GGSN9811 V900R007C01

APN Data Configuration

www.huawei.com

www.huawei.com

Huawei Technologies
 Contents

1. Basic Concept

2. APN Configuration

3. Virtual APN Configuration

4. Alias APN Configuration

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

APN — Definition and Function

 APN: Access Point Name

 APN function:
 Use APN to identify the GGSN in the GPRS/WCDMA backbone

 APN defines the external PDN which is connected to GGSN, such as

the ISP network and enterprise network

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

APN — Structure
internet. mnc<MNC>.mcc<MCC>.gprs
APN Network APN Operator
Identifier Identifier
 APN NI defines the external network

 APN OI defines the GPRS backbone of GGSN

 APN classification
 General APN: local accessing

 Area APN: home accessing

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

 APN — Application
DNS of internet

www.yahoo.com
Domain name: www.yahoo.com =211.*.*.*

APN: web
traffic

MS SGSN GGSN

APN=GGSN IP IP address=
211.*.*.*

DNS of GPRS www.yahoo.com

core network

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

 Contents

1. Basic Concept
1.1 APN

1.2 MS Access Mode

1.3 MS Address Allocation

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

MS Access Mode

 Transparent mode
 Fit for mobile operator acts as the ISP

 The IP address allocate to the MS belong to the operator’s network

 Generally, no need to authenticate the subscriber

 None transparent mode

 Fit for the mobile operator and ISP separate mode

 The IP allocate to MS belong to the operator or ISP

 Must authenticate the subscriber

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

Authentication Mode

 The authentication mode is used when none-transparent, the user

name could be:
 PCO

 APN

 MSISDN

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

MS Access Mode

Transparent
Radius

1. Create PDP context request

traffic
GGSN
2. Create PDP context respond
MS GGSN

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

 MS Access Mode

No Transparent
Radius

username & 1. Create PDP context request

traffic
password GGSN
3. Create PDP context respond
MS GGSN

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

MS Access Mode

Transparent and authentication

Radius

username &
password

1. Create PDP context request

traffic
GGSN
3. Create PDP context respond
MS GGSN

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

 Contents

1. Basic Concept
1.1 APN

1.2 MS Access Mode

1.3 MS Address Allocation

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

MS Address Allocation

 Static IP allocation
 The subscriber get the IP address when the they subscribe the data
service

 Dynamic IP allocation
 Allocate by GGSN internal IP address pool

 Allocate by RADIUS

 Allocate by DHCP

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

 Contents

1. Basic Concept

2. APN Configuration

3. Virtual APN Configuration

4. Alias APN Configuration

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

APN Information

Global Route
APN name
APN name

Basic info

Address Pool
VPN instance name Bind

APN name Radius

Dns

DHCP

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

Configuration steps

 Basic information about APN

 IP address pool for the APN

 Configure Radius Information

 Configure DNS

 Configure DHCP

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

APN Basic Information

APN Basic Information command

APN name apn
selection-mode select-mode-check
access-mode
authentication-mode access-mode
address-allocation address-allocation

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

Optional Data for APN Basic Information

 Optional steps for APN basic information configuration

 session-timeout

 idle-timeout

 max-bandwidth

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

Optional Data for APN Basic Information

 Optional steps for APN basic information configuration

 max-pdpnumber

 apn-type-select

 volume-statistic-mode

 ppp-access authentication

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

Create APN Instance

 apn apn-instance
 [Huawei]apn huawei1

 vpn-instance vpn-instance-name
 [Huawei-apn-huawei1]vpn-instance ch-gi

 select-mode-check { enable | disable }

 [Huawei-apn-huawei1]select-mode-check disable

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

Create APN Instance

 access-mode { transparent-authentication | transparent-non-

authentication | non-transparent [ authentication-mode { pco |
apn [ authentication-password password-string] [ pco-priority
enable | disable ] | msisdn [authentication-password
password-stirng ] [ pco-priority enable | disable ] } ] }
 [Huawei-apn-huawei1]access-mode non-transparent authentication-
mode pco

 [Huawei-apn-huawei1]common-user ch-mobile commonuser-

password ch-mobile

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

Create APN Instance

 common-user user-name commonuser-password password

 [Huawei-apn-huawei1]common-user ch-mobile commonuser-
password ch-mobile

 [Huawei-apn-huawei1]idle-timeout enable length 60 updatemsg

enable

 [Huawei-apn-huawei1]apn-type-select aaaacct service ocs service

perf service cg requested

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

Maintenance

 Lock APN
 [GGSN] apn isp.com

 [GGSN-apn-isp.com] lock enable

 Display apn-userinfo
 <GGSN> display apn-userinfo isp.com

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

Configuration steps

 Basic information about APN

 IP address pool for the APN

 Configure Radius Information

 Configure DNS

 Configure DHCP

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

Address Allocation Mode Enable

Local: Radius-priority
Disable
Enable
Command: [GGSN9811-apn-
huawei]address-allocate DHCP: Radius-priority
Disable

Radius

Radius
Enable
PDP req (null) IP
Local pool

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

Static IP Processing
(1)
PDP req (APN/IP) APN

HLR: E/D
(2)
Static-ip: Conflict: E/D Y
Router: E/D Black-address-
list

N
(3)
White-address-list N
IP pool/section/static
Y (4)
PDP RES (IP) (6) (5) N The IP address has
been used by other
Des Mask Nhop IMSI?
IP add 32 Gif Y

SPU Router: E/D Reject

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

Dynamic Address Processing
(1)
PDP req (APN/null) APN
DHC
Local : Radius priority P
(2) (Agent IP)
Address allocate: DHCP: Radius priority
(3)
Radius
Local pool
(4) Radius

(5)

PDP RES (IP) N The IP address has

(6) been used by other
Des Mask Nhop IMSI?
IP add 27 Gif Y

SPU Reject

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

 Gif

SGSN

Gnif interface

Other router
Gif interface
Data
LPU SPU
 GGSN is a router with GPRS function，so there are two kinds of data
to come in GGSN: the IP package (black line) which sends to MS and
Physical interface ordinary data package (red line). None but the MS IP package needs
to be transfer to Gnif interface to conduct GTP encapsulation, ordinary
G interface data package needn’t

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

Address Allocate Mode

 address-allocate { local [ radius-prior { enable | disable }] |

dhcp [ radius-prior { enable | disable }] | radius }
 [Huawei-apn-huawei1]address-allocate radius

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

Local Pool Configuration

Local pool for dynamic ip allocation

pool name
create IP pool Local/remote [GGSN-access]ip pool
section-num
start-ip-address [GGSN-access-ip-pool-testpool]
IP pool section
configuration end-ip-address section
[GGSN-apn-huawei1] address-
binding with APN pool name pool
[Huawei-access-ip-pool-
binding with VPN pool name huawei1]vpn-instance ch-gi

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

Blacklist and Whitelist Configuration

Static IP Attribution Configuration

start-ip-address

configure black-address- end-ip-address

list [GGSN-access] black-address-list vpn-instance-name (o)
pool-name
[GGSN-access]ip pool remote
section-num
start-ip-address

configure white-address- end-ip-address

list [GGSN-access-ip-pool-testpool] section static
[GGSN-access-ip-pool-testpool] vpn-
binding with VPN (o) instance vrf1
binding with APN [GGSN-apn-isp.com] address-pool pool-name

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

Whitelist Configuration

 ip pool pool-name [ remote | local [ ipv4 | ipv6 ] ]

 [Huawei-access] ip pool huawei1 local

 section section-num start-ip-address end-ip-address [ static ]

 [Huawei-access-ip-pool-huawei1] section 2 100.100.1.1
100.100.1.100 static

 [Huawei-access-ip-pool-huawei1]vpn-instance ch-gi

 [Huawei-apn-huawei1]address-pool huawei1

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

Enable Active PDP by Static IP

Enable active by static IP

hlr-provided

conflict

route
Configure the static IP vpn-instance-
function [GGSN-apn-isp.com] static-ip name (o)

 static-ip [ hlr-provided { enable [ conflict { deactive | ignore } ] |

disable } ] [ route { enable [ hlr | radius | all ] | disable } ]
 [Huawei-apn-huawei1]static-ip hlr-provided enable route enable all

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

Maintenance

 Lock Pool
 [GGSN-access] ip pool testpool local

 [GGSN-access-ip-pool-testpool] lock

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

Maintenance

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

Configuration steps

 Basic information about APN

 IP address pool for the APN

 Configure Radius Information

 Configure DNS

 Configure DHCP

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

AAA Authentication Configuration

[GGSN-access] radius-server group isp.com

Configure AAA server [GGSN-access-radius- isp.com] radius-server

authentication authentication

Configure radius-server
retransmit timeout [GGSN-access-radius- isp.com] radius-server

Configure radius server [GGSN-access-radius- isp.com] radius-server auth-

authentication attribute attribute

Configure radius server

authentication 3GPP [GGSN-access-radius- isp.com] radius-server auth-
extension attributes 3gppvsa

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

 AAA Authentication Configuration

Configure radius-server accept-

attribute [GGSN-access-radius-server1] radius-server accept-attribute

Bind RADIUS server group to APN [GGSN] apn test

instance [GGSN-apn-test] radius-server group isp.com

Configure public user name and

password of the APN [GGSN-apn-test] common-user

Configure that the domain name of

the APN can be stripped [GGSN-apn-isp.com] strip-domain-name enable

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

AAA Accounting Configuration

[GGSN-access] radius-server group TMO

Configure active AAA [GGSN-access-radius- tmo] radius-server

accounting server accounting

Configure AAA accounting

server retransmit timeout [GGSN-access-radius- tmo] radius-server

configure AAA accounting [GGSN-access-radius- tmo] radius-server acct-

private extension attributes attribute

Configure radius server 3GPP [GGSN-access-radius-server1] radius-server acct-

accounting extension attributes 3gppvsa

configure cache-acct-stop-
message [GGSN-apn- Germany] cache-acct-stop-msg enable

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

AAA Accounting Configuration

Bind RADIUS server group to [GGSN] apn Germany

APN instance [GGSN-apn- Germany] radius-server group TMO

configure the charging

signaling control attributes of
the AAA client [GGSN-apn- Germany] radius acctctrl

configure the traffic threshold [GGSN-apn- Germany] radius threshold time-

and time threshold threshold

configure cache-acct-stop-
message [GGSN-apn- Germany] cache-acct-stop-msg enable

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

Optional Steps

 Optional steps
 radius-server auth-attribute

 radius-server auth-3gppvsa

 radius-server acct-attribute

 radius-server acct-3gppvsa

 radius-server acct-onoffsig

 strip-domain-name

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

Configuration

 radius-server group group-name

 [Huawei-access] radius-server group huawei1

 radius-server authentication ip-address [vpn-instance vpn-

instance] [port port] key key-string
 [Huawei-access-radius-huawei1] radius-server authentication
10.111.23.7 vpn-instance ch-gi key huawei1

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

Configuration

 radius-server auth-attribute [ acct-session-id { enable |

disable } | nas-id { enable { sys-name | apn } | disable } | imsi
{ enable | disable } | charging-id { enable | disable } | prepaid-
ind { enable | disable } | ggsn-ip { enable | disable } | sgsn-ip
{ enable | disable } | apn-alias { enable | disable } | ggsn-
vendor { enable | disable } | ggsn-version { enable | disable } ]
*
 [Huawei-access-radius-huawei1]radius-server auth-attribute acct-
session-id enable charging-id enable ggsn-ip enable ggsn-vendor
enable apn-alias enable ggsn-version enable

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

Configuration

 3GPP extension attributes configuration

 [Huawei-access-radius-huawei1] radius-server auth-3gppvsa 3gpp
enable

 radius-server accounting ip-address [ port port-number ] [ vpn-

instance vpn-instance ] key key-string
 [Huawei-access-radius-huawei1]radius-server accounting 10.111.23.7
vpn-instance ch-gi key huawei1

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

Configuration

 Accounting attribute configuration

 [Huawei-access-radius-huawei1]radius-server acct-attribute charging-
id enable

 3GPP extension attributes configuration

 [Huawei-access-radius-huawei1]radius-server acct-3gppvsa 3gpp
enable

 Optional accounting message attributes configuration

 [Huawei-access-radius-huawei1]radius-server acct-onoffsig optional-
account-message enable

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

Configuration

 radius-server group group-name

 [Huawei-apn-huawei1]radius-server group huawei1

 control attributes of accounting signaling of an AAA client

 [Huawei-apn-huawei1] radius acctctrl wait-accounting-response
enable

 radius threshold [ time-threshold time-threshold | volume-

threshold volume-threshold ] *
 [Huawei-apn-huawei1] radius threshold time-threshold 10

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

Configuration steps

 Basic information about APN

 IP address pool for the APN

 Configure Radius Information

 Configure DNS

 Configure DHCP

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

DNS Configuration

[GGSN] access-view

Configure the DNS for the specific APN

[GGSN-access] APN huawei

[GGSN-access-huawei] dns primary-ip 192.168.2.1 secondary-ip

192.168.1.1 priority radius

Configure the DNS for default

[GGSN-access] defdns primary-ip 192.168.2.1 secondary-ip 192.168.1.1

radius

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

Configuration steps

 Basic information about APN

 IP address pool for the APN

 Configure Radius Information

 Configure DNS

 Configure DHCP

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

DHCP Configuration
 Set the DHCP group information
 [GGSN-access] dhcp-server group

 [GGSN-access-dhcp-server-group-group1] dhcp-server

 [GGSN-access-dhcp-server-group-group1] dhcp-server leasetime

 Set the ip pool information

 [GGSN-access]ip pool

 [GGSN-access-ip-pool-testpool] agent-ip

 [GGSN-access-ip-pool-testpool] dhcp-server group

 Binding the ip pool with APN

 [GGSN-apn-isp.com] address-pool

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

 Contents

1. Basic Concept

2. APN Configuration

3. Virtual APN Configuration

4. Alias APN Configuration

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

Virtual and Alias APN

 Virtual APN
 The virtual APN means that multiple users who access different PDNs
can carry the same APN, that is, they can access different PDNs
through the same virtual APN on the GGSN.

 Alias APN
 Multiple APNs in the current network can be aliases of a single APN
and they can use the same resources.

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

Virtual APN by IMSI

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

Virtual APN by MSISDN

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

Virtual APN by RAT

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

Virtual APN by PCO

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

Virtual APN by PCO

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

Configuration Steps

 virtual-apn { enable [ virtual-apn-activate { enable | disable } ] |

disable }
 [GGSN9811-apn-huawei1] virtual-apn enable virtual-apn-activate
enable

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

Configuration Steps

 virtual-apn-rule virtual-apn-instance ｛ imsi imsi-matching-

number apn apn-instance | msisdn msisdn-matching-number apn
apn-instance | rat matching-mode apn apn-instance | pco |
radius ｝
 [GGSN-access] virtual-apn-rule huawei imsi 46001 apn beijing

 prefix-separator and suffix-separator

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

 Contents

1. Basic Concept

2. APN Configuration

3. Virtual APN Configuration

4. Alias APN Configuration

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

Virtual and Alias APN

 Virtual APN
 The virtual APN means that multiple users who access different PDNs
can carry the same APN, that is, they can access different PDNs
through the same virtual APN on the GGSN.

 Alias APN
 Multiple APNs in the current network can be aliases of a single APN
and they can use the same resources.

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

Thank you
www.huawei.com