You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

 

Additional sections:

The Network Processor logs discarded packets and keeps a summary of ten categories of “offenders lists.” The top 10 offenders in each category display in IP Policing “offenders list” statistics. For the rogueMediaOffendersList and mediaOffenderListstatistics, a new entry is created when the destination IP address or destination UDP port is different than the existing entries. Some offenders lists include the column “Source Unique.” If the “Source Unique” field is “notUnique”, the packets from multiple source IP addresses or source UDP ports were discarded.  If the source unique field is “unique,” the packets from a single source IP address/UDP port were discarded.

For all other “offenders list” categories, a new entry is created when the source IP address is different than the existing entries.

 

Use this feature to reset designated offender lists.

On SBC main screen, go to All > System > Ip Policing.

The Commands window is displayed.

Ip Policing Commands

Select resetOffendersList from the Commands drop-down list and click Select.

A pop-up window appears seeking your choice of list for which you want to execute the resetOffendersList command.

All - System - Ip Policing Command Confirmation

The following options are displayed:

Ip Policing Commands Parameter

Parameter

Description

badEtherIpHdrOffendersList

The table of statistics for the bad Ethernet/IP Header policer offenders list. For example:

  • Only broadcast ARP packets are allowed; all other broadcast packets are considered bad.

  • Only ICMPV6 neighbor discovery packets are allowed under multicast MAC address. Anything else is considered bad.

  • If DestMAC is zero, it is considered a bad packet.

  • Anything other than ethertype (IPV4, IPV6, VLAN) is considered bad.

  • IP Checksum error.

  • IP version other than 4 or 6 is considered bad.

  • Bad IP Header length

  • Packet that is not long enough to contain IP header.

  • TTL == 0 is considered bad.

  • IPV4 with options set is considered bad.

  • IPV6 with initial next header field of 0, 60, or 43 is considered bad.

 arpOffendersList

The table of statistics for the ARP policer offenders list.
uFlowOffendersListThe table of statistics for for the micro flow policer offenders list. For example:
  • Microflow packet exceeding the policing rate.
aclOffendersListThe table of statistics for Access Control List policer offenders list.
aggregateOffendersListThe table of statistics for the aggregate policer offenders list.
ipSecDecryptOffendersList  The table of statistics for the IPSec Decrypt policer offenders list. For example:
  • Bad IPSec packet
  • Authentication error
  • Invalid SSID
  • IPSec protocol == AH
rougeMediaOffendersList The table of statistics for the rogue media policer offenders list. For example:
  • UPD packets received in the media port range, but the destination UDP port is not allocated for media call.
  • Media packets where source port, source address or destination address do not match.
mediaOffendersList The table of statistics for the media policer offenders list. For example:
  • Media packets exceeding the policing value.
discardRuleOffendersList The table of statistics for the discard rule offenders list. For example:
  • ACL discard rule packets

Select your desired option from the list and click resetOffendersList.

The result of this action is displayed:

All - System - Ip Policing Command Result

Click OK to exit.

 

 

  • No labels