Re: UNicast RPF> Unicast RPF logging question

From: kevin gannon (kevin@gannons.net)
Date: Thu Oct 27 2005 - 04:10:48 GMT-3

• Next message: kevin gannon: "Re: NAT - Static IP Support feature"
• Previous message: simon hart: "RE: ospf timer!"
• Maybe in reply to: Daniel Berlinski: "UNicast RPF> Unicast RPF logging question"
• Next in thread: Venkataramanaiah.R: "Re: UNicast RPF> Unicast RPF logging question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Depending on the code version the log option was broken somewhere
in 12.2T have a look in the archives someone posted the bug id.

Regards
Kevin

On 10/26/05, Daniel Berlinski <Daniel.Berlinski@telecom.co.nz> wrote:
> Hello groupstudy
>
>
>
> I'm configuring Unicast RPF logging and using the following reference document
> for this configs
>
> (http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsec
> ur_c/fothersf/scfrpf.htm#wp1001249
>
>
>
> The scenario is the following:
>
>
>
> Fa0/0-Router1-S0/1 ----------- s0/2/0-Router3-Lo1
>
>
>
> Fa0/0 -> 164.1.18.0/24
> S0/1 e S0/2/0 164.1.13.0
> Lo1 164.1.100.0
>
>
>
> Router1 routing table does not have prefix 164.1.100.0 installed.
>
>
>
> The following command is configured in Router1 S0/1 interface:
>
> ip verify unicast reverse-path 101
> access-list 101 deny ip any any log-input
>
>
>
> When pinging from Router3 to Router14s FastEthernet0/0 I see the statistics of
> Unicast RPF drops using "show ip traffic" but
> "log-input" access-list keyword configured does not show any matches
>
>
> On Router1
>
> Rack1R1#sh ip traffic
> IP statistics:
>
> Drop: 4 encapsulation failed, 0 unresolved, 0 no adjacency
> 50 no route, 56 unicast RPF, 0 forced drop
>
>
>
> On Router3
>
> ping 164.1.18.1 source lo1 repeat 5
>
>
>
> On Router1
>
> Rack1R1#sh ip traffic
> IP statistics:
>
> Drop: 4 encapsulation failed, 0 unresolved, 0 no adjacency
> 50 no route, 61 unicast RPF, 0 forced drop
>
>
> But ACL is not logging denied ip packets
>
> Rack1R1#sh access-list 101
> Extended IP access list 101
> 10 deny ip any any log-input
>
>
>
> Any help is appreciated
>
>
>
>
>
>
> "This communication, including any attachments, is confidential.
> If you are not the intended recipient, you should not read
> it - please contact me immediately, destroy it, and do not
> copy or use any part of this communication or disclose
> anything about it. Thank you. Please note that this
> communication does not designate an information system for
> the purposes of the Electronic Transactions Act 2002."
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.

• Next message: kevin gannon: "Re: NAT - Static IP Support feature"
• Previous message: simon hart: "RE: ospf timer!"
• Maybe in reply to: Daniel Berlinski: "UNicast RPF> Unicast RPF logging question"
• Next in thread: Venkataramanaiah.R: "Re: UNicast RPF> Unicast RPF logging question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Nov 06 2005 - 22:00:54 GMT-3