Page 1 ASR 5500 System Administration Guide, StarOS Release 21.5 First Published: 2017-11-30 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883...
Page 2 Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks . Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company.
Page 3: Table Of Contents
Context Selection for Context-level Administrative User Sessions Context Selection for Subscriber Sessions Understanding Configuration Files IP Address Notation IPv4 Dotted-Decimal Notation IPv6 Colon-Separated-Hexadecimal Notation CIDR Notation Alphanumeric Strings Character Set Quoted Strings ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 4 Verifying and Saving Your Clock and Time Zone Configuration Configuring Network Time Protocol Support Configuring NTP Servers with Local Sources Using a Load Balancer Verifying the NTP Configuration Configuring SF Boot Configuration Pause ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 5 Configuring TACACS+ AAA Services Configuring TACACS+ for Non-local VPN Authentication Verifying the TACACS+ Configuration Separating Authentication Methods Disable TACACS+ Authentication for Console Disable AAA-based Authentication for Console Disable TACACS+ Authentication at the Context Level ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 6 Configuring SNMP and Alarm Server Parameters Verifying SNMP Parameters Controlling SNMP Trap Generation Verifying and Saving Your Configuration C H A P T E R 6 Verifying the Configuration Feature Configuration Service Configuration Context Configuration System Configuration ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 7 Notification of Changes in Privilege Levels User Access to Operating System Shell Test-Commands Enabling cli test-commands Mode Enabling Password for Access to CLI-test commands Exec Mode cli test-commands Configuration Mode cli test-commands ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 8 System Boot Methods Viewing the Current Boot Stack Adding a New Boot Stack Entry Deleting a Boot Stack Entry Upgrading the Operating System Software Identifying OS Release Version and Build Number ASR 5500 System Administration Guide, StarOS Release 21.5 viii...
Page 9 Configuring Local-User Password Properties Configuring Local-User Account Management Properties Local-User Account Lockouts Local-User Account Suspensions Changing Local-User Passwords Smart Licensing C H A P T E R 1 1 Feature Summary and Revision History ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 10 Manually Gathering and Transferring Bulk Statistics Clearing Bulk Statistics Counters and Information Bulkstats Schema Nomenclature Statistic Types Data Types Key Variables Bulk Statistics Event Log Messages System Logs C H A P T E R 1 4 ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 11 C H A P T E R 1 5 Verifying Network Connectivity Using the ping or ping6 Command Syntax Troubleshooting Using the traceroute or traceroute6 Command traceroute – IPv4 traceroute6 – IPv6 ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 12 C H A P T E R 1 7 Prerequisites Console Access Boot Image Accessing the boot CLI Initiate a Reboot Access Control Lists C H A P T E R 1 8 Overview Understanding ACLs Rule(s) ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 13 Verifying the ACL Configuration to APNs Congestion Control C H A P T E R 1 9 Overview Configuring Congestion Control Configuring the Congestion Control Threshold Configuring Service Congestion Policies Configuring Overload Reporting on the MME ASR 5500 System Administration Guide, StarOS Release 21.5 xiii...
Page 14 Enabling OSPFv6 Over a Specific Interface Redistributing Routes Into OSPFv3 (Optional) Confirming OSPFv3 Configuration Parameters Equal Cost Multiple Path (ECMP) BGP-4 Routing Overview of BGP Support Configuring BGP Redistributing Routes Into BGP (Optional) ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 15 Enabling BFD on OSPF Interfaces All OSPF Interfaces Specific OSPF Interface Monitoring BFD Connection for ICSR Saving the Configuration Chassis-to-Chassis BFD Monitoring for ICSR Enable Primary Chassis BFD Monitoring Set BFD to Ignore ICSR Dead Interval ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 16 BGP MPLS VPNs C H A P T E R 2 2 Introduction MPLS-CE Connected to PE as a PE Overview Sample Configuration IPv6 Support for BGP MPLS VPNs Overview Sample Configuration ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 17 Interchassis Session Recovery C H A P T E R 2 5 Overview Interchassis Communication Checkpoint Messages SRP CLI Commands Exec Mode CLI Commands show Commands AAA Monitor BGP Interaction Requirements ASR 5500 System Administration Guide, StarOS Release 21.5 xvii...
Page 18 Configuring BGP Router and Gateway Address in Destination Context Configuring SRP Context for BGP for Destination Context Setting Subscriber to Default Mode Verifying BGP Configuration in Destination Context Disabling Bulk Statistics Collection on a Standby System ASR 5500 System Administration Guide, StarOS Release 21.5 xviii...
Page 19 Configuring SDR Collection Displaying the SDR Collection Configuration Collecting and Storing the SDR Information Managing Record Collection Using SDRs to Diagnose Problems SDR CLI Commands Configuration Commands (Global Configuration Mode) support record ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 20 Platform Processes Management Processes NETCONF and ConfD A P P E N D I X C Feature Summary and Revision History Overview Configuring ConfD SSH Key Requirement NETCONF Protocol Configuration Mode bulkstats ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 21 <url> confd Supported StarOS ECS Configuration Commands ICSR Checkpointing A P P E N D I X D Overview of Checkpointing Macro-checkpoints GGSN_APN ID MAPPING INSTANCE LEVEL CHECKPOINT SERVICE_ID MAPPING VPNMGR_ID MAPPING ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 22 SESS_UCHKPT_CMD_ACS_GX_LI_INFO SESS_UCHKPT_CMD_ACS_SESS_INFO SESS_UCHKPT_CMD_DEL_ACS_CALL_INFO SESS_UCHKPT_CMD_DEL_ACS_SESS_INFO SESS_UCHKPT_CMD_DYNAMIC_CHRG_CA_INFO SESS_UCHKPT_CMD_DYNAMIC_CHRG_DEL_CA_INFO SESS_UCHKPT_CMD_DYNAMIC_CHRG_DEL_QG_INFO SESS_UCHKPT_CMD_DYNAMIC_CHRG_QG_INFO SESS_UCHKPT_CMD_DYNAMIC_RULE_DEL_INFO SESS_UCHKPT_CMD_DYNAMIC_RULE_INFO ePDG Category SESS_UCHKPT_CMD_DELETE_EPDG_BEARER SESS_UCHKPT_CMD_UPDATE_EPDG_BEARER SESS_UCHKPT_CMD_UPDATE_EPDG_PEER_ADDR SESS_UCHKPT_CMD_UPDATE_EPDG_REKEY SESS_UCHKPT_CMD_UPDATE_EPDG_STATS Firewall/ECS Category SESS_UCHKPT_CMD_SFW_DEL_RULE_INFO SESS_UCHKPT_CMD_SFW_RULE_INFO GGSN Category SESS_UCHKPT_CMD_GGSN_DELETE_SUB_SESS SESS_UCHKPT_CMD_GGSN_UPDATE_RPR SESS_UCHKPT_CMD_GGSN_UPDATE_SESSION SESS_UCHKPT_CMD_GGSN_UPDATE_STATS SESS_UCHKPT_CMD_UPDATE_COA_PARAMS Gx Interface Category ASR 5500 System Administration Guide, StarOS Release 21.5 xxii...
Page 23 P-GW Category SESS_UCHKPT_CMD_PGW_DELETE_SUB_SESS SESS_UCHKPT_CMD_PGW_OVRCHRG_PRTCTN_INFO SESS_UCHKPT_CMD_PGW_SGWRESTORATION_INFO SESS_UCHKPT_CMD_PGW_UBR_MBR_INFO SESS_UCHKPT_CMD_PGW_UPDATE_APN_AMBR SESS_UCHKPT_CMD_PGW_UPDATE_INFO SESS_UCHKPT_CMD_PGW_UPDATE_LI_PARAM SESS_UCHKPT_CMD_PGW_UPDATE_PDN_COMMON_PARAM SESS_UCHKPT_CMD_PGW_UPDATE_QOS SESS_UCHKPT_CMD_PGW_UPDATE_SGW_CHANGE SESS_UCHKPT_CMD_PGW_UPDATE_STATS Rf Interface Category SESS_UCHKPT_CMD_ACS_ACCOUNTING_TYPE_QCI_RF SESS_UCHKPT_CMD_ACS_ACCOUNTING_TYPE_QCI_RF_WITH_FC SESS_UCHKPT_CMD_ACS_ACCOUNTING_TYPE_RATING_GROUP_RF SESS_UCHKPT_CMD_ACS_ACCOUNTING_TYPE_RATING_GROUP_RF_WITH_FC S6b Interface Category SESS_UCHKPT_CMD_S6B_INFO SaMOG Category SESS_UCHKPT_CMD_CGW_DELETE_BEARER SESS_UCHKPT_CMD_CGW_DELETE_PDN SESS_UCHKPT_CMD_CGW_UPDATE_BEARER_QOS SESS_UCHKPT_CMD_CGW_UPDATE_PDN SESS_UCHKPT_CMD_CGW_UPDATE_STATS SESS_UCHKPT_CMD_CGW_UPDATE_UE_PARAM ASR 5500 System Administration Guide, StarOS Release 21.5 xxiii...
Page 24 A P P E N D I X E Cisco Secure Boot A P P E N D I X F Fundamental Concepts Secure Boot Overview MIO2 Support for Secure Boot Image Naming Conventions Verifying Authenticity ASR 5500 System Administration Guide, StarOS Release 21.5 xxiv...
Page 25: About This Guide
Text represented as commands This typeface represents commands that you enter, for example: show ip access-list This document always gives the full form of a command in lowercase letters. Commands are not case sensitive. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 26: Asr 5500 System Administration Guide, Staros Release 21.5
Use the information in this section to contact customer support. Refer to the support area of http://www.cisco.com for up-to-date product documentation or to submit a service request. A valid username and password are required to access this site. Please contact your Cisco sales or service representative for additional information.
Page 27: Terminology
C H A P T E R System Operation and Configuration The ASR 5500 is designed to provide subscriber management services for Mobile Packet Core networks. Before you connect to the command line interface (CLI) and begin system configuration, you must understand how the system supports these services.
Page 28: Logical Interfaces
• Gateway GPRS Support Node (GGSN) services • Serving GPRS Support Node (SGSN) Services • Packet Data Serving Node (PDSN) services ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 29: Aaa Servers
• Local Subscribers: These are subscribers, primarily used for testing purposes, that are configured and authenticated within a specific context. Unlike RADIUS-based subscribers, the local subscriber's user profile (containing attributes like those used by RADIUS-based subscribers) is configured within the context where they are created. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 30: Trusted Builds
This section describes the process that determines which context to use for context-level administrative users or subscriber sessions. Understanding this process allows you to better plan your configuration in terms of how many contexts and interfaces you need to configure. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 31: Context Selection For Context-Level Administrative User Sessions
If you have configured the user profile on an AAA server, the system must determine how to contact the AAA server to perform authentication. It does this by determining the AAA context for the session. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 32: Asr 5500 System Administration Guide, Staros Release 21.5
The following table and flowchart describe the process that the system uses to select an AAA context for a context-level administrative user. Items in the table correspond to the circled numbers in the flowchart. Figure 1: Context-level Administrative User AAA Context ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 33: Asr 5500 System Administration Guide, Staros Release 21.5
• Users configured in any non-local context are required to specify which context they are trying to log in to. For example: ssh username@ctx_name@ctx_ip_addrs ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 34: Context Selection For Subscriber Sessions
• In addition to being applied during the boot process, you can also apply configuration files manually at any time by executing the appropriate commands at the CLI prompt. Refer to the instructions in Software Management Operations. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 35: Ip Address Notation
An IPv6 address is represented by eight groups of 16-bit hexadecimal values separated by colons (:). A typical example of a full IPv6 address is 2001:0db8:85a3:0000:0000:8a2e:0370:7334 The hexadecimal digits are case-insensitive. The 128-bit IPv6 address can be abbreviated with the following rules: ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 36: Cidr Notation
Some CLI commands require the entry of an alphanumeric string to define a value. The string is a contiguous collection of alphanumeric characters with a defined minimum and maximum length (number of characters). ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 37: Character Set
The following characters may appear in strings entered in ruledefs, APNs, license keys and other configuration/display parameters: • < > (arrow brackets) [less than or greater than] • * (asterisk) [wildcard] • : (colon) • $ (dollar sign) [wildcard] • . (dot) ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 38: Quoted Strings
Quoted Strings If descriptive text requires the use of spaces between words, the string must be entered within double quotation marks (" "). For example: interface "Rack 3 Chassis 1 port 5/2" ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 39: Getting Started
Operation. For additional information on configuring the maximum number of sessions for Local-User users and AAA context users, see Configuring Context-level Administrative Users. Each authentication method must be configured separately because each of the three authentication methods can use the same user name. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 40: Automatic Logout Of Cli Sessions
Version 1 of the SSH protocol is now obsolete due to security vulnerabilities. The v1-rsa keyword has been removed for the Context Configuration mode ssh command. Running a script or configuration that uses the ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 41: Ssh Host Keys
The ssh key-gen wait-time command specifies this wait time in seconds. The default interval is 300 seconds (5 minutes). Step 1 Enter the context configuration mode. host_name context context_name [local] (config)# [local]host_name(config-ctx)# ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 42: Specifying Ssh Encryption Ciphers
• chacha20-poly1305@openssh.com – ChaCha20 symmetric cipher, Poly1305 cryptographic Message Authentication Code [MAC], OpenSSH The default string for algorithms in a Normal build is: blowfish-cbc,3des-cbc,aes128-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com, chacha20-poly1305@openssh.com The default string for algorithms in a Trusted build is: aes256-ctr,aes192-ctr,aes128-ctr ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 43: Generating Ssh Keys
• type specifies the key type; v2-rsa is the only supported type. For releases prior to 20.0, StarOS supports a maximum of 64 configurable authorized SSH keys. For Important release 20.0 and higher, StarOS supports a maximum of 200 configurable authorized SSH keys. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 44: Authorized Ssh User Access
If pattern is in the format 'USER@IP_ADDRESS' then USER and IP address are separately checked, restricting logins to those users from the specified IP address. The default is to allow unrestricted access by any user. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 45: Creating An Allowed Users List
• User tries to login with local context username through local context (VPN) interface with authorized-key configured on local context. • User tries to login with non-local context username through non-local context interface with authorized-key configured on non-local context. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 46: Secure Session Logout
45 seconds (using default parameters). Two SSH Configuration mode CLI commands allow you to disable or modify this default sshd disconnect behavior. For higher security, Cisco recommends at least a client-alive-countmax of 2 and client-alive-interval of Important 5.
Page 47: Changing Default Sshd Secure Session Logout Parameters
• algorithms is a string of 1 through 511 alphanumeric characters that specifies the algorithm(s) to be used as a single string of comma-separated variables (no spaces) in priority order (left to right) from those shown below: ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 48: Setting Preferred Authentication Methods
• publickey – authentication via SSH v2-RSA protocol. • keyboard-interactive – request for an arbitrary number of pieces of information. For each piece of information the server sends the label of the prompt. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 49: Generating Ssh Client Key Pair
Verify that the SSH client key has been generated. host_name do show ssh client key [local] (config-ssh)# Step 5 Exit the SSH Client Configuration mode. host_name exit [local] (config-ssh)# host_name [local] (config)# ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 50: Pushing An Ssh Client Public Key To An External Server
An SSH key is a requirement before NETCONF protocol and the ConfD engine can be enabled in support of Cisco Network Service Orchestrator (NSO). Refer to the NETCONF and ConfD appendix in this guide for detailed information on how to enable NETCONF. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 51: System Settings
Network Time Protocol (NTP) server(s) to ensure that the clock is always accurate. In addition to configuring the timing source, you must configure the system's time zone. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 52: Setting The System Clock And Time Zone
• NTP configured for at least three external NTP servers. With three or more servers, outlyers and broken or misconfigured servers can be detected and excluded. Generally, the more servers the better (within reason). ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 53: Configuring Ntp Servers With Local Sources
Use of prefer usually results in a poorer choice than NTP can determine for itself. Important Do not change the maxpoll, minpoll, or version keyword settings unless instructed to do so by Cisco TAC. Use the following example to configure the necessary NTP association parameters:...
Page 54: Verifying The Ntp Configuration
• (o) PPS peer refid Last reported NTP reference to which the server is synchronizing. NTP server stratum level. Communication type: broadcast, multicast, etc. when Number of seconds since the last contact. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 55: Configuring Sf Boot Configuration Pause
The following example command instructs the system to wait up to 120 seconds for all active cards and 1 standby card to become active: wait cards active all standby 1 timeout 120 ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 56: Enabling Cli Timestamping
Autoconfirm is intended as an "ease-of-use" feature. It presumes that the answer to "Are you sure? [Y/N]" prompts will be "Yes", and skips the prompt. Its use implies that the user is an expert who does not need these "safety-net" prompts. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 57: Requiring Confirmation For Autoconfirm And Configure Commands
• exec-command exec_mode_category specifies one of the following categories of Exec mode configuration commands. ◦ card ◦ clear ◦ copy ◦ debug ◦ delete ◦ filesystem ◦ hd ◦ reload ◦ rename ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 58: Configuring System Administrative Users
An Inspector cannot execute show configuration commands and does not have the privilege to enter the Config Mode. Configuration instructions are categorized according to the type of administrative user: context-level or local-user. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 59: User Name Character Restrictions
Refer to the Command Line Interface Reference for detailed information about these commands. Configuring Context-level Security Administrators Use the example below to configure additional security administrators: configure context local administrator user_name { [ encrypted ] [ nopassword ] password password } Notes: ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 60: Configuring Context-Level Administrators
When enabled this option prevents someone from using an operator password to gain access to the user account. Save the configuration as described in the Verifying and Saving Your Configuration chapter. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 61: Configuring Context-Level Inspectors
• During a system boot wherein the boot config is loaded, encrypted Lawful Intercept configuration will be decrypted and loaded silently, in other words Lawful Intercept CLI configuration will not be visible on the console port. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 62: Verifying Context-Level Administrative User Configuration
For a detailed description of the Global Configuration mode require segregated li-configuration and associated commands, see the Lawful Intercept CLI Commands appendix in the Lawful Intercept Configuration Guide. The Lawful Intercept Configuration Guide is not available on www.cisco.com. Contact your Cisco account Note representative to obtain a copy of this guide.
Page 63: Configuring Local-User Administrative Users
Lockout on Login Fail: Yes Updating Local-User Database Update the local-user (administrative) configuration by running the following Exec mode command. This command should be run immediately after creating, removing or editing administrative users. update local-user database ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 64: Updating And Downgrading The Local-User Database
• Set temporary passwords for suspended users, using the Exec mode password change local-user username command. • Reset the suspend flag for users, using the Configuration mode no suspend local-user username command. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 65: Restricting User Access To A Specified Root Directory
Associating an SFTP root Directory with an Administrator The administrator command allows an administrator to associate an SFTP root directory for a specified administrator. configure context local ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 66: Associating An Sftp Root Directory With A Config Administrator
CLI determines that the sessions for that user is 1 which is greater than 0 and it will display an error message in the output, it generate starCLIActiveCount and starCLIMaxCount SNMP MIB Objects and starGlobalCLISessionsLimit and starUserCLISessionsLimit SNMP MIB Alarms. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 67: User Account Requirements
Configuration mode priv-lvl and user-id commands. For additional information, see the TACACS+ Configuration Mode Commands chapter of the Command Line Interface Reference. In release 20.0 and higher Trusted StarOS builds, FTP is not supported. Important ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 68: Staros User Account Requirements
• By default, the TACACS+ configuration will provide authentication, authorization, and accounting services. Enable TACACS+ on the StarOS: configure aaa tacacs+ For additional information, see Disable TACACS+ Authentication for Console, on page ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 69: Configuring Tacacs+ For Non-Local Vpn Authentication
TACACS+ AAA services. active session #1: login username : asradmin login tty : /dev/pts/1 time of login : Fri Oct 22 13:19:11 2011 login server priority current login status : pass ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 70: Separating Authentication Methods
When aaa tacacs+ noconsole is configured, a local user with valid credentials can log into a Console port Important even if on-authen-fail stop and on-unknown-user stop are enabled via the TACACS+ Configuration mode. If the user is not a TACACS+ user, he/she cannot login on a vty line. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 71: Disable Aaa-Based Authentication For Console
The noconsole keyword prevents the user from logging into the Console port. The novty keyword prevents the user from logging in via an SSH or telnet session. If neither keyword is specified access to both Console and vty lines is allowed. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 72: Limit Console Access For Aaa-Based Users
|grep novty. The output of these commands will indicate any changes you have made. Configuring a Chassis Key A chassis key should be configured for each system. This key is used to decrypt encrypted passwords found in configuration files. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 73: Overview
Use the chassis keycheck command to verify whether multiple chassis share the same chassis key value. For release 19.2 and higher, in the absence of an existing chassis ID file the chassis keycheck command Important is hidden. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 74: Quick Setup Wizard
You can optionally enable automatic resets of FSCs if an excessive number of discarded fabric egress packets is detected. A Global Configuration mode fabric fsc-auto-recover command enables or disables automatic FSC resets upon detection of an excessive number of discarded fabric egress packets. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 75: Asr 5500 System Administration Guide, Staros Release 21.5
FSC as an integer from 1 to 99 or unlimited (will not stop until FSC is reset). The default setting is 1. To enable this feature, you must first configure the Fabric Egress Drop Threshold via the Global Important Configuration mode fabric egress drop-threshold command. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 76: Asr 5500 System Administration Guide, Staros Release 21.5
System Settings Enabling Automatic Reset of FSC Fabric ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 77: Config Mode Lock Mechanisms
This is called an exclusive-lock. Once an exclusive-lock is granted to an administrator, no one else can access config mode for the duration of the session while the lock is held. The exclusive-lock is terminated only when the user holding the lock exits to Exec mode. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 78: Requesting An Exclusive-Lock
If configure lock force is successful, all users who have been forced to exit to Exec mode will see a warning message indicating that they were forced to exit from config mode: host_name [local] (config)# Warning: Administrator <username> has forced you to exit from configuration mode host_name [local] ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 79: Effect Of Config Lock On Url Scripts
With -noconfirm enabled, since all the commands are also echoed to the screen, the warning message will likely scroll off the screen and may not be noticed. Important When StarOS first starts up, the Initial Boot Config File is always exclusively locked while loading. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 80: Saving A Configuration File
With this option StarOS displays the appropriate warning message, but does not wait for save configuration operations to complete before initiating the reboot. host_name reload ignore-locks -noconfirm [local] Warning: One or more other administrators are saving configuration Starting software 21.0... ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 81: Show Administrators Command
M Type Start Time ------------------------------ - ------- -------------- ------------------------ admin /dev/pts/2 Tue Mar 29 11:51:15 2016 Alice c admin /dev/pts/1 Mon Mar 28 14:41:15 2016 Carol admin /dev/pts/0 Mon Mar 28 14:40:52 2016 ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 82: Asr 5500 System Administration Guide, Staros Release 21.5
Config Mode Lock Mechanisms show administrators Command ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 83: Management Settings
Commands used in the configuration samples in this section provide base functionality. The most common commands and keyword options are presented. In many cases, other optional commands and keyword options are available. Refer to the Command Line Interface Reference for detailed information about all commands. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 84: Configuring Orbem Client And Port Parameters
Configuring IIOP Transport Parameters Use the following example to configure Internet Inter-ORB Protocol (IIOP) transport parameters that enable ORB-based management to be performed over the network: configure orbem iiop-transport iiop-port iiop_port_number ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 85: Verifying Orbem Parameters
: 87950 usecs SNMP MIB Browser This section provides instructions to access the latest Cisco Starent MIB files using a MIB Browser. An updated MIB file accompanies every StarOS release. For assistance to set up an account and access files, please contact your Cisco sales or service representative for additional information.
Page 86: Asr 5500 System Administration Guide, Staros Release 21.5
Use the following procedure to view the SNMP MIBs for a specific StarOS build : Step 1 Contact Cisco sales or a service representative, to obtain access to the MIB files for a specific StarOS release. Step 2 Download the compressed companion file to a folder on your desktop. The file name follows the convention: companion_xx.x.x.tgz...
Page 87: Asr 5500 System Administration Guide, Staros Release 21.5
Important For information on SNMP MIBs changes for a specific release, refer to the SNMP MIB Changes in Release xx chapter of the appropriate version of the to the Release Change Reference. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 88: Snmp Support
• The system contact is the name of the person to contact when traps are generated that indicate an error condition. • An snmp community string is a password that allows access to system management information bases (MIBs). ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 89: Verifying Snmp Parameters
• The snmp user name is for SNMP v3 and is optional. There are numerous keyword options associated with this command. • Use the snmp mib command to enable other industry standard and Cisco MIBs. By default only the STARENT-MIB is enabled.
Page 90: Controlling Snmp Trap Generation
If at a later time you wish to re-enable a trap that was previously suppressed, use the snmp trap enable command. Step 2 Save the configuration as described in Verifying and Saving Your Configuration. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 91: Verifying And Saving Your Configuration
|||||| vvvvvv Pool Name Start Address Mask/End Address Used Avail ----- --------------------- -------------- --------------- ---------------- PG00 ipsec 12.12.12.0 255.255.255.0 PG00 pool1 10.10.0.0 255.255.0.0 65534 SG00 vpnpool 192.168.1.250 92.168.1.254 Total Pool Count: 5 ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 92: Service Configuration
This command displays errors it finds within the configuration. For example, if you have created a service named "service1", but entered it as "srv1" in another part of the configuration, the system displays this error. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 93: Synchronizing File Systems
StarOS 19.2 and higher. If you run a script or configuration that contains the removed keyword, a warning message is generated. For complete information about the above command, see the Exec Mode Commands chapter of the Command Line Interface Reference. save configuration /flash/cfgfiles/system.cfg ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 94: Asr 5500 System Administration Guide, Staros Release 21.5
Verifying and Saving Your Configuration Saving the Configuration ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 95: System Interfaces And Ports
In many cases, other commands and/or keyword options are available. Refer to the Command Line Interface Reference for complete information regarding all commands. To create a context, apply the following example configuration: configure context name Repeat to configure additional contexts. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 96: Viewing And Verifying Contexts
To ensure that system line card and port-level redundancy mechanisms function properly, the Spanning Tree protocol must be disabled on devices connected directly to any system port. Failure to turn off the Spanning Tree protocol may result in failures in the redundancy mechanisms or service outage. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 97: Creating An Interface
Configuring a Static Route for an Interface Use the following example to configure a static route for an interface: configure context name { ip | ipv6 } route ip_address netmask next-hop gw_address interface_name Notes: ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 98: Viewing And Verifying Port Configuration
802.1q tagging, works by appending a tag identifying the VLAN ID to each Ethernet frame. For information on how to create VLANs to handle specific packet types, see the VLANs chapter. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 99: Hypervisors
This feature is implemented by adding support for the vlan command to the management port in the local context. See the example command sequence below. configure port ethernet 1/1 vlan 184 no shutdown bind interface 19/3-UHA foo ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 100: Asr 5500 System Administration Guide, Staros Release 21.5
System Interfaces and Ports VLANs and Management Ports ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 101: System Security
64-bit random salt value within the encryption. Passwords encrypted with MD-5 will have "+A" prefixes in the configuration file to identify the methodology used for encrypting. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 102: Support For Non-Current Encryptions And Decryptions
ICSR pairs share the same chassis key. If the ISCR detects that the two chassis/instances have incompatible chassis keys, an error message is logged but the ICSR system will continue to run. Without the matching ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 103: Encrypted Snmp Community Strings
A maximum of five LI server addresses are supported via an authenticating agent. The ability to restrict destination addresses for LI content and event delivery using RADIUS attributes is Important supported only for PDSN and HA gateways. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 104: Modifying Intercepts
The starLocalUserPrivilegeChanged trap indicates that a local user's privilege level has been changed. User Access to Operating System Shell The starOsShellAccessed trap indicates that a user has accessed the operating system shell. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 105: Test-Commands
CLI test-commands are intended for diagnostic use only. Access to these commands is not required during normal system operation. These commands are intended for use by Cisco TAC personnel only. Some of these commands can slow system performance, drop subscribers, and/or render the system inoperable.
Page 106: Exec Mode Cli Test-Commands
Warning: Test commands enables internal testing and debugging commands USE OF THIS MODE MAY CAUSE SIGNIFICANT SERVICE INTERRUPTION An SNMP trap (starTestModeEntered) is generated whenever a user enters CLI test-commands mode. Important ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 107: Secure System Configuration File
ASR 5500 VPC-DI VPC-SI Feature Default Disabled Related Changes in This Release Not Applicable Related Documentation • ASR 5500 System Administration Guide • VPC-DI System Administration Guide • VPC-SI System Administration Guide ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 108: Feature Description
-n “#” > sig_base64 base64 sig -w 0 >> sig_base64 echo “” >> sig_base64 4 Append the original configuration file with the digital signature. Example (Linux/OpenSSL): cat sig_base64 cfg_file > signed_cfg_file ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 109: Validate The Digital Signature
• Any existing .pem file will be replaced with the new .pem file when the command is executed. • url_address may refer to a local or a remote file, and must be entered using the following format: [file:]{/flash | /usb1 | /hd-raid | /sftp}[/directory]/filename ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 110: Enable Or Disable Signature Verification
• Use the no cfg-security sign command to disable verification of signature in the configuration file. Disabling signature verification (no cfg-security sign command) will remove the .enable_cfg_pubkey file. • The system looks for the .enable_cfg_pubkey file to determine if signature verification is enabled or disabled. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 111: Software Management Operations
• Abridged Crash Log: The abridged crash log, identified by its crashlog filename, contains summary information about software or hardware failures that occur on the system. This file is located in the ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 112: Understanding The Boot.sys File
{ /flash | /usb1 | /hd-raid } /dir_name [local] Use the following command to create a directory named configs: host_name mkdir /flash/configs [local] ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 113: Renaming Files And Directories
The rmdir command deletes a current directory on the specific local device. This directory can then be incorporated as part of the path name for any file located in the local file system. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 114: Formatting Local Devices
Exec mode prompt: host_name configure url [ verbose ] [local] url specifies the location of the CLI configuration file to be applied. It may refer to a local or a remote file. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 115: Viewing Files On The Local File System
To validate an operating system software image file, enter the following command at the Exec mode prompt: host_name show version { /flash | /usb1 | /hd-raid } /[directory]/filename [all] [local] The output of this command displays the following information: • Version number • Description ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 116: Configuring The Boot Stack
IP address of any Domain Name Service (DNS) name server that may be used Viewing the Current Boot Stack To view the boot stack entries contained in the boot.sys file run the Exec mode show boot command. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 117: Asr 5500 System Administration Guide, Staros Release 21.5
To identify the boot image priority that was loaded at the initial boot time enter: show boot initial-config The example below displays the output: host_name show boot initial-config [local] Initial (boot time) configuration: image_version image tftp://192.168.1.161/tftpboot/ .bin \ ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 118: Adding A New Boot Stack Entry
The operating system can be configured to provide services and perform pre-defined functions through commands issued from the CLI. The operating system software is delivered as a single binary file (.bin file extension) and is loaded as a single instance for the entire system. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 119: Verify Free Space On The /Flash Device
[local] Download the Software Image from the Support Site Access to the Cisco support site and download facility is username and password controlled. You must have an active customer account to access the site and download the StarOS image. Download the software image to a network location or physical device (USB stick) from which it can be uploaded to the /flash device.
Page 120: Transfer Staros Image To /Flash
Prior to release 20.0, local-user passwords were hashed with the MD5 message digest-algorithm and saved in the database. In release 20. 0, PBKDF2 (Password Based Key Derivation Function - Version 2) is now ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 121: Off-Line Software Upgrade
Important Newcall policies are created on a per-service basis. If you have multiple services running on the chassis, you can configure multiple newcall policies. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 122: Configure A Message Of The Day Banner
(config)# cfg_url /flash/filename Assign the next highest priority to this entry, by using the <N-1> method, wherein you assign a priority number that is one number less than your current highest priority. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 123: Synchronize File Systems
IPSP Before the Software Upgrade in the PDSN Administration Guide. Verify the Running Software Version After the system has successfully booted, verify that the new StarOS version is running by executing the Exec mode show version command. host_name show version [local ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 124: Restoring The Previous Software Image
• Feature use licenses enable specific features/functionality within the system and are distributed based on the total number of sessions supported by the system. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 125: Installing New License Keys
Adding License Keys to Configuration Files License keys can be added to a new or existing configuration file. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 126: License Expiration Behavior
Requesting License Keys License keys for the system can be obtained through your Cisco account representative. Specific information is required before a license key may be generated: • Sales Order or Purchase Order information • Desired session capacity •...
Page 127: Deleting A License Key
Command Line Interface Reference for details on each of the above parameters. Configuring Local-User Account Management Properties Local-user account management includes configuring account lockouts and user suspensions. Local-User Account Lockouts Local-user accounts can be administratively locked for the following reasons: ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 128: Local-User Account Suspensions
All new passwords must adhere to the password properties configured for the system. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 129: Smart Licensing
Disabled - Configuration Required Related Changes in This Release Not Applicable Related Documentation • ASR 5500 System Administration Guide • Command Line Interface Reference • VPC-DI System Administration Guide • VPC-SI System Administration Guide ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 130: Smart Software Licensing
Licensing consists of software activation by installing Product Activation Keys (PAK) on to the Cisco product. A Product Activation Key is a purchasable item, ordered in the same manner as other Cisco equipment and used to obtain license files for feature set on Cisco Products. Smart Software Licensing is a cloud based licensing of the end-to-end platform through the use of a few tools that authorize and deliver license reporting.
Page 131: Cisco Smart Software Manager
Request a Cisco Smart Account A Cisco Smart Account is an account where all products enabled for Smart Licensing are deposited. A Cisco Smart Account allows you to manage and activate your licenses to devices, monitor license use, and track Cisco license purchases.
Page 132: Software Tags And Entitlement Tags
PDN GW Bundle, 10K Sessions -4fac7c4d465a ASR5K-00-SG10 regid.2017-02.com.cisco. ASR5K-00-SG10,1.0_e87d1e76-e34c-4699-94ad- SAE GW Bundle, 10K Sessions 68eafa2da8b2 ASR5K-00-GN10SESS regid.2017-02.com.cisco. ASR5K-00-GN10SESS,1.0_bf7eb1d7-35bf- GGSN Software License, 10K sessions 40c6-8763-a4770f5ebf64 ASR5K-00-SW10LIC regid.2017-02.com.cisco. ASR5K-00-SW10LIC,1.0_ca9d09ee- Serving GW Bundle, 10K Sessions 5e72-4695-97ef-d5117037cfb4 ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 133: Configuring Smart Licensing
Before you begin, ensure you have: • created a Smart Licensing/Virtual account on https://software.cisco.com • registered products on https://software.cisco.com using the ID tokens created as part of virtual account. • enabled a communication path between the StarOS system to the CSSM server.
Page 134: Monitoring And Troubleshooting Smart Licensing
• starSmartLicenseCSSMConntectionFail / starSmartLicenseCSSMConnectionFailClear For more information regarding these SNMP MIB alarms, see the SNMP MIB Reference. Note Smart Licensing Bulk Statistics The following statistics are provided in support of Smart Licensing ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 135: Asr 5500 System Administration Guide, Staros Release 21.5
• max_call_count – Maximum number of sessions/calls counted for the entire product for a particular service type. • last_lic_count – License count last reported to Cisco licensing (CSSM) for particular service type. • max_lic_count – Maximum license count reported to Cisco licensing (CSSM) for particular service type up to this point in time.
Page 136: Asr 5500 System Administration Guide, Staros Release 21.5
Smart Licensing Smart Licensing Bulk Statistics ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 137: C H A P T E
This section contains commands used to monitor the status of tasks, managers, applications and other software components in the system. Output descriptions for most of the commands are located in the Statistics and Counters Reference. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 138: Asr 5500 System Administration Guide, Staros Release 21.5
View datalink counters for a specific port show port datalink counters slot#/port# View Port Network Processor Unit (NPU) counters for a specific port show port npu counters slot#/port# View System Information and Network Interfaces ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 139: Clearing Statistics And Counters
(PPP, MIPHA, MIPFA, etc.). Statistics and counters can be cleared using the CLI clear command. Refer to the Exec Mode Commands chapter of the Command Line Interface Reference for detailed information on using this command. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 140: Asr 5500 System Administration Guide, Staros Release 21.5
Monitoring the System Clearing Statistics and Counters ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 141: C H A P T E
Bulk Statistics Event Log Messages, page 124 Feature Summary and Revision History Summary Data Applicable Product(s) or Functional Area Applicable Platform(s) ASR 5500 VPC-DI VPC-SI Feature Default Disabled - Configuration Required Related Changes in This Release Not Applicable ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 142: Configuring Communication With The Collection Server
The configuration example in this section defines basic operation of the bulk statistics feature. Use the following example configuration to set up the system to communicate with the statistic collection server: configure bulkstats mode schema name format format_string ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 143: Configuring Optional Settings
Refer to the Bulk Statistics Configuration Mode Commands and Bulk Statistics File Configuration Mode Commands chapters in the Command Line Interface Reference for more information regarding supported schemas, available statistics, and proper command syntax. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 144: Configuring A Separate Bulkstats Config File
• show bulkstats schemas – displays the scheme used to gather statistics including collection and transmission statistics. See Verifying Your Configuration, on page 119. • show bulkstats variables – displays available bulkstat variables (%variable%) by schema type that can be incorporated into a schema format. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 145: Verifying Your Configuration
Total records discarded: Total bytes discarded: Last transfer time required: 0 second(s) No successful data transfers No attempted data transfe File 2 not configured File 3 not configured File 4 not configured ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 146: Saving Your Configuration
The system provides commands that allow you to manually initiate the gathering and transferring of bulk statistics. To manually initiate the gathering of bulk statistics outside of the configured sampling interval, enter the following Exec mode command: bulkstats force gather ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 147: Clearing Bulk Statistics Counters And Information
• All incremental statistics are cumulative and reset only by one of the following methods: roll-over when the limit is reached, after a system restart, or after a clear command is performed. • The limit depends upon the data type. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 148: Data Types
An empty string is inserted if no address is available. date The UTC date that the collection file was created in Information String YYYYMMDD format where YYYY represents the year, MM represents the month and DD represents the day. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 149: Asr 5500 System Administration Guide, Staros Release 21.5
HH represents the hours, MM represents the minutes, and SS represents the seconds. The time displays in local time, not UTC. localtz The local timezone set for this platform. Information String ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 150: Bulk Statistics Event Log Messages
"Unable to open url filename for storing bulkstats data" Receiver Write Error 31019 Warning "Unable to write to url filename while storing bulkstats data" Receiver Close Error 31020 Warning "Unable to close url filename while storing bulkstats data" ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 151: C H A P T E
Reducing Excessive Event Logging, page 146 • Checkpointing Logs, page 147 • Saving Log Files, page 148 • Event ID Overview, page 148 Feature Summary and Revision History Summary Data Applicable Product(s) or Functional Area ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 152: System Log Types
There are five types of logs that can be configured and viewed on the system: Important Not all Event Logs can be configured on all products. Configurability depends on the hardware platform and licenses in use. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 153: Configuring Event Logging Parameters
To prevent the loss of log data, the system can be configured to transmit logs to a syslog server over a network interface. For releases after 15.0 MR4, TACACS+ accounting (CLI event logging) will not be generated for Lawful Important Intercept users (priv-level 15 and 13). ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 154: Configuring Event Log Filters
• active – Indicates that only active processes are to have logging options set. • disable – Disables logging for a specific instance or all instances. This keyword is only supported for aaamgr, hamgr and sessmgr facilities. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 155: Asr 5500 System Administration Guide, Staros Release 21.5
(logging filter disable facility facility all) and then enable logging of the specific instance (logging filter enable facility facility instance instance_number. To restore default behavior you must re-enable logging of all instances (logging filter enable facility facility all). ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 156: Global Configuration Mode Filtering
Thu May 11 15:28:03 2017 Internal trap notification 1362 (LogLevelChanged) Logging level of facility resmgr is changed to critical by user #initial-config# context local privilege level Security Administrator ttyname /dev/pts/0 address type IPV4 remote ip address 0.0.0.0 ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 157: Configuring Syslog Servers
CLI instance. Each active log can be configured with filter and display properties that are independent of those configured globally for the system. Active logs are displayed in real time as they are generated. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 158: Specifying Facilities
• aal2: ATM Adaptation Layer 2 (AAL2) protocol logging facility • acl-log: Access Control List (ACL) logging facility • acsctrl: Active Charging Service (ACS) Controller facility • acsmgr: ACS Manager facility • afctrl: Fabric Controller facility [ASR 5500 only] ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 159: Asr 5500 System Administration Guide, Staros Release 21.5
System Logs Specifying Facilities • afmgr: Fabric Manager logging facility [ASR 5500 only] • alarmctrl: Alarm Controller facility • alcap: Access Link Control Application Part (ALCAP) protocol logging facility • alcapmgr: ALCAP manager logging facility • all: All facilities • bfd: Bidirectional Forwarding Detection (BFD) protocol logging facility •...
Page 160: Asr 5500 System Administration Guide, Staros Release 21.5
• epdg: evolved Packet Data (ePDG) gateway logging facility • event-notif: Event Notification Interface logging facility • evlog: Event log facility • famgr: Foreign Agent manager logging facility • firewall: Firewall logging facility ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 161: Asr 5500 System Administration Guide, Staros Release 21.5
• hnb-gw: HNB-GW (3G Femto GW) logging facility (Do not use this keyword for HNB-GW in Release • hnbmgr: HNB-GW Demux Manager logging facility (Do not use this keyword for HNB-GW in Release ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 162: Asr 5500 System Administration Guide, Staros Release 21.5
GMM and the BSSGP layers for logical links between the MS and the SGSN • local-policy: Local Policy Service facility • location-service: Location Services facility • m3ap: M3 Application Protocol facility • m3ua: M3UA Protocol logging facility ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 163: Asr 5500 System Administration Guide, Staros Release 21.5
• npumgr-flow: NPUMGR FLOW logging facility • npumgr-fwd: NPUMGR FWD logging facility • npumgr-init: NPUMGR INIT logging facility • npumgr-lc: NPUMGR LC logging facility • npumgr-port: NPUMGR PORT logging facility • npumgr-recovery: NPUMGR RECOVERY logging facility ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 164: Asr 5500 System Administration Guide, Staros Release 21.5
• rohc: Robust Header Compression (RoHC) facility • rsvp: Reservation Protocol logging facility • rua: RANAP User Adaptation (RUA) [3G Femto GW - RUA messages] logging facility • s102: S102 protocol logging facility ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 165: Asr 5500 System Administration Guide, Staros Release 21.5
• slmgr: Smart Licensing manager logging facility • sls: Service Level Specification (SLS) protocol logging facility • sm-app: SM Protocol logging facility • sms: Short Message Service (SMS) logging messages between the MS and the SMSC ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 166: Asr 5500 System Administration Guide, Staros Release 21.5
• wimax-data: WiMAX DATA • wimax-r6: WiMAX R6 • wsg: Wireless Security Gateway (ASR 9000 Security Gateway) • x2gw-app: X2GW (X2 proxy Gateway, eNodeB) application logging facility • x2gw-demux: X2GW demux task logging facility ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 167: Configuring Trace Logging
Repeat to configure additional monitor log targets. Disabling Monitor Logs Use the following example to disable monitor logs: configure no logging monitor { ip_addr | ipv6_addr | msid id | username name } ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 168: Viewing Logging Configuration And Statistics
• From the syslog server: If the system is configured to send logs to a syslog server, the logs can be viewed directly on the syslog server. • From the system CLI: Logs stored in the system memory buffers can be viewed directly from the CLI. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 169: Configuring And Viewing Crash Logs
CPU (minicore), NPU or kernel crash. The logged events are recorded into fixed length records and stored in /flash/crashlog2. Whenever a crash occurs, the following crash information is stored: 1 The event record is stored in /flash/crashlog2 file (the crash log). ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 170: Configuring Software Crash Log Destinations
(SFTP), or the Hyper-Text Transfer Protocol (HTTP); this is recommended for large network deployments in which multiple systems require the same configuration In release 20.0 and higher Trusted StarOS builds, FTP is not supported. Important ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 171: Viewing Abridged Crash Log Information Using The Cli
• Similar Crash Count – number of similar crashes • Time of first crash – timestamp when first crash occurred in format: YYYY-MMM-DD+hh:mm:ss • Failure message – text of event message • Function – code identifier ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 172: Reducing Excessive Event Logging
<actual_percent>% for facility <facility_name> instance <instance_id> If a trigger condition occurs within the polling interval, the alert or alarm will not be generated until the end of the polling interval. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 173: Configuring Log Source Thresholds
A subsequent check pointing of the logs results in the prior check pointed inactive log data being cleared and replaced with the newly check pointed data. Checkpointed log data is not available for viewing. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 174: Saving Log Files
6000-6999 aaamgr AAA Manager Facility 36000-36999 aaaproxy AAA Proxy Facility 64000-64999 aal2 AAL2 Protocol Facility 173200-173299 acl-log IP Access Control List (ACL) Facility 21000-21999 acsctrl Active Charging Service Controller (ACSCtrl) Facility 90000-90999 ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 175: Asr 5500 System Administration Guide, Staros Release 21.5
CSG Access Control List (ACL) Facility 189000-189999 Card/Slot/Port (CSP) Facility 7000-7999 Content Steering Service (CSS) Facility [ESC] 77000-77499 css-sig Content Service Selection (CSS) RADIUS Signaling Facility 77500-77599 cx-diameter Cx Diameter Message Facility 92840-92849 ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 176: Asr 5500 System Administration Guide, Staros Release 21.5
Manager Facility 143000-143999 egtpu eGTP-U Facility 142000-142999 epdg Evolved Packet Data Gateway (ePDG) Facility 178000-178999 evlog Event Log Facility 2000-2999 famgr Foreign Agent (FA) Manager Facility 33000-33999 firewall Firewall Facility 96000-96999 ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 177: Asr 5500 System Administration Guide, Staros Release 21.5
HNB Manager Facility 158000-158199 hss-peer-service Home Subscriber Server (HSS) Facility [MME] 138000-138999 igmp Internet Group Management Protocol (IGMP) Facility 113000-113999 ikev2 IKEv2 Facility 122000-122999 ims-authorizatn IMS Authorization Service Library Facility 98100-98999 ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 178: Asr 5500 System Administration Guide, Staros Release 21.5
137500-137999 Mobile Application Part (MAP) Protocol Facility [SS7] 87100-87299 megadiammgr MegaDiameter Manager Facility 121000-121199 mme-app Mobility Management Entity (MME) Application Facility 147000-147999 mme-embms MME evolved Multimedia Broadcast Multicast Service (eMBMS) 212000-212499 Facility ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 179: Asr 5500 System Administration Guide, Staros Release 21.5
NPU Manager (NPUMGR) Facility 17000-17999 npumgr-acl NPUMGR ACL Facility 169000-169999 npumgr-drv NPUMGR Driver Facility 185000-185999 npumgr-flow NPUMGR Flow Facility 167000-167999 npumgr-fwd NPUMGR Forwarding Facility 168000-168999 npumgr-init NPUMGR Initialization Facility 164000-164999 npumgr-lc NPUMGR LC Facility 180000-180999 ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 180: Asr 5500 System Administration Guide, Staros Release 21.5
13000-13999 Redirector Task (RDT) Facility 67000-67999 resmgr Resource Manager (RM) Facility 14000-14999 rf-diameter Rf Diameter Messages Facility 92860-92869 Routing Information Protocol (RIP) Facility 35000-35999 rohc Robust Header Compression (ROHC) Protocol Facility 103000-103999 ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 181: Asr 5500 System Administration Guide, Staros Release 21.5
SIPCDPRT Facility 95000-95999 sitmain System Initiation Task (SIT) Main Facility 4000-4999 sm-app Short Message Service (SMS) Facility 88300-88499 SMS Service Facility 116800-116899 sndcp Sub Network Dependent Convergence Protocol (SNDCP) Facility 115800-115899 ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 182: Asr 5500 System Administration Guide, Staros Release 21.5
Virtual Media Gateway (VMG) Controller Facility 41000, 41999 vmgctxmgr VMG Context Manager Facility 43000, 43999 Virtual Private Network (VPN) Facility 5000-5999 wimax-data WiMAX DATA Facility 104900-104999 wimax-r6 WiMAX R6 Protocol (Signaling) Facility 104000-104899 ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 183: Event Severities
• The event's severity level In this example, the event belongs to the CLI facility, has an ID of 3005, and a severity level of "info". [8/0/609 cli:8000609 _commands_cli.c:1290] Information about the specific CLI instance. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 184: Asr 5500 System Administration Guide, Staros Release 21.5
Indicates that the event was generated because of system operation. CLI session ended for Security Administrator The event's details. Event details may, or may not include admin on device /dev/pts/2 variables that are specific to the occurrence of the event. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 185: Chapter 1 5 Troubleshooting
The ping or ping6 command verifies the system's ability to communicate with a remote node in the network by passing data packets between and measuring the response. This command is useful in verifying network routing and if a remote node is able to respond at the IP layer. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 186: Syntax
This is a useful troubleshooting command that can be used to identify the source of significant packet delays or packet loss on the network. This command can also be used to identify bottle necks in the routing of data over the network. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 187: Traceroute - Ipv4
"*" indicates the Best or Used route. Destination Nexthop Protocol Prec Cost Interface *0.0.0.0/0 10.0.4.1 static SPIO1 *10.0.4.0/24 0.0.0.0 kernel SPIO1 *10.0.4.0/32 0.0.0.0 kernel SPIO1 *10.0.4.3/32 0.0.0.0 kernel SPIO1 *10.0.4.255/32 0.0.0.0 kernel SPIO1 ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 188: Viewing The Address Resolution Protocol Table
The monitor tool may cause session processing delays and/or data loss. Therefore, it should be used only Caution when troubleshooting. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 189: Using The Protocol Monitor
The current state, ON (enabled) or OFF (disabled), is shown to the right of each option. Step 7 Press the Enter key to refresh the screen and begin monitoring. The monitor remains active until disabled. To quit the protocol monitor and return to the prompt, press q. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 190: Using The Protocol Monitor For A Specific Subscriber
PPP Tx PDU (9) PAP 9: Auth-Ack(1), Msg= <<<<OUTBOUND 10:02:35:416 Eventid:25001(0) PPP Tx PDU (14) IPCP 14: Conf-Req(1), IP-Addr=192.168.250.70 <<<<OUTBOUND 10:02:35:416 Eventid:25001(0) PPP Tx PDU (27) CCP 27: Conf-Req(1), MPPC, Stac-LZS, Deflate, MVRCA ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 191: Generating An Ssd
The show support details command includes information that is not otherwise accessible to users but that is helpful in the swift resolution of issues by TAC. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 192: Configuring And Using The Support Data Collector
Technical Assistance Center (TAC) personnel and local administrators can review the SDRs on-line or by transferring them off the system. They may also wish to investigate the collector state information. Refer to the Support Data Collector chapter for a complete description of SDC functionality. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 193: Packet Capture (Pcap) Trace
Feature Information Summary Data Applicable Product(s) or Functional Area • ePDG • IPSec • MME • SaMOG Applicable Platform(s) ASR 5500 vPC-SI vPC-DI Feature Default Disabled Related Changes in This Release Not Applicable ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 194: Feature Description
For more information, refer Enabling or Disabling Hexdump section of this chapter. Configuring PCAP Trace Enabling Multiple Instances of CDRMOD Use the following configuration to enable multiple instances of CDRMOD (one per packet processing card): config cdr-multi-mode Notes: ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 195: Configuring The Hexdump Module
◦ storage-limit megabytes: Specifies that hexdump records are to be deleted from the hard drive upon reaching a storage limit defined in megabytes. bytes must be an integer from 10 through 143360. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 196: Asr 5500 System Administration Guide, Staros Release 21.5
1 through 1024 characters in the format: //user:password@host:[port]/direct. ◦ secondary encrypted-secondary-url secondary_url: Specifies the secondary URL location to which the system pushes the files in encrypted format. secondary_url must be an alphanumeric string of 1 through 8192 characters. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 197: Configuring The Hexdump File Parameters
• Use the compression { gzip | none } keyword to specify the compressions of hexdump files. ◦ gzip: Enables GNU zip compression of the hexdump file at approximately 10:1 ratio. ◦ none: Disables Gzip compression. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 198: Asr 5500 System Administration Guide, Staros Release 21.5
◦ num-records number: Specifies the maximum number of records that should be added to a hexdump file. When the number of records in the file reaches this value, the file is complete. number must be an integer from 100 through 10240. Default: 1024 ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 199: Asr 5500 System Administration Guide, Staros Release 21.5
• Use the trailing-text string keyword to specify the inclusion of an arbitrary text string in the file name as an alphanumeric string of 1 through 30 characters. string must be an alphanumeric string from 1 through 30 characters. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 200: Enabling Or Disabling Hexdump
• When S1-AP or SGS filter option is selected in monpro/monsub, PCAP Hexdump will have dummy SCTP header. The following fields are set as dummy in the SCTP header: ◦ Verification tag ◦ Checksum ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 201: Monitoring And Troubleshooting Pcap Trace
Hexdump-module files rotated due Total number of times a hexdump file was closed and a new hexdump to volume limit file was created since the volume limit was reached. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 202: Show { Hexdump-Module | Cdr } File-Space-Usage
Hexdump-module File Storage Indicates the maximum storage space (in bytes) that can be used for LIMIT hexdump files. Hexdump-module File Storage Indicates the total storage space (in bytes) used for hexdump files. USAGE ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 203: Show Hexdump-Module Statistics
Current status of PUSH : Not Running Last completed PUSH time : N/A Use the clear hexdump-module statistics command under the Exec Mode to clear and reset the hexdump Important module statistics. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 204: Asr 5500 System Administration Guide, Staros Release 21.5
Total number of hexdump files that were successfully transferred. Failed File Transfers Total number of hexdump files that failed to transfer. Num of times PUSH initiated Total number of times the PUSH operation was initiated. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 205: Asr 5500 System Administration Guide, Staros Release 21.5
Indicates the time when the last PUSH operation to the primary storage server was completed. Secondary Server Statistics: Successful File Transfers Total number of hexdump files successfully transferred to the secondary storage server. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 206: Asr 5500 System Administration Guide, Staros Release 21.5
Indicates if the PUSH operation to the secondary storage server is currently running. Last completed PUSH time Indicates the time when the last PUSH operation to the secondary storage server was completed. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 207: System Recovery
• For StarOS releases prior to 16.1, the image filename is identified by its release version and corresponding build number. Format = production.build_number.platform.bin. • For StarOS release 16.1 onwards, the image filename is identified by its platform type and release number. Format = platform-release_number.bin. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 208: Accessing The Boot Cli
This system recovery process interrupts subscriber service by dropping any existing flows and preventing Caution traffic from being processed during the boot interval. It should only be initiated as an emergency measure. Initiate a Reboot ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 209: Chapter 1 8 Access Control Lists
Once configured, an ACL can be applied to any of the following: • An individual interface • All traffic facilitated by a context (known as a policy ACL) • An individual subscriber • All subscriber sessions facilitated by a specific context ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 210: Understanding Acls
APN for UMTS subscribers. Criteria Each ACL consists of one or more rules specifying the criteria that packets will be compared against. The following criteria are supported: ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 211: Asr 5500 System Administration Guide, Staros Release 21.5
• UDP: The rule applies to any User Datagram Protocol (UDP) traffic and could be filtered on any combination of source/destination IP addresses, a specific port number, or a group of port numbers. UDP port numbers definitions can be found at www.iana.org. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 212: Rule Order
For additional information refer to the Verifying and Saving Your Configuration chapter. Creating ACLs To create an ACL, enter the following command sequence from the Exec mode of the system CLI: configure context acl_ctxt_name [ -noconfirm ] ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 213: Configuring Action And Criteria For Subscriber Traffic
The default action is to "permit all". To modify the default behavior for unidentified ACLs, use the following configuration: configure context acl_ctxt_name [-noconfirm] access-list undefined { deny-all | permit-all } Notes: ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 214: Verifying The Acl Configuration
ACLs must be configured in the same context in which the subscribers and/or interfaces to which they Important are to be applied. Similarly, ACLs to be applied to a context must be configured in that context. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 215: Asr 5500 System Administration Guide, Staros Release 21.5
A context ACL (policy ACL) configured in the Source Context is applied prior to forwarding. An outbound ACL configured on the interface in the Source Context through which the packet is being forwarded, is applied to the tunneled data (such as the outer IP header). ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 216: Applying The Acl To An Interface
Save your configuration to flash memory, an external memory device, and/or a network location using the Exec mode save configuration command. For additional information refer to the Verifying and Saving Your Configuration chapter. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 217: Verifying The Acl Configuration On An Interface
• The context-level ACL is applied to outgoing packets. This applies to incoming packets also if the flow match criteria fails and forwarded again. The in and out keywords are deprecated and are only present for backward compatibility. Context ACL will be applied in the following cases: ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 218: Applying An Acl To All Traffic Within A Context
ACL(s) was/were applied. The output of this command displays the configuration of the entire context. Examine the output for the commands pertaining to interface configuration. The commands display the ACL(s) applied using this procedure. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 219: Applying An Acl To A Radius-Based Subscriber
Save your configuration to flash memory, an external memory device, and/or a network location using the Exec mode save configuration command. For additional information refer to the Verifying and Saving Your Configuration chapter. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 220: Applying An Acl To An Individual Subscriber
ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 221: Applying An Acl To The Subscriber Named Default
{ ip | ipv6 } access-group acl_list_name [ in | out ] Notes: • The context name is the name of the ACL context containing the interface to which the ACL is to be applied. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 222: Verifying The Acl Configuration To The Subscriber Named Default
Applying an ACL to Service-specified Default Subscriber This section provides information and instructions for applying an ACL to the subscriber to be used as the "default" profile by various system services. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 223: Applying An Acl To Service-Specified Default Subscriber
Verifying the ACL Configuration to Service-specified Default Subscriber To verify the ACL configuration. Verify that your ACL lists were applied properly by entering the following command in Exec Mode: host_name show configuration context context_name [local] ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 224: Applying A Single Acl To Multiple Subscribers
NOTE: The profile for the subscriber named default is not used to provide missing information for subscribers configured locally. default subscriber This command allows multiple services to draw "default" subscriber information from multiple profiles. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 225: Applying An Acl To Multiple Subscriber Via Apns
This section provides the minimum instruction set for applying the ACL list to all traffic within a context. Important For more information on commands that configure additional parameters and options, refer to the Subscriber Configuration Mode Commands chapter in the Command Line Interface Reference. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 226: Verifying The Acl Configuration To Apns
ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 227: Congestion Control
• Service Congestion Policies: Congestion policies are configurable for each service. These policies dictate how services respond when the system detects that a congestion condition threshold has been crossed. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 228: Configuring Congestion Control
If a threshold level is not specified, the default is critical. Currently, major and minor thresholds are only supported for the MME. The congestion-action-profile command under lte-policy defines the action to be taken when thresholds are exceeded. See Global Configuration ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 229: Configuring Service Congestion Policies
To create a congestion control policy with overload reporting, apply the following example configuration: configure congestion-control policy mme-service action report-overload reject-new-sessions enodeb-percentage percentage Notes: • Other overload actions include permit-emergency-sessions and reject-non-emergency-sessions. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 230: Enabling Congestion Control Redirect Overload Policy
During periods of heavy system load, it may be necessary to disconnect subscribers in order to maintain an acceptable level of system performance. You can establish thresholds to select subscribers to disconnect based on the length of time that a call has been connected or inactive. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 231: Asr 5500 System Administration Guide, Staros Release 21.5
To disable the overload disconnect feature for this subscriber, use the following configuration example: configure context context_name subscriber subscriber_name no overload-disconnect { [threshold inactivity-time] | [threshold connect-time] } ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 232: Asr 5500 System Administration Guide, Staros Release 21.5
Congestion Control Enabling Congestion Control Redirect Overload Policy ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 233: Chapter 2 0 Routing
Autonomous System (AS) paths. • Route Maps – Route-maps provide detailed control over routes during route selection or route advertisement by a routing protocol, and in route redistribution between routing protocols. For this level ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 234: Creating Ip Prefix Lists
Use the following procedure to create an AS Path Access List: config context context_name ip as-path access-list list_name [ { deny | permit } reg_expr ] Notes: • Save your configuration as described in the Verifying and Saving Your Configuration chapter. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 235: Creating Route Maps
• Name of the interface in the current context that the route must use • Next hop IP address On the ASR 5500, static routes with IPv6 prefix lengths less than /12 and between the range of /64 and Important /128 are not supported.
Page 236: Adding Static Routes To A Context
It also describes how to enable the base OSPF functionality and lists the commands that are available for more complex configurations. You must purchase and install a license key before you can use this feature. Contact your Cisco account representative for more information on licenses.
Page 237: Ospf Version 2 Overview
On the ASR 5500, OSPF routes with IPv6 prefix lengths less than /12 and between the range of /64 and Important /128 are not supported.
Page 238: Basic Ospfv2 Configuration
OSPF areas. This is an optional configuration. config context context_name router ospf redistribute { connected | static } Notes: • Save your configuration as described in the Verifying and Saving Your Configuration chapter. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 239: Confirming Ospf Configuration Parameters
It also describes how to enable the base OSPFv3 functionality and lists the commands that are available for more complex configurations. Important On the ASR 5500, OSPFv3 routes with IPv6 prefix lengths less than /12 and between the range of /64 and /128 are not supported. OSPFv3 Overview Much of OSPF version 3 is the same as OSPF version 2.
Page 240: Enabling Ospfv6 Over A Specific Interface
ECMP can be used in conjunction with most routing protocols, since it is a per-hop decision that is limited to a single router. It potentially offers substantial increases in bandwidth by load-balancing traffic over multiple paths ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 241: Bgp-4 Routing
BGP. BGP-4 also allows the aggregation of routes, including the aggregation of AS paths. On the ASR 5500, BGP routes with IPv6 prefix lengths less than /12 and between the range of /64 and Important /128 are not supported.
Page 242: Configuring Bgp
{ bgp | connected | static } [ metric metric_value ] [ metric-type { 1 | 2 } ] [ route-map route_map_name ] Notes: ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 243: Bgp Communities And Extended Communities
Command Line Interface Reference. Multiple community-list entries can be attached to a community-list by adding multiple permit or deny clauses for various community strings. Up to 64 community-lists can be configured in a context. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 244: Setting The Community Attribute
Multiple extended community-list entries can be attached to an extended community-list by adding multiple permit or deny clauses for various extended community strings. Up to 64 extended community-lists can be configured in a context. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 245: Setting The Extended Community Attribute
An SRP Configuration mode command enables advertising BGP routes from an ICSR chassis in standby state. This command and its keywords allow an operator to take advantage of faster network convergence accrued ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 246: Configurable Bgp Route Advertisement Interval For Icsr
The following table lists the BGP Configuration mode CLI commands that support the configuration of various BGP parameters. For additional information, refer to the BGP Configuration Mode Commands chapter of the Command Line Interface Reference ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 247: Asr 5500 System Administration Guide, Staros Release 21.5
VRF. maximum-paths { ebgp max_num | ibgp max_num Enables forwarding packets over multiple paths and specifies the maximum number of external BGP (eBGP) or internal BGP (iBGP) paths between neighbors. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 248: Confirming Bgp Configuration Parameters
BFD establishes a session between two endpoints over a particular link. If more than one link exists between two systems, multiple BFD sessions may be established to monitor each one of ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 249: Overview Of Bfd Support
This function is used to test the forwarding path on the remote system. The system supports BFD in asynchronous mode with optional Echo capability via static or BGP routing. On an ASR 5500 one of the packet processing cards must be configured as a demux card in order for BFD Important to function.
Page 250: Configuring A Bfd Context
[ bfd echo ] exit Configure BFD static route. ipv6 route static bfd if_name ipv6_gw_address Add static routes. ipv6 route ipv6_address ipv6_mask ipv6 route ipv6_address ipv6_mask ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 251: Configuring Bfd For Single Hop
Enable BFD on an OSPF Neighbor. For additional information, see Associating OSPF Neighbors with the Context, on page 226. On the ASR 5500, routes with IPv6 prefix lengths less than /12 and between the range of /64 and /128 are Important not supported. Configuring Multihop BFD Enable BFD on an interface.
Page 252: Scaling Of Bfd
Notes: • Repeat the sequence to add neighbors. Associating BFD Neighbor Groups with the BFD Protocol config context context_name bfd-protocol bfd nbr-group-name grp_name active-if-name if_name nexthop_address bfd nbr-group-name grp_name passive-if-name if_name nexthop_address ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 253: Enabling Bfd On Ospf Interfaces
BGP routes from a Standby ICSR chassis. The overall goal is to support more aggressive failure detection and recovery in an ICSR configuration when implementing of VoLTE. You must configure the following features for chassis-to-chassis BFD monitoring in ICSR configurations: ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 254: Enable Primary Chassis Bfd Monitoring
(post ICSR switchover) while the network is still converging. ◦damping-period – configures a delay time to trigger an ICSR switchover due to a monitoring failure within the guard-period. ◦guard-period – configures the local-failure-recovery network-convergence timer. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 255: Enable Bfd Multihop Fall-Over
] [ precedence precedence ] [ vrf vrf_name [ cost value ] [ fall-over bfd multihop mhsess_name ] [ precedence precedence ] + The ip route command now also allows you to add a static multihop BFD route. ip route static multihop bfd mhbfd_sess_name local_endpt_ipaddr remote_endpt_ipaddr ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 256: Ip Routev6 Command
BFD Support for Link Aggregation Member Links Member-link based BFD detects individual link failures faster than LACP and reduces the overall session/traffic down period as a result of single member link failure. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 257: Overview
Important with RFC 7130. Configuring Support for BFD Linkagg Member-links The bfd linkagg-peer command enables member-link BFD and configures the BFD link aggregation (linkagg) session values [RFC 7130]. configure context context_name bfd-protocol ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 258: Saving The Configuration
[local] "*" indicates the Best or Used route. Destination Nexthop Protocol Prec Cost Interface *44.44.44.0/24 208.230.231.50 static local1 *192.168.82.0/24 0.0.0.0 connected *192.168.83.0/24 0.0.0.0 connected 208.230.231.0/24 0.0.0.0 ospf local1 ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 259 Routing Viewing Routing Information *208.230.231.0/24 0.0.0.0 connected local1 Total route count: 5 ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 260 Routing Viewing Routing Information ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 261: Vlans
IP addresses to and from the VPN. • Overlap pools can be used for both dynamic and static addressing, and use VLANs and a next hop forwarding address to connect to the VPN customer. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 262: Radius Vlan Support - Enhanced Charging Services
Use the following example to create VLANs on a port and bind them to pre-existing interfaces. For information on creating interfaces, refer to System Interfaces and Ports. config port ethernet slot port no shutdown vlan vlan_tag_ID ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 263: Verifying The Port Configuration
: Present (10G Base-SR) Notes: • Repeat this sequence as needed to verify additional ports. • Optional: Configure VLAN-subscriber associations. Refer to Configuring Subscriber VLAN Associations, on page 238 for more information. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 264: Configuring Subscriber Vlan Associations
Verify the Subscriber Profile Configuration Use the following command to view the configuration for a subscriber profile: host_name show subscriber configuration username user_name [local] Notes: ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 265: Vlan-Related Cli Commands
Ethernet Interface Configuration Mode [no] logical-port-statistics Enables or disables the collection of logical port (VLAN and NPU) bulk statistics for the first 32 configured Ethernet or PVC interface types. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 266 Displays VLAN utilization for a specified collection interval. { 5-minute | hourly } Exec Mode show commands show port info slot/port vlan vlan_id Displays NPU counters for a previously configured VLAN ID. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 267: Bgp Mpls Vpns
Switching (MPLS) Virtual Private Networks (VPNs). Important MPLS is a licensed Cisco feature that requires a separate license. Contact your Cisco account representative for detailed information on specific licensing requirements. For information on installing and verifying licenses, refer to the Managing License Keys section of Software Management Operations.
Page 268: Mpls-Ce Connected To Pe
The can be configured to add two labels: • an outer label learned from LDP or RSVP-TE (RSVP-Traffic Engineering) • an inner label learned from MP-iBGP This solution supports traffic engineering and QoS initiated via the . ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 269: Sample Configuration
Sample Configuration In this example, VRFs are configured on the ASR 5500 PE and pools are associated with VRFs. The exchanges VPN routes with its IBGP peers (PE routers) and learns the MPLS paths to reach PEs via LDP. The forwards the packets to the next-hop with two labels –...
Page 270: Ipv6 Support For Bgp Mpls Vpns
This example assumes three VRFs. VRF 1 has only IPv4 routes, VRF f2 has both IPv4 and IPv6 routes, and VRF 3 has only IPv6 routes. Figure 8: VPNv6 Sample Configuration Configure VRFs. ip vrf vrf1 exit ip vrf vrf2 exit ip vrf vrf3 exit ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 271 800 2 route-target export 800 2 route-target import 800 2 exit address-family ipv4 vrf vrf2 redistribute connected redistribute static ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 272: Vpn-Related Cli Commands
For detailed information regarding the use of the commands listed below, see the Command Line Interface Reference. Table 17: VPN-Related Configuration Commands CLI Mode Command Description BGP Address-Family (IPv4/IPv6) neighbor ip_address activate Enables the exchange of routing Configuration Mode information with a peer router. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 273 IPv6 VRF routing in BGP. BGP Configuration Mode ip vrf vrf_name Adds a VRF to BGP and switches to the VRF Configuration mode to allow configuration of BGP attributes for the VRF. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 274 DSCP to EXP (via the mpls map-dscp-to-exp dscp n exp m command). mpls exp disables the default behavior and sets the EXP value to the configured value. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 275 IP VRF Context Configuration mpls map-exp-to-dscp exp Maps the incoming EXP bit value Mode exp_bit_value dscp in the MPLS header to the internal dscp_bit_value DSCP bit value in IP packet headers for outgoing traffic. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 276 { all | Displays all VPNv6 routing data, route-distinguisher | vrf } routing data for a VRF or a route-distinguisher. Exec Mode show Commands show ip pool Displays pool details including the configured VRF. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 277 Map (ILM) table information. Exec Mode show Commands Displays the MPLS LDP show mpls ldp information. Exec Mode show Commands show mpls Displays MPLS Next-Hop Label nexthop-label-forwarding-entry Forwarding Entry (NHLFE) table information. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 278 BGP MPLS VPNs VPN-Related CLI Commands ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 279: Content Service Steering
Internal CSS is a generic feature, if an ECSv2 license is installed on your system, internal CSS can be Important enabled. A separate license is not required to enable internal CSS. Contact your local Cisco account representative for information on how to obtain a license.
Page 280: Configuring Internal Content Service Steering
• service_name must be an ACL service name. • For information on the keywords and options available with the redirect css service command, see the ACL Configuration Mode Commands chapter in the Command Line Interface Reference. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 281: Applying An Acl To An Individual Subscriber (Optional)
For information on how to apply an ACL to multiple subscribers via APNs, refer to the Applying a Single ACL to Multiple Subscribers via APNs section in the Access Control Lists chapter. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 282 Content Service Steering Applying an ACL to Multiple Subscribers via APNs (Optional) ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 283: Session Recovery
This chapter describes the Session Recovery feature that provides seamless failover and reconstruction of subscriber session information in the event of a hardware or software fault. Session Recovery is a licensed Cisco feature. A separate feature license may be required. Contact your Important Cisco account representative for detailed information on specific licensing requirements.
Page 284 • Any session needing L2TP LAC support (excluding regenerated PPP on top of an HA or GGSN session) • ASR 5500 only – Closed RP PDSN services supporting simple IP, Mobile IP, and Proxy Mobile IP • ASR 5500 only – eHRPD service (evolved High Rate Packet Data) •...
Page 285: Configuring The System To Support Session Recovery
However, if the system is in-service, it must be restarted before the session recovery feature takes effect. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 286: Enabling Session Recovery On An Out-Of-Service System
This feature does not take effect until after the system has been restarted. Step 3 Save your configuration as described in Verifying and Saving Your Configuration. Step 4 Perform a system restart by entering the reload command: The following prompt appears: ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 287: Disabling The Session Recovery Feature
---- ------- ------ ------- ------ ------- ------ ------------ 1/1 Active Good 1/2 Active Good 1/3 Active Good 2/1 Active Good 2/2 Active Good ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 288: Viewing Recovered Session Information
Attempts Success Last-Attempt Last-Success Full: Micro: Current state: SMGR_STATE_CONNECTED FSM Event trace: State Event SMGR_STATE_LINE_CONNECTED SMGR_EVT_LOWER_LAYER_UP SMGR_STATE_CONNECTED SMGR_EVT_AUTH_REQ SMGR_STATE_CONNECTED SMGR_EVT_AUTH_SUCCESS SMGR_STATE_CONNECTED SMGR_EVT_REQ_SUB_SESSION SMGR_STATE_CONNECTED SMGR_EVT_RSP_SUB_SESSION SMGR_STATE_CONNECTED SMGR_EVT_ADD_SUB_SESSION SMGR_STATE_CONNECTED SMGR_EVT_AUTH_REQ SMGR_STATE_CONNECTED SMGR_EVT_AUTH_SUCCESS SMGR_STATE_CONNECTED SMGR_EVT_AUTH_REQ ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 289: Recovery Control Task Statistics
Without the verbose keyword, a summary output is displayed as show in the example below: RCT stats details (Last 1 Actions) Action Type From Start Time Duration Status --- ------------- --------- ---- ---- ------------------------ ---------- ------- ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 290: Sample Output For Show Rct Stats Verbose
Failure Device : N.A Recovery Status : Success Facility : N.A Instance : N.A Duration : 003.423 sec Graceful : Enabled Recovered [1] :[f:sessmgr, i:6, cpu:50, pid:13170 Recovered [2] :[f:sessmgr, i:3, cpu:50, pid:13167] ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 291 Duration : 004.134 sec Graceful : Enabled Recovered [1] :[f:sessmgr, i:6, cpu:50, pid:13170 Recovered [2] :[f:sessmgr, i:3, cpu:50, pid:13167] RCT stats Summary ----------------- Migrations 3, Average time = 4.260 sec Switchovers = ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 292 Session Recovery Sample Output for show rct stats verbose ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 293: Interchassis Session Recovery
Administration Guide, before using the procedures described below. ICSR is a licensed Cisco feature that requires a separate license. Contact your Cisco account representative Important for detailed information on specific licensing requirements. For information on installing and verifying licenses, refer to the Managing License Keys section of Software Management Operations.
Page 294: Checkpoint Messages
Resets the Diameter monitor failure information to 0. srp terminate-post-process Forcibly terminates post-switchover processing. Validates the configuration for an active chassis. srp validate-configuration srp validate-switchover Validates that both active and standby chassis are ready for a planned SRP switchover. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 295: Show Commands
A switchover event caused by an AAA monitoring failure is non-revertible. Important If the newly active chassis fails to monitor the configured AAA servers, it remains as the active chassis until one of the following occurs: ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 296: Bgp Interaction
◦Destination – to configure monitoring and routing to the PDN. • Border Gateway Protocol (BGP) – ICSR uses the route modifier to determine the chassis priority. ICSR is a licensed Cisco feature. Verify that each chassis has the appropriate license before using these Important procedures.
Page 297: Icsr Operation
The procedures described below assume the following: • The chassis have been installed and configured with core network services. For more configuration information and instructions on configuring services, refer to the respective product Administration Guide. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 298: Configuring The Service Redundancy Protocol (Srp) Context
Configuring the SRP Context Interface Parameters, on page 279. Step 4 Verify your SRP context configuration as described in Verifying SRP Configuration, on page 282. Step 5 Save your configuration as described in Verifying and Saving Your Configuration. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 299: Creating And Binding The Srp Context
• The priority determines which chassis becomes active in the event that both chassis are misconfigured with the same chassis mode; see Chassis Initialization, on page 271. The higher priority chassis has the lower number. Be sure to assign different priorities to each chassis. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 300: Srp Redundancy, Aaa And Diameter Guard Timers
◦aaa – local failure followed by AAA monitoring failure ◦bgp – local failure followed by BGP monitoring failure ◦diam – local failure followed by Diameter monitoring failure ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 301: Dscp Marking Of Srp Messages
◦ef – Expedited Forwarding PHB, for low latency traffic Optimizing Switchover Transitions There are several SRP configuration options that reduce the transition time from the active to standby gateways (primarily P-GW) in support of VoLTE traffic. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 302: Allow Non-Volte Traffic During Icsr Switchover
Interchassis Session Recovery Configuring the Service Redundancy Protocol (SRP) Context These features require an updated ICSR license to support the enhancements. Contact your Cisco account Important representative for additional information. Allow Non-VoLTE Traffic During ICSR Switchover The ICSR framework reduces switchover disruption for VoLTE traffic by enabling VoLTE traffic on the newly active gateway prior to reconciling the billing information and enabling communication with the newly active gateway when accounting is not deemed critical.
Page 303 The switchover allow-all-data-traffic command must be run on both chassis to enable this feature. Important The switchover allow-volte-data-traffic SRP Configuration mode CLI command allows VoLTE data traffic during ICSR switchover transition. configure context context_name ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 304: Allow All Data Traffic
External nodes to the local gateway include S-GW, P-GW, SGSN, MME, AAA, PCRF and IMSA. Audit failure can occur because of missing or incomplete session information. Therefore, only the peers for which the information is available will be notified. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 305: Optimization Of Switchover Control Outage Time
CLI commands must be executed on both chassis. Log onto both chassis before continuing. Always make configuration changes on the primary chassis first. configure context vpn_ctxt_name -noconfirm interface srp_if_name ip-address ip_address ip_address mask exit exit port ethernet slot_num port_num description des_string ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 306: Configuring Nack Generation For Srp Checkpoint Messaging Failures
(FCs) between the active and standby chassis. The periodic-interval keyword will only appear if a special ICSR optimization feature license has been Important purchased and installed. Contact your Cisco account representative for assistance. configure context context_name...
Page 307: Selective Disabling Of Nack Messaging
LZ4 compression algorithm. The compression keyword will only appear if a special ICSR optimization feature license has been Important purchased and installed. Contact your Cisco account representative for assistance. The following command sequence enables the use of LZ4 compression: configure...
Page 308: Verifying Srp Configuration
283. Step 3 Verify your BGP context configuration by following the steps in Verifying BGP Configuration, on page 283. Step 4 Save your configuration as described in Verifying and Saving Your Configuration. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 309: Configuring Bgp Router And Gateway Address
Service Redundancy Protocol Configuration Mode Commands chapter of the Command Line Interface Reference. Verifying BGP Configuration Verify your BGP configuration by entering the show srp monitor bgp command (Exec Mode). ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 310: Modifying The Destination Context For Icsr
Use the following example to configure the BGP context and IP addresses in the SRP context. configure context srp_ctxt_name service-redundancy-protocol monitor bgp context dest_ctxt_name neighbor_ip_address Setting Subscriber to Default Mode Use the following example to set the subscriber mode to default. configure context dest_ctxt_name subscriber default ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 311: Verifying Bgp Configuration In Destination Context
192.168.82.0/24 spi-number 256 encrypted secret 1088bdd6817f64df bind address 172.17.1.1 #exit #exit context destination ip pool dynamic 172.18.0.0 255.255.0.0 public 0 srp-activate ip pool static 172.19.0.0 255.255.240.0 static srp-activate #exit context srp service-redundancy-protocol ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 312: Configuring Subscriber State Management Audit Process
• show srp checkpoint statistics • show srp checkpoint statistics verbose • show srp checkpoint statistics debug-info • show srp checkpoint statistics sessmgr all • show srp checkpoint statistics sessmgr all debug-info ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 313: Updating The Operating System
6 Initiate an SRP switchover from the active backup system to make the standby primary system active. The four-part flowchart below shows a more complete view of all the procedures required to complete the StarOS upgrade process. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 314 Enabling the Demux on MIO/UMIO/MIO2 feature changes resource allocations within the system. This Caution directly impacts an upgrade or downgrade between StarOS versions in ICSR configurations. Contact Cisco TAC for procedural assistance prior to upgrading or downgrading your ICSR deployment.
Page 315 Interchassis Session Recovery Updating the Operating System Figure 13: ICSR Software Upgrade – Part 2 ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 316 Interchassis Session Recovery Updating the Operating System Figure 14: ICSR Software Upgrade – Part 3 ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 317 Interchassis Session Recovery Updating the Operating System Figure 15: ICSR Software Upgrade – Part 4 ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 318: Both Icsr Systems
Both ICSR Systems Perform the tasks described below on both the primary (active) and backup (standby) ICSR systems. Standby ICSR System Perform the tasks described below on the backup or standby ICSR system. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 319: Performing Health Checks
For each BGP-enabled context, run show ip bgp summary. Verify that the BGP peers are connected and that IPv4 and IPv6 peers are up. Repeat for all BGP-enable contexts. Step 2 Run show service_name all |grep "Service Status:". The service should be "Started". Repeat for all services running on the chassis. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 320: Updating The Boot Record
Features in the new operating system may require changes to the configuration file. These changes can be done manually or facilitated by custom scripts prepared by Cisco TAC. Make whatever changes are necessary prior to saving the updated configuration file.
Page 321: Verifying The Software Version
Compare the number of subscribers on the active chassis and the number of Current pre-allocated calls: on the standby chassis. They should be similar (within 5%). Allow a few minutes for systems to complete synchronization. Primary System Perform the tasks described below on the primary (active) ICSR system. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 322: Initiating An Srp Switchover
Saving the Configuration File, on page 295 • Synchronizing File Systems, on page 294 • Performing Health Checks, on page 293 • Performing SRP Checks, on page 293 • Performing BGP Checks, on page 293 ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 323: Initiating An Srp Switchover
[local] Step 3 Reboot the system to load its previous configuration. host_name reload [local] Step 4 Perform health checks as described in Performing Health Checks, on page 293 ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 324 Interchassis Session Recovery Fallback Procedure ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 325: Support Data Collector
Technical Assistance Center (TAC) personnel and local administrators can review the SDRs on-line or by transferring them off the system. They may also wish to investigate the collector state information. The figure ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 326: Configuring Sdr Collection
If the user has configured support record sections, then the show configuration command displays user-configured support record sections. The support collection schedule configuration also appears in the show configuration output under the Global Configuration section. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 327: Collecting And Storing The Sdr Information
The SDRs are stored together in a self-relative set. This self-relative set is called a Support Record Collection. Each individual SDR is identified with a record-id. The record-id of the most recent SDR is always 0 (zero). ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 328 This is because the interval specifies the idle time between scheduled collection runs. Since the actual overhead of the collecting process is not included in the scheduled intervals, the time differences between collections includes this non-deterministic amount of time. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 329: Using Sdrs To Diagnose Problems
The administrator may decide to transfer the SDRs off the system to be analyzed remotely, for example, by Cisco TAC. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 330: Configuration Commands (Global Configuration Mode)
The max-records keyword specifies the number of SDRs to store as an integer from 1 to 65535. When this value is exceeded, the new SDR overwrites the oldest SDR. The default value is 168. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 331: Exec Mode Commands
Last Collection Start Time : Monday October 21 06:29:05 PDT 2013 Last Collection End Time : Monday October 21 06:29:09 PDT 2013 Est. Collection Next Start : Monday October 21 07:29:13 PDT 2013 (40 minutes) Support Data Records at /var/tmp/support-records/ ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 332 The output of this command reflects the sequence in which record sections will be output, regardless of the sequence in which they may have been entered by the user. Refer to the SDR CLI Command Strings appendix for additional information. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 333: Appendix A Engineering Rules
◦ Prior to Release 15.0: Up to 16 interfaces can be configured within a single context. ◦ For Release 15.0 and higher: With the Demux MIO/UMIO/MIO2 feature enabled, up to 64 interfaces can be configured within a single context. ◦ 512 Ethernet+PPP+tunnel interfaces ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 334 ◦ Releases prior to 18.5: 5,000 pool explicit host routes per context (6,000 per chassis) ◦ Release 18.5 and higher: 24,000 pool explicit host routes per context (24,000 per chassis) ◦ 64 route maps per context • BGP ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 335 ◦ 1,600 servers per context in AAA Server group mode (accounting, authentication, charging server, or any combination thereof) ◦ 800 NAS-IP address/NAS identifier (one primary and one secondary per server group) per context ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 336: Subscriber Rules
• If the first two cases fail, the default subscriber template in the AAA context is used. Service Rules The following engineering rules apply to services configured within the system: • Configure a maximum of 256 services (regardless of type) per system. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 337: Access Control List (Acl) Engineering Rules
Caution affect overall system performance. Therefore, you should not configure a large number of services unless your application absolutely requires it. Please contact your Cisco service representative for more information. • The total number of entries per table and per chassis is limited to 256.
Page 338 Engineering Rules ECMP Groups ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 339: Appendix B Staros Tasks
A P P E N D I X StarOS Tasks This appendix describes system and subsystem tasks running under StarOS on an ASR 5500 and virtualized platforms. Important This appendix is not a comprehensive list of all StarOS tasks. It simply provides general descriptions of the primary tasks and subsystems within StarOS.
Page 340: Primary Task Subsystems
All IP operations within StarOS are done within specific VPN contexts. In general, packets are not forwarded across different VPN contexts. The only exception currently is the Session subsystem. • Network Processing Unit (npusim on ASR 5500, and iftask or knpusim on VPC-DI and VPC-SI) This subsystem is responsible for the following: •...
Page 341: Controllers And Managers
Managers manage resources and mappings between resources. In addition, some managers are directly responsible for call processing. For information about the primary subsystems that are composed of critical, controller, and /or manager tasks, Subsystem Tasks, on page 316. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 342: Subsystem Tasks
Starts management cards in either active or standby mode. Registers tasks with HAT task. Notifies CSP task of CPU startup completion. Brings up packet processing cards in standby mode. SITREAP SIT Reap Sub-function Shuts down tasks as required. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 343: High Availability Subsystem
Performs device initialization and control functions because of the CPU's hardware capabilities. Reports the loss of any task on its CPU to hatsystem sub-function. Controls the LEDs on the management card. (ASR 5500 only) Initializes and monitors the dedicated hardware on the management card. (ASR 5500 only)
Page 344: Resource Manager Subsystem
Informs the Session Controller task when there are additions or changes to contexts. Only one Session Controller operates at any time. Routes context specific operation information to the appropriate VPN Manager. Performs VPN Manager recovery and saves all VPN-related configuration information in SCT. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 345 (router ospfv3 Context Configuration mode CLI command) Responsible for learning and redistributing routing information via the OSPFv3 protocol. Maintains the OSPFv3 neighboring relationship. Maintains the LSA database. Performs OSPFv3 SPF calculations. Applies any defined OSPFv3 routing policy. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 346: Network Processing Unit Subsystem
[VPC-DI, VPC-SI] Provides interface binding and forwarding services to the VPN Manager. Provides flow insertion and removal services to Session Manager and AAA Manager tasks. Provides recovery services to the NPU Controller. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 347 Provides port configuration services to the CSP task Provides interface binding and forwarding services to the VPN Manager. Provides flow insertion and removal services to Session Manager and AAA Manager tasks. Provides recovery services to the NPU Controller. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 348: Session Subsystem
Managers, and from multiple contexts. Processes protocols for A10/A11, GRE, R3, R4, R6, GTPU/GTPC, PPP, and Mobile IP. Manages Enhanced Charging Service, Content Filtering and URL Blacklisting services. Session Managers are paired with AAA Managers. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 349 Global Configuration mode require demux card command starts aaaproxy on the designated demux card. Writes CDRs to a file in its VRAM-disk. The enqueued CDRs are then periodically synchronized with a HDD for transfer. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 350 Acts as a pass-through to the messages from application to the Diameter server. Just acts as a forwarding agent (does not maintain any queues). A single Diameter proxy is used to service multiple Diameter applications. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 351 Session Manager tasks for load balancing. Maintains a list of current Session Manager tasks to aid in system recovery. Verifies validity of GTPC messages. Maintains a list of current GTPC sessions. Handles GTPC Echo messaging to/from SGSN. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 352 Remains aware of all the active HNB-GW services in the system. With session recovery (SR) enabled, this demux manager is usually established on one of the CPUs on the first active packet processing card. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 353 Maintains records for all subscribers on the system. Maintains mapping between the IMSI/P-TMSI and SessMgrs. With session recovery (SR) enabled, this demux manager is usually established on one of the CPUs on the first active demux packet processing card. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 354 Created by the Session Controller when the first SS7RD (routing domain) is activated. Multi-instanced for redundancy and scaling purposes. Provides SS7 and Gb connectivity to the platform. Routes per subscriber signalling across the SS7 (including Iu) and Gb interfaces to the SessMgr. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 355 Remains aware of all the active MME services in the system. With session recovery (SR) enabled, this demux manager is usually established on one of the CPUs on the first active packet processing card. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 356 Handles all PCRF service sessions. Interfaces with PCC-Core while processing different events associated with individual subscriber sessions. Maintains subscriber information while applying business logic. Creates calline and corresponding APN session for each subscriber. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 357: Platform Processes
ASR 5500 Fabric I/O Driver Responsible for the direct configuration of the fabric chipset. afio supports non-messenger interprocess communication (IPC) with the local afmgr and with other local afio instances ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 358 Driver Controller Centralizes access to many of the system device drivers. It also performs temperature and voltage monitoring. hdctrl Hard Drive Controller Controls and manages the drive array spanning the management cards. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 359 Its primary function is to support recovery and distribution functions. lagmgr Link Aggregation Group Started by npuctrl on the demux card's primary MIO (ASR 5500) with a Manager facility level between CSP and npumgr to receive configuration/status notification from npumgr and build global LAG database.
Page 360: Management Processes
Management Functions on the system using secure IIOP. ORBS then interacts with concerned Controller Tasks to execute the function. The response/errors from the execution are interpreted, formulated into an EMF response, and handed off to EMS servers. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 361 Handles inboard SNMP operations if configured, and sends SNMP Protocol notifications (traps) if enabled. threshold Threshold Server Handles monitoring of threshold crossing alerts, if configured. Polls the needed statistics/variables, maintains state, and generates log messages/SNMP notification of threshold crossings. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 362 StarOS Tasks Management Processes ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 363: Netconf And Confd
CLI Based YANG Model for ECS Commands, page 358 Feature Summary and Revision History Summary Data Applicable Product(s) or Functional Area Applicable Platform(s) ASR 5500 VPC-SI VPC-DI Feature Default Disabled - Configuration Required Related Changes in This Release Not Applicable ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 364: Overview
Overview StarOS provides a northbound NETCONF interface that supports a YANG data model for transferring configuration and operational data with the Cisco Network Service Orchestrator (NSO). It also incorporates a ConfD manager (confdmgr) to communicate with the NSO management console.
Page 365 (draft-bierman-netconf-restconf-4) that describes how to map a YANG specification to a RESTful interface using HTTP as transport. REST and RESTCONF are only enabled internally when a valid certificate and key are configured. If client authentication is enabled, CA-certificates may be required as well. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 366: Configuring Confd
You can run the show ssh key command to verify the existence of an SSH key on the system. If an SSH key is not available, see the Configuring SSH Options section of the Getting Started chapter in this guide. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 367: Netconf Protocol Configuration Mode
NETCONF. The user will be authenticated with verifiable credentials. This username is used for CLI logging purposes only. The command syntax is: confd-user <username>, where <username> is an alphanumeric string of 1 to 144 characters. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 368: Netconf Notifications Events
Use no netconf port to reset the port number to 830. Important A change to the NETCONF interface port value will result in a planned restart of ConfD and temporary loss of connectivity over the NETCONF and REST (if enabled) interfaces. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 369: Rest Auth-Policy
Global Configuration mode. Use no rest certificate to remove any configured certificate and key. REST will not be operational without a valid certificate and key. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 370: Rest Hostname
The following command sequence establishes a ConfD configuration in support of NETCONF protocol. A type v2-RSA SSH key is required for enabling server confd. configure context local ssh key <encrypted key text> len 938 type v2-rsa server confd ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 371: Verifying The Configuration
◦ confd server ConfD configuration • The subscriptions keyword displays ConfD CDB subscription information. show confdmgr See below for a sample output for show confdmgr: [local]<host_name># show confdmgr State Information ----------------- State Started ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 372 60 bulkstats server transfer-interval 1440 bulkstats server limit 7500 bulkstats server receiver-mode secondary-on-failure bulkstats server file 1 bulkstats schemas file 1 ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 373 See below for a sample output for show confdmgr confd netconf: [local]<host_name># show confdmgr confd netconf netconf-state capabilities capability urn:ietf:params:netconf:base:1.0 netconf-state capabilities capability urn:ietf:params:netconf:base:1.1 netconf-state capabilities capability urn:ietf:params:netconf:capability:writable-running:1.0 netconf-state capabilities capability urn:ietf:params:netconf:capability:candidate:1.0 netconf-state statistics netconf-start-time 2016-03-30T17:09:49-04:00 netconf-state statistics in-bad-hellos 0 ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 374 2016-12-14 namespace http://www.cisco.com/staros-config prefix staros_config exported-to-all cisco-staros-exec confd-state loaded-data-models data-model revision 2016-12-14 namespace http://www.cisco.com/staros-exec prefix staros_exec exported-to-all cisco-staros-notif confd-state loaded-data-models data-model revision 2016-12-14 namespace http://www.cisco.com/staros-notif prefix staros_notif ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 375 2013-06-14 namespace http://tail-f.com/yang/confd-monitoring prefix tfcm exported-to-all confd-state loaded-data-models data-model tailf-kicker revision 2016-11-24 namespace http://tail-f.com/ns/kicker prefix kicker exported-to-all confd-state loaded-data-models data-model tailf-netconf-monitoring revision 2016-11-24 ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 376 "4 bytes" ram-size "6.99 KiB" subscription-lock-set false confd-state internal cdb client name confdmgr info 5420/10 type subscriber subscription datastore running priority -2147483648 path /context subscription datastore running priority -2147483648 path /active-charging local]<host_name># ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 377 • NETCONF updates – Number of ConfD configuration subscription notifications. • Failures – Number of errors detected processing any ConfD configuration requests within confdmgr. • Aborts – Number of times a configuration update via NETCONF was aborted. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 378: Clear Confdmgr Confd Cdb
ConfD and NETCONF protocol support. clear confdmgr statistics This command clears everything listed in the "Statistics" section of the output of the show confdmgr command, including: • Triggers • Replays ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 379: Yang Models
(all native models are included here under a common namespace). • cisco-staros-exec.yang - Model to enable CLI exec operations via the restful interface. Only users with admin credentials may use this model. Used by ConfD locally to parse input.
Page 380: Confd Examples
See below for a sample use of netconf-console to obtain the server ConfD configuration via NETCONF: [user@server]$ ./netconf-console --host 1.2.3.4 -u admin --password pswd! --port 123 --get-config -x confd <?xml version="1.0" encoding="UTF-8"?> ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 381: Bulkstats
[local]<host_name>(config)# context local [local]<host_name>(config-ctx)# server confd [local]<host_name>(config-confd)# bulkstats [local]<host_name>(config-confd)# end [local]<host_name># show confdmgr State Information ----------------- State Started Subscriptions Last successful id 1488-216669-170664 Last failed id None Username Not configured Bulkstats Enabled ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 382 [<user>@server] ]$ curl -u admin:pswd! https://rtp-mitg-si06.cisco.com:234/api/operational/bulkstats-operational?deep --cert /users/<user>/ssl_cert/client_cert/client.crt --key /users/<user>/ssl_cert/client_cert/client.key --cacert /users/<user>/ssl_cert/root_cert/rootCA.pem <bulkstats-operational xmlns="http://www.cisco.com/staros-bulkstats" xmlns:y="http://tail-f.com/ns/rest" xmlns:staros_bulkstats="http://www.cisco.com/staros-bulkstats"> <file> <number>1</number> <schemas> <schema>system</schema> <names> <name>common</name> <key_ids> <key_id>none</key_id> <variable> <name>host</name> <value><host_name></value> </variable> <variable> <name>ipaddr</name> <value>1.2.3.4</value> </variable> <variable> <name>uptime</name> <value>5781</value> ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 383: Exec Cli Model
See below for a sample use of curl to obtain the show build and show confdmgroutputs, using "\r\n" as the delimiter between commands: cat exec_cli_show_build_and_confdmgr.xml <input><args>show build \r\n show confdmgr</args></input> ************ [<user>@server] ]$ curl -u admin:pswd! https://rtp-mitg-si06.cisco.com:234/api/running/staros_exec/_operations/exec --cert ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 384: Cli Based Yang Model For Ecs Commands
************************************* CLI Based YANG Model for ECS Commands In this release, the cisco-staros-cli-config.yang model supports a limited set of ECS (Enhanced Charging System) configuration commands via NSO. On the southbound side, ConfD communicates with a StarOS process called via a set of APIs provided by the ConfD management agent.
Page 385: Seeding And Synchronizing The Cdb
The CDB only receives updates via the NETCONF interface. In order to keep the CDB and the StarOS configuration databases in sync, all changes made via CLI access (external to NETCONF) to the cisco-staros-cli-config YANG model supported configuration objects must be applied to the CDB manually. Seeding and Synchronizing the CDB After enabling server confd you may need to initially seed the CDB with a local copy of the configuration database (CDB) managed by ConfD on StarOS.
Page 386: Cdb Maintenance
/flash/confd.config confd [local] host_name configure confd /flash/confd.config [local] Info: #!$$ StarOS V20.2 Chassis 52767e9ff9e207bed12c76f7f8a5352c Info: config Info: active-charging service acs Info: rulebase default Info: #exit Info: #exit Info: end host_name [local] ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 387: Save Configuration Confd
• group-of-ruledefs <ruledefs_group_name> • add-ruledef priority = * • qos-group-of-ruledefs <group_name> ◦ add-group-of-ruledef <group_of_ruledef_name> • charging-action <charging_action_name> ◦ flow-idle-timeout <seconds> ◦ content-id 1 ◦ service-identifier <service_id> ◦ billing-action egcdr • rulebase <rulebase_name> ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 388 NETCONF and ConfD Supported StarOS ECS Configuration Commands • action priority <priority_number> group-of-ruledefs <ruledefs_group_name> charging-action <charging_action_name> Note "= *" indicates support for every option following the prior keyword/value. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 389: Icsr Checkpointing
To conserve processing cycles and memory, dynamic and periodic updates from an active chassis to a standby chassis are done using micro-checkpoints. The output of the Exec mode show srp info command displays a complete list of SRP checkpoints. Macro-checkpoints This section lists and briefly describes ICSR macro-checkpoints. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 390: Ggsn_Apn Id Mapping
This macro-checkpoint is sent from the active to the standby chassis to map Service IDs on the standby chassis. • Time based: No • Frequency: N/A • Event based: Yes • Events: Occurs whenever a TCP connection is established between the sessmgrs and they move to READY_STATE. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 391: Micro-Checkpoints
• NAT Category, on page 376 • P-GW Category, on page 379 • Rf Interface Category, on page 381 • S6b Interface Category, on page 383 • SaMOG Category, on page 383 ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 392: Uncategorized
• Related CLI command: None SESS_UCHKPT_CMD_UPDATE_IDLESECS This micro-checkpoint sends remaining number of seconds before idle timeout. • Time based: Yes • Frequency: — • Event based: No • Events: Occurs during ICSR background checkpointing. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 393: Dcca Category
• Frequency: — • Event based: Yes • Events: Occurs whenever ECS call level information is created or modified. • Accounting: No • Delta/Cumulative: N/A • CMD-ID: 179 • Related CLI command: None ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 394: Sess_Uchkpt_Cmd_Acs_Gx_Li_Info
• Frequency: N/A • Event based: Yes • Events: Occurs whenever an ECS Release Call message is processed. • Accounting: No • Delta/Cumulative: N/A • CMD-ID: 188 • Related CLI command: — ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 395: Sess_Uchkpt_Cmd_Del_Acs_Sess_Info
• Frequency: N/A • Event based: Yes • Events: Occurs whenever a dynamic charging action has been deleted. • Accounting: No • Delta/Cumulative: N/A • CMD-ID: 183 • Related CLI command: None ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 396: Sess_Uchkpt_Cmd_Dynamic_Chrg_Del_Qg_Info
• Time based: No • Frequency: — • Event based: Yes • Events: Occurs whenever a dynamic rule has been deleted. • Accounting: No • Delta/Cumulative: N/A • CMD-ID: 178 • Related CLI command: None ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 397: Sess_Uchkpt_Cmd_Dynamic_Rule_Info
SESS_UCHKPT_CMD_UPDATE_EPDG_BEARER This micro-checkpoint synchronizes ePDG bearers between the active and standby chassis. • Time based: No • Frequency: N/A • Event based: No • Events: N/A • Accounting: Yes • Delta/Cumulative: Cumulative ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 398: Sess_Uchkpt_Cmd_Update_Epdg_Peer_Addr
• Related CLI command: show srp micro-checkpoint statistics debug-info SESS_UCHKPT_CMD_UPDATE_EPDG_STATS This micro-checkpoint synchronizes session statistics between the active and standby chassis. • Time based: Yes • Frequency: 30 seconds • Event based: No • Events: N/A • Accounting: Yes ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 399: Firewall/Ecs Category
• Event based: Yes • Events: Occurs whenever PCRF sends a command to enable the predefined SFW access rules. • Accounting: Yes • Delta/Cumulative: Cumulative • CMD-ID: 185 • Related CLI command: None ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 400: Ggsn Category
This micro-checkpoint is sent in a Network or UE initiated update procedure except for updates that result in the following scenarios: • Creation or deletion of the beare • TFT change or inter-RAT handovers • Gn-Gp handoff Parameters associated with this micro-checkpoint are shown below. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 401: Sess_Uchkpt_Cmd_Ggsn_Update_Stats
• Time based: — • Frequency: — • Event based: Yes • Events: COA (Change of Authorization) response • Accounting: — • Delta/Cumulative: — • CMD-ID: 83 • Related CLI command: None ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 402: Gx Interface Category
This micro-checkpoint is sent when a port chunk is allocated or deallocated for a subscriber sharing a NAT IP address with other subscribers. The port chunk is allocated or deallocated while data is being received for that subscriber. • Time based: No • Frequency: N/A ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 403: Sess_Uchkpt_Cmd_Gr_Update_Nat_Realms
• Frequency: N/A • Event based: Yes • Events: Triggered when a new SIP flow is created or deleted. • Accounting: No • Delta/Cumulative: N/A • CMD-ID: 98 • Related CLI command: None ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 404: Sess_Uchkpt_Cmd_Nat_Sip_Alg_Contact_Ph_Info
(based on a rule-match), and a new bypass flow is created. This checkpoint is sent when the flow is both added and deleted. • Time based: No • Frequency: N/A • Event based: Yes ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 405: P-Gw Category
• Time based: No • Frequency: N/A • Event based: Yes • Events: Triggered when the S-GW goes into Restoration mode. • Accounting: No • Delta/Cumulative: N/A • CMD-ID: 158 • Related CLI command: None ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 406: Sess_Uchkpt_Cmd_Pgw_Ubr_Mbr_Info
• Time based: No • Frequency: N/A • Event based: Yes • Events: Triggered when there is a change in the LI state for this call. • Accounting: No • Delta/Cumulative: N/A • CMD-ID: 151 ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 407: Sess_Uchkpt_Cmd_Pgw_Update_Pdn_Common_Param
This micro-checkpoint indicates a change in the SDF+QCI-based Rf accounting buckets. • Time based: Yes • Frequency: 4 seconds for aamgr checkpoint and 18 seconds for GR checkpoint • Event based: No • Events: N/A • Accounting: Yes • Delta/Cumulative: Cumulative ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 408: Sess_Uchkpt_Cmd_Acs_Accounting_Type_Qci_Rf_With_Fc
• Time based: Yes • Frequency: 4 seconds for aamgr checkpoint and 18 seconds for GR checkpoint; • Event based: No • Events: Sent along with macro-checkpoint. • Accounting: Yes • Delta/Cumulative: Cumulative ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 409: S6B Interface Category
• Event based: Yes • Events: Occurs whenever SaMOG sends a Delete-Session-Req or upon receiving a Delete-Bearer-Request. • Accounting: No • Delta/Cumulative: N/A • CMD-ID: 169 • Related CLI command: show subscriber samog-only full ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 410: Sess_Uchkpt_Cmd_Cgw_Update_Bearer_Qos
• Related CLI command: show subscriber samog-only full SESS_UCHKPT_CMD_CGW_UPDATE_STATS Reserved for future use. SESS_UCHKPT_CMD_CGW_UPDATE_UE_PARAM Reserved for future use. SESS_UCHKPT_CMD_SAMOG_ACCT_INTERIM_INFO This micro-checkpoint is sent for a SaMOG session on receipt of an Accounting Req (INTERIM-UPDATE) from the WLC ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 411: Sess_Uchkpt_Cmd_Samog_Acct_Start_Info
• Event based: Yes • Events: Occurs whenever a DHCP-Discover message is received over a different EoGRE tunnel. • Accounting: No • Delta/Cumulative: N/A • CMD-ID: 201 • Related CLI command: show subscriber samog-only full ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 412: Sess_Uchkpt_Cmd_Samog_Gtpv1_Update_Pdn_Info
SaMOG will delay handoff as it expects an Accounting Req (START) from the subscriber. • Time based: No • Frequency: N/A • Event based: Yes • Events: Occurs when a Account Req (STOP) request is received from the WLC. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 413: Sess_Uchkpt_Cmd_Samog_Li_Prov_Info
This micro-checkpoint is sent for a SaMOG session when SaMOG is waiting on the UE after sending an Access-Challenge while Re-authenticating the subscriber session. • Time based: No • Frequency: N/A • Event based: Yes ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 414: Sess_Uchkpt_Cmd_Samog_Reauthen_Info
• Events: Occurs on receiving and successfully processing AAR from the AAA Server to re-authorize the subscriber • Accounting: No • Delta/Cumulative: N/A • CMD-ID: 173 • Related CLI command: show subscriber samog-only full ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 415: Asr 5500 Sdr Cli Command Strings
A P P E N D I X ASR 5500 SDR CLI Command Strings • ASR 5500 SDR CLI Command Strings, page 389 ASR 5500 SDR CLI Command Strings This appendix identifies the CLI command strings that can be entered for a record section via the support record section command in the Global Configuration Mode.
Page 416 "show npu details" Disabled "show lagmgr details" Enabled "show fans" Disabled "show hardware version fans" Enabled "show power chassis" Enabled "show temperature" Disabled "show timing" Disabled "show alarm audible" Disabled "show alarm central-office" ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 417 "show messenger bounces" Disabled "debug limits checkup detailed" Disabled "show plugin" Disabled "show module" Disabled "show ppp statistics" Disabled "show rsvp statistics" Enabled "show session disconnect-reasons verbose" Disabled "show apn statistics all" ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 418 "show gs-service all" Disabled "show ggsn-service all" Disabled "show ggsn-service sgsn-table" Disabled "show lac-service all" Disabled "show lns-service all" Disabled "show pdsnclosedrp-service all" Enabled "show subscriber summary" Enabled "show connproxy sockets all" ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 419 Disabled "show srp audit-statistics" Disabled "show gtpc statistics verbose" Enabled "show gtpu statistics verbose" Enabled "show gtpu debug-info" Enabled "show gmm-sm statistics verbose" Enabled "show sgtpc statistics verbose" Enabled "show sgtpu statistics" ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 420 "show gtpu-service all" Disabled "show pgw-service all" Disabled "show sgw-service all" Disabled "show saegw-service all" Disabled "show henbgw-access-service statistics" Disabled "show henbgw-network-service statistics" Disabled "show mme-service all" Disabled "show mme-service enodeb-association full all" ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 421 Disabled "show alcap statistics" Disabled "show pdg-service statistics micro-tunnel" Disabled "show pdg-service statistics transport" Disabled "show demuxmgr statistics a11mgr all" Disabled "show demuxmgr statistics famgr all" Disabled "show demuxmgr statistics hamgr all" ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 422 Disabled "show dhcp statistics verbose" Disabled "show npu table" Disabled "show npu sf hw-info" Enabled "show npu asr5500" Disabled "show l2tp statistics" Enabled "show fabric asr5500" Enabled "show vpn subsystem facility vpnmgr" ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 423 "show active-charging analyzer statistics name tcp verbose" Disabled "show active-charging analyzer statistics name http verbose" Disabled "show active-charging charging-action statistics" Disabled "show active-charging rulebase statistics" Disabled "show active-charging ruledef statistics all charging" ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 424 "debug aaamgr show memory usage" Disabled "show active-charging credit-control statistics debug-info" Disabled "show active-charging credit-control session-states" Disabled "show active-charging credit-control statistics" Disabled "show diameter endpoints all" Disabled "show diameter endpoints all debug-info" ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 425 "show demuxmgr statistics phspcmgr all" Disabled "show phspc-service all" Disabled "show phspc-service statistics verbose" Disabled "show demuxmgr statistics magmgr all" Disabled "show active-charging content-filtering category policy-id all" Disabled "show content-filtering category database all verbose" ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 426 "show kvstore kvmgr" Disabled "show pcc-service all" Disabled "show pcc-service statistics all" Disabled "show pcc-policy service all" Disabled "show pcc-policy service statistics all" Disabled "show pcc-quota service all" Disabled "show pcc-quota service statistics all" ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 427 Disabled "show sls-service all" Disabled "show sls-service peers all" Disabled "show sls-service statistics all" Notes: • Enabled = Included in default record section • Disabled = Not included in default record section ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 428 ASR 5500 SDR CLI Command Strings ASR 5500 SDR CLI Command Strings ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 429: Appendix F Cisco Secure Boot
A P P E N D I X Cisco Secure Boot This appendix briefly describes the Cisco Secure Boot process and how it impacts image naming conventions. It contains the following sections: • Fundamental Concepts, page 403 • Secure Boot Overview, page 404 •...
Page 430: Secure Boot Overview
Secure Boot Overview Cisco Secure Boot places the Root of Trust in a hardware chip device on a circuit card where it cannot be changed. The first code (microloader) that executes immediately after power on is guaranteed to be legitimate code from Cisco and programmed during the time of system manufacturing.

Cisco ASR 5500 System Administration Manual

About this Guide

Getting Started

System Settings

Config Mode Lock Mechanisms

Management Settings

Verifying and Saving Your Configuration

System Interfaces and Ports

System Security

Secure System Configuration File

Software Management Operations

Smart Licensing

C H a P T E

Monitoring the System

C H a P T E

Bulk Statistics

C H a P T E

System Logs

Chapter 1 5 Troubleshooting

Packet Capture (PCAP) Trace

Quick Links

Troubleshooting

Related Manuals for Cisco ASR 5500

Summary of Contents for Cisco ASR 5500