[c-nsp] inbound ACl

Alban Dani albcisco at gmail.com
Tue Feb 7 11:39:52 EST 2006


Thank you very much for the advice,

Alban

On 2/7/06, Ian Dickinson <iand at eng.pipex.net> wrote:
>
> You want uRPF (unicast reverse path forwarding)
> see http://www.ietf.org/rfc/rfc3074.txt
> But take care to read the documentation for your specific platform
> (ie using this on sup2/pfc2 halves the number of prefixes your box
> can hold in the tcam from 128k to 64k - is ok on sup720)
>
> ip verify unicast source reachable-via rx
>
> (or older style: ip verify unicast reverse-path)
>
> Ian
>
> Alban Dani wrote:
> > Hi there,
> >
> > I have heard anecdotaly that in the Cisco 6500 running native IOS you
> can
> > run a command that will imitate
> > an "allow" statement on an ACL applied inbound on an interface for the
> ip
> > address assigned to that interface.
> >
> > ie if you have Vlan 21 and the  ip address 1.2.1.1 255.255.255.0 then by
> > running this command you would implicitly
> > create something that would substitute "access-list 199 permit ip
> 1.2.1.0
> > 0.0.0.255 any".
> >
> > I hope I am making sense.
> >
> > thanks
> >
> > Alban
> --
> Ian Dickinson
> Development Engineer
> PIPEX
> ian.dickinson at pipex.net
> http://www.pipex.net
>
> This e-mail is subject to: http://www.pipex.net/disclaimer.html
>


More information about the cisco-nsp mailing list