[c-nsp] Purposed of uRPF's "allow-default" Option?
Antonio Querubin
tony at lava.net
Fri Jan 29 16:46:08 EST 2010
On Fri, 29 Jan 2010, Devon True wrote:
> I am curious what the purpose of uRPF's "allow-default" option is? Based
> on Cisco's page explaining the command, I interpret that it allows uRPF
> to match on a default route... but doesn't that defeat the purpose of uRPF?
See below.
> interface Vlan100
> ip verify unicast source reachable-via any allow-default
> !
> ip route 192.168.0.0 255.255.255.0 null0
> ip route 0.0.0.0 0.0.0.0 x.x.x.x
>
> uRPF would allow Vlan100 to use any source IP address except
> 192.168.0.0/24. Is that correct?
Yes but that's not the interface where you would apply it. You apply
'allow-default' on your upstream interface that you point your default
route to. Ie. if you set your default-route at a particular interface or
IP address, then you add urpf 'allow-default' on the interface that leads
to your upstream gateway.
Antonio Querubin
808-545-5282 x3003
e-mail/xmpp: tony at lava.net
More information about the cisco-nsp
mailing list