RE: ip verify unicast

From: Anderson Alves (mota_anderson@hotmail.com)
Date: Sat Jun 28 2008 - 15:22:51 ART

• Next message: Joseph Brunner: "RE: Sniffing dynamips"
• Previous message: 2008ccie@live.com: "ip verify unicast"
• Maybe in reply to: 2008ccie@live.com: "ip verify unicast"
• Next in thread: Ramy Sisy: "RE: ip verify unicast"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

HI Rahul,

This command is using Strict Mode RPF because of the usage of "rx" in the
line, so not only the router should have a route back to the source but the
packet is expected to arrive on the same interface the router would use to
reply back to the source of the traffic.
Don't forget to enable cef otherwise RPF won't work and about the acl 111,
this is basically saying that once the RPF fails, and only if it fails the
router will check the ACL to take further action, meaning that any ip
traffic that does not pass the RPF fail will be dropped.

In real word they usually use this acl with a log in the end so not only the
traffic is denied but also the denied traffic can be logged.

HTH,

Anderson Mota Alves
CCIE3 #16778 (R/S, SP and Security)
Senior Technical Instructor
http://www.netmetric-solutions.com
http://www.andersonalves.net

• Next message: Joseph Brunner: "RE: Sniffing dynamips"
• Previous message: 2008ccie@live.com: "ip verify unicast"
• Maybe in reply to: 2008ccie@live.com: "ip verify unicast"
• Next in thread: Ramy Sisy: "RE: ip verify unicast"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Jul 01 2008 - 06:23:23 ART