[nsp] Unicast RPF check on 802.1q subifs (4700, 12.2(13b))?
Oliver Boehmer (oboehmer)
oboehmer at cisco.com
Tue Jun 17 18:12:47 EDT 2003
Gert,
> Cisco 4700, NP-1FE fast ethernet, 802.1q subinterfaces, 12.2(13b).
>
> CEF switching is active.
>
> Now I want to enable "ip unicast verify reverse" on one of the 802.1q
> subifs (fa0.211). The router takes the command, and "freezes" -
> connecting out of band, it tells me that it's dropping all my
> packets...:
>
[...]
>
> now the fine point... - the network 195.30.0.* is connected to
> FastEthernet0.1 (802.1q native interface):
>
> interface FastEthernet0.1
> description link to backbone, 801.2q native VLAN
> encapsulation dot1Q 1 native
> ip address 195.30.0.124 255.255.255.0
>
> and I'm absolutely sure that those packets are not travelling in via
> fa0.211 (like "I run a ping on the 195.30.0.124 address and can see
> CEF-Drop: messages for the corresponding source IP").
>
> Unicast RPF *works* on physical interfaces in the same box. IP
> access-list on 802.1q Subifs do also work, but are much less
> convenient than unicast RPF.
>
> So, the question boils down to:
>
> - is unicast RPF broken on 802.1q subinterfaces in general?
no
> - is unicast RPF broken on 802.1q subifs on 12.2(13b)?
well, depends on the driver ..
> - is unicast RPF broken on 802.1q subifs on the 4700?
Yes. It looks to be similar to CSCdu79179 and CSCdz01357, but those DDTS
were filed on different FE drivers.
Can you send me a "show tech" unicast so I can double-check?
oli
More information about the cisco-nsp
mailing list