Page 1
ASR 5500 System Administration Guide, StarOS Release 21.5 First Published: 2017-11-30 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883...
Page 2
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks . Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company.
Context Selection for Context-level Administrative User Sessions Context Selection for Subscriber Sessions Understanding Configuration Files IP Address Notation IPv4 Dotted-Decimal Notation IPv6 Colon-Separated-Hexadecimal Notation CIDR Notation Alphanumeric Strings Character Set Quoted Strings ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 4
Verifying and Saving Your Clock and Time Zone Configuration Configuring Network Time Protocol Support Configuring NTP Servers with Local Sources Using a Load Balancer Verifying the NTP Configuration Configuring SF Boot Configuration Pause ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 5
Configuring TACACS+ AAA Services Configuring TACACS+ for Non-local VPN Authentication Verifying the TACACS+ Configuration Separating Authentication Methods Disable TACACS+ Authentication for Console Disable AAA-based Authentication for Console Disable TACACS+ Authentication at the Context Level ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 6
Configuring SNMP and Alarm Server Parameters Verifying SNMP Parameters Controlling SNMP Trap Generation Verifying and Saving Your Configuration C H A P T E R 6 Verifying the Configuration Feature Configuration Service Configuration Context Configuration System Configuration ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 7
Notification of Changes in Privilege Levels User Access to Operating System Shell Test-Commands Enabling cli test-commands Mode Enabling Password for Access to CLI-test commands Exec Mode cli test-commands Configuration Mode cli test-commands ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 8
System Boot Methods Viewing the Current Boot Stack Adding a New Boot Stack Entry Deleting a Boot Stack Entry Upgrading the Operating System Software Identifying OS Release Version and Build Number ASR 5500 System Administration Guide, StarOS Release 21.5 viii...
Page 9
Configuring Local-User Password Properties Configuring Local-User Account Management Properties Local-User Account Lockouts Local-User Account Suspensions Changing Local-User Passwords Smart Licensing C H A P T E R 1 1 Feature Summary and Revision History ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 10
Manually Gathering and Transferring Bulk Statistics Clearing Bulk Statistics Counters and Information Bulkstats Schema Nomenclature Statistic Types Data Types Key Variables Bulk Statistics Event Log Messages System Logs C H A P T E R 1 4 ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 11
C H A P T E R 1 5 Verifying Network Connectivity Using the ping or ping6 Command Syntax Troubleshooting Using the traceroute or traceroute6 Command traceroute – IPv4 traceroute6 – IPv6 ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 12
C H A P T E R 1 7 Prerequisites Console Access Boot Image Accessing the boot CLI Initiate a Reboot Access Control Lists C H A P T E R 1 8 Overview Understanding ACLs Rule(s) ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 13
Verifying the ACL Configuration to APNs Congestion Control C H A P T E R 1 9 Overview Configuring Congestion Control Configuring the Congestion Control Threshold Configuring Service Congestion Policies Configuring Overload Reporting on the MME ASR 5500 System Administration Guide, StarOS Release 21.5 xiii...
Page 14
Enabling OSPFv6 Over a Specific Interface Redistributing Routes Into OSPFv3 (Optional) Confirming OSPFv3 Configuration Parameters Equal Cost Multiple Path (ECMP) BGP-4 Routing Overview of BGP Support Configuring BGP Redistributing Routes Into BGP (Optional) ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 15
Enabling BFD on OSPF Interfaces All OSPF Interfaces Specific OSPF Interface Monitoring BFD Connection for ICSR Saving the Configuration Chassis-to-Chassis BFD Monitoring for ICSR Enable Primary Chassis BFD Monitoring Set BFD to Ignore ICSR Dead Interval ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 16
BGP MPLS VPNs C H A P T E R 2 2 Introduction MPLS-CE Connected to PE as a PE Overview Sample Configuration IPv6 Support for BGP MPLS VPNs Overview Sample Configuration ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 17
Interchassis Session Recovery C H A P T E R 2 5 Overview Interchassis Communication Checkpoint Messages SRP CLI Commands Exec Mode CLI Commands show Commands AAA Monitor BGP Interaction Requirements ASR 5500 System Administration Guide, StarOS Release 21.5 xvii...
Page 18
Configuring BGP Router and Gateway Address in Destination Context Configuring SRP Context for BGP for Destination Context Setting Subscriber to Default Mode Verifying BGP Configuration in Destination Context Disabling Bulk Statistics Collection on a Standby System ASR 5500 System Administration Guide, StarOS Release 21.5 xviii...
Page 19
Configuring SDR Collection Displaying the SDR Collection Configuration Collecting and Storing the SDR Information Managing Record Collection Using SDRs to Diagnose Problems SDR CLI Commands Configuration Commands (Global Configuration Mode) support record ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 20
Platform Processes Management Processes NETCONF and ConfD A P P E N D I X C Feature Summary and Revision History Overview Configuring ConfD SSH Key Requirement NETCONF Protocol Configuration Mode bulkstats ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 21
<url> confd Supported StarOS ECS Configuration Commands ICSR Checkpointing A P P E N D I X D Overview of Checkpointing Macro-checkpoints GGSN_APN ID MAPPING INSTANCE LEVEL CHECKPOINT SERVICE_ID MAPPING VPNMGR_ID MAPPING ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 24
A P P E N D I X E Cisco Secure Boot A P P E N D I X F Fundamental Concepts Secure Boot Overview MIO2 Support for Secure Boot Image Naming Conventions Verifying Authenticity ASR 5500 System Administration Guide, StarOS Release 21.5 xxiv...
Text represented as commands This typeface represents commands that you enter, for example: show ip access-list This document always gives the full form of a command in lowercase letters. Commands are not case sensitive. ASR 5500 System Administration Guide, StarOS Release 21.5...
Use the information in this section to contact customer support. Refer to the support area of http://www.cisco.com for up-to-date product documentation or to submit a service request. A valid username and password are required to access this site. Please contact your Cisco sales or service representative for additional information.
C H A P T E R System Operation and Configuration The ASR 5500 is designed to provide subscriber management services for Mobile Packet Core networks. Before you connect to the command line interface (CLI) and begin system configuration, you must understand how the system supports these services.
• Local Subscribers: These are subscribers, primarily used for testing purposes, that are configured and authenticated within a specific context. Unlike RADIUS-based subscribers, the local subscriber's user profile (containing attributes like those used by RADIUS-based subscribers) is configured within the context where they are created. ASR 5500 System Administration Guide, StarOS Release 21.5...
This section describes the process that determines which context to use for context-level administrative users or subscriber sessions. Understanding this process allows you to better plan your configuration in terms of how many contexts and interfaces you need to configure. ASR 5500 System Administration Guide, StarOS Release 21.5...
If you have configured the user profile on an AAA server, the system must determine how to contact the AAA server to perform authentication. It does this by determining the AAA context for the session. ASR 5500 System Administration Guide, StarOS Release 21.5...
The following table and flowchart describe the process that the system uses to select an AAA context for a context-level administrative user. Items in the table correspond to the circled numbers in the flowchart. Figure 1: Context-level Administrative User AAA Context ASR 5500 System Administration Guide, StarOS Release 21.5...
• Users configured in any non-local context are required to specify which context they are trying to log in to. For example: ssh username@ctx_name@ctx_ip_addrs ASR 5500 System Administration Guide, StarOS Release 21.5...
• In addition to being applied during the boot process, you can also apply configuration files manually at any time by executing the appropriate commands at the CLI prompt. Refer to the instructions in Software Management Operations. ASR 5500 System Administration Guide, StarOS Release 21.5...
An IPv6 address is represented by eight groups of 16-bit hexadecimal values separated by colons (:). A typical example of a full IPv6 address is 2001:0db8:85a3:0000:0000:8a2e:0370:7334 The hexadecimal digits are case-insensitive. The 128-bit IPv6 address can be abbreviated with the following rules: ASR 5500 System Administration Guide, StarOS Release 21.5...
Some CLI commands require the entry of an alphanumeric string to define a value. The string is a contiguous collection of alphanumeric characters with a defined minimum and maximum length (number of characters). ASR 5500 System Administration Guide, StarOS Release 21.5...
The following characters may appear in strings entered in ruledefs, APNs, license keys and other configuration/display parameters: • < > (arrow brackets) [less than or greater than] • * (asterisk) [wildcard] • : (colon) • $ (dollar sign) [wildcard] • . (dot) ASR 5500 System Administration Guide, StarOS Release 21.5...
Quoted Strings If descriptive text requires the use of spaces between words, the string must be entered within double quotation marks (" "). For example: interface "Rack 3 Chassis 1 port 5/2" ASR 5500 System Administration Guide, StarOS Release 21.5...
Operation. For additional information on configuring the maximum number of sessions for Local-User users and AAA context users, see Configuring Context-level Administrative Users. Each authentication method must be configured separately because each of the three authentication methods can use the same user name. ASR 5500 System Administration Guide, StarOS Release 21.5...
Version 1 of the SSH protocol is now obsolete due to security vulnerabilities. The v1-rsa keyword has been removed for the Context Configuration mode ssh command. Running a script or configuration that uses the ASR 5500 System Administration Guide, StarOS Release 21.5...
The ssh key-gen wait-time command specifies this wait time in seconds. The default interval is 300 seconds (5 minutes). Step 1 Enter the context configuration mode. host_name context context_name [local] (config)# [local]host_name(config-ctx)# ASR 5500 System Administration Guide, StarOS Release 21.5...
• chacha20-poly1305@openssh.com – ChaCha20 symmetric cipher, Poly1305 cryptographic Message Authentication Code [MAC], OpenSSH The default string for algorithms in a Normal build is: blowfish-cbc,3des-cbc,aes128-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com, chacha20-poly1305@openssh.com The default string for algorithms in a Trusted build is: aes256-ctr,aes192-ctr,aes128-ctr ASR 5500 System Administration Guide, StarOS Release 21.5...
• type specifies the key type; v2-rsa is the only supported type. For releases prior to 20.0, StarOS supports a maximum of 64 configurable authorized SSH keys. For Important release 20.0 and higher, StarOS supports a maximum of 200 configurable authorized SSH keys. ASR 5500 System Administration Guide, StarOS Release 21.5...
If pattern is in the format 'USER@IP_ADDRESS' then USER and IP address are separately checked, restricting logins to those users from the specified IP address. The default is to allow unrestricted access by any user. ASR 5500 System Administration Guide, StarOS Release 21.5...
• User tries to login with local context username through local context (VPN) interface with authorized-key configured on local context. • User tries to login with non-local context username through non-local context interface with authorized-key configured on non-local context. ASR 5500 System Administration Guide, StarOS Release 21.5...
45 seconds (using default parameters). Two SSH Configuration mode CLI commands allow you to disable or modify this default sshd disconnect behavior. For higher security, Cisco recommends at least a client-alive-countmax of 2 and client-alive-interval of Important 5.
• algorithms is a string of 1 through 511 alphanumeric characters that specifies the algorithm(s) to be used as a single string of comma-separated variables (no spaces) in priority order (left to right) from those shown below: ASR 5500 System Administration Guide, StarOS Release 21.5...
• publickey – authentication via SSH v2-RSA protocol. • keyboard-interactive – request for an arbitrary number of pieces of information. For each piece of information the server sends the label of the prompt. ASR 5500 System Administration Guide, StarOS Release 21.5...
Verify that the SSH client key has been generated. host_name do show ssh client key [local] (config-ssh)# Step 5 Exit the SSH Client Configuration mode. host_name exit [local] (config-ssh)# host_name [local] (config)# ASR 5500 System Administration Guide, StarOS Release 21.5...
An SSH key is a requirement before NETCONF protocol and the ConfD engine can be enabled in support of Cisco Network Service Orchestrator (NSO). Refer to the NETCONF and ConfD appendix in this guide for detailed information on how to enable NETCONF. ASR 5500 System Administration Guide, StarOS Release 21.5...
Network Time Protocol (NTP) server(s) to ensure that the clock is always accurate. In addition to configuring the timing source, you must configure the system's time zone. ASR 5500 System Administration Guide, StarOS Release 21.5...
• NTP configured for at least three external NTP servers. With three or more servers, outlyers and broken or misconfigured servers can be detected and excluded. Generally, the more servers the better (within reason). ASR 5500 System Administration Guide, StarOS Release 21.5...
Use of prefer usually results in a poorer choice than NTP can determine for itself. Important Do not change the maxpoll, minpoll, or version keyword settings unless instructed to do so by Cisco TAC. Use the following example to configure the necessary NTP association parameters:...
• (o) PPS peer refid Last reported NTP reference to which the server is synchronizing. NTP server stratum level. Communication type: broadcast, multicast, etc. when Number of seconds since the last contact. ASR 5500 System Administration Guide, StarOS Release 21.5...
The following example command instructs the system to wait up to 120 seconds for all active cards and 1 standby card to become active: wait cards active all standby 1 timeout 120 ASR 5500 System Administration Guide, StarOS Release 21.5...
Autoconfirm is intended as an "ease-of-use" feature. It presumes that the answer to "Are you sure? [Y/N]" prompts will be "Yes", and skips the prompt. Its use implies that the user is an expert who does not need these "safety-net" prompts. ASR 5500 System Administration Guide, StarOS Release 21.5...
• exec-command exec_mode_category specifies one of the following categories of Exec mode configuration commands. ◦ card ◦ clear ◦ copy ◦ debug ◦ delete ◦ filesystem ◦ hd ◦ reload ◦ rename ASR 5500 System Administration Guide, StarOS Release 21.5...
An Inspector cannot execute show configuration commands and does not have the privilege to enter the Config Mode. Configuration instructions are categorized according to the type of administrative user: context-level or local-user. ASR 5500 System Administration Guide, StarOS Release 21.5...
Refer to the Command Line Interface Reference for detailed information about these commands. Configuring Context-level Security Administrators Use the example below to configure additional security administrators: configure context local administrator user_name { [ encrypted ] [ nopassword ] password password } Notes: ASR 5500 System Administration Guide, StarOS Release 21.5...
When enabled this option prevents someone from using an operator password to gain access to the user account. Save the configuration as described in the Verifying and Saving Your Configuration chapter. ASR 5500 System Administration Guide, StarOS Release 21.5...
• During a system boot wherein the boot config is loaded, encrypted Lawful Intercept configuration will be decrypted and loaded silently, in other words Lawful Intercept CLI configuration will not be visible on the console port. ASR 5500 System Administration Guide, StarOS Release 21.5...
For a detailed description of the Global Configuration mode require segregated li-configuration and associated commands, see the Lawful Intercept CLI Commands appendix in the Lawful Intercept Configuration Guide. The Lawful Intercept Configuration Guide is not available on www.cisco.com. Contact your Cisco account Note representative to obtain a copy of this guide.
Lockout on Login Fail: Yes Updating Local-User Database Update the local-user (administrative) configuration by running the following Exec mode command. This command should be run immediately after creating, removing or editing administrative users. update local-user database ASR 5500 System Administration Guide, StarOS Release 21.5...
• Set temporary passwords for suspended users, using the Exec mode password change local-user username command. • Reset the suspend flag for users, using the Configuration mode no suspend local-user username command. ASR 5500 System Administration Guide, StarOS Release 21.5...
Associating an SFTP root Directory with an Administrator The administrator command allows an administrator to associate an SFTP root directory for a specified administrator. configure context local ASR 5500 System Administration Guide, StarOS Release 21.5...
CLI determines that the sessions for that user is 1 which is greater than 0 and it will display an error message in the output, it generate starCLIActiveCount and starCLIMaxCount SNMP MIB Objects and starGlobalCLISessionsLimit and starUserCLISessionsLimit SNMP MIB Alarms. ASR 5500 System Administration Guide, StarOS Release 21.5...
Configuration mode priv-lvl and user-id commands. For additional information, see the TACACS+ Configuration Mode Commands chapter of the Command Line Interface Reference. In release 20.0 and higher Trusted StarOS builds, FTP is not supported. Important ASR 5500 System Administration Guide, StarOS Release 21.5...
• By default, the TACACS+ configuration will provide authentication, authorization, and accounting services. Enable TACACS+ on the StarOS: configure aaa tacacs+ For additional information, see Disable TACACS+ Authentication for Console, on page ASR 5500 System Administration Guide, StarOS Release 21.5...
TACACS+ AAA services. active session #1: login username : asradmin login tty : /dev/pts/1 time of login : Fri Oct 22 13:19:11 2011 login server priority current login status : pass ASR 5500 System Administration Guide, StarOS Release 21.5...
When aaa tacacs+ noconsole is configured, a local user with valid credentials can log into a Console port Important even if on-authen-fail stop and on-unknown-user stop are enabled via the TACACS+ Configuration mode. If the user is not a TACACS+ user, he/she cannot login on a vty line. ASR 5500 System Administration Guide, StarOS Release 21.5...
The noconsole keyword prevents the user from logging into the Console port. The novty keyword prevents the user from logging in via an SSH or telnet session. If neither keyword is specified access to both Console and vty lines is allowed. ASR 5500 System Administration Guide, StarOS Release 21.5...
|grep novty. The output of these commands will indicate any changes you have made. Configuring a Chassis Key A chassis key should be configured for each system. This key is used to decrypt encrypted passwords found in configuration files. ASR 5500 System Administration Guide, StarOS Release 21.5...
Use the chassis keycheck command to verify whether multiple chassis share the same chassis key value. For release 19.2 and higher, in the absence of an existing chassis ID file the chassis keycheck command Important is hidden. ASR 5500 System Administration Guide, StarOS Release 21.5...
You can optionally enable automatic resets of FSCs if an excessive number of discarded fabric egress packets is detected. A Global Configuration mode fabric fsc-auto-recover command enables or disables automatic FSC resets upon detection of an excessive number of discarded fabric egress packets. ASR 5500 System Administration Guide, StarOS Release 21.5...
FSC as an integer from 1 to 99 or unlimited (will not stop until FSC is reset). The default setting is 1. To enable this feature, you must first configure the Fabric Egress Drop Threshold via the Global Important Configuration mode fabric egress drop-threshold command. ASR 5500 System Administration Guide, StarOS Release 21.5...
This is called an exclusive-lock. Once an exclusive-lock is granted to an administrator, no one else can access config mode for the duration of the session while the lock is held. The exclusive-lock is terminated only when the user holding the lock exits to Exec mode. ASR 5500 System Administration Guide, StarOS Release 21.5...
If configure lock force is successful, all users who have been forced to exit to Exec mode will see a warning message indicating that they were forced to exit from config mode: host_name [local] (config)# Warning: Administrator <username> has forced you to exit from configuration mode host_name [local] ASR 5500 System Administration Guide, StarOS Release 21.5...
With -noconfirm enabled, since all the commands are also echoed to the screen, the warning message will likely scroll off the screen and may not be noticed. Important When StarOS first starts up, the Initial Boot Config File is always exclusively locked while loading. ASR 5500 System Administration Guide, StarOS Release 21.5...
With this option StarOS displays the appropriate warning message, but does not wait for save configuration operations to complete before initiating the reboot. host_name reload ignore-locks -noconfirm [local] Warning: One or more other administrators are saving configuration Starting software 21.0... ASR 5500 System Administration Guide, StarOS Release 21.5...
M Type Start Time ------------------------------ - ------- -------------- ------------------------ admin /dev/pts/2 Tue Mar 29 11:51:15 2016 Alice c admin /dev/pts/1 Mon Mar 28 14:41:15 2016 Carol admin /dev/pts/0 Mon Mar 28 14:40:52 2016 ASR 5500 System Administration Guide, StarOS Release 21.5...
Commands used in the configuration samples in this section provide base functionality. The most common commands and keyword options are presented. In many cases, other optional commands and keyword options are available. Refer to the Command Line Interface Reference for detailed information about all commands. ASR 5500 System Administration Guide, StarOS Release 21.5...
Configuring IIOP Transport Parameters Use the following example to configure Internet Inter-ORB Protocol (IIOP) transport parameters that enable ORB-based management to be performed over the network: configure orbem iiop-transport iiop-port iiop_port_number ASR 5500 System Administration Guide, StarOS Release 21.5...
: 87950 usecs SNMP MIB Browser This section provides instructions to access the latest Cisco Starent MIB files using a MIB Browser. An updated MIB file accompanies every StarOS release. For assistance to set up an account and access files, please contact your Cisco sales or service representative for additional information.
Use the following procedure to view the SNMP MIBs for a specific StarOS build : Step 1 Contact Cisco sales or a service representative, to obtain access to the MIB files for a specific StarOS release. Step 2 Download the compressed companion file to a folder on your desktop. The file name follows the convention: companion_xx.x.x.tgz...
Important For information on SNMP MIBs changes for a specific release, refer to the SNMP MIB Changes in Release xx chapter of the appropriate version of the to the Release Change Reference. ASR 5500 System Administration Guide, StarOS Release 21.5...
• The system contact is the name of the person to contact when traps are generated that indicate an error condition. • An snmp community string is a password that allows access to system management information bases (MIBs). ASR 5500 System Administration Guide, StarOS Release 21.5...
• The snmp user name is for SNMP v3 and is optional. There are numerous keyword options associated with this command. • Use the snmp mib command to enable other industry standard and Cisco MIBs. By default only the STARENT-MIB is enabled.
If at a later time you wish to re-enable a trap that was previously suppressed, use the snmp trap enable command. Step 2 Save the configuration as described in Verifying and Saving Your Configuration. ASR 5500 System Administration Guide, StarOS Release 21.5...
This command displays errors it finds within the configuration. For example, if you have created a service named "service1", but entered it as "srv1" in another part of the configuration, the system displays this error. ASR 5500 System Administration Guide, StarOS Release 21.5...
StarOS 19.2 and higher. If you run a script or configuration that contains the removed keyword, a warning message is generated. For complete information about the above command, see the Exec Mode Commands chapter of the Command Line Interface Reference. save configuration /flash/cfgfiles/system.cfg ASR 5500 System Administration Guide, StarOS Release 21.5...
In many cases, other commands and/or keyword options are available. Refer to the Command Line Interface Reference for complete information regarding all commands. To create a context, apply the following example configuration: configure context name Repeat to configure additional contexts. ASR 5500 System Administration Guide, StarOS Release 21.5...
To ensure that system line card and port-level redundancy mechanisms function properly, the Spanning Tree protocol must be disabled on devices connected directly to any system port. Failure to turn off the Spanning Tree protocol may result in failures in the redundancy mechanisms or service outage. ASR 5500 System Administration Guide, StarOS Release 21.5...
Configuring a Static Route for an Interface Use the following example to configure a static route for an interface: configure context name { ip | ipv6 } route ip_address netmask next-hop gw_address interface_name Notes: ASR 5500 System Administration Guide, StarOS Release 21.5...
802.1q tagging, works by appending a tag identifying the VLAN ID to each Ethernet frame. For information on how to create VLANs to handle specific packet types, see the VLANs chapter. ASR 5500 System Administration Guide, StarOS Release 21.5...
This feature is implemented by adding support for the vlan command to the management port in the local context. See the example command sequence below. configure port ethernet 1/1 vlan 184 no shutdown bind interface 19/3-UHA foo ASR 5500 System Administration Guide, StarOS Release 21.5...
64-bit random salt value within the encryption. Passwords encrypted with MD-5 will have "+A" prefixes in the configuration file to identify the methodology used for encrypting. ASR 5500 System Administration Guide, StarOS Release 21.5...
ICSR pairs share the same chassis key. If the ISCR detects that the two chassis/instances have incompatible chassis keys, an error message is logged but the ICSR system will continue to run. Without the matching ASR 5500 System Administration Guide, StarOS Release 21.5...
A maximum of five LI server addresses are supported via an authenticating agent. The ability to restrict destination addresses for LI content and event delivery using RADIUS attributes is Important supported only for PDSN and HA gateways. ASR 5500 System Administration Guide, StarOS Release 21.5...
The starLocalUserPrivilegeChanged trap indicates that a local user's privilege level has been changed. User Access to Operating System Shell The starOsShellAccessed trap indicates that a user has accessed the operating system shell. ASR 5500 System Administration Guide, StarOS Release 21.5...
CLI test-commands are intended for diagnostic use only. Access to these commands is not required during normal system operation. These commands are intended for use by Cisco TAC personnel only. Some of these commands can slow system performance, drop subscribers, and/or render the system inoperable.
Warning: Test commands enables internal testing and debugging commands USE OF THIS MODE MAY CAUSE SIGNIFICANT SERVICE INTERRUPTION An SNMP trap (starTestModeEntered) is generated whenever a user enters CLI test-commands mode. Important ASR 5500 System Administration Guide, StarOS Release 21.5...
ASR 5500 VPC-DI VPC-SI Feature Default Disabled Related Changes in This Release Not Applicable Related Documentation • ASR 5500 System Administration Guide • VPC-DI System Administration Guide • VPC-SI System Administration Guide ASR 5500 System Administration Guide, StarOS Release 21.5...
-n “#” > sig_base64 base64 sig -w 0 >> sig_base64 echo “” >> sig_base64 4 Append the original configuration file with the digital signature. Example (Linux/OpenSSL): cat sig_base64 cfg_file > signed_cfg_file ASR 5500 System Administration Guide, StarOS Release 21.5...
• Any existing .pem file will be replaced with the new .pem file when the command is executed. • url_address may refer to a local or a remote file, and must be entered using the following format: [file:]{/flash | /usb1 | /hd-raid | /sftp}[/directory]/filename ASR 5500 System Administration Guide, StarOS Release 21.5...
• Use the no cfg-security sign command to disable verification of signature in the configuration file. Disabling signature verification (no cfg-security sign command) will remove the .enable_cfg_pubkey file. • The system looks for the .enable_cfg_pubkey file to determine if signature verification is enabled or disabled. ASR 5500 System Administration Guide, StarOS Release 21.5...
• Abridged Crash Log: The abridged crash log, identified by its crashlog filename, contains summary information about software or hardware failures that occur on the system. This file is located in the ASR 5500 System Administration Guide, StarOS Release 21.5...
{ /flash | /usb1 | /hd-raid } /dir_name [local] Use the following command to create a directory named configs: host_name mkdir /flash/configs [local] ASR 5500 System Administration Guide, StarOS Release 21.5...
The rmdir command deletes a current directory on the specific local device. This directory can then be incorporated as part of the path name for any file located in the local file system. ASR 5500 System Administration Guide, StarOS Release 21.5...
Exec mode prompt: host_name configure url [ verbose ] [local] url specifies the location of the CLI configuration file to be applied. It may refer to a local or a remote file. ASR 5500 System Administration Guide, StarOS Release 21.5...
To validate an operating system software image file, enter the following command at the Exec mode prompt: host_name show version { /flash | /usb1 | /hd-raid } /[directory]/filename [all] [local] The output of this command displays the following information: • Version number • Description ASR 5500 System Administration Guide, StarOS Release 21.5...
IP address of any Domain Name Service (DNS) name server that may be used Viewing the Current Boot Stack To view the boot stack entries contained in the boot.sys file run the Exec mode show boot command. ASR 5500 System Administration Guide, StarOS Release 21.5...
To identify the boot image priority that was loaded at the initial boot time enter: show boot initial-config The example below displays the output: host_name show boot initial-config [local] Initial (boot time) configuration: image_version image tftp://192.168.1.161/tftpboot/ .bin \ ASR 5500 System Administration Guide, StarOS Release 21.5...
The operating system can be configured to provide services and perform pre-defined functions through commands issued from the CLI. The operating system software is delivered as a single binary file (.bin file extension) and is loaded as a single instance for the entire system. ASR 5500 System Administration Guide, StarOS Release 21.5...
[local] Download the Software Image from the Support Site Access to the Cisco support site and download facility is username and password controlled. You must have an active customer account to access the site and download the StarOS image. Download the software image to a network location or physical device (USB stick) from which it can be uploaded to the /flash device.
Prior to release 20.0, local-user passwords were hashed with the MD5 message digest-algorithm and saved in the database. In release 20. 0, PBKDF2 (Password Based Key Derivation Function - Version 2) is now ASR 5500 System Administration Guide, StarOS Release 21.5...
Important Newcall policies are created on a per-service basis. If you have multiple services running on the chassis, you can configure multiple newcall policies. ASR 5500 System Administration Guide, StarOS Release 21.5...
(config)# cfg_url /flash/filename Assign the next highest priority to this entry, by using the <N-1> method, wherein you assign a priority number that is one number less than your current highest priority. ASR 5500 System Administration Guide, StarOS Release 21.5...
IPSP Before the Software Upgrade in the PDSN Administration Guide. Verify the Running Software Version After the system has successfully booted, verify that the new StarOS version is running by executing the Exec mode show version command. host_name show version [local ASR 5500 System Administration Guide, StarOS Release 21.5...
• Feature use licenses enable specific features/functionality within the system and are distributed based on the total number of sessions supported by the system. ASR 5500 System Administration Guide, StarOS Release 21.5...
Adding License Keys to Configuration Files License keys can be added to a new or existing configuration file. ASR 5500 System Administration Guide, StarOS Release 21.5...
Requesting License Keys License keys for the system can be obtained through your Cisco account representative. Specific information is required before a license key may be generated: • Sales Order or Purchase Order information • Desired session capacity •...
Command Line Interface Reference for details on each of the above parameters. Configuring Local-User Account Management Properties Local-user account management includes configuring account lockouts and user suspensions. Local-User Account Lockouts Local-user accounts can be administratively locked for the following reasons: ASR 5500 System Administration Guide, StarOS Release 21.5...
Disabled - Configuration Required Related Changes in This Release Not Applicable Related Documentation • ASR 5500 System Administration Guide • Command Line Interface Reference • VPC-DI System Administration Guide • VPC-SI System Administration Guide ASR 5500 System Administration Guide, StarOS Release 21.5...
Licensing consists of software activation by installing Product Activation Keys (PAK) on to the Cisco product. A Product Activation Key is a purchasable item, ordered in the same manner as other Cisco equipment and used to obtain license files for feature set on Cisco Products. Smart Software Licensing is a cloud based licensing of the end-to-end platform through the use of a few tools that authorize and deliver license reporting.
Request a Cisco Smart Account A Cisco Smart Account is an account where all products enabled for Smart Licensing are deposited. A Cisco Smart Account allows you to manage and activate your licenses to devices, monitor license use, and track Cisco license purchases.
Before you begin, ensure you have: • created a Smart Licensing/Virtual account on https://software.cisco.com • registered products on https://software.cisco.com using the ID tokens created as part of virtual account. • enabled a communication path between the StarOS system to the CSSM server.
• starSmartLicenseCSSMConntectionFail / starSmartLicenseCSSMConnectionFailClear For more information regarding these SNMP MIB alarms, see the SNMP MIB Reference. Note Smart Licensing Bulk Statistics The following statistics are provided in support of Smart Licensing ASR 5500 System Administration Guide, StarOS Release 21.5...
• max_call_count – Maximum number of sessions/calls counted for the entire product for a particular service type. • last_lic_count – License count last reported to Cisco licensing (CSSM) for particular service type. • max_lic_count – Maximum license count reported to Cisco licensing (CSSM) for particular service type up to this point in time.
This section contains commands used to monitor the status of tasks, managers, applications and other software components in the system. Output descriptions for most of the commands are located in the Statistics and Counters Reference. ASR 5500 System Administration Guide, StarOS Release 21.5...
View datalink counters for a specific port show port datalink counters slot#/port# View Port Network Processor Unit (NPU) counters for a specific port show port npu counters slot#/port# View System Information and Network Interfaces ASR 5500 System Administration Guide, StarOS Release 21.5...
(PPP, MIPHA, MIPFA, etc.). Statistics and counters can be cleared using the CLI clear command. Refer to the Exec Mode Commands chapter of the Command Line Interface Reference for detailed information on using this command. ASR 5500 System Administration Guide, StarOS Release 21.5...
Bulk Statistics Event Log Messages, page 124 Feature Summary and Revision History Summary Data Applicable Product(s) or Functional Area Applicable Platform(s) ASR 5500 VPC-DI VPC-SI Feature Default Disabled - Configuration Required Related Changes in This Release Not Applicable ASR 5500 System Administration Guide, StarOS Release 21.5...
The configuration example in this section defines basic operation of the bulk statistics feature. Use the following example configuration to set up the system to communicate with the statistic collection server: configure bulkstats mode schema name format format_string ASR 5500 System Administration Guide, StarOS Release 21.5...
Refer to the Bulk Statistics Configuration Mode Commands and Bulk Statistics File Configuration Mode Commands chapters in the Command Line Interface Reference for more information regarding supported schemas, available statistics, and proper command syntax. ASR 5500 System Administration Guide, StarOS Release 21.5...
• show bulkstats schemas – displays the scheme used to gather statistics including collection and transmission statistics. See Verifying Your Configuration, on page 119. • show bulkstats variables – displays available bulkstat variables (%variable%) by schema type that can be incorporated into a schema format. ASR 5500 System Administration Guide, StarOS Release 21.5...
Total records discarded: Total bytes discarded: Last transfer time required: 0 second(s) No successful data transfers No attempted data transfe File 2 not configured File 3 not configured File 4 not configured ASR 5500 System Administration Guide, StarOS Release 21.5...
The system provides commands that allow you to manually initiate the gathering and transferring of bulk statistics. To manually initiate the gathering of bulk statistics outside of the configured sampling interval, enter the following Exec mode command: bulkstats force gather ASR 5500 System Administration Guide, StarOS Release 21.5...
• All incremental statistics are cumulative and reset only by one of the following methods: roll-over when the limit is reached, after a system restart, or after a clear command is performed. • The limit depends upon the data type. ASR 5500 System Administration Guide, StarOS Release 21.5...
An empty string is inserted if no address is available. date The UTC date that the collection file was created in Information String YYYYMMDD format where YYYY represents the year, MM represents the month and DD represents the day. ASR 5500 System Administration Guide, StarOS Release 21.5...
HH represents the hours, MM represents the minutes, and SS represents the seconds. The time displays in local time, not UTC. localtz The local timezone set for this platform. Information String ASR 5500 System Administration Guide, StarOS Release 21.5...
"Unable to open url filename for storing bulkstats data" Receiver Write Error 31019 Warning "Unable to write to url filename while storing bulkstats data" Receiver Close Error 31020 Warning "Unable to close url filename while storing bulkstats data" ASR 5500 System Administration Guide, StarOS Release 21.5...
There are five types of logs that can be configured and viewed on the system: Important Not all Event Logs can be configured on all products. Configurability depends on the hardware platform and licenses in use. ASR 5500 System Administration Guide, StarOS Release 21.5...
To prevent the loss of log data, the system can be configured to transmit logs to a syslog server over a network interface. For releases after 15.0 MR4, TACACS+ accounting (CLI event logging) will not be generated for Lawful Important Intercept users (priv-level 15 and 13). ASR 5500 System Administration Guide, StarOS Release 21.5...
• active – Indicates that only active processes are to have logging options set. • disable – Disables logging for a specific instance or all instances. This keyword is only supported for aaamgr, hamgr and sessmgr facilities. ASR 5500 System Administration Guide, StarOS Release 21.5...
(logging filter disable facility facility all) and then enable logging of the specific instance (logging filter enable facility facility instance instance_number. To restore default behavior you must re-enable logging of all instances (logging filter enable facility facility all). ASR 5500 System Administration Guide, StarOS Release 21.5...
Thu May 11 15:28:03 2017 Internal trap notification 1362 (LogLevelChanged) Logging level of facility resmgr is changed to critical by user #initial-config# context local privilege level Security Administrator ttyname /dev/pts/0 address type IPV4 remote ip address 0.0.0.0 ASR 5500 System Administration Guide, StarOS Release 21.5...
CLI instance. Each active log can be configured with filter and display properties that are independent of those configured globally for the system. Active logs are displayed in real time as they are generated. ASR 5500 System Administration Guide, StarOS Release 21.5...
• hnb-gw: HNB-GW (3G Femto GW) logging facility (Do not use this keyword for HNB-GW in Release • hnbmgr: HNB-GW Demux Manager logging facility (Do not use this keyword for HNB-GW in Release ASR 5500 System Administration Guide, StarOS Release 21.5...
GMM and the BSSGP layers for logical links between the MS and the SGSN • local-policy: Local Policy Service facility • location-service: Location Services facility • m3ap: M3 Application Protocol facility • m3ua: M3UA Protocol logging facility ASR 5500 System Administration Guide, StarOS Release 21.5...
• slmgr: Smart Licensing manager logging facility • sls: Service Level Specification (SLS) protocol logging facility • sm-app: SM Protocol logging facility • sms: Short Message Service (SMS) logging messages between the MS and the SMSC ASR 5500 System Administration Guide, StarOS Release 21.5...
Repeat to configure additional monitor log targets. Disabling Monitor Logs Use the following example to disable monitor logs: configure no logging monitor { ip_addr | ipv6_addr | msid id | username name } ASR 5500 System Administration Guide, StarOS Release 21.5...
• From the syslog server: If the system is configured to send logs to a syslog server, the logs can be viewed directly on the syslog server. • From the system CLI: Logs stored in the system memory buffers can be viewed directly from the CLI. ASR 5500 System Administration Guide, StarOS Release 21.5...
CPU (minicore), NPU or kernel crash. The logged events are recorded into fixed length records and stored in /flash/crashlog2. Whenever a crash occurs, the following crash information is stored: 1 The event record is stored in /flash/crashlog2 file (the crash log). ASR 5500 System Administration Guide, StarOS Release 21.5...
(SFTP), or the Hyper-Text Transfer Protocol (HTTP); this is recommended for large network deployments in which multiple systems require the same configuration In release 20.0 and higher Trusted StarOS builds, FTP is not supported. Important ASR 5500 System Administration Guide, StarOS Release 21.5...
• Similar Crash Count – number of similar crashes • Time of first crash – timestamp when first crash occurred in format: YYYY-MMM-DD+hh:mm:ss • Failure message – text of event message • Function – code identifier ASR 5500 System Administration Guide, StarOS Release 21.5...
<actual_percent>% for facility <facility_name> instance <instance_id> If a trigger condition occurs within the polling interval, the alert or alarm will not be generated until the end of the polling interval. ASR 5500 System Administration Guide, StarOS Release 21.5...
A subsequent check pointing of the logs results in the prior check pointed inactive log data being cleared and replaced with the newly check pointed data. Checkpointed log data is not available for viewing. ASR 5500 System Administration Guide, StarOS Release 21.5...
SIPCDPRT Facility 95000-95999 sitmain System Initiation Task (SIT) Main Facility 4000-4999 sm-app Short Message Service (SMS) Facility 88300-88499 SMS Service Facility 116800-116899 sndcp Sub Network Dependent Convergence Protocol (SNDCP) Facility 115800-115899 ASR 5500 System Administration Guide, StarOS Release 21.5...
• The event's severity level In this example, the event belongs to the CLI facility, has an ID of 3005, and a severity level of "info". [8/0/609 cli:8000609 _commands_cli.c:1290] Information about the specific CLI instance. ASR 5500 System Administration Guide, StarOS Release 21.5...
Indicates that the event was generated because of system operation. CLI session ended for Security Administrator The event's details. Event details may, or may not include admin on device /dev/pts/2 variables that are specific to the occurrence of the event. ASR 5500 System Administration Guide, StarOS Release 21.5...
The ping or ping6 command verifies the system's ability to communicate with a remote node in the network by passing data packets between and measuring the response. This command is useful in verifying network routing and if a remote node is able to respond at the IP layer. ASR 5500 System Administration Guide, StarOS Release 21.5...
This is a useful troubleshooting command that can be used to identify the source of significant packet delays or packet loss on the network. This command can also be used to identify bottle necks in the routing of data over the network. ASR 5500 System Administration Guide, StarOS Release 21.5...
The monitor tool may cause session processing delays and/or data loss. Therefore, it should be used only Caution when troubleshooting. ASR 5500 System Administration Guide, StarOS Release 21.5...
The current state, ON (enabled) or OFF (disabled), is shown to the right of each option. Step 7 Press the Enter key to refresh the screen and begin monitoring. The monitor remains active until disabled. To quit the protocol monitor and return to the prompt, press q. ASR 5500 System Administration Guide, StarOS Release 21.5...
The show support details command includes information that is not otherwise accessible to users but that is helpful in the swift resolution of issues by TAC. ASR 5500 System Administration Guide, StarOS Release 21.5...
Technical Assistance Center (TAC) personnel and local administrators can review the SDRs on-line or by transferring them off the system. They may also wish to investigate the collector state information. Refer to the Support Data Collector chapter for a complete description of SDC functionality. ASR 5500 System Administration Guide, StarOS Release 21.5...
Feature Information Summary Data Applicable Product(s) or Functional Area • ePDG • IPSec • MME • SaMOG Applicable Platform(s) ASR 5500 vPC-SI vPC-DI Feature Default Disabled Related Changes in This Release Not Applicable ASR 5500 System Administration Guide, StarOS Release 21.5...
For more information, refer Enabling or Disabling Hexdump section of this chapter. Configuring PCAP Trace Enabling Multiple Instances of CDRMOD Use the following configuration to enable multiple instances of CDRMOD (one per packet processing card): config cdr-multi-mode Notes: ASR 5500 System Administration Guide, StarOS Release 21.5...
◦ storage-limit megabytes: Specifies that hexdump records are to be deleted from the hard drive upon reaching a storage limit defined in megabytes. bytes must be an integer from 10 through 143360. ASR 5500 System Administration Guide, StarOS Release 21.5...
1 through 1024 characters in the format: //user:password@host:[port]/direct. ◦ secondary encrypted-secondary-url secondary_url: Specifies the secondary URL location to which the system pushes the files in encrypted format. secondary_url must be an alphanumeric string of 1 through 8192 characters. ASR 5500 System Administration Guide, StarOS Release 21.5...
• Use the compression { gzip | none } keyword to specify the compressions of hexdump files. ◦ gzip: Enables GNU zip compression of the hexdump file at approximately 10:1 ratio. ◦ none: Disables Gzip compression. ASR 5500 System Administration Guide, StarOS Release 21.5...
◦ num-records number: Specifies the maximum number of records that should be added to a hexdump file. When the number of records in the file reaches this value, the file is complete. number must be an integer from 100 through 10240. Default: 1024 ASR 5500 System Administration Guide, StarOS Release 21.5...
• Use the trailing-text string keyword to specify the inclusion of an arbitrary text string in the file name as an alphanumeric string of 1 through 30 characters. string must be an alphanumeric string from 1 through 30 characters. ASR 5500 System Administration Guide, StarOS Release 21.5...
• When S1-AP or SGS filter option is selected in monpro/monsub, PCAP Hexdump will have dummy SCTP header. The following fields are set as dummy in the SCTP header: ◦ Verification tag ◦ Checksum ASR 5500 System Administration Guide, StarOS Release 21.5...
Hexdump-module files rotated due Total number of times a hexdump file was closed and a new hexdump to volume limit file was created since the volume limit was reached. ASR 5500 System Administration Guide, StarOS Release 21.5...
Hexdump-module File Storage Indicates the maximum storage space (in bytes) that can be used for LIMIT hexdump files. Hexdump-module File Storage Indicates the total storage space (in bytes) used for hexdump files. USAGE ASR 5500 System Administration Guide, StarOS Release 21.5...
Current status of PUSH : Not Running Last completed PUSH time : N/A Use the clear hexdump-module statistics command under the Exec Mode to clear and reset the hexdump Important module statistics. ASR 5500 System Administration Guide, StarOS Release 21.5...
Total number of hexdump files that were successfully transferred. Failed File Transfers Total number of hexdump files that failed to transfer. Num of times PUSH initiated Total number of times the PUSH operation was initiated. ASR 5500 System Administration Guide, StarOS Release 21.5...
Indicates the time when the last PUSH operation to the primary storage server was completed. Secondary Server Statistics: Successful File Transfers Total number of hexdump files successfully transferred to the secondary storage server. ASR 5500 System Administration Guide, StarOS Release 21.5...
Indicates if the PUSH operation to the secondary storage server is currently running. Last completed PUSH time Indicates the time when the last PUSH operation to the secondary storage server was completed. ASR 5500 System Administration Guide, StarOS Release 21.5...
• For StarOS releases prior to 16.1, the image filename is identified by its release version and corresponding build number. Format = production.build_number.platform.bin. • For StarOS release 16.1 onwards, the image filename is identified by its platform type and release number. Format = platform-release_number.bin. ASR 5500 System Administration Guide, StarOS Release 21.5...
This system recovery process interrupts subscriber service by dropping any existing flows and preventing Caution traffic from being processed during the boot interval. It should only be initiated as an emergency measure. Initiate a Reboot ASR 5500 System Administration Guide, StarOS Release 21.5...
Once configured, an ACL can be applied to any of the following: • An individual interface • All traffic facilitated by a context (known as a policy ACL) • An individual subscriber • All subscriber sessions facilitated by a specific context ASR 5500 System Administration Guide, StarOS Release 21.5...
APN for UMTS subscribers. Criteria Each ACL consists of one or more rules specifying the criteria that packets will be compared against. The following criteria are supported: ASR 5500 System Administration Guide, StarOS Release 21.5...
• UDP: The rule applies to any User Datagram Protocol (UDP) traffic and could be filtered on any combination of source/destination IP addresses, a specific port number, or a group of port numbers. UDP port numbers definitions can be found at www.iana.org. ASR 5500 System Administration Guide, StarOS Release 21.5...
For additional information refer to the Verifying and Saving Your Configuration chapter. Creating ACLs To create an ACL, enter the following command sequence from the Exec mode of the system CLI: configure context acl_ctxt_name [ -noconfirm ] ASR 5500 System Administration Guide, StarOS Release 21.5...
The default action is to "permit all". To modify the default behavior for unidentified ACLs, use the following configuration: configure context acl_ctxt_name [-noconfirm] access-list undefined { deny-all | permit-all } Notes: ASR 5500 System Administration Guide, StarOS Release 21.5...
ACLs must be configured in the same context in which the subscribers and/or interfaces to which they Important are to be applied. Similarly, ACLs to be applied to a context must be configured in that context. ASR 5500 System Administration Guide, StarOS Release 21.5...
A context ACL (policy ACL) configured in the Source Context is applied prior to forwarding. An outbound ACL configured on the interface in the Source Context through which the packet is being forwarded, is applied to the tunneled data (such as the outer IP header). ASR 5500 System Administration Guide, StarOS Release 21.5...
Save your configuration to flash memory, an external memory device, and/or a network location using the Exec mode save configuration command. For additional information refer to the Verifying and Saving Your Configuration chapter. ASR 5500 System Administration Guide, StarOS Release 21.5...
• The context-level ACL is applied to outgoing packets. This applies to incoming packets also if the flow match criteria fails and forwarded again. The in and out keywords are deprecated and are only present for backward compatibility. Context ACL will be applied in the following cases: ASR 5500 System Administration Guide, StarOS Release 21.5...
ACL(s) was/were applied. The output of this command displays the configuration of the entire context. Examine the output for the commands pertaining to interface configuration. The commands display the ACL(s) applied using this procedure. ASR 5500 System Administration Guide, StarOS Release 21.5...
Save your configuration to flash memory, an external memory device, and/or a network location using the Exec mode save configuration command. For additional information refer to the Verifying and Saving Your Configuration chapter. ASR 5500 System Administration Guide, StarOS Release 21.5...
{ ip | ipv6 } access-group acl_list_name [ in | out ] Notes: • The context name is the name of the ACL context containing the interface to which the ACL is to be applied. ASR 5500 System Administration Guide, StarOS Release 21.5...
Applying an ACL to Service-specified Default Subscriber This section provides information and instructions for applying an ACL to the subscriber to be used as the "default" profile by various system services. ASR 5500 System Administration Guide, StarOS Release 21.5...
Verifying the ACL Configuration to Service-specified Default Subscriber To verify the ACL configuration. Verify that your ACL lists were applied properly by entering the following command in Exec Mode: host_name show configuration context context_name [local] ASR 5500 System Administration Guide, StarOS Release 21.5...
NOTE: The profile for the subscriber named default is not used to provide missing information for subscribers configured locally. default subscriber This command allows multiple services to draw "default" subscriber information from multiple profiles. ASR 5500 System Administration Guide, StarOS Release 21.5...
This section provides the minimum instruction set for applying the ACL list to all traffic within a context. Important For more information on commands that configure additional parameters and options, refer to the Subscriber Configuration Mode Commands chapter in the Command Line Interface Reference. ASR 5500 System Administration Guide, StarOS Release 21.5...
• Service Congestion Policies: Congestion policies are configurable for each service. These policies dictate how services respond when the system detects that a congestion condition threshold has been crossed. ASR 5500 System Administration Guide, StarOS Release 21.5...
If a threshold level is not specified, the default is critical. Currently, major and minor thresholds are only supported for the MME. The congestion-action-profile command under lte-policy defines the action to be taken when thresholds are exceeded. See Global Configuration ASR 5500 System Administration Guide, StarOS Release 21.5...
To create a congestion control policy with overload reporting, apply the following example configuration: configure congestion-control policy mme-service action report-overload reject-new-sessions enodeb-percentage percentage Notes: • Other overload actions include permit-emergency-sessions and reject-non-emergency-sessions. ASR 5500 System Administration Guide, StarOS Release 21.5...
During periods of heavy system load, it may be necessary to disconnect subscribers in order to maintain an acceptable level of system performance. You can establish thresholds to select subscribers to disconnect based on the length of time that a call has been connected or inactive. ASR 5500 System Administration Guide, StarOS Release 21.5...
To disable the overload disconnect feature for this subscriber, use the following configuration example: configure context context_name subscriber subscriber_name no overload-disconnect { [threshold inactivity-time] | [threshold connect-time] } ASR 5500 System Administration Guide, StarOS Release 21.5...
Autonomous System (AS) paths. • Route Maps – Route-maps provide detailed control over routes during route selection or route advertisement by a routing protocol, and in route redistribution between routing protocols. For this level ASR 5500 System Administration Guide, StarOS Release 21.5...
Use the following procedure to create an AS Path Access List: config context context_name ip as-path access-list list_name [ { deny | permit } reg_expr ] Notes: • Save your configuration as described in the Verifying and Saving Your Configuration chapter. ASR 5500 System Administration Guide, StarOS Release 21.5...
• Name of the interface in the current context that the route must use • Next hop IP address On the ASR 5500, static routes with IPv6 prefix lengths less than /12 and between the range of /64 and Important /128 are not supported.
It also describes how to enable the base OSPF functionality and lists the commands that are available for more complex configurations. You must purchase and install a license key before you can use this feature. Contact your Cisco account representative for more information on licenses.
OSPF areas. This is an optional configuration. config context context_name router ospf redistribute { connected | static } Notes: • Save your configuration as described in the Verifying and Saving Your Configuration chapter. ASR 5500 System Administration Guide, StarOS Release 21.5...
It also describes how to enable the base OSPFv3 functionality and lists the commands that are available for more complex configurations. Important On the ASR 5500, OSPFv3 routes with IPv6 prefix lengths less than /12 and between the range of /64 and /128 are not supported. OSPFv3 Overview Much of OSPF version 3 is the same as OSPF version 2.
ECMP can be used in conjunction with most routing protocols, since it is a per-hop decision that is limited to a single router. It potentially offers substantial increases in bandwidth by load-balancing traffic over multiple paths ASR 5500 System Administration Guide, StarOS Release 21.5...
BGP. BGP-4 also allows the aggregation of routes, including the aggregation of AS paths. On the ASR 5500, BGP routes with IPv6 prefix lengths less than /12 and between the range of /64 and Important /128 are not supported.
Command Line Interface Reference. Multiple community-list entries can be attached to a community-list by adding multiple permit or deny clauses for various community strings. Up to 64 community-lists can be configured in a context. ASR 5500 System Administration Guide, StarOS Release 21.5...
Multiple extended community-list entries can be attached to an extended community-list by adding multiple permit or deny clauses for various extended community strings. Up to 64 extended community-lists can be configured in a context. ASR 5500 System Administration Guide, StarOS Release 21.5...
An SRP Configuration mode command enables advertising BGP routes from an ICSR chassis in standby state. This command and its keywords allow an operator to take advantage of faster network convergence accrued ASR 5500 System Administration Guide, StarOS Release 21.5...
The following table lists the BGP Configuration mode CLI commands that support the configuration of various BGP parameters. For additional information, refer to the BGP Configuration Mode Commands chapter of the Command Line Interface Reference ASR 5500 System Administration Guide, StarOS Release 21.5...
VRF. maximum-paths { ebgp max_num | ibgp max_num Enables forwarding packets over multiple paths and specifies the maximum number of external BGP (eBGP) or internal BGP (iBGP) paths between neighbors. ASR 5500 System Administration Guide, StarOS Release 21.5...
BFD establishes a session between two endpoints over a particular link. If more than one link exists between two systems, multiple BFD sessions may be established to monitor each one of ASR 5500 System Administration Guide, StarOS Release 21.5...
This function is used to test the forwarding path on the remote system. The system supports BFD in asynchronous mode with optional Echo capability via static or BGP routing. On an ASR 5500 one of the packet processing cards must be configured as a demux card in order for BFD Important to function.
Enable BFD on an OSPF Neighbor. For additional information, see Associating OSPF Neighbors with the Context, on page 226. On the ASR 5500, routes with IPv6 prefix lengths less than /12 and between the range of /64 and /128 are Important not supported. Configuring Multihop BFD Enable BFD on an interface.
BGP routes from a Standby ICSR chassis. The overall goal is to support more aggressive failure detection and recovery in an ICSR configuration when implementing of VoLTE. You must configure the following features for chassis-to-chassis BFD monitoring in ICSR configurations: ASR 5500 System Administration Guide, StarOS Release 21.5...
(post ICSR switchover) while the network is still converging. ◦damping-period – configures a delay time to trigger an ICSR switchover due to a monitoring failure within the guard-period. ◦guard-period – configures the local-failure-recovery network-convergence timer. ASR 5500 System Administration Guide, StarOS Release 21.5...
] [ precedence precedence ] [ vrf vrf_name [ cost value ] [ fall-over bfd multihop mhsess_name ] [ precedence precedence ] + The ip route command now also allows you to add a static multihop BFD route. ip route static multihop bfd mhbfd_sess_name local_endpt_ipaddr remote_endpt_ipaddr ASR 5500 System Administration Guide, StarOS Release 21.5...
BFD Support for Link Aggregation Member Links Member-link based BFD detects individual link failures faster than LACP and reduces the overall session/traffic down period as a result of single member link failure. ASR 5500 System Administration Guide, StarOS Release 21.5...
Important with RFC 7130. Configuring Support for BFD Linkagg Member-links The bfd linkagg-peer command enables member-link BFD and configures the BFD link aggregation (linkagg) session values [RFC 7130]. configure context context_name bfd-protocol ASR 5500 System Administration Guide, StarOS Release 21.5...
IP addresses to and from the VPN. • Overlap pools can be used for both dynamic and static addressing, and use VLANs and a next hop forwarding address to connect to the VPN customer. ASR 5500 System Administration Guide, StarOS Release 21.5...
Use the following example to create VLANs on a port and bind them to pre-existing interfaces. For information on creating interfaces, refer to System Interfaces and Ports. config port ethernet slot port no shutdown vlan vlan_tag_ID ASR 5500 System Administration Guide, StarOS Release 21.5...
: Present (10G Base-SR) Notes: • Repeat this sequence as needed to verify additional ports. • Optional: Configure VLAN-subscriber associations. Refer to Configuring Subscriber VLAN Associations, on page 238 for more information. ASR 5500 System Administration Guide, StarOS Release 21.5...
Verify the Subscriber Profile Configuration Use the following command to view the configuration for a subscriber profile: host_name show subscriber configuration username user_name [local] Notes: ASR 5500 System Administration Guide, StarOS Release 21.5...
Ethernet Interface Configuration Mode [no] logical-port-statistics Enables or disables the collection of logical port (VLAN and NPU) bulk statistics for the first 32 configured Ethernet or PVC interface types. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 266
Displays VLAN utilization for a specified collection interval. { 5-minute | hourly } Exec Mode show commands show port info slot/port vlan vlan_id Displays NPU counters for a previously configured VLAN ID. ASR 5500 System Administration Guide, StarOS Release 21.5...
Switching (MPLS) Virtual Private Networks (VPNs). Important MPLS is a licensed Cisco feature that requires a separate license. Contact your Cisco account representative for detailed information on specific licensing requirements. For information on installing and verifying licenses, refer to the Managing License Keys section of Software Management Operations.
The can be configured to add two labels: • an outer label learned from LDP or RSVP-TE (RSVP-Traffic Engineering) • an inner label learned from MP-iBGP This solution supports traffic engineering and QoS initiated via the . ASR 5500 System Administration Guide, StarOS Release 21.5...
Sample Configuration In this example, VRFs are configured on the ASR 5500 PE and pools are associated with VRFs. The exchanges VPN routes with its IBGP peers (PE routers) and learns the MPLS paths to reach PEs via LDP. The forwards the packets to the next-hop with two labels –...
This example assumes three VRFs. VRF 1 has only IPv4 routes, VRF f2 has both IPv4 and IPv6 routes, and VRF 3 has only IPv6 routes. Figure 8: VPNv6 Sample Configuration Configure VRFs. ip vrf vrf1 exit ip vrf vrf2 exit ip vrf vrf3 exit ASR 5500 System Administration Guide, StarOS Release 21.5...
For detailed information regarding the use of the commands listed below, see the Command Line Interface Reference. Table 17: VPN-Related Configuration Commands CLI Mode Command Description BGP Address-Family (IPv4/IPv6) neighbor ip_address activate Enables the exchange of routing Configuration Mode information with a peer router. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 273
IPv6 VRF routing in BGP. BGP Configuration Mode ip vrf vrf_name Adds a VRF to BGP and switches to the VRF Configuration mode to allow configuration of BGP attributes for the VRF. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 274
DSCP to EXP (via the mpls map-dscp-to-exp dscp n exp m command). mpls exp disables the default behavior and sets the EXP value to the configured value. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 275
IP VRF Context Configuration mpls map-exp-to-dscp exp Maps the incoming EXP bit value Mode exp_bit_value dscp in the MPLS header to the internal dscp_bit_value DSCP bit value in IP packet headers for outgoing traffic. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 276
{ all | Displays all VPNv6 routing data, route-distinguisher | vrf } routing data for a VRF or a route-distinguisher. Exec Mode show Commands show ip pool Displays pool details including the configured VRF. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 277
Map (ILM) table information. Exec Mode show Commands Displays the MPLS LDP show mpls ldp information. Exec Mode show Commands show mpls Displays MPLS Next-Hop Label nexthop-label-forwarding-entry Forwarding Entry (NHLFE) table information. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 278
BGP MPLS VPNs VPN-Related CLI Commands ASR 5500 System Administration Guide, StarOS Release 21.5...
Internal CSS is a generic feature, if an ECSv2 license is installed on your system, internal CSS can be Important enabled. A separate license is not required to enable internal CSS. Contact your local Cisco account representative for information on how to obtain a license.
• service_name must be an ACL service name. • For information on the keywords and options available with the redirect css service command, see the ACL Configuration Mode Commands chapter in the Command Line Interface Reference. ASR 5500 System Administration Guide, StarOS Release 21.5...
For information on how to apply an ACL to multiple subscribers via APNs, refer to the Applying a Single ACL to Multiple Subscribers via APNs section in the Access Control Lists chapter. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 282
Content Service Steering Applying an ACL to Multiple Subscribers via APNs (Optional) ASR 5500 System Administration Guide, StarOS Release 21.5...
This chapter describes the Session Recovery feature that provides seamless failover and reconstruction of subscriber session information in the event of a hardware or software fault. Session Recovery is a licensed Cisco feature. A separate feature license may be required. Contact your Important Cisco account representative for detailed information on specific licensing requirements.
Page 284
• Any session needing L2TP LAC support (excluding regenerated PPP on top of an HA or GGSN session) • ASR 5500 only – Closed RP PDSN services supporting simple IP, Mobile IP, and Proxy Mobile IP • ASR 5500 only – eHRPD service (evolved High Rate Packet Data) •...
However, if the system is in-service, it must be restarted before the session recovery feature takes effect. ASR 5500 System Administration Guide, StarOS Release 21.5...
This feature does not take effect until after the system has been restarted. Step 3 Save your configuration as described in Verifying and Saving Your Configuration. Step 4 Perform a system restart by entering the reload command: The following prompt appears: ASR 5500 System Administration Guide, StarOS Release 21.5...
---- ------- ------ ------- ------ ------- ------ ------------ 1/1 Active Good 1/2 Active Good 1/3 Active Good 2/1 Active Good 2/2 Active Good ASR 5500 System Administration Guide, StarOS Release 21.5...
Without the verbose keyword, a summary output is displayed as show in the example below: RCT stats details (Last 1 Actions) Action Type From Start Time Duration Status --- ------------- --------- ---- ---- ------------------------ ---------- ------- ASR 5500 System Administration Guide, StarOS Release 21.5...
Administration Guide, before using the procedures described below. ICSR is a licensed Cisco feature that requires a separate license. Contact your Cisco account representative Important for detailed information on specific licensing requirements. For information on installing and verifying licenses, refer to the Managing License Keys section of Software Management Operations.
Resets the Diameter monitor failure information to 0. srp terminate-post-process Forcibly terminates post-switchover processing. Validates the configuration for an active chassis. srp validate-configuration srp validate-switchover Validates that both active and standby chassis are ready for a planned SRP switchover. ASR 5500 System Administration Guide, StarOS Release 21.5...
A switchover event caused by an AAA monitoring failure is non-revertible. Important If the newly active chassis fails to monitor the configured AAA servers, it remains as the active chassis until one of the following occurs: ASR 5500 System Administration Guide, StarOS Release 21.5...
◦Destination – to configure monitoring and routing to the PDN. • Border Gateway Protocol (BGP) – ICSR uses the route modifier to determine the chassis priority. ICSR is a licensed Cisco feature. Verify that each chassis has the appropriate license before using these Important procedures.
The procedures described below assume the following: • The chassis have been installed and configured with core network services. For more configuration information and instructions on configuring services, refer to the respective product Administration Guide. ASR 5500 System Administration Guide, StarOS Release 21.5...
Configuring the SRP Context Interface Parameters, on page 279. Step 4 Verify your SRP context configuration as described in Verifying SRP Configuration, on page 282. Step 5 Save your configuration as described in Verifying and Saving Your Configuration. ASR 5500 System Administration Guide, StarOS Release 21.5...
• The priority determines which chassis becomes active in the event that both chassis are misconfigured with the same chassis mode; see Chassis Initialization, on page 271. The higher priority chassis has the lower number. Be sure to assign different priorities to each chassis. ASR 5500 System Administration Guide, StarOS Release 21.5...
◦aaa – local failure followed by AAA monitoring failure ◦bgp – local failure followed by BGP monitoring failure ◦diam – local failure followed by Diameter monitoring failure ASR 5500 System Administration Guide, StarOS Release 21.5...
◦ef – Expedited Forwarding PHB, for low latency traffic Optimizing Switchover Transitions There are several SRP configuration options that reduce the transition time from the active to standby gateways (primarily P-GW) in support of VoLTE traffic. ASR 5500 System Administration Guide, StarOS Release 21.5...
Interchassis Session Recovery Configuring the Service Redundancy Protocol (SRP) Context These features require an updated ICSR license to support the enhancements. Contact your Cisco account Important representative for additional information. Allow Non-VoLTE Traffic During ICSR Switchover The ICSR framework reduces switchover disruption for VoLTE traffic by enabling VoLTE traffic on the newly active gateway prior to reconciling the billing information and enabling communication with the newly active gateway when accounting is not deemed critical.
Page 303
The switchover allow-all-data-traffic command must be run on both chassis to enable this feature. Important The switchover allow-volte-data-traffic SRP Configuration mode CLI command allows VoLTE data traffic during ICSR switchover transition. configure context context_name ASR 5500 System Administration Guide, StarOS Release 21.5...
External nodes to the local gateway include S-GW, P-GW, SGSN, MME, AAA, PCRF and IMSA. Audit failure can occur because of missing or incomplete session information. Therefore, only the peers for which the information is available will be notified. ASR 5500 System Administration Guide, StarOS Release 21.5...
CLI commands must be executed on both chassis. Log onto both chassis before continuing. Always make configuration changes on the primary chassis first. configure context vpn_ctxt_name -noconfirm interface srp_if_name ip-address ip_address ip_address mask exit exit port ethernet slot_num port_num description des_string ASR 5500 System Administration Guide, StarOS Release 21.5...
(FCs) between the active and standby chassis. The periodic-interval keyword will only appear if a special ICSR optimization feature license has been Important purchased and installed. Contact your Cisco account representative for assistance. configure context context_name...
LZ4 compression algorithm. The compression keyword will only appear if a special ICSR optimization feature license has been Important purchased and installed. Contact your Cisco account representative for assistance. The following command sequence enables the use of LZ4 compression: configure...
283. Step 3 Verify your BGP context configuration by following the steps in Verifying BGP Configuration, on page 283. Step 4 Save your configuration as described in Verifying and Saving Your Configuration. ASR 5500 System Administration Guide, StarOS Release 21.5...
Service Redundancy Protocol Configuration Mode Commands chapter of the Command Line Interface Reference. Verifying BGP Configuration Verify your BGP configuration by entering the show srp monitor bgp command (Exec Mode). ASR 5500 System Administration Guide, StarOS Release 21.5...
Use the following example to configure the BGP context and IP addresses in the SRP context. configure context srp_ctxt_name service-redundancy-protocol monitor bgp context dest_ctxt_name neighbor_ip_address Setting Subscriber to Default Mode Use the following example to set the subscriber mode to default. configure context dest_ctxt_name subscriber default ASR 5500 System Administration Guide, StarOS Release 21.5...
• show srp checkpoint statistics • show srp checkpoint statistics verbose • show srp checkpoint statistics debug-info • show srp checkpoint statistics sessmgr all • show srp checkpoint statistics sessmgr all debug-info ASR 5500 System Administration Guide, StarOS Release 21.5...
6 Initiate an SRP switchover from the active backup system to make the standby primary system active. The four-part flowchart below shows a more complete view of all the procedures required to complete the StarOS upgrade process. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 314
Enabling the Demux on MIO/UMIO/MIO2 feature changes resource allocations within the system. This Caution directly impacts an upgrade or downgrade between StarOS versions in ICSR configurations. Contact Cisco TAC for procedural assistance prior to upgrading or downgrading your ICSR deployment.
Page 315
Interchassis Session Recovery Updating the Operating System Figure 13: ICSR Software Upgrade – Part 2 ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 316
Interchassis Session Recovery Updating the Operating System Figure 14: ICSR Software Upgrade – Part 3 ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 317
Interchassis Session Recovery Updating the Operating System Figure 15: ICSR Software Upgrade – Part 4 ASR 5500 System Administration Guide, StarOS Release 21.5...
Both ICSR Systems Perform the tasks described below on both the primary (active) and backup (standby) ICSR systems. Standby ICSR System Perform the tasks described below on the backup or standby ICSR system. ASR 5500 System Administration Guide, StarOS Release 21.5...
For each BGP-enabled context, run show ip bgp summary. Verify that the BGP peers are connected and that IPv4 and IPv6 peers are up. Repeat for all BGP-enable contexts. Step 2 Run show service_name all |grep "Service Status:". The service should be "Started". Repeat for all services running on the chassis. ASR 5500 System Administration Guide, StarOS Release 21.5...
Features in the new operating system may require changes to the configuration file. These changes can be done manually or facilitated by custom scripts prepared by Cisco TAC. Make whatever changes are necessary prior to saving the updated configuration file.
Compare the number of subscribers on the active chassis and the number of Current pre-allocated calls: on the standby chassis. They should be similar (within 5%). Allow a few minutes for systems to complete synchronization. Primary System Perform the tasks described below on the primary (active) ICSR system. ASR 5500 System Administration Guide, StarOS Release 21.5...
Saving the Configuration File, on page 295 • Synchronizing File Systems, on page 294 • Performing Health Checks, on page 293 • Performing SRP Checks, on page 293 • Performing BGP Checks, on page 293 ASR 5500 System Administration Guide, StarOS Release 21.5...
[local] Step 3 Reboot the system to load its previous configuration. host_name reload [local] Step 4 Perform health checks as described in Performing Health Checks, on page 293 ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 324
Interchassis Session Recovery Fallback Procedure ASR 5500 System Administration Guide, StarOS Release 21.5...
Technical Assistance Center (TAC) personnel and local administrators can review the SDRs on-line or by transferring them off the system. They may also wish to investigate the collector state information. The figure ASR 5500 System Administration Guide, StarOS Release 21.5...
If the user has configured support record sections, then the show configuration command displays user-configured support record sections. The support collection schedule configuration also appears in the show configuration output under the Global Configuration section. ASR 5500 System Administration Guide, StarOS Release 21.5...
The SDRs are stored together in a self-relative set. This self-relative set is called a Support Record Collection. Each individual SDR is identified with a record-id. The record-id of the most recent SDR is always 0 (zero). ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 328
This is because the interval specifies the idle time between scheduled collection runs. Since the actual overhead of the collecting process is not included in the scheduled intervals, the time differences between collections includes this non-deterministic amount of time. ASR 5500 System Administration Guide, StarOS Release 21.5...
The administrator may decide to transfer the SDRs off the system to be analyzed remotely, for example, by Cisco TAC. ASR 5500 System Administration Guide, StarOS Release 21.5...
The max-records keyword specifies the number of SDRs to store as an integer from 1 to 65535. When this value is exceeded, the new SDR overwrites the oldest SDR. The default value is 168. ASR 5500 System Administration Guide, StarOS Release 21.5...
Last Collection Start Time : Monday October 21 06:29:05 PDT 2013 Last Collection End Time : Monday October 21 06:29:09 PDT 2013 Est. Collection Next Start : Monday October 21 07:29:13 PDT 2013 (40 minutes) Support Data Records at /var/tmp/support-records/ ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 332
The output of this command reflects the sequence in which record sections will be output, regardless of the sequence in which they may have been entered by the user. Refer to the SDR CLI Command Strings appendix for additional information. ASR 5500 System Administration Guide, StarOS Release 21.5...
◦ Prior to Release 15.0: Up to 16 interfaces can be configured within a single context. ◦ For Release 15.0 and higher: With the Demux MIO/UMIO/MIO2 feature enabled, up to 64 interfaces can be configured within a single context. ◦ 512 Ethernet+PPP+tunnel interfaces ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 334
◦ Releases prior to 18.5: 5,000 pool explicit host routes per context (6,000 per chassis) ◦ Release 18.5 and higher: 24,000 pool explicit host routes per context (24,000 per chassis) ◦ 64 route maps per context • BGP ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 335
◦ 1,600 servers per context in AAA Server group mode (accounting, authentication, charging server, or any combination thereof) ◦ 800 NAS-IP address/NAS identifier (one primary and one secondary per server group) per context ASR 5500 System Administration Guide, StarOS Release 21.5...
• If the first two cases fail, the default subscriber template in the AAA context is used. Service Rules The following engineering rules apply to services configured within the system: • Configure a maximum of 256 services (regardless of type) per system. ASR 5500 System Administration Guide, StarOS Release 21.5...
Caution affect overall system performance. Therefore, you should not configure a large number of services unless your application absolutely requires it. Please contact your Cisco service representative for more information. • The total number of entries per table and per chassis is limited to 256.
Page 338
Engineering Rules ECMP Groups ASR 5500 System Administration Guide, StarOS Release 21.5...
A P P E N D I X StarOS Tasks This appendix describes system and subsystem tasks running under StarOS on an ASR 5500 and virtualized platforms. Important This appendix is not a comprehensive list of all StarOS tasks. It simply provides general descriptions of the primary tasks and subsystems within StarOS.
All IP operations within StarOS are done within specific VPN contexts. In general, packets are not forwarded across different VPN contexts. The only exception currently is the Session subsystem. • Network Processing Unit (npusim on ASR 5500, and iftask or knpusim on VPC-DI and VPC-SI) This subsystem is responsible for the following: •...
Managers manage resources and mappings between resources. In addition, some managers are directly responsible for call processing. For information about the primary subsystems that are composed of critical, controller, and /or manager tasks, Subsystem Tasks, on page 316. ASR 5500 System Administration Guide, StarOS Release 21.5...
Starts management cards in either active or standby mode. Registers tasks with HAT task. Notifies CSP task of CPU startup completion. Brings up packet processing cards in standby mode. SITREAP SIT Reap Sub-function Shuts down tasks as required. ASR 5500 System Administration Guide, StarOS Release 21.5...
Performs device initialization and control functions because of the CPU's hardware capabilities. Reports the loss of any task on its CPU to hatsystem sub-function. Controls the LEDs on the management card. (ASR 5500 only) Initializes and monitors the dedicated hardware on the management card. (ASR 5500 only)
Informs the Session Controller task when there are additions or changes to contexts. Only one Session Controller operates at any time. Routes context specific operation information to the appropriate VPN Manager. Performs VPN Manager recovery and saves all VPN-related configuration information in SCT. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 345
(router ospfv3 Context Configuration mode CLI command) Responsible for learning and redistributing routing information via the OSPFv3 protocol. Maintains the OSPFv3 neighboring relationship. Maintains the LSA database. Performs OSPFv3 SPF calculations. Applies any defined OSPFv3 routing policy. ASR 5500 System Administration Guide, StarOS Release 21.5...
[VPC-DI, VPC-SI] Provides interface binding and forwarding services to the VPN Manager. Provides flow insertion and removal services to Session Manager and AAA Manager tasks. Provides recovery services to the NPU Controller. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 347
Provides port configuration services to the CSP task Provides interface binding and forwarding services to the VPN Manager. Provides flow insertion and removal services to Session Manager and AAA Manager tasks. Provides recovery services to the NPU Controller. ASR 5500 System Administration Guide, StarOS Release 21.5...
Managers, and from multiple contexts. Processes protocols for A10/A11, GRE, R3, R4, R6, GTPU/GTPC, PPP, and Mobile IP. Manages Enhanced Charging Service, Content Filtering and URL Blacklisting services. Session Managers are paired with AAA Managers. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 349
Global Configuration mode require demux card command starts aaaproxy on the designated demux card. Writes CDRs to a file in its VRAM-disk. The enqueued CDRs are then periodically synchronized with a HDD for transfer. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 350
Acts as a pass-through to the messages from application to the Diameter server. Just acts as a forwarding agent (does not maintain any queues). A single Diameter proxy is used to service multiple Diameter applications. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 351
Session Manager tasks for load balancing. Maintains a list of current Session Manager tasks to aid in system recovery. Verifies validity of GTPC messages. Maintains a list of current GTPC sessions. Handles GTPC Echo messaging to/from SGSN. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 352
Remains aware of all the active HNB-GW services in the system. With session recovery (SR) enabled, this demux manager is usually established on one of the CPUs on the first active packet processing card. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 353
Maintains records for all subscribers on the system. Maintains mapping between the IMSI/P-TMSI and SessMgrs. With session recovery (SR) enabled, this demux manager is usually established on one of the CPUs on the first active demux packet processing card. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 354
Created by the Session Controller when the first SS7RD (routing domain) is activated. Multi-instanced for redundancy and scaling purposes. Provides SS7 and Gb connectivity to the platform. Routes per subscriber signalling across the SS7 (including Iu) and Gb interfaces to the SessMgr. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 355
Remains aware of all the active MME services in the system. With session recovery (SR) enabled, this demux manager is usually established on one of the CPUs on the first active packet processing card. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 356
Handles all PCRF service sessions. Interfaces with PCC-Core while processing different events associated with individual subscriber sessions. Maintains subscriber information while applying business logic. Creates calline and corresponding APN session for each subscriber. ASR 5500 System Administration Guide, StarOS Release 21.5...
ASR 5500 Fabric I/O Driver Responsible for the direct configuration of the fabric chipset. afio supports non-messenger interprocess communication (IPC) with the local afmgr and with other local afio instances ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 358
Driver Controller Centralizes access to many of the system device drivers. It also performs temperature and voltage monitoring. hdctrl Hard Drive Controller Controls and manages the drive array spanning the management cards. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 359
Its primary function is to support recovery and distribution functions. lagmgr Link Aggregation Group Started by npuctrl on the demux card's primary MIO (ASR 5500) with a Manager facility level between CSP and npumgr to receive configuration/status notification from npumgr and build global LAG database.
Management Functions on the system using secure IIOP. ORBS then interacts with concerned Controller Tasks to execute the function. The response/errors from the execution are interpreted, formulated into an EMF response, and handed off to EMS servers. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 361
Handles inboard SNMP operations if configured, and sends SNMP Protocol notifications (traps) if enabled. threshold Threshold Server Handles monitoring of threshold crossing alerts, if configured. Polls the needed statistics/variables, maintains state, and generates log messages/SNMP notification of threshold crossings. ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 362
StarOS Tasks Management Processes ASR 5500 System Administration Guide, StarOS Release 21.5...
CLI Based YANG Model for ECS Commands, page 358 Feature Summary and Revision History Summary Data Applicable Product(s) or Functional Area Applicable Platform(s) ASR 5500 VPC-SI VPC-DI Feature Default Disabled - Configuration Required Related Changes in This Release Not Applicable ASR 5500 System Administration Guide, StarOS Release 21.5...
Overview StarOS provides a northbound NETCONF interface that supports a YANG data model for transferring configuration and operational data with the Cisco Network Service Orchestrator (NSO). It also incorporates a ConfD manager (confdmgr) to communicate with the NSO management console.
Page 365
(draft-bierman-netconf-restconf-4) that describes how to map a YANG specification to a RESTful interface using HTTP as transport. REST and RESTCONF are only enabled internally when a valid certificate and key are configured. If client authentication is enabled, CA-certificates may be required as well. ASR 5500 System Administration Guide, StarOS Release 21.5...
You can run the show ssh key command to verify the existence of an SSH key on the system. If an SSH key is not available, see the Configuring SSH Options section of the Getting Started chapter in this guide. ASR 5500 System Administration Guide, StarOS Release 21.5...
NETCONF. The user will be authenticated with verifiable credentials. This username is used for CLI logging purposes only. The command syntax is: confd-user <username>, where <username> is an alphanumeric string of 1 to 144 characters. ASR 5500 System Administration Guide, StarOS Release 21.5...
Use no netconf port to reset the port number to 830. Important A change to the NETCONF interface port value will result in a planned restart of ConfD and temporary loss of connectivity over the NETCONF and REST (if enabled) interfaces. ASR 5500 System Administration Guide, StarOS Release 21.5...
Global Configuration mode. Use no rest certificate to remove any configured certificate and key. REST will not be operational without a valid certificate and key. ASR 5500 System Administration Guide, StarOS Release 21.5...
The following command sequence establishes a ConfD configuration in support of NETCONF protocol. A type v2-RSA SSH key is required for enabling server confd. configure context local ssh key <encrypted key text> len 938 type v2-rsa server confd ASR 5500 System Administration Guide, StarOS Release 21.5...
◦ confd server ConfD configuration • The subscriptions keyword displays ConfD CDB subscription information. show confdmgr See below for a sample output for show confdmgr: [local]<host_name># show confdmgr State Information ----------------- State Started ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 372
60 bulkstats server transfer-interval 1440 bulkstats server limit 7500 bulkstats server receiver-mode secondary-on-failure bulkstats server file 1 bulkstats schemas file 1 ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 373
See below for a sample output for show confdmgr confd netconf: [local]<host_name># show confdmgr confd netconf netconf-state capabilities capability urn:ietf:params:netconf:base:1.0 netconf-state capabilities capability urn:ietf:params:netconf:base:1.1 netconf-state capabilities capability urn:ietf:params:netconf:capability:writable-running:1.0 netconf-state capabilities capability urn:ietf:params:netconf:capability:candidate:1.0 netconf-state statistics netconf-start-time 2016-03-30T17:09:49-04:00 netconf-state statistics in-bad-hellos 0 ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 376
"4 bytes" ram-size "6.99 KiB" subscription-lock-set false confd-state internal cdb client name confdmgr info 5420/10 type subscriber subscription datastore running priority -2147483648 path /context subscription datastore running priority -2147483648 path /active-charging local]<host_name># ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 377
• NETCONF updates – Number of ConfD configuration subscription notifications. • Failures – Number of errors detected processing any ConfD configuration requests within confdmgr. • Aborts – Number of times a configuration update via NETCONF was aborted. ASR 5500 System Administration Guide, StarOS Release 21.5...
ConfD and NETCONF protocol support. clear confdmgr statistics This command clears everything listed in the "Statistics" section of the output of the show confdmgr command, including: • Triggers • Replays ASR 5500 System Administration Guide, StarOS Release 21.5...
(all native models are included here under a common namespace). • cisco-staros-exec.yang - Model to enable CLI exec operations via the restful interface. Only users with admin credentials may use this model. Used by ConfD locally to parse input.
See below for a sample use of netconf-console to obtain the server ConfD configuration via NETCONF: [user@server]$ ./netconf-console --host 1.2.3.4 -u admin --password pswd! --port 123 --get-config -x confd <?xml version="1.0" encoding="UTF-8"?> ASR 5500 System Administration Guide, StarOS Release 21.5...
[local]<host_name>(config)# context local [local]<host_name>(config-ctx)# server confd [local]<host_name>(config-confd)# bulkstats [local]<host_name>(config-confd)# end [local]<host_name># show confdmgr State Information ----------------- State Started Subscriptions Last successful id 1488-216669-170664 Last failed id None Username Not configured Bulkstats Enabled ASR 5500 System Administration Guide, StarOS Release 21.5...
See below for a sample use of curl to obtain the show build and show confdmgroutputs, using "\r\n" as the delimiter between commands: cat exec_cli_show_build_and_confdmgr.xml <input><args>show build \r\n show confdmgr</args></input> ************ [<user>@server] ]$ curl -u admin:pswd! https://rtp-mitg-si06.cisco.com:234/api/running/staros_exec/_operations/exec --cert ASR 5500 System Administration Guide, StarOS Release 21.5...
************************************* CLI Based YANG Model for ECS Commands In this release, the cisco-staros-cli-config.yang model supports a limited set of ECS (Enhanced Charging System) configuration commands via NSO. On the southbound side, ConfD communicates with a StarOS process called via a set of APIs provided by the ConfD management agent.
The CDB only receives updates via the NETCONF interface. In order to keep the CDB and the StarOS configuration databases in sync, all changes made via CLI access (external to NETCONF) to the cisco-staros-cli-config YANG model supported configuration objects must be applied to the CDB manually. Seeding and Synchronizing the CDB After enabling server confd you may need to initially seed the CDB with a local copy of the configuration database (CDB) managed by ConfD on StarOS.
Page 388
NETCONF and ConfD Supported StarOS ECS Configuration Commands • action priority <priority_number> group-of-ruledefs <ruledefs_group_name> charging-action <charging_action_name> Note "= *" indicates support for every option following the prior keyword/value. ASR 5500 System Administration Guide, StarOS Release 21.5...
To conserve processing cycles and memory, dynamic and periodic updates from an active chassis to a standby chassis are done using micro-checkpoints. The output of the Exec mode show srp info command displays a complete list of SRP checkpoints. Macro-checkpoints This section lists and briefly describes ICSR macro-checkpoints. ASR 5500 System Administration Guide, StarOS Release 21.5...
This macro-checkpoint is sent from the active to the standby chassis to map Service IDs on the standby chassis. • Time based: No • Frequency: N/A • Event based: Yes • Events: Occurs whenever a TCP connection is established between the sessmgrs and they move to READY_STATE. ASR 5500 System Administration Guide, StarOS Release 21.5...
• NAT Category, on page 376 • P-GW Category, on page 379 • Rf Interface Category, on page 381 • S6b Interface Category, on page 383 • SaMOG Category, on page 383 ASR 5500 System Administration Guide, StarOS Release 21.5...
• Related CLI command: None SESS_UCHKPT_CMD_UPDATE_IDLESECS This micro-checkpoint sends remaining number of seconds before idle timeout. • Time based: Yes • Frequency: — • Event based: No • Events: Occurs during ICSR background checkpointing. ASR 5500 System Administration Guide, StarOS Release 21.5...
• Time based: No • Frequency: — • Event based: Yes • Events: Occurs whenever a dynamic rule has been deleted. • Accounting: No • Delta/Cumulative: N/A • CMD-ID: 178 • Related CLI command: None ASR 5500 System Administration Guide, StarOS Release 21.5...
SESS_UCHKPT_CMD_UPDATE_EPDG_BEARER This micro-checkpoint synchronizes ePDG bearers between the active and standby chassis. • Time based: No • Frequency: N/A • Event based: No • Events: N/A • Accounting: Yes • Delta/Cumulative: Cumulative ASR 5500 System Administration Guide, StarOS Release 21.5...
• Related CLI command: show srp micro-checkpoint statistics debug-info SESS_UCHKPT_CMD_UPDATE_EPDG_STATS This micro-checkpoint synchronizes session statistics between the active and standby chassis. • Time based: Yes • Frequency: 30 seconds • Event based: No • Events: N/A • Accounting: Yes ASR 5500 System Administration Guide, StarOS Release 21.5...
This micro-checkpoint is sent in a Network or UE initiated update procedure except for updates that result in the following scenarios: • Creation or deletion of the beare • TFT change or inter-RAT handovers • Gn-Gp handoff Parameters associated with this micro-checkpoint are shown below. ASR 5500 System Administration Guide, StarOS Release 21.5...
This micro-checkpoint is sent when a port chunk is allocated or deallocated for a subscriber sharing a NAT IP address with other subscribers. The port chunk is allocated or deallocated while data is being received for that subscriber. • Time based: No • Frequency: N/A ASR 5500 System Administration Guide, StarOS Release 21.5...
• Frequency: N/A • Event based: Yes • Events: Triggered when a new SIP flow is created or deleted. • Accounting: No • Delta/Cumulative: N/A • CMD-ID: 98 • Related CLI command: None ASR 5500 System Administration Guide, StarOS Release 21.5...
(based on a rule-match), and a new bypass flow is created. This checkpoint is sent when the flow is both added and deleted. • Time based: No • Frequency: N/A • Event based: Yes ASR 5500 System Administration Guide, StarOS Release 21.5...
• Time based: No • Frequency: N/A • Event based: Yes • Events: Triggered when the S-GW goes into Restoration mode. • Accounting: No • Delta/Cumulative: N/A • CMD-ID: 158 • Related CLI command: None ASR 5500 System Administration Guide, StarOS Release 21.5...
• Time based: No • Frequency: N/A • Event based: Yes • Events: Triggered when there is a change in the LI state for this call. • Accounting: No • Delta/Cumulative: N/A • CMD-ID: 151 ASR 5500 System Administration Guide, StarOS Release 21.5...
This micro-checkpoint indicates a change in the SDF+QCI-based Rf accounting buckets. • Time based: Yes • Frequency: 4 seconds for aamgr checkpoint and 18 seconds for GR checkpoint • Event based: No • Events: N/A • Accounting: Yes • Delta/Cumulative: Cumulative ASR 5500 System Administration Guide, StarOS Release 21.5...
• Time based: Yes • Frequency: 4 seconds for aamgr checkpoint and 18 seconds for GR checkpoint; • Event based: No • Events: Sent along with macro-checkpoint. • Accounting: Yes • Delta/Cumulative: Cumulative ASR 5500 System Administration Guide, StarOS Release 21.5...
• Event based: Yes • Events: Occurs whenever SaMOG sends a Delete-Session-Req or upon receiving a Delete-Bearer-Request. • Accounting: No • Delta/Cumulative: N/A • CMD-ID: 169 • Related CLI command: show subscriber samog-only full ASR 5500 System Administration Guide, StarOS Release 21.5...
• Related CLI command: show subscriber samog-only full SESS_UCHKPT_CMD_CGW_UPDATE_STATS Reserved for future use. SESS_UCHKPT_CMD_CGW_UPDATE_UE_PARAM Reserved for future use. SESS_UCHKPT_CMD_SAMOG_ACCT_INTERIM_INFO This micro-checkpoint is sent for a SaMOG session on receipt of an Accounting Req (INTERIM-UPDATE) from the WLC ASR 5500 System Administration Guide, StarOS Release 21.5...
• Event based: Yes • Events: Occurs whenever a DHCP-Discover message is received over a different EoGRE tunnel. • Accounting: No • Delta/Cumulative: N/A • CMD-ID: 201 • Related CLI command: show subscriber samog-only full ASR 5500 System Administration Guide, StarOS Release 21.5...
SaMOG will delay handoff as it expects an Accounting Req (START) from the subscriber. • Time based: No • Frequency: N/A • Event based: Yes • Events: Occurs when a Account Req (STOP) request is received from the WLC. ASR 5500 System Administration Guide, StarOS Release 21.5...
This micro-checkpoint is sent for a SaMOG session when SaMOG is waiting on the UE after sending an Access-Challenge while Re-authenticating the subscriber session. • Time based: No • Frequency: N/A • Event based: Yes ASR 5500 System Administration Guide, StarOS Release 21.5...
• Events: Occurs on receiving and successfully processing AAR from the AAA Server to re-authorize the subscriber • Accounting: No • Delta/Cumulative: N/A • CMD-ID: 173 • Related CLI command: show subscriber samog-only full ASR 5500 System Administration Guide, StarOS Release 21.5...
A P P E N D I X ASR 5500 SDR CLI Command Strings • ASR 5500 SDR CLI Command Strings, page 389 ASR 5500 SDR CLI Command Strings This appendix identifies the CLI command strings that can be entered for a record section via the support record section command in the Global Configuration Mode.
Page 426
"show kvstore kvmgr" Disabled "show pcc-service all" Disabled "show pcc-service statistics all" Disabled "show pcc-policy service all" Disabled "show pcc-policy service statistics all" Disabled "show pcc-quota service all" Disabled "show pcc-quota service statistics all" ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 427
Disabled "show sls-service all" Disabled "show sls-service peers all" Disabled "show sls-service statistics all" Notes: • Enabled = Included in default record section • Disabled = Not included in default record section ASR 5500 System Administration Guide, StarOS Release 21.5...
Page 428
ASR 5500 SDR CLI Command Strings ASR 5500 SDR CLI Command Strings ASR 5500 System Administration Guide, StarOS Release 21.5...
A P P E N D I X Cisco Secure Boot This appendix briefly describes the Cisco Secure Boot process and how it impacts image naming conventions. It contains the following sections: • Fundamental Concepts, page 403 • Secure Boot Overview, page 404 •...
Secure Boot Overview Cisco Secure Boot places the Root of Trust in a hardware chip device on a circuit card where it cannot be changed. The first code (microloader) that executes immediately after power on is guaranteed to be legitimate code from Cisco and programmed during the time of system manufacturing.