From: Richard Dumoulin (richard.dumoulin@vanco.es)
Date: Mon Jun 28 2004 - 11:57:38 GMT-3
With the acl mentioned below, only packets with source address not present
in the routing table or coming through the wrong interface will be denied.
The RPF works like this:
If source present in the routing and coming from the right interface, then
pass
If source coming through the wrong interface then have a look at the acl. If
permitted by the acl, then pass. If not permitted then deny.
If source not present in the routing table, then check acl etc ...
This is how I think it works,
--Richard
-----Original Message-----
From: ccie2be [mailto:ccie2be@nyc.rr.com]
Sent: lunes, 28 de junio de 2004 16:21
To: Group Study
Subject: Logging denied spoofed packets
Hi guys,
When using the ip verify unicast reverse-path <acl> commands, I want to deny
only spoofed packet but also log the denied spoofed packets.
According to the documentation,
Enables Unicast RPF on the interface. Use the list option to identify an
access list. If the access list denies network access, spoofed packets are
dropped at the interface. If the access list permits network access, spoofed
packets are forwarded to the destination address. Forwarded packets are
counted in the interface statistics. If the access list includes the logging
option, information about the spoofed packets is logged to the log server.
Based on these requirements, what should the acl look like?
If I create an acl which denies all packets (ie. 0.0.0.0/32), does that deny
all packets or only spoofed packets?
TIA, Tim
This archive was generated by hypermail 2.1.4 : Sat Jul 03 2004 - 19:40:51 GMT-3