Cisco Cisco Packet Data Gateway (PDG) Guia De Resolução De Problemas
GGSN Service Configuration Mode Commands
guard-interval ▀
Cisco ASR 5000 Series Command Line Interface Reference ▄
OL-22947-02
guard-interval
Configures the time period after which a redundant PDP context request received from an SGSN is treated as a new
request rather than a re-send of a previous request.
request rather than a re-send of a previous request.
Product
GGSN
Privilege
Security Administrator, Administrator
Syntax
Disables the guard-interval function for the GGSN service.
Default: 100
Specifies the amount of time that must pass before a GGSN service treats a redundant PDP context request as
a new request instead of a re-send of a previous request.
Specifies the amount of time that must pass before a GGSN service treats a redundant PDP context request as
a new request instead of a re-send of a previous request.
is measured in seconds and can be configured to any integer value between 10 and 3600.
Usage
The guard interval is used to protect against replay attacks. Without a guard interval configured, information
from a valid PDP context request could be used to gain un-authorized network access.
If the GGSN service receives a PDP context request in which the International Mobile Subscriber Identity
(IMSI), the Network Service Access Point Identifier (NSAPI), the end user IP address, and the GTP sequence
number are identical to those received in a previous request, the GGSN treats the new request as a re-send of
the original. Therefore, information from a valid PDP context request could be collected and re-sent at a later
time by an un-authorized user to gain network access.
Configuring a guard interval limits the amount of time that the information contained within a PDP context
request remains valid.
from a valid PDP context request could be used to gain un-authorized network access.
If the GGSN service receives a PDP context request in which the International Mobile Subscriber Identity
(IMSI), the Network Service Access Point Identifier (NSAPI), the end user IP address, and the GTP sequence
number are identical to those received in a previous request, the GGSN treats the new request as a re-send of
the original. Therefore, information from a valid PDP context request could be collected and re-sent at a later
time by an un-authorized user to gain network access.
Configuring a guard interval limits the amount of time that the information contained within a PDP context
request remains valid.
Example
The following command configures the GGSN service with a guard interval of 60 seconds:
The following command configures the GGSN service with a guard interval of 60 seconds: