RPF Logging

From: gladston@br.ibm.com
Date: Tue Aug 09 2005 - 11:59:57 GMT-3

• Next message: George Papadimitriou: "ipv6 - subnet masks"
• Previous message: Helena Qiu: "is it possible to use private AS# peering with 2 ISPs?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Did you ever get logging for RPF work?

=============
quoted from Cisco

Unicast RPF events can be logged by specifying the logging option for the ACL entries
 that are used by the ip verify unicast source reachable-via command.
Log information can be used to gather information about the attack,
such as source address, time, and so on.
=============

RPF is making its job concerned to drop spoofed packets, but log does not. I have tested it several times, but logging really does not work.

Any feedback appreciated.

Rack2R3#sh access-list 92
Standard IP access list 92
    10 deny 148.5.5.1 log
    20 permit any
Rack2R3#sh ip int e0/0 | i verification | i suppress
  187 verification drops
  29 suppressed verification drops
Rack2R3#sh ip int e0/0 | i verification | i suppress
  188 verification drops
  29 suppressed verification drops
Rack2R3#sh ip int e0/0 | i verification | i suppress
  189 verification drops
  29 suppressed verification drops
Rack2R3#sh ip int e0/0 | i verification | i suppress
  191 verification drops
  29 suppressed verification drops
Rack2R3#sh access-list 92
Standard IP access list 92
    10 deny 148.5.5.1 log
    20 permit any

Config:

ip cef
!
interface Ethernet0/0
 ip address 150.100.2.3 255.255.255.0
 ip verify unicast source reachable-via rx 92
!
access-list 92 deny 148.5.5.1 log
access-list 92 permit any

Tested on
C3640-JS-M, Version 12.2(15)T9

• Next message: George Papadimitriou: "ipv6 - subnet masks"
• Previous message: Helena Qiu: "is it possible to use private AS# peering with 2 ISPs?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:01:18 GMT-3