Cisco Cisco Packet Data Interworking Function (PDIF) トラブルシューティングガイド
APN Configuration Mode Commands
▀ ip source-violation
▄ Cisco ASR 5000 Series Command Line Interface Reference
OL-22947-02
ip source-violation
Enables/disables packet source validation for the current APN.
Product
GGSN, P-GW
Privilege
Security Administrator, Administrator
Syntax
Default: Disabled
Disables source address checking for the APN.
Disables source address checking for the APN.
Default: Enabled, limit = 10
Enables the checking of source addresses received from subscribers for violations.
A
Enables the checking of source addresses received from subscribers for violations.
A
can be configured to set a limit on the number of invalid packets that can be received from
a subscriber prior to their session being deleted.
can be configured to any integer value between 0 and
1000000. A value of 0 indicates that all invalid packets will be discarded but the session will never be deleted
by the system.
by the system.
Default: Disabled
Excludes the packets identified with IP source violation from the stats generated for accounting records on a
basis of configurables.
Excludes the packets identified with IP source violation from the stats generated for accounting records on a
basis of configurables.
Usage
Source validation is useful if packet spoofing is suspected or for verifying packet routing and labeling within
the network.
Source validation requires the source address of received packets to match the IP address assigned to the
subscriber (either statically or dynamically) during the session.
the network.
Source validation requires the source address of received packets to match the IP address assigned to the
subscriber (either statically or dynamically) during the session.
Example
The following command enables source address validation for the APN and configures a drop-limit of 15:
The following command enables source address validation for the APN and configures a drop-limit of 15: