Cisco Cisco ASR 5000
GGSN Service Configuration Mode Commands
guard-interval ▀
Command Line Interface Reference, StarOS Release 18 ▄
5249
guard-interval
Configures the time period after which a redundant PDP context request received from an SGSN is treated as a new
request rather than a re-send of a previous request.
request rather than a re-send of a previous request.
Product
GGSN
Privilege
Security Administrator, Administrator
Mode
Exec > Global Configuration > Context Configuration > GGSN Service Configuration
configure > context context_name > ggsn-service service_name
Entering the above command sequence results in the following prompt:
[context_name]host_name(config-ggsn-service)#
Syntax
guard-interval guard_time
{ default | no } guard-interval
default
Restores the GGSN guard-interval parameter to its default setting of 100.
no
Disables the guard-interval function for the GGSN service.
guard_time
Default: 100
Specifies the amount of time that must pass before a GGSN service treats a redundant PDP context request as
a new request instead of a re-send of a previous request.
Specifies the amount of time that must pass before a GGSN service treats a redundant PDP context request as
a new request instead of a re-send of a previous request.
guard_time
is measured in seconds and can be configured to an integer from 10 through 3600.
Usage
The guard interval is used to protect against replay attacks. Without a guard interval configured, information
from a valid PDP context request could be used to gain un-authorized network access.
If the GGSN service receives a PDP context request in which the International Mobile Subscriber Identity
(IMSI), the Network Service Access Point Identifier (NSAPI), the end user IP address, and the GTP sequence
number are identical to those received in a previous request, the GGSN treats the new request as a re-send of
the original. Therefore, information from a valid PDP context request could be collected and re-sent at a later
time by an un-authorized user to gain network access.
Configuring a guard interval limits the amount of time that the information contained within a PDP context
request remains valid.
from a valid PDP context request could be used to gain un-authorized network access.
If the GGSN service receives a PDP context request in which the International Mobile Subscriber Identity
(IMSI), the Network Service Access Point Identifier (NSAPI), the end user IP address, and the GTP sequence
number are identical to those received in a previous request, the GGSN treats the new request as a re-send of
the original. Therefore, information from a valid PDP context request could be collected and re-sent at a later
time by an un-authorized user to gain network access.
Configuring a guard interval limits the amount of time that the information contained within a PDP context
request remains valid.
Example
The following command configures the GGSN service with a guard interval of
60
seconds: