[cisco-bba] ACLs on Virtual-Access templates
euang+cisco-bba at lists.eusahues.co.uk
Sun Feb 1 11:24:03 EST 2009
On Sat, Jan 31, 2009 at 10:58:49PM -0600, Frank Bulk wrote:
> Just to add to that, is there a way that the Virtual-interface that's doing
> the spoofing can be identified? The log entries for the ACL hits don't show
> anything but the spoofed IP, but I don't know which connection is doing it.
log-input instead of log on the deny line of access-list 125 which matches
the spoofed traffic?
For uRPF hits you already included the show int output which includes the
counter which increments on each drop. i
Not checked how easily monitorable those are, but...
implies that are least some of the RPF information is exposed via SNMP in
recentish code. (I wonder if those appear if you use no virtual-template snmp
More information about the cisco-bba