Cisco Cisco Packet Data Gateway (PDG)
P-GW Changes in Release 17
P-GW Enhancements for 17.1 ▀
Release Change Reference, StarOS Release 17 ▄
373
CSCuo51256 - Filter-ID Invalid name should not overwrite default ACL
configuration
Feature Changes
Modification in ACL's Selection During Call Setup
Previous Behavior: In GGSN/P-GW Context, an APN was configured with certain ACLs via the
ip access-group
command. During the User Context activation, in the Access-Accept from RADIUS the Attribute “Filter-Id” was
returned, but the Filter-Id Attribute-Value was not pre-configured on the ASR 5000. Therefore, it was considered an
“invalid” value for the Filter-Id. Then, the ACL configuration was not configured, which meant that the locally
configured ACL name from the APN Template was also not being applied.
returned, but the Filter-Id Attribute-Value was not pre-configured on the ASR 5000. Therefore, it was considered an
“invalid” value for the Filter-Id. Then, the ACL configuration was not configured, which meant that the locally
configured ACL name from the APN Template was also not being applied.
New Behavior: In the case of an “invalid Filter-Id” attribute value in a RADIUS Access-Accept message, the behavior
should be the same as in the case of a “missing Filter-ID” AVP. Therefore, during Context Activation in the RADIUS
Access-Accept, a Filter-Id Attribute is returned. However, the Value of the Filter-Id attribute is considered as invalid.
Then, if any ACL value is locally configured in the APN, it should be taken and applied in the context.
should be the same as in the case of a “missing Filter-ID” AVP. Therefore, during Context Activation in the RADIUS
Access-Accept, a Filter-Id Attribute is returned. However, the Value of the Filter-Id attribute is considered as invalid.
Then, if any ACL value is locally configured in the APN, it should be taken and applied in the context.
Customer Impact: There will be no loss of CDR and missing charging information when incorrect ACL is sent via
RADIUS.
RADIUS.
Command Changes
ip access-group
The new keyword
fallback-enabled
helps to prevent loss of CDR and missing charging information when
incorrect ACL is sent via RADIUS.
configure
context context_name
apn apn_name
ip access-group acl_group_name [ in | out ] [ fallback-enabled ]
end
Notes:
fallback-enabled
: When invalid ACL is received from RADIUS during Context Activation, ACL in this
APN will be applied so there is no loss of CDR or missing charging information.
By default, ACL fallback is disabled.
Run command without
fallback-enabled
option to disable ACL fallback for a previously configured ACL
applied to a particular APN.
ipv6 access-group
The new keyword
fallback-enabled
helps to prevent loss of CDR and missing charging information when
incorrect ACL is sent via RADIUS.