[nsp] is it me or is uRPF on 3550emi broken?
Haesu
haesu at towardex.com
Mon Nov 10 13:36:56 EST 2003
Hey all,
I've enabled 'ip verify unicast source reachable-via rx|any' or simply, uRPF on
a 3550 emi switch. This is on a VLAN interface...
After I did that, i typed 'sh ip int vlanblahblah | in verif' to verify the uRPF
operation, and i can already see the packets being dropped that are supposed to
be spoofed according to the sh ip int counters.
But... it's funny how when i actually spoof my source IP and ping someone, it
actually gets past the 3550's uRPF filter? What am I doing wrong, or is uRPF on
3550 one of those broken things that Cisco put that on CLI anyway?
Thanks for da help!
-hc
--
Haesu C.
TowardEX Technologies, Inc.
Consulting, colocation, web hosting, network design and implementation
http://www.towardex.com | haesu at towardex.com
Cell: (978)394-2867 | Office: (978)263-3399 Ext. 170
Fax: (978)263-0033 | POC: HAESU-ARIN
More information about the cisco-nsp
mailing list