From: Venkataramanaiah.R (vramanaiah@gmail.com)
Date: Thu Oct 27 2005 - 11:38:56 GMT-3
Got curious and tested it in our lab with 12.2(15)T16. It looks like it is
broken on this one.
Anyway, i observed another issue as well, not sure if it is a bug though...
I read from config guide, if a permit acl is configured, the spoofed packets
would be forwarded. However i do not see any difference
w.r.to<http://w.r.to>the permit or deny. Both seem to be dropping all
spoofed packets..
.Thoughts?
-Venkat
PS - I would also like to know, which command can clear the show ip traffic
stats...
On 10/27/05, kevin gannon <kevin@gannons.net> wrote:
>
> Depending on the code version the log option was broken somewhere
> in 12.2T have a look in the archives someone posted the bug id.
>
> Regards
> Kevin
>
> On 10/26/05, Daniel Berlinski <Daniel.Berlinski@telecom.co.nz> wrote:
> > Hello groupstudy
> >
> >
> >
> > I'm configuring Unicast RPF logging and using the following reference
> document
> > for this configs
> >
> > (
>
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsec
> > ur_c/fothersf/scfrpf.htm#wp1001249
> >
> >
> >
> > The scenario is the following:
> >
> >
> >
> > Fa0/0-Router1-S0/1 ----------- s0/2/0-Router3-Lo1
> >
> >
> >
> > Fa0/0 -> 164.1.18.0/24 <http://164.1.18.0/24>
> > S0/1 e S0/2/0 164.1.13.0 <http://164.1.13.0>
> > Lo1 164.1.100.0 <http://164.1.100.0>
> >
> >
> >
> > Router1 routing table does not have prefix
164.1.100.0<http://164.1.100.0>installed.
> >
> >
> >
> > The following command is configured in Router1 S0/1 interface:
> >
> > ip verify unicast reverse-path 101
> > access-list 101 deny ip any any log-input
> >
> >
> >
> > When pinging from Router3 to Router14s FastEthernet0/0 I see the
> statistics of
> > Unicast RPF drops using "show ip traffic" but
> > "log-input" access-list keyword configured does not show any matches
> >
> >
> > On Router1
> >
> > Rack1R1#sh ip traffic
> > IP statistics:
> >
> > Drop: 4 encapsulation failed, 0 unresolved, 0 no adjacency
> > 50 no route, 56 unicast RPF, 0 forced drop
> >
> >
> >
> > On Router3
> >
> > ping 164.1.18.1 <http://164.1.18.1> source lo1 repeat 5
> >
> >
> >
> > On Router1
> >
> > Rack1R1#sh ip traffic
> > IP statistics:
> >
> > Drop: 4 encapsulation failed, 0 unresolved, 0 no adjacency
> > 50 no route, 61 unicast RPF, 0 forced drop
> >
> >
> > But ACL is not logging denied ip packets
> >
> > Rack1R1#sh access-list 101
> > Extended IP access list 101
> > 10 deny ip any any log-input
> >
> >
> >
> > Any help is appreciated
> >
> >
> >
> >
> >
> >
> > "This communication, including any attachments, is confidential.
> > If you are not the intended recipient, you should not read
> > it - please contact me immediately, destroy it, and do not
> > copy or use any part of this communication or disclose
> > anything about it. Thank you. Please note that this
> > communication does not designate an information system for
> > the purposes of the Electronic Transactions Act 2002."
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> > --
> > This message has been scanned for viruses and
> > dangerous content by MailScanner, and is
> > believed to be clean.
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sun Nov 06 2005 - 22:00:54 GMT-3