Page 1 ASR 5500 System Administration Guide, StarOS Release 19 First Published: September 30, 2015 Last Modified: June 30, 2016 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883...
Page 2 Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks . Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company.
Page 3: Table Of Contents
Context Selection for Context-level Administrative User Sessions Context Selection for Subscriber Sessions Understanding the ASR 5500 Boot Process Understanding Configuration Files IP Address Notation IPv4 Dotted-Decimal Notation IPv6 Colon-Separated-Hexadecimal Notation CIDR Notation Alphanumeric Strings ASR 5500 System Administration Guide, StarOS Release 19...
Page 4 Verifying the NTP Configuration Enabling CLI Timestamping Configuring CLI Confirmation Prompts Enabling Automatic Confirmation Requiring Confirmation for autoconfirm and configure Commands Requiring Confirmation for Specific Exec Mode Commands Configuring System Administrative Users ASR 5500 System Administration Guide, StarOS Release 19...
Page 5 Configuring MIO/UMIO Port Redundancy Auto-Recovery Verifying Port Redundancy Auto-Recovery Configuring Data Processing Card Availability Verifying Card Configurations Enabling Automatic Reset of FSC Fabric Configuring ASR 5500 Link Aggregation LAG and Master Port ASR 5500 System Administration Guide, StarOS Release 19...
Page 6 Configuring SNMP and Alarm Server Parameters Verifying SNMP Parameters Controlling SNMP Trap Generation Verifying and Saving Your Configuration C H A P T E R 5 Verifying the Configuration Feature Configuration Service Configuration Context Configuration System Configuration ASR 5500 System Administration Guide, StarOS Release 19...
Page 7 Notification of Changes in Privilege Levels User Access to Operating System Shell Test-Commands Enabling cli test-commands Mode Enabling Password for Access to CLI-test commands Exec Mode cli test-commands Configuration Mode cli test-commands ASR 5500 System Administration Guide, StarOS Release 19...
Page 8 Verify Free Space on the /flash Device Download the Software Image from the Support Site Transfer StarOS Image to /flash on the Chassis Saving a Copy of the Current Configuration File ASR 5500 System Administration Guide, StarOS Release 19 viii...
Page 9 Configuring Local-User Account Management Properties Local-User Account Lockouts Local-User Account Suspensions Changing Local-User Passwords Monitoring the System C H A P T E R 9 SNMP Notifications Monitoring System Status and Performance Clearing Statistics and Counters ASR 5500 System Administration Guide, StarOS Release 19...
Page 10 Specifying Facilities Configuring Trace Logging Configuring Monitor Logs Enabling Monitor Logs Disabling Monitor Logs Viewing Logging Configuration and Statistics Viewing Event Logs Using the CLI Configuring and Viewing Crash Logs Crash Logging Architecture ASR 5500 System Administration Guide, StarOS Release 19...
Page 11 FSC Redundancy LED States FSC Drive n Activity LED States Checking the LEDs on the SSC SSC Run/Fail LED States SSC Active LED States SSC Redundancy LED States SSC System Status LED States ASR 5500 System Administration Guide, StarOS Release 19...
Page 12 C H A P T E R 1 3 Prerequisites Console Access Boot Image Accessing the boot CLI Initiate a Reboot Interrupt the Boot Sequence Enter CLI Mode boot Command Syntax Booting from a Selected Image ASR 5500 System Administration Guide, StarOS Release 19...
Page 13 Verifying the ACL Configuration to Service-specified Default Subscriber Applying a Single ACL to Multiple Subscribers Applying an ACL to Multiple Subscriber via APNs Applying an ACL to Multiple Subscriber via APNs Verifying the ACL Configuration to APNs ASR 5500 System Administration Guide, StarOS Release 19 xiii...
Page 14 Enabling OSPF Over a Specific Interface Redistributing Routes Into OSPF (Optional) Confirming OSPF Configuration Parameters OSPFv3 Routing OSPFv3 Overview Basic OSPFv3 Configuration Enabling OSPFv3 Routing For a Specific Context Enabling OSPFv6 Over a Specific Interface ASR 5500 System Administration Guide, StarOS Release 19...
Page 15 Configuring BFD for Single Hop Configuring Multihop BFD Scaling of BFD Associating BGP Neighbors with the Context Associating OSPF Neighbors with the Context Associating BFD Neighbor Groups with the BFD Protocol Enabling BFD on OSPF Interfaces ASR 5500 System Administration Guide, StarOS Release 19...
Page 16 Configuring Subscriber VLAN Associations RADIUS Attributes Used Configuring Local Subscriber Profiles Verify the Subscriber Profile Configuration VLAN-Related CLI Commands BGP MPLS VPNs C H A P T E R 1 8 Introduction ASR 5500 System Administration Guide, StarOS Release 19...
Page 17 Viewing Recovered Session Information Recovery Control Task Statistics show rct stats Command Sample Output for show rct stats verbose Interchassis Session Recovery C H A P T E R 2 1 Overview ASR 5500 System Administration Guide, StarOS Release 19 xvii...
Page 18 Modifying the Source Context for ICSR Configuring BGP Router and Gateway Address Configuring the SRP Context for BGP Verifying BGP Configuration Modifying the Destination Context for ICSR Configuring BGP Router and Gateway Address in Destination Context ASR 5500 System Administration Guide, StarOS Release 19 xviii...
Page 19 Fallback Procedure Support Data Collector C H A P T E R 2 2 Overview Configuring SDR Collection Displaying the SDR Collection Configuration Collecting and Storing the SDR Information Managing Record Collection ASR 5500 System Administration Guide, StarOS Release 19...
Page 20 System Initiation Subsystem High Availability Subsystem Resource Manager Subsystem Virtual Private Networking Subsystem Network Processing Unit Subsystem Session Subsystem Platform Processes Management Processes ICSR Checkpointing A P P E N D I X C ASR 5500 System Administration Guide, StarOS Release 19...
Page 21 SESS_UCHKPT_CMD_INVALIDATE_CRR SESS_UCKKPT_CMD_UPDATE_CLPSTATS SESS_UCHKPT_CMD_UPDATE_IDLESECS DCCA Category SESS_UCHKPT_CMD_DCCA_SESS_INFO ECS Category SESS_UCHKPT_CMD_ACS_CALL_INFO SESS_UCHKPT_CMD_ACS_GX_LI_INFO SESS_UCHKPT_CMD_ACS_SESS_INFO SESS_UCHKPT_CMD_DEL_ACS_CALL_INFO SESS_UCHKPT_CMD_DEL_ACS_SESS_INFO SESS_UCHKPT_CMD_DYNAMIC_CHRG_CA_INFO SESS_UCHKPT_CMD_DYNAMIC_CHRG_DEL_CA_INFO SESS_UCHKPT_CMD_DYNAMIC_CHRG_DEL_QG_INFO SESS_UCHKPT_CMD_DYNAMIC_CHRG_QG_INFO SESS_UCHKPT_CMD_DYNAMIC_RULE_DEL_INFO SESS_UCHKPT_CMD_DYNAMIC_RULE_INFO ePDG Category SESS_UCHKPT_CMD_DELETE_EPDG_BEARER SESS_UCHKPT_CMD_UPDATE_EPDG_BEARER SESS_UCHKPT_CMD_UPDATE_EPDG_PEER_ADDR SESS_UCHKPT_CMD_UPDATE_EPDG_REKEY SESS_UCHKPT_CMD_UPDATE_EPDG_STATS Firewall/ECS Category SESS_UCHKPT_CMD_SFW_DEL_RULE_INFO SESS_UCHKPT_CMD_SFW_RULE_INFO GGSN Category ASR 5500 System Administration Guide, StarOS Release 19...
Page 22 SESS_UCHKPT_CMD_GR_UPDATE_NAT_REALMS SESS_UCHKPT_CMD_NAT_SIP_ALG_CALL_INFO SESS_UCHKPT_CMD_NAT_SIP_ALG_CONTACT_PH_INFO SESS_UCHKPT_CMD_UPDATE_DSK_FLOW_CHKPT_INFO SESS_UCHKPT_CMD_UPDATE_NAT_BYPASS_FLOW_INFO P-GW Category SESS_UCHKPT_CMD_PGW_DELETE_SUB_SESS SESS_UCHKPT_CMD_PGW_OVRCHRG_PRTCTN_INFO SESS_UCHKPT_CMD_PGW_SGWRESTORATION_INFO SESS_UCHKPT_CMD_PGW_UBR_MBR_INFO SESS_UCHKPT_CMD_PGW_UPDATE_APN_AMBR SESS_UCHKPT_CMD_PGW_UPDATE_INFO SESS_UCHKPT_CMD_PGW_UPDATE_LI_PARAM SESS_UCHKPT_CMD_PGW_UPDATE_PDN_COMMON_PARAM SESS_UCHKPT_CMD_PGW_UPDATE_QOS SESS_UCHKPT_CMD_PGW_UPDATE_SGW_CHANGE SESS_UCHKPT_CMD_PGW_UPDATE_STATS Rf Interface Category SESS_UCHKPT_CMD_ACS_ACCOUNTING_TYPE_QCI_RF SESS_UCHKPT_CMD_ACS_ACCOUNTING_TYPE_QCI_RF_WITH_FC SESS_UCHKPT_CMD_ACS_ACCOUNTING_TYPE_RATING_GROUP_RF SESS_UCHKPT_CMD_ACS_ACCOUNTING_TYPE_RATING_GROUP_RF_WITH_FC S6b Interface Category SESS_UCHKPT_CMD_S6B_INFO SaMOG Category ASR 5500 System Administration Guide, StarOS Release 19 xxii...
Page 23 SESS_UCHKPT_CMD_CGW_DELETE_PDN SESS_UCHKPT_CMD_CGW_UPDATE_BEARER_QOS SESS_UCHKPT_CMD_CGW_UPDATE_PDN SESS_UCHKPT_CMD_CGW_UPDATE_STATS SESS_UCHKPT_CMD_CGW_UPDATE_UE_PARAM SESS_UCHKPT_CMD_SAMOG_ACCT_INTERIM_INFO SESS_UCHKPT_CMD_SAMOG_ACCT_START_INFO SESS_UCHKPT_CMD_SAMOG_EOGRE_TUNNEL_INFO SESS_UCHKPT_CMD_SAMOG_GTPV1_UPDATE_PDN_INFO SESS_UCHKPT_CMD_SAMOG_HANDOFF_AUTHEN_INFO SESS_UCHKPT_CMD_SAMOG_HANDOFF_INIT_INFO SESS_UCHKPT_CMD_SAMOG_LI_PROV_INFO SESS_UCHKPT_CMD_SAMOG_MIPV6_TIMER_INFO SESS_UCHKPT_CMD_SAMOG_MULTI_ROUND_AUTHEN_INFO SESS_UCHKPT_CMD_SAMOG_REAUTHEN_INFO SESS_UCHKPT_CMD_SAMOG_REAUTHOR_INFO ASR 5500 SDR CLI Command Strings A P P E N D I X D ASR 5500 System Administration Guide, StarOS Release 19 xxiii...
Page 24 Contents ASR 5500 System Administration Guide, StarOS Release 19 xxiv...
Page 25: About This Guide
This preface describes the System Administration Guide, how it is organized and its document conventions. The System Administration Guide describes how to generally configure and maintain StarOS running on an ASR 5500 platform. It also includes information on monitoring system performance and troubleshooting. •...
Page 26: Related Documentation
• Thresholding Configuration Guide • Product-specific and feature-specific Administration guides MIOs and DPCs The ASR 5500 supports a variety of Management Input/Output and Data Processing Card types. The currently supported Management Input/Output card types include: ASR 5500 System Administration Guide, StarOS Release 19...
Page 27: Contacting Customer Support
Use the information in this section to contact customer support. Refer to the support area of http://www.cisco.com for up-to-date product documentation or to submit a service request. A valid username and password are required to access this site. Please contact your Cisco sales or service representative for additional information.
Page 28 About this Guide Contacting Customer Support ASR 5500 System Administration Guide, StarOS Release 19 xxviii...
Page 29: C H A P T E
(CORBA and SNMPv1, v2). Wireless operators can readily integrate the ASR 5500 into their overall network, service, and business management systems. All management is performed out-of-band for security and to maintain system performance.
Page 30: Chapter
The StarOS CLI provides complete Fault, Configuration, Accounting, Performance, and Security (FCAPS) capabilities as described in the remaining chapters of this guide. By default StarOS supports local Console access to the CLI via the RS-232 Console port for initial system Important configuration. ASR 5500 System Administration Guide, StarOS Release 19...
Page 31: Terminology
17 IP addresses (one primary and up to 16 secondaries). For complete information on line cards and port assignments, refer to the ASR 5500 Installation Guide. UMIO cards and UDPC/UDPC2s are direct replacements for MIO cards and DPC/DPC2s. However, a...
Page 32: Management Interface
• Gateway GPRS Support Node (GGSN) services • Serving GPRS Support Node (SGSN) Services • Packet Data Serving Node (PDSN) services • Home Agent (HA) services • Layer 2 Tunneling Protocol Access Concentrator (LAC) services ASR 5500 System Administration Guide, StarOS Release 19...
Page 33: Aaa Servers
When local subscriber profiles are first created, attributes for that subscriber are set to the system's default settings. The same default settings are applied to all subscriber profiles, including the subscriber ASR 5500 System Administration Guide, StarOS Release 19...
Page 34: How The System Selects Contexts
If you have configured the user profile on an AAA server, the system must determine how to contact the AAA server to perform authentication. It does this by determining the AAA context for the session. ASR 5500 System Administration Guide, StarOS Release 19...
Page 35 The following table and flowchart describe the process that the system uses to select an AAA context for a context-level administrative user. Items in the table correspond to the circled numbers in the flowchart. Figure 2: Context-level Administrative User AAA Context ASR 5500 System Administration Guide, StarOS Release 19...
Page 36: Context Selection For Subscriber Sessions
Part of the configuration process requires that you allocate hardware resources for processing and redundancy. Therefore, before you configure the system, it is important to understand the boot process which determines how the hardware components are brought on line. ASR 5500 System Administration Guide, StarOS Release 19...
Page 37 On to that slot. All empty slots are powered off. If no MIOs are installed or if both fail to boot successfully, no other card installed in the system will boot. ASR 5500 System Administration Guide, StarOS Release 19...
Page 38: Understanding Configuration Files
To create a context called source using a configuration file, you would use a text editor to create a new file that consists of the following: config context source There are several important things to consider when using configuration files: ASR 5500 System Administration Guide, StarOS Release 19...
Page 39: Ip Address Notation
01111111, 00000000, 00000000, and 00000001, forming the full 32-bit address. IPv4 allows 32 bits for an Internet Protocol address and can, therefore, support 2 (4,294,967,296) addresses. ASR 5500 System Administration Guide, StarOS Release 19...
Page 40: Ipv6 Colon-Separated-Hexadecimal Notation
The number of addresses of a subnet defined by the mask or prefix can be calculated as 2 , in 32-29 which the address size for IPv4 is 32 and for IPv6 is 128. For example, in IPv4, a mask of /29 gives 2 = 8 addresses. ASR 5500 System Administration Guide, StarOS Release 19...
Page 41: Character Set
• | (vertical bar) [see exception below] The following characters may appear in strings entered in ruledefs, APNs, license keys and other configuration/display parameters: • < > (arrow brackets) [less than or greater than] ASR 5500 System Administration Guide, StarOS Release 19...
Page 42: Quoted Strings
Quoted Strings If descriptive text requires the use of spaces between words, the string must be entered within double quotation marks (" "). For example: interface "Rack 3 Chassis 1 port 5/2" ASR 5500 System Administration Guide, StarOS Release 19...
Page 43: Chapter 2 Getting Started
This segment provides instructions for connecting to the console port and creating the initial local context management configuration. • ASR 5500 Configuration, page 15 • Using the ASR 5500 Quick Setup Wizard, page 15 • Using the CLI for Initial Configuration, page 21 • Configuring the System for Remote Access, page 23 •...
Page 44 • Configuring the system for remote CLI access The following figure and table provides a flow diagram that shows the run logic of the wizard with supplemental notes. Figure 4: ASR 5500 Quick Setup Wizard Logic Diagram ASR 5500 System Administration Guide, StarOS Release 19...
Page 45 Enter yes to set a new chassis key. Refer to the instructions in System Settings. Additional information can be found in the System Security chapter. ASR 5500 System Administration Guide, StarOS Release 19...
Page 46 Telnet uses TCP port number 23 by default, if enabled. enable telnet protocol. Note: For maximum system security, do not File Transfer Protocol (FTP) uses TCP port number enable FTP. 21 by default, if enabled. ASR 5500 System Administration Guide, StarOS Release 19...
Page 47: Asr 5500 System Administration Guide, Staros Release
Variables are displayed in italics (variable). Apply the configuration file to the system. Once applied, the parameter configuration is automatically saved to the system.cfg file stored in MIO/UMIO flash memory. ASR 5500 System Administration Guide, StarOS Release 19...
Page 48 Figure 5: MIO Interfaces Console port [Port 3] USB port 10 GbE ports, DC-1 [Ports 10 – 19] 10 GbE ports, DC-2 [Ports 20 – 29] 1 GbE ports (1000Base-T) [Ports 1 and 2] ASR 5500 System Administration Guide, StarOS Release 19...
Page 49: Using The Cli For Initial Configuration
The local context is the system's management context. Contexts allow you to logically group services or interfaces. A single context can consist of multiple services and can be bound to multiple interfaces. ASR 5500 System Administration Guide, StarOS Release 19...
Page 50: Chapter
Bind the port to the interface that you created in step 7b. Binding associates the port and all of its settings to the interface. Enter the following command: host_name bind interface interface_name local [local] (config-port-<slot#/port#>)# host_name no shutdown [local] (config-port-<slot#/port#>)# ASR 5500 System Administration Guide, StarOS Release 19...
Page 51: Configuring The System For Remote Access
Context Configuration mode ssh generate CLI command. A keyword that was supported in a previous release may be concealed in subsequent releases. StarOS continues to parse concealed keywords in existing scripts and ASR 5500 System Administration Guide, StarOS Release 19...
Page 52 [local] The CLI output should be similar to the sample output: "*" indicates the Best or Used route. Destination Nexthop Protocol Prec Cost Interface ipaddress *0.0.0.0/0 static mio1 network 0.0.0.0 connected mio1 ASR 5500 System Administration Guide, StarOS Release 19...
Page 53: Configuring Ssh Options
"private" key that only the owner is allowed to see. You create a key pair, securely store the private key on the device you want to log in from, and store the public key on the ASR 5x00 that you wish to log into. ASR 5500 System Administration Guide, StarOS Release 19...
Page 54: Setting Ssh Key Size
• aes192-ctr – AES, 192-bit key size, CTR • aes256-ctr – AES, 256-bit key size, CTR • aes128-gcm@openssh.com – AES, 128-bit key size, Galois Counter Mode [GCM], OpenSSH • aes256-gcm@openssh.com – AES, 256-bit key size, GCM, OpenSSH ASR 5500 System Administration Guide, StarOS Release 19...
Page 55: Generating Ssh Keys
• data is the encrypted key expressed as an alphanumeric string of 1 through 1023 characters • length octets is the length of the encrypted key in octets expressed as an integer from 0 through 65535 ASR 5500 System Administration Guide, StarOS Release 19...
Page 56: Authorized Ssh User Access
• User tries to login with local context username through local context (VPN) interface with authorized-key configured on local context. • User tries to login with non-local context username through non-local context interface with authorized-key configured on non-local context. ASR 5500 System Administration Guide, StarOS Release 19...
Page 57: Configuring The Management Interface With A Second Ip Address
The CLI output should look similar to this example: config context local interface_name interface ipaddress subnetmask ip address ipaddress subnetmask ip address secondary #exit Step 7 Save your configuration as described in Verifying and Saving Your Configuration. ASR 5500 System Administration Guide, StarOS Release 19...
Page 58 Getting Started Configuring the Management Interface with a Second IP Address ASR 5500 System Administration Guide, StarOS Release 19...
Page 59: System Settings
Configuring a Second Management Interface Refer to Getting Started for instructions on configuring a system management interface on the Management Input/Output (MIO/UMIO) card. This section provides described how to configure a second management interface. ASR 5500 System Administration Guide, StarOS Release 19...
Page 60: Verifying And Saving Your Interface And Port Configuration
5 or 6. port# is the number of the port (either 1 or 2). ASR 5500 System Administration Guide, StarOS Release 19...
Page 61: Configuring System Timing
Verifying and Saving Your Clock and Time Zone Configuration Enter the following command to verify that you configured the time and time zone correctly: show clock The output displays the date, time, and time zone that you configured. ASR 5500 System Administration Guide, StarOS Release 19...
Page 62: Configuring Network Time Protocol Support
Use of prefer usually results in a poorer choice than NTP can determine for itself. Do not change the maxpoll, minpoll, or version keyword settings unless instructed to do so by Cisco Important TAC.
Page 63: Configuring Ntp Servers With Local Sources
The output displays information about all NTP servers. See the output below for an example deploying two NTP servers. +----Peer Selection: ( ) - Rejected / No Response (x) - False Tick (.) - Excess (-) - Outlyer (+) - Candidate (#) - Selected ASR 5500 System Administration Guide, StarOS Release 19...
Page 64 NTP server. offset Number of milliseconds by which the system clock must be adjusted to synchronize it with the NTP server. jitter Jitter in milliseconds between the system and the NTP server. ASR 5500 System Administration Guide, StarOS Release 19...
Page 65: Enabling Cli Timestamping
Autoconfirm is intended as an "ease-of-use" feature. It presumes that the answer to "Are you sure? [Y/N]" prompts will be "Yes", and skips the prompt. Its use implies that the user is an expert who does not need these "safety-net" prompts. ASR 5500 System Administration Guide, StarOS Release 19...
Page 66: Requiring Confirmation For Autoconfirm And Configure Commands
• exec-command exec_mode_category specifies one of the following categories of Exec mode configuration commands. ◦ card ◦ clear ◦ copy ◦ debug ◦ delete ◦ filesystem ◦ hd ◦ reload ◦ rename ASR 5500 System Administration Guide, StarOS Release 19...
Page 67: Configuring System Administrative Users
An Inspector cannot execute show configuration commands and does not have the privilege to enter the Config Mode. Configuration instructions are categorized according to the type of administrative user: context-level or local-user. ASR 5500 System Administration Guide, StarOS Release 19...
Page 68: Configuring Context-Level Administrative Users
Refer to the Command Line Interface Reference for more information about the config-administrator command. • The nopassword option allows you to create a config-administrator without an associated password. Enable this option when using ssh public keys (authorized key command in SSH Configuration mode) ASR 5500 System Administration Guide, StarOS Release 19...
Page 69: Configuring Context-Level Operators
Save the configuration as described in the Verifying and Saving Your Configuration chapter. Verifying Context-level Administrative User Configuration Verify that the configuration was successful by entering the following command: show configuration context local ASR 5500 System Administration Guide, StarOS Release 19...
Page 70: Configuring Local-User Administrative Users
In this example, a local-user named SAUser was configured. Username: SAUser Auth Level: secadmin Last Login: Never Login Failures: Password Expired: Locked: Suspended: Lockout on Pw Aging: Lockout on Login Fail: Yes ASR 5500 System Administration Guide, StarOS Release 19...
Page 71: Updating Local-User Database
Associating an SFTP root Directory with a Local User The local-user username command allows an administrator to associate an SFTP root directory with a specified username. configure local-user username user_name authorization-level level ftp sftp-server sftp_name password password exit ASR 5500 System Administration Guide, StarOS Release 19...
Page 72: Associating An Sftp Root Directory With An Administrator
Once configured and enabled on the system, TACACS+ authentication is attempted first. By default, if TACACS+ authentication fails, the system then attempts to authenticate the user using non-TACACS+ AAA services, such as RADIUS. ASR 5500 System Administration Guide, StarOS Release 19...
Page 73: User Account Requirements
StarOS User Account Requirements TACACS+ users who are allowed administrative access to the system must have the following user account information defined in StarOS: • username • password • administrative role and privileges ASR 5500 System Administration Guide, StarOS Release 19...
Page 74: Configuring Tacacs+ Aaa Services
Save the configuration as described in the Verifying and Saving Your Configuration chapter. For complete information on all TACACS+ Configuration Mode commands and options, refer to the Important TACACS Configuration Mode Commands chapter in the Command Line Reference. ASR 5500 System Administration Guide, StarOS Release 19...
Page 75: Configuring Tacacs+ For Non-Local Vpn Authentication
: user login complete current privilege level : 15 remote client application : ssh remote client ip address : 111.11.11.11 last server reply status : -1 total TACACS+ sessions ASR 5500 System Administration Guide, StarOS Release 19...
Page 76: Configuring A Chassis Key
The key_string is an alphanumeric string of 1 through 16 characters. The chassis key is stored as a one-way encrypted value, much like a password. For this reason, the chassis key value is never displayed in plain-text form. ASR 5500 System Administration Guide, StarOS Release 19...
Page 77: Quick Setup Wizard
To run the Quick Setup Wizard, execute the Exec mode setup command. host_name setup [local] 1. Do you wish to continue with the Quick Setup Wizard[yes/no]: 2. Enable basic configuration[yes/no]: 3. Change chassis key value[yes/no]: key_string 4. New chassis key value: ASR 5500 System Administration Guide, StarOS Release 19...
Page 78: Configuring Mio/Umio Port Redundancy
The ports on MIOs keep their original MAC addresses, and the system automatically copies the failed MIO/UMIO's configuration parameters to its redundant counterpart. Port redundancy can be configured to be revertive or non-revertive. With revertive redundancy service is returned to the original port when service is restored. ASR 5500 System Administration Guide, StarOS Release 19...
Page 79 6/1 the active port. The switching device, using some port redundancy scheme, recognizes the failure and enables ASR 5500 System Administration Guide, StarOS Release 19...
Page 80: Configuring Mio/Umio Port Redundancy Auto-Recovery
• If you do specify a preference, redundancy is revertive to the specified card. If you do not specify a preference, redundancy is non-revertive. • Repeat for each additional port that you want to make preferred. Save the configuration as described in the Verifying and Saving Your Configuration chapter. ASR 5500 System Administration Guide, StarOS Release 19...
Page 81: Verifying Port Redundancy Auto-Recovery
This section describes how to activate DPC/UDPCs or DPC2/UDPC2s and specify their redundancy. Important Refer to the ASR 5500 Installation Guide for information about system hardware configurations and redundancy. Enter the following command to check the operational status of all DPC types:...
Page 82: Verifying Card Configurations
A large file is guaranteed to be sent over one of the links, which removes the need to address out-of-order packets. ASR 5500 System Administration Guide, StarOS Release 19...
Page 83: Lag And Master Port
LAG to switch to the other MIO/UMIO when a specified threshold is crossed. This works in a way similar to the auto-switch feature for port redundancy. LACP runs between the ASR 5500 and the Ethernet switch, exchanging relevant pieces on information, such as health status.
Page 84: Port States For Auto-Switch
You can define which card is preferred per LAG group as a preferred slot. When a preferred MIO/UMIO slot is specified, it is selected for the initial timeout period to make the selection of a switch less random. ASR 5500 System Administration Guide, StarOS Release 19...
Page 85: Auto-Switch Criteria
Each system that participates in link aggregation has a unique system ID that consists of a two-byte priority (where the lowest number [0] has the highest priority) and a six-byte MAC address derived from the first ASR 5500 System Administration Guide, StarOS Release 19...
Page 86: Minimum Links
Use the min-link keyword option in the Global Configuration mode link-aggregation command to enable this feature. configure port ethernet slot/port link-aggreagation master ( global | group } number min-link number_links ASR 5500 System Administration Guide, StarOS Release 19...
Page 87: Redundancy Options
Figure 10: Non-Redundant LAG Configuration with Single LAG Group In the above configuration, there is a single, primary LAG. All ports work as a single bundle of ports that distribute the traffic. ASR 5500 System Administration Guide, StarOS Release 19...
Page 88: Link Aggregation Status
LAG. However, if the aggregating ports are loaded with more than 50% of their capacity and an MIO/UMIO failure/switchover occurs, the ASR 5500 configured port capacity is oversubscribed and an indeterminate amount of sessions are dropped and traffic lost.
Page 89: Configuring A Demux Card
Caution Enabling the Demux on MIO/UMIO feature changes resource allocations within the system. This directly impacts an upgrade or downgrade between StarOS versions in ICSR configurations. Contact Cisco TAC for procedural assistance prior to upgrading or downgrading your ICSR deployment.
Page 90: Configuration
• You should not enable demux functionality on MIO/UMIO for configurations that require a large number of tunnels. • After the ASR 5500 has booted with demux functions running on an MIO/UMIO, you cannot configure non-supported services. A maximum of eight Demux Managers are supported. Any attempt to add more than eight Demux Managers will be blocked.
Page 91: Management Settings
IIOP Transport Parameters, on page 64 Step 3 View your new ORBEM configuration by following the steps in Verifying ORBEM Parameters, on page 65 Step 4 Save the configuration as described in Verifying and Saving Your Configuration. ASR 5500 System Administration Guide, StarOS Release 19...
Page 92: Configuring Orbem Client And Port Parameters
• If you are using the Secure Sockets Layer (SSL) option, do not enable the IIOP transport parameter. • You configure the ORBEM interface to use SSL by specifying a certificate and private key. ASR 5500 System Administration Guide, StarOS Release 19...
Page 93: Verifying Orbem Parameters
: 87950 usecs SNMP MIB Browser This section provides instructions to access the latest Cisco Starent MIB files using a MIB Browser. An updated MIB file accompanies every StarOS release. For assistance to set up an account and access files, please contact your Cisco sales or service representative for additional information.
Page 94 Use the following procedure to view the SNMP MIBs for a specific StarOS build : Step 1 Contact Cisco sales or a service representative, to obtain access to the MIB files for a specific StarOS release. Step 2 Download the compressed companion file to a folder on your desktop. The file name follows the convention: companion_xx.x.x.tgz...
Page 95 Important For information on SNMP MIBs changes for a specific release, refer to the SNMP MIB Changes in Release xx chapter of the appropriate version of the to the Release Change Reference. ASR 5500 System Administration Guide, StarOS Release 19...
Page 96: Snmp Support
• The system contact is the name of the person to contact when traps are generated that indicate an error condition. • An snmp community string is a password that allows access to system management information bases (MIBs). ASR 5500 System Administration Guide, StarOS Release 19...
Page 97: Verifying Snmp Parameters
• The snmp user name is for SNMP v3 and is optional. There are numerous keyword options associated with this command. • Use the snmp mib command to enable other industry standard and Cisco MIBs. By default only the STARENT-MIB is enabled.
Page 98: Controlling Snmp Trap Generation
If at a later time you wish to re-enable a trap that was previously suppressed, use the snmp trap enable command. Step 2 Save the configuration as described in Verifying and Saving Your Configuration. ASR 5500 System Administration Guide, StarOS Release 19...
Page 99: Chapter 5 Verifying And Saving Your Configuration
|||||| vvvvvv Pool Name Start Address Mask/End Address Used Avail ----- --------------------- -------------- --------------- ---------------- PG00 ipsec 12.12.12.0 255.255.255.0 PG00 pool1 10.10.0.0 255.255.0.0 65534 SG00 vpnpool 192.168.1.250 92.168.1.254 Total Pool Count: 5 ASR 5500 System Administration Guide, StarOS Release 19...
Page 100: Service Configuration
This command displays errors it finds within the configuration. For example, if you have created a service named "service1", but entered it as "srv1" in another part of the configuration, the system displays this error. ASR 5500 System Administration Guide, StarOS Release 19...
Page 101: Synchronizing File Systems
Line Interface Reference. Do not use the "/" (forward slash), ":" (colon) or "@" (at sign) characters when entering a string for the Important following URL fields: directory, filename, username, password, host or port#. ASR 5500 System Administration Guide, StarOS Release 19...
Page 102 To save a configuration file called system.cfg to a directory that was previously created called cfgfiles to the flash memory on the active MIO/UMIO, enter the following command: save configuration /flash/cfgfiles/system.cfg save configuration sftp://administrator:secure@192.168.34.156/host_name_configs/ simple_ip.cfg ASR 5500 System Administration Guide, StarOS Release 19...
Page 103: Chapter 6 System Interfaces And Ports
In many cases, other commands and/or keyword options are available. Refer to the Command Line Interface Reference for complete information regarding all commands. To create a context, apply the following example configuration: configure context name Repeat to configure additional contexts. ASR 5500 System Administration Guide, StarOS Release 19...
Page 104: Viewing And Verifying Contexts
To ensure that system line card and port-level redundancy mechanisms function properly, the Spanning Tree protocol must be disabled on devices connected directly to any system port. Failure to turn off the Spanning Tree protocol may result in failures in the redundancy mechanisms or service outage. ASR 5500 System Administration Guide, StarOS Release 19...
Page 105: Creating An Interface
• Binding associates the port and all of its settings to the named interface. Configuring a Static Route for an Interface Use the following example to configure a static route for an interface: configure context name ASR 5500 System Administration Guide, StarOS Release 19...
Page 106: Viewing And Verifying Port Configuration
5/11 description MIO5/11_RP1 no shutdown bind interface rp1 source #end Step 3 Verify that your static route(s) was configured properly by entering the following command: context_name host_name show ip static-route ASR 5500 System Administration Guide, StarOS Release 19...
Page 107 IP address of 192.168.250.1. Destination Nexthop Protocol Prec Cost Interface 0.0.0.0/0 192.168.250.1 Static MIO1 0.0.0.0/0 192.168.250.1 Static rp1 source Step 4 Save the configuration as described in the Verifying and Saving Your Configuration chapter. ASR 5500 System Administration Guide, StarOS Release 19...
Page 108 System Interfaces and Ports Viewing and Verifying Port Configuration ASR 5500 System Administration Guide, StarOS Release 19...
Page 109: Chapter 7 System Security
C H A P T E R System Security This chapter describes the security features supported on the ASR 5500 platform. This chapter explores the following topics: • Per-Chassis Key Identifier, page 81 • Encrypted SNMP Community Strings, page 84 •...
Page 110: Mio Synchronization
StarOS will not be able to decrypt the password/secrets stored in the configuration file. MIO Synchronization On boot up both MIO/UMIOs automatically read the chassis key configured on the ASR 5500 midplane. Protection of Passwords Users with privilege levels of Inspector and Operator cannot display decrypted passwords in the configuration file via the command line interface (CLI).
Page 111: Support For Non-Current Encryptions And Decryptions
ICSR chassis share the same chassis key. If the ISCR detects that the two chassis have incompatible chassis keys, an error message is logged but the ICSR system will continue to run. Without the matching chassis key, ASR 5500 System Administration Guide, StarOS Release 19...
Page 112: Encrypted Snmp Community Strings
A maximum of five LI server addresses are supported via an authenticating agent. Important The ability to restrict destination addresses for LI content and event delivery using RADIUS attributes is Important supported only for PDSN and HA gateways. ASR 5500 System Administration Guide, StarOS Release 19...
Page 113: Modifying Intercepts
Adding, Modifying and Removing Users It is considered uncommon for a user to be added or removed from the ASR 5500. Likewise, it is considered uncommon for a user's privileges to modified. However, if the system is compromised, it is common for attackers to add or remove a privileged user, raise their privileges or lower the privileges of others.
Page 114: Test-Commands
CLI test-commands are intended for diagnostic use only. Access to these commands is not required during normal system operation. These commands are intended for use by Cisco TAC personnel only. Some of these commands can slow system performance, drop subscribers, and/or render the system inoperable.
Page 115: Exec Mode Cli Test-Commands
Warning: Test commands enables internal testing and debugging commands USE OF THIS MODE MAY CAUSE SIGNIFICANT SERVICE INTERRUPTION An SNMP trap (starTestModeEntered) is generated whenever a user enters CLI test-commands mode. Important ASR 5500 System Administration Guide, StarOS Release 19...
Page 116 System Security Configuration Mode cli test-commands ASR 5500 System Administration Guide, StarOS Release 19...
Page 117: Software Management Operations
• Operating System Software Image File: This binary file type is identified by its .bin extension. The file is the operating system that is loaded by the system upon startup or reloading. This is an executable, read-only file that cannot be modified by end users. ASR 5500 System Administration Guide, StarOS Release 19...
Page 118: Understanding The Boot.sys File
Exec Mode. Unless otherwise specified, you must have security administrator or administrator privileges to execute these commands. File System Management Commands Use the commands in this section to manage and organize the local file system. ASR 5500 System Administration Guide, StarOS Release 19...
Page 119: Synchronizing The File System
Use the rename command only within the same local device. You cannot rename a file and place it onto Important another local device at the same time. To move a renamed file, you must use the copy command. ASR 5500 System Administration Guide, StarOS Release 19...
Page 120: Copying Files On The Asr 5500 Chassis
The format command performs a low-level format of a local device. This operation formats the device to use the FAT16 formatting method, which is required for proper read/write functionality with the operating system. ASR 5500 System Administration Guide, StarOS Release 19...
Page 121: Applying Pre-Existing Cli Configuration Files
The contents, usage information, and file system directory structure of any local device can be viewed by entering the following command at the Exec mode prompt: directory { /flash | /usb1 | /hd-raid } ASR 5500 System Administration Guide, StarOS Release 19...
Page 122: Viewing Cli Configuration And Boot.sys Files
If an invalid file is found, the system displays a failure message similar to these: image_version Failure: Image /flash/ .bin CRC check failed! image_version Failure: /flash/ .bin, has a bad magic number ASR 5500 System Administration Guide, StarOS Release 19...
Page 123: Configuring The Boot Stack
The examples below shows the command output for a local booting configuration. Notice that in these examples both the image file (operating system software) and configuration file (CLI commands) are located on the /flash device. ASR 5500 System Administration Guide, StarOS Release 19...
Page 124 To identify the boot image priority that was loaded at the initial boot time enter: show boot initial-config The example below displays the output: host_name show boot initial-config [local] Initial (boot time) configuration: image_version image tftp://192.168.1.161/tftpboot/ .bin \ config_name config /flash/ .cfg priority 1 ASR 5500 System Administration Guide, StarOS Release 19...
Page 125: Adding A New Boot Stack Entry
Network Booting Configuration Requirements Configuring the Boot Interface Boot interface parameters define the MIO/UMIO management LAN interface that the system will use to communicate with the management network when using the network booting method. ASR 5500 System Administration Guide, StarOS Release 19...
Page 126: Configuring The Boot Network
The following command configures the boot network to communicate using DHCP, with a static-fallback IP address for MIO/UMIO in slot 5 of 192.168.206.101 and a Class C netmask. host_name boot networkconfig dhcp-static-fallback ip address mio5 192.168.206.101 netmask [local] (config)# 255.255.255.0 ASR 5500 System Administration Guide, StarOS Release 19...
Page 127: Configuring Boot Network Delay Time
Save the configuration as described in the Verifying and Saving Your Configuration chapter. Upgrading the Operating System Software The following information is required prior to performing a software upgrade: • Current operating system version • New operating system version • Upgrade method ASR 5500 System Administration Guide, StarOS Release 19...
Page 128: Identifying Os Release Version And Build Number
[local] Download the Software Image from the Support Site Access to the Cisco support site and download facility is username and password controlled. You must have an active customer account to access the site and download the StarOS image. Download the software image to a network location or physical device (USB stick) from which it can be uploaded to the /flash device.
Page 129: Transfer Staros Image To /Flash On The Chassis
If you attempt to load a v15 configuration file on the downgraded chassis, StarOS will not be able to decrypt the password/secrets stored in the configuration file. ASR 5500 System Administration Guide, StarOS Release 19...
Page 130: Off-Line Software Upgrade
2048 alphanumeric characters. Note that banner_text must begin with and end in quotation marks (" "). For more information in entering ASR 5500 System Administration Guide, StarOS Release 19...
Page 131: Back Up The Current Cli Configuration File
Synchronize the local file systems on the management cards by entering the following command: host_name filesystem synchronize all [local] Save the Running Configuration Save the currently running, upgraded configuration prior to rebooting the chassis. ASR 5500 System Administration Guide, StarOS Release 19...
Page 132: Reboot The Chassis
Patching is the process used to install a plugin as an incremental update to a StarOS release. One plugin can be provided to multiple, compatible, concurrent product releases. A plugin is distributed in the form of a compressed distribution kit via the internet or by other means (USB stick, CD, etc.). ASR 5500 System Administration Guide, StarOS Release 19...
Page 133: Managing License Keys
With no license key installed, the session use licenses for PDSN, HA, GGSN, and L2TP LNS are limited to 10,000 sessions. The license keys on the ASR 5500 are stored in EEPROM on the chassis midplane. Both MIO/UMIOs access this EEPROM when booting.
Page 134: Cutting And Pasting The Key
Adding License Keys to Configuration Files License keys can be added to a new or existing configuration file. ASR 5500 System Administration Guide, StarOS Release 19...
Page 135: License Expiration Behavior
• Midplane (chassis) serial number To obtain the ASR 5500 chassis serial number, at the Exec mode prompt enter the show card hardware 5 command. Look under the "MEC" heading for the "UDI Serial Number" as shown in the example below:...
Page 136: Viewing License Information
The output of this command should display: "No license key installed". Management Card Replacement and License Keys License keys are stored on a midplane EEPROM in the ASR 5500 chassis. The MIO/UMIOs share these license keys. There is no need to swap memory cards into replacement MIO/UMIOs.
Page 137: Configuring Local-User Account Management Properties
Changing Local-User Passwords Local-user administrative users can change their passwords using the password change command in the Exec mode. Users are prompted to enter their current and new passwords. ASR 5500 System Administration Guide, StarOS Release 19...
Page 138 All new passwords must adhere to the password properties configured for the system. ASR 5500 System Administration Guide, StarOS Release 19...
Page 139: Chapter 9 Monitoring The System
Output descriptions for most of the commands are located in the Statistics and Counters Reference. Table 7: System Status and Performance Monitoring Commands To do this: Enter this command: View Administrative Information Display Current Administrative User Access ASR 5500 System Administration Guide, StarOS Release 19...
Page 140 Display SNMP Trap Statistics View SNMP Trap Statistics show snmp trap statistics Display ORBEM Information View ORBEM client status show orbem client id View ORBEM session information show orbem session table ASR 5500 System Administration Guide, StarOS Release 19...
Page 141: Clearing Statistics And Counters
Some commands produce different outputs, depending on the platform type. Table 8: Hardware Monitoring Commands To do this: Enter this command: View the Status of the Power System View the status of the PFUs show power chassis ASR 5500 System Administration Guide, StarOS Release 19...
Page 142 View runtime, or real time, information show card info slot_number View the LED Status of All Installed Cards Refer to the descriptions of card-level and system-level LEDs in the ASR 5500 Installation Guide for detailed information. Note View the LED status for all installed cards...
Page 143: C H A P T E
The configuration example in this section defines basic operation of the bulk statistics feature. Use the following example configuration to set up the system to communicate with the statistic collection server: configure bulkstats mode schema name format format_string sample-interval time_interval transfer-interval xmit_time_interval limit mem_limit exit bulkstats collection ASR 5500 System Administration Guide, StarOS Release 19...
Page 144: Configuring Optional Settings
Viewing Collected Bulk Statistics Data, on page 118. • show bulkstats schemas – displays the scheme used to gather statistics including collection and transmission statistics. See Verifying Your Configuration, on page 117. ASR 5500 System Administration Guide, StarOS Release 19...
Page 145: Verifying Your Configuration
Total records discarded: Total bytes discarded: Last transfer time required: 0 second(s) No successful data transfers No attempted data transfe File 2 not configured File 3 not configured File 4 not configured ASR 5500 System Administration Guide, StarOS Release 19...
Page 146: Saving Your Configuration
The clear bulkstats data command clears any accumulated data that has not been transferred. This includes any "completed" files that have not been successfully transferred. Bulkstats Schema Nomenclature This section describes the nomenclature associated with configuring and viewing bulkstats. ASR 5500 System Administration Guide, StarOS Release 19...
Page 147: Statistic Types
Additional Information Local File Open Error 31002 Warning "Unable to open local file filename for storing bulkstats data" Receiver Open Error 31018 Warning "Unable to open url filename for storing bulkstats data" ASR 5500 System Administration Guide, StarOS Release 19...
Page 148 Severity Additional Information Receiver Write Error 31019 Warning "Unable to write to url filename while storing bulkstats data" Receiver Close Error 31020 Warning "Unable to close url filename while storing bulkstats data" ASR 5500 System Administration Guide, StarOS Release 19...
Page 149: System Logs
• Event: Event logging can be used to determine system status and capture important information pertaining to protocols and tasks in use by the system. This is a global function that will be applied to all contexts, sessions, and processes. ASR 5500 System Administration Guide, StarOS Release 19...
Page 150: Configuring Event Logging Parameters
You can filter the contents of event logs at the Exec mode and Global Configuration mode levels. For additional information, see the Command Line Interface Reference. Exec Mode Filtering These commands allow you to limit the amount of data contained in logs without changing global logging parameters. ASR 5500 System Administration Guide, StarOS Release 19...
Page 151: Global Configuration Mode Filtering
Repeat to disable logging for additional event IDs or event ID ranges. Save the configuration as described in the Verifying and Saving Your Configuration chapter. ASR 5500 System Administration Guide, StarOS Release 19...
Page 152: Configuring Syslog Servers
When active logs are written to the active memory buffer, they are available to all users in all CLI instances. Use the following example to configure active logging in Global Configuration mode: host_name logging filter runtime facility facility level report_level [local] (config)# Notes: ASR 5500 System Administration Guide, StarOS Release 19...
Page 153: Specifying Facilities
• acsctrl: Active Charging Service (ACS) Controller facility • acsmgr: ACS Manager facility • afctrl: Fabric Controller facility [ASR 5500 only] • afmgr: Fabric Manager logging facility [ASR 5500 only] • alarmctrl: Alarm Controller facility • alcap: Access Link Control Application Part (ALCAP) protocol logging facility •...
Page 154 • data-mgr: Data Manager Framework logging facility • dcardctrl: IPSec Daughter Card Controller logging facility • dcardmgr: IPSec Daughter Card Manager logging facility • demuxmgr: Demux Manager API facility • dgmbmgr: Diameter Gmb Application Manager logging facility ASR 5500 System Administration Guide, StarOS Release 19...
Page 155 • epdg: evolved Packet Data (ePDG) gateway logging facility • event-notif: Event Notification Interface logging facility • evlog: Event log facility • famgr: Foreign Agent manager logging facility • firewall: Firewall logging facility ASR 5500 System Administration Guide, StarOS Release 19...
Page 156 • hnb-gw: HNB-GW (3G Femto GW) logging facility (Do not use this keyword for HNB-GW in Release • hnbmgr: HNB-GW Demux Manager logging facility (Do not use this keyword for HNB-GW in Release ASR 5500 System Administration Guide, StarOS Release 19...
Page 157 GMM and the BSSGP layers for logical links between the MS and the SGSN • local-policy: Local Policy Service facility • location-service: Location Services facility • m3ap: M3 Application Protocol facility • m3ua: M3UA Protocol logging facility • magmgr: Mobile Access Gateway manager logging facility ASR 5500 System Administration Guide, StarOS Release 19...
Page 158 • nas: Non-Access Stratum (NAS) protocol logging facility [MME 4G] • netwstrg: Network Storage facility • npuctrl: Network Processor Unit Control facility • npudrv: Network Processor Unit Driver facility [ASR 5500 only] • npumgr: Network Processor Unit Manager facility • npumgr-acl: NPUMGR ACL logging facility •...
Page 159 • npumgr-rri: NPUMGR RRI (Reverse Route Injection) logging facility • npumgr-vpn: NPUMGR VPN logging facility • npusim: NPUSIM logging facility [ASR 5500 only] • ntfy-intf: Notification Interface logging facility [Release 12.0 and earlier versions only] • ocsp: Online Certificate Status Protocol logging facility.
Page 160 • sitmain: System Initialization Task main logging facility • sls: Service Level Specification (SLS) protocol logging facility • sm-app: SM Protocol logging facility • sms: Short Message Service (SMS) logging messages between the MS and the SMSC ASR 5500 System Administration Guide, StarOS Release 19...
Page 161 • wimax-data: WiMAX DATA • wimax-r6: WiMAX R6 • wsg: Wireless Security Gateway (ASR 9000 Security Gateway) • x2gw-app: X2GW (X2 proxy Gateway, eNodeB) application logging facility • x2gw-demux: X2GW demux task logging facility ASR 5500 System Administration Guide, StarOS Release 19...
Page 162: Configuring Trace Logging
Repeat to configure additional monitor log targets. Disabling Monitor Logs Use the following example to disable monitor logs: configure no logging monitor { ip_addr | ipv6_addr | msid id | username name } ASR 5500 System Administration Guide, StarOS Release 19...
Page 163: Viewing Logging Configuration And Statistics
• From the syslog server: If the system is configured to send logs to a syslog server, the logs can be viewed directly on the syslog server. • From the system CLI: Logs stored in the system memory buffers can be viewed directly from the CLI. ASR 5500 System Administration Guide, StarOS Release 19...
Page 164: Configuring And Viewing Crash Logs
CPU (minicore), NPU or kernel crash. The logged events are recorded into fixed length records and stored in /flash/crashlog2. Whenever a crash occurs, the following crash information is stored: 1 The event record is stored in /flash/crashlog2 file (the crash log). ASR 5500 System Administration Guide, StarOS Release 19...
Page 165: Configuring Software Crash Log Destinations
• Network Server: Any workstation or server on the network that the system can access using the Trivial File Transfer Protocol (TFTP), the File Transfer Protocol (FTP), the Secure File Transfer Protocol ASR 5500 System Administration Guide, StarOS Release 19...
Page 166: Viewing Abridged Crash Log Information Using The Cli
• SW Version – StarOS build release in format: RR.n(bbbbb) • Similar Crash Count – number of similar crashes • Time of first crash – timestamp when first crash occurred in format: YYYY-MMM-DD+hh:mm:ss ASR 5500 System Administration Guide, StarOS Release 19...
Page 167: Checkpointing Logs
Checkpointing logs should be done periodically to prevent the log files becoming full. Logs which have Important 50,000 events logged will discard the oldest events first as new events are logged. ASR 5500 System Administration Guide, StarOS Release 19...
Page 168: Saving Log Files
Ares Fabric Controller (ASR 5500 only) 186000-186999 afmgr Ares Fabric Manager (ASR 5500 only) 187000-187999 alarmctrl Alarm Controller Facility 65000-65999 alcap Access Link Control Application Part (ALCAP) Protocol Facility 160900-161399 alcapmgr ALCAP Manager Facility 160500-160899 ASR 5500 System Administration Guide, StarOS Release 19...
Page 169 Closed Subscriber Groups (CSG) Facility 188000-188999 csg-acl CSG Access Control List (ACL) Facility 189000-189999 Card/Slot/Port (CSP) Facility 7000-7999 Content Steering Service (CSS) Facility [ESC] 77000-77499 css-sig Content Service Selection (CSS) RADIUS Signaling Facility 77500-77599 ASR 5500 System Administration Guide, StarOS Release 19...
Page 170 Facility 141000-141999 egtpmgr eGTP Manager Facility 143000-143999 egtpu eGTP-U Facility 142000-142999 epdg Evolved Packet Data Gateway (ePDG) Facility 178000-178999 evlog Event Log Facility 2000-2999 famgr Foreign Agent (FA) Manager Facility 33000-33999 ASR 5500 System Administration Guide, StarOS Release 19...
Page 171 Home NodeB (HNB) Gateway Facility 151000-151999 hnbmgr HNB Manager Facility 158000-158199 hss-peer-service Home Subscriber Server (HSS) Facility [MME] 138000-138999 igmp Internet Group Management Protocol (IGMP) Facility 113000-113999 ikev2 IKEv2 Facility 122000-122999 ASR 5500 System Administration Guide, StarOS Release 19...
Page 172 MTP Level 3 (M3UA) Protocol Facility [SIGTRAN] 87500-87699 magmgr Mobile Access Gateway (MAG) Manager Facility 137500-137999 Mobile Application Part (MAP) Protocol Facility [SS7] 87100-87299 megadiammgr MegaDiameter Manager Facility 121000-121199 mme-app Mobility Management Entity (MME) Application Facility 147000-147999 ASR 5500 System Administration Guide, StarOS Release 19...
Page 173 16000-16999 npudrv NPU Driver Facility 191000-191999 npumgr NPU Manager (NPUMGR) Facility 17000-17999 npumgr-acl NPUMGR ACL Facility 169000-169999 npumgr-drv NPUMGR Driver Facility 185000-185999 npumgr-flow NPUMGR Flow Facility 167000-167999 npumgr-fwd NPUMGR Forwarding Facility 168000-168999 ASR 5500 System Administration Guide, StarOS Release 19...
Page 174 Radio Access Network Application Part (RANAP) Facility 87700-87899 Recovery Control Task (RCT) Facility 13000-13999 Redirector Task (RDT) Facility 67000-67999 resmgr Resource Manager (RM) Facility 14000-14999 rf-diameter Rf Diameter Messages Facility 92860-92869 ASR 5500 System Administration Guide, StarOS Release 19...
Page 175 SGSN GTP-C (SGTPC) Manager Facility 117000-117999 Serving Gateway (SGW) Facility 140000-140999 sh-diameter Sh Diameter Messages Facility 92850-92859 sipcdprt SIPCDPRT Facility 95000-95999 sitmain System Initiation Task (SIT) Main Facility 4000-4999 sm-app Short Message Service (SMS) Facility 88300-88499 ASR 5500 System Administration Guide, StarOS Release 19...
Page 176 VINFO Facility 82000, 82999 vmgctrl Virtual Media Gateway (VMG) Controller Facility 41000, 41999 vmgctxmgr VMG Context Manager Facility 43000, 43999 Virtual Private Network (VPN) Facility 5000-5999 wimax-data WiMAX DATA Facility 104900-104999 ASR 5500 System Administration Guide, StarOS Release 19...
Page 177: Event Severities
CLI session ended for Security Administrator admin on device /dev/pts/2 The following table describes the elements of contained in the sample output. Table 12: Event Element Descriptions Element Description 2011-Dec-11+5:18:41.993 Date/Timestamp indicating when the event was generated ASR 5500 System Administration Guide, StarOS Release 19...
Page 178 Indicates that the event was generated because of system operation. CLI session ended for Security Administrator The event's details. Event details may, or may not include admin on device /dev/pts/2 variables that are specific to the occurrence of the event. ASR 5500 System Administration Guide, StarOS Release 19...
Page 179: Troubleshooting
This chapter provides information and instructions for using the system command line interface (CLI) for troubleshooting any issues that may arise during system operation. Refer to the ASR 5500 Installation Guide for comprehensive descriptions of the hardware components addressed by these troubleshooting procedures.
Page 180: Licensing Issues
Power-On Self Tests (POSTs) to ensure that the hardware is operational. These tests also verify that the card meets all license requirements to operate in this chassis. Refer to Chassis Universal License Requirements in the ASR 5500 Installation Guide for additional information on the effect licenses and card types have on the boot process.
Page 181 PDP to the chassis for continuity. If all of the above suggestions have been verified, then it is likely that the PFU is not functional. Please contact your service representative. ASR 5500 System Administration Guide, StarOS Release 19...
Page 182: Checking The Leds On The Mio Card
The possible states for this LED are described in the following table. If the LED is not green, use the troubleshooting information in the table to diagnose the problem. Table 14: MIO Run/Fail LED States Color Description Troubleshooting Green Card powered with no errors None needed. detected ASR 5500 System Administration Guide, StarOS Release 19...
Page 183: Mio Active Led States
Verify that the power source is supplying ample voltage and current to the chassis. Verify that the card is properly installed per the instructions in the ASR 5500 Installation Guide. If all of the above suggestions have been verified, it is possible that the MIO is not functional.
Page 184: Mio Redundancy Led States
Blinking Green Tasks or processes being Refer to Monitoring the System for information on determining the status of the migrated from the active MIO MIO/UMIO and system software processes. to the standby MIO. ASR 5500 System Administration Guide, StarOS Release 19...
Page 185: Mio Busy Led States
Color Description Troubleshooting Green Link is up None needed. NOTE: This LED will not indicate the presence of a network link until the interface parameters are set during the software configuration process. ASR 5500 System Administration Guide, StarOS Release 19...
Page 186: Mio - Interface Activity Led States
None needed if there is no activity on the link. Prior to interface the link configuration, this is normal operation. Checking the LEDs on the DPC Each DPC/UDPC or /DPC2/UDPC2 is equipped with status LEDs as listed below: • Run/Fail • Active ASR 5500 System Administration Guide, StarOS Release 19...
Page 187: Dpc Run/Fail Led States
Card powered up with error(s) Errors were detected during the Power On Self Tests (POSTs). It is likely that detected. the errors were logged to the system's command line interface during boot. ASR 5500 System Administration Guide, StarOS Release 19...
Page 188: Dpc Active Led States
Check the state of the Redundancy LED. If it is green, the card is in standby mode. This is normal operation for the initial power-up. If needed, refer to the Configuring DPC Availability section of System Settings for information on making the card active. ASR 5500 System Administration Guide, StarOS Release 19...
Page 189: Dpc Redundancy Led States
Card has failed. Checking the LEDs on the FSC Each FSC is equipped with the following LEDs as shown in the accompanying figure: • Run/Fail • Active • Redundancy • Drive 1 Activity ASR 5500 System Administration Guide, StarOS Release 19...
Page 190: Fsc Run/Fail Led States
Card powered with error(s) Errors were detected during the Power On Self Tests (POSTs). It is likely that detected the errors were logged to the system's command line interface during boot. ASR 5500 System Administration Guide, StarOS Release 19...
Page 191: Fsc Active Led States
Verify that the power source is supplying ample voltage and current to the chassis. Verify that the card is properly installed per the instructions in the ASR 5500 Installation Guide. If all of the above suggestions have been verified, it is possible that the FSC is not functional.
Page 192: Fsc Drive N Activity Led States
Verify that the Run/Fail LED is green. If so, the card is receiving power and POST results are positive. If it is off, refer to FSC Run/Fail LED States, on page 162 for troubleshooting information. ASR 5500 System Administration Guide, StarOS Release 19...
Page 193: Checking The Leds On The Ssc
The SSC Run/Fail LED indicates the overall status of the card. This LED should be green for normal operation. The possible states for this LED are described in the following table. If the LED is not green, use the troubleshooting information in the table to diagnose the problem. ASR 5500 System Administration Guide, StarOS Release 19...
Page 194: Ssc Active Led States
Verify that the power source is supplying ample voltage and current to the chassis. Verify that the card is properly installed per the instructions in the ASR 5500 Installation Guide. If all of the above suggestions have been verified, it is possible that the SSC is not functional.
Page 195: Ssc Redundancy Led States
Verify that the Run/Fail LED is green. If so, the card is receiving power and POST results are positive. If it is off, refer to the SSC Run/Fail LED States section for troubleshooting information. ASR 5500 System Administration Guide, StarOS Release 19...
Page 196: Ssc System Service Led States
The system provides several redundancy and fail-over mechanisms to address issues with application and line cards in order to minimize system downtime and data loss. These mechanisms are described in the sections that follow. ASR 5500 System Administration Guide, StarOS Release 19...
Page 197: Switching Mios
Verify that the busy-out was successful by entering the show card table command at the Exec mode prompt: Check the entry in the Oper State column next to the DPC/UDPC just busied-out. Its state should be Standby. ASR 5500 System Administration Guide, StarOS Release 19...
Page 198: Migrating A Dpc
FSCs. There are similar restrictions when executing the card reboot or card upgrade commands on active FSCs. Refer to the Command Line Interface Reference for detailed information. ASR 5500 System Administration Guide, StarOS Release 19...
Page 199: Restore A Previously Halted Card
The commands specified in this section should be issued on a context-by-context basis. Contexts act like virtual private networks (VPNs) that operate independently of other contexts. Ports, interfaces, and routes configured in one context cannot be tested from another context without additional configuration. ASR 5500 System Administration Guide, StarOS Release 19...
Page 200: Using The Ping Or Ping6 Command
• If there is still no response, it is likely that the packets are getting discarded by a network device. Use the traceroute or traceroute6 and show ip static-route commands discussed in this chapter to further troubleshoot the issue. ASR 5500 System Administration Guide, StarOS Release 19...
Page 201: Using The Traceroute Or Traceroute6 Command
The following displays a sample of this command's output showing a context IPv4 routing table. "*" indicates the Best or Used route. Destination Nexthop Protocol Prec Cost Interface *0.0.0.0/0 10.0.4.1 static SPIO1 ASR 5500 System Administration Guide, StarOS Release 19...
Page 202: Viewing The Address Resolution Protocol Table
Important section. Using the Monitor Utility For troubleshooting purposes, the system provides a protocol monitoring utility. This tool displays protocol information for a particular subscriber session or for every session being processed. ASR 5500 System Administration Guide, StarOS Release 19...
Page 203: Using The Protocol Monitor
(C, D, E, etc.). To increase or decrease the verbosity, use the plus ( + ) or minus ( - ) keys. The current state, ON (enabled) or OFF (disabled), is shown to the right of each option. Step 7 Press the Enter key to refresh the screen and begin monitoring. ASR 5500 System Administration Guide, StarOS Release 19...
Page 204: Using The Protocol Monitor For A Specific Subscriber
Status: Active Service Name: xxx1 Src Context: source Dest Context: --------------------------------------------------------------------------- <<<<OUTBOUND 10:02:35:415 Eventid:25001(0) PPP Tx PDU (9) PAP 9: Auth-Ack(1), Msg= <<<<OUTBOUND 10:02:35:416 Eventid:25001(0) PPP Tx PDU (14) IPCP 14: Conf-Req(1), IP-Addr=192.168.250.70 ASR 5500 System Administration Guide, StarOS Release 19...
Page 205: Generating An Ssd
These core dumps provide specific memory locations and other information about the event. This information is useful to the technical support team in identifying where and when an event occurred along with its probably cause. ASR 5500 System Administration Guide, StarOS Release 19...
Page 206: Configuring And Using The Support Data Collector
Technical Assistance Center (TAC) personnel and local administrators can review the SDRs on-line or by transferring them off the system. They may also wish to investigate the collector state information. Refer to the Support Data Collector chapter for a complete description of SDC functionality. ASR 5500 System Administration Guide, StarOS Release 19...
Page 207: Chapter 1 3 System Recovery
The boot recovery command line interface allows you to specify from which boot image you would like to boot the system. If the system failed to reload following a software update, you can initiate a boot from a previously stored image. ASR 5500 System Administration Guide, StarOS Release 19...
Page 208: Accessing The Boot Cli
.bin config: /flash/system.cfg Entry at 0x000000000cba45e0 Press CTRL+C at this point in the sequence. A message similar to the following appears after the boot process has been interrupted: *******9/0 Ctrl-C Pressed------------------------------------------------------- Failed. ASR 5500 System Administration Guide, StarOS Release 19...
Page 209: Enter Cli Mode
Starting program at 0x0000000000100000 Starent Networks ASR5x00 Intelligent Mobile Gateway management_card is starting up......image_version_number Starting software No configuration found, press enter to continue. 1. Do you wish to continue with the Quick Setup Wizard[yes/no]: ASR 5500 System Administration Guide, StarOS Release 19...
Page 210: Boot Using A Specified Configuration File
8/0:cli>boot -config=/flash/system.cfg /flash/image_filename.bin The boot sequence ends with the appearance of the CLI prompt. host_name [local] Confirm that the desired configuration has loaded by running the Exec mode show configuration command. ASR 5500 System Administration Guide, StarOS Release 19...
Page 211: Chapter 1 4 Access Control Lists
Once configured, an ACL can be applied to any of the following: • An individual interface • All traffic facilitated by a context (known as a policy ACL) • An individual subscriber • All subscriber sessions facilitated by a specific context ASR 5500 System Administration Guide, StarOS Release 19...
Page 212: Understanding Acls
APN for UMTS subscribers. Criteria Each ACL consists of one or more rules specifying the criteria that packets will be compared against. The following criteria are supported: ASR 5500 System Administration Guide, StarOS Release 19...
Page 213 • UDP: The rule applies to any User Datagram Protocol (UDP) traffic and could be filtered on any combination of source/destination IP addresses, a specific port number, or a group of port numbers. UDP port numbers definitions can be found at www.iana.org. ASR 5500 System Administration Guide, StarOS Release 19...
Page 214: Rule Order
For additional information refer to the Verifying and Saving Your Configuration chapter. Creating ACLs To create an ACL, enter the following command sequence from the Exec mode of the system CLI: configure context acl_ctxt_name [ -noconfirm ] ASR 5500 System Administration Guide, StarOS Release 19...
Page 215: Configuring Action And Criteria For Subscriber Traffic
The default action is to "permit all". To modify the default behavior for unidentified ACLs, use the following configuration: configure context acl_ctxt_name [-noconfirm] access-list undefined { deny-all | permit-all } Notes: ASR 5500 System Administration Guide, StarOS Release 19...
Page 216: Verifying The Acl Configuration
ACLs must be configured in the same context in which the subscribers and/or interfaces to which they Important are to be applied. Similarly, ACLs to be applied to a context must be configured in that context. ASR 5500 System Administration Guide, StarOS Release 19...
Page 217 A context ACL (policy ACL) configured in the Source Context is applied prior to forwarding. An outbound ACL configured on the interface in the Source Context through which the packet is being forwarded, is applied to the tunneled data (such as the outer IP header). ASR 5500 System Administration Guide, StarOS Release 19...
Page 218: Applying The Acl To An Interface
Save your configuration to flash memory, an external memory device, and/or a network location using the Exec mode save configuration command. For additional information refer to the Verifying and Saving Your Configuration chapter. ASR 5500 System Administration Guide, StarOS Release 19...
Page 219: Verifying The Acl Configuration On An Interface
• The context-level ACL is applied to outgoing packets. This applies to incoming packets also if the flow match criteria fails and forwarded again. The in and out keywords are deprecated and are only present for backward compatibility. Context ACL will be applied in the following cases: ASR 5500 System Administration Guide, StarOS Release 19...
Page 220: Applying An Acl To All Traffic Within A Context
ACL(s) was/were applied. The output of this command displays the configuration of the entire context. Examine the output for the commands pertaining to interface configuration. The commands display the ACL(s) applied using this procedure. ASR 5500 System Administration Guide, StarOS Release 19...
Page 221: Applying An Acl To A Radius-Based Subscriber
Save your configuration to flash memory, an external memory device, and/or a network location using the Exec mode save configuration command. For additional information refer to the Verifying and Saving Your Configuration chapter. ASR 5500 System Administration Guide, StarOS Release 19...
Page 222: Applying An Acl To An Individual Subscriber
ASR 5500 System Administration Guide, StarOS Release 19...
Page 223: Applying An Acl To The Subscriber Named Default
{ ip | ipv6 } access-group acl_list_name [ in | out ] Notes: • The context name is the name of the ACL context containing the interface to which the ACL is to be applied. ASR 5500 System Administration Guide, StarOS Release 19...
Page 224: Verifying The Acl Configuration To The Subscriber Named Default
Applying an ACL to Service-specified Default Subscriber This section provides information and instructions for applying an ACL to the subscriber to be used as the "default" profile by various system services. ASR 5500 System Administration Guide, StarOS Release 19...
Page 225: Applying An Acl To Service-Specified Default Subscriber
Verifying the ACL Configuration to Service-specified Default Subscriber To verify the ACL configuration. Verify that your ACL lists were applied properly by entering the following command in Exec Mode: host_name show configuration context context_name [local] ASR 5500 System Administration Guide, StarOS Release 19...
Page 226: Applying A Single Acl To Multiple Subscribers
NOTE: The profile for the subscriber named default is not used to provide missing information for subscribers configured locally. ASR 5500 System Administration Guide, StarOS Release 19...
Page 227: Applying An Acl To Multiple Subscriber Via Apns
To reduce configuration time, ACLs can alternatively be applied to APN templates for GGSN subscribers. When configured, any subscriber packets facilitated by the APN template would then have the associated ACL applied. This section provides information and instructions for applying an ACL to an APN template. ASR 5500 System Administration Guide, StarOS Release 19...
Page 228: Verifying The Acl Configuration To Apns
ASR 5500 System Administration Guide, StarOS Release 19...
Page 229: Chapter 1 5 Congestion Control
• Service Congestion Policies: Congestion policies are configurable for each service. These policies dictate how services respond when the system detects that a congestion condition threshold has been crossed. ASR 5500 System Administration Guide, StarOS Release 19...
Page 230: Configuring Congestion Control
If a threshold level is not specified, the default is critical. Currently, major and minor thresholds are only supported for the MME. The congestion-action-profile command under lte-policy defines the action to be taken when thresholds are exceeded. See Global Configuration ASR 5500 System Administration Guide, StarOS Release 19...
Page 231: Configuring Service Congestion Policies
To create a congestion control policy with overload reporting, apply the following example configuration: configure congestion-control policy mme-service action report-overload reject-new-sessions enodeb-percentage percentage Notes: • Other overload actions include permit-emergency-sessions and reject-non-emergency-sessions. ASR 5500 System Administration Guide, StarOS Release 19...
Page 232: Enabling Congestion Control Redirect Overload Policy
During periods of heavy system load, it may be necessary to disconnect subscribers in order to maintain an acceptable level of system performance. You can establish thresholds to select subscribers to disconnect based on the length of time that a call has been connected or inactive. ASR 5500 System Administration Guide, StarOS Release 19...
Page 233 To disable the overload disconnect feature for this subscriber, use the following configuration example: configure context context_name subscriber subscriber_name no overload-disconnect { [threshold inactivity-time] | [threshold connect-time] } Notes: • overload-disconnect is not supported for the Call Session Control Function (CSCF) service. ASR 5500 System Administration Guide, StarOS Release 19...
Page 234 Congestion Control Enabling Congestion Control Redirect Overload Policy ASR 5500 System Administration Guide, StarOS Release 19...
Page 235: Routing
Autonomous System (AS) paths. • Route Maps – Route-maps provide detailed control over routes during route selection or route advertisement by a routing protocol, and in route redistribution between routing protocols. For this level ASR 5500 System Administration Guide, StarOS Release 19...
Page 236: Creating Ip Prefix Lists
Use the following procedure to create an AS Path Access List: config context context_name ip as-path access-list list_name [ { deny | permit } reg_expr ] Notes: • Save your configuration as described in the Verifying and Saving Your Configuration chapter. ASR 5500 System Administration Guide, StarOS Release 19...
Page 237: Creating Route Maps
• Name of the interface in the current context that the route must use • Next hop IP address On the ASR 5000, static routes with IPv6 prefix lengths less than /12 and between the range of /64 and Important /128 are not supported. ASR 5500 System Administration Guide, StarOS Release 19...
Page 238: Adding Static Routes To A Context
It also describes how to enable the base OSPF functionality and lists the commands that are available for more complex configurations. You must purchase and install a license key before you can use this feature. Contact your Cisco account representative for more information on licenses.
Page 239: Ospf Version 2 Overview
Each external route can also be tagged by the advertising router, enabling the passing of additional information between routers on the boundary of the AS. OSPF uses a link-state algorithm to build and calculate the shortest path to all known destinations. ASR 5500 System Administration Guide, StarOS Release 19...
Page 240: Basic Ospfv2 Configuration
OSPF areas. This is an optional configuration. config context context_name router ospf redistribute { connected | static } Notes: • Save your configuration as described in the Verifying and Saving Your Configuration chapter. ASR 5500 System Administration Guide, StarOS Release 19...
Page 241: Confirming Ospf Configuration Parameters
Use the following configuration example to enable OSPF Routing for a specific context: config context context_name router ospfv3 Notes: • Save your configuration as described in the Verifying and Saving Your Configuration chapter. ASR 5500 System Administration Guide, StarOS Release 19...
Page 242: Enabling Ospfv6 Over A Specific Interface
ECMP can be used in conjunction with most routing protocols, since it is a per-hop decision that is limited to a single router. It potentially offers substantial increases in bandwidth by load-balancing traffic over multiple paths ASR 5500 System Administration Guide, StarOS Release 19...
Page 243: Bgp-4 Routing
The objective of BGP-4 protocol support is to satisfy routing requirements and monitor communications with Internet routers. BGP-4 may trigger an active to standby switchover to keep subscriber services from being interrupted. The following BGP-4 features are supported: • Exterior Border Gateway Protocol (EBGP) multi-hop ASR 5500 System Administration Guide, StarOS Release 19...
Page 244: Configuring Bgp
{ bgp | connected | static } [ metric metric_value ] [ metric-type { 1 | 2 } ] [ route-map route_map_name ] Notes: ASR 5500 System Administration Guide, StarOS Release 19...
Page 245: Bgp Communities And Extended Communities
Command Line Interface Reference. Multiple community-list entries can be attached to a community-list by adding multiple permit or deny clauses for various community strings. Up to 64 community-lists can be configured in a context. ASR 5500 System Administration Guide, StarOS Release 19...
Page 246: Setting The Community Attribute
Multiple extended community-list entries can be attached to an extended community-list by adding multiple permit or deny clauses for various extended community strings. Up to 64 extended community-lists can be configured in a context. ASR 5500 System Administration Guide, StarOS Release 19...
Page 247: Setting The Extended Community Attribute
An SRP Configuration mode command enables advertising BGP routes from an ICSR chassis in standby state. This command and its keywords allow an operator to take advantage of faster network convergence accrued ASR 5500 System Administration Guide, StarOS Release 19...
Page 248: Configurable Bgp Route Advertisement Interval For Icsr
The following table lists the BGP Configuration mode CLI commands that support the configuration of various BGP parameters. For additional information, refer to the BGP Configuration Mode Commands chapter of the Command Line Interface Reference ASR 5500 System Administration Guide, StarOS Release 19...
Page 249 VRF. This maximum-paths { ebgp max_num | ibgp max_num Enables forwarding packets over multiple paths and specifies the maximum number of external BGP (eBGP) or internal BGP (iBGP) paths between neighbors. ASR 5500 System Administration Guide, StarOS Release 19...
Page 250: Confirming Bgp Configuration Parameters
BFD establishes a session between two endpoints over a particular link. If more than one link exists between two systems, multiple BFD sessions may be established to monitor each one of ASR 5500 System Administration Guide, StarOS Release 19...
Page 251: Overview Of Bfd Support
Associating OSPF Neighbors with the Context, on page 226 • Associating BFD Neighbor Groups with the BFD Protocol, on page 226 • Enabling BFD on OSPF Interfaces, on page 227 • Monitoring BFD Connection for ICSR, on page 227 ASR 5500 System Administration Guide, StarOS Release 19...
Page 252: Configuring A Bfd Context
[ bfd echo ] exit Configure BFD static route. ipv6 route static bfd if_name ipv6_gw_address Add static routes. ipv6 route ipv6_address ipv6_mask ipv6 route ipv6_address ipv6_mask ASR 5500 System Administration Guide, StarOS Release 19...
Page 253: Configuring Bfd For Single Hop
Configure a Multihop BFD session. bfd-protocol bfd multihop peer destination-address interval interval-value multiplier multiplier-value Enable BFD on a BGP Neighbor. For additional information, see Associating BGP Neighbors with the Context, on page 226. ASR 5500 System Administration Guide, StarOS Release 19...
Page 254: Scaling Of Bfd
Notes: • Repeat the sequence to add neighbors. Associating BFD Neighbor Groups with the BFD Protocol config context context_name bfd-protocol bfd nbr-group-name grp_name active-if-name if_name nexthop_address bfd nbr-group-name grp_name passive-if-name if_name nexthop_address ASR 5500 System Administration Guide, StarOS Release 19...
Page 255: Enabling Bfd On Ospf Interfaces
BGP routes from a Standby ICSR chassis. The overall goal is to support more aggressive failure detection and recovery in an ICSR configuration when implementing of VoLTE. You must configure the following features for chassis-to-chassis BFD monitoring in ICSR configurations: ASR 5500 System Administration Guide, StarOS Release 19...
Page 256: Enable Primary Chassis Bfd Monitoring
(post ICSR switchover) while the network is still converging. ◦damping-period – configures a delay time to trigger an ICSR switchover due to a monitoring failure within the guard-period. ◦guard-period – configures the local-failure-recovery network-convergence timer. ASR 5500 System Administration Guide, StarOS Release 19...
Page 257: Enable Bfd Multihop Fall-Over
] [ precedence precedence ] [ vrf vrf_name [ cost value ] [ fall-over bfd multihop mhsess_name ] [ precedence precedence ] + The ip route command now also allows you to add a static multihop BFD route. ip route static multihop bfd mhbfd_sess_name local_endpt_ipaddr remote_endpt_ipaddr ASR 5500 System Administration Guide, StarOS Release 19...
Page 258: Ip Routev6 Command
BFD Support for Link Aggregation Member Links Member-link based BFD detects individual link failures faster than LACP and reduces the overall session/traffic down period as a result of single member link failure. ASR 5500 System Administration Guide, StarOS Release 19...
Page 259: Overview
Important with RFC 7130. Configuring Support for BFD Linkagg Member-links The bfd linkagg-peer command enables member-link BFD and configures the BFD link aggregation (linkagg) session values [RFC 7130]. configure context context_name bfd-protocol ASR 5500 System Administration Guide, StarOS Release 19...
Page 260: Saving The Configuration
[local] "*" indicates the Best or Used route. Destination Nexthop Protocol Prec Cost Interface *44.44.44.0/24 208.230.231.50 static local1 *192.168.82.0/24 0.0.0.0 connected *192.168.83.0/24 0.0.0.0 connected 208.230.231.0/24 0.0.0.0 ospf local1 ASR 5500 System Administration Guide, StarOS Release 19...
Page 261 Routing Viewing Routing Information *208.230.231.0/24 0.0.0.0 connected local1 Total route count: 5 ASR 5500 System Administration Guide, StarOS Release 19...
Page 262 Routing Viewing Routing Information ASR 5500 System Administration Guide, StarOS Release 19...
Page 263: C H A P T E
VLANs. You should select the configuration example that best meets your service model before using the procedures described below. VLAN – Layer 2 Traffic Management is a Cisco feature that requires a separate license. Contact your Important Cisco account representative for detailed information on specific licensing requirements.
Page 264: Overlapping Ip Address Pool Support - Ggsn
APN Support – PDN Gateway (P-GW) P-GW Access Point Name (APN) supports extensive parameter configuration flexibility for the APN. VLAN tagging may be selected by the APN, but are configured in the P-GW independently from the APN. ASR 5500 System Administration Guide, StarOS Release 19...
Page 265: Creating Vlan Tags
Flow Control : Enabled Link Aggregation Group : None Untagged: Logical ifIndex : 85262337 Operational State : Up, Active Tagged VLAN: VID 10 Logical ifIndex : 285278210 VLAN Type : Standard VLAN Priority ASR 5500 System Administration Guide, StarOS Release 19...
Page 266: Configuring Subscriber Vlan Associations
Use the configuration example below to configure VLAN associations within local subscriber profiles on the system. These instructions assume that you have already configured subscriber-type VLAN tags according to the Important instructions provided in Creating VLAN Tags, on page 237. config context context_name subscriber name user_name ASR 5500 System Administration Guide, StarOS Release 19...
Page 267: Verify The Subscriber Profile Configuration
Context Configuration Mode Advertises overlap-pool addresses in ip routing overlap-pool dynamic routing protocols when overlap pools are configured using VLAN IDs. When enabled, the overlap addresses are added as interface addresses and advertised. ASR 5500 System Administration Guide, StarOS Release 19...
Page 268 ID with a context. Table 37: VLAN-Related Monitoring Commands CLI Mode Command Description Exec Mode show commands clear port slot/port vlan vlan_id Clears NPU statistics for the port that has a previously configured VLAN ID. ASR 5500 System Administration Guide, StarOS Release 19...
Page 269 Displays VLAN utilization for a specified { 5-minute | hourly } collection interval. Exec Mode show commands show port info slot/port vlan vlan_id Displays NPU counters for a previously configured VLAN ID. ASR 5500 System Administration Guide, StarOS Release 19...
Page 270 VLANs VLAN-Related CLI Commands ASR 5500 System Administration Guide, StarOS Release 19...
Page 271: Bgp Mpls Vpns
Multi-Protocol Label Switching (MPLS) Virtual Private Networks (VPNs). Important MPLS is a licensed Cisco feature that requires a separate license. Contact your Cisco account representative for detailed information on specific licensing requirements. For information on installing and verifying licenses, refer to the Managing License Keys section of Software Management Operations.
Page 272: Mpls-Ce Connected To Pe
Label Distribution Protocol (LDP) and Resource Reservation Protocol (RSVP) are not required because of direct-connect EBGP peering. The MPLS-CE in this scenario pushes/pops a single label (learned over the MP-eBGP connection) to/from the PE. ASR 5500 System Administration Guide, StarOS Release 19...
Page 273: Asr 5X00 As A Pe
In this example, VRFs are configured on the ASR 5x00 PE and pools are associated with VRFs. The ASR 5x00 exchanges VPN routes with its IBGP peers (PE routers) and learns the MPLS paths to reach PEs via ASR 5500 System Administration Guide, StarOS Release 19...
Page 274 192.168.107.20 send-community both neighbor 192.168.107.20 next-hop-self exit address-family ipv4 vrf vrf1 redistribute connected exit address-family ipv4 vrf vrf2 redistribute connected exit interface interface_to_internet ip address 192.168.109.65/24 mpls ip exit router ospf ASR 5500 System Administration Guide, StarOS Release 19...
Page 275: Ipv6 Support For Bgp Mpls Vpns
Support for VPN-IPv6 assumes the following: • Dual Stack (IPv4/IPv6) routing • IPv6 pools in VRFs • BGP peering over a directly connected IPv4 interface See the figure below. Figure 22: IPv6-RD Support for VPNv6 ASR 5500 System Administration Guide, StarOS Release 19...
Page 276: Sample Configuration
1.52.53.54 255.255.255.255 exit interface vrf2-loop loopback ip vrf forwarding vrf2 ip address 2.52.53.54 255.255.255.255 exit interface vrf2-v6loop loopback ip vrf forwarding vrf2 ASR 5500 System Administration Guide, StarOS Release 19...
Page 277 1 chap 2 allow-noauth ip context-name Gi_ce ip address pool name vrf2-pool ipv6 address prefix-pool vrf2-v6pool exit apn apple51.com selection-mode sent-by-ms ASR 5500 System Administration Guide, StarOS Release 19...
Page 278: Vpn-Related Cli Commands
This command enables sending of BGP routes with extended community to a neighbor. BGP Address-Family (VRF) neighbor ip_address activate Enables the exchange of routing Configuration Mode information with a peer router. ASR 5500 System Administration Guide, StarOS Release 19...
Page 279 MPLS labels to be added to packets sent for subscribers from this pool. Context Configuration Mode ip vrf vrf_name Creates a VRF and assigns a VRF-ID. A VRF is created in the router. ASR 5500 System Administration Guide, StarOS Release 19...
Page 280 Clears BGP sessions. Exec Mode lsp-ping ip_prefix_FEC Checks MPLS Label-Switched Path (LSP) connectivity for the specified forwarding equivalence class (FEC). It must be followed by an IPv4 or IPv6 FEC prefix. ASR 5500 System Administration Guide, StarOS Release 19...
Page 281 Enables Label Distribution Protocol (LDP). MPLS-LDP Configuration Mode router-id ip_address Configures the LDP Router ID. MPLS-LDP Configuration Mode Configures the LDP session session timers { hold-interval seconds | keepalive-interval parameters. seconds } ASR 5500 System Administration Guide, StarOS Release 19...
Page 282 Map (ILM) table information. Exec Mode show Commands show mpls ldp Displays the MPLS LDP information. Exec Mode show Commands show mpls Displays MPLS Next-Hop Label nexthop-label-forwarding-entry Forwarding Entry (NHLFE) table information. ASR 5500 System Administration Guide, StarOS Release 19...
Page 283: Chapter 1 9 Content Service Steering
Internal CSS is a generic feature, if an ECSv2 license is installed on your system, internal CSS can be Important enabled. A separate license is not required to enable internal CSS. Contact your local Cisco account representative for information on how to obtain a license.
Page 284: Configuring Internal Content Service Steering
• service_name must be an ACL service name. • For information on the keywords and options available with the redirect css service command, see the ACL Configuration Mode Commands chapter in the Command Line Interface Reference. ASR 5500 System Administration Guide, StarOS Release 19...
Page 285: Applying An Acl To An Individual Subscriber (Optional)
For information on how to apply an ACL to multiple subscribers via APNs, refer to the Applying a Single ACL to Multiple Subscribers via APNs section in the Access Control Lists chapter. ASR 5500 System Administration Guide, StarOS Release 19...
Page 286 Content Service Steering Applying an ACL to Multiple Subscribers via APNs (Optional) ASR 5500 System Administration Guide, StarOS Release 19...
Page 287: Chapter 2 0 Session Recovery
This chapter describes the Session Recovery feature that provides seamless failover and reconstruction of subscriber session information in the event of a hardware or software fault. Session Recovery is a licensed Cisco feature. A separate feature license may be required. Contact your Important Cisco account representative for detailed information on specific licensing requirements.
Page 288 • ASR 5000 only – ePDG service (evolved Packet Data Gateway) • GGSN services for IPv4 and PPP PDP contexts • HA services supporting Mobile IP and/or Proxy Mobile IP session types with or without per-user Layer 3 tunnels ASR 5500 System Administration Guide, StarOS Release 19...
Page 289 • A best-effort attempt to recover various timer values such as call duration, absolute time, and others. • The idle time timer is reset to zero and the re-registration timer is reset to its maximum value for HA sessions to provide a more conservative approach to session recovery. ASR 5500 System Administration Guide, StarOS Release 19...
Page 290: Additional Asr 5X00 Hardware Requirements
(able to accept incoming calls) or a system that is out-of-service (not part of your production network and, therefore, not processing any live subscriber/customer data). The session recovery feature, even when the feature use key is present, is disabled by default on the system. Important ASR 5500 System Administration Guide, StarOS Release 19...
Page 291: Enabling Session Recovery
If the current status of the Session Recovery feature is Disabled, You cannot enable this feature until a license key is installed in the system. ASR 5500 System Administration Guide, StarOS Release 19...
Page 292: Disabling The Session Recovery Feature
Overall Status SESSMGR Not Ready For Recovery Last Status Update 1 second ago host_name show session recovery status [local] Session Recovery Status: Overall Status Ready For Recovery Last Status Update 8 seconds ago ASR 5500 System Administration Guide, StarOS Release 19...
Page 293: Viewing Recovered Session Information
Failure (no buffers): 0 Failure (other reasons): 0 Redirected Session Entries: Allowed: 2000 Current: Added: Deleted: Revoked for use by different subscriber: 0 Peer callline: Redundancy Status: Recovered Session Checkpoints Attempts Success Last-Attempt Last-Success ASR 5500 System Administration Guide, StarOS Release 19...
Page 294: Recovery Control Task Statistics
• Recovery action status – Success or failure reason • If recovery action failed, failure time stamp • If recovery action failed, failure task facility name • If recovery action failed, failure instance number ASR 5500 System Administration Guide, StarOS Release 19...
Page 295: Show Rct Stats Command
: 003.423 sec Is Card Usable : Yes Failure Reason : N.A. Failure Device : N.A Recovery Status : Success Facility : N.A Instance : N.A Stats 4: Action : Migration From : 11 ASR 5500 System Administration Guide, StarOS Release 19...
Page 296 : Yes Failure Reason : N.A. Failure Device : N.A Recovery Status : TASK_MIGRATION_FAIL_RENAME Facility : sessmgr Instance : 63 RCT stats Summary ----------------- Migrations 3, Average time = 4.260 sec Switchovers = ASR 5500 System Administration Guide, StarOS Release 19...
Page 297: Chapter 2 1 Interchassis Session Recovery
Administration Guide, before using the procedures described below. ICSR is a licensed Cisco feature that requires a separate license. Contact your Cisco account representative Important for detailed information on specific licensing requirements. For information on installing and verifying licenses, refer to the Managing License Keys section of Software Management Operations.
Page 298: Interchassis Communication
Important ICSR support for LAC requires a separate LAC license, as well as an Inter-Chassis Session Recovery license. Contact your Cisco account representative to verify whether a specific service supports ICSR as an option. Important Interchassis Communication Chassis configured to support ICSR communicate using periodic Hello messages. These messages are sent by each chassis to notify the peer of its current state.
Page 299: Checkpoint Messages
Resets the Diameter monitor failure information to 0. srp terminate-post-process Forcibly terminates post-switchover processing. srp validate-configuration Validates the configuration for an active chassis. Validates that both active and standby chassis are ready for a planned srp validate-switchover SRP switchover. ASR 5500 System Administration Guide, StarOS Release 19...
Page 300: Show Commands
• a manual switchover • another non-AAA failure event causes the system to switchover • a CLI command is used to clear the AAA failure flag and allow the chassis to switch to standby ASR 5500 System Administration Guide, StarOS Release 19...
Page 301: Bgp Interaction
• Border Gateway Protocol (BGP) – ICSR uses the route modifier to determine the chassis priority. Important ICSR is a licensed Cisco feature. Verify that each chassis has the appropriate license before using these procedures. To do this, log in to both chassis and execute a show license information command. Look for "Inter-Chassis Session Recovery".
Page 302: Icsr Operation
Interchassis Session Recovery ICSR Operation The following figure shows an ICSR network. Figure 24: ASR 5500 ICSR Network ICSR Operation This section shows operational flows for ICSR. ASR 5500 System Administration Guide, StarOS Release 19...
Page 303 Interchassis Session Recovery ICSR Operation The following figure shows an ICSR process flow due to a primary failure. Figure 25: ICSR Process Flow (Primary Failure) ASR 5500 System Administration Guide, StarOS Release 19...
Page 304 Interchassis Session Recovery ICSR Operation The following figure shows an ICSR process flow due to a manual switchover. Figure 26: ICSR Process Flow (Manual Switchover) ASR 5500 System Administration Guide, StarOS Release 19...
Page 305: Chassis Initialization
Hello messages within the dead interval, the standby chassis initiates a switchover. During the switchover, the standby chassis begins advertising its srp-activated loopback and ASR 5500 System Administration Guide, StarOS Release 19...
Page 306: Configuring Interchassis Session Recovery (Icsr)
• AAA server is installed, configured and accessible by both chassis. For more information on configuring the AAA server, refer to the AAA Interface Administration and Reference. • BGP router installed and configured. See Routing for more information on configuring BGP services. ASR 5500 System Administration Guide, StarOS Release 19...
Page 307: Configuring The Service Redundancy Protocol (Srp) Context
Save your configuration as described in Verifying and Saving Your Configuration. Creating and Binding the SRP Context Use the example below to create the SRP context and bind it to primary chassis IP address: ASR 5500 System Administration Guide, StarOS Release 19...
Page 308: Configuring Srp Context Parameters
Checkpoints can be set for IMS (VoLTE) and/or non-IMS sessions. The checkpoint is a snapshot of the current application state that can be used to restart its execution in case of failure. The default setting is 60 seconds. ASR 5500 System Administration Guide, StarOS Release 19...
Page 309: Srp Redundancy, Aaa And Diameter Guard Timers
◦aaa – local failure followed by AAA monitoring failure ◦bgp – local failure followed by BGP monitoring failure ◦diam – local failure followed by Diameter monitoring failure ASR 5500 System Administration Guide, StarOS Release 19...
Page 310: Dscp Marking Of Srp Messages
◦ef – Expedited Forwarding PHB, for low latency traffic Optimizing Switchover Transitions There are several SRP configuration options that reduce the transition time from the active to standby gateways (primarily P-GW) in support of VoLTE traffic. ASR 5500 System Administration Guide, StarOS Release 19...
Page 311: Allow Non-Volte Traffic During Icsr Switchover
Interchassis Session Recovery Configuring the Service Redundancy Protocol (SRP) Context These features require an updated ICSR license to support the enhancements. Contact your Cisco account Important representative for additional information. Allow Non-VoLTE Traffic During ICSR Switchover The ICSR framework reduces switchover disruption for VoLTE traffic by enabling VoLTE traffic on the newly active gateway prior to reconciling the billing information and enabling communication with the newly active gateway when accounting is not deemed critical.
Page 312 The switchover allow-all-data-traffic command must be run on both chassis to enable this feature. Important The switchover allow-volte-data-traffic SRP Configuration mode CLI command allows VoLTE data traffic during ICSR switchover transition. configure context context_name ASR 5500 System Administration Guide, StarOS Release 19...
Page 313: Allow All Data Traffic
• Critical Flush – During the Active to Pending-Standby transition, all sessmgrs flush any pending critical FCs (Full Checkpoints). During this time, the active chassis drops all control packets. If control signaling ASR 5500 System Administration Guide, StarOS Release 19...
Page 314: Configuring The Srp Context Interface Parameters
LZ4 is a very fast lossless compression algorithm with near-linear scalability for multi-threaded applications. The compression keyword in the SRP Configuration mode checkpoint session command allows you to enable the use of the LZ4 compression algorithm. ASR 5500 System Administration Guide, StarOS Release 19...
Page 315: Reducing Sync-Up Time With Standby Icsr Chassis
Configuring the Service Redundancy Protocol (SRP) Context The compression keyword will only appear if a special ICSR optimization feature license has been Important purchased and installed. Contact your Cisco account representative for assistance. The following command sequence enables the use of LZ4 compression: configure...
Page 316: Modifying The Source Context For Icsr
This option is useful in deployments in which a combination of IPv4 and IPv6 peers are spread across multiple paired VLANs, and IPv4 or IPv6 connectivity is lost by all members of a peer group. ASR 5500 System Administration Guide, StarOS Release 19...
Page 317: Verifying Bgp Configuration
Use the following example to create the BGP context and network addresses. configure context dest_ctxt_name router bgp AS_num network gw_ip_address neighbor neighbor_ip_address remote-as AS_num Notes: • AS_num is the autonomous systems path number for this BGP router. ASR 5500 System Administration Guide, StarOS Release 19...
Page 318: Configuring Srp Context For Bgp For Destination Context
This section describes how to compare the ICSR configuration on both chassis. Step 1 Enter the show configuration srp command on both chassis (Exec mode). Step 2 Verify that both chassis have the same SRP configuration information. ASR 5500 System Administration Guide, StarOS Release 19...
Page 319: Configuring Subscriber State Management Audit Process
60 through 1440. For example, a periodicity of 90 indicates that SRP audit statistics will be generated every 90 minutes beginning at the specified start time. Default = 60. A sample configuration sequence appears below. config context srp service-redundancy-protocol audit daily-start-time 06 00 audit periodicity 90 ASR 5500 System Administration Guide, StarOS Release 19...
Page 320: Updating The Operating System
• Initiate an SRP switchover from the active backup chassis to make the standby primary chassis active. The four-part flowchart below shows a more complete view of all the procedures required to complete the StarOS upgrade process. ASR 5500 System Administration Guide, StarOS Release 19...
Page 321 Enabling the Demux on MIO/UMIO feature changes resource allocations within the system. This directly Caution impacts an upgrade or downgrade between StarOS versions in ICSR configurations. Contact Cisco TAC for procedural assistance prior to upgrading or downgrading your ICSR deployment.
Page 322 Interchassis Session Recovery Updating the Operating System Figure 29: ICSR Software Upgrade – Part 2 ASR 5500 System Administration Guide, StarOS Release 19...
Page 323 Interchassis Session Recovery Updating the Operating System Figure 30: ICSR Software Upgrade – Part 3 ASR 5500 System Administration Guide, StarOS Release 19...
Page 324 Interchassis Session Recovery Updating the Operating System Figure 31: ICSR Software Upgrade – Part 4 ASR 5500 System Administration Guide, StarOS Release 19...
Page 325: Both Icsr Chassis
Exec mode command:[local]host_name# directory /flash Step 2 Access to the Cisco support site and download facility is username and password controlled. Download the software image to a network location or physical device (USB stick) from which it can be uploaded to the /flash device.
Page 326: Standby Backup Chassis
Service Redundancy Protocol (SRP) checks verify that the mechanism for monitoring ICSR system status is operational. Step 1 Run show srp monitor all. Step 2 Review the output for any issues that may preclude performing the software update. ASR 5500 System Administration Guide, StarOS Release 19...
Page 327: Performing Bgp Checks
Synchronize the local file systems by entering the following Exec mode command: host_name filesystem synchronize all [local] Reloading the Chassis Reboot the chassis by entering the following command: host_name reload [-noconfirm] [local] ASR 5500 System Administration Guide, StarOS Release 19...
Page 328: Updating The Configuration File
Features in the new operating system may require changes to the configuration file. These changes can be done manually or facilitated by custom scripts prepared by Cisco TAC. Make whatever changes are necessary prior to saving the updated configuration file.
Page 329: Waiting For Session Synchronization
There should be no output for this command, or no very recent SNMP trap notifications (based on the event timestamp). Step 3 If the active chassis cannot communicate with one or more AAA servers, refer to AAA Monitor for additional information. ASR 5500 System Administration Guide, StarOS Release 19...
Page 330: Completing The Software Update
On the primary chassis, confirm the switchover is complete by running the show srp info command. Chassis State should indicate Active when switchover is complete. Making Test Calls Once the chassis state is verified and subscribers are migrated, perform new call testing to make sure calls are successful. ASR 5500 System Administration Guide, StarOS Release 19...
Page 331: Fallback Procedure
[local] Step 3 Reboot the system to load its previous configuration. host_name reload [local] Step 4 Perform health checks as described in Performing Health Checks, on page 298 ASR 5500 System Administration Guide, StarOS Release 19...
Page 332 Interchassis Session Recovery Fallback Procedure ASR 5500 System Administration Guide, StarOS Release 19...
Page 333: Support Data Collector
Technical Assistance Center (TAC) personnel and local administrators can review the SDRs on-line or by transferring them off the system. They may also wish to investigate the collector state information. The figure ASR 5500 System Administration Guide, StarOS Release 19...
Page 334: Configuring Sdr Collection
If the user has configured support record sections, then the show configuration command displays user-configured support record sections. The support collection schedule configuration also appears in the show configuration output under the Global Configuration section. ASR 5500 System Administration Guide, StarOS Release 19...
Page 335: Collecting And Storing The Sdr Information
The SDRs are stored together in a self-relative set. This self-relative set is called a Support Record Collection. Each individual SDR is identified with a record-id. The record-id of the most recent SDR is always 0 (zero). ASR 5500 System Administration Guide, StarOS Release 19...
Page 336 This is because the interval specifies the idle time between scheduled collection runs. Since the actual overhead of the collecting process is not included in the scheduled intervals, the time differences between collections includes this non-deterministic amount of time. ASR 5500 System Administration Guide, StarOS Release 19...
Page 337: Using Sdrs To Diagnose Problems
The administrator may decide to transfer the SDRs off the system to be analyzed remotely, for example, by Cisco TAC. ASR 5500 System Administration Guide, StarOS Release 19...
Page 338: Configuration Commands (Global Configuration Mode)
The max-records keyword specifies the number of SDRs to store as an integer from 1 to 65535. When this value is exceeded, the new SDR overwrites the oldest SDR. The default value is 168. ASR 5500 System Administration Guide, StarOS Release 19...
Page 339: Exec Mode Commands
Last Collection Start Time : Monday October 21 06:29:05 PDT 2013 Last Collection End Time : Monday October 21 06:29:09 PDT 2013 Est. Collection Next Start : Monday October 21 07:29:13 PDT 2013 (40 minutes) Support Data Records at /var/tmp/support-records/ ASR 5500 System Administration Guide, StarOS Release 19...
Page 340 The output of this command reflects the sequence in which record sections will be output, regardless of the sequence in which they may have been entered by the user. Refer to the SDR CLI Command Strings appendix for additional information. ASR 5500 System Administration Guide, StarOS Release 19...
Page 341: Appendix A Engineering Rules
This appendix provides engineering guidelines for configuring the system to meet network deployment requirements. • CLI Session Rules, page 313 • ASR 5500 Interface and Port Rules, page 313 • Context Rules, page 314 • Subscriber Rules, page 317 •...
Page 342: Packet Data Network (Pdn) Interface Rules
◦ For Release 15.0 and higher: With the Demux MIO/UMIO feature enabled, up to 64 interfaces can be configured within a single context. ◦ 512 Ethernet+PPP+tunnel interfaces ◦ 32 ipv6ip tunnel interfaces ◦ 511 GRE tunnels (2,048 GRE tunnels per chassis) ASR 5500 System Administration Guide, StarOS Release 19...
Page 343 ◦ Releases 12 and 14: 16,000 BGP prefixes can be learned/advertised per context (64,000 per chassis) ◦ Releases 15 and 16: 32,000 BGP prefixes can be learned/advertised per context (64,000 per chassis) ASR 5500 System Administration Guide, StarOS Release 19...
Page 344 ◦ 800 NAS-IP address/NAS identifier (one primary and one secondary per server group) per context • Up to 12 charging gateway functions (CGFs) for GTPP accounting can be configured per context. • Up to 16 bidirectional forwarding detection (BFD) sessions per context (64 per chassis) ASR 5500 System Administration Guide, StarOS Release 19...
Page 345: Subscriber Rules
Large numbers of services greatly increase the complexity of management and may affect overall system performance. Therefore, you should not configure a large number of services unless your application absolutely requires it. Please contact your Cisco service representative for more information.
Page 346: Access Control List (Acl) Engineering Rules
The maximum number of ECMP groups are as follows: • For releases prior to 17.0, StarOS supports a maximum of 512 groups. • For release 17.0 and higher, StarOS supports a maximum of 2048 groups. ASR 5500 System Administration Guide, StarOS Release 19...
Page 347: Appendix B Staros Tasks
Command Line Interface Reference and Statistics and Counters Reference. The following sections describe the primary tasks that are implemented by StarOS: • Primary Task Subsystems, on page 320 • Controllers and Managers, on page 321 ASR 5500 System Administration Guide, StarOS Release 19...
Page 348: Primary Task Subsystems
All IP operations within StarOS are done within specific VPN contexts. In general, packets are not forwarded across different VPN contexts. The only exception currently is the Session subsystem. • Network Processing Unit (npuctrl/npumgr on ASR 5000; npusim on ASR 5500, and knpusim on VPC-DI and VPC-SI): This subsystem is responsible for the following: •...
Page 349: Controllers And Managers
Managers manage resources and mappings between resources. In addition, some managers are directly responsible for call processing. For information about the primary subsystems that are composed of critical, controller, and /or manager tasks, Subsystem Tasks, on page 322. ASR 5500 System Administration Guide, StarOS Release 19...
Page 350: Subsystem Tasks
Starts management cards in either active or standby mode. Registers tasks with HAT task. Notifies CSP task of CPU startup completion. Brings up packet processing cards in standby mode. SITREAP SIT Reap Sub-function Shuts down tasks as required. ASR 5500 System Administration Guide, StarOS Release 19...
Page 351: High Availability Subsystem
Monitors system components such as fans for state changes. Triggers actions for redundancy in the event of fault detection. The HAT subsystem on the redundant management card mirrors the HAT subsystem on the active management card. ASR 5500 System Administration Guide, StarOS Release 19...
Page 352: Resource Manager Subsystem
Only one Session Controller operates at any time. Routes context specific operation information to the appropriate VPN Manager. Performs VPN Manager recovery and saves all VPN-related configuration information in SCT. ASR 5500 System Administration Guide, StarOS Release 19...
Page 353 Configuration mode CLI command) Responsible for learning and redistributing routing information via the OSPFv3 protocol. Maintains the OSPFv3 neighboring relationship. Maintains the LSA database. Performs OSPFv3 SPF calculations. Applies any defined OSPFv3 routing policy. ASR 5500 System Administration Guide, StarOS Release 19...
Page 354: Network Processing Unit Subsystem
[VPC-DI, VPC-SI] Provides interface binding and forwarding services to the VPN Manager. Provides flow insertion and removal services to Session Manager and AAA Manager tasks. Provides recovery services to the NPU Controller. ASR 5500 System Administration Guide, StarOS Release 19...
Page 355 Provides port configuration services to the CSP task Provides interface binding and forwarding services to the VPN Manager. Provides flow insertion and removal services to Session Manager and AAA Manager tasks. Provides recovery services to the NPU Controller. ASR 5500 System Administration Guide, StarOS Release 19...
Page 356: Session Subsystem
A11 Managers, and from multiple contexts. Processes protocols for A10/A11, GRE, R3, R4, R6, GTPU/GTPC, PPP, and Mobile IP. Manages Enhanced Charging Service, Content Filtering and URL Blacklisting services. Session Managers are paired with AAA Managers. ASR 5500 System Administration Guide, StarOS Release 19...
Page 357 Writes CDRs to a file in its VRAM-disk. The enqueued CDRs are then periodically synchronized with a HDD for transfer. ASR 5500 System Administration Guide, StarOS Release 19...
Page 358 Handles the Gmb interface over a Diameter connection to a BMSC Server for MBMS bearer sessions. dgmbmgr recovers by polling all sessmgrs for MBMS session states and recreating the MBMS UE and MBMS bearer context information. ASR 5500 System Administration Guide, StarOS Release 19...
Page 359 Maintains list of current Session Manager tasks which aids in session recovery. Handles GTP Echo messaging. With session recovery (SR) enabled, this demux manager is usually established on one of the CPUs on the first active packet processing card. ASR 5500 System Administration Guide, StarOS Release 19...
Page 360 Serves as the Default GTPU listener. GTPUMGR will process GTPU packets with invalid TEID. With session recovery (SR) enabled, this demux manager is usually established on one of the CPUs on the first active packet processing card. ASR 5500 System Administration Guide, StarOS Release 19...
Page 361 Maintains Home-NodeB databases. Provides nodal functions for Iuh interface on SCTP protocol. With session recovery (SR) enabled, this manager is usually established on one of the CPUs on the first active packet processing card. ASR 5500 System Administration Guide, StarOS Release 19...
Page 362 Created by the Session Controller. Manager In Server mode, acts as a RADIUS server, and supports Proxy functionality. In Snoop mode supports snooping RADIUS Accounting messages. Load balances requests among different SessMgrs. Activates and deactivates sessions. ASR 5500 System Administration Guide, StarOS Release 19...
Page 363 (routing domain) is activated. Multi-instanced for redundancy and scaling purposes. Provides SS7 and Gb connectivity to the platform. Routes per subscriber signalling across the SS7 (including Iu) and Gb interfaces to the SessMgr. ASR 5500 System Administration Guide, StarOS Release 19...
Page 364 Remains aware of all the active MME services in the system. With session recovery (SR) enabled, this demux manager is usually established on one of the CPUs on the first active packet processing card. ASR 5500 System Administration Guide, StarOS Release 19...
Page 365 Handles all PCRF service sessions. Manager Interfaces with PCC-Core while processing different events associated with individual subscriber sessions. Maintains subscriber information while applying business logic. Creates calline and corresponding APN session for each subscriber. ASR 5500 System Administration Guide, StarOS Release 19...
Page 366: Platform Processes
Responsible for the overall management of the system fabric. Controller Manages the pool of Rendezvous Destinations and coordinates fabric recovery by the afmgr proclets after a fault. A single afctrl instance runs on the active MIO/UMIO only. ASR 5500 System Administration Guide, StarOS Release 19...
Page 367 Spawns daughter card managers during system initialization Controller and monitors daughter card managers during system steady state execution. It also spawns daughter card managers [ASR 5x00 only] whenever a daughter card manager task fails. ASR 5500 System Administration Guide, StarOS Release 19...
Page 368 IP Access Lists, IP pools, interface addresses, and interface state notifications. ipsecmgr IPSec Manager Created by the Session Controller, establishes and manages secure IKEv1, IKEv2 and IPSec data tunnels. ASR 5500 System Administration Guide, StarOS Release 19...
Page 369 Link Aggregation Group Started by npuctrl on the demux card's primary CPU (ASR Manager 5000) or MIO (ASR 5500) with a facility level between CSP and npumgr to receive configuration/status notification from [ASR 5x00 only] npumgr and build global LAG database.
Page 370: Management Processes
Management Protocol SNMP notifications (traps) if enabled. threshold Threshold Server Handles monitoring of threshold crossing alerts, if configured. Polls the needed statistics/variables, maintains state, and generates log messages/SNMP notification of threshold crossings. ASR 5500 System Administration Guide, StarOS Release 19...
Page 371: Icsr Checkpointing
To conserve processing cycles and memory, dynamic and periodic updates from an active chassis to a standby chassis are done using micro-checkpoints. The output of the Exec mode show srp info command displays a complete list of SRP checkpoints. Macro-checkpoints This section lists and briefly describes ICSR macro-checkpoints. ASR 5500 System Administration Guide, StarOS Release 19...
Page 372: Ggsn_Apn Id Mapping
This macro-checkpoint is sent from the active to the standby chassis to map Service IDs on the standby chassis. • Time based: No • Frequency: N/A • Event based: Yes • Events: Occurs whenever a TCP connection is established between the sessmgrs and they move to READY_STATE. ASR 5500 System Administration Guide, StarOS Release 19...
Page 373: Vpnmgr_Id Mapping
• NAT Category, on page 356 • P-GW Category, on page 359 • Rf Interface Category, on page 361 • S6b Interface Category, on page 363 • SaMOG Category, on page 363 ASR 5500 System Administration Guide, StarOS Release 19...
Page 374: Uncategorized
• Related CLI command: None SESS_UCHKPT_CMD_UPDATE_IDLESECS This micro-checkpoint sends remaining number of seconds before idle timeout. • Time based: Yes • Frequency: — • Event based: No • Events: Occurs during ICSR background checkpointing. ASR 5500 System Administration Guide, StarOS Release 19...
Page 375: Dcca Category
• Frequency: — • Event based: Yes • Events: Occurs whenever ECS call level information is created or modified. • Accounting: No • Delta/Cumulative: N/A • CMD-ID: 179 • Related CLI command: None ASR 5500 System Administration Guide, StarOS Release 19...
Page 376: Sess_Uchkpt_Cmd_Acs_Gx_Li_Info
• Frequency: N/A • Event based: Yes • Events: Occurs whenever an ECS Release Call message is processed. • Accounting: No • Delta/Cumulative: N/A • CMD-ID: 188 • Related CLI command: — ASR 5500 System Administration Guide, StarOS Release 19...
Page 377: Sess_Uchkpt_Cmd_Del_Acs_Sess_Info
• Frequency: N/A • Event based: Yes • Events: Occurs whenever a dynamic charging action has been deleted. • Accounting: No • Delta/Cumulative: N/A • CMD-ID: 183 • Related CLI command: None ASR 5500 System Administration Guide, StarOS Release 19...
Page 378: Sess_Uchkpt_Cmd_Dynamic_Chrg_Del_Qg_Info
• Time based: No • Frequency: — • Event based: Yes • Events: Occurs whenever a dynamic rule has been deleted. • Accounting: No • Delta/Cumulative: N/A • CMD-ID: 178 • Related CLI command: None ASR 5500 System Administration Guide, StarOS Release 19...
Page 379: Sess_Uchkpt_Cmd_Dynamic_Rule_Info
SESS_UCHKPT_CMD_UPDATE_EPDG_BEARER This micro-checkpoint synchronizes ePDG bearers between the active and standby chassis. • Time based: No • Frequency: N/A • Event based: No • Events: N/A • Accounting: Yes • Delta/Cumulative: Cumulative ASR 5500 System Administration Guide, StarOS Release 19...
Page 380: Sess_Uchkpt_Cmd_Update_Epdg_Peer_Addr
• Related CLI command: show srp micro-checkpoint statistics debug-info SESS_UCHKPT_CMD_UPDATE_EPDG_STATS This micro-checkpoint synchronizes session statistics between the active and standby chassis. • Time based: Yes • Frequency: 30 seconds • Event based: No • Events: N/A • Accounting: Yes ASR 5500 System Administration Guide, StarOS Release 19...
Page 381: Firewall/Ecs Category
• Event based: Yes • Events: Occurs whenever PCRF sends a command to enable the predefined SFW access rules. • Accounting: Yes • Delta/Cumulative: Cumulative • CMD-ID: 185 • Related CLI command: None ASR 5500 System Administration Guide, StarOS Release 19...
Page 382: Ggsn Category
This micro-checkpoint is sent in a Network or UE initiated update procedure except for updates that result in the following scenarios: • Creation or deletion of the beare • TFT change or inter-RAT handovers • Gn-Gp handoff Parameters associated with this micro-checkpoint are shown below. ASR 5500 System Administration Guide, StarOS Release 19...
Page 383: Sess_Uchkpt_Cmd_Ggsn_Update_Stats
• Time based: — • Frequency: — • Event based: Yes • Events: COA (Change of Authorization) response • Accounting: — • Delta/Cumulative: — • CMD-ID: 83 • Related CLI command: None ASR 5500 System Administration Guide, StarOS Release 19...
Page 384: Gx Interface Category
This micro-checkpoint is sent when a port chunk is allocated or deallocated for a subscriber sharing a NAT IP address with other subscribers. The port chunk is allocated or deallocated while data is being received for that subscriber. • Time based: No • Frequency: N/A ASR 5500 System Administration Guide, StarOS Release 19...
Page 385: Sess_Uchkpt_Cmd_Gr_Update_Nat_Realms
• Frequency: N/A • Event based: Yes • Events: Triggered when a new SIP flow is created or deleted. • Accounting: No • Delta/Cumulative: N/A • CMD-ID: 98 • Related CLI command: None ASR 5500 System Administration Guide, StarOS Release 19...
Page 386: Sess_Uchkpt_Cmd_Nat_Sip_Alg_Contact_Ph_Info
(based on a rule-match), and a new bypass flow is created. This checkpoint is sent when the flow is both added and deleted. • Time based: No • Frequency: N/A • Event based: Yes ASR 5500 System Administration Guide, StarOS Release 19...
Page 387: P-Gw Category
• Time based: No • Frequency: N/A • Event based: Yes • Events: Triggered when the S-GW goes into Restoration mode. • Accounting: No • Delta/Cumulative: N/A • CMD-ID: 158 • Related CLI command: None ASR 5500 System Administration Guide, StarOS Release 19...
Page 388: Sess_Uchkpt_Cmd_Pgw_Ubr_Mbr_Info
• Time based: No • Frequency: N/A • Event based: Yes • Events: Triggered when there is a change in the LI state for this call. • Accounting: No • Delta/Cumulative: N/A • CMD-ID: 151 ASR 5500 System Administration Guide, StarOS Release 19...
Page 389: Sess_Uchkpt_Cmd_Pgw_Update_Pdn_Common_Param
This micro-checkpoint indicates a change in the SDF+QCI-based Rf accounting buckets. • Time based: Yes • Frequency: 4 seconds for aamgr checkpoint and 18 seconds for GR checkpoint • Event based: No • Events: N/A • Accounting: Yes • Delta/Cumulative: Cumulative ASR 5500 System Administration Guide, StarOS Release 19...
Page 390: Sess_Uchkpt_Cmd_Acs_Accounting_Type_Qci_Rf_With_Fc
• Time based: Yes • Frequency: 4 seconds for aamgr checkpoint and 18 seconds for GR checkpoint; • Event based: No • Events: Sent along with macro-checkpoint. • Accounting: Yes • Delta/Cumulative: Cumulative ASR 5500 System Administration Guide, StarOS Release 19...
Page 391: S6B Interface Category
• Event based: Yes • Events: Occurs whenever SaMOG sends a Delete-Session-Req or upon receiving a Delete-Bearer-Request. • Accounting: No • Delta/Cumulative: N/A • CMD-ID: 169 • Related CLI command: show subscriber samog-only full ASR 5500 System Administration Guide, StarOS Release 19...
Page 392: Sess_Uchkpt_Cmd_Cgw_Update_Bearer_Qos
• Related CLI command: show subscriber samog-only full SESS_UCHKPT_CMD_CGW_UPDATE_STATS Reserved for future use. SESS_UCHKPT_CMD_CGW_UPDATE_UE_PARAM Reserved for future use. SESS_UCHKPT_CMD_SAMOG_ACCT_INTERIM_INFO This micro-checkpoint is sent for a SaMOG session on receipt of an Accounting Req (INTERIM-UPDATE) from the WLC ASR 5500 System Administration Guide, StarOS Release 19...
Page 393: Sess_Uchkpt_Cmd_Samog_Acct_Start_Info
• Event based: Yes • Events: Occurs whenever a DHCP-Discover message is received over a different EoGRE tunnel. • Accounting: No • Delta/Cumulative: N/A • CMD-ID: 201 • Related CLI command: show subscriber samog-only full ASR 5500 System Administration Guide, StarOS Release 19...
Page 394: Sess_Uchkpt_Cmd_Samog_Gtpv1_Update_Pdn_Info
SaMOG will delay handoff as it expects an Accounting Req (START) from the subscriber. • Time based: No • Frequency: N/A • Event based: Yes • Events: Occurs when a Account Req (STOP) request is received from the WLC. ASR 5500 System Administration Guide, StarOS Release 19...
Page 395: Sess_Uchkpt_Cmd_Samog_Li_Prov_Info
This micro-checkpoint is sent for a SaMOG session when SaMOG is waiting on the UE after sending an Access-Challenge while Re-authenticating the subscriber session. • Time based: No • Frequency: N/A • Event based: Yes ASR 5500 System Administration Guide, StarOS Release 19...
Page 396: Sess_Uchkpt_Cmd_Samog_Reauthen_Info
• Events: Occurs on receiving and successfully processing AAR from the AAA Server to re-authorize the subscriber • Accounting: No • Delta/Cumulative: N/A • CMD-ID: 173 • Related CLI command: show subscriber samog-only full ASR 5500 System Administration Guide, StarOS Release 19...
Page 397: Asr 5500 Sdr Cli Command Strings
A P P E N D I X ASR 5500 SDR CLI Command Strings • ASR 5500 SDR CLI Command Strings, page 369 ASR 5500 SDR CLI Command Strings This appendix identifies the CLI command strings that can be entered for a record section via the support record section command in the Global Configuration Mode.
Page 398 "show npu details" Disabled "show lagmgr details" Enabled "show fans" Disabled "show hardware version fans" Enabled "show power chassis" Enabled "show temperature" Disabled "show timing" Disabled "show alarm audible" Disabled "show alarm central-office" ASR 5500 System Administration Guide, StarOS Release 19...
Page 399 "show messenger bounces" Disabled "debug limits checkup detailed" Disabled "show plugin" Disabled "show module" Disabled "show ppp statistics" Disabled "show rsvp statistics" Enabled "show session disconnect-reasons verbose" Disabled "show apn statistics all" ASR 5500 System Administration Guide, StarOS Release 19...
Page 400 "show ggsn-service sgsn-table" Disabled "show cscf service all" Disabled "show cscf service diameter policy-control statistics" Disabled "show cscf service diameter location-info statistics" Disabled "show cscf service li-packet-cable statistics" Disabled "show cscf peer-servers full" ASR 5500 System Administration Guide, StarOS Release 19...
Page 401 "show srp checkpoint statistics sessmgr all write-list-stats" Disabled "show srp monitor" Enabled "show srp monitor all" Disabled "show srp monitor diameter debug" Enabled "show srp statistics" Disabled "show srp call-loss statistics" Disabled "show srp audit-statistics" ASR 5500 System Administration Guide, StarOS Release 19...
Page 402 "show egtpc statistics interface sgw-egress" Enabled "show egtpc statistics interface pgw-ingress" Enabled "show egtpc statistics interface cgw-egress" Enabled "show egtpc statistics interface epdg-egress" Disabled "show egtp-service all" Disabled "show gtpu-service all" Disabled "show pgw-service all" ASR 5500 System Administration Guide, StarOS Release 19...
Page 403 Disabled "show hnbgw disconnect-reasons" Disabled "show cs-network statistics" Disabled "show ps-network statistics" Disabled "show hnbgw statistics" Disabled "show hnbgw counters" Disabled "show demux-mgr statistics hnbmgr full" Disabled "show demuxmgr statistics bngmgr all" ASR 5500 System Administration Guide, StarOS Release 19...
Page 404 "show gtpp storage-server streaming file statistics verbose" Disabled "show gtpp storage-server streaming file counters all" Disabled "show gtpp group all" Enabled "show hd-storage-policy statistics all verbose" Enabled "show hd-storage-policy counters all verbose" Disabled "show dhcp statistics verbose" ASR 5500 System Administration Guide, StarOS Release 19...
Page 405 "show active-charging edr-udr-file flow-control-counters verbose debug-only" Disabled "show active-charging service statistics" Disabled "show active-charging analyzer statistics" Disabled "show active-charging dns-learnt-ip-addresses statistics sessmgr all verbose" Disabled "show active-charging analyzer statistics name ip verbose" ASR 5500 System Administration Guide, StarOS Release 19...
Page 406 "debug acsmgr show flow-stats duration-based udp" Disabled "debug acsmgr show flow-stats lifetime-based all-flows" Disabled "debug acsmgr show p2p detection-params sct" Disabled "debug acsmgr show rule-optimization-information" Disabled "debug sessmgr charging-service show-stats all" Disabled "debug acsmgr show memory usage" ASR 5500 System Administration Guide, StarOS Release 19...
Page 407 "show asngw-service statistics verbose" Disabled "show demuxmgr statistics asnpcmgr all" Disabled "show asnpc-service all" Disabled "show asnpc-service statistics verbose" Disabled "show demuxmgr statistics phsgwmgr all" Disabled "show phsgw-service all" Disabled "show phsgw-service statistics verbose" ASR 5500 System Administration Guide, StarOS Release 19...
Page 408 "show dns client statistics" Disabled "show hss-peer-service service all" Disabled "show ipms status all" Disabled "show ipms status debug-info" Disabled "show kvstore" Disabled "show kvstore verbose" Disabled "show kvstore kvclient" Disabled "show kvstore kvmgr" ASR 5500 System Administration Guide, StarOS Release 19...
Page 409 Disabled "show sls-service all" Disabled "show sls-service peers all" Disabled "show sls-service statistics all" Notes: • Enabled = Included in default record section • Disabled = Not included in default record section ASR 5500 System Administration Guide, StarOS Release 19...
Page 410 ASR 5500 SDR CLI Command Strings ASR 5500 SDR CLI Command Strings ASR 5500 System Administration Guide, StarOS Release 19...

Cisco ASR 5500 Administration Manual

About this Guide

C H a P T E

Chapter 2 Getting Started

System Settings

Management Settings

Chapter 5 Verifying and Saving Your Configuration

Chapter 6 System Interfaces and Ports

Chapter 7 System Security

Software Management Operations

Chapter 9 Monitoring the System

C H a P T E

Bulk Statistics

System Logs

Troubleshooting

Quick Links

Troubleshooting

Related Manuals for Cisco ASR 5500

Summary of Contents for Cisco ASR 5500