Cisco Cisco ASR 5700
PDG Service Configuration Mode Commands
ip source-violation ▀
Command Line Interface Reference, StarOS Release 17 ▄
7801
Usage
Source validation is useful if packet spoofing is suspected or for verifying packet routing and labeling within
the network.
Source validation requires the source address of received packets to match the IP address assigned to the
subscriber (either statically or dynamically) during the session.
This function operates in the following manner: When a subscriber packet is received with a source IP
address violation, the system increments the IP source violation drop-limit counter and starts the timer for the
IP source violation period. Every subsequent packet received with a bad source address during the IP source
violation period causes the drop-limit counter to increment. For example, if the drop-limit is set to 10, after
10 source violations, the call is dropped. The detection period timer continues to count throughout this
process.
the network.
Source validation requires the source address of received packets to match the IP address assigned to the
subscriber (either statically or dynamically) during the session.
This function operates in the following manner: When a subscriber packet is received with a source IP
address violation, the system increments the IP source violation drop-limit counter and starts the timer for the
IP source violation period. Every subsequent packet received with a bad source address during the IP source
violation period causes the drop-limit counter to increment. For example, if the drop-limit is set to 10, after
10 source violations, the call is dropped. The detection period timer continues to count throughout this
process.
Example
The following command sets the drop limit to 15 and leaves the other values at their default values:
ip source-violation drop-limit 15