From: Ramy Sisy (ramysisy@inspiredmaster.com)
Date: Sat Jun 28 2008 - 16:12:03 ART
Hi Rahul,
The Unicast Reverse Path Forwarding feature checks to determine whether any
packet that is received at a router interface arrives on one of the best
return paths to the source of the packet. The feature does this by doing a
reverse lookup in the CEF table. If Unicast RPF does not find a reverse path
for the packet, Unicast RPF can drop or forward the packet, depending on
whether an ACL is specified in the Unicast Reverse Path Forwarding command.
If an ACL is specified in the command, then when (and only when) a packet
fails the Unicast RPF check, the ACL is checked to determine whether the
packet should be dropped (using a deny statement in the ACL) or forwarded
(using a permit statement in the ACL). Whether a packet is dropped or
forwarded, the packet is counted in the global IP traffic statistics for
Unicast RPF drops and in the interface statistics for Unicast RPF.
If no ACL is specified in the Unicast Reverse Path Forwarding command, the
router drops the forged or malformed packet immediately and no ACL logging
occurs. The router and interface Unicast RPF counters are updated.
As per
http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_i3.html#w
p1027259
BEST REGARDS,
RAMY SISY, CCIE X 2 (SECURITY, ROUTING/SWITCHING)#17321, CCSI#30417
CCIE PROGRAM MANAGER
INSPIRED MASTER
INSPIRING CREATIVE THINKING ....
WWW.INSPIREDMASTER.COM
E. RAMYSISY@INSPIREDMASTER.COM
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
2008ccie@live.com
Sent: Saturday, June 28, 2008 11:06 AM
To: ccielab@groupstudy.com
Subject: ip verify unicast
Hi experts
Would you please explain about this commands..?
int fa0/0
ip verify unicast source reachable-via rx 111
!
access-list 111 deny ip any any
Regards
Rahul
This archive was generated by hypermail 2.1.4 : Tue Jul 01 2008 - 06:23:23 ART