From: Edwards, Andrew M (andrew.m.edwards@boeing.com)
Date: Fri Mar 25 2005 - 16:07:25 GMT-3
If you want to drop the packets that do NOT match the reverse path then
you want to DENY them in the ACL.
If you want to log it then just do a deny ip any any log
Don't forget to turn on the appropriate logging level and to the
console/buffer (where desired).... Otherwise you didn't really get
anywhere.
HTH,
Andy
-----Original Message-----
From: mani poopal [mailto:mani_ccie@yahoo.com]
Sent: Thursday, March 24, 2005 11:38 PM
To: ccielab@groupstudy.com
Subject: IP VERIFY UNICAST REVERSE PATH
Guys,
What is the main purpose of access-list at the end of the ip verify
unicast reverese-path(To drop packets without verifiable source address
)command. If I want to log denied packets is oprtion (1.) or option
(2.) is right. This access-list only for reverse path command and not
for access-group. So what is the correct sequense of checking this
access-list by the rpf router.
(1.)
int eth0/1/1
ip address 192.168.200.1 255.255.255.0
ip verify unicast reverse-path 197
access-list 197 deny ip any any
(2.)int eth0/1/1
ip address 192.168.200.1 255.255.255.0
ip verify unicast reverse-path 197
access-list 197 permit ip any any
B.ENG,A+,CCNA,CCNP,CCNP-VOICE, CSS1,CNA,MCSE
(416)431 9929
MANI_CCIE@YAHOO.COM
---------------------------------
Do you Yahoo!?
Yahoo! Small Business - Try our new resources site!
This archive was generated by hypermail 2.1.4 : Sun Apr 03 2005 - 17:56:52 GMT-3