Cisco Cisco ASR 5000
APN Configuration Mode Commands
ip source-violation ▀
Command Line Interface Reference, StarOS Release 18 ▄
1383
ip source-violation
Enables or disables packet source validation for the current APN.
Product
GGSN
P-GW
SAEGW
Privilege
Security Administrator, Administrator
Mode
Exec > Global Configuration > Context Configuration > APN Configuration
configure > context context_name > apn apn_name
Entering the above command sequence results in the following prompt:
[context_name]host_name(config-apn)#
Syntax
ip source-violation { ignore | check [ drop-limit limit ] } [ exclude-from-accounting ]
default ip source-violation
default
Restores the APN ip parameters to the default settings
check
enabled
,
drop-limit
10
.
ignore
Default: Disabled
Disables source address checking for the APN.
Disables source address checking for the APN.
check [ drop-limit
limit
]
Default: Enabled, limit = 10
Enables the checking of source addresses received from subscribers for violations.
A
Enables the checking of source addresses received from subscribers for violations.
A
drop-limit
can be configured to set a limit on the number of invalid packets that can be received from a
subscriber prior to their session being deleted.
limit
can be configured to any integer value between 0 and
1000000. A value of 0 indicates that all invalid packets will be discarded but the session will never be deleted
by the system.
by the system.
exclude-from-accounting
Default: Disabled
Excludes the packets identified with IP source violation from the statistics generated for accounting records.
Excludes the packets identified with IP source violation from the statistics generated for accounting records.
Usage
Source validation is useful if packet spoofing is suspected or for verifying packet routing and labeling within
the network.
the network.