RE: IP VERIFY UNICAST REVERSE PATH

From: mani poopal (mani_ccie@yahoo.com)
Date: Fri Mar 25 2005 - 20:06:12 GMT-3

• Next message: mani poopal: "DHCP/HSRP/VRRP/IRDP"
• Previous message: Richard Dumoulin: "crypto-map and CEF"
• Maybe in reply to: mani poopal: "IP VERIFY UNICAST REVERSE PATH"
• Next in thread: Patrick Aland: "Re: IP VERIFY UNICAST REVERSE PATH"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi all,
 
Thanks for many valuable information. It cleared many aspects of ip verify unicast reverse-path command.
 
thanks
 
Mani

Brian McGahan <bmcgahan@internetworkexpert.com> wrote:
Mani,

This feature does not work in the 12.2T trains. I have verified
this both with the CLI config and in the bug toolkit:

CSCeg06652 Bug Details

Headline uRPF does not work ACL log
Product all Model
Component fib Duplicate of CSCin39333
Severity 3 Severity help Status Duplicate Status help
First Found-in Version 12.2(15)T05 All affected versions First
Fixed-in Version Version help
Release Notes

Symptoms: Cisco Express Forwarding (CEF) will drop all packets including

permitted packets or denied packets.

Conditions: This symptom is observed when Unicast Reverse Path
Forwarding
(URPF) is configured with an access control list (ACL) that has a log
option.

Workaround: There is no workaround.

HTH,

Brian McGahan, CCIE #8593
bmcgahan@internetworkexpert.com

Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987 x 705
Outside US: 775-826-4344 x 705
24/7 Support: http://forum.internetworkexpert.com
Live Chat: http://www.internetworkexpert.com/chat/

> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> mani poopal
> Sent: Friday, March 25, 2005 1:38 AM
> To: ccielab@groupstudy.com
> Subject: IP VERIFY UNICAST REVERSE PATH
>
> Guys,
>
> What is the main purpose of access-list at the end of the ip verify
> unicast reverese-path(To drop packets without verifiable source
address
> )command. If I want to log denied packets is oprtion (1.) or option
(2.)
> is right. This access-list only for reverse path command and not for
> access-group. So what is the correct sequense of checking this
access-
> list by the rpf router.
>
>
> (1.)
> int eth0/1/1
> ip address 192.168.200.1 255.255.255.0
> ip verify unicast reverse-path 197
> access-list 197 deny ip any any
>
> (2.)int eth0/1/1
> ip address 192.168.200.1 255.255.255.0
> ip verify unicast reverse-path 197
> access-list 197 permit ip any any
>
>
>
>
>
> B.ENG,A+,CCNA,CCNP,CCNP-VOICE, CSS1,CNA,MCSE
> (416)431 9929
> MANI_CCIE@YAHOO.COM
>
> ---------------------------------
> Do you Yahoo!?
> Yahoo! Small Business - Try our new resources site!
>
>

• Next message: mani poopal: "DHCP/HSRP/VRRP/IRDP"
• Previous message: Richard Dumoulin: "crypto-map and CEF"
• Maybe in reply to: mani poopal: "IP VERIFY UNICAST REVERSE PATH"
• Next in thread: Patrick Aland: "Re: IP VERIFY UNICAST REVERSE PATH"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Apr 03 2005 - 17:56:52 GMT-3