From: Philippe Couture (philippecouture@gmail.com)
Date: Sun Mar 27 2005 - 18:19:02 GMT-3
I should have been more precise in my statement:
uRPF does work, it is the ability to let some packets
through with an access-list that does not work.
Cheers,
Philippe
On Sun, 27 Mar 2005 16:15:36 -0500, Philippe Couture
<philippecouture@gmail.com> wrote:
> Hi Kevin,
>
> You're probably encountering bug CSCeg06652, which Brian McGahan
> alerted us to a few days ago. Looks like uRPF does not work in the
> 12.2T loads.
>
> Philippe
>
>
> On Sun, 27 Mar 2005 20:59:33 +0100, ccie <ccie@gannons.net> wrote:
> > Trying to test the following config snippet:
> >
> > Rack1R2#sh run int s 0/1
> > Building configuration...
> >
> > Current configuration : 112 bytes
> > !
> > interface Serial0/1
> > ip address 173.1.32.2 255.255.255.0
> > ip verify unicast source reachable-via any 199
> > end
> >
> > Rack1R2#sh acce
> > Rack1R2#sh access-l
> > Rack1R2#sh access-lists 199
> > Extended IP access list 199
> > 10 permit ip any any log
> > Rack1R2#
> > Rack1R2#
> > Rack1R2#sh ip int s 0/1 | i rop
> > 213 verification drops
> > 17 suppressed verification drops
> > Rack1R2#
> >
> > What I want is to allow traffic that matches the RPF check in other
> > words spoofed traffic and also log it. I am having no luck its simply
> > dropping the traffic and no logs I have tried using a deny and a permit
> > in the ACL without luck. Also tried using log and log-input without
> > luck. Running c2600-j1s3-mz.122-15.T14.bin and I am sure I have had this
> > working without
> > problems in other versions.
> >
> > Regards,
> > Kevin
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sun Apr 03 2005 - 17:56:53 GMT-3