From: Danny Cox (dandermanuk@gmail.com)
Date: Thu Nov 30 2006 - 12:41:52 ART
It's a slightly strange thing that you're trying to do. If you're
wanting to make sure that URPF is checking based upon more than just
the IP address which is primary on that interface, you might want to
check out loose uRPF. It's a newer feature than the one you've
specified, which is described as strict uRPF and the command has
changed slightly
strict uRPF changed from
ip verify unicast reverse-path
to
ip verify unicast source reachable-via rx
loose uRPF is
ip verify unicast source reachable-via any
Loose uRPF checks to see whether the router doing the checking has the
source address in its routing table. If it does, then the check
passes.
This may be completely irrelevant to what you're trying to do, but it
strikes me that it's in the direction of what it looks like you're
after.
Note that it requires cef to be enabled and that there are a couple of
options, allow-default and allow-self-ping as well as ACLs which are
added.
cheers
Danny
On 29/11/06, mathew Fer <mathew118@gmail.com> wrote:
> Hi GS,
>
> Is these 2 same?
>
> As I understand they are the same and this single command makes things easy
> for us.
>
> 1.
>
> !
> interface Ethernet 0/0
> ip address 10.10.20.1 255.255.255.0
> ip address 192.168.1.254 255.255.255.0 secondary
> ip access-group FILTER in
> !
> ip access-list standard FILTER
> permit 10.10.20.0 0.0.0.255 any
> permit 192.168.1.0 0.0.0.255 any
> !
>
> 2.
>
> !
> interface Ethernet 0/0
> ip address 10.10.20.1 255.255.255.0
> ip address 192.168.1.254 255.255.255.0 secondary
> ip verify unicast reverse-path
> !
>
> Thank you for the reply.
>
> mathew
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:49 ART