Cisco Cisco Packet Data Interworking Function (PDIF) Leaflet
PDIF Service Configuration Mode Commands
ip source-violation ▀
Cisco ASR 5x00 Command Line Interface Reference ▄
7497
ip source-violation
Sets the parameters for IP source validation. Source validation is useful if packet spoofing is suspected or for verifying
packet routing and labeling within the network.
packet routing and labeling within the network.
Source validation requires that the source address of the received packets matches the IP address assigned to the
subscriber (either statically or dynamically) during the session.
subscriber (either statically or dynamically) during the session.
Product
PDIF
Privilege
Security Administrator, Administrator
Mode
Exec > Global Configuration > Context Configuration > PDIF Service Configuration
configure > context context_name > pdif-service service_name
Entering the above command sequence results in the following prompt:
[context_name]host_name(config-pdif-service)#
Syntax
ip source-violation { clear-on-valid-packet | drop-limit num | period secs }
no ip source-violation clear-on-valid-packet
clear-on-valid-packet
Configures the service to reset the reneg-limit and drop-limit counters after receipt of a properly addressed
packet. Default: disabled
packet. Default: disabled
drop-limit
num
Sets the number of allowed source violations within a detection period before forcing a call disconnect. If
num
is not specified, the value is set to the default.
num
is an integer from 1 to 1000000. Default: 10
period
secs
Sets the length of time (in seconds) for a source violation detection period to last.
If
If
secs
is not specified, the value is set to the default.
secs
is an integer from 1 to1000000. Default: 120
Usage
This function is intended to allow the operator to configure a network to prevent problems such as when a
user gets handed back and forth between two PDIFs a number of times during a handoff scenario.
This function operates in the following manner:
When a subscriber packet is received with a source address violation, the system increments the IP source-
violation drop-limit counter and starts the timer for the IP-source violation period. Every subsequent packet
received with a bad source address during the IP-source violation period causes the drop-limit counter to
increment.
user gets handed back and forth between two PDIFs a number of times during a handoff scenario.
This function operates in the following manner:
When a subscriber packet is received with a source address violation, the system increments the IP source-
violation drop-limit counter and starts the timer for the IP-source violation period. Every subsequent packet
received with a bad source address during the IP-source violation period causes the drop-limit counter to
increment.