RE: [nsp] ip verify unicast reverse-path

From: Danny Sutantyo (dsutanty@dsutanty-wkst.sc.intel.com)
Date: Thu Jun 07 2001 - 00:37:03 EDT


So if I have mgmt segment on ISP routers, and the private address on the
mgmt segment won't be able to ping the public interfaces?
Since I have network mgmt/monitoring, is it good to have this unicast
implementation?

DS

On Wed, 6 Jun 2001, Barry Raveendran Greene wrote:

>
>
> > >It has no adverse side effects, and it stops your customers from spoofing
> > >foreign IP addresses without the need for you to maintain access lists.
> >
> > I've run into one side effect of not being able to ping through a
> > loop on a
> > circuit with the command enabled. Took the command off and was able to
> > ping. That doesn't affect normal operations, but it can throw a
> > NOC for a
> > loop (no pun intended).
>
> This only happens when your ping originates from the router. There is a new
> option to allow pings originating from the router to work:
>
> ip verify unicast reverse-path [allow-self-ping] [<list>]
>
> or
>
> ip verify unicast source reachable-via (rx|any) [allow-default]
> [allow-self-ping] [<list>]
>
>
>
> Barry
>



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:40 EDT