Cisco Cisco Packet Data Interworking Function (PDIF) Prospecto
Firewall-and-NAT Policy Configuration Mode Commands
firewall icmp-destination-unreachable-message-threshold ▀
Cisco ASR 5x00 Command Line Interface Reference ▄
4835
firewall icmp-destination-unreachable-message-threshold
This command configures a threshold on the number of ICMP/ICMPv6 error messages sent by the subscriber for a
particular data flow.
particular data flow.
Important:
In release 8.0, this configuration is available in the ACS Configuration Mode. In release 8.1, for
Rulebase-based Stateful Firewall configuration, this configuration is available in the ACS Rulebase Configuration
Mode. In release 8.3, this configuration is available in the ACS Rulebase Configuration Mode.
Mode. In release 8.3, this configuration is available in the ACS Rulebase Configuration Mode.
Product
PSF
Privilege
Security Administrator, Administrator
Mode
Exec > ACS Configuration > Firewall-and-NAT Policy Configuration
active-charging service service_name > fw-and-nat policy policy_name
Entering the above command sequence results in the following prompt:
[local]host_name(config-fw-and-nat-policy)#
Syntax
firewall icmp-destination-unreachable-message-threshold messages then-block-server
{ default | no } firewall icmp-destination-unreachable-message-threshold
default
Configures the default setting.
Default: No limit
Default: No limit
no
Removes the previous configuration.
messages
Specifies the threshold on the number of ICMP/ICMPv6 error messages sent by the subscriber for a particular
data flow.
data flow.
messages
must be an integer from 1 through 100.
Usage
Use this command to configure a threshold on the number of ICMP/ICMPv6 error messages sent by the
subscriber for a particular data flow. After the threshold is reached, it is assumed that the server is not
reacting properly to the error messages, and further downlink traffic to the subscriber on the unwanted flow is
blocked.
Some servers that run QChat ignore the ICMP/ICMPv6 error messages (Destination Port Unreachable and
Host Unreachable) from the mobiles. So the mobiles continue to receive unwanted UDP traffic from the
QChat servers, and their batteries get exhausted quickly.
subscriber for a particular data flow. After the threshold is reached, it is assumed that the server is not
reacting properly to the error messages, and further downlink traffic to the subscriber on the unwanted flow is
blocked.
Some servers that run QChat ignore the ICMP/ICMPv6 error messages (Destination Port Unreachable and
Host Unreachable) from the mobiles. So the mobiles continue to receive unwanted UDP traffic from the
QChat servers, and their batteries get exhausted quickly.
Example