Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Understanding GTPv2 Message-Type Filtering

 

You can configure a device to filter GPRS tunneling protocol version 2 (GTPv2) packets based on their message types. By default, the device permits all GTPv2 message types.

You permit and deny message types based on the GTP version number. For example, you can deny message types for one version while you permit them for the other version.

You can use the set security gprs gtp profile profile name drop message-type number configuration statement to discard GTPv2 message types. If the version number is not mentioned, message types for all versions are discarded. If a configured message type is not valid for the particular GTP version, the specific configuration does not take effect.

Note

Message types valid for GTP version 1 (GTPv1) might not be valid for GTPv2, and vice versa.

A GTPv2 message type includes one or many messages. When you permit or deny a message type, you automatically permit or deny all messages of the specified message type. For example, if you drop the identification message type, then you automatically drop the identification-request and identification-response messages. Also, if you drop the create-pdp message type for version 2, then only the create-pdp-request and create-pdp-response messages for version 2 are dropped.