From: Antonio Soares (amsoares@netcabo.pt)
Date: Sat Jul 07 2007 - 10:52:49 ART
Hello group,
I want to share my findings about this feature and i also have a question.
There are at least 5 ways to configure it:
1) Silently drop all packets that fail the uRPF Check:
!
interface Serial1/3
ip address 23.23.23.3 255.255.255.0
ip verify unicast reverse-path
!
2) Forward all packets that fail the uRPF Check:
!
interface Serial1/3
ip address 23.23.23.3 255.255.255.0
ip verify unicast reverse-path 3
!
access-list 3 permit any
!
3) Forward and log all packets that fail the uRPF Check:
!
interface Serial1/3
ip address 23.23.23.3 255.255.255.0
ip verify unicast reverse-path 3
!
access-list 3 permit any log
!
4) Drop all packets that fail the uRPF Check:
!
interface Serial1/3
ip address 23.23.23.3 255.255.255.0
ip verify unicast reverse-path 3
!
access-list 3 deny any
!
5) Drop and log all packets that fail the uRPF Check:
!
interface Serial1/3
ip address 23.23.23.3 255.255.255.0
ip verify unicast reverse-path 3
!
access-list 3 deny any log
!
The command reference says that the "ip verify unicast reverse-path" was
replaced by the new "ip verify unicast source reachable-via" command but i
see that in 12.4 both commands are still available.
In the lab, it's ok to use the old format ?
Thanks,
Antonio
This archive was generated by hypermail 2.1.4 : Sat Aug 18 2007 - 08:17:40 ART