[c-nsp] ip access list rfc1918 help please
Gert Doering
gert at greenie.muc.de
Sun Jun 24 15:02:30 EDT 2012
Hi,
On Sat, Jun 23, 2012 at 02:42:04PM -0700, Mike wrote:
> I am trying to filter out rfc1918 addresses as either source or
> destination addresses for my pppoe connected subscribers. Each
Why not
a) turn on uRPF filtering on the virtual-template
("ip verify unicast reverse")
-> this takes care of *any* garbage source address the customer
might send you, not just RFC1918 space (see also BCP38).
b) null-route the RFC1918 space
-> this takes care of the destination addresses
that way you can get much more benefits with less effort.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20120624/59d02fc5/attachment-0001.sig>
More information about the cisco-nsp
mailing list