The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
You can configure Cisco Unified Border Element (SP Edition) to provide alerts for any unexpected source addresses that are received. After an unexpected source address is received, a log is created and a Simple Network Management Protocol (SNMP) trap is generated.
Cisco Unified Border Element (SP Edition) was formerly known as Integrated Session Border Controller and may be commonly referred to in this document as the session border controller (SBC).
For a complete description of the commands used in this chapter, refer to the Cisco Unified Border Element (SP Edition) Command Reference: Unified Model at:
http://www.cisco.com/en/US/docs/ios/sbc/command/reference/sbcu_book.html
To locate documentation for other commands that appear in this chapter, use the command reference master index, or search online.
Note For Cisco IOS XE Release 2.4, this feature is supported in both the unified model and the distributed model.
Feature History for Unexpected Source Address Alerting
|
|
This feature was introduced for the unified model on the Cisco ASR 1000 Series Aggregation Services Routers. |
The following prerequisite is required to implement the unexpected source address alerting feature:
Before implementing unexpected source address alerting, Cisco Unified Border Element (SP Edition) must already be configured.
Review the following restrictions for unexpected source address alerting:
If a packet with unexpected source address/port is received by the data border element (DBE) on a media address, port, or (if applicable) Virtual Routing Forwarding (VRF) used by a current call, then the DBE creates a log and generates an SNMP trap on the appropriate media-flow-stats MIB.
The log (level 63) is output to the console automatically (by default). The log is a member of the MEDIA debug log group. The log includes the local address, port, and VRF where the packets were received and also the source address and port of the received packet.
An alert is generated the first time an unexpected packet is received on a port after the port is opened for a call. If additional unexpected packets are received on the same media port, additional alerts are generated. Any additional alerts are rate-limited. After the call is completed, the media port is assigned to a new call, and the state is reset. A new alert is then generated if any additional unexpected packets are subsequently received.
The SNMP trap that is generated will contain the following fields:
6. show sbc sbc-name dbe media-flow-stats vrf vrf-name [ ipv4 A.B.C.D [ port ] port number ]
This section provides a sample configuration for configuring unexpected source address alerting including an example of the information added to the media flow statistics.
To configure unexpected source address alerting, use the following commands: