[cisco-bba] ACLs on Virtual-Access templates

Euan Galloway euang+cisco-bba at lists.eusahues.co.uk
Sun Feb 1 11:24:03 EST 2009

On Sat, Jan 31, 2009 at 10:58:49PM -0600, Frank Bulk wrote:
> Just to add to that, is there a way that the Virtual-interface that's doing
> the spoofing can be identified?  The log entries for the ACL hits don't show
> anything but the spoofed IP, but I don't know which connection is doing it.

log-input instead of log on the deny line of access-list 125 which matches 
the spoofed traffic?

For uRPF hits you already included the show int output which includes the 
counter which increments on each drop. i
Not checked how easily monitorable those are, but...
implies that are least some of the RPF information is exposed via SNMP in 
recentish code. (I wonder if those appear if you use no virtual-template snmp 
for scalabilty).

Euan Galloway

More information about the cisco-bba mailing list