[c-nsp] cannot ping MLPPP local IP address
Gert Doering
gert at greenie.muc.de
Tue Aug 28 03:33:16 EDT 2007
Hi,
On Fri, Aug 24, 2007 at 02:14:56PM -0500, Zhao, Wenmei (Sarah) wrote:
> I have a MultiLinkPPP session up. Everything is working,
> traffic is flowing and I am able to ping the remote side of the link,
If you have anti-spoofing filters (or uRPF) configured, this is intentional.
Reason: on a self-ping, the router sends out the packet via the link
in question (you can use that to test the link), and when the packet comes
*back* from the other end, it fails the anti-spoofing test.
If you use uRPF, there is a "allow-self-ping" flag:
Cisco(config-if)#ip verify unicast source reachable-via rx ?
<1-199> IP access list (standard or extended)
<1300-2699> IP expanded access list (standard or extended)
allow-default Allow default route to match when checking source address
allow-self-ping Allow router to ping itself (opens vulnerability in
verification)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
More information about the cisco-nsp
mailing list