Cisco Cisco Packet Data Gateway (PDG)
Target Access Restriction
CSCux33388 - InterSGSN 3G to 2G HO fails
CSCur41900 -Rollback Behavior in EPC during TAU/RAU Needs to be Corrected
Feature Changes
Target Access Restriction feature was added to the SGSN and MME in release 17.4. The purpose of this
feature is to avoid rollback behavior that exists in RAU and TAUs by checking target RAT Type IE present
in the Context Request at the source node, and then rejecting the TAU/RAU based on the subscriber's ARD
profile earlier in the cycle if the target RAT is restricted for the subscriber. Rollback behavior caused late
TAU/RAU rejection, resulting in PDP/bearer deletion for the MME, PGW, and the SGSN, requiring the UE
to reattach and reactivate lost PDP/bearer.
feature is to avoid rollback behavior that exists in RAU and TAUs by checking target RAT Type IE present
in the Context Request at the source node, and then rejecting the TAU/RAU based on the subscriber's ARD
profile earlier in the cycle if the target RAT is restricted for the subscriber. Rollback behavior caused late
TAU/RAU rejection, resulting in PDP/bearer deletion for the MME, PGW, and the SGSN, requiring the UE
to reattach and reactivate lost PDP/bearer.
Previous Behavior: As a part of this functionality, the target access restriction feature instructs the
source-SGSN or the source-MME to reject outbound RAU when the target access was restricted for the
subscriber. Rejection was performed without checking "access-restriction-data no-check" in the call control
profile configuration.
source-SGSN or the source-MME to reject outbound RAU when the target access was restricted for the
subscriber. Rejection was performed without checking "access-restriction-data no-check" in the call control
profile configuration.
New Behavior: With release 17.6.1, a new command keyword target-access-restriction has been introduced
to the call control profile configuration to control (enable/disable) target access restriction functionality. Target
access restriction is now disabled by default on both the SGSN and the MME. Refer to the Command Changes
section below for the command information to enable/disable this functionality.
to the call control profile configuration to control (enable/disable) target access restriction functionality. Target
access restriction is now disabled by default on both the SGSN and the MME. Refer to the Command Changes
section below for the command information to enable/disable this functionality.
The default behaviors for the SGSN and the MME now differ:
• New Behavior for the MME only:"target-access-restriction" keyword configuration will control the
target access restriction feature for the MME without other consideration:
◦No Rejection: if "target-access-restriction" is not enabled, then the source-MME will not reject
the outbound RAU Request based on the ARD profile of the subscriber per the
Access-Restriction-Data received in ULA/ULR using the RAT Type IE received in the Context
Request.
Access-Restriction-Data received in ULA/ULR using the RAT Type IE received in the Context
Request.
◦Rejection: if "target-access-restriction" is enabled, then the source-MME will reject the outbound
RAU Request based on the ARD profile of the subscriber per the Access-Restriction-Data received
in ULA/ULR using the RAT Type IE received in the Context Request.
in ULA/ULR using the RAT Type IE received in the Context Request.
• New Behavior for the SGSN only:"target-access-restriction" keyword configuration enables/disables
the target access restriction feature. The SGSN also considers "access-restriction-data no-check" in the
call control profile configuration prior to rejecting outbound RAU when target access restriction
functionality is enabled. The SGSN's target access restriction behavior is dependent upon the SGSN's
"access-restriction-data no-check" configuration:
call control profile configuration prior to rejecting outbound RAU when target access restriction
functionality is enabled. The SGSN's target access restriction behavior is dependent upon the SGSN's
"access-restriction-data no-check" configuration:
◦No Rejection: if "target-access-restriction" is enabled, and if "access-restriction-data no-check"
is enabled, then the source-SGSN will not reject the outbound RAU Request based on the ARD
profile of the subscriber per the Access-Restriction-Data received in ULA/ULR using the RAT
Type IE received in the Context Request.
profile of the subscriber per the Access-Restriction-Data received in ULA/ULR using the RAT
Type IE received in the Context Request.
◦Rejection: if "target-access-restriction" is enabled, and if "access-restriction-data no-check" is not
enabled, then the source-SGSN will ignore the "target-access-restriction enabled" configuration
and the source-SGSN will reject the outbound RAU Request based on the ARD profile of the
and the source-SGSN will reject the outbound RAU Request based on the ARD profile of the
Release Change Reference, StarOS Release 19
201
MME Changes in Release 19
Target Access Restriction