[cisco-nas] Spoofed IPs
Oliver Boehmer (oboehmer)
oboehmer at cisco.com
Tue May 4 11:41:30 EDT 2004
> Also, we have some users in rural areas using satellite connections.
> The way it works is they dial in and send traffic out the dial line
> with the source IP of the satellite link. The return path is then
> the dish. Is there a way to add these IP (which we have a list of) to
> be ignored by this command? Do I just add it to an access-list at
> the end of the command?
yes, see
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft
/121t/121t2/rpf_plus.htm#xtocid79522
oli
>
>
> On Tue, 2004-05-04 at 10:11, Mike Hyde wrote:
> > Is there any way to look at stats to see how much data is being
> > dropped?
> >
> > On Tue, 2004-05-04 at 10:08, Oliver Boehmer (oboehmer) wrote:
> > > > Is there an easy way to block spoofed IPs on the nas, or just
> > > > use an access-list on group-async?
> > >
> > > uRPF ("ip verify unicast reverse-path"). Requires CEF.
> > >
> > > oli
> >
> > _______________________________________________
> > cisco-nas mailing list
> > cisco-nas at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nas
More information about the cisco-nas
mailing list