[cisco-bba] ACLs on Virtual-Access templates

Frank Bulk frnkblk at iname.com
Tue Feb 3 02:38:00 EST 2009


Yes, that did the trick, thanks.  Listing the ATM port and vp/vc wouldn't
hurt, either, though. =)

I'm not interesting in monitoring uRPF hits via SNMP at this time, though --
I'm looking to get the specificity of uRPF to block spoofed source traffic
and leave my inbound ACL on the Virtual-Template for block RFC1918 traffic,
but as I posted just a few minutes ago, that ACL doesn't seem to be working.

Frank

-----Original Message-----
From: cisco-bba-bounces at puck.nether.net
[mailto:cisco-bba-bounces at puck.nether.net] On Behalf Of Euan Galloway
Sent: Sunday, February 01, 2009 10:24 AM
To: cisco-bba at puck.nether.net
Subject: Re: [cisco-bba] ACLs on Virtual-Access templates

On Sat, Jan 31, 2009 at 10:58:49PM -0600, Frank Bulk wrote:
> Just to add to that, is there a way that the Virtual-interface that's
doing
> the spoofing can be identified?  The log entries for the ACL hits don't
show
> anything but the spoofed IP, but I don't know which connection is doing
it.

log-input instead of log on the deny line of access-list 125 which matches
the spoofed traffic?

For uRPF hits you already included the show int output which includes the
counter which increments on each drop. i
Not checked how easily monitorable those are, but...
http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_urpf_mi
b.html
implies that are least some of the RPF information is exposed via SNMP in
recentish code. (I wonder if those appear if you use no virtual-template
snmp
for scalabilty).

--
Euan Galloway
_______________________________________________
cisco-bba mailing list
cisco-bba at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba



More information about the cisco-bba mailing list