Cisco Cisco Packet Data Interworking Function (PDIF)
CSCF Security Configuration Mode Commands
per-aor-failure-limit ▀
Command Line Interface Reference, StarOS Release 17 ▄
3249
per-aor-failure-limit
Sets a failure limit that, when exceeded, causes the suspension of registration attempts for the offending AoR.
Important:
The system will ignore the configuration of this command unless the
dos-prevention
command
has been enabled.
Product
SCM (P-CSCF, A-BG)
Privilege
Security Administrator, Administrator
Mode
Exec > Global Configuration > Context Configuration > CSCF Service Configuration > Proxy-CSCF Configuration >
CSCF Security Configuration
CSCF Security Configuration
configure > context context_name > cscf service service_name > proxy-cscf > security-
parameters
parameters
Entering the above command sequence results in the following prompt:
[context_name]host_name(config-security-parameters)#
Syntax
per-aor-failure-limit limit
default per-aor-failure-limit
default
Sets/restores the default value assigned to the specified command.
limit
Default: 200
Defines the threshold for registration failures based on a calculation using weighted multipliers defined in
Defines the threshold for registration failures based on a calculation using weighted multipliers defined in
auth-failure-weight
and
bad-request-weight
.
limit
must be an integer from 5 to 10,000.
Usage
Use this command to set a failure limit for registration attempts from an identified AoR. The following
calculation determines when this threshold is reached for a specific AoR:
Current authorization failures ÷
calculation determines when this threshold is reached for a specific AoR:
Current authorization failures ÷
auth-failure-weight
= current failures per AoR
or
Total bad registration requests ÷
Total bad registration requests ÷
bad-request-weight
= current failures per AoR
If
auth-failure-weight
=
2
and
bad-request-weight
=
1
, and the
per-aor-failure-limit
=
100
,
then the tolerance for registration authentication failures = 50 per AoR and the tolerance for bad registration
requests = 100 per AoR.
When an AoR reaches the failure limit, it is added to a “grey list” for a period of time as defined by the
requests = 100 per AoR.
When an AoR reaches the failure limit, it is added to a “grey list” for a period of time as defined by the
greylist-duration
command.