[nsp] Any plans for unicast RPF on Catalyst 4000/SupIII?

Matti Saarinen mjs at cc.tut.fi
Fri Nov 14 06:42:57 EST 2003

"Thomas Kernen" <thomas at kernen.net> writes:

> You want to use port-security with IP Source guard and/or Dynamic
> Arp Inspection. It's the equiv to uRPF but basically with better
> granularity (IMHO).

     I'm not familiar with IP Source guard or Dynamic Arp Inspection.
     What I especially want to do is to be able to inject a /32 route
     of an infected host to OSPF and from there to the routing tables.
     With uRPF the packets coming from the infected host would be
     dropped when they reach the router. Based on the quick glance to
     the manuals, IP Source guard isn't a right tool for what I'm
     trying to do.


- Matti -

More information about the cisco-nsp mailing list