From: Philippe Couture (philippecouture@gmail.com)
Date: Sun Mar 27 2005 - 18:15:36 GMT-3
Hi Kevin,
You're probably encountering bug CSCeg06652, which Brian McGahan
alerted us to a few days ago. Looks like uRPF does not work in the
12.2T loads.
Philippe
On Sun, 27 Mar 2005 20:59:33 +0100, ccie <ccie@gannons.net> wrote:
> Trying to test the following config snippet:
>
> Rack1R2#sh run int s 0/1
> Building configuration...
>
> Current configuration : 112 bytes
> !
> interface Serial0/1
> ip address 173.1.32.2 255.255.255.0
> ip verify unicast source reachable-via any 199
> end
>
> Rack1R2#sh acce
> Rack1R2#sh access-l
> Rack1R2#sh access-lists 199
> Extended IP access list 199
> 10 permit ip any any log
> Rack1R2#
> Rack1R2#
> Rack1R2#sh ip int s 0/1 | i rop
> 213 verification drops
> 17 suppressed verification drops
> Rack1R2#
>
> What I want is to allow traffic that matches the RPF check in other
> words spoofed traffic and also log it. I am having no luck its simply
> dropping the traffic and no logs I have tried using a deny and a permit
> in the ACL without luck. Also tried using log and log-input without
> luck. Running c2600-j1s3-mz.122-15.T14.bin and I am sure I have had this
> working without
> problems in other versions.
>
> Regards,
> Kevin
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sun Apr 03 2005 - 17:56:53 GMT-3