RE: Configuring Unicast Reverse Path Forwarding

From: Djerk Geurts (djerk@djerk.nl)
Date: Sat Jul 07 2007 - 14:13:39 ART

• Next message: sebastan bach: "problem with file browsing on webvpn on asa"
• Previous message: Muhammad Nasim: "Re: Hotel in San Jose"
• Maybe in reply to: Antonio Soares: "Configuring Unicast Reverse Path Forwarding"
• Next in thread: Antonio Soares: "RE: Configuring Unicast Reverse Path Forwarding"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Why not use both if you have two interfaces to configure with an explanation
in the description of the interface. or if there's only one interface to
configure then use the description , banner, motd whatever, to indicate that
you know of another way too. Maybe ask the proctor what you should do, he
prolly wont mind either but at least he'll be (a little) impressed that you
know of both.

Djerk
www.djerk.nl

> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
> Behalf Of Antonio Soares
> Sent: zaterdag 7 juli 2007 15:53
> To: ccielab@groupstudy.com
> Subject: Configuring Unicast Reverse Path Forwarding
>
> Hello group,
>
> I want to share my findings about this feature and i also
> have a question.
> There are at least 5 ways to configure it:
>
>
> 1) Silently drop all packets that fail the uRPF Check:
>
> !
> interface Serial1/3
> ip address 23.23.23.3 255.255.255.0
> ip verify unicast reverse-path
> !
>
> 2) Forward all packets that fail the uRPF Check:
>
> !
> interface Serial1/3
> ip address 23.23.23.3 255.255.255.0
> ip verify unicast reverse-path 3
> !
> access-list 3 permit any
> !
>
> 3) Forward and log all packets that fail the uRPF Check:
>
> !
> interface Serial1/3
> ip address 23.23.23.3 255.255.255.0
> ip verify unicast reverse-path 3
> !
> access-list 3 permit any log
> !
>
> 4) Drop all packets that fail the uRPF Check:
>
> !
> interface Serial1/3
> ip address 23.23.23.3 255.255.255.0
> ip verify unicast reverse-path 3
> !
> access-list 3 deny any
> !
>
> 5) Drop and log all packets that fail the uRPF Check:
>
> !
> interface Serial1/3
> ip address 23.23.23.3 255.255.255.0
> ip verify unicast reverse-path 3
> !
> access-list 3 deny any log
> !
>
> The command reference says that the "ip verify unicast
> reverse-path" was
> replaced by the new "ip verify unicast source reachable-via"
> command but i
> see that in 12.4 both commands are still available.
>
> In the lab, it's ok to use the old format ?
>
>
> Thanks,
> Antonio
>
> ______________________________________________________________
> _________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: sebastan bach: "problem with file browsing on webvpn on asa"
• Previous message: Muhammad Nasim: "Re: Hotel in San Jose"
• Maybe in reply to: Antonio Soares: "Configuring Unicast Reverse Path Forwarding"
• Next in thread: Antonio Soares: "RE: Configuring Unicast Reverse Path Forwarding"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Aug 18 2007 - 08:17:40 ART