[nsp] is it me or is uRPF on 3550emi broken?

Haesu haesu at towardex.com
Mon Nov 10 13:36:56 EST 2003

Hey all,

I've enabled 'ip verify unicast source reachable-via rx|any' or simply, uRPF on
a 3550 emi switch. This is on a VLAN interface...

After I did that, i typed 'sh ip int vlanblahblah | in verif' to verify the uRPF
operation, and i can already see the packets being dropped that are supposed to
be spoofed according to the sh ip int counters.

But... it's funny how when i actually spoof my source IP and ping someone, it 
actually gets past the 3550's uRPF filter? What am I doing wrong, or is uRPF on
3550 one of those broken things that Cisco put that on CLI anyway?

Thanks for da help!

Haesu C.
TowardEX Technologies, Inc.
Consulting, colocation, web hosting, network design and implementation
http://www.towardex.com | haesu at towardex.com
Cell: (978)394-2867     | Office: (978)263-3399 Ext. 170
Fax: (978)263-0033      | POC: HAESU-ARIN

More information about the cisco-nsp mailing list