Cisco ASR 5000 Series, ASR 5500 Administration Manual
ASR 5500 System Administration Guide, StarOS Release 21.4
First Published: 2017-11-22
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,
INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH
THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,
CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version
of the UNIX operating system. All rights reserved. Copyright©1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS.
CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT
LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS
HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network
topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional
and coincidental.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http://
www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership
relationship between Cisco and any other company. (1110R)
©
2017 Cisco Systems, Inc. All rights reserved.
CONTENTS
Preface
CHAPTER 1
About this Guide xxix
Conventions Used xxix
Related Documentation xxx
MIOs and DPCs xxx
Contacting Customer Support xxxi
System Operation and Configuration 1
System Management Overview 1
Terminology 3
Contexts 3
Ports 3
Logical Interfaces 4
Management Interface 4
Bindings 4
Services 4
AAA Servers 5
Subscribers 5
Trusted Builds 6
How the System Selects Contexts 7
Context Selection for Context-level Administrative User Sessions 7
Context Selection for Subscriber Sessions 10
Understanding the ASR 5500 Boot Process 10
Understanding Configuration Files 11
IP Address Notation 13
IPv4 Dotted-Decimal Notation 13
IPv6 Colon-Separated-Hexadecimal Notation 13
CIDR Notation 13
ASR 5500 System Administration Guide, StarOS Release 21.4
iii
Contents
Alphanumeric Strings 14
Character Set 14
Quoted Strings 16
CHAPTER 2
Getting Started 17
ASR 5500 Configuration 17
Using the ASR 5500 Quick Setup Wizard 17
The Quick Setup Wizard 18
Using the CLI for Initial Configuration 24
Configuring System Administrative Users 26
Limiting the Number of Concurrent CLI Sessions 26
Automatic Logout of CLI Sessions 26
Configuring the System for Remote Access 27
Configuring SSH Options 29
SSH Host Keys 30
Setting SSH Key Size 30
Configuring SSH Key Generation Wait Time 30
Specifying SSH Encryption Ciphers 31
Generating SSH Keys 32
Setting SSH Key Pair 32
Authorized SSH User Access 32
Authorizing SSH User Access 33
SSH User Login Restrictions 33
Creating an Allowed Users List 33
SSH User Login Authentication 34
Secure Session Logout 35
Changing Default sshd Secure Session Logout Parameters 35
SSH Client Login to External Servers 36
Setting SSH Client Ciphers 36
Setting Preferred Authentication Methods 37
Generating SSH Client Key Pair 38
Pushing an SSH Client Public Key to an External Server 38
Enabling NETCONF 39
Configuring the Management Interface with a Second IP Address 39
ASR 5500 System Administration Guide, StarOS Release 21.4
iv
Contents
CHAPTER 3
System Settings 41
Configuring a Second Management Interface 42
Verifying and Saving Your Interface and Port Configuration 42
Configuring System Timing 43
Setting the System Clock and Time Zone 43
Verifying and Saving Your Clock and Time Zone Configuration 44
Configuring Network Time Protocol Support 44
Configuring NTP Servers with Local Sources 45
Using a Load Balancer 45
Verifying the NTP Configuration 46
Configuring SF Boot Configuration Pause 47
Enabling CLI Timestamping 47
Configuring CLI Confirmation Prompts 48
Enabling Automatic Confirmation 48
Requiring Confirmation for autoconfirm and configure Commands 48
Requiring Confirmation for Specific Exec Mode Commands 49
Configuring System Administrative Users 50
User Name Character Restrictions 50
Configuring Context-level Administrative Users 51
Configuring Context-level Security Administrators 51
Configuring Context-level Administrators 52
Configuring Context-level Operators 52
Configuring Context-level Inspectors 52
Configuring LI Administrators 53
Segregating System and LI Configurations 53
Verifying Context-level Administrative User Configuration 54
Configuring Local-User Administrative Users 55
Verifying Local-User Configuration 55
Updating Local-User Database 56
Updating and Downgrading the local-user Database 56
Provisioning Lawful Intercept 57
Restricting User Access to a Specified Root Directory 58
Configuring an SFTP root Directory 59
Associating an SFTP root Directory with a Local User 59
ASR 5500 System Administration Guide, StarOS Release 21.4
v
Contents
Associating an SFTP root Directory with an Administrator 59
Associating an SFTP root Directory with a Config Administrator 59
Configuring TACACS+ for System Administrative Users 60
Operation 60
User Account Requirements 61
TACACS+ User Account Requirements 61
StarOS User Account Requirements 61
Configuring TACACS+ AAA Services 62
Configuring TACACS+ for Non-local VPN Authentication 63
Verifying the TACACS+ Configuration 63
Separating Authentication Methods 64
Disable TACACS+ Authentication for Console 64
Disable AAA-based Authentication for Console 64
Disable TACACS+ Authentication at the Context Level 65
Limit local-user Login on Console/vty Lines 65
Limit Console Access for AAA-based Users 66
Verify Configuration Changes 66
Configuring a Chassis Key 66
Overview 66
Configuring a New Chassis Key Value 67
CLI Commands 67
Quick Setup Wizard 68
Configuring MIO/UMIO/MIO2 Port Redundancy 68
Configuring MIO/UMIO/MIO2 Port Redundancy Auto-Recovery 71
Verifying Port Redundancy Auto-Recovery 72
Configuring Data Processing Card Availability 72
Verifying Card Configurations 73
Enabling Automatic Reset of FSC Fabric 73
Configuring ASR 5500 Link Aggregation 73
LAG and Master Port 74
LAG and Port Redundancy 74
LAG and Multiple Switches 74
Multiple Switches with L2 Redundancy 75
Port States for Auto-Switch 75
Hold Time 75
ASR 5500 System Administration Guide, StarOS Release 21.4
vi
Contents
Preferred Slot 76
Auto-Switch Criteria 76
Link Aggregation Control 76
Minimum Links 77
Redundancy Options 78
Horizontal Link Aggregation with Two Ethernet Switches 78
Non-Redundant (Active-Active) LAG 78
Faster Data Plane Convergence 79
Link Aggregation Status 80
Configuring a Demux Card 80
Overview 80
MIO Demux Restrictions 81
CHAPTER 4
CHAPTER 5
Configuration 82
Config Mode Lock Mechanisms 83
Overview of Config Mode Locking 83
Requesting an Exclusive-Lock 84
Effect of Config Lock on URL Scripts 85
Saving a Configuration File 86
Reload and Shutdown Commands 86
show administrators Command 87
Management Settings 89
ORBEM 89
Configuring ORBEM Client and Port Parameters 90
Configuring IIOP Transport Parameters 90
Verifying ORBEM Parameters 91
SNMP MIB Browser 91
CHAPTER 6
SNMP Support 94
Configuring SNMP and Alarm Server Parameters 94
Verifying SNMP Parameters 95
Controlling SNMP Trap Generation 96
Verifying and Saving Your Configuration 97
Verifying the Configuration 97
ASR 5500 System Administration Guide, StarOS Release 21.4
vii
Contents
Feature Configuration 97
Service Configuration 98
Context Configuration 98
System Configuration 98
Finding Configuration Errors 98
Synchronizing File Systems 99
Saving the Configuration 99
CHAPTER 7
CHAPTER 8
System Interfaces and Ports 101
Contexts 101
Creating Contexts 101
Viewing and Verifying Contexts 102
Ethernet Interfaces and Ports 102
Creating an Interface 103
Configuring a Port and Binding It to an Interface 103
Configuring a Static Route for an Interface 103
Viewing and Verifying Port Configuration 104
VLANs 105
Hypervisors 105
VLANs and Management Ports 105
System Security 107
Per-Chassis Key Identifier 107
MIO Synchronization 108
viii
Protection of Passwords 108
Secure Password Encryption 109
Support for Non-Current Encryptions and Decryptions 109
Support for ICSR Configurations 110
Encrypted SNMP Community Strings 110
Lawful Intercept Restrictions 110
LI Server Addresses 110
Modifying Intercepts 111
Adding, Modifying and Removing Users 111
Notification of Users Being Added or Deleted 111
Notification of Changes in Privilege Levels 111
ASR 5500 System Administration Guide, StarOS Release 21.4
Contents
User Access to Operating System Shell 112
Test-Commands 112
Enabling cli test-commands Mode 112
Enabling Password for Access to CLI-test commands 112
Exec Mode cli test-commands 113
Configuration Mode cli test-commands 113
CHAPTER 9
CHAPTER 10
Secure System Configuration File 115
Feature Summary and Revision History 115
Feature Description 116
How System Configuration Files are Secured 116
Create a Digital Signature 116
Validate the Digital Signature 117
Configuring Signature Verification 117
Import RSA Public Key for Verification 117
Enable or Disable Signature Verification 118
Software Management Operations 119
Understanding the Local File System 119
File Types Used by the Local File System 119
Understanding the boot.sys File 120
Maintaining the Local File System 120
File System Management Commands 120
Synchronizing the File System 121
Creating Directories 121
Renaming Files and Directories 121
Copying Files 122
Deleting Files 122
Removing Directories 122
Formatting Local Devices 122
Applying Pre-existing CLI Configuration Files 123
Viewing Files on the Local File System 123
Viewing the Contents of a Local Device 123
Viewing CLI Configuration and boot.sys Files 124
Validating an Operating System File 124
ASR 5500 System Administration Guide, StarOS Release 21.4
ix
Contents
Configuring the Boot Stack 125
System Boot Methods 125
Viewing the Current Boot Stack 125
Adding a New Boot Stack Entry 127
Deleting a Boot Stack Entry 127
Network Booting Configuration Requirements 127
Configuring the Boot Interface 127
Configuring the Boot Network 128
Configuring Boot Network Delay Time 129
Configuring a Boot Nameserver 129
Upgrading the Operating System Software 129
Identifying OS Release Version and Build Number 129
Verify Free Space on the /flash Device 130
Download the Software Image from the Support Site 130
Transfer StarOS Image to /flash 131
Saving a Copy of the Current Configuration File 131
Downgrading from Release 15.0 to 14.0 131
Downgrading from Release 20.0 132
Off-line Software Upgrade 132
Configure a Newcall Policy 132
Configure a Message of the Day Banner 133
Back up the Current CLI Configuration File 133
Create a New Boot Stack Entry 133
Synchronize File Systems 134
Save the Running Configuration 134
Reboot the System 134
Verify the Running Software Version 135
Restoring the Previous Software Image 135
Upgrading ICSR Chassis 135
Performing Dynamic Software Updates 135
Managing License Keys 135
New System License Keys 136
Session Use and Feature Use Licenses 136
Installing New License Keys 136
Cutting and Pasting the Key 136
ASR 5500 System Administration Guide, StarOS Release 21.4
x
Contents
Adding License Keys to Configuration Files 137
License Expiration Behavior 138
Requesting License Keys 138
Viewing License Information 138
Deleting a License Key 138
Management Card Replacement and License Keys 139
Managing Local-User Administrative Accounts 139
Configuring Local-User Password Properties 139
Configuring Local-User Account Management Properties 139
Local-User Account Lockouts 139
Local-User Account Suspensions 140
Changing Local-User Passwords 140
CHAPTER 11
CHAPTER 12
Smart Licensing 141
Feature Summary and Revision History 141
Smart Software Licensing 142
Cisco Smart Software Manager 143
Smart Accounts/Virtual Accounts 143
Request a Cisco Smart Account 143
Software Tags and Entitlement Tags 144
Configuring Smart Licensing 145
Monitoring and Troubleshooting Smart Licensing 146
Smart Licensing Bulk Statistics 146
Monitoring the System 149
SNMP Notifications 149
Monitoring System Status and Performance 149
Monitoring ASR 5500 Hardware Status 151
Clearing Statistics and Counters 153
CHAPTER 13
Bulk Statistics 155
Feature Summary and Revision History 155
Configuring Communication with the Collection Server 156
Configuring Standard Settings 156
Configuring Optional Settings 157
ASR 5500 System Administration Guide, StarOS Release 21.4
xi
Contents
Configuring Bulk Statistic Schemas 157
Configuring a Separate Bulkstats Config File 158
Using show bulkstats Commands 158
Verifying Your Configuration 159
Saving Your Configuration 160
Viewing Collected Bulk Statistics Data 160
Collecting Bulk Statistics Samples in SSD 160
Manually Gathering and Transferring Bulk Statistics 160
Clearing Bulk Statistics Counters and Information 161
Bulkstats Schema Nomenclature 161
Statistic Types 161
Data Types 162
Key Variables 162
CHAPTER 14
Bulk Statistics Event Log Messages 164
System Logs 165
Feature Summary and Revision History 165
System Log Types 166
Configuring Event Logging Parameters 167
Configuring Event Log Filters 168
Exec Mode Filtering 168
Global Configuration Mode Filtering 170
Configuring syslog Servers 171
Configuring Active Logs 171
Specifying Facilities 172
Configuring Trace Logging 181
Configuring Monitor Logs 181
Enabling Monitor Logs 181
Disabling Monitor Logs 181
xii
Viewing Logging Configuration and Statistics 182
Viewing Event Logs Using the CLI 182
Configuring and Viewing Crash Logs 183
Crash Logging Architecture 183
Configuring Software Crash Log Destinations 184
Viewing Abridged Crash Log Information Using the CLI 185
ASR 5500 System Administration Guide, StarOS Release 21.4
Contents
Reducing Excessive Event Logging 186
Configuring Log Source Thresholds 187
Checkpointing Logs 187
Saving Log Files 188
Event ID Overview 188
Event Severities 197
Understanding Event ID Information in Logged Output 197
CHAPTER 15
Troubleshooting 199
Detecting Faulty Hardware 199
Licensing Issues 200
Using the CLI to View Status LEDs 200
Checking the LEDs on the PFU 200
Checking the LEDs on the MIO Card 202
MIO Run/Fail LED States 202
MIO Active LED States 203
MIO Redundancy LED States 204
MIO Master LED States 204
MIO Busy LED States 205
MIO – Interface Link LED States 205
MIO – Interface Activity LED States 206
Checking the LEDs on the DPC 206
DPC Run/Fail LED States 207
DPC Active LED States 208
DPC Redundancy LED States 209
Checking the LEDs on the FSC 209
FSC Run/Fail LED States 210
FSC Active LED States 211
FSC Redundancy LED States 211
FSC Drive n Activity LED States 212
Checking the LEDs on the SSC 213
SSC Run/Fail LED States 213
SSC Active LED States 214
SSC Redundancy LED States 215
SSC System Status LED States 215
ASR 5500 System Administration Guide, StarOS Release 21.4
xiii
Contents
SSC System Service LED States 216
Testing System Alarm Outputs 216
Taking Corrective Action 216
Switching MIOs 217
Busying Out a DPC 217
Migrating a DPC 218
Halting Cards 218
Initiate a Card Halt 219
Restore a Previously Halted Card 219
Verifying Network Connectivity 220
Using the ping or ping6 Command 220
Syntax 220
Troubleshooting 220
CHAPTER 16
Using the traceroute or traceroute6 Command 221
traceroute – IPv4 221
traceroute6 – IPv6 221
Viewing IP Routes 222
Viewing the Address Resolution Protocol Table 222
Using the System Diagnostic Utilities 223
Using the Monitor Utility 223
Using the Protocol Monitor 223
Using the Protocol Monitor for a Specific Subscriber 224
Generating an SSD 226
Configuring and Using the Support Data Collector 226
Packet Capture (PCAP) Trace 229
Feature Information 229
Feature Description 230
Configuring PCAP Trace 230
xiv
Enabling Multiple Instances of CDRMOD 230
Configuring the Hexdump Module 231
Configuring the Hexdump File Parameters 233
Enabling or Disabling Hexdump 236
Enabling PCAP Trace for MME 236
Monitoring and Troubleshooting PCAP Trace 237
ASR 5500 System Administration Guide, StarOS Release 21.4
Contents
Show Command(s) and/or Outputs 237
show cdr statistics 237
show { hexdump-module | cdr } file-space-usage 238
show hexdump-module statistics 239
CHAPTER 17
CHAPTER 18
System Recovery 243
Prerequisites 243
Console Access 243
Boot Image 243
Accessing the boot CLI 244
Initiate a Reboot 244
Interrupt the Boot Sequence 244
Enter CLI Mode 245
boot Command Syntax 245
Booting from a Selected Image 245
Boot Using No Configuration FIle 245
Boot Using A Specified Configuration File 246
Access Control Lists 247
Overview 247
Understanding ACLs 248
Rule(s) 248
Actions 248
Criteria 248
Rule Order 250
Configuring ACLs on the System 250
Creating ACLs 250
Configuring Action and Criteria for Subscriber Traffic 251
Configuring an Undefined ACL 251
Verifying the ACL Configuration 252
Applying IP ACLs 252
Applying the ACL to an Interface 254
Applying an ACL to an Individual Interface 254
Verifying the ACL Configuration on an Interface 255
Applying the ACL to a Context 255
ASR 5500 System Administration Guide, StarOS Release 21.4
xv
Contents
Applying an ACL to All Traffic Within a Context 256
Verifying the ACL Configuration in a Context 256
Applying an ACL to a RADIUS-based Subscriber 257
Applying an ACL to an Individual Subscriber 258
Verifying the ACL Configuration to an Individual Subscriber 258
Applying an ACL to the Subscriber Named default 259
Applying an ACL to the Subscriber Named default 259
Verifying the ACL Configuration to the Subscriber Named default 260
Applying an ACL to Service-specified Default Subscriber 260
Applying an ACL to Service-specified Default Subscriber 261
Verifying the ACL Configuration to Service-specified Default Subscriber 261
Applying a Single ACL to Multiple Subscribers 262
Applying an ACL to Multiple Subscriber via APNs 263
CHAPTER 19
CHAPTER 20
Applying an ACL to Multiple Subscriber via APNs 263
Verifying the ACL Configuration to APNs 264
Congestion Control 265
Overview 265
Configuring Congestion Control 266
Configuring the Congestion Control Threshold 266
Configuring Service Congestion Policies 267
Configuring Overload Reporting on the MME 267
Enabling Congestion Control Redirect Overload Policy 268
Verify the Service Overload Policies 268
Verify the Congestion Control Configuration 268
Verify MME Congestion Action Profiles 268
Disconnecting Subscribers Based on Call or Inactivity Time 268
Routing 271
xvi
Routing Policies 271
Creating IP Prefix Lists 272
Creating Route Access Lists 272
Creating AS Path Access Lists 272
Creating Route Maps 273
Sample Configuration 273
ASR 5500 System Administration Guide, StarOS Release 21.4
Contents
Static Routing 273
Adding Static Routes to a Context 274
Deleting Static Routes From a Context 274
OSPF Routing 274
OSPF Version 2 Overview 275
Basic OSPFv2 Configuration 276
Enabling OSPF Routing For a Specific Context 276
Enabling OSPF Over a Specific Interface 276
Redistributing Routes Into OSPF (Optional) 276
Confirming OSPF Configuration Parameters 277
OSPFv3 Routing 277
OSPFv3 Overview 277
Basic OSPFv3 Configuration 277
Enabling OSPFv3 Routing For a Specific Context 277
Enabling OSPFv6 Over a Specific Interface 278
Redistributing Routes Into OSPFv3 (Optional) 278
Confirming OSPFv3 Configuration Parameters 278
Equal Cost Multiple Path (ECMP) 278
BGP-4 Routing 279
Overview of BGP Support 279
Configuring BGP 280
Redistributing Routes Into BGP (Optional) 280
BGP Communities and Extended Communities 281
BGP Communities 281
Configuring a BGP Community 281
Setting the Community Attribute 282
Filtering via a BGP Community 282
BGP Extended Communities 282
Configuring a BGP Extended Community (Route Target) 282
Setting the Extended Community Attribute 283
Filtering via a BGP Extended Community 283
BGP Local Preference 283
ICSR and SRP Groups 283
Advertising BGP Routes from a Standby ICSR Chassis 283
Configurable BGP Route Advertisement Interval for ICSR 284
ASR 5500 System Administration Guide, StarOS Release 21.4
xvii
Contents
BGP CLI Configuration Commands 284
Confirming BGP Configuration Parameters 286
Bidirectional Forwarding Detection 286
Overview of BFD Support 287
Configuring BFD 287
Configuring a BFD Context 288
Configuring IPv4 BFD for Static Routes 288
Configuring IPv6 BFD for Static Routes 288
Configuring BFD for Single Hop 289
Configuring Multihop BFD 289
Scaling of BFD 290
Associating BGP Neighbors with the Context 290
Associating OSPF Neighbors with the Context 290
Associating BFD Neighbor Groups with the BFD Protocol 290
Enabling BFD on OSPF Interfaces 291
All OSPF Interfaces 291
Specific OSPF Interface 291
Monitoring BFD Connection for ICSR 291
Saving the Configuration 291
Chassis-to-Chassis BFD Monitoring for ICSR 291
Enable Primary Chassis BFD Monitoring 292
Set BFD to Ignore ICSR Dead Interval 292
Configure ICSR Switchover Guard Timer 292
Enable BFD Multihop Fall-over 293
ip route Command 293
ip routev6 Command 294
Adjust BFD Interval 294
Enable Advertising BGP Routes from Standby ICSR Chassis 294
Saving the Configuration 294
BFD Support for Link Aggregation Member Links 294
xviii
Overview 295
Configuring Support for BFD Linkagg Member-links 295
Saving the Configuration 296
Viewing Routing Information 296
ASR 5500 System Administration Guide, StarOS Release 21.4
Contents
CHAPTER 21
CHAPTER 22
VLANs 299
Overview 299
Overlapping IP Address Pool Support – GGSN 300
RADIUS VLAN Support – Enhanced Charging Services 300
APN Support – PDN Gateway (P-GW) 301
Creating VLAN Tags 301
Verifying the Port Configuration 301
Configuring Subscriber VLAN Associations 302
RADIUS Attributes Used 302
Configuring Local Subscriber Profiles 302
Verify the Subscriber Profile Configuration 303
VLAN-Related CLI Commands 303
BGP MPLS VPNs 307
Introduction 307
MPLS-CE Connected to PE 308
CHAPTER 23
ASR 5500 as a PE 309
Overview 309
Sample Configuration 309
IPv6 Support for BGP MPLS VPNs 311
Overview 311
Sample Configuration 312
VPN-Related CLI Commands 314
Content Service Steering 319
Overview 319
Configuring Internal Content Service Steering 320
Defining IP Access Lists for Internal CSS 320
Applying an ACL to an Individual Subscriber (Optional) 321
Applying an ACL to Multiple Subscribers (Optional) 321
Applying an ACL to the Subscriber Named default (Optional) 321
Applying an ACL to Service-specified Default Subscribers (Optional) 321
Applying an ACL to Multiple Subscribers via APNs (Optional) 321
ASR 5500 System Administration Guide, StarOS Release 21.4
xix
Contents
CHAPTER 24
CHAPTER 25
Session Recovery 323
How Session Recovery Works 323
Additional ASR 5500 Hardware Requirements 326
Configuring the System to Support Session Recovery 326
Enabling Session Recovery 327
Enabling Session Recovery on an Out-of-Service System 327
Enabling Session Recovery on an In-Service System 327
Disabling the Session Recovery Feature 328
Viewing Session Recovery Status 328
Viewing Recovered Session Information 329
Recovery Control Task Statistics 330
show rct stats Command 331
Sample Output for show rct stats verbose 331
Interchassis Session Recovery 333
Overview 333
Interchassis Communication 335
Checkpoint Messages 335
SRP CLI Commands 335
Exec Mode CLI Commands 335
show Commands 336
AAA Monitor 337
BGP Interaction 337
Requirements 337
ICSR Operation 339
Chassis Initialization 342
Chassis Operation 342
Chassis Communication 342
Chassis Switchover 342
Configuring ICSR 343
Configuring the Service Redundancy Protocol (SRP) Context 344
Creating and Binding the SRP Context 344
Configuring SRP Context Parameters 345
Basic Parameters 345
ASR 5500 System Administration Guide, StarOS Release 21.4
xx
Contents
SRP Redundancy, AAA and Diameter Guard Timers 346
DSCP Marking of SRP Messages 347
Optimizing Switchover Transitions 347
Allow Non-VoLTE Traffic During ICSR Switchover 348
Allow All Data Traffic 350
Allow Early Active Transition 350
Graceful Cleanup of ICSR After Audit of Failed Calls 350
Optimization of Switchover Control Outage Time 351
Configuring the SRP Context Interface Parameters 351
Configuring NACK Generation for SRP Checkpoint Messaging Failures 352
Enabling NACK Messaging from the Standby Chassis 352
Selective Disabling of NACK Messaging 353
Configuring LZ4 Compression Algorithm 353
Reducing Sync-Up Time with Standby ICSR Chassis 353
Verifying SRP Configuration 354
Modifying the Source Context for ICSR 354
Configuring BGP Router and Gateway Address 355
Configuring the SRP Context for BGP 355
Verifying BGP Configuration 355
Modifying the Destination Context for ICSR 356
Configuring BGP Router and Gateway Address in Destination Context 356
Configuring SRP Context for BGP for Destination Context 356
Setting Subscriber to Default Mode 356
Verifying BGP Configuration in Destination Context 357
Disabling Bulk Statistics Collection on a Standby System 357
Verifying the Primary and Backup Configuration 357
Configuring Subscriber State Management Audit Process 358
Troubleshooting ICSR Operation 358
Updating the Operating System 359
Both ICSR Systems 364
Downloading and Transferring the StarOS Image 364
Standby ICSR System 365
Performing Health Checks 365
Performing SRP Checks 365
Performing BGP Checks 366
ASR 5500 System Administration Guide, StarOS Release 21.4
xxi
Contents
Updating the Boot Record 366
Synchronizing File Systems 366
Reboot StarOS 366
Updating the Configuration File 367
Verifying the Software Version 367
Saving the Configuration File 367
Completing the Update Process 367
Waiting for Session Synchronization 368
Primary System 368
Initiating an SRP Switchover 368
Checking AAA Monitor Status on the Newly Active System 368
Completing the Software Update 369
Initiating an SRP Switchover 369
CHAPTER 26
Making Test Calls 369
Fallback Procedure 370
Support Data Collector 371
Overview 371
Configuring SDR Collection 372
Displaying the SDR Collection Configuration 372
Collecting and Storing the SDR Information 373
Managing Record Collection 373
Using SDRs to Diagnose Problems 375
SDR CLI Commands 375
Configuration Commands (Global Configuration Mode) 376
support record 376
support collection 376
Exec Mode Commands 377
show support record 377
APPENDIX A
xxii
delete support record 377
show support collection 377
Engineering Rules 379
CLI Session Rules 379
ASR 5500 Interface and Port Rules 379
ASR 5500 System Administration Guide, StarOS Release 21.4
Contents
Packet Data Network (PDN) Interface Rules 380
Context Rules 380
Subscriber Rules 383
Service Rules 383
Access Control List (ACL) Engineering Rules 384
ECMP Groups 384
APPENDIX B
APPENDIX C
StarOS Tasks 385
Overview 385
Primary Task Subsystems 386
Controllers and Managers 387
Subsystem Tasks 388
System Initiation Subsystem 388
High Availability Subsystem 389
Resource Manager Subsystem 390
Virtual Private Networking Subsystem 390
Network Processing Unit Subsystem 392
Session Subsystem 394
Platform Processes 403
Management Processes 406
NETCONF and ConfD 409
Feature Summary and Revision History 409
Overview 410
Configuring ConfD 412
SSH Key Requirement 412
NETCONF Protocol Configuration Mode 413
bulkstats 413
confd-user 413
netconf notifications events 414
netconf notifications snmp 414
netconf port 414
rest auth-policy 415
rest certificate 415
rest hostname 416
ASR 5500 System Administration Guide, StarOS Release 21.4
xxiii
Contents
rest port 416
Sample Configuration 416
Verifying the Configuration 417
show confdmgr Command 417
clear confdmgr confd cdb 424
clear confdmgr statistics 424
YANG Models 425
Show Support Details (SSD) 425
ConfD Examples 426
Server ConfD 426
Bulkstats 427
Exec CLI Model 429
CLI Based YANG Model for ECS Commands 430
APPENDIX D
Seeding and Synchronizing the CDB 431
show configuration confd Command 431
CDB Maintenance 432
clear confdmgr confd cdb 432
configure confd <url> 432
save configuration <url> confd 433
Supported StarOS ECS Configuration Commands 433
ICSR Checkpointing 435
Overview of Checkpointing 435
Macro-checkpoints 435
GGSN_APN ID MAPPING 436
INSTANCE LEVEL CHECKPOINT 436
SERVICE_ID MAPPING 436
VPNMGR_ID MAPPING 437
Micro-checkpoints 437
xxiv
Uncategorized 438
SESS_UCHKPT_CMD_INVALIDATE_CRR 438
SESS_UCKKPT_CMD_UPDATE_CLPSTATS 438
SESS_UCHKPT_CMD_UPDATE_IDLESECS 438
DCCA Category 439
SESS_UCHKPT_CMD_DCCA_SESS_INFO 439
ASR 5500 System Administration Guide, StarOS Release 21.4
Contents
ECS Category 439
SESS_UCHKPT_CMD_ACS_CALL_INFO 439
SESS_UCHKPT_CMD_ACS_GX_LI_INFO 440
SESS_UCHKPT_CMD_ACS_SESS_INFO 440
SESS_UCHKPT_CMD_DEL_ACS_CALL_INFO 440
SESS_UCHKPT_CMD_DEL_ACS_SESS_INFO 441
SESS_UCHKPT_CMD_DYNAMIC_CHRG_CA_INFO 441
SESS_UCHKPT_CMD_DYNAMIC_CHRG_DEL_CA_INFO 441
SESS_UCHKPT_CMD_DYNAMIC_CHRG_DEL_QG_INFO 442
SESS_UCHKPT_CMD_DYNAMIC_CHRG_QG_INFO 442
SESS_UCHKPT_CMD_DYNAMIC_RULE_DEL_INFO 442
SESS_UCHKPT_CMD_DYNAMIC_RULE_INFO 443
ePDG Category 443
SESS_UCHKPT_CMD_DELETE_EPDG_BEARER 443
SESS_UCHKPT_CMD_UPDATE_EPDG_BEARER 443
SESS_UCHKPT_CMD_UPDATE_EPDG_PEER_ADDR 444
SESS_UCHKPT_CMD_UPDATE_EPDG_REKEY 444
SESS_UCHKPT_CMD_UPDATE_EPDG_STATS 444
Firewall/ECS Category 445
SESS_UCHKPT_CMD_SFW_DEL_RULE_INFO 445
SESS_UCHKPT_CMD_SFW_RULE_INFO 445
GGSN Category 446
SESS_UCHKPT_CMD_GGSN_DELETE_SUB_SESS 446
SESS_UCHKPT_CMD_GGSN_UPDATE_RPR 446
SESS_UCHKPT_CMD_GGSN_UPDATE_SESSION 446
SESS_UCHKPT_CMD_GGSN_UPDATE_STATS 447
SESS_UCHKPT_CMD_UPDATE_COA_PARAMS 447
Gx Interface Category 448
SESS_UCHKPT_CMD_ACS_VOLUME_USAGE 448
SESS_UCHKPT_CMD_UPDATE_SGX_INFO 448
NAT Category 448
SESS_UCHKPT_CMD_GR_UPDATE_NAT_REALM_PORT_INFO1 448
SESS_UCHKPT_CMD_GR_UPDATE_NAT_REALMS 449
SESS_UCHKPT_CMD_NAT_SIP_ALG_CALL_INFO 449
SESS_UCHKPT_CMD_NAT_SIP_ALG_CONTACT_PH_INFO 450
ASR 5500 System Administration Guide, StarOS Release 21.4
xxv
Contents
SESS_UCHKPT_CMD_UPDATE_DSK_FLOW_CHKPT_INFO 450
SESS_UCHKPT_CMD_UPDATE_NAT_BYPASS_FLOW_INFO 450
P-GW Category 451
SESS_UCHKPT_CMD_PGW_DELETE_SUB_SESS 451
SESS_UCHKPT_CMD_PGW_OVRCHRG_PRTCTN_INFO 451
SESS_UCHKPT_CMD_PGW_SGWRESTORATION_INFO 451
SESS_UCHKPT_CMD_PGW_UBR_MBR_INFO 452
SESS_UCHKPT_CMD_PGW_UPDATE_APN_AMBR 452
SESS_UCHKPT_CMD_PGW_UPDATE_INFO 452
SESS_UCHKPT_CMD_PGW_UPDATE_LI_PARAM 452
SESS_UCHKPT_CMD_PGW_UPDATE_PDN_COMMON_PARAM 453
SESS_UCHKPT_CMD_PGW_UPDATE_QOS 453
SESS_UCHKPT_CMD_PGW_UPDATE_SGW_CHANGE 453
SESS_UCHKPT_CMD_PGW_UPDATE_STATS 453
Rf Interface Category 453
SESS_UCHKPT_CMD_ACS_ACCOUNTING_TYPE_QCI_RF 453
SESS_UCHKPT_CMD_ACS_ACCOUNTING_TYPE_QCI_RF_WITH_FC 454
SESS_UCHKPT_CMD_ACS_ACCOUNTING_TYPE_RATING_GROUP_RF 454
SESS_UCHKPT_CMD_ACS_ACCOUNTING_TYPE_RATING_GROUP_RF_WITH_FC 454
S6b Interface Category 455
SESS_UCHKPT_CMD_S6B_INFO 455
SaMOG Category 455
SESS_UCHKPT_CMD_CGW_DELETE_BEARER 455
SESS_UCHKPT_CMD_CGW_DELETE_PDN 455
SESS_UCHKPT_CMD_CGW_UPDATE_BEARER_QOS 456
SESS_UCHKPT_CMD_CGW_UPDATE_PDN 456
SESS_UCHKPT_CMD_CGW_UPDATE_STATS 456
SESS_UCHKPT_CMD_CGW_UPDATE_UE_PARAM 456
SESS_UCHKPT_CMD_SAMOG_ACCT_INTERIM_INFO 456
SESS_UCHKPT_CMD_SAMOG_ACCT_START_INFO 457
xxvi
SESS_UCHKPT_CMD_SAMOG_EOGRE_TUNNEL_INFO 457
SESS_UCHKPT_CMD_SAMOG_GTPV1_UPDATE_PDN_INFO 458
SESS_UCHKPT_CMD_SAMOG_HANDOFF_AUTHEN_INFO 458
SESS_UCHKPT_CMD_SAMOG_HANDOFF_INIT_INFO 458
SESS_UCHKPT_CMD_SAMOG_LI_PROV_INFO 459
ASR 5500 System Administration Guide, StarOS Release 21.4
Contents
SESS_UCHKPT_CMD_SAMOG_MIPV6_TIMER_INFO 459
SESS_UCHKPT_CMD_SAMOG_MULTI_ROUND_AUTHEN_INFO 459
SESS_UCHKPT_CMD_SAMOG_REAUTHEN_INFO 460
SESS_UCHKPT_CMD_SAMOG_REAUTHOR_INFO 460
APPENDIX E
APPENDIX F
ASR 5500 SDR CLI Command Strings 461
Cisco Secure Boot 475
Fundamental Concepts 475
Secure Boot Overview 476
MIO2 Support for Secure Boot 476
Image Naming Conventions 476
Verifying Authenticity 476
ASR 5500 System Administration Guide, StarOS Release 21.4
xxvii
Contents
xxviii
ASR 5500 System Administration Guide, StarOS Release 21.4
About this Guide
This preface describes the ASR 5500 System Administration Guide, how it is organized and its document
conventions.
The System Administration Guide describes how to generally configure and maintain StarOS running on an
ASR 5500 platform. It also includes information on monitoring system performance and troubleshooting.
Conventions Used, page xxix
•
Related Documentation, page xxx
•
MIOs and DPCs, page xxx
•
Contacting Customer Support, page xxxi
•
Conventions Used
The following tables describe the conventions used throughout this documentation.
DescriptionNotice Type
Provides information about important features or instructions.Information Note
Warning
Text represented as a screen
display
Alerts you of potential damage to a program, device, or system.Caution
Alerts you of potential personal injury or fatality. May also alert you
of potential electrical hazards.
DescriptionTypeface Conventions
This typeface represents displays that appear on your terminal
screen, for example:
Login:
ASR 5500 System Administration Guide, StarOS Release 21.4
xxix
Related Documentation
About this Guide
DescriptionTypeface Conventions
Text represented as commands
Text represented as a command variable
Text represented as menu or sub-menu
names
Related Documentation
The most up-to-date information for this product is available in the product Release Notes provided with each
software release.
The following user documents are available on www.cisco.com:
This typeface represents commands that you enter, for example:
show ip access-list
This document always gives the full form of a command in
lowercase letters. Commands are not case sensitive.
This typeface represents a variable that is part of a command, for
example:
show card slot_number
slot_number is a variable representing the desired chassis slot
number.
This typeface represents menus and sub-menus that you access
within a software application, for example:
Click the File menu, then click New
ASR 5500 Installation Guide
•
AAA Interface Administration and Reference
•
Command Line Interface Reference
•
GTPP Interface Administration and Reference
•
IPSec Reference
•
Release Change Reference
•
SNMP MIB Reference
•
Statistics and Counters Reference
•
Thresholding Configuration Guide
•
Product-specific and feature-specific Administration guides
•
MIOs and DPCs
The ASR 5500 supports a variety of Management Input/Output and Data Processing Card types.
The currently supported Management Input/Output card types include:
xxx
ASR 5500 System Administration Guide, StarOS Release 21.4
Loading...