GGSN9811 V900R007C01 APN Data Configuration: Huawei Technologies [PDF]

Zitiervorschau

GGSN9811 V900R007C01 APN Data Configuration www.huawei.com

www.huawei.com

Huawei Technologies

Contents 1. Basic Concept 2. APN Configuration 3. Virtual APN Configuration 4. Alias APN Configuration

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

APN — Definition and Function 

APN: Access Point Name



APN function: 

Use APN to identify the GGSN in the GPRS/WCDMA backbone



APN defines the external PDN which is connected to GGSN, such as the ISP network and enterprise network

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

APN — Structure internet. mnc.mcc.gprs APN Network Identifier

APN Operator Identifier



APN NI defines the external network



APN OI defines the GPRS backbone of GGSN



APN classification 

General APN: local accessing



Area APN: home accessing

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

APN — Application DNS of internet

www.yahoo.com =211.*.*.*

Domain name: www.yahoo.com APN: web

traffic MS

GGSN

SGSN

APN=GGSN IP

DNS of GPRS core network HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

IP address= 211.*.*.*

www.yahoo.com

Contents 1. Basic Concept 1.1 APN 1.2 MS Access Mode 1.3 MS Address Allocation

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

MS Access Mode 



Transparent mode 

Fit for mobile operator acts as the ISP



The IP address allocate to the MS belong to the operator’s network



Generally, no need to authenticate the subscriber

None transparent mode 

Fit for the mobile operator and ISP separate mode



The IP allocate to MS belong to the operator or ISP



Must authenticate the subscriber

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Authentication Mode 

The authentication mode is used when none-transparent, the user name could be: 

PCO



APN



MSISDN

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

MS Access Mode

Transparent Radius

1. Create PDP context request GGSN

MS

2. Create PDP context respond

HUAWEI TECHNOLOGIES CO., LTD.

GGSN

HUAWEI Confidential

traffic

MS Access Mode

No Transparent Radius

1. Create PDP context request

username & password

GGSN MS

3. Create PDP context respond

HUAWEI TECHNOLOGIES CO., LTD.

GGSN

HUAWEI Confidential

traffic

MS Access Mode

Transparent and authentication Radius

username & password

1. Create PDP context request

GGSN MS

3. Create PDP context respond

HUAWEI TECHNOLOGIES CO., LTD.

GGSN

HUAWEI Confidential

traffic

Contents 1. Basic Concept 1.1 APN 1.2 MS Access Mode 1.3 MS Address Allocation

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

MS Address Allocation 

Static IP allocation 

The subscriber get the IP address when the they subscribe the data service



Dynamic IP allocation 

Allocate by GGSN internal IP address pool



Allocate by RADIUS



Allocate by DHCP

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Contents 1. Basic Concept 2. APN Configuration 3. Virtual APN Configuration 4. Alias APN Configuration

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

APN Information Global Route APN name

APN name

Basic info Address Pool VPN instance name

Bind Radius

APN name

Dns DHCP

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Configuration steps 

Basic information about APN



IP address pool for the APN



Configure Radius Information



Configure DNS



Configure DHCP

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

APN Basic Information

APN Basic Information

command

APN name

apn

selection-mode

select-mode-check

access-mode authentication-mode

access-mode

address-allocation

address-allocation

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Optional Data for APN Basic Information 

Optional steps for APN basic information configuration 

session-timeout



idle-timeout



max-bandwidth

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Optional Data for APN Basic Information 

Optional steps for APN basic information configuration 

max-pdpnumber



apn-type-select



volume-statistic-mode



ppp-access authentication

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Create APN Instance 

apn apn-instance 



vpn-instance vpn-instance-name 



[Huawei]apn huawei1

[Huawei-apn-huawei1]vpn-instance ch-gi

select-mode-check { enable | disable } 

[Huawei-apn-huawei1]select-mode-check disable

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Create APN Instance 

access-mode { transparent-authentication | transparent-nonauthentication | non-transparent [ authentication-mode { pco | apn [ authentication-password password-string] [ pco-priority enable | disable ] | msisdn [authentication-password password-stirng ] [ pco-priority enable | disable ] } ] } 

[Huawei-apn-huawei1]access-mode non-transparent authenticationmode pco



[Huawei-apn-huawei1]common-user ch-mobile commonuser-

password ch-mobile

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Create APN Instance 

common-user user-name commonuser-password password 

[Huawei-apn-huawei1]common-user ch-mobile commonuserpassword ch-mobile



[Huawei-apn-huawei1]idle-timeout enable length 60 updatemsg enable



[Huawei-apn-huawei1]apn-type-select aaaacct service ocs service perf service cg requested

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Maintenance 



Lock APN 

[GGSN] apn isp.com



[GGSN-apn-isp.com] lock enable

Display apn-userinfo 

display apn-userinfo isp.com

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Configuration steps 

Basic information about APN



IP address pool for the APN



Configure Radius Information



Configure DNS



Configure DHCP

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Address Allocation Mode

Enable

Local: Radius-priority Disable Command: [GGSN9811-apnhuawei]address-allocate

Enable DHCP: Radius-priority Disable Radius Radius

Enable

PDP req (null)

Local pool

HUAWEI TECHNOLOGIES CO., LTD.

IP

HUAWEI Confidential

Static IP Processing (1) PDP req (APN/IP)

APN

HLR: E/D

(2)

Static-ip: Conflict: E/D

Black-addresslist

Router: E/D

N

(3)

White-address-list IP pool/section/static Y PDP RES (IP)

(5)

(6)

SPU

HUAWEI TECHNOLOGIES CO., LTD.

N

Des

Mask

IP add

32

Nhop

Router: E/D

HUAWEI Confidential

Gif

(4)

The IP address has been used by other IMSI? Y Reject

Y

N

Dynamic Address Processing (1) PDP req (APN/null)

APN

Local : Radius priority

DHC P

(2)

Address allocate: DHCP: Radius priority

(Agent IP)

(3)

Radius

(4)

Local pool Radius

(5) PDP RES (IP)

N

(6)

Des

Mask

IP add

27

SPU

HUAWEI TECHNOLOGIES CO., LTD.

Nhop Gif

The IP address has been used by other IMSI? Y Reject

HUAWEI Confidential

Gif SGSN Gnif interface Other router Gif interface

Data LPU SPU 

GGSN is a router with GPRS function，so there are two kinds of data to come in GGSN: the IP package (black line) which sends to MS and

Physical interface

ordinary data package (red line). None but the MS IP package needs to be transfer to Gnif interface to conduct GTP encapsulation, ordinary

G interface

data package needn’t

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Address Allocate Mode 

address-allocate { local [ radius-prior { enable | disable }] | dhcp [ radius-prior { enable | disable }] | radius } 

[Huawei-apn-huawei1]address-allocate radius

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Local Pool Configuration Local pool for dynamic ip allocation pool name create IP pool

Local/remote

[GGSN-access]ip pool

section-num IP pool section configuration binding with APN

start-ip-address end-ip-address

[GGSN-access-ip-pool-testpool] section

pool name

[GGSN-apn-huawei1] addresspool

[Huawei-access-ip-poolbinding with VPN

HUAWEI TECHNOLOGIES CO., LTD.

pool name

huawei1]vpn-instance ch-gi

HUAWEI Confidential

Blacklist and Whitelist Configuration Static IP Attribution Configuration start-ip-address configure black-addresslist

end-ip-address [GGSN-access] black-address-list

vpn-instance-name (o) pool-name

[GGSN-access]ip pool

remote section-num start-ip-address end-ip-address

configure white-addresslist

[GGSN-access-ip-pool-testpool] section

binding with VPN (o)

[GGSN-access-ip-pool-testpool] vpninstance vrf1

binding with APN

[GGSN-apn-isp.com] address-pool

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

static

pool-name

Whitelist Configuration 

ip pool pool-name [ remote | local [ ipv4 | ipv6 ] ] 



[Huawei-access] ip pool huawei1 local

section section-num start-ip-address end-ip-address [ static ] 

[Huawei-access-ip-pool-huawei1] section 2 100.100.1.1 100.100.1.100 static



[Huawei-access-ip-pool-huawei1]vpn-instance ch-gi



[Huawei-apn-huawei1]address-pool huawei1

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Enable Active PDP by Static IP Enable active by static IP hlr-provided conflict route Configure the static IP function



[GGSN-apn-isp.com] static-ip

vpn-instancename (o)

static-ip [ hlr-provided { enable [ conflict { deactive | ignore } ] | disable } ] [ route { enable [ hlr | radius | all ] | disable } ] 

[Huawei-apn-huawei1]static-ip hlr-provided enable route enable all

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Maintenance 

Lock Pool 

[GGSN-access] ip pool testpool local



[GGSN-access-ip-pool-testpool] lock

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Maintenance

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Configuration steps 

Basic information about APN



IP address pool for the APN



Configure Radius Information



Configure DNS



Configure DHCP

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

AAA Authentication Configuration [GGSN-access] radius-server group isp.com Configure AAA server

[GGSN-access-radius- isp.com] radius-server

authentication

authentication

Configure radius-server

retransmit timeout

[GGSN-access-radius- isp.com] radius-server

Configure radius server

[GGSN-access-radius- isp.com] radius-server auth-

authentication attribute

attribute

Configure radius server authentication 3GPP

[GGSN-access-radius- isp.com] radius-server auth-

extension attributes

3gppvsa

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

AAA Authentication Configuration

Configure radius-server acceptattribute

[GGSN-access-radius-server1] radius-server accept-attribute

Bind RADIUS server group to APN

[GGSN] apn test

instance

[GGSN-apn-test] radius-server group isp.com

Configure public user name and password of the APN

[GGSN-apn-test] common-user

Configure that the domain name of the APN can be stripped

HUAWEI TECHNOLOGIES CO., LTD.

[GGSN-apn-isp.com] strip-domain-name enable

HUAWEI Confidential

AAA Accounting Configuration [GGSN-access] radius-server group TMO Configure active AAA

[GGSN-access-radius- tmo] radius-server

accounting server

accounting

Configure AAA accounting server retransmit timeout

[GGSN-access-radius- tmo] radius-server

configure AAA accounting

[GGSN-access-radius- tmo] radius-server acct-

private extension attributes

attribute

Configure radius server 3GPP

[GGSN-access-radius-server1] radius-server acct-

accounting extension attributes

3gppvsa

configure cache-acct-stopmessage

[GGSN-apn- Germany] cache-acct-stop-msg enable

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

AAA Accounting Configuration Bind RADIUS server group to

[GGSN] apn Germany

APN instance

[GGSN-apn- Germany] radius-server group TMO

configure the charging signaling control attributes of the AAA client

[GGSN-apn- Germany] radius acctctrl

configure the traffic threshold

[GGSN-apn- Germany] radius threshold time-

and time threshold

threshold

configure cache-acct-stopmessage

[GGSN-apn- Germany] cache-acct-stop-msg enable

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Optional Steps 

Optional steps 

radius-server auth-attribute



radius-server auth-3gppvsa



radius-server acct-attribute



radius-server acct-3gppvsa



radius-server acct-onoffsig



strip-domain-name

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Configuration 

radius-server group group-name 



[Huawei-access] radius-server group huawei1

radius-server authentication ip-address [vpn-instance vpninstance] [port port] key key-string 

[Huawei-access-radius-huawei1] radius-server authentication 10.111.23.7 vpn-instance ch-gi key huawei1

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Configuration 

radius-server auth-attribute [ acct-session-id { enable | disable } | nas-id { enable { sys-name | apn } | disable } | imsi { enable | disable } | charging-id { enable | disable } | prepaidind { enable | disable } | ggsn-ip { enable | disable } | sgsn-ip { enable | disable } | apn-alias { enable | disable } | ggsnvendor { enable | disable } | ggsn-version { enable | disable } ] * 

[Huawei-access-radius-huawei1]radius-server auth-attribute acct-

session-id enable charging-id enable ggsn-ip enable ggsn-vendor enable apn-alias enable ggsn-version enable

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Configuration 

3GPP extension attributes configuration 

[Huawei-access-radius-huawei1] radius-server auth-3gppvsa 3gpp enable



radius-server accounting ip-address [ port port-number ] [ vpninstance vpn-instance ] key key-string 

[Huawei-access-radius-huawei1]radius-server accounting 10.111.23.7 vpn-instance ch-gi key huawei1

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Configuration 

Accounting attribute configuration 

[Huawei-access-radius-huawei1]radius-server acct-attribute chargingid enable



3GPP extension attributes configuration 

[Huawei-access-radius-huawei1]radius-server acct-3gppvsa 3gpp enable



Optional accounting message attributes configuration 

[Huawei-access-radius-huawei1]radius-server acct-onoffsig optionalaccount-message enable

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Configuration 

radius-server group group-name 



[Huawei-apn-huawei1]radius-server group huawei1

control attributes of accounting signaling of an AAA client 

[Huawei-apn-huawei1] radius acctctrl wait-accounting-response enable



radius threshold [ time-threshold time-threshold | volumethreshold volume-threshold ] * 

[Huawei-apn-huawei1] radius threshold time-threshold 10

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Configuration steps 

Basic information about APN



IP address pool for the APN



Configure Radius Information



Configure DNS



Configure DHCP

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

DNS Configuration [GGSN] access-view Configure the DNS for the specific APN [GGSN-access] APN huawei [GGSN-access-huawei] dns primary-ip 192.168.2.1 secondary-ip 192.168.1.1 priority radius Configure the DNS for default

[GGSN-access] defdns primary-ip 192.168.2.1 secondary-ip 192.168.1.1 radius

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Configuration steps 

Basic information about APN



IP address pool for the APN



Configure Radius Information



Configure DNS



Configure DHCP

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

DHCP Configuration 





Set the DHCP group information 

[GGSN-access] dhcp-server group



[GGSN-access-dhcp-server-group-group1] dhcp-server



[GGSN-access-dhcp-server-group-group1] dhcp-server leasetime

Set the ip pool information 

[GGSN-access]ip pool



[GGSN-access-ip-pool-testpool] agent-ip



[GGSN-access-ip-pool-testpool] dhcp-server group

Binding the ip pool with APN 

[GGSN-apn-isp.com] address-pool

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Contents 1. Basic Concept 2. APN Configuration 3. Virtual APN Configuration 4. Alias APN Configuration

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Virtual and Alias APN 

Virtual APN 

The virtual APN means that multiple users who access different PDNs can carry the same APN, that is, they can access different PDNs through the same virtual APN on the GGSN.



Alias APN 

Multiple APNs in the current network can be aliases of a single APN and they can use the same resources.

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Virtual APN by IMSI

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Virtual APN by MSISDN

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Virtual APN by RAT

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Virtual APN by PCO

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Virtual APN by PCO

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Configuration Steps 

virtual-apn { enable [ virtual-apn-activate { enable | disable } ] | disable } 

[GGSN9811-apn-huawei1] virtual-apn enable virtual-apn-activate enable

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Configuration Steps 

virtual-apn-rule virtual-apn-instance ｛ imsi imsi-matchingnumber apn apn-instance | msisdn msisdn-matching-number apn apn-instance | rat matching-mode apn apn-instance | pco | radius ｝ 



[GGSN-access] virtual-apn-rule huawei imsi 46001 apn beijing

prefix-separator and suffix-separator

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Contents 1. Basic Concept 2. APN Configuration 3. Virtual APN Configuration 4. Alias APN Configuration

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Virtual and Alias APN 

Virtual APN 

The virtual APN means that multiple users who access different PDNs can carry the same APN, that is, they can access different PDNs through the same virtual APN on the GGSN.



Alias APN 

Multiple APNs in the current network can be aliases of a single APN and they can use the same resources.

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Confidential

Thank you www.huawei.com