From: Alexei Monastyrnyi (alexeim@orcsoftware.com)
Date: Wed Nov 29 2006 - 06:06:26 ART
Nope, they are not...
The first one blocks all traffic from behind directly connected routers.
Fine if they do NATPAT, too bad if they don't. Not an uRPF check at all.
The second one check if router knows how to reach source addresses via
its routing table. You can assign an ACL to this to make it more granular.
HTH
A.
on 11/29/2006 8:02 AM mathew Fer wrote:
> Hi GS,
>
> Is these 2 same?
>
> As I understand they are the same and this single command makes things easy
> for us.
>
> 1.
>
> !
> interface Ethernet 0/0
> ip address 10.10.20.1 255.255.255.0
> ip address 192.168.1.254 255.255.255.0 secondary
> ip access-group FILTER in
> !
> ip access-list standard FILTER
> permit 10.10.20.0 0.0.0.255 any
> permit 192.168.1.0 0.0.0.255 any
> !
>
> 2.
>
> !
> interface Ethernet 0/0
> ip address 10.10.20.1 255.255.255.0
> ip address 192.168.1.254 255.255.255.0 secondary
> ip verify unicast reverse-path
> !
>
> Thank you for the reply.
>
> mathew
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:49 ART