Cisco Cisco Packet Data Gateway (PDG) Folheto
IuPS Service Configuration Mode Commands
▀ force-authenticate consecutive-security-failure
▄ Cisco ASR 5x00 Command Line Interface Reference
6474
non-local-messages count count
Default: 1
Enables/ disables authentication for non-local messages (such as inter-RAT RAUs and all types of attaches) .
Consecutive security failures for non-local messages is fairly common so the default count frequency is 1.
Setting the count frequency enables the feature and sets the number of consecurity non-local message security
failures that must occur prior t o authentication being forced.
Enables/ disables authentication for non-local messages (such as inter-RAT RAUs and all types of attaches) .
Consecutive security failures for non-local messages is fairly common so the default count frequency is 1.
Setting the count frequency enables the feature and sets the number of consecurity non-local message security
failures that must occur prior t o authentication being forced.
frequency:
Enter an integer from 1 to 10.
Usage
GMM authentication is optional for UMTS. When GMM authentication is skipped, the SGSN and the MS
continue to re-use the latest keys exchanged during the most recent GMM authentication procedure. This can
result in the SGSN and the MS going out of sync with the CK and IK currently in use. If a mismatch occurs
when the MS continues to use the correct parameters (e.g., cksn or P-TMSI signature) in the next Iu and if the
SGSN skips authentication on the Iu, then, usually, the security mode will timeout or be rejected because the
MS will not be able to decipher or perform an integrity check on the network messages. This scenario results
in a lot of useless signaling in the network. This command allows the operator to enable a forced GMM
authentication that will either resolve this type of problem or avoid it. As well, the operator can configure a
frequency of authentication that best meets their needs.
continue to re-use the latest keys exchanged during the most recent GMM authentication procedure. This can
result in the SGSN and the MS going out of sync with the CK and IK currently in use. If a mismatch occurs
when the MS continues to use the correct parameters (e.g., cksn or P-TMSI signature) in the next Iu and if the
SGSN skips authentication on the Iu, then, usually, the security mode will timeout or be rejected because the
MS will not be able to decipher or perform an integrity check on the network messages. This scenario results
in a lot of useless signaling in the network. This command allows the operator to enable a forced GMM
authentication that will either resolve this type of problem or avoid it. As well, the operator can configure a
frequency of authentication that best meets their needs.
Example
The following command enables forced authentication after every
3rd
local message security failure:
force-authenticate consecutive-security-failure local-messages count 3