Cisco Cisco Packet Data Interworking Function (PDIF)
no ip source-violation clear-on-valid-packet
The drop-limit counters are not reset upon receipt of a properly addressed packet.
Usage Guidelines
Source validation is useful if packet spoofing is suspected or for verifying packet routing and labeling within
the network.
the network.
Source validation requires the source address of received packets to match the IP address assigned to the
subscriber (either statically or dynamically) during the session.
subscriber (either statically or dynamically) during the session.
This function operates in the following manner: When a subscriber packet is received with a source IP address
violation, the system increments the IP source violation drop-limit counter and starts the timer for the IP
source violation period. Every subsequent packet received with a bad source address during the IP source
violation period causes the drop-limit counter to increment. For example, if the drop-limit is set to 10, after
10 source violations, the call is dropped. The detection period timer continues to count throughout this process.
violation, the system increments the IP source violation drop-limit counter and starts the timer for the IP
source violation period. Every subsequent packet received with a bad source address during the IP source
violation period causes the drop-limit counter to increment. For example, if the drop-limit is set to 10, after
10 source violations, the call is dropped. The detection period timer continues to count throughout this process.
Examples
The following command sets the drop limit to 15 and leaves the other values at their default values:
ip source-violation drop-limit 15
ip source-violation drop-limit 15
Command Line Interface Reference, Modes I - Q, StarOS Release 19
1526
PDG Service Configuration Mode Commands
ip source-violation