From: Daniel Berlinski (Daniel.Berlinski@telecom.co.nz)
Date: Wed Oct 26 2005 - 17:44:56 GMT-3
Hello groupstudy
I'm configuring Unicast RPF logging and using the following reference document
for this configs
(http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsec
ur_c/fothersf/scfrpf.htm#wp1001249
The scenario is the following:
Fa0/0-Router1-S0/1 ----------- s0/2/0-Router3-Lo1
Fa0/0 -> 164.1.18.0/24
S0/1 e S0/2/0 164.1.13.0
Lo1 164.1.100.0
Router1 routing table does not have prefix 164.1.100.0 installed.
The following command is configured in Router1 S0/1 interface:
ip verify unicast reverse-path 101
access-list 101 deny ip any any log-input
When pinging from Router3 to Router14s FastEthernet0/0 I see the statistics of
Unicast RPF drops using "show ip traffic" but
"log-input" access-list keyword configured does not show any matches
On Router1
Rack1R1#sh ip traffic
IP statistics:
Drop: 4 encapsulation failed, 0 unresolved, 0 no adjacency
50 no route, 56 unicast RPF, 0 forced drop
On Router3
ping 164.1.18.1 source lo1 repeat 5
On Router1
Rack1R1#sh ip traffic
IP statistics:
Drop: 4 encapsulation failed, 0 unresolved, 0 no adjacency
50 no route, 61 unicast RPF, 0 forced drop
But ACL is not logging denied ip packets
Rack1R1#sh access-list 101
Extended IP access list 101
10 deny ip any any log-input
Any help is appreciated
"This communication, including any attachments, is confidential.
If you are not the intended recipient, you should not read
it - please contact me immediately, destroy it, and do not
copy or use any part of this communication or disclose
anything about it. Thank you. Please note that this
communication does not designate an information system for
the purposes of the Electronic Transactions Act 2002."
This archive was generated by hypermail 2.1.4 : Sun Nov 06 2005 - 22:00:54 GMT-3