From: Lileikis, Gary (gary.lileikis@unisys.com)
Date: Wed Nov 30 2005 - 14:55:53 GMT-3
I think the following Cisco manual excerpt explains it:
The Unicast Reverse Path Forwarding feature checks to determine whether
any packet that is received at a router interface arrives on one of the
best return paths to the source of the packet. The feature does this by
doing a reverse lookup in the CEF table. If Unicast RPF does not find a
reverse path for the packet, Unicast RPF can drop or forward the packet,
depending on whether an ACL is specified in the Unicast Reverse Path
Forwarding command. If an ACL is specified in the command, then when
(and only when) a packet fails the Unicast RPF check, the ACL is checked
to determine whether the packet should be dropped (using a deny
statement in the ACL) or forwarded (using a permit statement in the
ACL). Whether a packet is dropped or forwarded, the packet is counted in
the global IP traffic statistics for Unicast RPF drops and in the
interface statistics for Unicast RPF.
Regards,
Gary
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
22Cent@gmail.com
Sent: November 30, 2005 12:24 PM
To: Group Study
Subject: Unicast Reverse Path -ACL
Hi Group,
Quick question. If i want to log all packets that fail the RPF check
would i
use a permit or deny statement ? Trying to understand the logic.
R1(config-if)#ip verify unicast reverse-path 122
R1(config)#access-list 122 deny ip any any log-input
or
R1(config)#access-list 122 permit ip any any log-input
TIA
Ray
This archive was generated by hypermail 2.1.4 : Thu Dec 01 2005 - 09:12:08 GMT-3