From: Dillon Yang (gzdillon@hotmail.com)
Date: Sat Mar 26 2005 - 11:18:22 GMT-3
Hi, Brian:
I can not understand why the core router has asymmetric path and the edge router has symmetric path indicated in the link:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_r/fothercr/srfrpf.htm
Any advice?
TIA
dillon
----- Original Message -----
From: "Brian McGahan" <bmcgahan@internetworkexpert.com>
To: "mani poopal" <mani_ccie@yahoo.com>; <ccielab@groupstudy.com>
Sent: Saturday, March 26, 2005 6:14 AM
Subject: RE: IP VERIFY UNICAST REVERSE PATH
> Mani,
>
> This feature does not work in the 12.2T trains. I have verified
> this both with the CLI config and in the bug toolkit:
>
> CSCeg06652 Bug Details
>
> Headline uRPF does not work ACL log
> Product all Model
> Component fib Duplicate of CSCin39333
> Severity 3 Severity help Status Duplicate Status help
> First Found-in Version 12.2(15)T05 All affected versions First
> Fixed-in Version Version help
> Release Notes
>
> Symptoms: Cisco Express Forwarding (CEF) will drop all packets including
>
> permitted packets or denied packets.
>
> Conditions: This symptom is observed when Unicast Reverse Path
> Forwarding
> (URPF) is configured with an access control list (ACL) that has a log
> option.
>
> Workaround: There is no workaround.
>
>
> HTH,
>
> Brian McGahan, CCIE #8593
> bmcgahan@internetworkexpert.com
>
> Internetwork Expert, Inc.
> http://www.InternetworkExpert.com
> Toll Free: 877-224-8987 x 705
> Outside US: 775-826-4344 x 705
> 24/7 Support: http://forum.internetworkexpert.com
> Live Chat: http://www.internetworkexpert.com/chat/
>
>
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of
> > mani poopal
> > Sent: Friday, March 25, 2005 1:38 AM
> > To: ccielab@groupstudy.com
> > Subject: IP VERIFY UNICAST REVERSE PATH
> >
> > Guys,
> >
> > What is the main purpose of access-list at the end of the ip verify
> > unicast reverese-path(To drop packets without verifiable source
> address
> > )command. If I want to log denied packets is oprtion (1.) or option
> (2.)
> > is right. This access-list only for reverse path command and not for
> > access-group. So what is the correct sequense of checking this
> access-
> > list by the rpf router.
> >
> >
> > (1.)
> > int eth0/1/1
> > ip address 192.168.200.1 255.255.255.0
> > ip verify unicast reverse-path 197
> > access-list 197 deny ip any any
> >
> > (2.)int eth0/1/1
> > ip address 192.168.200.1 255.255.255.0
> > ip verify unicast reverse-path 197
> > access-list 197 permit ip any any
> >
> >
> >
> >
> >
> > B.ENG,A+,CCNA,CCNP,CCNP-VOICE, CSS1,CNA,MCSE
> > (416)431 9929
> > MANI_CCIE@YAHOO.COM
> >
> > ---------------------------------
> > Do you Yahoo!?
> > Yahoo! Small Business - Try our new resources site!
> >
> >
> _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sun Apr 03 2005 - 17:56:52 GMT-3