01-8 configuring mobility management

HUAWEI SGSN9810 Configuration Guide Volume II Contents

Issue 03 (2006-08-10) Huawei Technologies Proprietary i

Contents

8 Configuring Mobility Management.......................................................................................8-1

8.1 Background Knowledge................................................................................................................................8-2

8.1.1 Authentication ......................................................................................................................................8-2

8.1.2 Encryption............................................................................................................................................8-3

8.1.3 IMEI Check..........................................................................................................................................8-3

8.1.4 P-TMSI ................................................................................................................................................8-3

8.2 Configuring Mobility Management for a 2G System....................................................................................8-3

8.2.1 Configuring Mobility Management Parameters...................................................................................8-4

8.2.2 Configuring Mobility Management Timers .........................................................................................8-8

8.2.3 Configuring Authentication and Encryption for Specified Subscribers .............................................8-12

8.2.4 Configuring the Second Authentication .............................................................................................8-14

8.2.5 Configuring the Function of Getting the Authentication Set Based on MAP V2...............................8-15

8.2.6 Configuring Authentication Failure Threshold ..................................................................................8-15

8.2.7 Configuring the Function of Detaching Inactive Subscribers ............................................................8-16

8.3 Configuring Mobility Management for a 3G System..................................................................................8-18

8.3.1 Configuring Mobility Management Attributes...................................................................................8-18

8.3.2 Configuring Mobility Management Timers .......................................................................................8-23

8.3.3 Configuring Authentication and Encryption for Specified Subscribers .............................................8-26

8.3.4 Configuring Algorithm Priorities .......................................................................................................8-28

8.4 Configuring Special Functions for IMEI Check..........................................................................................8-29

8.4.1 Configuring the IMEI Check Based on IMSI ....................................................................................8-30

8.4.2 Configuring the Function of Permitting Unknown Subscriber Access Based on IMSI .....................8-31

8.5 Configuring the Function of Denying the 2G Subscribers Accessing the 3G Network ..............................8-32

8.5.1 Configuring the 3G Network Access Deny Based on APNNI ...........................................................8-32

8.5.2 Configuring the 3G Network Access Deny Based on IMSI...............................................................8-34

8.5.3 Configuring the 3G Network Access Deny Based on ARD...............................................................8-35

Contents HUAWEI SGSN9810

Configuration Guide Volume II

ii Huawei Technologies Proprietary Issue 03 (2006-08-10)

8.5.4 Configuring 3G Network Access Deny for SIM Subscribers ............................................................8-36

8.6 Configuring the Roaming Restriction .........................................................................................................8-37

8.6.1 Configuring the Function of Roaming Restriction by IMSI ..............................................................8-37

8.6.2 Configuring the Function of Roaming Restriction by ZC..................................................................8-38

HUAWEI SGSN9810 Configuration Guide Volume II Figures

Issue 03 (2006-08-10) Huawei Technologies Proprietary iii

Figures

Figure 8-1 Authentication procedure..................................................................................................................8-2

HUAWEI SGSN9810 Configuration Guide Volume II 8 Configuring Mobility Management

Issue 03 (2006-08-10) Huawei Technologies Proprietary 8-1

8 Configuring Mobility Management

About This Chapter

The following table lists the contents of this chapter.

Title Description

8.1 Background Knowledge Describes the background knowledge of mobility management.

8.2 Configuring Mobility Management for a 2G System

Describes how to configure the parameters for 2G mobility management.

This configuration is optional.

8.3 Configuring Mobility Management for a 3G System

Describes how to configure the parameters for 3G mobility management.


8.4 Configuring Special Functions for IMEI Check

Describes how to configure special functions for IMEI check.


8.5 Configuring the Function of Denying the 2G Subscribers Accessing the 3G Network

Describes how to configure the function of denying the 2G subscribers to access the 3G network.


8.6 Configuring the Roaming Restriction

Describes how to configure the roaming restriction function.


8 Configuring Mobility Management HUAWEI SGSN9810


8-2 Huawei Technologies Proprietary Issue 03 (2006-08-10)

8.1 Background Knowledge The SGSN9810 mobile management is responsible for user attach and detach, routing area update (RAU), relocation, inter-system change and security management. It applies to 3G and 2.5G networks.

In this manual, GPRS mobility management (GMM) stands for general packet radio service (GPRS) mobile management and packet mobility management (PMM) stands for packet service mobile management for the universal mobile telecommunications system (UMTS) system.

8.1.1 Authentication

The purpose of authentication is to prevent the unauthorized subscribers from accessing the packet services.

In a 2G network, the authentication is based on the subscriber’s SIM card and the authentication triplet in the SGSN. The authentication triplet consists of three elements:

RAND: a random number

SRES: a sequence number

Kc: the ciphering key

As shown in Figure 8-1, the authentication procedure includes user authentication and global system for mobile communications (GSM) Kc negotiation.

Figure 8-1 Authentication procedure

1. Send Authentication Info

2. Authentication and Ciphering Request 1. Send Authentication Info Ack

2. Authentication and Ciphering Response

MS RAN HLRSGSN

If the SGSN has no authentication triplet, it requests the triplet from the HLR. When the SGSN receives the response, it sends an authentication request to the mobile station (MS) with the RAND, ciphering key sequence number (CKSN) and ciphering algorithm. The MS calculates the SRES, and then sends it back to the SGSN. If this SRES matches the SRES in the SGSN authentication triplet, the MS passes the authentication.



8.1.2 Encryption

The purpose of encryption is to secure the user data and signaling. In a 2G network, encryption covers from the SGSN to the MSs. The encryption is executed on the logical link control (LLC) layer. The SGSN9810 supports two encryption algorithms: GEA_1 and GEA_2.

Configure a UEPC board for every UGBI board to support encryption.

8.1.3 IMEI Check

The international mobile equipment identity (IMEI) is used to identify the user equipment(UE). If an equipment identification register (EIR) exists in the network, the SGSN authenticates the UE through IMEI check.

The EIR stores the IMEIs in the following three lists:

White list: permitted

Grey list: permitted, but traced for evaluation or other purposes

Black list: forbidden

8.1.4 P-TMSI

The SGSN assigns a packet temporary mobile subscriber identity (P-TMSI) to an MS and then sends it to the MS with the Attach Accept or Routing Area Update Accept message. The MS uses this P-TMSI as the user ID in the Routing Area Update Request, Detach Request and Attach Request messages. The P-TMSI is secure because the SGSN assigns it to an MS randomly and reassigns another P-TMSI to the same MS next time.

8.2 Configuring Mobility Management for a 2G System Configuring mobility management for a 2G system includes:

Configuring Mobility Management Parameters

Configuring Mobility Management Timers

Configuring Authentication and Encryption for Specified Subscribers

Configuring the Second Authentication

Configuring the Function of Getting the Authentication Set Based on MAP V2

Configuring Authentication Failure Threshold

Configuring the Function of Detaching Inactive Subscribers

All of the above tasks are optional. You may perform the tasks in any order.




8.2.1 Configuring Mobility Management Parameters

Description

The SGSN system provides default values for the mobile management attributes. The default values are also recommended values.

Prerequisites

If encryption is required, you must configure the encryption processing card (UEPC) pinch board to each Gb interface unit (UGBI) board. Check it using LST BRD.

Commands

SET GMM

Examples

Configure the following functions:

Authentication

Enable the authentication function.

The following procedures require authentication: RAU, INTER RAU, INTRA RAU and international mobile subscriber identity (IMSI) ATTACH.

The following procedures do not require authentication: DETACH and PTMSI ATTACH.

The authentication set is to be reused for once. The authentication frequency for the home PLMN (HPLMN) and VPLMN is 1.

SET GMM: NAC=YES,

AUTH=PROD_RAU-1&DETACH-0&INTER_RAU-1&INTRA_RAU-1&PTMSI_ATTACH-0&IMSI_ATTACH-1,

RNUM=1, HAUFR=1, VAUFR=1;

Encryption

Enable the encryption function. The encryption algorithm is GEA_1 and GEA_2. Admit the MS even if it does not support encryption.

SET GMM: NAC=YES, CIPH=YES, NCIPH=YES, CIPHALG=GEA_2-1&GEA_1-1;

IMEI check

Enable the IMEI check function. Accept the gray list accesses, and deny the black list accesses. The IMEI check frequency is 1. Accept the access when the IMEI check is time-out.

SET GMM: CHKIMEI=CHECKIMEI, GRALLOW=YES, BLALLOW=NO, IMEIFR=1, CTFLAG=YES;

P-TMSI re-allocation parameters

Start the P-TMSI re-allocation function. SET GMM: PTMSIREALLOC=YES;



Parameters

ID Name Description

NAC No authentication and ciphering

Master switch that controls the authentication and ciphering functions.

Value range:

YES: The SGSN initiates the security procedure based on the protocol and the configurations.

NO: The SGSN does not initiate the security procedure.

Default value: none

System default value: YES

Note: You can set the value to NO to meet the test requirement.

CIPH Ciphering Permit

If the service requires ciphering.

Value range: YES, NO

Default value: none

System default value: NO

Note: This parameter is invalid if LICENSE does not support ciphering.

If the value is YES, you must also specify a ciphering algorithm.

AUTH GPRS Authority Flag

If authentication is required for the following procedures:

PROD_RAU

INTER_RAU

INTRA_RAU

IMSI_ATTACH

PTMSI_ATTACH

DETACH

Value range: 0 (no authentication) and 1 (authentication) for each of the above procedures

Default value: none

System default value: INTER_RAU-1&INTRA_RAU-0&IMSI_ATTACH-1&P-TMSI-ATTACH-1&DETACH-0

Note: In a value, the procedures are separated by &.




ID Name Description

NCIPH No Ciph After Ver Fail

If the network admits a not ciphered MS if it fails to negotiate the ciphered version with the MS when the ciphered license is configured.

If yes, the MS can access the network without ciphering. Otherwise, the network rejects the access of the MS.


Default value: none


Note: The parameter is invalid if LICENSE does not support ciphering.

CHKIMEI GPRS Check IMEI Flag

If the network checks the IMEI of an MS.

If you specify this parameter, the network initiates an authentication procedure, no matter if AUTH is configured or not.

Value range: NOIMEI, GETIMEI, CHECKIMEI

Default value: none

System default value: NOIMEI

PTMSIREALLOC

GPRS P-TMSI Realloc Flag In Update

If P-TMSI is reallocated in a routing area update or attach procedure.


Default value: none


Note: If you specify this parameter, the network performs the P-TMSI reallocation in a routing area update procedure or an attach procedure.

If this parameter is not configured, the network still performs the P-TMSI reallocation in case of protocol-specific exceptions to ensure the network security.

GRALLOW Allow Users in Grey-List to Access

If an MS in the grey list is admitted through the IMEI check.


Default value: none




ID Name Description

BLALLOW Allow Users in Black-List to Access

If a MS in the black list is admitted through the IMEI check.


Default value: none


RNUM Number to Reuse AuthSets

If the number of authentication set reuses when an MS fails to obtain an authentication set from the home location register (HLR) in a security procedure.

If the value is 0, the authentication set cannot be reused.

Value range: 0 to 255

Default value: none

System default value: 0

CIPHALG GPRS Cipher Algorithm

Cipher algorithms supported by the network

Value range: GEA1 to GEA2

Default value: none

Note: The parameter is invalid if CIPH is NO.

If a UEPC exists in the system, you can select any value within the range from GEA_1 to GEA_2.

Multiple ciphering algorithms are separated by &, for example, GEA_2-1&GEA_1-1.

If an algorithm does not configured with any license, you can modify other parameters in the GMM table only after you delete the algorithm.

DEFQOS Default QoS Specifies the value for Default QoS in the paging information when mobility management (MM) initiates a packet switched (PS) paging in the GPRS system.

Value range: 0 to 0xFFFFFF

Default value: none

System default value: 0x0B9211

Note: 00001011 (0B): 00--spare, 001--Delay class, 011--Reliability class

10010010 (92): 1001--Peak throughput, 0--spare, 010--Precedence class

00010001 (11): 000--spare, 10001--Mean throughput




ID Name Description

HAUFR HPLMN Authentication Frequency

Number of procedures before the HPLMN user is authenticated.

The system decides if the MS on an HPLMN needs to be authenticated based on this parameter.


System initial value: 1

VAUFR VPLMN Authentication Frequency

Number of procedures before the VPLMN user is authenticated.

The system decides if the MS on a VPLMN needs to be authenticated based on this parameter.



IMEIFR CHECK IMEI Frequency

Number of procedures before the CHECK IMEI is performed on the MS.

The system decides if the CHECK IMEI needs to be performed on the MS based on this parameter.



8.2.2 Configuring Mobility Management Timers

Description

The SGSN system provides default values for the mobile management timers. The default values are also recommended values.

Prerequisites

None

Commands

SET GMMTMR

Examples

Set the MS reachable timer as 100 minutes.



SET GMMTMR: MSRCHTMR=100;

Parameters

ID Name Description

T3322 Detach Req Retrans Timer (s)

This timer starts upon the transmission of the Detach Request message and stops upon the receipt of the Detach Accept message. If the timer expires, the Detach Request message will be retransmitted. The message can be retransmitted for up to 2 times.


Default value: 6

Note: Do not set this timer unless specified.

T3350 Message Retrans Timer (s)

This timer starts upon transmission of the Attach Accept (P-TMSI/TMSI), Routing Area Update Accept (P-TMSI/TMSI) or P-TMSI Reallocation Command message and stops upon receipt of the Attach Complete, Routing Area Update Complete or P-TMSI Reallocation Complete message. If the timer expires, the Attach Accept (P-TMSI/TMSI), Routing Area Update Accept (P-TMSI/TMSI) or P-TMSI Reallocation Command message will be retransmitted. The message can be retransmitted for up to 2 times.


Default value: 6


T3360 Auth-req Retrans Timer (s)

This timer starts upon transmission of the Authentication and Ciphering Request message and stops upon receipt of the Authentication and Ciphering Response message. If the timer expires, the Authentication and Ciphering Request will be retransmitted. The message can be retransmitted for up to 2 times.


Default value: 6





ID Name Description

T3370 Identity Req Retrans Timer (s)

This timer starts upon transmission of the Identity Request message and stops upon receipt of the Identity Response message. If the timer expires, the Identity Request message will be retransmitted. The message can be retransmitted for up to 2 times.


Default value: 6


T3313 Paging Response Timer (s)

This timer starts upon transmission of the Paging Request message and stops upon receipt of the Trigger Indication or Paging Response message. If the timer expires, the Paging Request message will be retransmitted. The message can be retransmitted for up to 2 times.


Default value: 6


RDYTMR READY Timer (s)

This timer defines the time duration when an MS remains in the READY state in the MS and the SGSN.

The READY timer resets and starts running in the MS when an LLC protocol data unit (PDU) is transmitted, and in the SGSN when an LLC PDU is correctly received. When the READY timer expires, the MS and SGSN MM contexts turn to the STANDBY state.

An MS in the STANDBY state cannot send or receive data, but it can receive packet paging and circuit paging. After a successful paging, the MS state turns to READY. An MS in READY state can send and receive packet data units.

According to 3rd generation partnership project (3GPP) 48.018, the value of the READY Timer relates to that of the Packet Procedure Timer (6s in minimum) only if the value of the READY Timer is greater than 6s. In such cases, the value of READY Timer is greater than the packet flow context (PFC) Timer.


Default value: 44




ID Name Description

PRDTMR Periodic RA Update Timer (min)

This timer defines the interval for the periodic RA update procedure in the MS.

The length of this timer is sent in the Attach Accept or Routing Area Update Accept message. When this timer expires, the MS periodiccally starts a routing area update procedure.



MSRCHTMR

MS reachable Timer (min)

This timer starts when an MM context enters the STANDBY state and stops when the MM context enters the READY state or when the periodic routing area update message is received. When this timer expires, the network detaches the MS.




The length of this timer must be greater than that of the PRDTMR but smaller than PRDTMR+12.

PTMSITMR P-TMSI Realloc Timer (h)

This timer starts when the SGSN sends a P-TMSI Reallocation Command message to an attached MS and stops when the SGSN receives the P-TMSI Reallocation Complete message from the MS. When this timer expires, the network initiates a P-TMSI Reallocation procedure to the MS to update the TMSI of the MS.


Default value: 0

System default value: 0, that is, no P-TMSI is reallocated.

Note: Do not set this timer value unless specified.

NACTTMR Inactive-user Detach Timer (min)

This timer starts when Attach is successful and stops when packet data protocol (PDP) is activated. When all PDPs are deactivated, this timer restarts. When this timer expires, the MM context is set to the inactivate state. After the RAU procedure, if the MM context remains in the inactive state, the SGSN detaches the MS.


Default value: 360




8.2.3 Configuring Authentication and Encryption for Specified Subscribers

Description

The SGSN9810 may apply special authentication and encryption attributes for specified subscribers.

Prerequisites

None

Commands

ADD 2GAUTHCIPH

Examples

Set the subscriber with IMSI of 460001111 as: no authentication and no encryption.

ADD 2GAUTHCIPH: MCC="460", MNC="00", MATCHIMSI="1111", NAC=NO, CIPH=NO, NCIPH=NO;

Parameters

ID Name Description

MCC Mobile Country Code

Mobile country code.

Value range: 3 BCD codes

Default value: none

MNC Mobile Network Code

Mobile network code.

Value range: 2 or 3 BCD codes

Default value: none

MATCHIMSI Matched IMSI Additional IMSI number.

In addition to the MCC and the MNC, the IMSI also consists of other codes. This refers to the first of these codes. To differentiate the MSs, the system matches the MS IMSI based on the MCC, MNC, and this parameter.

Value range: 0 to 10 BCD codes

Default value: none



ID Name Description

NAC Enable all auth and ciph

Whether to enable the authentication and cipher switch for an MS.

Value range: NO, YES

Default value: YES

CIPH Cipher flag Whether to activate the ciphering procedure for an MS.


Default value: YES

Note: Use the ciphering algorithm recorded in the GMM table.

NCIPH Not cipher with version negotiated failure

Whether to permit an MS to access the network in case of version negotiation failure when the license supporting the ciphering is configured.

If the network admits the MS without ciphering, the MS can access the network freely.

Value range: NO,YES

Default value: YES

Note: If the license does not support the ciphering, this parameter is invalid.

AUTH Auth selection Whether to activate the authentication for the following procedures:

Service Request initiated by the MS

Attach using IMSI

Attach using PTMSI

INTER RAU

INTRA RAU

PROD RAU

SMS MT

SMS MO

LCS

DETACH

Value range: for each of the above 10 procedures,

0: no authentication

1: authentication

Default value: 0 (for all of the above procedures)




8.2.4 Configuring the Second Authentication

Description

Usually, the network sends an AUTHENTICATION_REJECT message to the subscriber after the first authentication failure during the attach procedure or RAU procedure.

If the second authentication function is enabled, the network sends a second authentication request after the first authentication failure in the same session. The new random number RAND2 is different from RAND1. The network sends an AUTHENTICATION_REJECT message to the subscriber after the second authentication failure. The second authentication may improve the compatibility to the terminals.

By default, the system disables the second authentication function. You can enable this function as required.

Prerequisites

None

Commands

SET SERVICE_PARA

Examples

Enable the second authentication for the attach procedure and RAU procedure.

SET SERVICE_PARA: ATTSAUTH=YES, RAUSAUTH=YES;

Parameters

ID Name Description

ATTSAUTH GPRS Second Authentication In Attach

If the SGSN enables the function of GPRS Second Authentication In Attach.


RAUSAUTH GPRS Second Authentication In Rau

If the SGSN enables the function of GPRS Second Authentication In Rau.




8.2.5 Configuring the Function of Getting the Authentication Set Based on MAP V2

Description

The SGSN9810 communicates with the HLR based on mobile application part (MAP) V2+ by default. If the major HLR version on the network is V2, you can enable the function of getting authentication set to simplify the version negotiation procedure.

Prerequisites

None

Commands

SET SERVICE_PARA

Examples

Enable the second authentication for the attach procedure and RAU procedure.

SET SERVICE_PARA: AUTHSETV2=YES;

Parameters

ID Name Description

AUTHSETV2 Get Authset From HLR using V2

If the SGSN enables the function of Get Authset From HLR using V2.


8.2.6 Configuring Authentication Failure Threshold

Description

If the number of authentication failures for a subscriber reaches the limit during a certain period of time, the SGSN9810 raises an alarm. Usually the limit of failures and the time interval adopt the system initial values.

Prerequisites

None




Commands

SET AUTHFAIL

Examples

Set that the system allows subscribers fail authentication for five times within 30 minutes.

SET AUTHFAIL: CAFTIMES=5, PURPERIOD=30;

Parameters

ID Name Description

CAFTIMES Auth Failure Times Max. number of authentication failures allowed.

If the number of authentication failures exceeds the value specified by this parameter within the time specified by PURPERIOD, an event alarm is triggered.



PURPERIOD UserPurgePeriod (min)

The period after which the subscriber authentication failure records are cleared.

When the time of PURPERIOD is up after the first authentication failure, and the number of subscriber authentication failures does not exceed the number specified by CAFTIMES, the subscriber authentication failure records are cleared.



8.2.7 Configuring the Function of Detaching Inactive Subscribers

Description

If a subscriber does not activate the PDP context within a certain period of time, the SGSN detaches this subscriber. This function ensures the effective usage of the radio source and the user resources in the SGSN.

The SGSN system disables the function of detaching inactive subscribers by default.



Prerequisites

None

Procedure

Step 1 Enable the function of detaching inactive subscribers.

Command: SET SERVICE_PARA

Step 2 Set the inactive subscriber detach timer.

Command: SET GMMTMR

----End

Examples

Enable the function of detaching inactive subscribers. Set the inactive subscriber detach timer as 300.

SET SERVICE_PARA: DETACH=YES;

SET GMMTMR: NACTTMR=300;

Parameters

ID Name Description

DETACH Detach Inactive User

If an SGSN enables the function of Detach Inactive User.


Default value: NO

NACTTMR Inactive-user Detach Timer (min)

This timer starts when the attach succeeds and stops when PDP is activated. When all PDPs are deactivated, this timer restarts. When this timer expires, the MM context is set to the inactive state. After the RAU procedure, if the MM context remains in the inactivate state, the SGSN detaches the MS.


Default value: 360




8.3 Configuring Mobility Management for a 3G System Configuring mobility management for a 3G system includes:

Configuring Mobility Management

Configuring Mobility Management Timers

Configuring Authentication and Encryption for Specified Subscribers

Configuring Algorithm Priorities

Configuring Authentication Failure Threshold (refer to 8.2.6 )


8.3.1 Configuring Mobility Management Attributes

Description

The system provides default values for the basic mobile management attributes. The default values are also recommended values.

Prerequisites

None

Commands

SET PMM

Examples

Set the following attributes:

Authentication attributes

Enable the authentication function and apply it to the following procedures:

− periodic RAU

− MS initiated Service Request

− INTER RAU and IMSI ATTACH.

Do not apply authentication to the following procedures:

− INTRA RAU

− Paging response

− DETACH



− PTMSI ATTACH

The authentication frequency for HPLMN and VPLMN is 1. SET PMM: NAC=YES,

AUTH=PROD_RAU-1&PAGING_RSP-1&MS_SERVICE_REQ-1&DETACH-1&INTER_RAU-1&INTRA_RAU-1&PTMS

I_ATTACH-1&IMSI_ATTACH-1, HAUFR=1, VAUFR=1;

Encryption and integrity attributes

Enable the encryption function. The encryption algorithm is UEA_1 plus NO_ENCRYPTION. The integrity algorithm is UIA1.

SET PMM: NAC=YES, CIPH=YES, CIPHALG=UEA1-1&NO_ENCRYPTION-1, INTALG=UIA1-1;

IMEI check attributes

Enable the IMEI check function. Permit the grey list, and deny the black list. The IMEI check frequency is 1.

Enable the UESBI real-time update function, where UESBI stands for UE specific behavior information. Permit user access when the IMEI check is time out.

SET PMM: CHKIMEI=CHECKIMEI, GRALLOW=YES, BLALLOW=NO, IMEIFR=1,

CTFLAG=YES,RTUPDUESBI=YES;

ID recognition attributes

Enable the ID recognition function. SET PMM: IDRQ=YES;

P-TMSI reallocation attributes

Enable the P-TMSI reallocation function. SET PMM: PTMSIREALLOC=YES;

Parameters

ID Name Description


Master switch that controls the authentication and ciphering functions.

If the value is YES, the SGSN initiates a security procedure to an MS based on the protocol and configuration requirements.


Default value: YES

Note: Set the parameter to NO to meet the test requirement.




ID Name Description

AUTH AUTH selection A procedure or multiple procedures where authentication is enabled.

Value range: 0 (no authentication) or 1 (authentication) for each of the following procedures.

PROD_RAU

PAGING_RSP (Paging Response)

MS_SERVICE_REQ (MS-initiated Service Request)

DETACH

INTER_RAU

INTRA_RAU

PTMSI_ATTACH (P-TMSI-attach)

IMSI_ATTACH (IMSI-attach)

Default value: PROD_RAU-0&PAGING_RSP-0& MS_SERVICE_REQ-0&DETACH-0&INTER_RAU-1&INTRA_RAU-0&PTMSI_ATTACH-1&IMSI_ATTACH-1

Note: In a value, the procedures are separated by &.

CIPH Cipher Whether ciphering is required for the service.


System default value: NO

Note: This parameter is invalid if LICENSE does not support ciphering.

If the value is YES, you must specify a ciphering algorithm.

CHKIMEI Check IMEI If the network checks the IMEI of an MS.

If this parameter is configured, the network initiates an authentication procedure, no matter if AUTH is configured or not.

Value range: NOIMEI, GETIMEI, CHECKIMEI

Default value: NOIMEI



ID Name Description

IDRQ Identity in Attach This parameter controls whether to deliver the "Identity Request" message for the PTMSI attachment used on the 3G network.


Default value: YES

PTMSIRUPD

Realloc PTMSI in RAU

If P-TMSI is reallocated in a routing area update or an attach procedure.

If this parameter is configured, the network performs the P-TMSI reallocation in a routing area update or an attach procedure.

If this parameter is not configured, the network still performs the P-TMSI reallocation in some situations specified by the protocol to ensure the network security.


Default value: YES

CIPHALG Ciph Algorithm Cipher algorithms supported by the network.

Value range: NO_ENCRYPTION, UEA1

Default value: none

Note: The parameter is invalid if CIPH is NO.

NO_ENCRYPTION can be set to 0 (ciphering algorithm not supported) or 1 (ciphering algorithm supported).

UEA1 can be set to 0 (ciphering algorithm not supported) or 1 (ciphering algorithm supported).

At least one of NO_ENCRYPTION and UEA1 must be specified.

INTALG Integrity algorithm Specifies the integrity algorithm to be used.

It is used to ensure the integrity of the messages between MSs and RNC.

Value range: UIA1

Default value: None.

GRALLOW Allow Grey-List to Access

If an MS in the grey list is allowed to access the network.


Default value: YES




ID Name Description

BLALLOW Allow Black-List to Access

If an MS in the black list is allowed to access the network.


Default value: YES

RTUPDUESBI Whether update UESBI real time

This parameter indicates whether update UESBI real time when a UE with new SVN access the network. if NO, the system will update UESBI on time.

Value range: YES,NO.

Default value: NO.

HAUFR HPLMN Authentication Frequency

Number of procedures before an HPLMN user is authenticated.

The system initiates the authentication based on this parameter if it judges that the procedure of an MS on the HPLMN needs to be authenticated.



VAUFR VPLMN Authentication Frequency

Number of procedures before a VPLMN user is authenticated.

The system initiates the authentication based on this parameter if it judges that the procedure of an MS on a VPLMN needs to be authenticated.



IMEIFR CHECK IMEI Frequency

Number of procedures before the CHECK IMEI procedure is performed on the MS.

The system initiates the CHECK IMEI procedure based on this parameter when it judges that this procedure needs to be performed on the MS.



CTFLAG User access flag when check imei procedure timeout

Indicates whether the access of MS is allowed when SGSN fails to receive IMEI CHECK RESPONSE.


Default value: YES



8.3.2 Configuring Mobility Management Timers

Description

The system provides default values for the mobile management timers. The default values are also recommended values.

Prerequisites

None

Commands

SET PMMTMR

Examples

Set the RAU timer as 54 minutes.

SET PMMTMR: MSRCHTMR=54;

Parameters

ID Name Description

T3322 Detach Req Retrans timer (s)

This timer starts upon the transmission of the Detach Request message and stops upon the receipt of the Detach Accept message. If this timer expires, the Detach Request message may be retransmitted. The message can be retransmitted for up to 2 times.


Default value: 6




ID Name Description

T3350 Message Retrans timer (s) This timer starts upon the transmission of the Attach Accept (P-TMSI/TMSI), Routing Area Update Accept (P-TMSI/TMSI) or P-TMSI Reallocation Command message and stops upon the receipt of the Attach Complete, Routing Area Update Complete or P-TMSI Reallocation Complete message. If this timer expires, the Attach Accept (P-TMSI/TMSI), Routing Area Update Accept (P-TMSI/TMSI) or P-TMSI Reallocation Command message is retransmitted. The message can be retransmitted for up to 2 times.


Default value: 6

T3360 Authentication-Ciphering req Retrans timer (s)

This timer starts upon the transmission of the Authentication and Ciphering Request message and stops upon the receipt of the Authentication and Ciphering Response message. If this timer expires, the Authentication and Ciphering Request message is retransmitted. The message can be retransmitted for up to 2 times.


Default value: 6

T3370 Id req Retrans timer (s) This timer starts upon the transmission of the Identity Request message and stops upon the receipt of the Identity Response message. If this timer expires, the Identity Request message is retransmitted. The message can be retransmitted for up to 2 times.


Default value: 6

T3313 Paging rsp timer (s) This timer starts upon the transmission of the Paging Request message and stops upon receipt of the Service Request (Paging Response) message. If this timer expires, the Paging Request message is retransmitted. The message can be retransmitted for up to 2 times.


Default value: 6



ID Name Description

PRDTMR Period-RAU timer (min) This timer defines the interval for the Periodic RAU procedure in the MS. The length of the timer is sent in the Attach Accept or RAU Accept message. If this timer expires, the MS starts a Periodic RAU procedure.


Default value: 54

MSRCHTMR MS reachable timer (min) This timer indicates the length of the Mobile Reachable Timer. This timer monitors the periodic RA update procedure in the SGSN. The value of this timer is slightly bigger than that of the periodic RA update timer used by an MS. The timer starts when the state when the PMM IDLE state is entered and stops when the state changes to PMM CONNECTED. If this timer expires, the SGSN detaches the MS implicitly.



Note: The length of this timer must be bigger than that of the PRDTMR timer, but equal to or smaller than that of the PRDTMR+12 timer.

PTMSITMR Ptmsi Realloc Timer (h) This timer starts upon the transmission of the P-TMSI Reallocation Command message to an attached MS and stops upon the receipt of the P-TMSI Reallocation Complete message from the MS. If this timer expires, the network initiates the P-TMSI Reallocation procedure to update the TMSI of the MS.


Default value: 0

Note: The value 0 means that no PTMSI reallocation is supported.

RLCTMR Reloc Res alloc timer (s) This timer starts upon the transmission of the Relocation Request from the new SGSN to the target radio network controller (RNC) and stops upon the receipt of the Relocation Request Acknowledge message. If this timer expires, a relocation preparation failure is sent to the source RNC.


Default value: 10




ID Name Description

RLCOLD Old SGSN RelocCmpTimer (s)

This timer starts upon the transmission of the Relocation Command message from the old SGSN to the source RNC and stops upon the receipt of the Forward Relocation Complete message from the new SGSN. If this timer expires, the subscriber information is released.


Default value: 10


RLCNEW New SGSN RelocCmpTimer (s)

This timer starts upon the transmission of the Forward Relocation Response message from the new SGSN to the old SGSN and stops upon the receipt of the Relocation Complete message from the target RNC. If this timer expires, the subscriber information is released.


Default value: 10

UPDUESBI Update Start time Time when the system starts to update UESBI.

Value range: 00:00 to 23:59

Default value: 03:30

8.3.3 Configuring Authentication and Encryption for Specified Subscribers

Description

The SGSN9810 can apply special authentication and encryption for the specified subscribers.

Prerequisites

None

Commands

ADD 3GAUTHCIPH



Examples

Set the following attributes for the subscriber with IMSI of 460001111:

Apply authentication to all procedures.

Do not apply encryption to all procedures. ADD 3GAUTHCIPH: MCC="460", MNC="00", MATCHIMSI="1111", NAC=YES, CIPH=NO,

AUTH=PROD_RAU-1&PAGING_RSP-1&MS_SERVICE_REQ-1&DETACH-1&INTER_RAU-1&INTRA_RAU-1&PTMS

I_ATTACH-1&IMSI_ATTACH-1&LCS-1&SMS_MT-1&SMS_MO-1;

Parameters

ID Name Description

MCC Mobile Country Code

Mobile country code.


Default value: none

MNC Mobile Network Code

Mobile network code.


Default value: none

MATCHIMSI Matched IMSI Additional IMSI number.

In addition to the MCC and the MNC, the IMSI also consists of other codes. This refers to the first of these codes. To differentiate the MSs, the system matches the MS IMSI based on the MCC, MNC and this parameter.

Value range: 0 to 10 BCD codes

Default value: none


Whether to enable the authentication and cipher switch for an MS within a number range.


Default value: YES

CIPH Cipher flag Whether to activate the ciphering procedure for an MS.


Default value: YES

Note: Use the ciphering algorithm recorded in the PMM table.




ID Name Description

AUTH Auth selection Whether to activate the authentication for the following procedures:

PROD_RAU

PAGING_RSP

MS_SERVICE_REQ

DETACH

INTER_RAU

INTRA_RAU

PTMSI_ATTACH

IMSI_ATTACH

LCS

SMS_MT

SMS_MO

Value range: for each of the above procedures,

0: no authentication

1: authentication

Default value: 0 (for all procedures)

8.3.4 Configuring Algorithm Priorities

Description

By default, the encryption algorithm and the integrity algorithm are of the same priority. You may change the default settings.

Prerequisites The encryption function is enabled.

The encryption algorithm and the integrity algorithm are set.

Check them using LST PMM.

Commands

ADD ALGPRIORITY



Examples

Set priority for the following algorithms:

NOCIPH: 0

UEA1: 1 ADD ALGPRIORITY: ALGTYPE=CIPH, ALG=NOCIPH, ALGPRI=0;

ADD ALGPRIORITY: ALGTYPE=CIPH, ALG=UEA1, ALGPRI=1;

Parameters

ID Name Description

ALGTYPE Algorithm Type

Algorithm type.

Value range: CIPH (ciphering), INTE (integrity)

Default value: none

ALG Algorithm Algorithm name. are two No ciphering and UEA1, and one

Value range: NOCIPH, UEA1, and UIA1

Default value: none

Note: NOCIPH (No ciphering) and UEA1 are ciphering algorithms.

UIA1 is an integrity algorithm.

ALGPRI Algorithm Priority

Priority of the algorithm.

Value range:0 to 255

Default value: none

Note: The smaller the value, the higher the priority.

8.4 Configuring Special Functions for IMEI Check Configuring special IMEI check functions includes:

Configuring the IMEI Check Based on IMSI.

Configuring the Function of Permitting Unknown Subscriber Access Based on IMSI.





8.4.1 Configuring the IMEI Check Based on IMSI

Description

If the IMEI check function is enabled in the SGSN, you can configure the IMSI number for the IMEI check.

Prerequisites

The IMEI check function is enabled. Check it using LST GMM or LST PMM.

Procedure

Step 1 Enable the IMEI check unction.


Step 2 Set the IMSI for the IMEI check.

Command: ADD IMEICHKCFG

----End

Examples SET SERVICE_PARA: IMRGCHK=YES;

ADD IMEICHKCFG: CONTYPE=IMSICHK, BEGIMSI="460001111", ENDIMSI="460001112";

Parameters

ID Name Description

IMRGCHK Imsi range IMEI check

Whether an SGSN enables the Imsi range IMEI check function.


CONTYPE Control Type Control type.

Value range:

IMSICHK: IMEI check IMSI checking range

PERACCESS: unknown user access

BEGIMSI Begin IMSI Begin IMSI of the IMSI range.

Value range: up to 15 BCD codes

Default value: none



ID Name Description

ENDIMSI End IMSI End IMSI of the IMSI range.


Default value: none

8.4.2 Configuring the Function of Permitting Unknown Subscriber Access Based on IMSI

Description

If the IMEI check function is enabled in the SGSN, you can configure the SGSN to permit the subscriber with the specified IMSI accessing the network regardless of the IMEI check result.

Prerequisites

The IMEI check function is enabled. You can check it using LST GMM or LST PMM.

Procedure

Step 1 Enable the function of permitting unknown subscriber access.


Step 2 Set the IMSI number range.

Command: ADD IMEICHKCFG

----End

Examples

Permit access regardless of the IMEI check result for the subscribers from 460001111 to 460001112.

SET SERVICE_PARA: IMRGACC=YES;

ADD IMEICHKCFG: CONTYPE=PERACCESS, BEGIMSI="460001111", ENDIMSI="460001112";




Parameters

ID Name Description

IMRGACC Imsi range Unknown User Access

If an SGSN enables the function of Imsi range Unknown User Access.


CONTYPE Control Type Control type.

Value range:

IMSICHK: IMEI check IMSI checking range

PERACCESS: unknown user access

BEGIMSI Begin IMSI Begin IMSI of the IMSI range.


Default value: none

ENDIMSI End IMSI End IMSI of the IMSI range.


Default value: none

8.5 Configuring the Function of Denying the 2G Subscribers Accessing the 3G Network

Configuring the function of denying the 2G subscribers accessing the 3G network includes the following tasks:

Configuring the 3G Network Access Deny Based on APNNI

Configuring the 3G Network Access Deny Based on IMSI

Configuring the 3G Network Access Deny Based on ARD

Configuring 3G Network Access Deny for SIM Subscribers


8.5.1 Configuring the 3G Network Access Deny Based on APNNI

Description

The SGSN9810 denies the 2G subscribers accessing 3G network based on the APNNI. The operator assigns different APNNIs to distinguish the 2G subscribers from the 3G subscribers.



Prerequisites

None

Procedure

Step 1 Enable the function of 3G access control by APNNI.


Step 2 Configure the APNNI.

Command: ADD APNNILST

----End

Examples

Set that the subscribers with the APNNI as wideband code division multiple access (WCDMA)

SET SERVICE_PARA: APNREJGPRS=YES;

ADD APNNILST: MCC="460", MNC="00", APNNI="wcdma";

Parameters

ID Name Description

APNREJGPRS Reject GPRS MS according to APNNI

If an SGSN enables the function of Reject GPRS MS according to APNNI.


MCC Mobile country code Mobile country code in a PLMN number.


Default value: none

MNC Mobile network code Mobile network code in a PLMN number.


Default value: none

Note: If the MCCs of two network numbers are the same, the first two BCD codes of the MNCs must be different.




ID Name Description

APNNI APN network ID APN network identifier.

Value range: a string of up to 64 characters

Default value: none

Note: It consists of one or more labels separated by dots.

A label consists of letters, digits and dash -.

It contains at least one label and consists of up to 63 octets.

It must not start with rac, lac, sgsn, or mc and must not end with .gprs.

It must not contain a star *.

8.5.2 Configuring the 3G Network Access Deny Based on IMSI

Description

The SGSN9810 denies the 2G subscribers accessing the 3G network based on the IMSI numbers.

Prerequisites

None

Procedure

Step 1 Enable the function of 3G accessing deny by IMSI.


Step 2 Configure the 3G IMSI range.

Command: ADD USRATTIMSI

----End

Examples

Set that the subscriber 111111111111 is allowed accessing the 3G network.

SET SERVICE_PARA: IMSIREJGPRS=YES;



ADD USRATTIMSI: BEGIMSI="111111111111", ENDIMSI="1111111111", USRATT=UMTS;

Parameters

ID Name Description

IMSIREJGPRS Reject GPRS MS according to IMSI

This parameter indicates whether an SGSN enables the function "Reject GPRS MS according to IMSI."

Value range: YES, NO.

BEGINIMSI Begin IMSI Start IMSI of an USRATTIMSI range.


Default value: none

Note: The start IMSI is also included in the IMSI range.

ENDIMSI End IMSI End IMSI of an USRATTIMSI range.


Default value: none

Note: The end IMSI is also included in the IMSI range.

USRATT User attribute in the segment

User attribute in the IMSI range.

Value range: GPRS, UMTS, and GPRS_UMTS

Default value: none

Note: A GPRS subscriber can only access the 2G USPU board.

A UMTS subscriber can only access the 3G USPU board.

A GPRS_UMTS subscriber can access all USPUs.

If a subscriber is not configured with this attribute, this attribute is GPRS by default.

8.5.3 Configuring the 3G Network Access Deny Based on ARD

Description

The access restriction data (ARD) is subscribed data that indicates whether to adopt the radio access technology (RAT). If the visitor location register (VLR) or SGSN supports RAT, but does not receive the RAT parameters from the HLR, the VLR or SGSN assumes the user does not subscribe this data.




Prerequisites

None

Commands

SET SERVICE_PARA

Examples SET SERVICE_PARA: ARDSPT=YES;

Parameters

ID Name Description

ARDSPT Support ARD Function or not

If an SGSN enables the function of Reject GPRS MS according to ARD.


8.5.4 Configuring 3G Network Access Deny for SIM Subscribers

Description

The SGSN9810 allows the SIM card subscribers accessing 3G network by default. You can change this setting.

Prerequisites

The 3G attach and inter RAU authentication functions are enabled. Check it using LST PMM.

Commands

SET SERVICE_PARA

Examples SET SERVICE_PARA: SIMREJ=YES;



Parameters

ID Name Description

SIMREJ Reject SIM User Access 3G

If an SGSN enables the function of Reject SIM user access 3G.

If this function is enabled, authentication must be performed for a 3G attach and inter RAU.


8.6 Configuring the Roaming Restriction Configuring the roaming restriction includes the following tasks:

Configuring the Function of Roaming Restriction by IMSI.

Configuring the Function of Roaming Restriction by ZC.


8.6.1 Configuring the Function of Roaming Restriction by IMSI

Description

The SGSN9810 can recognize the roaming subscribers by IMSI.

Prerequisites

None

Procedure

Step 1 Enable the function of roaming by IMSI.


Step 2 Set that the subscribers within certain IMSI range are not allowed to roam in a location area or routing area.

Command: ADD RESTRICTAREA

----End




Examples

The subscribers from 460017551111111 to 460017552222222 are not allowed to roam in routing area 46000712305.

SET SERVICE_PARA: ROAM=YES;

ADD RESTRICTAREA: BEGIMSI="460017551111111", ENDIMSI="460017552222222",

RLAI="460007123", RRAC="5";

Parameters

ID Name Description

BEGIMSI Begin IMSI Begin IMSI of the restricted IMSI range.


Default value: none

ENDIMSI End IMSI End IMSI of the restricted IMSI range.


Default value: none

RLAI Restricted location area identifier

Identity of the restricted location area.

Value range: LAI = MNC + MCC + location area code (LAC)

Default value: none

RRAC Restricted routing area code

Code of the restricted routing area (optional).

Value range: 0x00 to 0xFF

Default value: FF

8.6.2 Configuring the Function of Roaming Restriction by ZC

Description

The operators use the zone code (ZC) to control the roaming. An operator may divide a service area into multiple zones, and label them with different ZCs. A user may subscribe the roaming service in certain zones.

If the zone code of the current location area or routing area of the subscriber is on the subscribed zone code list, the SGSN permits the access. Otherwise, the SGSN denies the access.

Prerequisites

None



Procedure

Step 1 Enable the function of roaming by ZC.

Command: SET MAPFUNC

Step 2 Configure the ZC.

Command: ADD MAPZC

----End

Examples

Enable the function of roaming by ZC. Set the zone code for routing area 4600011110001 as 1234.

SET MAPFUNC: ZC=YES;

ADD MAPZC: ZC="1234", LAI="460001111", ZCN="test", RAC=1;

Parameters The parameters of SET MAPFUNC

ID Name Description

ZC Area restriction Whether to enable area restriction.


System initial value: NO

The parameters of ADD MAPZC

ID Name Description

ZC Area code Area code.

Value range: 0x0000 to 0xFFFF

Default value: none

Note: It is a hexadecimal number. You can add 0X or 0x before the number or not.

LAI Location area ID Location area identity of the zone, LAI = MCC + MNC + LAC.

Value range: 5 or 6 BCD codes plus 4 hexadecimal digits

Default value: none




ID Name Description

ZCN Area name Name of the zone.

Value range: a string of up to 19 characters

Default value: noname

RAC Routing area code Routing area code of the zone.

Value range: 0 to FF

Default value: none

01-8 configuring mobility management

Documents

huawei technologies

mobile management

mm context

mm context

imei check

routing area

identity request

detaching