From: ccie (ccie@gannons.net)
Date: Mon Mar 28 2005 - 03:41:06 GMT-3
Missed brians post thank god its a bug thought I was lossing it totally.
Thanks & Regards,
Kevin
>Hi Kevin,
>
>You're probably encountering bug CSCeg06652, which Brian McGahan
>alerted us to a few days ago. Looks like uRPF does not work in the
>12.2T loads.
>
>Philippe
>
>
>On Sun, 27 Mar 2005 20:59:33 +0100, ccie <ccie@gannons.net> wrote:
>
>
>>Trying to test the following config snippet:
>>
>>Rack1R2#sh run int s 0/1
>>Building configuration...
>>
>>Current configuration : 112 bytes
>>!
>>interface Serial0/1
>> ip address 173.1.32.2 255.255.255.0
>> ip verify unicast source reachable-via any 199
>>end
>>
>>Rack1R2#sh acce
>>Rack1R2#sh access-l
>>Rack1R2#sh access-lists 199
>>Extended IP access list 199
>> 10 permit ip any any log
>>Rack1R2#
>>Rack1R2#
>>Rack1R2#sh ip int s 0/1 | i rop
>> 213 verification drops
>> 17 suppressed verification drops
>>Rack1R2#
>>
>>What I want is to allow traffic that matches the RPF check in other
>>words spoofed traffic and also log it. I am having no luck its simply
>>dropping the traffic and no logs I have tried using a deny and a permit
>> in the ACL without luck. Also tried using log and log-input without
>>luck. Running c2600-j1s3-mz.122-15.T14.bin and I am sure I have had this
>>working without
>>problems in other versions.
>>
>>Regards,
>>Kevin
>>
>>_______________________________________________________________________
>>Subscription information may be found at:
>>http://www.groupstudy.com/list/CCIELab.html
>>
>>
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sun Apr 03 2005 - 17:56:53 GMT-3