sctp
Syntax
sctp {
log (Security SCTP) name;
multichunk-inspection disable;
nullpdu {
protocol (ID-0x0000 | ID-0xFFFF);
}
profile (Security SCTP) name {
association-timeout association-timeout;
drop (Security SCTP) {
m3ua-service name;
payload-protocol name;
}
handshake-timeout handshake-timeout;
limit (Security SCTP) {
address name {
payload-protocol (asap | bicc | ddp-segment | ddp-stream | diameter-dtls | diameter-sctp | dua | enrp | h248 | h323 | id | iua | m2pa | m2ua | m3ua | others | qipc | reserved | s1ap | simco | sua | tali | v5ua | x2ap) {
rate rate;
}
}
payload-protocol (asap | bicc | ddp-segment | ddp-stream | diameter-dtls | diameter-sctp | dua | enrp | h248 | h323 | id | iua | m2pa | m2ua | m3ua | others | qipc | reserved | s1ap | simco | sua | tali | v5ua | x2ap) {
rate rate;
}
rate {
address name {
sccp sccp;
ssp ssp;
sst sst;
}
sccp sccp;
ssp ssp;
sst sst;
}
}
nat-only;
permit (Security SCTP) {
payload-protocol name;
}
}
traceoptions (Security SCTP) {
file <filename> <files files> <match match> <size size> <(world-readable | no-world-readable)>;
flag name;
no-remote-trace;
}
}
Hierarchy Level
[edit security]
Description
Enabling tracing can adversely impact scale and performance and may increase security risk. We strongly recommend using the trace, tracing, or traceoptions commands only under the guidance of a JTAC support engineer. After collecting the debug information, immediately disable tracing to minimize risk and restore normal system performance.
Use the Stream Control Transmission Protocol (SCTP) commands to configure SCTP objects, configure SCTP logs, set trace options, and set address rate limit.
From Junos OS Release 20.4R1 onwards, the [edit security gprs]
hierarchy level is replaced by [edit security gtp].
Options
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release
10.2. Support for the nat-only option added in Junos OS
Release 12.1X45-D10. Support for the profile statement
added in Junos OS Release 12.1X46-D10.