Cisco Cisco Packet Data Gateway (PDG) Guia De Resolução De Problemas
PDIF Service Configuration Mode Commands
ip source-violation ▀
Cisco ASR 5000 Series Command Line Interface Reference ▄
OL-22947-02
ip source-violation
Sets the parameters for IP source validation. Source validation is useful if packet spoofing is suspected or for verifying
packet routing and labeling within the network.
packet routing and labeling within the network.
Source validation requires the source address of received packets to match the IP address assigned to the subscriber
(either statically or dynamically) during the session.
(either statically or dynamically) during the session.
Product
PDIF
Privilege
Security Administrator, Administrator
Syntax
{
|
}
Default: disabled
Configures the service to reset the reneg-limit and drop-limit counters after receipt of a properly addressed
packet.
Configures the service to reset the reneg-limit and drop-limit counters after receipt of a properly addressed
packet.
Default: 10
Sets the number of allowed source violations within a detection period before forcing a call disconnect. If
Sets the number of allowed source violations within a detection period before forcing a call disconnect. If
is not specified, the value is set to the default.
can be any integer value from 1 to 1000000.
can be any integer value from 1 to 1000000.
Default: 120
The length of time, in seconds, for a source violation detection period to last.
If
The length of time, in seconds, for a source violation detection period to last.
If
is not specified, the value is set to the default.
can be any integer value from 1 to1000000.
Usage
This function is intended to allow the operator to configure a network to prevent problems such as when a
user gets handed back and forth between two PDIFs a number of times during a handoff scenario.
This function operates in the following manner:
When a subscriber packet is received with a source address violation, the system increments the IP source-
violation drop-limit counter and starts the timer for the IP-source violation period. Every subsequent packet
received with a bad source address during the IP-source violation period causes the drop-limit counter to
increment.
For example, if the drop-limit is set to 10, after 10 source violations, the call is dropped. The period timer
continues to count throughout this process.
user gets handed back and forth between two PDIFs a number of times during a handoff scenario.
This function operates in the following manner:
When a subscriber packet is received with a source address violation, the system increments the IP source-
violation drop-limit counter and starts the timer for the IP-source violation period. Every subsequent packet
received with a bad source address during the IP-source violation period causes the drop-limit counter to
increment.
For example, if the drop-limit is set to 10, after 10 source violations, the call is dropped. The period timer
continues to count throughout this process.
Example
The following command sets the drop limit to
The following command sets the drop limit to
and leaves the other values at their defaults: