Cisco Cisco Packet Data Gateway (PDG)
per-ip-failure-limit
Sets a failure limit that, when exceeded, causes the suspension of registration attempts for the offending IP
address.
address.
The system will ignore the configuration of this command unless the dos-prevention command has been
enabled.
enabled.
Important
Product
SCM (P-CSCF, A-BG)
Privilege
Security Administrator, Administrator
Command Modes
Exec > Global Configuration > Context Configuration > CSCF Service Configuration > Proxy-CSCF
Configuration > CSCF Security Configuration
Configuration > CSCF Security Configuration
configure > context context_name > cscf service service_name > proxy-cscf > security-parameters
Entering the above command sequence results in the following prompt:
[
context_name
]
host_name
(config-security-parameters)#
Syntax Description
per-ip-failure-limit limit
default per-ip-failure-limit
default per-ip-failure-limit
default
Sets/restores the default value assigned to the specified command.
limit
Default: 100
Defines the threshold for registration failures based on a calculation using weighted multipliers defined in
auth-failure-weight and bad-request-weight.
auth-failure-weight and bad-request-weight.
limit must be an integer from 5 to 10,000.
Usage Guidelines
Use this command to set a failure limit for registration attempts from an identified IP address. The following
calculation determines when this threshold is reached for any IP address:
calculation determines when this threshold is reached for any IP address:
Current authorization failures ÷ auth-failure-weight = current failures per AoR
or
Command Line Interface Reference, Modes C - D, StarOS Release 19
1606
CSCF Security Configuration Mode Commands
per-ip-failure-limit