apps gtp-whitelist

Use the apps gtp-whitelist command to configure GTP whitelisting.

Note: The apps gtp-whitelist commands are not persistent across a node restart, nor do they appear in the output of the running configuration.

The apps gtp-whitelist command has the following syntax:

apps gtp-whitelist alias <GTP whitelist file alias> add

imsi <IMSI number > |

ran <mcc.mnc.eci < eci number> | mcc.mnc.nci <nci number>>

create
delete

imsi <IMSI number> |

ran <mcc.mnc.eci < eci number> | mcc.mnc.nci <nci number>> | all

destroy
fetch <add | delete> <URL for a GTP whitelist file>

The following table describes the arguments for the apps gtp-whitelist command:

Argument

Description

gtp-whitelist alias <GTP whitelist file alias>

Specifies an alias of the whitelist file. Examples of valid names are wlist, imsi-database_2.

add imsi <IMSI number| ran <mcc.mnc.eci < eci number> | mcc.mnc.nci <nci number>>>

Specifies actions for add as follows:

•

imsi—adds a single IMSI to a whitelist.

•

ran—adds RAN value to add mcc.mnc.eci or mcc.mnc.nci value. The value should be given in the following format:

•

NCI value in hexadecimal format and should add 0x as prefix.

•

ECI value in decimal format and supports up to 9 digits.

For example:

(config) # apps gtp-whitelist alias wlf1 add imsi 318260109318283

(config) # apps gtp-whitelist alias ran_db add ran 210.32.345678912

apps gtp-whitelist alias ran_db add ran 755.56.0xf12345678

create

Creates a new whitelist.

For example:

(config) # apps gtp-whitelist alias wlf1 create

To create a whitelist, refer to How to Create a Whitelist.

delete <all | imsi <IMSI number> |ran <mcc.mnc.eci < eci number> | mcc.mnc.nci <nci number>>>

Specifies actions for delete as follows:

•

all—Deletes a whitelist. This deletes all the IMSI and RAN entries.

•

imsi—Deletes a single IMSI entry from a whitelist.

When using delete all to delete a whitelist, unlike destroy, you do not have to delete the whitelist maps, the GigaSMART operation, or disassociate the GigaSMART group from the whitelist.

•

ran—adds RAN value to add mcc.mnc.eci or mcc.mnc.nci value. The value should be given in the following format:

•

NCI value in hexadecimal format and should add 0x as prefix.

•

ECI value in decimal format and supports up to 9 digits.

Examples:

(config) # apps gtp-whitelist alias wlf1 delete imsi 318260109318283

(config) # apps gtp-whitelist alias wlf1 delete all

destroy

Destroys a whitelist.

For example:

(config) # apps gtp-whitelist alias wlf1 destroy

When using destroy to delete a whitelist, unlike delete all, you must first delete the whitelist maps, the GigaSMART operation, and disassociate the GigaSMART group from the whitelist before deleting the whitelist. For the procedure to destroy the whitelist, refer to How to Delete a Whitelist.

fetch <add | delete> <URL for a GTP whitelist file>

Specifies actions for fetch as follows:

•

add—Downloads a whitelist file from a specified URL and path.

•

delete—Deletes the IMSI and RAN entries, located in the whitelist file at the specified URL and path, from the whitelist on the node. Use this option to delete up to 50,000 IMSIs.

For both add and delete, whitelist files must adhere to the following:

•

The IMSIs or RAN entries in the whitelist files must be distinct entries, with one IMSI or RAN on each line of a file.

•

In a whitelist file, use only the carriage return (newline) to separate IMSI or RAN entries. Do not use any characters, such as commas or colons, to separate IMSI or RAN entries in whitelist files.

•

Each whitelist file can contain a maximum of 50,000 entries.

•

Whitelist files must have a filename with a .txt suffix.

To fetch a specified whitelist file from a location, use one of the following formats:

•

http://IPaddress/path/filename.txt

•

scp://username:password@IPaddress:/path/filename.txt

•

tftp://IPaddress/path/filename.txt

For GTP whitelisting in a cluster, only fetch the whitelist to the master node in the cluster. On non-master nodes, fetch is not available.

Examples:

(config) # apps gtp-whitelist alias wlf1 fetch add http://1.1.1.1/tftp/temp/MyIMSIs1.txt
(config) # apps gtp-whitelist alias wlf2 fetch add scp://user1:mypw@1.1.1.1:/home/temp/IMSI_file1.txt
(config) # apps gtp-whitelist alias wlf3 fetch add tftp://192.168.51.41/temp/IMSI_20K_1.txt

(config) # apps gtp-whitelist alias wlf1 fetch delete http://1.1.1.1/tftp/temp/MyIMSIstoDelete.txt
(config) # apps gtp-whitelist alias wlf2 fetch delete scp://user1:mypw@1.1.1.1:/home/temp/IMSI_delfile.txt

Note: In a single whitelist file, both IMSI and RAN entries are supported. RAN entries should be given in the format as specified in the add option for single entry.

How to Create a Whitelist

To create a whitelist, use the following CLI command sequence:

Task	Command
Create the whitelist.	(config) # apps gtp-whitelist alias wlf1 create
Associate the GigaSMART group to the whitelist.	(config) # gsparams gsgroup gsg1 gtp-whitelist add wlf1
Configure the GigaSMART operation.	(config) # gsop alias gtp_wl1 flow-ops gtp-whitelist lb app gtp metric hashing key imsi port-list gsg1
Add single entry to the whitelist. or Fetch and download whitelist files.	(config) # apps gtp-whitelist alias wlf1 add imsi 318260109318283 (config) # apps gtp-whitelist alias wlf1 add imsi 318573850131409 (config) # apps gtp-whitelist alias wlf1 fetch add http://1.1.1.1/tftp/temp/whitelist1.txt (config) # apps gtp-whitelist alias wlf1 fetch add http://1.1.1.1/tftp/temp/whitelist2.txt
Create from one to ten second level maps, the whitelist maps. When the map configuration is complete, the whitelist will take effect. Note: If no whitelist add rule is specified in the map, all traffic (all interfaces and all versions) will be passed.	(config) # map alias GTP-Whitelist (config map alias GTP-Whitelist) # type secondLevel flowWhitelist (config map alias GTP-Whitelist) # from vp1 (config map alias GTP-Whitelist) # use gsop gtp_wl1 (config map alias GTP-Whitelist) # to 1/2/x2 (config map alias GTP-Whitelist) # whitelist add gtp version 2 (config map alias GTP-Whitelist) # exit (config) #

How to Delete a Whitelist

To destroy the entire whitelist, use the following CLI command sequence:

Task	Command
Delete a whitelist map.	(config) # no map alias GTP-Whitelist
Delete the GigaSMART operation.	(config) # no gsop alias gtp_wl1
Disassociate the GigaSMART group from the whitelist. (You do not need to delete the gsgroup.)	(config) # gsparams gsgroup gsg1 gtp-whitelist delete
Destroy () the entire whitelist.	(config) # apps gtp-whitelist alias wlf1 destroy

Related Commands

The following table summarizes other commands related to the apps gtp-whitelist command:

Task	Command
Configures a rule for a whitelist map.	# map alias <whitelist map> whitelist add gtp <interface \| version>
Displays a particular IMSI associated with the GigaSMART group.	# show gsgroup flow-whitelist alias gsg1 imsi 318260109318283
Displays the GTP whitelist entry count.	# show apps gtp-whitelist alias wlf1 count
For whitelist maps, displays the total number of IMSI entries (under WL).	# show map brief
For whitelist maps, displays the total number of IMSI entries.	# show map alias <whitelist map>
For whitelist maps, displays the total number of IMSI entries.	# show map stats alias <whitelist map>