From: Patrick Aland (paland@gmail.com)
Date: Fri Mar 25 2005 - 23:22:44 GMT-3
Its purpose is to tell the router what to do with a packet that fails
the check. i.e. say for instance you know that occasionally you will
have a packet that will fail the check but you need to let it through,
you'd do something like
access-list 101 permit ip host x.x.x.x any
access-list 101 deny ip any any
Then use access-list 101, when the packet fails the rpf check it will
be checked against the access-list and then either allowed or denied.
On Thu, 24 Mar 2005 23:38:05 -0800 (PST), mani poopal
<mani_ccie@yahoo.com> wrote:
> Guys,
>
> What is the main purpose of access-list at the end of the ip verify unicast reverese-path(To drop packets without verifiable source address )command. If I want to log denied packets is oprtion (1.) or option (2.) is right. This access-list only for reverse path command and not for access-group. So what is the correct sequense of checking this access-list by the rpf router.
>
> (1.)
> int eth0/1/1
> ip address 192.168.200.1 255.255.255.0
> ip verify unicast reverse-path 197
> access-list 197 deny ip any any
>
> (2.)int eth0/1/1
> ip address 192.168.200.1 255.255.255.0
> ip verify unicast reverse-path 197
> access-list 197 permit ip any any
>
> B.ENG,A+,CCNA,CCNP,CCNP-VOICE, CSS1,CNA,MCSE
> (416)431 9929
> MANI_CCIE@YAHOO.COM
>
> ---------------------------------
> Do you Yahoo!?
> Yahoo! Small Business - Try our new resources site!
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
-- --Patrick
This archive was generated by hypermail 2.1.4 : Sun Apr 03 2005 - 17:56:52 GMT-3