[c-nsp] Purposed of uRPF's "allow-default" Option?
Devon True
devon at noved.org
Fri Jan 29 16:35:29 EST 2010
All:
I am curious what the purpose of uRPF's "allow-default" option is? Based
on Cisco's page explaining the command, I interpret that it allows uRPF
to match on a default route... but doesn't that defeat the purpose of uRPF?
My best guess is that it allows you to set static routes for networks
whose source IPs you want to drop (using the null interface) while
allowing everything else.
e.g.
interface Vlan100
ip verify unicast source reachable-via any allow-default
!
ip route 192.168.0.0 255.255.255.0 null0
ip route 0.0.0.0 0.0.0.0 x.x.x.x
uRPF would allow Vlan100 to use any source IP address except
192.168.0.0/24. Is that correct?
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/guide/secure.html
Thanks!
--
Devon
More information about the cisco-nsp
mailing list