[c-nsp] Blackholing looped traffic

Stephen J. Wilcox steve at telecomplete.co.uk
Mon Aug 29 07:35:41 EDT 2005


Hi Everton,
 so the problem here is urpf is matching the src but you're concerned about 
the dst here. 

The first thing in my mind is to use a routing protocol, I assume you're problem 
is related to a serial link with statics on either end. 

If you cant do that then I'm not aware of any such command and an extended ACL
is the best way.

Steve

On Mon, 29 Aug 2005, Everton da Silva Marques wrote:

> I'm looking for a command like this:
> 
> interface Serial0
>  ip drop incoming looped packets
> 
> The command would discard incoming packets
> which would otherwise be forwarded back to
> the same incoming interface.
> 
> The function could be implemented with ACLs,
> but it would be better to have a mechanism
> more automatic, more manageable, relying on
> CEF, just like the one provided by uRPF (ip
> verify unicast reverse-path).
> 
> Is there such a command?
> 
> Thanks,
> Everton
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 



More information about the cisco-nsp mailing list