, in seconds, to hold on to a BRG after this system considered it down.
Values—
0 to 900

radius-authentication

Syntax 
radius-authentication
Context 
config>subscr-mgmt>brg-profile
Description 

This command configures RADIUS authentication of the BRG.

radius-proxy-server

Syntax 
[no] radius-proxy-server router router-instance name server-name
Context 
config>subscr-mgmt>brg-profile
Description 

This command enables BRG processing on the specified RADIUS proxy server. Whenever an Access-Accept is received with the attribute Alc-BRG-Id present, this will trigger the creation of a BRG. The BRG will use the BRG profile specified in Access-Accept or otherwise fall-back to this BRG profile. When the specified radius-proxy-server has a cache enabled, no cache entries will be created for a transaction identified as BRG. A RADIUS proxy server can only be listed in one BRG profile.

This command can be executed multiple times.

The no form of this command removes BRG processing for the specified RADIUS proxy server.

Default 

none

Parameters 
router router-instance
Specifies the ID of the VRF where the proxy server is located.
name server-name
Specifies the name of the RADIUS proxy server.

radius-server-policy

Syntax 
radius-server-policy policy-name
no radius-server-policy
Context 
config>subscr-mgmt>brg-profile>radius-authentication
Description 

This command is used if the BRG needs to be authenticated to the PCMP by the BRG. This is required if the BRG does not perform radius authentication via the proxy itself. The BRG will originate a valid Access Request using the BRG ID as username.

The no form of this command removes the radius-server-policy from the configuration. Setup of an unauthenticated BRG will now fail.

Default 

no radius-server-policy

Parameters 
policy-name—
Specifies the RADIUS server policy up to 32 characters in length to be applied in this subscriber authentication policy.

sla-profile-string

Syntax 
sla-profile-string string
no sla-profile-string
Context 
config>subscr-mgmt>brg-profile
Description 

This command configures the SLA profile string which will be used as a default for SLA-profile lookup. This string can be overridden during BRG or host authentication.

The no form of the command removes the string from the configuration.

Default 

no sla-profile-string

Parameters 
string—
Specifies the string to use to look up the subscriber profile.

sub-profile-string

Syntax 
sub-profile-string string
no sub-profile-string
Context 
config>subscr-mgmt>brg-profile
Description 

This string will be used as a default for subscriber-profile lookup. This string can be overridden during BRG or host authentication. The no form of the command removes the string from the configuration.

Default 

no sub-profile-string

Parameters 
string—
Specifies the string used to look up the subscriber profile.

DSM Call Trace Commands

call-trace

Syntax 
call-trace
Context 
config
Description 

This command enables the context to configure parameters related to the call trace debugging tool

location

Syntax 
location {cf1|cf2}
Context 
config>call-trace
Description 

This command specifies the compact flash (CF) configuration to store call trace files.

disable

Syntax 
[no] disable
Context 
config>call-trace>location
Description 

When configured, the specified compact flash will not be used by call-trace.The no form of this command enables the compact flash for use by call-trace.

Default 

no disable

size-limit

Syntax 
size-limit limit-value
no size-limit
Context 
config>call-trace>location
Description 

This command limits the total size of call-trace files on the specified compact flash card.The no form of this command removes the size restriction.

Default 

1000

Parameters 
limit-value—
Specifies the total size of call-trace files on the specified compact flash card.
Values—
1 to 65536

max-files-number

Syntax 
max-files-number number
Context 
config>call-trace
Description 

This command configures the maximum number of files call-trace can create.

Default 

200

Parameters 
number—
Specifies the maximum number of all call trace log files stored on all compact flash cards together.
Values—
1 to 1024

primary-cf

Syntax 
primary-cf cflash-id
Context 
config>call-trace
Description 

This command specifies which compact-flash will be used as the primary CF for call-trace operation.

Default 

cf1

Parameters 
cflash-id—
Specifies the compact flash card to be used as the primary local storage location to save the generated call trace log files.
Values—
cf1, cf2

trace-profile

Syntax 
trace-profile profile-name [create]
no trace-profile profile-name
Context 
config>call-trace
Description 

This command creates a profile that can be applied to a specific trace job.

Default 

none

Parameters 
profile-name—
Specifies the unique name of the call trace profile.

live-output

Syntax 
live-output ip-address | fqdn [port port] [router {router-instance | service-name service-name}]
no live-output
Context 
config>call-trace>trace-profile
Description 

This command specifies a live output destination for this trace. When configured, captures will not be stored locally but sent (over UDP) to the server in the specified routing context. The destination can be specified as either an IP address or a DNS FQDN. The no form of this command disables live output streaming.

Default 

no live-output

Parameters 
ip-address—
Specifies the IPv4 or IPv6 address of the server to stream to.
fqdn —
Specifies the FQDN that represents the server in DNS.
port port
Specifies the UDP port on which the server will be listening.
Values—
1 to 65535
Values—
10
router router-instance
Specifies the router instance in which the live output will be forwarded.
service-name service-name
The name of the L3 service in which the live output will be forwarded.

size-limit

Syntax 
size-limit limit-value
Context 
config>call-trace>trace-profile
Description 

This command specifies a maximum of how big a trace may grow before it is stopped.

Default 

10

Parameters 
limit-value—
Specifies the maximum data volume generated by a single call trace job to the output in megabytes. After reaching the limit the call trace job for a given host is automatically terminated.
Values—
1 to 1000

time-limit

Syntax 
time-limit limit-value
Context 
config>call-trace>trace-profile
Description 

This command specifies how long a trace may run before it is stopped.

Default 

86400

Parameters 
limit-value—
Specifies the maximum duration of a single call trace job in seconds. After reaching the limit the call trace job for a given host is automatically terminated.
Values—
1 to 604800

RADIUS Server Policy Commands

acct-on-off-group

Syntax 
acct-on-off-group group-name [create]
no acct-on-off-group group-name
Context 
config>aaa
Description 

This command creates an acct-on-off-group.

An acct-on-off-group can be referenced by:

  1. A single radius-server-policy as controller — The acct-on-off oper-state of the acct-on-off-group is set to the acct-on-off oper-state of the radius-server-policy (acts as master).
  2. Multiple radius-server-policies as monitor — The acct-on-off oper-state of the radius-server-policy is inherited from the acct-on-off oper-state of the acct-on-off group. (acts as a slave).

The no form of the command deletes the acct-on-off-group.

Default 

none

Parameters 
group-name—
Specifies the name of an acct-on-off group up to 32 characters in length.

radius-server-policy

Syntax 
radius-server-policy policy-name [create]
no radius-server-policy policy-name
Context 
config>aaa
Description 

This command creates a radius-server-policy.

A radius-server-policy can be used in

  1. radius-proxy, for application like EAP authentication for WIFI access
  2. authentication policy, for Enhanced Subscriber Management authentication
  3. radius accounting policy, for Enhanced Subscriber Management accounting
  4. dynamic data service RADIUS accounting
  5. AAA route downloader

The no form of the command removes the policy name from the configuration.

Default 

none

Parameters 
policy-name—
Specifies the name of the radius-server-policy up to 32 characters in length.
create—
Keyword used to create a radius-server-policy name. The create keyword requirement can be enabled/disabled in the environment>create context.

accept-script-policy

Syntax 
accept-script-policy policy-name
no accept-script-policy
Context 
config>aaa>radius-srv-plcy
Description 

This command specifies name of the radius-script-policy to be applied for access-accept.

Default 

none

Parameters 
policy-name—
Specifies the name of the accept-script-policy up to 32 characters in length.

acct-on-off

Syntax 
acct-on-off
acct-on-off monitor-group group-name
acct-on-off oper-state-change [group group-name]
Context 
config>aaa>radius-srv-plcy
Description 

This command controls the sending of Accounting-On and Accounting-Off messages and the acct-on-off oper-state of the radius-server-policy:

acct-on-off: enables the sending of Accounting-On and Accounting-Off messages for this radius-server-policy. The acct-on-off oper-state is always not blocked.

acct-on-off oper-state-change [group group-name]: enables the sending of Accounting-On and Accounting-Off messages for this radius-server-policy. The acct-on-off oper-state is function of the Accounting-response received for the Accounting-On and Accounting-Off. Optionally, sets the acct-on-off oper-state of the acct-on-off-group.

acct-on-off monitor-group group-name: no Accounting-On and Accounting-Off messages are sent for this radius-server-policy. The acct-on-off oper-state is inherited from the acct-on-off-group.

The no form of the command disables the sending of Accounting-On and Accounting-Off messages.

Default 

no acct-on-off

Parameters 
group-name—
Specifies the name of an acct-on-off group up to 32 characters in length.

acct-on-off-group

Syntax 
acct-on-off-group group-name [create]
no acct-on-off-group group-name]
Context 
config>aaa
Description 

This command creates an acct-on-off-group.

An acct-on-off-group can be referenced by:

-a single radius-server-policy as controller: the acct-on-off oper-state of the acct-on-off-group is set to the acct-on-off oper-state of the radius-server-policy (acts as master)

-multiple radius-server-policies as monitor: the acct-on-off oper-state of the radius-server-policy is inherited from the acct-on-off oper-state of the acct-on-off group. (acts as a slave)

The no form of the command deletes the acct-on-off-group.

Default 

none

Parameters 
group-name—
Specifies the name of an acct-on-off group up to 32 characters in length.

acct-request-script-policy

Syntax 
acct-request-script-policy policy-name
no acct-request-script-policy
Context 
config>aaa>radius-srv-plcy
Description 

This command specifies the name of the acct-request-script-policy pointing to the Python script to be applied for RADIUS accounting request messages.

Default 

no acct-request-script-policy

Parameters 
policy-name—
Specifies the name of the acct-request-script-policy up to 32 characters in length.

auth-request-script-policy

Syntax 
uth-request-script-policy policy-name
no auth-request-script-policy
Context 
config>aaa>radius-srv-plcy
Description 

This command specifies the name of the auth-request-script-policy pointing to the Python script to be applied for RADIUS access request messages.

Default 

no auth-request-script-policy

Parameters 
policy-name—
Specifies the name of the auth-request-script-policy up to 32 characters in length.

buffering

Syntax 
[no] buffering
Context 
config>aaa>radius-srv-plcy
Description 

This command enables the context to configure RADIUS message buffering.

The no form of the command disables RADIUS message buffering.

Default 

none

acct-interim

Syntax 
acct-interim min min-val max max-val lifetime lifetime
no acct-interim
Context 
config>aaa>radius-srv-plcy>servers>buffering
Description 

This command enables RADIUS accounting interim update message buffering.

  1. The message is stored in the buffer, a lifetime timer is started and the message is sent to the RADIUS server
  2. If after retry*timeout seconds no RADIUS accounting response is received for the interim update then a new attempt to send the message is started after minimum[(min-val*2n), max-val] seconds.
  3. Repeat step 2 until for one of the following:
    1. a RADIUS accounting response is received.
    2. the lifetime of the buffered message expires.
    3. a new RADIUS accounting interim-update or a RADIUS accounting stop for the same accounting session-id and radius-server-policy is stored in the buffer.
    4. the message is manually purged from the message buffer via a clear command.
  4. The message is purged from the buffer.

The no form of the command disables RADIUS accounting interim update message buffering.

Default 

no acct-interim

Parameters 
min-val—
Specifies the minimum interval in seconds between attempts to resend the RADIUS accounting interim update
Values—
1 – 3600
max-val—
Specifies the maximum interval in seconds between attempts to resend the RADIUS accounting interim update
Values—
1 – 3600
lifetime—
Specifies the lifetime in hours
Values—
1 – 25

acct-stop

Syntax 
acct-stop min min-val max max-val lifetime lifetime
no acct-stop
Context 
config>aaa>radius-srv-plcy>servers>buffering
Description 

This command enables RADIUS accounting stop message buffering.

  1. The message is stored in the buffer, a lifetime timer is started and the message is sent to the RADIUS server
  2. If after retry*timeout seconds no RADIUS accounting response is received for the accounting stop, then a new attempt to send the message is started after minimum[(min-val*2n), max-val] seconds.
  3. Repeat step 2 until
    1. a RADIUS accounting response is received, or
    2. the lifetime of the buffered message expires, or
    3. the message is manually purged from the message buffer via a clear command
  4. The message is purged from the buffer.

The no form of the command disables RADIUS accounting stop message buffering.

Default 

no acct-interim

Parameters 
min-val—
Secifies the minimum interval in seconds between attempts to resend the RADIUS accounting stop
Values—
1 – 3600
max-val—
Specifies the maximum interval in seconds between attempts to resend the RADIUS accounting stop.
Values—
1 – 3600
max-val—
Specifies the lifetime in hours.
Values—
1 – 25

servers

Syntax 
servers
Context 
config>aaa>radius-srv-plcy
Description 

This command enables the context to configure radius-server-policy parameters.

access-algorithm

Syntax 
access-algorithm {direct|round-robin|hash-based}
no access-algorithm
Context 
config>aaa>radius-srv-plcy>servers
Description 

This command configures the algorithm used to select a RADIUS server from the pool of configured RADIUS servers.

Default 

direct

Parameters 
direct—
Specifies that the first server will be used as primary server for all requests, the second as secondary and so on.
round-robin—
Specifies that the first server will be used as primary server for the first request, the second server as primary for the second request, and so on. If the router gets to the end of the list, it starts again with the first server.
hash-based—
Select a RADIUS server based on the calculated hash result of the configured load-balance-key under the radius-proxy server hierarchy. This parameter is only applicable for radius-proxy server scenarios and results in an unpredictable RADIUS server selection if used in other scenarios.

disable-stickiness

Syntax 
[no] disable-stickiness
Context 
config>aaa>radius-srv-plcy>servers
Description 

This command disables a subscriber RADIUS accounting session from sticking with a single server under normal working conditions. If a direct algorithm is used, all subscriber RADIUS sessions will go directly to the server with the lowest configured index. If a failure occurs, a new in-service server with the next lowest index will be used. When the original server recovers, if stickiness is not disabled, all existing sessions will continue to use the new server. This command disables stickiness, and as a result, the recovered original RADIUS server will again service every subscriber. If a round-robin algorithm is used and stickiness is not disabled, an accounting session for a particular subscriber (or host, depending on the accounting mode) will stay with the same server. This command removes the stickiness and all subscriber accounting messages will go through the list of servers in a round-robin manner.

Default 

n/a

health-check

Syntax 
health-check
Context 
config>aaa>radius-server-policy>servers
Description 

This command performs a health check of the RADIUS server.

test-account

Syntax 
test-account
Context 
config>aaa>radius-srv-plcy>servers>health-check
Description 

This command sets up a test account as a probing mechanism to check the connectivity of all configured RADIUS authentication servers within the RADIUS server policy.

interval

Syntax 
interval seconds
no interval
Context 
config>aaa>radius-srv-plcy>servers>health-check>test-account
Description 

This command specifies the intervals at which the test account will send its access requests to probe the RADIUS servers.

Default 

no interval

Parameters 
seconds—
specifies the probing interval
Values—
1 to 60

password

Syntax 
password password [hash | hash2]
no password
Context 
config>aaa>radius-srv-plcy>servers>health-check>test-account
config>subscr-mgmt>brg-profile>radius-authentication
Description 

This command specifies the password that the test account will use to send access requests to probe the RADIUS servers.

Default 

no password

Parameters 
password—
specifies the probing password
Values—
64-character maximum string
hash—
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified
hash2—
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

shutdown

Syntax 
[no] shutdown
Context 
config>aaa>radius-srv-plcy>servers>health-check>test-account
Description 

This command disables the test account that probes the RADIUS server.

Default 

no shutdown

user-name

Syntax 
user-name user-name
no user-name
Context 
config>aaa>radius-srv-plcy>servers>health-check>test-account
Description 

This command specifies the username that the test account will use to send its access requests to probe the RADIUS servers.

Default 

no user-name

Parameters 
user-name—
the probing username, up to 64 characters in length

retry

Syntax 
retry count
no retry
Context 
config>aaa>radius-srv-plcy>servers
Description 

This command configures the number of times the router attempts to contact the RADIUS server, if not successful the first time.

Default 

3

Parameters 
count—
Specifies the number of times a signalling request message is transmitted towards the same peer.
Values—
1 to 256

router

Syntax 
router router-instance
router service-name service-name
no router
Context 
config>aaa>radius-srv-plcy>servers
Description 

This command specifies the virtual router instance applicable for the set of configured RADIUS servers. This value cannot be changed once a RADIUS server is configured for this policy.

Default 

no router

Parameters 
router-instance —
Specifies the router instance.
Values—

service-name

Service name up to 64 characters.

router-instance:

router-name, service-id

router-name:

Base, management

service-id:

1 to 2147483647

service-name—
Specifies the router name service-id up to 64 characters.

server

Syntax 
server server-index name server-name
no server server-index
Context 
config>aaa>radius-srv-plcy>servers
Description 

This command adds a RADIUS server.

The no form of the command removes a RADIUS server.

Default 

none

Parameters 
index—
The index for the RADIUS server. The index determines the sequence in which the servers are queried for authentication requests. Servers are queried in order from lowest to highest index.
Values—
1 to 5
server-name—
Specifies the server name up to 32 characters in length.

source-address

Syntax 
source-address ip-address
no source-address
Context 
config>aaa>radius-srv-plcy>servers
Description 

This command configures the source address of the RADIUS packet. The system IP address must be configured in order for the RADIUS client to work. See Configuring a System Interface in the 7750 SR OS Configuration Guide.

Note:

The system IP address must only be configured if the source-address is not specified. When the no source-address command is executed, the source address is determined at the moment the request is sent. This address is also used in the nas-ip-address attribute: over there it is set to the system IP address if no source-address was given.

The no form of the command reverts to the default value.

Default 

no source-address

Parameters 
ip-address—
Specifies the source address of radius packet.

timeout

Syntax 
timeout [sec seconds] [min minutes]
no timeout
Context 
config>aaa>radius-srv-plcy>servers
Description 

This command configures the time the router waits for a response from a RADIUS server.

The no form of the command reverts to the default value.

Default 

5 seconds

Parameters 
seconds—
Specifies the number of seconds for the timeout.
Values—
1 to 59
minutes—
Specifies the number of minutes for the timeout.
Values—
1 to 1
Values—
Max. value = 5 min 40 sec

hold-down-time

Syntax 
hold-down-time [sec seconds] [min minutes] [hrs hours] [days days]
no hold-down-time
Context 
config>aaa>radius-srv-plcy>servers
Description 

This command configures the hold time before re-using a RADIUS server.

The no form of the command reverts to the default value.

Default 

30 seconds

Parameters 
seconds—
Specifies the number of seconds for the hold down time.
Values—
1 to 59
minutes —
Specifies the number of minutes for the hold down time.
Values—
1 to 59
hours—
Specifies the number of hours for the hold down time.
Values—
1 to 23
days —
Specifies the number of days for the hold down time.
Values—
1 to 1

ipv6-source-address

Syntax 
ipv6-source-address ipv6-address
no ipv6-source-address
Context 
config>aaa>radius-srv-plcy>servers
Description 

This command configures the source address of an IPv6 RADIUS packet.

When no ipv6-source-address is configured, the system IPv6 address (inband RADIUS server connection) or Boot Option File (BOF) IPv6 address (outband RADIUS server connection) must be configured in order for the RADIUS client to work with an IPv6 RADIUS server.

This address is also used in the NAS-IPv6-Address attribute.

The no form of the command reverts to the default value.

Default 

no ipv6-source-address

Parameters 
ipv6-address—
Specifies the source address of an IPv6 RADIUS packet.

CLI Command Description for RADIUS Server

radius-server

Syntax 
radius-server
Context 
config>router
config>service>vprn
Description 

This command enters the radius-server configuration context under router or VPRN service.

Default 

none

server

Syntax 
server server-name [address ip-address] [secret key] [hash | hash2] [create]
no server server-name
Context 
config>router>radius-server
config>service>vprn>radius-server
Description 

This command either specifies an external RADIUS server in the corresponding routing instance or enters configuration context of an existing server. The configured server could be referenced in the radius-server-policy.

The no form of the command removes the parameters from the server configuration.

Default 

no

Parameters 
server-name—
Specifies the name of the external RADIUS server
address ip-address
Specifies the IPv4 or IPv6 IP address of the external RADIUS server.
secret key
Specifies the shared secret key of the external RADIUS server
hash—
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified
hash2—
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

accept-coa

Syntax 
[no] accept-coa
Context 
config>router>radius-server>server
config>service>vprn>radius-server>server
Description 

This command configures this server for Change of Authorization messages. The system will process the CoA request from the external server if configured with this command; otherwise the CoA request will be dropped.

The no form of the command disables the command.

acct-port

Syntax 
acct-port port
no acct-port
Context 
config>router>radius-server>server
config>service>vprn>radius-server>server
Description 

This command specifies the UDP listening port for RADIUS accounting requests.

The no form of the commands resets the UDP port to its default value (1813)

Default 

acct-port 1813

Parameters 
port—
Specifies the UDP listening port for accounting requests of the external RADIUS server.
Values—
1 to 65535

auth-port

Syntax 
auth-port port
no auth-port
Context 
config>router>radius-server>server
config>service>vprn>radius-server>server
Description 

This command specifies the UDP listening port for RADIUS authentication requests.

The no form of the commands resets the UDP port to its default value (1812)

Default 

auth-port 1812

Parameters 
port—
Specifies the UDP listening port for accounting requests of the external RADIUS server.
Values—
1 to 65535

coa-script-policy

Syntax 
coa-script-policy policy-name
no coa-script-policy
Context 
config>router>radius-server>server
config>service>vprn>radius-server>server
Description 

This command specifies radius-script-policy for CoA-Request sent from this RADIUS server.

The no form of the command removes the policy name from the configuration.

Default 

none

Parameters 
policy-name—
Specifies the name of radius-script-policy up to 80 characters in length.

pending-requests-limit

Syntax 
pending-request-limit limit
no pending-request-limit
Context 
config>router>radius-server>server
config>service>vprn>radius-server>server
Description 

This command specifies the per-server maximum number of outstanding requests sent to the RADIUS server. If the maximum number is exceeded, the next RADIUS server in the pool is selected.

The no form of the command removes the limit value from the configuration.

Default 

none

Parameters 
limit —
Specifies the maximum number of outstanding requests sent to the RADIUS server
Values—
1 to 4096

CLI Command Description for RADIUS Proxy Server

radius-proxy

Syntax 
radius-proxy
Context 
config>router
config>service>vprn
Description 

This command context to configure RADIUS proxy parameters.

server

Syntax 
server server-name [create] [purpose {[accounting | authentication]}] [wlan-gw-group group-id]
no server server-name
Context 
config>router>radius-proxy
config>service>vprn>radius-proxy
Description 

This command creates a RADIUS-proxy server in the corresponding routing instance. The proxy server can be configured for the purpose of proxying authentication or accounting or both.

If a WLAN-GW ISA group is specified, then the RADIUS proxy server is instantiated on the set of ISAs in the specified wlan-gw group. The RADIUS messages from the AP are load-balanced to these ISAs. The ISA that processes the RADIUS message then hashes this message to the ISA that anchors the UE. The hash is based on UE MAC address (required to be present in the calling-station-id attribute) in the RADIUS message.

If the create parameter is not specified, then this command enters configuration context of the specified RADIUS-proxy server.

The no form of the command removes the server-name and parameters from the radius-proxy configuration.

Default 

purpose authentication

Parameters 
server-name—
Specifies the name of the RADIUS-proxy server.
create—
The creation parameter. The system will create the specified RADUIS-proxy server.
purpose —
Specifies the purpose the RADIUS-proxy server,
Values—
accounting — proxy accounting packets.
authentication — proxy authentication packets .
both — Specifies both accounting and authentication proxy accounting packets.
wlan-gw-group group-id
Specifies the WLAN-GW isa group.

attribute-matching

Syntax 
attribute-matching
Context 
config>router>radius-proxy>server
config>service>vprn>radius-proxy>server
Description 

This command enables the context for selecting the RADIUS policy for authentication and accounting based on the RADIUS attribute. This feature is supported for both the ESM RADIUS proxy and the ISA RADIUS proxy.

entry

Syntax 
entry [1 to 32] [prefix-string prefix-string] [accounting-server-policy policy-name] [authentication-server-policy policy-name] [suffix-string suffix-string]
[no] entry [1 to 32]
Context 
config>router>radius-proxy>server>attribute-matching
config>service>vprn>radius-proxy>server>attribute-matching
Description 

This command matches the specified prefix or suffix string with the selected accounting server policy or authentication server policy.

Default 

n/a

Parameters 
1 to 32—
specifies the entry number; up to 32 matching entries can be specified
prefix-string—
specifies the prefix string for matching up to 128 characters maximum; if the suffix-string is also used, the combined length cannot exceed 126 characters
suffix-string—
specifies the suffix string for matching up to 126 characters maximum; if the prefix-string is also used, the combined length cannot exceed 126 characters
accounting-server-policy policy-name—
specifies the RADIUS accounting policy up to 32 characters maximum
authentication-server-policy policy-name—
specifies the RADIUS authentication policy up to 32 characters maximum

type

Syntax 
type [1 to 255] [vendor-id vendor-id]
no type
Context 
config>router>radius-proxy>server>attribute-matching
config>service>vprn>radius-proxy>server>attribute-matching
Description 

This command specifies the RADIUS VSA type for the entries to be matched with.

Default 

no type

Parameters 
1 to 255
the VSA number
vendor-id—
the vendor ID number
Values—
1 to 16777215 | alu

cache

Syntax 
cache
Context 
config>router>radius-proxy>server
config>service>vprn>radius-proxy>server
Description 

This command enters the cache configuration context under radius-proxy server. The cache contains per-subscriber authentication information learned from RADIUS authentication messages, and is used to authorize subsequent DHCP requests.

Default 

none

default-accounting-server-policy

Syntax 
default-accounting-server-policy policy-name
no default-accounting-server-policy
Context 
config>router>radius-proxy>server
config>service>vprn>radius-proxy>server
Description 

This command specifies the default radius-server-policy for RADIUS accounting. This policy will be used when there is no specific match based on username.

The no form of the command removes the policy name from the configuration.

Default 

none

Parameters 
policy-name—
Specifies the name of the default RADIUS server policy associated with this RADIUS Proxy server for accounting purposes.

default-authentication-server-policy

Syntax 
default-authentication-server-policy policy-name
no default-authentication-server-policy
Context 
config>router>radius-proxy>server
config>service>vprn>radius-proxy>server
Description 

This command specifies the default radius-server-policy for RADIUS authentication. This policy will be used when there is no specific match based on username.

The no form of the command removes the policy name from the configuration.

Default 

none

Parameters 
policy-name—
Specifies the name of the default RADIUS server policy associated with this RADIUS proxy server for authentication purposes.

interface

Syntax 
[no] interface ip-int-name
Context 
config>router>radius-proxy>server
config>service>vprn>radius-proxy>server
Description 

This command configures the IP interface the RADIUS-proxy server will bind to. One RADIUS-proxy server could bind to multiple interfaces.

Default 

none

Parameters 
ip-int-name—
Specifies the name of IP interface.

load-balance-key

Syntax 
load-balance-key [vendor vendor-id [vendor-id...(up to 5 max)]] attribute-type attribute-type [attribute-type...(up to 5 max)]
load-balance-key source-ip-udp
no load-balance-key
Context 
config>router>radius-proxy>server
config>service>vprn>radius-proxy>server
Description 

This command specifies the key(s) used in calculating a hash to select an external RADIUS server from the pool of configured servers.

The key(s) can be the source ip and source udp port tuple, or the specified radius attribute(s) in radius packets.

The no form of the command removes the parameters from the configuration.

Default 

no load-balance-key

Parameters 
vendor vendor-id
Specifies the vendor-id of vendor-specific attribute.
Values—
0 to 16777215
attribute-type attribute-type
Specifies that the key is constructed with the attributes in the RADIUS message.
Values—
1 to 255
source-ip-udp—
Specifies that the key consists of the source IP address and source UDP port of the RADIUS message.

python-policy

Syntax 
python-policy name
no python-policy
Context 
config>router>radius-proxy>server
Description 

This command specifies the Python policy used to change the RADIUS attributes of the different RADIUS messages.

secret

Syntax 
secret secret [hash | hash2]
no secret
Context 
config>router>radius-proxy>server
config>service>vprn>radius-proxy>server
Description 

This command configures the shared secret key. The RADIUS client must have the same key to communicate with the RADIUS-proxy server.

The no form of the command removes the parameters from the configuration.

Default 

none

Parameters 
secret key
The secret key to access the RADIUS server. This secret key must match the password on the RADIUS server.
Values—
secret-key: Up to 20 characters in length.
hash-key: Up to 33 characters in length.
hash2-ke: Up to 55 characters in length.
hash—
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified
hash2—
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

send-accounting-response

Syntax 
[no] send-accounting-response
Context 
config>router>radius-proxy>server
config>service>vprn>radius-proxy>server
Description 

This command results in the system to always generate RADIUS accounting-response to acknowledge RADIUS accounting-request received from the RADIUS client.

The no form of the command disables the command.

Default 

no send-accounting-response

key

Syntax 
key packet-type {accept | request} attribute-type attribute-type [vendor vendor-id]
no key
Context 
config>router>radius-proxy>server>cache
config>service>vprn>radius-proxy>server>cache
Description 

This command specifies the RADIUS cache key that is used to match the information in subsequent DHCP requests for authorization.

Default 

no key

Parameters 
packet-type—
Specifies the packet type of the RADIUS messages to use to generate the key for the cache of this RADIUS proxy server.
Values—
accept, request
attribute-type attribute-type
Specifies the RADIUS attribute type to cache for this RADIUS proxy server.
Values—
1 to 255
the type value of RADIUS attribute
vendor vendor-id
Specifies the RADIUS vendor ID.
Values—
1 to 16777215, alu

timeout

Syntax 
timeout [hrs hours] [min minutes] [sec seconds]
no timeout
Context 
config>router>radius-proxy>server>cache
config>service>vprn>radius-proxy>server>cache
Description 

This command configures the time for which the cache entry is kept if there is no corresponding DHCP DISCOVER. At the expiry of this time, the cache entry is deleted.

The no form of the command reverts to the default value.

Default 

timeout min 5

Parameters 
hrs hours
Specifies, in seconds, the timeout after which an entry in the cache will expire.
min minutes
Specifies, in seconds, the timeout after which an entry in the cache will expire.
sec seconds
Specifies, in seconds, the timeout after which an entry in the cache will expire.

track-accounting

Syntax 
track-accounting [start] [stop][interim-update][accounting-on] [accounting-off]
no track-accounting
Context 
config>router>radius-proxy>server>cache
config>service>vprn>radius-proxy>server>cache
Description 

This command specifies the type of RADIUS accounting packets from RADIUS client (a WIFI AP) that the router should track.

The no form of the command removes the parameters from the configuration.

Default 

no track-accounting

Parameters 
start—
The router will update the associated ESM-host with the RADIUS client (for example, a WIFI AP) that generated the accounting-start. This is required in cases where a UE roams to a new AP that does not re-authenticate due to key caching.
stop—
The router will remove the corresponding ESM host and forward the accounting-stop packet to the external RADIUS server.
accounting-on | accounting-off—
The router will remove all ESM hosts associated with the RADIUS client (a WIFI AP), and forward the accounting-on packet to the external RADIUS server.
interim-update—
The router will update the associated ESM-host with the RADIUS client (e.g. a WIFI AP) that generated the interim-update. The interim-updates with the updated information are sent to the RADIUS server as scheduled.

track-authentication

Syntax 
track-authentication [accept]
no track-authentication
Context 
config>router>radius-proxy>server>cache
config>service>vprn>radius-proxy>server>cache
Description 

This command specifies if RADIUS authentication (from the AP) should be tracked in order to update the ESM host with the RADIUS client (for example, WIFI AP) on UE mobility. It also specifies the authentication packet from RADIUS client (for example, a WIFI AP) that the router should track for mobility.

The no form of this command stops tracking authentication for UE mobility.

Default 

Not enabled

Parameters 
accept —
Indicates access-accept is tracked for mobility.

track-delete-hold-time

Syntax 
track-delete-hold-time seconds
no track-delete-hold-time
Context 
config>router>radius-proxy>server>cache
Description 

This command specifies the delete hold-time in case the DHCP host gets a trigger to delete from the matched RADIUS Proxy server.

Default 

0

Parameters 
seconds—
Spcifies the delete hold time, in seconds.
Values—
0 to 600

LUDB Matching of RADIUS Proxy Cache Commands

local-user-db

Syntax 
local-user-db local-user-db-name [create]
no local-user-db local-user-db-name
Context 
config>subscr-mgmt
Description 

This command enables the context to configure a local user database.

Default 

not enabled

Parameters 
local-user-db-name —
Specifies the name of a local user database.

dhcp

Syntax 
dhcp
Context 
config>subscr-mgmt>loc-user-db
Description 

This command configures DHCP host parameters.

host

Syntax 
host
Context 
config>subscr-mgmt>loc-user-db
Description 

This command enables the context to configure DHCP host parameters.

match-radius-proxy-cache

Syntax 
match-radius-proxy-cache
Context 
config>subscr-mgmt>loc-user-db>ipoe>host
Description 

This command enables the context to configure match-radius-proxy-cache parameters.

fail-action

Syntax 
fail-action {continue | drop}
no fail-action
Context 
config>subscr-mgmt>loc-user-db>ipoe>host>match-radprox-cache
Description 

This command specifies the router’s action when failed to find matched radius-proxy-server cache entry.

The no form of the command reverts to the default.

Default 

drop

Parameters 
continue—
Specifies that the will proceed with ESM authentication without dropping the DHCP packet.
drop—
Specifies that the router will drop the DHCP packet.

mac-format

Syntax 
mac-format format
no mac-format
Context 
config>subscr-mgmt>loc-user-db>ipoe>host>match-radprox-cache
Description 

This command specifies the format of MAC address used for matching incoming DHCP DISCOVER against the RADIUS proxy cache.

The no form of the command reverts to the default.

Default 

mac-format "aa:"

Parameters 
format—
Specifies the format string that specifies the format of MAC address.
Values—

mac-format: (only when match is equal to mac)

like ab: for 00:0c:f1:99:85:b8

or XY- for 00-0C-F1-99-85-B8

or mmmm. for 0002.03aa.abff

or xx for 000cf19985b8

match

Syntax 
match {circuit-id | mac | remote-id}
match option [1 to 254]
no match
Context 
config>subscr-mgmt>loc-user-db>ipoe>host>match-radprox-cache
Description 

This command specifies the field/option of DHCP packet that is used to match against the radius-proxy-server cache.

The no form of the command reverts to the default.

Default 

mac

Parameters 
circuit-id—
Specifies to match the circuit-id in DHCP option82
remote-id—
Specifies to match the remote-id in DHCP option82
mac—
Specifies to match the MAC address of DHCP client
option—
Specifies to use specified DHCP option, 1 to 254

server

Syntax 
server [service service-id] name server-name
no server
Context 
config>subscr-mgmt>loc-user-db>ipoe>host>match-radprox-cache
Description 

This command specifies the name of radius-proxy-server and optionally id of the service that the radius-proxy-server resides in.

The no form of the command removes the parameters from the configuration.

Default 

no server

Parameters 
service service-id
Specifies the ID or name of the service.
Values—
1 to 214748365
svc-name up to 64 char maximum
name server-name
Specifies the name of radius-proxy-server up to 32 characters in length.

WLAN-GW-Group Commands

wlan-gw-group

Syntax 
wlan-gw-group group-id [create]
no wlan-gw-group group-id
Context 
config>isa
Description 

This command creates a WLAN GW group.

Note:

The wlan-gw-group ID shares the same number space with the nat-group.

The no form of the command removes the group

Default 

none

Parameters 
group-id —
Specifies WLAN Gateway Integrated Service Adaptor (ISA) Groups.
Values—
1 to 4

active-iom-limit

Syntax 
active-iom-limit number
no active-iom-limit
Context 
config>isa>wlan-gw-group
Description 

This command specifies the number of WLAN-GW IOMs used as active IOMs from the total number of configured WLAN-GW IOMs. If there are more configured IOM than active-iom-limit, then the remaining number of IOMs will be designated as backup(s).

The no form of the command removes the number from the configuration.

Parameters 
number—
Specifies the number of IOM's in this WLAN Gateway ISA group that are intended for active use.
Values—
1 to 3

distributed-sub-mgmt

Syntax 
[no] distributed-sub-mgmt
Context 
config>isa>wlan-gw-group
Description 

This command configures the WLAN gateway distributed subscriber management.

isa-aa-group

Syntax 
isa-aa-group aa-group-id
no isa-aa-group
Context 
config>isa>wlan-gw-group>distributed-sub-mgmt
Description 

This command configures an ISA application assurance group for WLAN gateway DSM subscribers.

iom

Syntax 
iom slot-number type {[load-balancer] [ue-anchor]}
no iom slot-number
Context 
config>isa>wlan-gw-group
Description 

This command designates the specified IOM as a WLAN-GW IOM. Each WLAN-GW IOM must be provisioned with two ISA-BB modules on a hardware chassis and with an ISA-BB module in the first MDA slot in the VSR.

The no form of the command removes the IOM from the configuration.

Default 

none

Parameters 
slot-number—
Indicates the IOM slot to be used in the WLAN-GW group.
Values—
1 to 10
type {[load-balancer] [ue-anchor]}
This parameter is supported on the VSR only. It determines if an IOM slot will be used for load-balancing or UE anchoring and processing, or both. When the wlan-gw-group has only a single IOM, it is required to put this IOM in both modes at the same time.

nat

Syntax 
nat
Context 
config>isa>wlan-gw-group
Description 

This command enables the context to configure NAT parameters under wlan-gw-group.

radius-accounting-policy

Syntax 
radius-accounting-policy nat-accounting-policy
no radius-accounting-policy
Context 
config>isa>wlan-gw-group>nat
Description 

This command configures the RADIUS accounting policy to use for each MDA in this ISA group.

The no form of the command removes the accounting policy from the configuration.

Default 

none

Parameters 
nat-accounting-policy—
Specifies the RADIUS accounting policy up to 32 characters in length.

session-limits

Syntax 
session-limits
Context 
config>isa>wlan-gw-group>nat
Description 

This command configures the ISA NAT group session limits.

reserved

Syntax 
reserved num-sessions
no reserved
Context 
config>isa>nat>session-limits
Description 

This command configures the number of sessions per block that will be reserved for prioritized sessions.

Parameters 
num-sessions—
Specifies the number of sessions reserved for prioritized sessions.
Values—
0 to 4194303

watermarks

Syntax 
watermarks high percentage low percentage
no watermarks
Context 
config>isa>nat>session-limits
Description 

This command configures the ISA NAT group watermarks.

Parameters 
high percentage
Specifies the high watermark of the number of sessions for each MDA in this NAT ISA group.
Values—
2 to 100
low percentage—
Specifies the low watermark of the number of sessions for each MDA in this NAT ISA group.
Values—
1 to 99

Port Policy Commands

port-policy

Syntax 
port-policy port-policy-name [create]
no port-policy port-policy-name
Context 
config
Description 

This command either creates a new port-policy with create parameter or enters the configuration context of an existing port-policy.

Default 

none

Parameters 
port-policy-name—
Specifies the name of port-policy.
create—
Keyword used to create a port-policy.

egress-scheduler-policy

Syntax 
egress-scheduler-policy port-sched-plcy
egress-scheduler-policy
Context 
config>port-policy
Description 

This command specifies the port-scheduler-policy to use in the egress direction for the internal port connecting the WLAN-GW IOM to the MS-ISA.

Default 

none

Parameters 
port-sched-plcy—
Specifies the name of the port-scheduler-policy up to 32 characters in length.

WLAN-GW Group Interface Commands

Note:

The wlan-gw commands apply only to the 7750 SR platform.

group-interface

Syntax 
group-interface ip-int-name [create]
group-interface ip-int-name [create] lns
group-interface ip-int-name [create] wlangw
no group-interface ip-int-name [create]
Context 
config>service>ies>subscriber-interface
config>service>vprn>subscriber-interface
Description 

This command creates a group interface. This interface is designed for triple-play services where multiple SAPs are part of the same subnet. A group interface may contain one or more SAPs.

Use the no form of the command to remove the group interface from the subscriber interface.

Default 

no group interfaces configured

Parameters 
ip-int-name—
Specifies the interface name of a group interface. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes.
lns —
Specifies to use LNS.
wlangw—
Specifies the group interface for wlan-gw.

ip-mtu

Syntax 
ip-mtu octets
no ip-mtu
Context 
config>service>ies>subscriber-interface
config>service>vprn>subscriber-interface
Description 

This command specifies the maximum size of frames on this group-interface. Packets larger than this will get fragmented.

The no form of the command removes this functionality.

Default 

none

Parameters 
octets—
Specifies the largest frame size (in octets) that this interface can handle.
Values—
512 to 9000

sap-parameters

Syntax 
sap-parameters
Context 
config>service>ies>sub-if>grp-if
config>service>vprn>sub-if>grp-if
Description 

This command enables the context to configure parameters that can be applied to automatically-generated internal SAPs.

Default 

N/A

anti-spoof

Syntax 
anti-spoof {ip-mac | nh-mac}
no anti-spoof
Context 
config>service>ies>sub-if>grp-if>sap-parameters
config>service>vprn>sub-if>grp-if>sap-parameters
Description 

This command configures the anti-spoof type of the SAP.

The type of anti-spoof filtering defines what information in the incoming packet is used to generate the criteria to lookup an entry in the anti-spoof filter table. The type parameter (ip-mac or nh-mac) defines the anti-spoof filter type enforced by the SAP when anti-spoof filtering is enabled.

The no form of the command reverts back to the default.

Default 

no anti-spoof

Parameters 
ip-mac—
Configures SAP anti-spoof filtering to use both the source IP address and the source MAC address in its lookup. The anti-spoof ip-mac command will fail if the default anti-spoof filter type of the SAP is ip-mac and the default is not overridden, or if the SAP does not support Ethernet encapsulation.
nh-mac—
Indicates that the ingress anti-spoof is based on the source MAC address and egress anti-spoof is based on the nh-ip-address.

wlan-gw

Syntax 
wlan-gw
Context 
config>service>ies>sub-if>group-interface
config>service>vprn>sub-if> group-interface
Description 

This command enables the context to configure wlan-gw parameters.

Default 

none

egress

Syntax 
egress
Context 
config>service>ies>sub-if>grp-if>wlan-gw
Description 

This command enables the context to configure egress QoS parameters for wlan-gw tunnels.

agg-rate-limit

Syntax 
agg-rate-limit kilobits-per-second
no agg-rate-limit
Context 
config>service>ies>sub-if>grp-if>wlan-gw>egress
config>service>vprn>sub-if>grp-if>wlan-gw>egress
Description 

This command is used to control an HQoS aggregate rate limit. It is used in conjunction with the following parameter commands: rate, limit-unused-bandwidth, and queue-frame-based-accounting.

Parameters 
kilobits-per-second—
Specifies the aggregate rate limit.
Values—
1 to 100000000, max

rate

Syntax 
rate {max | rate}
no rate
Context 
config>service>ies>sub-if>grp-if>wlan-gw>egress>agg-rate
config>service>vprn>sub-if>grp-if>wlan-gw>egress>agg-rate
Description 

This command defines the enforced aggregate rate for all queues associated with the agg-rate context. A rate must be specified for the agg-rate context to be considered to be active on the context’s object (SAP, subscriber, Vport, etc.).

limit-unused-bandwidth

Syntax 
[no] limit-unused-bandwidth
Context 
config>service>ies>if>sap>egress>agg-rate
config>service>ies>sub-if>grp-if>sap>egress>agg-rate
config>service>vprn>if>sap>egress>agg-rate
config>service>vprn>sub-if>grp-if>sap>egress>agg-rate
Description 

This command is used to enable (or disable) aggregate rate overrun protection on the agg-rate context.

queue-frame-based-accounting

Syntax 
[no] queue-frame-based-accounting
Context 
config>service>ies>if>sap>egress>agg-rate
config>service>ies>sub-if>grp-if>sap>egress>agg-rate
config>service>vprn>if>sap>egress>agg-rate
config>service>vprn>sub-if>grp-if>sap>egress>agg-rate
Description 

This command is used to enabled (or disable) frame based accounting on all policers and queues associated with the agg-rate context. Only supported on Ethernet ports. Not supported on HSMDA Ethernet ports. Packet byte offset settings are not included in the applied rate when queue frame based accounting is configured, however the offsets are applied to the statistics.

hold-time

Syntax 
hold-time infinite
hold-time [1 to 86400]
no hold-time
Context 
config>service>ies>sub-if>grp-if>wlan-gw>egress
config>service>vprn>sub-if>grp-if>wlan-gw>egress
Description 

This command configures the time for which egress shaping resources associated with a wlan-gw tunnel are held after the last subscriber on a tunnel is deleted.

Parameters 
1 to 86400
Specifies the time, in seconds, for which shaping resources are held in seconds after last subscriber is deleted.
Values—
infinite to 1 to 86400

qos

Syntax 
qos policy-id
no qos
Context 
config>service>ies>sub-if>grp-if>wlan-gw>egress
Description 

This command configures the identifier of the egress QoS policy associated with each wlan-gw tunnel of this interface.

The no form of the command removes the policy ID from the configuration.

Default 

1

Parameters 
policy-id—
Specifies to apply the specified sap-egress-policy-id.
Values—
1 to 65535
name: A string up to 64 characters.

scheduler-policy

Syntax 
scheduler-policy scheduler-policy-name
no scheduler-policy
Context 
config>service>ies>sub-if>grp-if>wlan-gw>egress
Description 

This command configures the identifier of the egress scheduler policy associated with each wlan-gw tunnel of this interface.

The no form of the command removes the scheduler policy name from the configuration.

Default 

none

Parameters 
scheduler-policy-name—
Specifies the identifier of the egress scheduler policy associated with each wlan-gw tunnel of this interface

shape-multi-client-only

Syntax 
[no] shape-multi-client-only
Context 
config>service>ies>sub-if>grp-if>wlan-gw>egress
Description 

This command enables the egress shaping is only enabled for a wlan-gw tunnel while there are multiple UE (User Equipment) using it.

The no form of the command disables the egress shaping.

shaping

Syntax 
shaping {per-retailer | per-tunnel}
no shaping
Context 
config>service>ies>sub-if>grp-if>wlan-gw>egress
Description 

This command configures the the granularity of the egress shaping for wlan-gw on this group interface.

The no form of the command removes the parameter from the configuration.

Parameters 
per-tunnel—
Specifies that a separate shaper is applied to each wlan-gw tunnel.
per-retailer—
Specifies that a separate shaper is applied to each retailer Mobile Network Operator's fraction of the wlan-gw tunnel payload.

gw-address

Syntax 
gw-address ip-address
no gw-address
Context 
config>service>ies>sub-if>grp-if>wlan-gw
config>service>vprn>sub-if>grp-if>wlan-gw
Description 

This command specifies gateway endpoint address for the wlan-gw tunnel.

The no form of the command removes the value from the wlan-gw configuration.

Default 

none

Parameters 
ip-address—
Specifies the IP address of the wlan-gw tunnels on this group interface.

gw-ipv6-address

Syntax 
gw-ipv6-address ipv6-address
no gw-ipv6-address
Context 
config>service>ies>sub-if>grp-if>wlan-gw
config>service>vprn>sub-if>grp-if>wlan-gw
Description 

This command specifies a gateway IPv6 endpoint address for the wlan-gw tunnel.

The no form of the command removes the IPv6 the gateway IPv6 endpoint address for the wlan-gw tunnel.

Default 

none

Parameters 
ipv6-address—
Specifies the gateway IPv6 endpoint address
Values—

ipv6-address :

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x - [0 to FFFF]H

d - [0 to 255]D

learn-ap-mac

Syntax 
learn-ap-mac [delay-auth]
no learn-ap-mac
Context 
config>service>vprn>sub-if>grp-if>wlan-gw config>service>ies>sub-if>grp-if>wlan-gw
Description 

This command enables the sending of ARP or ND packets on the wlan-gw GRE tunnel upon certain events. The target IP address in the ARP/ND packet will be the endpoint IP address of the AP. The ARP/ND response from the AP should contain the AP MAC, which subsequently can be reported in called-station-id. When enabled this will be sent for following events:

  1. CPM: Mobility to an AP for which the AP-MAC is not yet known.
  1. CPM: RS-triggered authentication on an AP for which the AP-MAC is not yet known
  1. ISA: Any mobility event
  1. ISA: Any authentication where the AP-MAC is not yet known (e.g. from radius proxy cache, DHCP circuit-id, etc.). If the optional keyword delay-auth is provided the authentication will be delayed until the ARP/ND is answered or timed out, after which the AP-MAC can be included in authentication.

This configuration is ignored for l2-ap and l2tpv3 access.

Default 

The no form of this command disables this mechanism.

Parameters 
delay-auth—
Specifies that authentication will be delayed until the ARP/ND is answered or timed out, after which the AP-MAC can be included in authentication.

l2-access-points

Syntax 
l2-access-points
Context 
config>service>ies>sub-if>grp-if>wlan-gw
config>service>vprn>sub-if>grp-if>wlan-gw
Description 

This command enables the context to configure Layer 2 Access Points in WLAN Gateway Group-Interfaces.

l2-ap

Syntax 
l2-ap sap-id [create]
no l2-ap sap-id
Context 
config>service>vprn>sub-if>grp-if>wlan-gw>l2-access-points
config>service>ies >sub-if>grp-if>wlan-gw>l2-access-points
Description 

This command adds a specific SAP where Layer-2 WLAN-GW aggregation will be performed. The following SAPs are supported.

  1. Ethernet
  2. LAG
  3. MPLS pseudowire SDPs

This command can be repeated multiple times to create multiple Layer-2 access points.

The no form of the command removes the Layer-2 access point. This is only allowed if the l2-ap SAP is shutdown.

Default 

No SAPs are defined

Parameters 
sap-id—
Specifies SAP to be created. For the exact syntax, see the common CLI command description of the 7750 Services Guide.
create—
Keyword used to create the Layer-2 WLAN-GW aggregation instance. The create keyword requirement can be enabled/disabled in the environment>create context.

encap-type

Syntax 
encap-type {default | null | dot1q | qinq}
no encap-type
Context 
config>service>vprn>sub-if>grp-if>wlan-gw>l2-access-points>l2-ap
config>service>ies >sub-if>grp-if>wlan-gw>l2-access-points>l2-ap
Description 

If different from default, this command overrides the value specified by l2-ap-encap-type on wlan-gw level. See the description of l2-ap-encap-type for more detail. This value can only be changed while the l2-ap is shutdown.

The no form of the command sets the default value.

Default 

default

Parameters 
default
Specifies to use the value specified by l2-ap-encap-type.
null
Specifies to use both the SAP and the AP are not VLAN-tagged.
dot1q
Specifies to use either the AP or the SAP uses one VLAN tag.
qinq
Up to two VLAN tags are used by the AP or SAP.

epipe-sap-template

Syntax 
epipe-sap-template name
no epipe-sap-template
Context 
config>service>vprn>sub-if>grp-if>wlan-gw>l2-access-points>l2-ap
config>service>ies >sub-if>grp-if>wlan-gw>l2-access-points>l2-ap
Description 

This command specifies which SAP parameter template should be applied to the l2-ap SAP. This can only be changed when the l2-ap is shutdown.

The no form of the command removes the template, the SAP will use default parameters.

Default 

none

Parameters 
name—
Specifies the name of the template to use.

shutdown

Syntax 
shutdown sap-id [create]
no shutdown sap-id
Context 
config>service>vprn>sub-if>grp-if>wlan-gw>l2-access-points>l2-ap
config>service>ies >sub-if>grp-if>wlan-gw>l2-access-points>l2-ap
Description 

This command administratively enables this SAP to begin accepting Layer 2 packets for WIFI offloading.

The no form of the command disables this SAP.

Default 

shutdown

l2-ap-encap-type

Syntax 
2-ap-encap-type {null | dot1q | qinq}
Context 
config>service>vprn>sub-if>grp-if>wlan-gw
config>service>ies >sub-if>grp-if>wlan-gw
Description 

This parameter specifies the number of AP identifying VLAN tags for an AP. This is the default value that can be overridden per SAP. This value should at least be equal to the number of VLANs configured in the SAP or enabling a SAP will fail.

A SAP VLAN is explicitly configured, for example l2-ap 1/1/1:25. Other VLANs on the same port can still be used in other contexts.

The number of VLAN tags Epiped to WLAN-GW IOM equal the l2-ap-encap-type minus the encaps of the SAP. Upon receipt of a packet these VLANs will be stored as a Layer 2 tunnel identifier, and are only used in context of WLAN-GW.

The no form of the command sets the default value.

Default 

null

Parameters 
null —
Both the SAP and the AP are not VLAN-tagged.
dot1q —
Either the AP or the SAP uses one VLAN tag.
qinq —
Up to two VLAN tags are used by the AP or SAP.

mobility

Syntax 
mobility
Context 
config>service>ies>sub-if>grp-if>wlan-gw
config>service>vprn>sub-if>grp-if>wlan-gw
Description 

This command enables the context to configure mobility parameters.

hold-time

Syntax 
hold-time time in s
no hold-time
Context 
config>service>ies>sub-if>grp-if>wlan-gw>mobility
config>service>vprn>sub-if>grp-if>wlan-gw>mobility
Description 

This command configures the minimum time that a User Equipment will be held associated with its current Access Point (AP) before being associated with a new AP.

The hold time is used to prevent overwhelming the system with mobility triggers, by limiting the rate at which a UE can move from one AP to another while the system is very busy already.

Default 

no default

Parameters 
time in s—
Specifies a hold-down time, in seconds, for handling of successive mobility triggers for a UE. It is the minimal time a UE stays associated with an AP.
Values—
0 to 255

trigger

Syntax 
trigger [data] [iapp] [control]
no trigger
Context 
config>service>ies>sub-if>grp-if>wlan-gw>mobility
config>service>vprn>sub-if>grp-if>wlan-gw>mobility
Description 

This command specifies the type of packet used as a mobility trigger.

Ths no form of the command removes the parameters from the configuration and disables data-plane mobility.

Parameters 
data—
Specifies that data traffic be used as a trigger.
iapp—
Specifies that Inter Access Point Protocol (IAPP) messages be used as a trigger.
control—
Specifies that control traffic can be used as a trigger.

multi-tunnel-type

Syntax 
[no] multi-tunnel-type
Context 
config>service>ies>sub-if>grp-if>wlan-gw>mobility
config>service>vprn>sub-if>grp-if>wlan-gw>mobility
Description 

This command enables terminating multiple types of tunnels.

The no form of the command disables terminating multiple types of tunnels.

oper-down-on-group-degrade

Syntax 
[no] oper-down-on-group-degrade
Context 
config>service>ies>sub-if>grp-if>wlan-gw
config>service>vprn>sub-if>grp-if>wlan-gw
Description 

This command operationally brings down the WLAN-GW group if the total number of operational WLAN-GW IOMs in the WLAN-GW group fall below the configured number of active WLAN-GW IOMs. This triggers withdrawal of the route to tunnel endpoint and subscriber subnets in routing.

Default 

none

router

Syntax 
router router-instance
no router
Context 
config>service>ies>sub-if>grp-if>wlan-gw
config>service>vprn>sub-if>grp-if>wlan-gw
Description 

This command specifies the routing instance that wlan-gw gateway endpoint resides in.

The no form of the command removes the value from the wlan-gw configuration.

Default 

none

Parameters 
router-instance—
Specifies the identifier of the virtual router instance where the tunneled User Equipment traffic is routed.

tcp-mss-adjust

Syntax 
tcp-mss-adjust segment-size
no tcp-mss-adjust
Context 
config>service>ies>sub-if>grp-if>wlan-gw
config>service>vprn>sub-if>grp-if>wlan-gw
Description 

This command configures the TCP Maximum Segment Size (MSS) adjustment for the wlan-gw gateway.

The no form of the command disables adjusting tcp-mss values.

Default 

none

Parameters 
segment-size—
Specifies the value to put into the TCP Maximum Segment Size (MSS) option if not already present, or if the present value is higher.
Values—
160 to 10240

tunnel-encaps

Syntax 
tunnel-encaps
Context 
config>service>ies>sub-if>grp-if>wlan-gw
config>service>vprn>sub-if>grp-if>wlan-gw
Description 

This command enables the context to configure tunnel encapsulation parameters.

learn-l2tp-cookie

Syntax 
learn-l2tp-cookie {if-match | never | always} [cookie hex string]
no learn-l2tp-cookie
Context 
config>service>ies>sub-if>grp-if>wlan-gw
config>service>vprn>sub-if>grp-if>wlan-gw
Description 

This command specifies when this system will learn the cookie from L2TP tunnels terminating on this interface. Learning the cookie means that the value of the octets 3-8 of the cookie is interpreted as an access point’s MAC address, and used as such, for example in the Called-Station-Id attribute of RADIUS Interim-Update messages.

Parameters 
if-match —
Specifies that the cookie will be interpreted only if the value of the first two octets of the cookie is equal to the value of the object tmnxWlanGwSoftGreIfL2tpCookie.
cookie hex string
Only valid if if-match is used. Specifies the value used to compare the first two bytes of the cookie. Specified in HEX format, possible range [0x0000 to 0xFFFF]
Values—
[0x0000 to 0xFFFF...(4 hex nibbles)]
never —
Specifies that the cookie value will always be ignored.
always—
Always learn the AP-MAC from the cookie, no matter what the value of the first two bytes is.

vlan-tag-ranges

Syntax 
vlan-tag-ranges
Context 
config>service>ies>sub-if>grp-if>wlan-gw
config>service>vprn>sub-if>grp-if>wlan-gw
Description 

This command enables the context to configure vlan-to-retail-map parameters to map dot1Q tags to retail-service-id. The WIFI AP could insert a dot1Q tag in the Layer 2 frame within the GRE tunnel to indicate the retail service provider for the subscriber.

Default 

none

default-retail-svc-id

Syntax 
default-retail-svc-id service-id
no default-retail-svc-id
Context 
config>service>ies>sub-if>grp-if>wlan-gw>vlan-tag-ranges
config>service>vprn>sub-if>grp-if>wlan-gw>vlan-tag-ranges
Description 

This command specifies the id of default retail service if there is no match found in VLAN to retail map configuration (specified by the vlan command). For DSM and migrant, this command is only applicable for non-NAT stacks.

Default 

none

Parameters 
service-id—
specifies the identifier of the retail service to be used by default of a value in the retail service map of this interface.
Values—
1 to 2147483650
svc-name: up to 64 characters in length.

retail-svc-id

Syntax 
retail-svc-id service-id
no retail-svc-id
Context 
config>service>vprn>sub-if>grp-if>wlan-gw
config>service>ies>sub-if>grp-if>wlan-gw
Description 

This command configures the retailer service.

Parameters 
service-id—
specifies the identifier of the retail service.
Values—
1 to 2147483650
svc-name: up to 64 characters in length.

router-advertisements

Syntax 
[no] router-advertisements
Context 
config>service>vprn>sub-if>grp-if>wlan-gw>vlan-ranges>range
config>service>ies>sub-if>grp-if>wlan-gw>vlan-ranges>range
Description 

This command configures IPv6 router advertisements for this group-interface.

current-hop-limit

Syntax 
[no] current-hop-limit limit
Context 
config>service>vprn>sub-if>grp-if>wlan-gw>vlan-ranges>range>router-advertisements
config>service>ies>sub-if>grp-if>wlan-gw>vlan-ranges>range>router-advertisements
Description 

This command configures the hop-limit advertised for this group-interface.

Default 

64

Parameters 
limit—
Specifies the default value to be placed in the current hop limit field in router advertisements sent from this interface.
Values—
0 to 255

vlan

Syntax 
vlan start [0 to 4095] end [0 to 4095] retail-svc-id service-id
no vlan start [0 to 4095] end [0 to 4095]
Context 
config>service>ies>sub-if>grp-if>wlan-gw>retailer
config>service>vprn>sub-if>grp-if>wlan-gw>retailer
Description 

This command creates a mapping from a range of VLANs (appearing in the wlan-gw encapsulated Layer 2 frame) to a retail service ID.

The no form of the command removes the parameters from the configuration.

Default 

none

Parameters 
start [0 to 4095]
Specifies the start VLAN tag of this range.
 
Values—
end [0 to 4095]
Specifies the end VLAN tag of this range.
 
Values—
retail-svc-id service-id
Specifies the identifier of the retail service to be used by default of a value in the retail service map of this interface.
Values—
1 to 2147483650
svc-name: up to 64 characters in length.

wlan-gw-group

Syntax 
wlan-gw-group group-id
no wlan-gw-group
Context 
config>service>ies>sub-if>grp-if>wlan-gw
config>service>vprn>sub-if>grp-if>wlan-gw
Description 

This command specifies the id of wlan-gw-group that the wlan-gw gateway binds to.

The no form of the command removes the value from the wlan-gw configuration.

Default 

none

Parameters 
group-id—
Specifies the ISA WLAN-GW group.
Values—
1 to 4

pool-manager

Syntax 
pool-manager
Context 
config>service>ies>sub-if>grp-if>wlan-gw
config>service>vprn>sub-if>grp-if>wlan-gw
Description 

This command enables the context to configure pool manager data for a WLAN GW subscriber interface.

dhcpv6-client

Syntax 
dhcpv6-client
Context 
config>service>ies>sub-if>grp-if>wlan-gw>pool-manager
config>service>vprn>sub-if>grp-if>wlan-gw>pool-manager
Description 

This command configures the DHCPv6 client for the pool manager.

dhcpv4-nat

Syntax 
dhcpv4-nat
Context 
config>service>ies>sub-if>grp-if>wlan-gw>pool-manager>dhcpv6-client
config>service>vprn>sub-if>grp-if>wlan-gw>pool-manager>dhcpv6-client
Description 

This node enables address pools for DHCPv4 NAT inside addresses. This configuration is only available in wholesale interfaces.

ia-na

Syntax 
ia-na
Context 
config>service>ies>sub-if>grp-if>wlan-gw>pool-manager
config>service>vprn>sub-if>grp-if>wlan-gw>pool-manager
Description 

This command configures the DHCPv6 client for the pool manager.

link-addr

Syntax 
link-addr ipv6-address
no link-addr
Context 
config>service>ies>sub-if>grp-if>wlan-gw>pool-mgr>dhcpv6-clnt>slaac
config>service>vprn>sub-if>grp-if>wlan-gw>pool-mgr>dhcpv6-clnt>slaac
config>service>ies >sub-if>grp-if>wlan-gw>pool-mgr>dhcpv6-clnt>ia-na
config>service>vprn>sub-if>grp-if>wlan-gw>pool-mgr>dhcpv6-clnt>ia-na
config>service>ies>sub-if>grp-if>wlan-gw>pool-manager>dhcpv6-clnt>dhcpv4-nat
config>service>vprn>sub-if>grp-if>wlan-gw>pool-manager>dhcpv6-clnt>dhcpv4-nat
Description 

This command specifies the ipv6-address that should be included in the link-address field of the relay header. This can be used for pool-selection by the DHCPv6 server.

The no form of this command falls back to the default.

Default 

0::0

Parameters 
ipv6-address—
Specifies the IPv6 address up to 32 characters.

pool-name

Syntax 
pool-name name
no pool-name
Context 
config>service>ies>sub-if>grp-if>wlan-gw>pool-mgr>dhcpv6-clnt>slaac
config>service>vprn>sub-if>grp-if>wlan-gw>pool-mgr>dhcpv6-clnt>slaac
config>service>ies >sub-if>grp-if>wlan-gw>pool-mgr>dhcpv6-clnt>ia-na
config>service>vprn>sub-if>grp-if>wlan-gw>pool-mgr>dhcpv6-clnt>ia-na
config>service>ies>sub-if>grp-if>wlan-gw>pool-manager>dhcpv6-clnt>dhcpv4-nat
config>service>vprn>sub-if>grp-if>wlan-gw>pool-manager>dhcpv6-clnt>dhcpv4-nat
Description 

This command specifies the pool name that should be sent in the DHCPv6 messages. This will be reflected in the Nokia vendor specific pool option (vendor-id 6527, option-id 0x02).

The no form of this command removes pool-name and the option will not be sent in DHCPv6.

Parameters 
name—
Specifies the pool name up with 32 characters.

lease-query

Syntax 
lease-query [max-retry Max nbr of retries]
no lease-query
Context 
config>service>vprn>sub-if>wlan-gw>pool-mgr>dhcpv6-clnt
config>service>ies>sub-if>wlan-gw>pool-mgr>dhcpv6-clnt
Description 

This command enables lease-query. If this is specified the dhcpv6-client will retrieve any existing addresses when becoming active. The lease-query is performed for all of the configured servers

The no form of this command disables lease-query.

Parameters 
max-retry—
Specifies the maximum number of retries before the lease query assumes no existing subnets were allocated.
Values—
0 to 10

server

Syntax 
server ipv6-address [ipv6-address...(upto 8 max)]
no server [ipv6-address [ipv6-address...(upto 8 max)]]
Context 
config>service>vprn>sub-if>wlan-gw>pool-mgr>dhcpv6-clnt
config>service>ies>sub-if>wlan-gw>pool-mgr>dhcpv6-clnt
Description 

This specifies the DHCPv6 servers that are used for requesting addresses. Up to 8 servers can be used simultaneously.

The no form of this command removes the server. This cannot be executed while any dhcpv6 client application is not shutdown.

Default 

none

Parameters 
ipv6-address—
Specifies the unicast IPv6 address of a DHCPv6 server.

slaac

Syntax 
slaac
Context 
config>service>vprn>sub-if>wlan-gw>pool-mgr>dhcpv6-clnt
config>service>ies>sub-if>wlan-gw>pool-mgr>dhcpv6-clnt
Description 

This command configures SLAAC for the DHCPv6 client.

source-ip

Syntax 
source-ip ipv6-address
no source-ip
Context 
config>service>vprn>sub-if>wlan-gw>pool-mgr>dhcpv6-clnt
config>service>ies >sub-if>wlan-gw>pool-mgr>dhcpv6-clnt
Description 

This command specifies the source-ip to be used by the DHCPv6 client.

The no form of this command removes the specific source-ip. In this case the DHCPv6 client will fall back to the IP address configured on the outgoing interface.

Parameters 
ipv6-address—
Specifies the IPv6 address up to 32 characters.

watermarks

Syntax 
watermarks high high-percentage low low-percentage
no watermarks
Context 
config>service>vprn>sub-if>wlan-gw>pool-mgr
config>service>ies>sub-if>wlan-gw>pool-mgr
Description 

This command configures the watermarks used to determine if a new prefix should be allocated or an old prefix should be removed. A new prefix will be allocated when the total usage level for the ISA reaches the high watermark. A prefix will be freed if no addresses are currently in use and the usage level without this prefix would be below the low watermark.

The no form of this command resets the watermarks to its default values of 95% high and 90% low.

Default 

watermarks high 95 low 90

Parameters 
high high-percentage
Specifies the high watermark.
Values—
80 to 99
low low-percentage
Specifies the low watermark. The value must be lower than the high percentage value.
Values—
50 to 98

wlan-gw-group

Syntax 
wlan-gw-group nat-group-id
no wlan-gw-group
Context 
config>service>vprn>sub-if>wlan-gw>pool-mgr
config>service>ies>sub-if>wlan-gw>pool-mgr
Description 

This command specifies the ISA WLAN Gateway group.

Default 

none

Parameters 
nat-group-id—
Specifies the identifier of the WLAN Gateway group.
Values—
1 to 4

redundancy

Syntax 
redundancy
Context 
config>service>ies>sub-if>wlan-gw
Description 

This command enables the context to configure WLAN-GW redundancy-related parameters.

Default 

none

export

Syntax 
export ip-prefix/length
no export
Context 
config>service>ies>sub-if>wlan-gw>redundancy
Description 

This command specifies an IPv4 route (prefix/length) per subscriber-interface to be exported (announced) to indicate liveness of the subscriber-interface on the WLAN-GW. This route is the one that is monitored in routing by the peer WLAN-GW to decide its state with respect.

Default 

none

Parameters 
ip-prefix/length—
Specifies the IP prefix and length.
Values—
ip-prefix:a.b.c.d
ip-prefix-length: 0 to 32

monitor

Syntax 
monitor ip-prefix/length
no monitor
Context 
config>service>ies>sub-if>wlan-gw>redundancy
Description 

This command specifies an IPv4 route (prefix/length) per subscriber-interface to be monitored in the FIB to determine liveness of the subscriber-interface (and consequently all associated group-interfaces of type wlangw) on a peer WLAN-GW. This route is the one that is advertised in routing by the peer WLAN-GW when the subscriber-interface and WLAN-GW group are operationally up

Default 

none

Parameters 
ip-prefix/length—
Specifies the IP prefix and length.
Values—
ip-prefix:a.b.c.d
ip-prefix-length: 0 to 32

Migrant User Support Commands

http-redirect-policy

Syntax 
http-redirect-policy policy-name
no http-redirect-policy
Context 
config>subscr-mgmt
Description 

This command configures the redirect policy to constrain forwarding of an unauthenticated “migrant” WIFI user.

Default 

none

Parameters 
policy-name —
Specifies the HTTP redirect policy name up to 32 characters in length.

forward-entries

Syntax 
forward-entries
Context 
config>subscr-mgmt>http-rdr-plcy
Description 

Enters the context to configure entries that need to be forwarded

Default 

none

dst-port

Syntax 
dst-port tcp-port
no dst-port
Context 
config>subscr-mgmt>http-rdr-plcy
Description 

This command specifies the port to match the destination port in the HTTP request.

HTTP traffic that does not match this port, is not redirected.

Default 

80

Parameters 
tcp-port—
Specifies the TCP port.
Values—
1 to 65535

dst-ip

Syntax 
dst-ip ip-address protocol ip-protocol dst-port port-number
dst-ip ip-address protocol ip-protocol dst-port port-number prefix-length prefix-length
no dst-ip ip-address protocol ip-protocol dst-port port-number
Context 
config>subscr-mgmt>http-rdr-plcy
Description 

This command configures traffic flow to be forwarded via match in the redirect policy.

Default 

none

Parameters 
ip-address—
Specifies the IPv4 or IPv6 address to match the destination address in the IP header of the traffic received from the subscriber.
prefix-length—
Specifies the length of the prefix specified by the ip-address.
Values—
1 to 128 for IPv6
1 to 32 for IPv4
protocol ip-protocol
Specifies the protocol to match the IP protocol in the IP header of the traffic received from the subscriber.
Values—
tcp, udp
dst-port port-number
Specifies the port to match the destination port in the HTTP request.
Values—
1 to 65535

portal-hold-time

Syntax 
portal-hold-time seconds
no portal-hold-time
Context 
config>subscr-mgmt>http-rdr-plcy
Description 

This command configures the time for which the forwarding state applicable during redirect phase is held in the system, after the user has been authenticated on the portal. This allows the http response from the portal to be forwarded back on the existing connection.

none

Parameters 
seconds—
Specifies how long the system holds on to re-direct forwarding resources of a subscriber, after it has left the re-direct portal.
Values—
1 to 60

url

Syntax 
url rdr-url-sting
no url
Context 
config>subscr-mgmt>http-rdr-plcy
Description 

This command configures the HTTP URL to re-direct the matching traffic to. It also can specify inclusion of original URL, MAC address and IP address of the subscriber in the redirect URL.

none

Parameters 
rdr-url-sting—
Specifies the URL to redirect to.
Values—

rdr-url-string

[255 chars max]

macro substitutions:

$URL

Request-URI in the HTTP GET Request received

$MAC

A string that represents the MAC address of the subscriber host

$IP

A string that represents the IP address of the subscriber host

wlan-gw

Syntax 
wlan-gw
Context 
config>service>vprn>sub-if>grp-if
config>service>ies>sub-if>grp-if
Description 

This command enables the context to configure wlan-gw parameters.

vlan-tag-ranges

Syntax 
vlan-tag-ranges
Context 
config>service>vprn>sub-if>grp-if>wlan-gw
config>service>ies>sub-if>grp-if>wlan-gw
Description 

This command enters the context for per vlan range configuration.

Default 

none

default-retail-svc-id

Syntax 
default-retail-svc-id service-id
Context 
config>service>vprn>sub-if>grp-if>wlan-gw>ranges
config>service>ies>sub-if>grp-if>wlan-gw>ranges
Description 

This command configures the default retailer service for WIFI users.

Default 

none

range

Syntax 
range start [0 to 4096] end [0 to 4096]
range default
no range start [0 to 4096] end [0 to 4096]
Context 
config>service>vprn>sub-if>grp-if>wlan-gw>ranges
config>service>ies>sub-if>grp-if>wlan-gw>ranges
Description 

This command creates or enters the context of specified VLAN range for configuration applicable to that range of VLANs.

Default 

none

Parameters 
start [0 to 4096]
Specifies the start of the vlan range.
end [0 to 4096]
Specifies the end of vlan the range.
default—
Configures defaults for the interface.

distributed-sub-mgmt

Syntax 
distributed-sub-mgmt
Context 
config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range
config>service>ies>sub-if>grp-if>wlan-gw>ranges>range
Description 

This command enables the context to configure distributed-sub-mgmt configuration per vlan-range. This also includes vlan-range default, which makes this configuration applicable to the wlan-gw group-interface.

Default 

none

accounting-policy

Syntax 
accounting-policy policy-name
no accounting-policy
Context 
config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>distrib-sub-mgmt
config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>distrib-sub-mgmt
Description 

This command specifies the isa-radius-policy used for accounting messages originated from the ISAs in the wlan-gw group. The policy can specify up to five accounting servers and configuration-specific to these accounting servers. It also specifies configuration specific to RADIUS client on ISAs and RADIUS attributes to be included in accounting messages.

Default 

none

Parameters 
policy-name—
Specifies the name of the account policy up to 32 characters in length.

accounting-update-interval

Syntax 
accounting-update-interval [5 to 259200]
no accounting-update-interval
Context 
config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>distrib-sub-mgmt
config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>distrib-sub-mgmt
Description 

This command enables the interim accounting and specifies the interim accounting interval.

Default 

none

Parameters 
5 to 259200
Specifies the interim accounting interval in seconds.

collect-aa-acct-stats

Syntax 
[no] collect-aa-acct-stats
Context 
config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>distrib-sub-mgmt
config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>distrib-sub-mgmt
Description 

This command enables Application Assurance account statistics collection.

def-app-profile

Syntax 
def-app-profile profile-name
no def-app-profile
Context 
config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>distrib-sub-mgmt
config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>distrib-sub-mgmt
Description 

This command configures the default application profile.

dsm-ip-filter

Syntax 
dsm-ip-filter dsm-ip-filter-name
no dsm-ip-filter
Context 
config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>distrib-sub-mgmt
config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>distrib-sub-mgmt
Description 

This command configures an IP filter that is distributed on ISA cards.

This command specifies the IP filter applied to all UEs corresponding to default vlan-range (such as a group-interface) or the specified vlan-range. The IP filter can be created in the subscr-mgmt>wlan-gw>distributed-sub-mgmt context, and can contain up to 1024 match entries. The IP filter can be overridden per UE from RADIUS via access-accept or COA.

Default 

none

Parameters 
dsm-ip-filter-name—
Specifies the identifier of the distributed-sub-mgmt IP filter.

egress-policer

Syntax 
egress-policer [256 chars max]
no egress-policer
Context 
config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>distrib-sub-mgmt
config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>distrib-sub-mgmt
Description 

This command specifies the egress policer applied to all UEs corresponding to default vlan-range (such as, group-interface) or the specified vlan-range. The policer can be created in the subscr-mgmt>wlan-gw>distributed-sub-mgmt context. The egress policer can be overridden per UE from RADIUS via access-accept or COA.

Default 

none

Parameters 
256 chars max—
Specifies the identifier of the distributed-sub-mgmt policer for egress traffic.

ingress-policer

Syntax 
ingress-policer policer-name
no ingress-policer
Context 
config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>distrib-sub-mgmt
config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>distrib-sub-mgmt
Description 

.This command specifies the ingress policer applied to all UEs corresponding to default vlan-range (such as group-interface) or the specified vlan-range. The policer can be created in the subscr-mgmt>wlan-gw>distributed-sub-mgmt context. The ingress policer can be overridden per UE from RADIUS via access-accept or COA.

Default 

none

Parameters 
policer-name—
Specifies the identifier of the distributed-sub-mgmt policer for ingress traffic.

one-time-redirect

Syntax 
one-time-redirect url rdr-url-string port port-num
no one-time-redirect
Context 
config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>distrib-sub-mgmt
config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>distrib-sub-mgmt
Description 

This command enables one-time http-redirect to specified redirect URL for traffic matching the specified destination port.

Default 

none

Parameters 
url rdr-url-string
Specifies the HTTP web address that will be sent to the user’s browser.
port port-num
Specifies the destination port number as a decimal hex or binary.
Values—
1 to 65535

dhcp

Syntax 
dhcp
Context 
config>service>vprn>sub-if>grp-if>wlan-gw>ranges
config>service>ies>sub-if>grp-if>wlan-gw>ranges
Description 

Enters the context to create DHCP configuration for WLAN-GW ISA subscribers (e.g. migrant subscribers).

Default 

none

dhcp6

Syntax 
dhcp6
Context 
config>service>vprn>sub-if>grp-if>wlan-gw>ranges
config>service>ies>sub-if>grp-if>wlan-gw>ranges
Description 

Enters the context to create DHCP6 configuration for WLAN-GW ISA subscribers.

Default 

none

active-preferred-lifetime

Syntax 
active-preferred-lifetime [hrs hours] [min minutes] [sec seconds]
no active-preferred-lifetime
Context 
config>service>vprn>sub-if>grp-if>wlan-gw>vlan-ranges>range>dhcp6
config>service>ies>sub-if>grp-if>wlan-gw>vlan-ranges>range>dhcp6
config>service>vprn>sub-if>grp-if>wlan-gw>vlan-ranges>range>slaac
config>service>ies>sub-if>grp-if>wlan-gw>vlan-ranges>range>slaac
Description 

This command specifies the signaled preferred lifetime in DHCPv6 or SLAAC after full authentication. This is only applicable to DSM.

Default 

min 10

Parameters 
hrs hours
Specifies the number of active preferred lifetime hours.
Values—
1 to 1
min minutes
Specifies the number of active preferred lifetime minutes.
Values—
5 to 59
sec seconds
Specifies the number of active preferred lifetime seconds.
Values—
1 to 59
Combined values: min 5 – hrs 1

active-valid-lifetime

Syntax 
active-valid-lifetime [hrs hours] [min minutes] [sec seconds]
no active-valid-lifetime
Context 
config>service>vprn>sub-if>grp-if>wlan-gw>vlan-ranges>range>dhcp6
config>service>ies>sub-if>grp-if>wlan-gw>vlan-ranges>range>dhcp6
config>service>vprn>sub-if>grp-if>wlan-gw>vlan-ranges>range>slaac
config>service>ies>sub-if>grp-if>wlan-gw>vlan-ranges>range>slaac
Description 

This command specifies the signaled valid lifetime in DHCPv6 or SLAAC after full authentication. This is only applicable to DSM.

Default 

min 10

Parameters 
hrs hours
Specifies the number of active-valid-lifetime hours.
Values—
1 to 1
min minutes
Specifies the number of active-valid-lifetime minutes.
Values—
5 to 59
sec seconds
Specifies the number of active-valid-lifetime seconds.
Values—
1 to 59

active-lease-time

Syntax 
active-lease-time [hrs hours] [min minutes] [sec seconds]
no active-lease-time
Context 
config>service>vprn>sub-if>grp-if>wlan-gw>dhcp
config>service>ies>sub-if>grp-if>wlan-gw>dhcp
config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>dhcp
config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>dhcp
Description 

This command configures the lease time for an authenticated user.

Default 

none

Parameters 
hrs hours
Specifies the number of initial lease time hours.
Values—
1 to 1
min minutes
Specifies the number of initial lease time minutes.
Values—
5 to 59
sec seconds
Specifies the number of initial lease time seconds.
Values—
1 to 59

initial-preferred-lifetime

Syntax 
initial-preferred-lifetime [hrs hours] [min minutes] [sec seconds]
no initial-preferred-lifetime
Context 
config>service>vprn>sub-if>grp-if>wlan-gw>vlan-ranges>range>dhcp6
config>service>ies>sub-if>grp-if>wlan-gw>vlan-ranges>range>dhcp6
config>service>vprn>sub-if>grp-if>wlan-gw>vlan-ranges>range>slaac
config>service>ies>sub-if>grp-if>wlan-gw>vlan-ranges>range>slaac
Description 

This command specifies the signaled preferred lifetime in DHCPv6 or SLAAC after full authentication (DSM and/or ESM).

Default 

min 10

Parameters 
hrs hours
Specifies the number of initial preferred lifetime hours.
Values—
1 to 1
min minutes
Specifies the number of initial preferred lifetime minutes.
Values—
5 to 59
sec seconds
Specifies the number of initial preferred lifetime seconds.
Values—
1 to 59
Combined values: min 5 – hrs 1

initial-valid-lifetime

Syntax 
initial-valid-lifetime [hrs hours] [min minutes] [sec seconds]
no initial-valid-lifetime
Context 
config>service>vprn>sub-if>grp-if>wlan-gw>vlan-ranges>range>dhcp6
config>service>ies>sub-if>grp-if>wlan-gw>vlan-ranges>range>dhcp6
config>service>vprn>sub-if>grp-if>wlan-gw>vlan-ranges>range>slaac
config>service>ies>sub-if>grp-if>wlan-gw>vlan-ranges>range>slaac
Description 

This command specifies the signaled preferred lifetime in DHCPv6 or SLAAC during a migrant phase.

Default 

min 5

Parameters 
hrs hours
Specifies the number of initial preferred lifetime hours.
Values—
1 to 1
min minutes
Specifies the number of initial preferred lifetime minutes.
Values—
5 to 59
sec seconds
Specifies the number of initial preferred lifetime seconds.
Values—
1 to 59
Combined values: min 5 – hrs 1

initial-lease-time

Syntax 
initial-lease-time [hrs hours] [min minutes] [sec seconds]
no initial-lease-time
Context 
config>service>vprn>sub-if>grp-if>wlan-gw>dhcp
config>service>ies>sub-if>grp-if>wlan-gw>dhcp
config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>dhcp
config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>dhcp
Description 

This command configures the lease time for a user which is migrant (unauthenticated).

Default 

none

Parameters 
hrs hours
Specifies the number of initial lease time hours.
Values—
1 to 1
min minutes
Specifies the number of initial lease time minutes.
Values—
5 to 59
sec seconds
Specifies the number of initial lease time Biteme#24ds.
Values—
1 to 59

l2-aware-ip-address

Syntax 
l2-aware-ip-address ip-address
l2-aware-ip-address from-pool
no l2-aware-ip-address
Context 
config>service>vprn>sub-if>grp-if>wlan-gw>dhcp
config>service>ies>sub-if>grp-if>wlan-gw>dhcp
config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>dhcp
config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>dhcp
Description 

This command configures the l2-aware NAT inside IP address to be assigned via DHCP on WLAN-GW ISA.

If the from-pool parameter is specified instead of an IPv4 address, a unique address is allocated to each UE. The pool used is managed by the dhcpv4-nat pool manager, configured under the same subscriber interface. This option is only available when auth-on-dhcp is also configured.

Default 

none

Parameters 
ip-address—
Specifies the l2-aware NAT inside IP address
from-pool—
Specifies that the l2-aware IP address will be allocated from a pool

primary-dns

Syntax 
primary-dns ip-address
no primary-dns
Context 
config>service>vprn>sub-if>grp-if>wlan-gw>dhcp
config>service>ies>sub-if>grp-if>wlan-gw>dhcp
config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>dhcp
config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>dhcp
Description 

This command configures the primary DNS address to be returned via DHCP on WLAN-GW ISA.

Default 

none

Parameters 
ip-address—
Specifies the primary DNS address

secondary-dns

Syntax 
secondary-dns ip-address
no secondary-dns
Context 
config>service>vprn>sub-if>grp-if>wlan-gw>dhcp
config>service>ies>sub-if>grp-if>wlan-gw>dhcp
config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>dhcp
config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>dhcp
Description 

This command configures the secondary DNS address to be returned via DHCP on WLAN-GW ISA.

Default 

none

Parameters 
ip-address—
Specifies the secondary DNS address.

primary-nbns

Syntax 
primary-nbns ip-address
no primary-nbns
Context 
config>service>vprn>sub-if>grp-if>wlan-gw>dhcp
config>service>ies>sub-if>grp-if>wlan-gw>dhcp
config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>dhcp
config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>dhcp
Description 

This command configures the primary NBNS address to be returned via DHCP on WLAN-GW ISA.

Default 

none

Parameters 
ip-address—
Specifies the primary NBNS address.

secondary-nbns

Syntax 
secondary-nbns ip-address
no secondary-nbns
Context 
config>service>vprn>sub-if>grp-if>wlan-gw>dhcp
config>service>ies>sub-if>grp-if>wlan-gw>dhcp
config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>dhcp
config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>dhcp
Description 

This command configures the secondary NBNS address to be returned via DHCP on WLAN-GW ISA.

Default 

none

Parameters 
ip-address—
Specifies the secondary NBNS address.

idle-timeout

Syntax 
idle-timeout action idle-timeout-action
no idle-timeout
Context 
config>service>vprn>sub-if>grp-if>wlan-gw>vlan-ranges>range
config>service>ies >sub-if>grp-if>wlan-gw>vlan-ranges>range
Description 

This command specifies idle-timeout behavior for DSM UEs and UEs undergoing (ISA-based) portal authentication. This knob only specifies the desired action, idle-timeout is activated by RADIUS on a per-UE basis.

The no form of the command resets the idle-timeout to its default

Default 

idle-timeout action remove

Parameters 
action —
Specifies which action to perform when the idle-timeout timer goes off.
Values—
remove, shcv

http-redirect-policy

Syntax 
http-redirect-policy policy-name
no http-redirect-policy
Context 
config>service>vprn>sub-if>grp-if>wlan-gw
config>service>ies>sub-if>grp-if>wlan-gw
config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range
config>service>ies>sub-if>grp-if>wlan-gw>ranges>range
Description 

This command specifies http redirect policy on ISA to redirect http traffic to the URL specified in the policy.

Default 

none

Parameters 
policy-name —
Specifies the name of the http redirect policy under subscriber-management context.

l2-service

Syntax 
l2-service service-id
no l2-service
Context 
config>service>vprn>sub-if>grp-if>wlan-gw>vlan-ranges>range
config>service>ies >sub-if>grp-if>wlan-gw>vlan-ranges>range
Description 

This command specifies the VPLS service used for L2 wholesale. When such a service is configured no other configuration is allowed under the vlan-range.

The no form of the command removes the L2 wholesale service, this is only allowed if the l2-service node is shutdown.

Parameters 
service-id—
Specifies the VPLS service ID to use for Layer 2 wholesale.

nat-policy

Syntax 
nat-policy policy-name
no nat-policy
Context 
config>service>vprn>sub-if>grp-if>wlan-gw
config>service>ies>sub-if>grp-if>wlan-gw
config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range
config>service>ies>sub-if>grp-if>wlan-gw>ranges>range
Description 

This command specifies the NAT policy for WLAN-GW ISA subscribers.

Default 

none

authentication

Syntax 
authentication
Context 
config>service>vprn>sub-if>grp-if>wlan-gw
config>service>ies>sub-if>grp-if>wlan-gw
config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range
config>service>ies>sub-if>grp-if>wlan-gw>ranges>range
Description 

Enters the context to create configuration for authenticating a user from the WLAN-GW ISA.

Default 

none

authenticate-on-dhcp

Syntax 
[no] authenticate-on-dhcp
Context 
config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range
config>service>ies>sub-if>grp-if>wlan-gw>ranges>range
Description 

This command enables initial authentication (when there is no state for the UE on the ISA), to be triggered by DHCP DISCOVER or REQUEST. The default behavior s authentication based on first Layer 3 packet.

Default 

none

authentication-policy

Syntax 
authentication-policy policy-name
no authentication-policy
Context 
config>service>vprn>sub-if>grp-if>wlan-gw>authentication
config>service>ies>sub-if>grp-if>wlan-gw>authentication
config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>authentication
config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>authentication
Description 

This command specifies authentication policy configured under aaa context for authenticating users on WLAN-GW ISA.

Default 

none

Parameters 
policy-name —
Specifies the name of the authentication policy up to 32 characters in length.

hold-time

Syntax 
hold-time [hrs hours] [min minutes] [sec seconds]
no hold-time
Context 
config>service>vprn>sub-if>grp-if>wlan-gw>authentication
config>service>ies>sub-if>grp-if>wlan-gw>authentication
config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>authentication
config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>authentication
Description 

This command configures the minimum time that a user is held down after a failed authentication attempt.

Default 

.none

Parameters 
hrs hours
Specifies the minimum time that a user is held down in hours.
Values—
1 to 1
min minutes
Specifies the minimum time that a user is held down in minutes
Values—
5 to 59
sec seconds
Specifies the minimum time that a user is held down in seconds.
Values—
1 to 59

vlan-mismatch-timeout

Syntax 
vlan-mismatch-timeout seconds
no vlan-mismatch-timeout
Context 
config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>authentication
config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>authentication
Description 

This command configures the timeout value for the RADIUS proxy cache if a packet is received with a non-matching VLAN tag. The new timeout value will be the lesser of the vlan-mismatch-timeout value and the currently remaining proxy cache timeout value.

The no form of the command disables the timeout behavior. The cache timeout value will remain unchanged.

Default 

no vlan-mismatch-timeout

Parameters 
seconds—
The timeout value for the RADIUS proxy cache, in seconds
Values—
5 to 60

brg

Syntax 
brg
Context 
config>service>ies>sub-if>grp-if>wlan-gw>ranges>range
config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range
config>service>ies>sub-if>grp-if
config>service>vprn>sub-if>grp-if
Description 

This command enables the context to configure BRG parameters. In the config>service>ies>sub-if>grp-if and config>service>vprn>sub-if>grp-if contexts, these commands are only available in the vlan-range level.

authenticated-brg-only

Syntax 
[no] authenticated-brg-only
Context 
config>service>vprn>sub-if>grp-if>wlan-gw>vlan-ranges>range>brg config>service>ies>sub-if>grp-if>wlan-gw>vlan-ranges>range>brg config>service>vprn>sub-if>grp-if>brg config>service>ies>sub-if>grp-if>brg
Description 

This command indicates that only BRGs that are pre-authenicated using the RADIUS proxy are allowed in this context.

The no form of the command removes the restriction

Default 

no authentication-brg-only

default-brg-profile

Syntax 
default-brg-profile profile-name
no default-brg-profile
Context 
config>service>vprn>sub-if>grp-if>wlan-gw>vlan-ranges>range>brg config>service>ies>sub-if>grp-if>wlan-gw>vlan-ranges>range>brg config>service>vprn>sub-if>grp-if>brg config>service>ies>sub-if>grp-if>brg
Description 

This command indicates that the default BRG profile must be used for new BRGs. This profile can be overridden by RADIUS.

Default 

no default-brg-profile

Parameters 
profile-name—
Specifies the name of the brg-profile to be applied.

data-triggered-ue-creation

Syntax 
[no] data-triggered-ue-creation
Context 
config>service>vprn>sub-if>grp-if>wlan-gw
config>service>ies>sub-if>grp-if>wlan-gw
config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range
config>service>ies>sub-if>grp-if>wlan-gw>ranges>range
Description 

This command enables or disables data-triggered subscriber creation for WIFI subscribers. Data triggered UE creation is currently only supported for UDP and TCP packets.

Default 

none

track-mobility

Syntax 
track-mobility
Context 
config>service>vprn>sub-if>grp-if>wlan-gw
config>service>ies>sub-if>grp-if>wlan-gw
config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range
config>service>ies>sub-if>grp-if>wlan-gw>ranges>range
Description 

This command enters the context to configure RADIUS-proxy cache information required for subscribers that are created via “data-triggered” authentication. The RADIUS proxy cache enables efficient handling of UE mobility.

none

mac-format

Syntax 
mac-format mac-format
no mac-format
Context 
config>service>vprn>sub-if>grp-if>wlan-gw>track-mobility
config>service>ies>sub-if>grp-if>wlan-gw>track-mobility
config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>track-mobility
config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>track-mobility
Description 

This command configures how the MAC address is represented by the RADIUS proxy server.

Default 

none

Parameters 
mac-format—
Specifies how the MAC address is represented by the RADIUS proxy server
Values—

mac-format

like ab: for 00:0c:f1:99:85:b8

or XY- for 00-0C-F1-99-85-B8

or mmmm. for 0002.03aa.abff

or xx for 000cf19985b8

radius-proxy-cache

Syntax 
radius-proxy-cache router router-instance server server-name
no radius-proxy-cache
Context 
config>service>vprn>sub-if>grp-if>wlan-gw>track-mobility
config>service>ies>sub-if>grp-if>wlan-gw>track-mobility
config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>track-mobility
config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>track-mobility
Description 

This command specifies the RADIUS-proxy server to allow subscribers created via data-triggered authentication to create an entry. This RADIUS proxy cache entry allows efficient handling of UE mobility.

Default 

none

Parameters 
router router-instance
Specifies the router instance.
Values—

router-name

Base

service-id

1 to 2147483647

server server-name
Specifies the server name up to 32 characters in length.

sap-template

Syntax 
sap-template sap template
no sap-template
Context 
config>service>vpls>wlan-gw
Description 

This command specifies the vpls-sap-template that will be applied on the internal SAPs created for communication between the VPLS and the ISAs.

The no form of the command removes the SAP template.

Parameters 
sap-template —
Specifies the SAP template to apply. The template is a vpls-sap-template created in the service>template context.

Distributed Subscriber Management Commands

dsm-ip-filter

Syntax 
dsm-ip-filter name [create]
no dsm-ip-filter name
Context 
config>subscr-mgmt>wlan-gw>dsm
Description 

This command configures a set of filter rules that can be applied to a DSM UE.

The no form of this command can only be executed if no entries are configured under this filter.

Parameters 
filter-name—
Specifies the name of the filter as it will be referred to in other contexts.
create—
Keyword used to create a dsm-ip-filter name. The create keyword requirement can be enabled/disabled in the environment>create context.

default-action

Syntax 
default-action {drop | forward}
no default-action
Context 
config>subscr-mgmt>wlan-gw>dsm>dsm-ip-filter
config>subscr-mgmt>wlan-gw>dsm>dsm-ip-filter>ipv6
Description 

The default action specifies what should happen to packets that do not match any of the configured entries.

The no form of this command reverts to the default.

Default 

default-action drop

Parameters 
drop —
Drops the packet.
forward —
Forwards the packet.

entry

Syntax 
entry entry-id [create]
no entry entry-id
Context 
config>subscr-mgmt>wlan-gw>dsm>dsm-ip-filter
config>subscr-mgmt>wlan-gw>dsm>dsm-ip-filter>ipv6
Description 

This command configures a new entry for this filter. When processing a packet, entries are matched in order, starting with the lowest entry-id. A maximum of 128 IPv4 and 128 IPv6 DSM filter entries are allowed box-wide.

The no form of this command reverts to the default.

Parameters 
entry-id —
Specifies the id of this filter entry.

action

Syntax 
action {drop | forward | none}
no action
Context 
config>subscr-mgmt>wlan-gw>dsm>dsm-ip-filter>entry
config>subscr-mgmt>wlan-gw>dsm>dsm-ip-filter>ipv6>entry
Description 

The action specifies what should happen to packets that do match this entry. If the configured action is none, this entry is not applied and processing will continue to match against subsequent entries.

The no form of this command reverts to the default.

Default 

action none

Parameters 
drop —
Drops the packet.
forward —
Forwards the packet.
none—
Disables this entry. Packet processing continues with the next entry.

match

Syntax 
match protocol {any | icmp | tcp | udp | gre}
no match
Context 
config>subscr-mgmt>wlan-gw>dsm>dsm-ip-filter>entry
config>subscr-mgmt>wlan-gw>dsm>dsm-ip-filter>ipv6>entry
Description 

This command creates a match context for this entry. The protocol specifies which Layer-4 protocol the packet should match.

The no form of this command removes the match context of this entry.

Default 

no match

Parameters 
any—
Matches any protocol.
icmp—
Matches ICMP packets in a v4 filter.
tcp—
Matches TCP packets.
udp—
Matches UDP packets.
gre—
Matches GRE over IP packets.

dst-ip

Syntax 
dst-ip ip-prefix/length
no dst-ip
Context 
config>subscr-mgmt>wlan-gw>dsm>dsm-ip-filter>entry
Description 

This command specifies that the packet’s destination IP address must match the specified IP prefix + mask.

The no form of this command disables the match on destination IP.

Default 

no dst-ip

Parameters 
ip-prefix/length—
Specifies the IP prefix to match on.

dst-port

Syntax 
dst-port operator port-number
no dst-port
Context 
config>subscr-mgmt>wlan-gw>dsm>dsm-ip-filter>entry
Description 

This command specifies that the packet’s destination IP address must match the specified IP prefix + mask.

The no form of this command disables the match on destination IP.

Default 

no dst-ip

Parameters 
ip-prefix/length—
Specifies the IP prefix to match on.

dsm-policer

Syntax 
dsm-policer policer-name [type policer-type] [create]
no dsm-policer policer-name
Context 
config>subscr-mgmt>wlan-gw>dsm
Description 

This command creates a policer profile that can be applied to a DSM host. When creating a profile the first time, both the create and type parameters are required.

The WLAN-GW allows configuration of both single-rate and dual-rate bucket policers.

The no form of this command removes the profile.

Parameters 
policer-name —
The name by which this policer will be referenced.
type policer-type
Specifies the policer type. The dual-bucket-bandwidth policer applies both a CIR and PIR.
Values—
single-bucket-bandwidith, dual-bucket-bandwidith

action

Syntax 
action {permit-deny | priority-mark}
no action
Context 
config>subscr-mgmt>wlan-gw>dsm>dsm-policer
Description 

This command specifies what should happen with packets that are in-profile and out-of-profile.

The no value of this command reverts to its default.

Default 

action permit-deny

Parameters 
permit-deny—
Drop all packets that are out of profile (do not conform to the PIR).
priority-mark—
Currently not supported, the policer will take no action.

adaptation-rule

Syntax 
adaptation-rule pir {max | min | closest} [cir {max | min | closest}]
no adaptation-rule
Context 
config>subscr-mgmt>wlan-gw>dsm>dsm-policer
Description 

For operational efficiency, the operational rate of a policer cannot take on every value in the configurable range. This configuration defines a rule that must be followed when mapping a configured rate to an operational rate.

The cir adaptation-rule can only be set on dual-bucket-bandwidth policers.

The no form of this command reverts to its default.

Default 

adaptation-rule pir closest cir closest

Parameters 
min—
The operational rate must minimally be the configured rate. The first operational value bigger or equal to the configured rate will be chosen.
max —
The operational rate may maximally be the configured rate. The first operational value smaller or equal to the configured rate will be chosen.
closest —
Chooses the operational value closest to the configured value, lower or higher

cbs

Syntax 
cbs burst-size
no cbs
Context 
config>subscr-mgmt>wlan-gw>dsm>dsm-policer
Description 

This command specifies the committed burst-size value of this policer. This can only be set on dual-bucket-bandwidth policers.

The no form of this command reverts to its default.

Default 

cbs 0

Parameters 
burst-size —
The committed burst-size in kilobytes.
Values—
0 to 131071

mbs

Syntax 
mbs burst-size
no mbs
Context 
config>subscr-mgmt>wlan-gw>dsm>dsm-policer
Description 

This command specifies the maximum burst-size value of this policer.

The no form of this command reverts to its default.

Default 

mbs 0

Parameters 
burst-size —
The maximum burst-size in kilobytes.
Values—
0 to 131071

rate

Syntax 
rate rate [cir rate]
no rate
Context 
config>subscr-mgmt>wlan-gw>dsm>dsm-policer
Description 

This command specifies at which rate the policer drains packets. The cir value is only supported on dual-bucket-bandwidth policers. If rate max is configured, no actual rate limitations are applied.

The no form of this command reverts to the default.

Default 

rate max

Parameters 
rate —
Specifies the rate in Kbps.
Values—
1 to 100000000, max

Show Commands

Note:

The command outputs in the following section are examples only; actual displays may differ depending on supported functionality and user configuration.

call-trace

Syntax 
call-trace
Context 
show
Description 

This command enables the context to display information related to the call-trace module.

files

Syntax 
files [running|finished] [detail]
Context 
show>call-trace
Description 

This command gives an overview of all the files in use by the call-trace module, either for running or finished jobs.

Parameters 
running—
Displays the active jobs that are tracing events triggered by the host being monitored.
finished—
Displays the jobs that have already finished and not tracing events generated by the host anymore.
detail—
Displays detailed information about the files.
Output 

The following output displays call trace local log files information.

Sample Output
Node# show call-trace files
===============================================================================
Call trace files of running jobs
===============================================================================
File path                                                             File size
                                                                        (bytes)
-------------------------------------------------------------------------------
cf1-A:/calltrace/running/mac_00-02-00-00-00-19_160119_1557.pcap            1575
-------------------------------------------------------------------------------
No. of call trace files of running jobs: 1
===============================================================================
===============================================================================
Call trace files of finished jobs
===============================================================================
File path                                                             File size
                                                                        (bytes)
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
No. of call trace files of finished jobs: 0
===============================================================================

status

Syntax 
status
Context 
show>call-trace
Description 

This command gives a router-wide overview of call-trace operational data, such as number of configured profile, number of jobs and status of the compact flash.

Output 

The following output displays call trace status information.

Sample Output
===============================================================================
Call trace status
===============================================================================
No. of trace profiles: 1
No. of trace jobs    : 0
-------------------------------------------------------------------------------
Primary CF           : CF1              Max files number     : 200
CF1 state            : enabled          CF1 volume limit     : 1000 MB
CF2 state            : enabled          CF2 volume limit     : 1000 MB

trace-profile

Syntax 
trace-profile [detail]
trace-profile profile-name
Context 
show>call-trace
Description 

This command provides an overview of all configured profiles or details of a specific profile. If the detail option is specified the full information for all configured profiles will be displayed.

Output 

The following output displays call-trace trace-profile information.

Sample Output
Node# show call-trace trace-profile "default" 
===============================================================================
Call-trace  trace profile
===============================================================================
Profile name              : default
Description                : none
Live output                : none
Format                       : pcap
Size limit                   : 10 MB
Time limit                  : 86400 secs
-------------------------------------------------------------------------------
Number of profiles : 1
===============================================================================
 

wlan-gw

Syntax 
wlan-gw
Context 
show>call-trace
Description 

The command enables the context to display information related to the wlan-gw call-trace functionality.

ue

Syntax 
ue [ieee-address] [detail]
Context 
show>call-trace
Description 

This command gives an overview of either all traces or a specific trace on the WLAN-GW.

Parameters 
ieee-address—
Displays information about the MAC address of this UE.
detail—
Displays detailed information about the job.
Output 

This command displays information about the traces of the UE being monitored.

Sample Output
Node# show call-trace hosts
===============================================================================
Call-trace hosts
===============================================================================
 MAC address Mask-name     Status      Msgs
-------------------------------------------------------------------------------
 00:0a:95:9d:68:16 N/A                running   16
-------------------------------------------------------------------------------
Number of call-trace debug jobs: 1
=============================================================================
Node# show call-trace hosts detail
===============================================================================
Call-trace  detail
===============================================================================
MAC address                            : 00:0a:95:95:34:0a                 Status : running
                   Capture format     : pcap
Nr. of captured msgs   : 4 Time limit            : 86400s
Size of captured msgs : 2620B Data limit             : 10MB
Started : NOV 12 2013, 15:28:17 UTC
Live output : N/A
-------------------------------------------------------------------------------
 

acct-on-off-group

Syntax 
acct-on-off-group [group-name]
Context 
show>aaa
Description 

This command displays Acct-On-Off group information and the associated RADIUS server policies.

Parameters 
group-name—
Displays information pertaining to the specified acct-on-off group.
Output 
Table 100:  WiFi Acct-On-Off Field Descriptions 

Label

Description  

acct on off group name

Displays the name of a RADIUS server policy Accounting-On-Off-Group.

controlling Radius-Server-policy

Specifies the RADIUS policy that controls the Acct-On-Off group.

monitored by Radius-Server-policy

Specifies the RADIUS policy that monitors the Acct-On-Off group.

Nbr of Acct-on-off-groups displayed

Displays the number of acct-on-off-group.

Sample Output
# show aaa acct-on-off-group "group-1" 
===============================================================================
Acct-On-Off-Group Information
===============================================================================
acct on off group name               : group-1
  - controlling Radius-Server-policy :  
        aaa-server-policy-3
  - monitored by Radius-Server-policy :  
        aaa-server-policy-4
-------------------------------------------------------------------------------
Nbr of Acct-on-off-groups displayed : 1
-------------------------------------------------------------------------------
===============================================================================
 

radius-proxy-server

Syntax 
radius-proxy-server server-name
radius-proxy-server server-name cache
radius-proxy-server server-name cache hex-key hex-string
radius-proxy-server server-name cache string-key string
radius-proxy-server server-name cache summary
radius-proxy-server server-name statistics
radius-proxy-server
Context 
show>router
Description 

This command displays summary of RADIUS-proxy cache or specific entries.

Parameters 
server-name—
Displays information about the specified server name.
cache—
Displays messages used to generate the key for the cache of this RADIUS proxy server.
hex-key hex-string
Displays information about the specified hex string.
Values—
0x0 to 0xFFFFFFFF (maximum of 64 hex nibbles)]
string-key string
Displays information about the specified string.
summary—
Displays a summary of the cache of the RADIUS proxy servers.
statistics—
Displays statistics about the RADIUS proxy servers of this system.
Output 
Table 101:  RADIUS Proxy Server Field Descriptions 

Label

Description

Description

Displays the description of this RADIUS proxy server.

Purpose

Displays the purpose of the RADIUS server, either accounting or authentication.

Administrative state

Displays the administrative state of this RADIUS server.

Default acct server policy

Displays the name of the default RADIUS server policy associated with this RADIUS proxy server for accounting purposes.

Default auth server policy

Displays the name of the default RADIUS server policy associated with this RADIUS proxy server for authentication purposes.

Send accounting response

Specifies if this RADIUS Proxy server itself responds with an Accounting-Response message to each received Accounting-Request instead of proxying them to a configured RADIUS server.

Last management change

Displays the sysUpTime at the time of the most recent management-initiated change

Key packet type

Displays the packet type of the RADIUS messages to use to generate the key for the cache of this RADIUS proxy server, access-request, access-accept, access-reject, access-challenge

Key attribute

type

Displays the RADIUS attribute type to cache for this RADIUS proxy server. Refer to RFC 2865, Remote Authentication Dial In User Service (RADIUS), Section 5 Attributes.

Key vendor ID

Displays the RADIUS Vendor-Id. Refer to RFC 2865, Remote Authentication Dial In User Service (RADIUS), Section 5.25 Vendor-Specific.

Timeout (s)

Displays, in seconds, the timeout after which an entry in the cache will expire.

Track accounting

Displays the RADIUS accounting packets that have impact on the cache of this RADIUS proxy server.

Load balance key

Displays the key for load-balancing RADIUS messages between RADIUS servers.

Id

Displays the specifies the RADIUS Vendor-Id.

Username

Displays the user name.

RADIUS-server-policy

Displays the RADIUS server name.

Purpose

Displays the purpose of the RADIUS server, either accounting or authentication.

Sample Output
system# show router 10 radius-proxy-server "myProxyServer1" 
===============================================================================
RADIUS Proxy server "myProxyServer1"
===============================================================================
Description                 : myDesc
Purpose                     : authentication 
Administrative state        : in-service
Default acct server policy  : myRadiusServerPolicy1
Default auth server policy  : myRadiusServerPolicy2
Send accounting response    : true
Last management change      : 02/17/2012 14:54:28
-------------------------------------------------------------------------------
Cache settings
-------------------------------------------------------------------------------
Administrative state        : enabled
Key packet type             : access-accept
Key attribute type          : 12
Key vendor ID               : (Not Specified)
Timeout (s)                 : 60
Track accounting            : stop interim-update accounting-on accounting-off 
Load balance key            : source-ip-udp
===============================================================================
Interfaces
-------------------------------------------------------------------------------
myInterface1                     
myInterface2                     
myInterface3                     
-------------------------------------------------------------------------------
No. of Interface(s): 3
===============================================================================
Usernames/RADIUS server policies
===============================================================================
Id Username-match                     RADIUS-server-policy             Purpose
------------------------------------------------------------------------------------
1.  aaa                                myRadiusServerPolicy2 auth
==============================================================================
system# 

wlan-gw

Syntax 
wlan-gw
Context 
show>router
Description 

This command displays Wireless LAN Gateway information.

isa-subnets

Syntax 
isa-subnets [detail]
isa-subnets [detail] interface interface-name
isa-subnets prefix ipv6-address/prefix-length
Context 
show>router>wlan-gw
Description 

This command outputs all the prefixes in use by the wlan-gw pool-manager.

Parameters 
detail—
Displays detailed information for each prefix.
interface interface-name
Displays only the prefixes associated with this subscriber-interface.
ipv6-address/prefix-length—
Displays details of a specific ipv6 address and prefix.
Output 

Sample Output
system# show router wlan-gw isa-subnets
===============================================================================
ISA Subnets
===============================================================================
Prefix                                                   MDA     Family  Usage
-------------------------------------------------------------------------------
2001:db8::/48                                            3/1     dhcpv6  0%
2001:db8:1::/48                                          3/2     dhcpv6  0%
2001:db8:2::/48                                          4/1     dhcpv6  0%
2001:db8:3::/48                                          4/2     dhcpv6  0%
2001:db8:4::/48                                          5/1     dhcpv6  0%
2001:db8:5::/48                                          5/2     dhcpv6  0%
2001:db8:6::/48                                          3/1     slaac   0%
2001:db8:7::/48                                          3/2     slaac   0%
2001:db8:8::/48                                          4/1     slaac   0%
2001:db8:9::/48                                          4/2     slaac   0%
2001:db8:a::/48                                          5/1     slaac   0%
2001:db8:b::/48                                          5/2     slaac   0%
-------------------------------------------------------------------------------
No. of ISA subnets: 12
===============================================================================
 
*A:Dut-C# show router wlan-gw isa-subnets prefix 2001:db8::/48
===============================================================================
ISA Subnet Prefix           : 2001:db8::/48
-------------------------------------------------------------------------------
Group Id                    : 1
Member Id                   : 1
MDA                         : 3/1
Family                      : dhcpv6
Subscriber Interface        : wlangw-sub-itf
Pool Is Old                 : No
Usage Level                 : 0%
Remaining Lease Time        : 0d 23:50:54
DHCPv6 Options              : (length=512)
                            : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
===============================================================================
 

mgw-address-cache

Syntax 
mgw-address-cache [arec] [snaptr] [srv]
mgw-address-cache apn apn-domain-string
Context 
show>router>wlan-gw
Description 

This command displays the mobile gateway's DNS lookup address cache.

Parameters 
arec—
Displays A-records/
snaptr—
Displays Straightforward-NAPTR information.
srv—
Displays SRV records.
apn apn-domain-string
Specifies the APN (Access Point Name) of this DNS cache entry.
Output 

Sample Output
*A:Dut-C# show router 300 wlan-gw mgw-address-cache 
===============================================================================
Mobile Gateway SNAPTR cache
===============================================================================
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.
                              3gppnetwork.org
Order                       : 10
Index                       : 1
-------------------------------------------------------------------------------
Preference                  : 10
Service                     : x-3gpp-pgw:x-gn-gtp
Next lookup                 : dns-srv
Replacement                 : full.dotted.apn.apn.epc.mnc010.mcc206.srv1.
                              3gppnetwork.org
Time left (s)               : 3582
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.
                              3gppnetwork.org
Order                       : 20
Index                       : 2
-------------------------------------------------------------------------------
Preference                  : 20
Service                     : x-3gpp-pgw:x-s2a-gtp
Next lookup                 : dns-srv
Replacement                 : full.dotted.apn.apn.epc.mnc010.mcc206.srv2.
                              3gppnetwork.org
Time left (s)               : 3582
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.
                              3gppnetwork.org
Order                       : 30
Index                       : 3
-------------------------------------------------------------------------------
Preference                  : 30
Service                     : x-3gpp-pgw:x-s2b-gtp
Next lookup                 : dns-srv
Replacement                 : full.dotted.apn.apn.epc.mnc010.mcc206.srv3.
                              3gppnetwork.org
Time left (s)               : 3581
-------------------------------------------------------------------------------
No. of SNAPTR cache entries: 3
===============================================================================
===============================================================================
Mobile Gateway SRV cache
===============================================================================
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv1.
                              3gppnetwork.org
Priority                    : 10      
Index                       : 1
-------------------------------------------------------------------------------
Weight                      : 10
Port                        : 2123
Target                      : full.dotted.apn.apn.epc.mnc010.mcc206.srv1.a1.
                              3gppnetwork.org
Time left (s)               : 3581
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv1.
                              3gppnetwork.org
Priority                    : 20
Index                       : 2
-------------------------------------------------------------------------------
Weight                      : 20
Port                        : 2123
Target                      : full.dotted.apn.apn.epc.mnc010.mcc206.srv1.a2.
                              3gppnetwork.org
Time left (s)               : 3581
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv2.
                              3gppnetwork.org
Priority                    : 10
Index                       : 1
-------------------------------------------------------------------------------
Weight                      : 10      
Port                        : 2123
Target                      : full.dotted.apn.apn.epc.mnc010.mcc206.srv2.a1.
                              3gppnetwork.org
Time left (s)               : 3581
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv2.
                              3gppnetwork.org
Priority                    : 20
Index                       : 2
-------------------------------------------------------------------------------
Weight                      : 20
Port                        : 2123
Target                      : full.dotted.apn.apn.epc.mnc010.mcc206.srv2.a2.
                              3gppnetwork.org
Time left (s)               : 3581
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv3.
                              3gppnetwork.org
Priority                    : 10
Index                       : 1
-------------------------------------------------------------------------------
Weight                      : 10
Port                        : 2123
Target                      : full.dotted.apn.apn.epc.mnc010.mcc206.srv3.a1.
                              3gppnetwork.org
Time left (s)               : 3581
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv3.
                              3gppnetwork.org
Priority                    : 20
Index                       : 2
-------------------------------------------------------------------------------
Weight                      : 20
Port                        : 2123
Target                      : full.dotted.apn.apn.epc.mnc010.mcc206.srv3.a2.
                              3gppnetwork.org
Time left (s)               : 3581
-------------------------------------------------------------------------------
No. of SRV cache entries: 6
===============================================================================
===============================================================================
Mobile Gateway address cache
===============================================================================
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv1.a1.
                              3gppnetwork.org
-------------------------------------------------------------------------------
Mobile Gateway address      : 9.0.0.23
Time left (s)               : 3581 
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv1.a1.
                              3gppnetwork.org
-------------------------------------------------------------------------------
Mobile Gateway address      : 9.0.0.29
Time left (s)               : 3581
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv1.a1.
                              3gppnetwork.org
-------------------------------------------------------------------------------
Mobile Gateway address      : 9.0.0.35
Time left (s)               : 3581
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv1.a2.
                              3gppnetwork.org
-------------------------------------------------------------------------------
Mobile Gateway address      : 9.0.0.24
Time left (s)               : 3581
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv1.a2.
                              3gppnetwork.org
-------------------------------------------------------------------------------
Mobile Gateway address      : 9.0.0.30
Time left (s)               : 3581
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv1.a2.
                              3gppnetwork.org
-------------------------------------------------------------------------------
Mobile Gateway address      : 9.0.0.36
Time left (s)               : 3581
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv2.a1.
                              3gppnetwork.org
-------------------------------------------------------------------------------
Mobile Gateway address      : 9.0.0.25
Time left (s)               : 3581
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv2.a1.
                              3gppnetwork.org
-------------------------------------------------------------------------------
Mobile Gateway address      : 9.0.0.31
Time left (s)               : 3581
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv2.a1.
                              3gppnetwork.org
-------------------------------------------------------------------------------
Mobile Gateway address      : 9.0.0.37
Time left (s)               : 3581
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv2.a2.
                              3gppnetwork.org
-------------------------------------------------------------------------------
Mobile Gateway address      : 9.0.0.26
Time left (s)               : 3580
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv2.a2.
                              3gppnetwork.org
-------------------------------------------------------------------------------
Mobile Gateway address      : 9.0.0.32
Time left (s)               : 3580
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv2.a2.
                              3gppnetwork.org
-------------------------------------------------------------------------------
Mobile Gateway address      : 9.0.0.38
Time left (s)               : 3580
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv3.a1.
                              3gppnetwork.org
-------------------------------------------------------------------------------
Mobile Gateway address      : 9.0.0.27
Time left (s)               : 3580
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv3.a1.
                              3gppnetwork.org
-------------------------------------------------------------------------------
Mobile Gateway address      : 9.0.0.33
Time left (s)               : 3580
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv3.a1.
                              3gppnetwork.org
-------------------------------------------------------------------------------
Mobile Gateway address      : 9.0.0.39
Time left (s)               : 3580
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv3.a2.
                              3gppnetwork.org
-------------------------------------------------------------------------------
Mobile Gateway address      : 9.0.0.28
Time left (s)               : 3580
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv3.a2.
                              3gppnetwork.org
-------------------------------------------------------------------------------
Mobile Gateway address      : 9.0.0.34
Time left (s)               : 3580
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv3.a2.
                              3gppnetwork.org
-------------------------------------------------------------------------------
Mobile Gateway address      : 9.0.0.40
Time left (s)               : 3580
-------------------------------------------------------------------------------
No. of cache entries: 18
 
 
*A:Dut-C# show router 300 wlan-gw mgw-address-cache arec 
===============================================================================
Mobile Gateway address cache
===============================================================================
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv1.a1.
                              3gppnetwork.org
-------------------------------------------------------------------------------
Mobile Gateway address      : 9.0.0.23
Time left (s)               : 3573
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv1.a1.
                              3gppnetwork.org
-------------------------------------------------------------------------------
Mobile Gateway address      : 9.0.0.29
Time left (s)               : 3573
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv1.a1.
                              3gppnetwork.org
-------------------------------------------------------------------------------
Mobile Gateway address      : 9.0.0.35
Time left (s)               : 3573
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv1.a2.
                              3gppnetwork.org
-------------------------------------------------------------------------------
Mobile Gateway address      : 9.0.0.24
Time left (s)               : 3573
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv1.a2.
                              3gppnetwork.org
-------------------------------------------------------------------------------
Mobile Gateway address      : 9.0.0.30
Time left (s)               : 3573
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv1.a2.
                              3gppnetwork.org
-------------------------------------------------------------------------------
Mobile Gateway address      : 9.0.0.36
Time left (s)               : 3573
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv2.a1.
                              3gppnetwork.org
-------------------------------------------------------------------------------
Mobile Gateway address      : 9.0.0.25
Time left (s)               : 3573
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv2.a1.
                              3gppnetwork.org
-------------------------------------------------------------------------------
Mobile Gateway address      : 9.0.0.31
Time left (s)               : 3573
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv2.a1.
                              3gppnetwork.org
-------------------------------------------------------------------------------
Mobile Gateway address      : 9.0.0.37
Time left (s)               : 3573
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv2.a2.
                              3gppnetwork.org
-------------------------------------------------------------------------------
Mobile Gateway address      : 9.0.0.26
Time left (s)               : 3573
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv2.a2.
                              3gppnetwork.org
-------------------------------------------------------------------------------
Mobile Gateway address      : 9.0.0.32
Time left (s)               : 3573
-----------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv2.a2.
                              3gppnetwork.org
-------------------------------------------------------------------------------
Mobile Gateway address      : 9.0.0.38
Time left (s)               : 3572
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv3.a1.
                              3gppnetwork.org
-------------------------------------------------------------------------------
Mobile Gateway address      : 9.0.0.27
Time left (s)               : 3572
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv3.a1.
                              3gppnetwork.org
-------------------------------------------------------------------------------
Mobile Gateway address      : 9.0.0.33
Time left (s)               : 3572
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv3.a1.
                              3gppnetwork.org
-------------------------------------------------------------------------------
Mobile Gateway address      : 9.0.0.39
Time left (s)               : 3572 
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv3.a2.
                              3gppnetwork.org
-------------------------------------------------------------------------------
Mobile Gateway address      : 9.0.0.28
Time left (s)               : 3572
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv3.a2.
                              3gppnetwork.org
-------------------------------------------------------------------------------
Mobile Gateway address      : 9.0.0.34
Time left (s)               : 3572
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv3.a2.
                              3gppnetwork.org
-------------------------------------------------------------------------------
Mobile Gateway address      : 9.0.0.40
Time left (s)               : 3572
-------------------------------------------------------------------------------
No. of cache entries: 18
===============================================================================
 
 
*A:Dut-C# show router 300 wlan-gw mgw-address-cache srv  
===============================================================================
Mobile Gateway SRV cache
===============================================================================
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv1.
                              3gppnetwork.org
Priority                    : 10
Index                       : 1
-------------------------------------------------------------------------------
Weight                      : 10
Port                        : 2123
Target                      : full.dotted.apn.apn.epc.mnc010.mcc206.srv1.a1.
                              3gppnetwork.org
Time left (s)               : 3567
 
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv1.
                              3gppnetwork.org
Priority                    : 20
Index                       : 2
-------------------------------------------------------------------------------
Weight                      : 20
Port                        : 2123
Target                      : full.dotted.apn.apn.epc.mnc010.mcc206.srv1.a2.
                              3gppnetwork.org
Time left (s)               : 3567    
 
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv2.
                              3gppnetwork.org
Priority                    : 10
Index                       : 1
-------------------------------------------------------------------------------
Weight                      : 10
Port                        : 2123
Target                      : full.dotted.apn.apn.epc.mnc010.mcc206.srv2.a1.
                              3gppnetwork.org
Time left (s)               : 3566
 
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv2.
                              3gppnetwork.org
Priority                    : 20
Index                       : 2
-------------------------------------------------------------------------------
Weight                      : 20
Port                        : 2123
Target                      : full.dotted.apn.apn.epc.mnc010.mcc206.srv2.a2.
                              3gppnetwork.org
Time left (s)               : 3566
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv3.
                              3gppnetwork.org
Priority                    : 10
Index                       : 1
-------------------------------------------------------------------------------
Weight                      : 10
Port                        : 2123
Target                      : full.dotted.apn.apn.epc.mnc010.mcc206.srv3.a1.
                              3gppnetwork.org
Time left (s)               : 3566
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv3.
                              3gppnetwork.org
Priority                    : 20
Index                       : 2
-------------------------------------------------------------------------------
Weight                      : 20
Port                        : 2123
Target                      : full.dotted.apn.apn.epc.mnc010.mcc206.srv3.a2.
                              3gppnetwork.org
Time left (s)               : 3566
-------------------------------------------------------------------------------
No. of SRV cache entries: 6
===============================================================================
 
 
*A:Dut-C# show router 300 wlan-gw mgw-address-cache snaptr
===============================================================================
Mobile Gateway SNAPTR cache
===============================================================================
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.
                              3gppnetwork.org
Order                       : 10
Index                       : 1
-------------------------------------------------------------------------------
Preference                  : 10
Service                     : x-3gpp-pgw:x-gn-gtp
Next lookup                 : dns-srv
Replacement                 : full.dotted.apn.apn.epc.mnc010.mcc206.srv1.
                              3gppnetwork.org
Time left (s)               : 3555
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.
                              3gppnetwork.org
Order                       : 20
Index                       : 2
-------------------------------------------------------------------------------
Preference                  : 20
Service                     : x-3gpp-pgw:x-s2a-gtp
Next lookup                 : dns-srv
Replacement                 : full.dotted.apn.apn.epc.mnc010.mcc206.srv2.
                              3gppnetwork.org
Time left (s)               : 3555
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.
                              3gppnetwork.org
Order                       : 30
Index                       : 3
-------------------------------------------------------------------------------
Preference                  : 30
Service                     : x-3gpp-pgw:x-s2b-gtp
Next lookup                 : dns-srv
Replacement                 : full.dotted.apn.apn.epc.mnc010.mcc206.srv3.
                              3gppnetwork.org
Time left (s)               : 3554
 
-------------------------------------------------------------------------------
No. of SNAPTR cache entries: 3
 
 
*A:Dut-C# show router 300 wlan-gw mgw-address-cache apn full.dotted.apn.apn.epc.mnc010.mcc206.3gppnetwork.org 
===============================================================================
Mobile Gateway APN Cache
===============================================================================
-------------------------------------------------------------------------------
APN > NAPTR
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.
                              3gppnetwork.org
Order                       : 10
Index                       : 1
-------------------------------------------------------------------------------
Preference                  : 10
Service                     : x-3gpp-pgw:x-gn-gtp
Next lookup                 : dns-srv
Replacement                 : full.dotted.apn.apn.epc.mnc010.mcc206.srv1.
                              3gppnetwork.org
Time left (s)               : 3531
-------------------------------------------------------------------------------
APN > NAPTR > SRV
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv1.
                              3gppnetwork.org
Priority                    : 10
Index                       : 1
-------------------------------------------------------------------------------
Weight                      : 10
Port                        : 2123
Target                      : full.dotted.apn.apn.epc.mnc010.mcc206.srv1.a1.
                              3gppnetwork.org
Time left (s)               : 3531
-------------------------------------------------------------------------------
APN > NAPTR > SRV > A
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv1.a1.
                              3gppnetwork.org
-------------------------------------------------------------------------------
Mobile Gateway address      : 9.0.0.23
Time left (s)               : 3530
-------------------------------------------------------------------------------
APN > NAPTR > SRV > A
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv1.a1.
                              3gppnetwork.org
-------------------------------------------------------------------------------
Mobile Gateway address      : 9.0.0.29
Time left (s)               : 3530
-------------------------------------------------------------------------------
APN > NAPTR > SRV > A
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv1.a1.
                              3gppnetwork.org
-------------------------------------------------------------------------------
Mobile Gateway address      : 9.0.0.35
Time left (s)               : 3530
-------------------------------------------------------------------------------
APN > NAPTR > SRV
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv1.
                              3gppnetwork.org
Priority                    : 20
Index                       : 2
-------------------------------------------------------------------------------
Weight                      : 20
Port                        : 2123
Target                      : full.dotted.apn.apn.epc.mnc010.mcc206.srv1.a2.
                              3gppnetwork.org
Time left (s)               : 3530
-------------------------------------------------------------------------------
APN > NAPTR > SRV > A
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv1.a2.
                              3gppnetwork.org
-------------------------------------------------------------------------------
Mobile Gateway address      : 9.0.0.24
Time left (s)               : 3530
-------------------------------------------------------------------------------
APN > NAPTR > SRV > A
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv1.a2.
                              3gppnetwork.org
-------------------------------------------------------------------------------
Mobile Gateway address      : 9.0.0.30
Time left (s)               : 3530
-------------------------------------------------------------------------------
APN > NAPTR > SRV > A
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv1.a2.
                              3gppnetwork.org
-------------------------------------------------------------------------------
Mobile Gateway address      : 9.0.0.36
Time left (s)               : 3530
-------------------------------------------------------------------------------
APN > NAPTR
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.
                              3gppnetwork.org
Order                       : 20
Index                       : 2       
-------------------------------------------------------------------------------
Preference                  : 20
Service                     : x-3gpp-pgw:x-s2a-gtp
Next lookup                 : dns-srv
Replacement                 : full.dotted.apn.apn.epc.mnc010.mcc206.srv2.
                              3gppnetwork.org
Time left (s)               : 3530
-------------------------------------------------------------------------------
APN > NAPTR > SRV
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv2.
                              3gppnetwork.org
Priority                    : 10
Index                       : 1
-------------------------------------------------------------------------------
Weight                      : 10
Port                        : 2123
Target                      : full.dotted.apn.apn.epc.mnc010.mcc206.srv2.a1.
                              3gppnetwork.org
Time left (s)               : 3529
-------------------------------------------------------------------------------
APN > NAPTR > SRV > A
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv2.a1.
                              3gppnetwork.org
-------------------------------------------------------------------------------
Mobile Gateway address      : 9.0.0.25
Time left (s)               : 3529
-------------------------------------------------------------------------------
APN > NAPTR > SRV > A
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv2.a1.
                              3gppnetwork.org
-------------------------------------------------------------------------------
Mobile Gateway address      : 9.0.0.31
Time left (s)               : 3529
-------------------------------------------------------------------------------
APN > NAPTR > SRV > A
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv2.a1.
                              3gppnetwork.org
-------------------------------------------------------------------------------
Mobile Gateway address      : 9.0.0.37
Time left (s)               : 3529
-------------------------------------------------------------------------------
APN > NAPTR > SRV
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv2.
                              3gppnetwork.org
Priority                    : 20
Index                       : 2
-------------------------------------------------------------------------------
Weight                      : 20
Port                        : 2123
Target                      : full.dotted.apn.apn.epc.mnc010.mcc206.srv2.a2.
                              3gppnetwork.org
Time left (s)               : 3529
-------------------------------------------------------------------------------
APN > NAPTR > SRV > A
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv2.a2.
                              3gppnetwork.org
-------------------------------------------------------------------------------
Mobile Gateway address      : 9.0.0.26
Time left (s)               : 3529
-------------------------------------------------------------------------------
APN > NAPTR > SRV > A
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv2.a2.
                              3gppnetwork.org
-------------------------------------------------------------------------------
Mobile Gateway address      : 9.0.0.32
Time left (s)               : 3529
                                      
-------------------------------------------------------------------------------
APN > NAPTR > SRV > A
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv2.a2.
                              3gppnetwork.org
-------------------------------------------------------------------------------
Mobile Gateway address      : 9.0.0.38
Time left (s)               : 3529
-------------------------------------------------------------------------------
APN > NAPTR
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.
                              3gppnetwork.org
Order                       : 30
Index                       : 3
-------------------------------------------------------------------------------
Preference                  : 30
Service                     : x-3gpp-pgw:x-s2b-gtp
Next lookup                 : dns-srv
Replacement                 : full.dotted.apn.apn.epc.mnc010.mcc206.srv3.
                              3gppnetwork.org
Time left (s)               : 3529
-------------------------------------------------------------------------------
APN > NAPTR > SRV
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv3.
                              3gppnetwork.org
Priority                    : 10
Index                       : 1
-------------------------------------------------------------------------------
Weight                      : 10
Port                        : 2123
Target                      : full.dotted.apn.apn.epc.mnc010.mcc206.srv3.a1.
                              3gppnetwork.org
Time left (s)               : 3529
-------------------------------------------------------------------------------
APN > NAPTR > SRV > A
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv3.a1.
                              3gppnetwork.org
-------------------------------------------------------------------------------
Mobile Gateway address      : 9.0.0.27
Time left (s)               : 3529
-------------------------------------------------------------------------------
APN > NAPTR > SRV > A
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv3.a1.
                              3gppnetwork.org
-------------------------------------------------------------------------------
Mobile Gateway address      : 9.0.0.33
Time left (s)               : 3529
-------------------------------------------------------------------------------
APN > NAPTR > SRV > A
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv3.a1.
                              3gppnetwork.org
-------------------------------------------------------------------------------
Mobile Gateway address      : 9.0.0.39
Time left (s)               : 3529
-------------------------------------------------------------------------------
APN > NAPTR > SRV
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv3.
                              3gppnetwork.org
Priority                    : 20
Index                       : 2
-------------------------------------------------------------------------------
Weight                      : 20
Port                        : 2123
Target                      : full.dotted.apn.apn.epc.mnc010.mcc206.srv3.a2.
                              3gppnetwork.org
Time left (s)               : 3529
-------------------------------------------------------------------------------
APN > NAPTR > SRV > A                 
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv3.a2.
                              3gppnetwork.org
-------------------------------------------------------------------------------
Mobile Gateway address      : 9.0.0.28
Time left (s)               : 3529
-------------------------------------------------------------------------------
APN > NAPTR > SRV > A
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv3.a2.
                              3gppnetwork.org
-------------------------------------------------------------------------------
Mobile Gateway address      : 9.0.0.34
Time left (s)               : 3528
-------------------------------------------------------------------------------
APN > NAPTR > SRV > A
-------------------------------------------------------------------------------
APN                         : full.dotted.apn.apn.epc.mnc010.mcc206.srv3.a2.
                              3gppnetwork.org
-------------------------------------------------------------------------------
Mobile Gateway address      : 9.0.0.40
Time left (s)               : 3528
-------------------------------------------------------------------------------
No. of cache entries: 18 

mgw-map

Syntax 
mgw-map
Context 
show>router>wlan-gw
Description 

This command displays the Mobile Gateway map.

Output 

Sample Output
*A:Dut-C# show router 300 wlan-gw mgw-map                                                                     
===============================================================================
Mobile Gateway map
===============================================================================
Address prefix                                Profile
-------------------------------------------------------------------------------
9.0.0.29/32                                   Ivo
-------------------------------------------------------------------------------
No. of address prefixes: 1
 

mobile-gateway

Syntax 
mobile-gateway [mgw-profile profile-name] [local-address ip-address] [control protocol] [interface-type interface-type]
mobile-gateway remote-address ip-address [udp-port port]
mobile-gateway remote-address ip-address [udp-port port] statistics
Context 
show>router>wlan-gw
Description 

This command displays Mobile Gateway information.

Parameters 
mgw-profile profile-name
Specifies the name that identifies the profile.
local-address ip-address
Specifies the local IP address.
Values—

ip-address:

ipv4-address - a.b.c.d

ipv6-address :

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x - [0 to FFFF]H

d - [0 to 255]D

control protocol
Specifies the control plane protocol used for the connection with this Mobile Gateway.
Values—
gtpv1-c, gtpv2-c
interface-type interface-type
Specifies the interface type of the connection between WLAN Gateway and Mobile Gateway.
Values—
gn — Gn interface
s2a — S2a interface
s2b —S2b interface
remote-address ip-address
Specifies the remote IP address.
Values—

ip-address:

ipv4-address - a.b.c.d

ipv6-address :

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x - [0 to FFFF]H

d - [0 to 255]D

udp-port port
Specifies the UDP port.
Values—
1 to 65535
statistics—
Displays statistics information about the Mobile Gateways connected to this system.
Output 

Sample Output
*A:Dut-C# show router 300 wlan-gw mobile-gateway mgw-profile "Ivo" 
===============================================================================
Mobile gateways
===============================================================================
Remote address              : 9.0.0.29
UDP port                    : 2123
-------------------------------------------------------------------------------
State                       : up
Local address               : 5.1.45.3
Profile                     : Ivo
Control protocol            : gtpv1-c
Interface type              : gn
Restart count               : 1
Time                        : 2014/03/24 15:38:53
-------------------------------------------------------------------------------
No. of Mobile gateways: 1
 
 
*A:Dut-C# show router 300 wlan-gw mobile-gateway local-address 5.1.45.3 
===============================================================================
Mobile gateways
===============================================================================
Remote address              : 9.0.0.29
UDP port                    : 2123
-------------------------------------------------------------------------------
State                       : up
Local address               : 5.1.45.3
Profile                     : Ivo
Control protocol            : gtpv1-c
Interface type              : gn
Restart count               : 1
Time                        : 2014/03/24 15:38:53
 
-------------------------------------------------------------------------------
No. of Mobile gateways: 1
 
 
*A:Dut-C# show router 300 wlan-gw mobile-gateway control gtpv1-c        
===============================================================================
Mobile gateways
===============================================================================
Remote address              : 9.0.0.29
UDP port                    : 2123
-------------------------------------------------------------------------------
State                       : up
Local address               : 5.1.45.3
Profile                     : Ivo
Control protocol            : gtpv1-c
Interface type              : gn
Restart count               : 1
Time                        : 2014/03/24 15:38:53
 
-------------------------------------------------------------------------------
No. of Mobile gateways: 1
 
 
 
 
 
*A:Dut-C# show router 300 wlan-gw mobile-gateway interface-type gn 
===============================================================================
Mobile gateways
===============================================================================
Remote address              : 9.0.0.29
UDP port                    : 2123
-------------------------------------------------------------------------------
State                       : up
Local address               : 5.1.45.3
Profile                     : Ivo
Control protocol            : gtpv1-c
Interface type              : gn
Restart count               : 1
Time                        : 2014/03/24 15:38:53
 
-------------------------------------------------------------------------------
No. of Mobile gateways: 1
 
 
*A:Dut-C# show router 300 wlan-gw mobile-gateway remote-address 9.0.0.29 
===============================================================================
Mobile gateway
===============================================================================
Remote address              : 9.0.0.29
UDP port                    : 2123
-------------------------------------------------------------------------------
State                       : up
Local address               : 5.1.45.3
Profile                     : Ivo
Control protocol            : gtpv1-c
Interface type              : gn
Restart count               : 1
Time                        : 2014/03/24 15:38:53
 
 
*A:Dut-C# show router 300 wlan-gw mobile-gateway remote-address 9.0.0.29 udp-port 2123 
===============================================================================
Mobile gateway
===============================================================================
Remote address              : 9.0.0.29
UDP port                    : 2123
-------------------------------------------------------------------------------
State                       : up
Local address               : 5.1.45.3
Profile                     : Ivo
Control protocol            : gtpv1-c
Interface type              : gn
Restart count               : 1
Time                        : 2014/03/24 15:38:53
 
 
*A:Dut-C# show router 300 wlan-gw mobile-gateway remote-address 9.0.0.29 udp-port 2123 statistics 
===============================================================================
Mobile gateway statistics
===============================================================================
tx echo requests                                        : 4
tx echo responses                                       : 0
rx echo requests                                        : 0
rx echo responses                                       : 4
rx version not supported                                : 0
rx malformed pkts                                       : 0
rx unknown pkts                                         : 0
rx missing IE pkts                                      : 0
peer restarts                                           : 0
peer restart counter                                    : 1
path mgmt failures                                      : 0
create PDP requests                                     : 1
create PDP responses                                    : 1
delete PDP requests                                     : 0
delete PDP responses                                    : 0
modify PDP requests                                     : 0
modify PDP responses                                    : 0
 

soft-gre-tunnel-qos

Syntax 
soft-gre-tunnel-qos [detail]
soft-gre-tunnel-qos remote-ip ip-address [local-ip ip-address] [detail]
Context 
show>router>wlan-gw
Description 

This command displays soft-GRE tunnel-QoS resource information.

Parameters 
remote-address ip-address
Specifies the IP address of the Mobile Gateway,that is the source IP address in the tunnel header of received packets.
Values—

ip-address:

ipv4-address - a.b.c.d

ipv6-address :

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x - [0 to FFFF]H

d - [0 to 255]D

local-address ip-address
Specifies the IP address of this system,that is the destination IP address in the tunnel header of received packets.
Values—

ip-address:

ipv4-address - a.b.c.d

ipv6-address :

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x - [0 to FFFF]H

d - [0 to 255]D

detail—
Displays detailed information.
Output 

Sample Output
*A:Dut-C# show router 50 wlan-gw soft-gre-tunnel-qos 
===============================================================================
Soft GRE tunnel QoS
===============================================================================
Remote IP address           : 201.0.0.2
Local IP address            : 50.1.1.1
Operational state           : active
Number of UE                : 1
Remaining hold time (s)     : N/A
 
 
*A:Dut-C# show router 50 wlan-gw soft-gre-tunnel-qos detail 
===============================================================================
Soft GRE tunnel QoS
===============================================================================
Remote IP address           : 201.0.0.2
Local IP address            : 50.1.1.1
Operational state           : active
Number of UE                : 1
Remaining hold time (s)     : N/A
Service Access Points(SAP)
===============================================================================
Service Id         : 2147483650               
SAP                : 5/1/lo-gre:1             Encap             : q-tag
Description        : Internal SAP
Admin State        : Up                       Oper State        : Up
Flags              : None
Multi Svc Site     : None                     
Last Status Change : 03/24/2014 15:03:48      
Last Mgmt Change   : 03/24/2014 15:14:00      
 
-------------------------------------------------------------------------------
Encap Group Specifics
-------------------------------------------------------------------------------
Encap Group Name   : _tmnx_SHAPER_GR000       Group Type        : ISID
Qos-per-member     : TRUE                     
Members            :
1                                     
 
-------------------------------------------------------------------------------
QOS
-------------------------------------------------------------------------------
E. qos-policy      : 1                        Q Frame-Based Acct: Disabled
E. Sched Policy    :                          E. Agg-limit      : -1
                                              Limit Unused BW   : Disabled
-------------------------------------------------------------------------------
Encap Group Member 1 Base Statistics
-------------------------------------------------------------------------------
Last Cleared Time     : N/A
 
Forwarding Engine Stats
                        Packets                 Octets
 
For. InProf           : 0                       0
For. OutProf          : 0                       0
Dro. InProf           : 0                       0
Dro. OutProf          : 0                       0
 
-------------------------------------------------------------------------------
Encap Group Member 1 Queue Statistics
-------------------------------------------------------------------------------
 
                        Packets                 Octets
 
Egress Queue 1                        
For. InProf           : 0                       0
For. OutProf          : 0                       0
Dro. InProf           : 0                       0
Dro. OutProf          : 0                       0
 
 
*A:Dut-C# show router 50 wlan-gw soft-gre-tunnel-qos remote-ip 201.0.0.2 
===============================================================================
Soft GRE tunnel QoS
===============================================================================
Remote IP address           : 201.0.0.2
Local IP address            : 50.1.1.1
Operational state           : active
Number of UE                : 1
Remaining hold time (s)     : N/A
 
 
*A:Dut-C# show router 50 wlan-gw soft-gre-tunnel-qos  remote-ip 201.0.0.2  local-ip 50.1.1.1 
===============================================================================
Soft GRE tunnel QoS
===============================================================================
Remote IP address           : 201.0.0.2
Local IP address            : 50.1.1.1
Operational state           : active
Number of UE                : 1
Remaining hold time (s)     : N/A
 
 
*A:Dut-C# show router 50 wlan-gw soft-gre-tunnel-qos  remote-ip 201.0.0.2  local-ip 50.1.1.1 detail 
===============================================================================
Soft GRE tunnel QoS
===============================================================================
Remote IP address           : 201.0.0.2
Local IP address            : 50.1.1.1
Operational state           : active
Number of UE                : 1
Remaining hold time (s)     : N/A
Service Access Points(SAP)
===============================================================================
Service Id         : 2147483650               
SAP                : 5/1/lo-gre:1             Encap             : q-tag
Description        : Internal SAP
Admin State        : Up                       Oper State        : Up
Flags              : None
Multi Svc Site     : None                     
Last Status Change : 03/24/2014 15:03:48      
Last Mgmt Change   : 03/24/2014 15:14:00      
 
-------------------------------------------------------------------------------
Encap Group Specifics
-------------------------------------------------------------------------------
Encap Group Name   : _tmnx_SHAPER_GR000       Group Type        : ISID
Qos-per-member     : TRUE                     
Members            :
1                                     
                                      
-------------------------------------------------------------------------------
QOS
-------------------------------------------------------------------------------
E. qos-policy      : 1                        Q Frame-Based Acct: Disabled
E. Sched Policy    :                          E. Agg-limit      : -1
                                              Limit Unused BW   : Disabled
-------------------------------------------------------------------------------
Encap Group Member 1 Base Statistics
-------------------------------------------------------------------------------
Last Cleared Time     : N/A
 
Forwarding Engine Stats
                        Packets                 Octets
 
For. InProf           : 0                       0
For. OutProf          : 0                       0
Dro. InProf           : 0                       0
Dro. OutProf          : 0                       0
 
-------------------------------------------------------------------------------
Encap Group Member 1 Queue Statistics
-------------------------------------------------------------------------------
 
                        Packets                 Octets
 
Egress Queue 1
For. InProf           : 0                       0
For. OutProf          : 0                       0
Dro. InProf           : 0                       0
Dro. OutProf          : 0                       0
 

soft-gre-tunnels

Syntax 
soft-gre-tunnels local-ip ip-address remote-ip ip-address ue
soft-gre-tunnels [local-ip ip-address] [remote-ip ip-address] [isa-group wlan-gw-group-id] [member [1 to 255]] [summary] [detail]
Context 
show>router>wlan-gw
Description 

This command displays soft-GRE tunnel-QoS resource information.

Parameters 
remote-address ip-address
Specifies the IP address of the Mobile Gateway,that is the source IP address in the tunnel header of received packets.
Values—

ip-address:

ipv4-address - a.b.c.d

ipv6-address :

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x - [0 to FFFF]H

d - [0 to 255]D

local-address ip-address
Specifies the IP address of this system,that is the destination IP address in the tunnel header of received packets.
Values—

ip-address:

ipv4-address - a.b.c.d

ipv6-address :

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x - [0 to FFFF]H

d - [0 to 255]D

ue—
Displays information for the specified user equipment.
isa-group wlan-gw-group-id
Specifies the identifier of the WLAN Gateway ISA group that terminates GRE for this group interface.
Values—
1 to 4
member [1 to 255]
Specifies the identifier of this WLAN Gateway ISA Group member.
summary—
Displays a summary of the specified parameters.
detail—
Displays detailed information.
Output 

Sample Output
*A:Dut-C# show router 50 wlan-gw soft-gre-tunnels                                                   
===============================================================================
Soft GRE tunnels
===============================================================================
Remote IP address           : 201.0.0.2
Local IP address            : 50.1.1.1
ISA group ID                : 1
ISA group member ID         : 5
Time established            : 2014/03/24 15:38:52
Number of UE                : 1
Access Point MAC            : 00:00:00:00:00:01
AP MAC learn failed         : false
 
Tunnel QoS
----------
Operational state           : active
Number of UE                : 1
Remaining hold time (s)     : N/A
 
-------------------------------------------------------------------------------
No. of tunnels: 1
 
 
*A:Dut-C# show router 50 wlan-gw soft-gre-tunnels local-ip 50.1.1.1 
===============================================================================
Soft GRE tunnels
===============================================================================
Remote IP address           : 201.0.0.2
Local IP address            : 50.1.1.1
ISA group ID                : 1
ISA group member ID         : 5
Time established            : 2014/03/24 15:38:52
Number of UE                : 1
Access Point MAC            : 00:00:00:00:00:01
AP MAC learn failed         : false
 
Tunnel QoS
----------
Operational state           : active
Number of UE                : 1
Remaining hold time (s)     : N/A
 
-------------------------------------------------------------------------------
No. of tunnels: 1
 
 
*A:Dut-C# show router 50 wlan-gw soft-gre-tunnels local-ip 50.1.1.1 remote-ip 201.0.0.2 
===============================================================================
Soft GRE tunnels
===============================================================================
Remote IP address           : 201.0.0.2
Local IP address            : 50.1.1.1
ISA group ID                : 1
ISA group member ID         : 5
Time established            : 2014/03/24 15:38:52
Number of UE                : 1
Access Point MAC            : 00:00:00:00:00:01
AP MAC learn failed         : false
 
Tunnel QoS
----------
Operational state           : active
Number of UE                : 1
Remaining hold time (s)     : N/A
 
-------------------------------------------------------------------------------
No. of tunnels: 1
 
 
*A:Dut-C# show router 50 wlan-gw soft-gre-tunnels local-ip 50.1.1.1 remote-ip 201.0.0.2 ue 
===============================================================================
Tunnel User Equipments
===============================================================================
MAC address                 : 00:02:00:00:00:01
-------------------------------------------------------------------------------
VLAN Q-tag                  : 1
MPLS label                  : (Not Specified)
Tunnel router               : 50
Tunnel remote IP address    : 201.0.0.2
Tunnel local IP address     : 50.1.1.1
Retail service              : N/A
SSID                        : "1"
Previous Access Point IP    : (Not Specified)
IMSI                        : 206100000000001
MGW router                  : 300
Mobile Gateway              : 9.0.0.29
APN                         : full.dotted.apn.mnc010.mcc206.gprs
Last move time              : 2014/03/24 15:38:52
-------------------------------------------------------------------------------
No. of UE: 1
 
 
*A:Dut-C# show router 50 wlan-gw soft-gre-tunnels local-ip 50.1.1.1 remote-ip 201.0.0.2 isa-group 1 
===============================================================================
Soft GRE tunnels
===============================================================================
Remote IP address           : 201.0.0.2
Local IP address            : 50.1.1.1
ISA group ID                : 1
ISA group member ID         : 5
Time established            : 2014/03/24 15:38:52
Number of UE                : 1
Access Point MAC            : 00:00:00:00:00:01
AP MAC learn failed         : false
 
Tunnel QoS
----------
Operational state           : active
Number of UE                : 1
Remaining hold time (s)     : N/A
 
-------------------------------------------------------------------------------
No. of tunnels: 1
 
 
*A:Dut-C# show router 50 wlan-gw soft-gre-tunnels local-ip 50.1.1.1 remote-ip 201.0.0.2 isa-group 1 member 5 
===============================================================================
Soft GRE tunnels
===============================================================================
Remote IP address           : 201.0.0.2
Local IP address            : 50.1.1.1
ISA group ID                : 1
ISA group member ID         : 5
Time established            : 2014/03/24 15:38:52
Number of UE                : 1
Access Point MAC            : 00:00:00:00:00:01
AP MAC learn failed         : false
 
Tunnel QoS
----------
Operational state           : active
Number of UE                : 1
Remaining hold time (s)     : N/A
 
-------------------------------------------------------------------------------
No. of tunnels: 1
 
 
*A:Dut-C# show router 50 wlan-gw soft-gre-tunnels local-ip 50.1.1.1 remote-ip 201.0.0.2 isa-group 1 member 5 summary 
===============================================================================
Soft GRE tunnels summary
===============================================================================
Remote IP address - Local IP address
-------------------------------------------------------------------------------
201.0.0.2 - 50.1.1.1
-------------------------------------------------------------------------------
No. of tunnels: 1
 
 
*A:Dut-C# show router 50 wlan-gw soft-gre-tunnels local-ip 50.1.1.1 remote-ip 201.0.0.2 isa-group 1 member 5 detail  
===============================================================================
Soft GRE tunnels
===============================================================================
Remote IP address           : 201.0.0.2
Local IP address            : 50.1.1.1
ISA group ID                : 1
ISA group member ID         : 5
Time established            : 2014/03/24 15:38:52
Number of UE                : 1
Access Point MAC            : 00:00:00:00:00:01
AP MAC learn failed         : false
 
Tunnel QoS
----------
Operational state           : active
Number of UE                : 1
Remaining hold time (s)     : N/A
Service Access Points(SAP)
===============================================================================
Service Id         : 2147483650               
SAP                : 5/1/lo-gre:1             Encap             : q-tag
Description        : Internal SAP
Admin State        : Up                       Oper State        : Up
Flags              : None
Multi Svc Site     : None                     
Last Status Change : 03/24/2014 15:03:48      
Last Mgmt Change   : 03/24/2014 15:14:00      
-------------------------------------------------------------------------------
Encap Group Specifics
-------------------------------------------------------------------------------
Encap Group Name   : _tmnx_SHAPER_GR000       Group Type        : ISID
Qos-per-member     : TRUE                     
Members            :
1
-------------------------------------------------------------------------------
QOS
-------------------------------------------------------------------------------
E. qos-policy      : 1                        Q Frame-Based Acct: Disabled
E. Sched Policy    :                          E. Agg-limit      : -1
                                              Limit Unused BW   : Disabled
-------------------------------------------------------------------------------
Encap Group Member 1 Base Statistics
-------------------------------------------------------------------------------
Last Cleared Time     : N/A
 
Forwarding Engine Stats
                        Packets                 Octets
 
For. InProf           : 0                       0
For. OutProf          : 0                       0
Dro. InProf           : 0                       0
Dro. OutProf          : 0                       0
-------------------------------------------------------------------------------
Encap Group Member 1 Queue Statistics
-------------------------------------------------------------------------------
Packets                 Octets
 
Egress Queue 1
For. InProf           : 0                       0
For. OutProf          : 0                       0
Dro. InProf           : 0                       0
Dro. OutProf          : 0                       0
===============================================================================
-------------------------------------------------------------------------------
No. of tunnels: 1
 

tunnels

Syntax 
tunnels [local-ipip-address] [remote-ip ip-address] [isa-group wlan-gw-group-id] [member [1 to 255]] [summary] [detail]
tunnels local-ip ip-address remote-ip ip-address ue
Context 
show>router>wlan-gw
Description 

This command displays tunnel operation information.

Parameters 
local-address ip-address
Specifies the IP address of this system,that is the destination IP address in the tunnel header of received packets.
Values—

ip-address:

ipv4-address - a.b.c.d

ipv6-address :

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x - [0 to FFFF]H

d - [0 to 255]D

remote-address ip-address
Specifies the IP address of the Mobile Gateway,that is the source IP address in the tunnel header of received packets.
Values—

ip-address:

ipv4-address - a.b.c.d

ipv6-address :

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x - [0 to FFFF]H

d - [0 to 255]D

isa-group wlan-gw-group-id
Specifies the identifier of the WLAN Gateway ISA group that terminates GRE for this group interface.
Values—
1 to 4
member [1 to 255]
Specifies the identifier of this WLAN Gateway ISA Group member.
summary—
Displays a summary of the specified parameters.
detail—
Displays detailed information.
ue—
Displays information for the specified user equipment.
Output 

Sample Output
Note:

The remote/local IP addresses are locally generated for VLAN tunnels.

show router 50 wlan-gw tunnels
===============================================================================
Access Point tunnels
===============================================================================
Remote IP address           : fe80::3e8f:ffff:fe00:1901
Local IP address            : fe80::ff:fe02:202
ISA group ID                : 1
ISA group member ID         : 4
Time established            : 2015/01/07 17:42:01
Number of UE                : 1
Access Point MAC            : 00:00:00:00:00:05
AP MAC learn failed         : false
Encapsulation               : vlan
VLAN tag 1                  : 1000
VLAN tag 2                  : (None)
-------------------------------------------------------------------------------
No. of tunnels: 1
===============================================================================

radius-server-policy

Syntax 
radius-server-policy policy-name [acct-on-off]
radius-server-policy policy-name associations
radius-server-policy policy-name msg-buffer-stats
radius-server-policy policy-name statistics
radius-server-policy [acct-on-off]
Context 
show>aaa
Description 

This command displays RADIUS server policy information.

Parameters 
policy-name—
Displays information pertaining to the specified policy name.
associations—
Displays the association between the RADIUS server policy and the applications referencing the policy (RADIUS proxy, route downloader, authentication policy, accounting policy, dynamic services policy).
statistics—
Displays statistics of the RADIUS server policy and RADIUS servers referenced in the policy.
acct-on-off —
Displays the acct-on-off operational state for the RADIUS server policy.
msg-buffer-stats—
– Displays statistics for the RADIUS message buffering.
Output 

Sample Output
show aaa radius-server-policy "aaa-server-policy-1" 
===============================================================================
RADIUS server policy "aaa-server-policy-1"
===============================================================================
Description                 : Radius AAA server policy
Acct Request script policy  : (Not Specified)
Auth Request script policy  : (Not Specified)
Accept script policy        : script-policy-1
Acct-On-Off                 : Enabled (state Not Blocked)
-------------------------------------------------------------------------------
RADIUS server settings
-------------------------------------------------------------------------------
Router                      : "Base"
Source address              : (Not Specified)
Access algorithm            : direct
Retry                       : 3
Timeout (s)                 : 5
Hold down time (s)          : 30
Last management change      : 02/20/2013 13:32:05
===============================================================================
===============================================================================
Servers for "aaa-server-policy-1"
===============================================================================
Idx Name                             Address         Port        Oper State
                                                     Auth/Acct   
-------------------------------------------------------------------------------
1   server-1                         172.16.1.1      1812/1813   in-service
===============================================================================
 
 
 
# show aaa radius-server-policy acct-on-off 
==============================================================================
RADIUS server policies AcctOnOff state
==============================================================================
Name                                    OperState      LastStateChange
------------------------------------------------------------------------------
aaa-server-policy-1                     on             02/20/2013 21:23:57
aaa-server-policy-2                     NotApplicable  NotApplicable
aaa-server-policy-3                     sendAcctOn     NotApplicable
aaa-server-policy-4                     off            02/20/2013 21:40:57
------------------------------------------------------------------------------
No. of policies: 4
==============================================================================
 
# show aaa radius-server-policy "aaa-server-policy-1" acct-on-off 
===============================================================================
RADIUS server policy "aaa-server-policy-1" AcctOnOff info
===============================================================================
Oper state                  : on
Session Id                  : 242FFF0000000451253EED
Last state change           : 02/20/2013 21:23:57
Trigger                     : startUp
Server                      : "server-1"
===============================================================================
 
 
show aaa radius-server-policy "aaa-server-policy-3" msg-buffer-stats                                   
===============================================================================
RADIUS server policy "aaa-server-policy-3" message buffering stats
===============================================================================
buffering acct-interim      : enabled
  min interval (s)          : 60
  max interval (s)          : 3600
  lifetime (hrs)            : 12
buffering acct-stop         : enabled
  min interval (s)          : 60
  max interval (s)          : 3600
  lifetime (hrs)            : 12
 
Statistics
-------------------------------------------------------------------------------
Total acct-stop messages in buffer                        : 6
Total acct-interim messages in buffer                     : 10
Total acct-stop messages dropped (lifetime expired)       : 0
Total acct-interim messages dropped (lifetime expired)    : 0
Last buffer clear time                                    : N/A
Last buffer statistics clear time                         : N/A
-------------------------------------------------------------------------------
===============================================================================
 
 
show aaa radius-server-policy "aaa-server-policy-1" statistics 
===============================================================================
RADIUS server policy "aaa-server-policy-1" statistics
===============================================================================
Tx transaction requests                         : 383
Rx transaction responses                        : 383
Transaction requests timed out                  : 0
Transaction requests send failed                : 0
Packet retries                                  : 0
Transaction requests send rejected              : 0
Authentication requests failed                  : 0
Accounting requests failed                      : 0
Ratio of access-reject over auth responses      : 0%
Transaction success ratio                       : 100%
Transaction failure ratio                       : 0%
Statistics last reset at                        : n/a
 
Server 1 "server-1" address 172.16.1.1 auth-port 1812 acct-port 1813
-------------------------------------------------------------------------------
Tx request packets                              : 383
Rx response packets                             : 383
Request packets timed out                       : 0
Request packets send failed                     : 0
Request packets send failed (overload)          : 0
Request packets waiting for reply               : 0
Response packets with invalid authenticator     : 0
Response packets with invalid msg authenticator : 0
Authentication packets failed                   : 0
Accounting packets failed                       : 0
Avg auth response delay (10 100 1K 10K) in ms   :   27.1   22.8   22.8   22.8
Avg acct response delay (10 100 1K 10K) in ms   :   6.24   12.5   11.5   11.5
Statistics last reset at                        : n/a
 
===============================================================================
 
 
show aaa radius-server-policy "myRadiusServerPolicy1" associations
===============================================================================
RADIUS Proxy Associations
===============================================================================
Router RADIUS Proxy Server Purpose Username
-------------------------------------------------------------------------------
Base myProxyServerBase acc (default)
vprn10 myProxyServer1 acc (default)
-------------------------------------------------------------------------------
No. of associations: 2
 
 
show aaa radius-server-policy "aaa-server-policy-1" associations 
===============================================================================
RADIUS Proxy Associations
===============================================================================
Router RADIUS Proxy Server Purpose Username
-------------------------------------------------------------------------------
Base   myProxyServerBase   acc     (default)
-------------------------------------------------------------------------------
No. of associations: 1
===============================================================================
No route downloader entries found.
===============================================================================
Authentication Policy Associations
===============================================================================
Authentication Policy
-------------------------------------------------------------------------------
auth-policy-1
-------------------------------------------------------------------------------
No. of associations: 1
===============================================================================
===============================================================================
Accounting Policy Associations
===============================================================================
Accounting Policy
-------------------------------------------------------------------------------
acct-policy-1
acct-policy-2
-------------------------------------------------------------------------------
No. of associations: 2
===============================================================================
No dynamic-services policy entries found.

wlan-gw-group

Syntax 
wlan-gw-group wlan-gw-group-id
wlan-gw-group wlan-gw-group-id associations
wlan-gw-group wlan-gw-group-id member [1 to 255] [statistics]
wlan-gw-group
Context 
show>isa
Description 

This command displays WLAN-GW group information including wlan-gw tunnels.

Parameters 
wlan-gw-group-id—
Displays information about the specified wlan-gw-group-id.
associations—
Displays information about association for the specified wlan-gw-group-id.
member [1 to 255]
Displays information about the WLAN-GW-specific status and basic statistics information about the specified member.
statistics—
Displays statistics information about the members of the specified WLAN-GW group.
Output 

Sample Output
system# show isa wlan-gw-group 1
===============================================================================
WLAN Gateway group 1
===============================================================================
test
Administrative state        : in-service
Operational state           : in-service
Active IOM limit            : 2
Port policy                 : myPortPol
Last Mgmt Change            : 02/17/2012 14:54:27
-------------------------------------------------------------------------------
NAT specific information for ISA group 1
-------------------------------------------------------------------------------
Reserved sessions           : 10
High Watermark (%)          : 20
Low Watermark (%)           : 10
Accounting policy           : natAccPol
Last Mgmt Change            : 02/17/2012 15:01:31
-------------------------------------------------------------------------------
===============================================================================
===============================================================================
ISA Group 1 members
===============================================================================
Group    Member     State          Mda     Addresses     Blocks     Se-%    Hi     Se-Prio
----------------------------------------------------------------------------------------------------------------------------------
         1                 1               active         3/1              0                  0          < 1      N         10
1                 2               active         3/2              0                  0          < 1      N         10
1                 3               active         4/1              0                  0          < 1      N         10
1                 4               active         4/2              0                  0          < 1      N         10
---------------------------------------------------------------------------------------------------------------------------------
No. of members: 4
===============================================================================
System# show isa wlan-gw-group 1 member 2 
===============================================================================
ISA WLAN Gateway Group 1 Member 2
===============================================================================
MDA                                                       : 3/2
Number of wlan-gw tunnels                                : 0
Number of UE                                              : 0
Number of activated Egress Encapsulation Group members    : 0
Number of pending Egress Encapsulation Group members      : 0
Number of tunnel QoS problems                             : 0
===============================================================================
 

gateway

Syntax 
gateway brg-id brg-ident standby-ip-addresses
Context 
show>subscr-mgmt>brg
Description 

This command lists all addresses that the vRGW currently keeps aside for data-triggered host creation.

Parameters 
brg-id brg-ident
Displays information about the BRG identifier up to 32 characters in length
standby-ip-addresses—
Displays associated home-aware pool standby IP addresses
Output 

Sample Output
Node# show subscriber-mgmt brg gateway brg-id "00:00:5e:00:53:05" standby-ip-addresses
===============================================================================
Bridged Residential Gateway home-aware pool standby IP addresses
===============================================================================
Home-aware pool : 00:00:5e:00:53:05
-------------------------------------------------------------------------------
192.0.2.10
192.0.2.11
192.0.2.12
-------------------------------------------------------------------------------
No. of standby IP addresses: 3
===============================================================================

gtp-session

Syntax 
gtp-session imsi imsi apn apn-string | gtp-session [mgw-address ip-address] [mgw-router router-instance] [remote-control-teid teid] [local-control-teid teid] [detail]
gtp-session imsi imsi
gtp-statistics
Context 
show>subscr-mgmt>wlan-gw
Description 

This command displays GTP session information.

Parameters 
imsi imsi
Specifies the IMSI (International Mobile Subscriber Identity) of this UE.
apn apn-string
Specifies the APN (Access Point Name).
mgw-address ip-address
Specifies the IP address of the Mobile Gateway, \that is the source IP address in the tunnel header of received packets.
mgw-router router-instance
Specifies the identifier of the virtual router instance where the GTP tunnel is terminated.
remote-control-teid teid
Specifies the remote control plane Tunnel Endpoint Identifier (TEID).
local-control-teid teid
Specifies the local control plane Tunnel Endpoint Identifier (TEID).
detail—
Displays detailed information.
Output 

Sample Output
*A:Dut-C# show subscriber-mgmt wlan-gw gtp-session 
===============================================================================
GTP sessions
===============================================================================
IMSI                        : 206100000000001
APN                         : full.dotted.apn.mnc010.mcc206.gprs
-------------------------------------------------------------------------------
Mobile Gateway router       : 300
Mobile Gateway address      : 9.0.0.29
Remote control TEID         : 5678
Local control TEID          : 4289724672
Charging characteristics    : (None)
-------------------------------------------------------------------------------
No. of GTP sessions: 1
 

gtp-statistics

Syntax 
gtp-statistics
Context 
show>subscr-mgmt>wlan-gw
Description 

This command displays GTP statistics.

mgw-profile

Syntax 
mgw-profile profile-name
mgw-profile profile-name associations
mgw-profile
Context 
show>subscr-mgmt>wlan-gw
Description 

This command displays Mobile Gateway profile information.

ssid

Syntax 
ssid
Context 
show>subscr-mgmt>wlan-gw
Description 

This command displays SSID information.

statistics

Syntax 
statistics
Context 
show>subscr-mgmt>wlan-gw
Description 

This command displays statistics information.

ue

Syntax 
ue [vlan qtag] [mpls-label label] [retail-svc-id service-id] [ssid service-set-id] [previous-access-point ip-address]
ue mac ieee-address
Context 
show>subscr-mgmt>wlan-gw
Description 

This command displays user equipment information.

Parameters 
vlan qtag
Displays information about the VLAN Q-tag present in the traffic received from this UE.
Values—
1 to 4095
mpls-label label
Displays information about the MPLS label present in the traffic received from this UE.
retail-svc-id service-id
Displays information about the identifier of the specified retail service.
ssid service-set-id
Displays information about the Service Set ID (SSID) of this UE.
previous-access-point ip-address
Displays information about the IP address of the previous Access Point (AP) of this UE.
mac ieee-address
Displays information about the MAC address of this UE.
Values—
xx:xx:xx:xx:xx:xx or xx-xx-xx-xx-xx-xx
Output 

The following output displays wlan-gw information.

Sample Output
System# show subscriber-mgmt wlan-gw ue
======================================================================
User Equipments
======================================================================
MAC address                 : 00:02:00:00:00:39
----------------------------------------------------------------------
VLAN Q-tag                  : 1
MPLS label                  : (Not Specified)
Tunnel router               : 50
Tunnel remote IP address    : 20C9::7:1:2
Tunnel local IP address     : 2032::1:1:7
Retail service              : N/A
SSID                        : 1
Previous Access Point IP    : (Not Specified)
IMSI                        : (Not Specified)
Last move time              : 2013/07/02 07:45:31
 
----------------------------------------------------------------------
No. of UE: 1
======================================================================
System#
 
 

Debug Commands

call-trace

Syntax 
call-trace
Context 
debug
Description 

This command enables the context to set up various call-trace debug sessions.

wlan-gw

Syntax 
[no] wlan-gw
Context 
debug>call-trace
Description 

This node will contain all the parameters to set up specific call-trace debug sessions for wlan-gw. The no form of this command will stop all configured wlan-gw traces.

ue

Syntax 
ue ieee-address [profile trace-profile-name]
no ue ieee-address
Context 
debug>call-trace>wlan-gw
Description 

This command will start tracing of the UE with the specified MAC address. The trace will be started with default parameters or optionally parameters specified in the trace-profile.The no form of this command will stop the trace and make sure no new traces are started.

Parameters 
ieee-address—
Displays information about the MAC address of this UE.
profile trace-profile-name
Specifies the name of a configured trace profile.

Tools Commands

acct-on

Syntax 
acct-on [radius-server-policy policy-name] [force]
Context 
tools>perform>aaa
Description 

This command triggers a RADIUS Accounting-On message:

  1. for all radius-server-policies that have acct-on-off configured.
  2. for the specified radius-server-policy if the acct-on-off is configured

The Accounting-On message is not sent when the last successful event for the radius server policy was an Accounting-On message. In this case, an Accounting-Off should be sent first. By specifying the keyword “force”, this is overruled.

Parameters 
radius-server-policy policy-name
Specifies the radius-server-policy for which the Accounting-On should be sent.
force—
Sends an Accounting-On also if the last successful event was an Accounting-On.

acct-off

Syntax 
acct-off [radius-server-policy policy-name] [force] [acct-terminate-cause number]
Context 
tools>perform>aaa
Description 

This command triggers a RADIUS Accounting-Off message:

  1. for all radius-server-policies that have acct-on-off configured.
  2. for the specified radius-server-policy if the acct-on-off is configured

The Accounting-Off message is not sent when the last successful event for the radius server policy was an Accounting-Off message. In this case, an Accounting-On should be sent first. By specifying the keyword “force”, this is overruled.

Parameters 
radius-server-policy policy-name
Specifies the radius-server-policy for which the Accounting-Off should be sent.
force—
Sends an Accounting-On also if the last successful event was an Accounting-Off.
acct-terminate-cause number
Overrides the default Acct-Terminate-Cause (User-Request) in the Accounting-Off message.

radius-acct-terminate-cause

Syntax 
radius-acct-terminate-cause
Context 
tools>dump>aaa
Description 

This command shows all available termination causes and their respective number values. The TermCause is equivalent to VSA 226 alc-error-code numeric values. The description is equivalent to VSA 227alc-error-message string.

radius-server-policy

Syntax 
radius-server-policy policy-name msg-buffer [session-id acct-session-id]
Context 
tools>perform>aaa
tools>dump>aaa
Description 

This command dumps the RADIUS message buffer content for the specified radius-server-policy:

  1. message-type (acct-interim or acct-stop)
  2. Acct-Session-Id
  3. Remaining lifetime

When specifying the session-id, the message details are displayed.

Parameters 
policy-name
Specifies the radius-server-policy for which the message buffer content should be displayed.
session-id acct-session-id
Displays the RADIUS message details for the message with specified session-id that is stored in the RADIUS message buffer.

ue

Syntax 
ue
Context 
tools>dump>wlan-gw
Description 

This command dumps user equipment (UE) information.

Output 

This command displays UE information.

Sample Output
tools dump wlan-gw ue
===============================================================================
Matched 1 session on Slot #4 MDA #1
===============================================================================
UE-Mac          : 00:02:00:00:00:11     UE-vlan         : 3600
UE IP Addr      : N/A                   UE timeout      : N/A
UE IP6 Addr     : N/A
Description     : L2-user
Auth/CoA-time   : 01/07/2015 18:56:01
Tunnel MDA      : 5/1                   Tunnel Router   : 50
MPLS label      : N/A                   Shaper          : Default
Tunnel Src IP   : 201.0.0.2             Tunnel Dst IP   : 50.1.1.1
Tunnel Type     : GRE
Anchor SAP      : 4/1/nat-out-ip:2049.6
AP-Mac          : Unknown               AP-RSSI         : Unknown
AP-SSID         : Unknown
Last-forward    : 01/07/2015 18:56:01   Last-move       : None
Session Timeout : None                  Idle Timeout    : 300 sec
Acct Update     : None                  Acct Interval   : N/A
Acct Session-Id : N/A
Acct Policy     : N/A
NAT Policy      : N/A
Redirect Policy : N/A
IP Filter       : N/A
App-profile     : N/A
Rx Oper PIR     : N/A                   Rx Oper CIR     : N/A
Tx Oper PIR     : N/A                   Tx Oper CIR     : N/A
Rx Frames       : 0                     Rx Octets       : 0
Tx Frames       : 0                     Tx Octets       : 0
-------------------------------------------------------------------------------
===============================================================================
No sessions on Slot #4 MDA #2 match the query
No sessions on Slot #5 MDA #1 match the query
No sessions on Slot #5 MDA #2 match the query
 

Clear Commands

radius-server-policy

Syntax 
radius-server-policy policy-name msg-buffer [acct-session-id acct-session-id]
radius-server-policy policy-name statistics [msg-buffer-only]
radius-server-policy policy-name server server-index statistics
Context 
clear>aaa
Description 

This command dumps the RADIUS message buffer content for the specified radius-server-policy:

  1. message-type (acct-interim or acct-stop)
  2. Acct-Session-Id
  3. Remaining lifetime

When specifying the session-id, the message details are displayed.

Parameters 
policy-name
Specifies the radius-server-policy for which the information should be cleared.
msg-buffer [acct-session-id acct-session-id]
Deletes all RADIUS messages or the RADIUS message with specified session-id from the RADIUS message buffer.
statistics [msg-buffer-only]
Clears all statistics for the specified radius-server-policy: radius-server-policy statistics, RADIUS server statistics and RADIUS message buffer statistics. With the optional keyword “msg-buffer-only”, only the RADIUS message buffer statistics are cleared.
server server-index statistics —
Clears the RADIUS server statistics for the specified server-index in the specified radius-server-policy.

isa-subnets

Syntax 
isa-subnets all
isa-subnets interface ip-int-name
isa-subnets prefix ipv6-address/prefix-length
Context 
clear>router>wlan-gw
Description 

This command clears specific subnets from the pool-manager. Associated UE’s will be removed from the system.

When clearing the last subnet on an ISA the pool-manager will automatically allocate a new subnet with allocation-level 0%.

Parameters 
all—
Clears all the isa-subnets.
interface ip-int-name
Clears all the isa-subnets of a specific subscriber-interface.
ipv6-address/prefix-length—
Clears a specific IPv6 address and prefix length.