[cisco-bba] ACLs on Virtual-Access templates
Euan Galloway
euang+cisco-bba at lists.eusahues.co.uk
Sun Feb 1 11:24:03 EST 2009
On Sat, Jan 31, 2009 at 10:58:49PM -0600, Frank Bulk wrote:
> Just to add to that, is there a way that the Virtual-interface that's doing
> the spoofing can be identified? The log entries for the ACL hits don't show
> anything but the spoofed IP, but I don't know which connection is doing it.
log-input instead of log on the deny line of access-list 125 which matches
the spoofed traffic?
For uRPF hits you already included the show int output which includes the
counter which increments on each drop. i
Not checked how easily monitorable those are, but...
http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_urpf_mib.html
implies that are least some of the RPF information is exposed via SNMP in
recentish code. (I wonder if those appear if you use no virtual-template snmp
for scalabilty).
--
Euan Galloway
More information about the cisco-bba
mailing list