RE: [nsp] ip verify unicast reverse-path

From: Barry Raveendran Greene (bgreene@cisco.com)
Date: Wed Jun 06 2001 - 17:16:19 EDT


> >It has no adverse side effects, and it stops your customers from spoofing
> >foreign IP addresses without the need for you to maintain access lists.
>
> I've run into one side effect of not being able to ping through a
> loop on a
> circuit with the command enabled. Took the command off and was able to
> ping. That doesn't affect normal operations, but it can throw a
> NOC for a
> loop (no pun intended).

This only happens when your ping originates from the router. There is a new
option to allow pings originating from the router to work:

ip verify unicast reverse-path [allow-self-ping] [<list>]

or

ip verify unicast source reachable-via (rx|any) [allow-default]
[allow-self-ping] [<list>]

Barry



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:40 EDT