RE: Unicast Verify

From: Scott Morris (swm@emanon.com)
Date: Mon Mar 28 2005 - 10:56:19 GMT-3

• Next message: Dillon Yang: "NBMA in real word"
• Previous message: Scott Morris: "RE: Cisco CCSI Agreement"
• Maybe in reply to: ccie: "Unicast Verify"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

RPF works. It's the ACL portion of it that doesn't work properly.

HTH,

Scott

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of ccie
Sent: Monday, March 28, 2005 1:41 AM
To: Philippe Couture
Cc: Group Study
Subject: Re: Unicast Verify

Missed brians post thank god its a bug thought I was lossing it totally.

Thanks & Regards,
Kevin

>Hi Kevin,
>
>You're probably encountering bug CSCeg06652, which Brian McGahan
>alerted us to a few days ago. Looks like uRPF does not work in the
>12.2T loads.
>
>Philippe
>
>
>On Sun, 27 Mar 2005 20:59:33 +0100, ccie <ccie@gannons.net> wrote:
>
>
>>Trying to test the following config snippet:
>>
>>Rack1R2#sh run int s 0/1
>>Building configuration...
>>
>>Current configuration : 112 bytes
>>!
>>interface Serial0/1
>> ip address 173.1.32.2 255.255.255.0
>> ip verify unicast source reachable-via any 199 end
>>
>>Rack1R2#sh acce
>>Rack1R2#sh access-l
>>Rack1R2#sh access-lists 199
>>Extended IP access list 199
>> 10 permit ip any any log
>>Rack1R2#
>>Rack1R2#
>>Rack1R2#sh ip int s 0/1 | i rop
>> 213 verification drops
>> 17 suppressed verification drops
>>Rack1R2#
>>
>>What I want is to allow traffic that matches the RPF check in other
>>words spoofed traffic and also log it. I am having no luck its simply
>>dropping the traffic and no logs I have tried using a deny and a
>>permit in the ACL without luck. Also tried using log and log-input
>>without luck. Running c2600-j1s3-mz.122-15.T14.bin and I am sure I
>>have had this working without problems in other versions.
>>
>>Regards,
>>Kevin
>>
>>______________________________________________________________________
>>_ Subscription information may be found at:
>>http://www.groupstudy.com/list/CCIELab.html
>>
>>
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html

• Next message: Dillon Yang: "NBMA in real word"
• Previous message: Scott Morris: "RE: Cisco CCSI Agreement"
• Maybe in reply to: ccie: "Unicast Verify"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Apr 03 2005 - 17:56:53 GMT-3