You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 3
Next »
The Network Processor logs discarded packets and keeps a summary of ten categories of “offenders lists.” The top 10 offenders in each category display in IP Policing “offenders list” statistics. For the
rogueMediaOffendersList
and
mediaOffenderListstatistics
, a new entry is created when the destination IP address or destination UDP port is different than the existing entries. Some offenders lists include the column “Source Unique.” If the “Source Unique” field is “notUnique”, the packets from multiple source IP addresses or source UDP ports were discarded. If the source unique field is “unique,” the packets from a single source IP address/UDP port were discarded.
For all other “offenders list” categories, a new entry is created when the source IP address is different than the existing entries.
Use this feature to reset designated offender lists.
On SBC main screen, go to All > System > Ip Policing.
The Commands window is displayed.
Select resetOffendersList
from the Commands drop-down list and click Select.
A pop-up window appears seeking your choice of list for which you want to execute the resetOffendersList
command.
All - System - Ip Policing Command Confirmation
The following options are displayed:
Ip Policing Commands Parameter
Parameter | Description |
---|
badEtherIpHdrOffendersList
| The table of statistics for the bad Ethernet/IP Header policer offenders list. For example: Only broadcast ARP packets are allowed; all other broadcast packets are considered bad. Only ICMPV6 neighbor discovery packets are allowed under multicast MAC address. Anything else is considered bad. If DestMAC is zero, it is considered a bad packet. Anything other than ethertype (IPV4, IPV6, VLAN) is considered bad. IP Checksum error. IP version other than 4 or 6 is considered bad. Bad IP Header length Packet that is not long enough to contain IP header. TTL == 0 is considered bad. IPV4 with options set is considered bad. IPV6 with initial next header field of 0, 60, or 43 is considered bad.
|
arpOffendersList
| The table of statistics for the ARP policer offenders list. |
uFlowOffendersList | The table of statistics for for the micro flow policer offenders list. For example:
- Microflow packet exceeding the policing rate.
|
aclOffendersList | The table of statistics for Access Control List policer offenders list. |
aggregateOffendersList | The table of statistics for the aggregate policer offenders list. |
ipSecDecryptOffendersList | The table of statistics for the IPSec Decrypt policer offenders list. For example:
- Bad IPSec packet
- Authentication error
- Invalid SSID
- IPSec protocol == AH
|
rougeMediaOffendersList | The table of statistics for the rogue media policer offenders list. For example:
- UPD packets received in the media port range, but the destination UDP port is not allocated for media call.
- Media packets where source port, source address or destination address do not match.
|
mediaOffendersList | The table of statistics for the media policer offenders list. For example:
- Media packets exceeding the policing value.
|
discardRuleOffendersList | The table of statistics for the discard rule offenders list. For example:
|
Select your desired option from the list and click resetOffendersList.
The result of this action is displayed:
All - System - Ip Policing Command Result
Click OK to exit.