Cisco Cisco ASR 5700
IuPS Service Configuration Mode Commands
force-authenticate consecutive-security-failure ▀
Command Line Interface Reference, StarOS Release 17 ▄
6749
force-authenticate consecutive-security-failure
Disable/enable authentication when the MS/UE security fails and configures the procedures and frequency for
authentication
authentication
Product
SGSN
Privilege
Security Administrator, Administrator, Operator
Mode
Exec > Global Configuration > Context Configuration > IuPS Service Configuration
configure > context context_name > iups-service service_name
Entering the above command sequence results in the following prompt:
[context_name]host_name(config-ctx-iups-service)#
Syntax
force-authenticate consecutive-security-failure { inter-sgsn-rau | local-messages count
frequency | non-local-messages count frequency }
frequency | non-local-messages count frequency }
[ default | no ] force-authenticate consecutive-security-failure { inter-sgsn-rau |
local-messages | non-local-messages }
local-messages | non-local-messages }
default
Resets the values to defaults. Forced authentication is enabled for all the types of event procedures with the
default values for determining frequency for authentication.
default values for determining frequency for authentication.
no
Disables the specified authentication configuration.
inter-sgsn-rau
Default: enabled
Enables/disables authentication for inter-SGSN RAU.
The SGSN does not remember previous inter-SGSN-RAU failures for a P-TMSI/RAI because the SGSN
clears all contexts on the occurrence of an inter-SGSN-RAU security failure. So the next inter-SGSN-RAU
can only be authenticated forcefully if it comes before the previous context is cleared. This type of forced
authentication is enabled by default because this type of failure is fairly common.
Enables/disables authentication for inter-SGSN RAU.
The SGSN does not remember previous inter-SGSN-RAU failures for a P-TMSI/RAI because the SGSN
clears all contexts on the occurrence of an inter-SGSN-RAU security failure. So the next inter-SGSN-RAU
can only be authenticated forcefully if it comes before the previous context is cleared. This type of forced
authentication is enabled by default because this type of failure is fairly common.
local-messages count frequency
Default: 5
Enables/ disables authentication for local messages (such as local RAUs, Service Requests, Detach Requests,
etc) . Consecutive security failures is fairly rare for local messages so the default count frequency is fairly
high, 5. Setting the count frequency enables the feature and sets the number of consecurity local message
security failures that must occur prior t o authentication being forced.
Enables/ disables authentication for local messages (such as local RAUs, Service Requests, Detach Requests,
etc) . Consecutive security failures is fairly rare for local messages so the default count frequency is fairly
high, 5. Setting the count frequency enables the feature and sets the number of consecurity local message
security failures that must occur prior t o authentication being forced.
frequency:
Enter an integer from 1 to 10.