GroupStudy.com - CCIE, CCNA, CCNP and other Cisco Certifications

Home

BookStore

StudyNotes

Links

[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]

Subject: RE: Question Re: "ip verify unicast" feature in IOS
From: "Brian McGahan" <bmcgahan@xxxxxxxxxxxxxxxxxxxxxx>
Date: Thu, 1 Feb 2007 18:20:25 -0500
Content-class: urn:content-classes:message
In-reply-to: <806d66800702011439w53f7fb0fx651408188079c0d4@mail.gmail.com>
Thread-index: AcdGVHBKLsPA1O4EQK+8J5dgTh6UdwAE65Bw
Thread-topic: Question Re: "ip verify unicast" feature in IOS

Hi Jim,

	What version are you running?  There some registered bugs for
this feature in 12.2T and 12.3:

CSCin39333 Bug Details  	
		
Headline 	 uRPF drops packet even if it is permitted in the
access-list
Product 	 IOS
Feature 	 CEF/DCEF/FIB 	Duplicate of 	 
Severity 	 3  Severity help 	Status 	 Resolved  Status help
First Found-in Version 	 12.3(0.1)   All affected versions 	First
Fixed-in Version 	 12.3(0.5), 12.3(0.5)T, 12.3(0.5)B,
12.3(0.5)BW03  Version help
Release Notes
 
Symptom

Using IP uRPF with an Access List that has logging enabled, may cause
traffic to be incorrectly dropped.

Workaround

There is no workaround.

CSCeg06652 Bug Details  	
		
Headline 	 uRPF does not work ACL log
Product 	 IOS
Feature 	 CEF/DCEF/FIB 	Duplicate of 	CSCin39333
Severity 	 3  Severity help 	Status 	 Duplicate  Status help
First Found-in Version 	 12.2(15)T05   All affected versions 	First
Fixed-in Version 	   Version help
Release Notes
 
Symptoms: Cisco Express Forwarding (CEF) will drop all packets including
permitted packets or denied packets.

Conditions: This symptom is observed when Unicast Reverse Path
Forwarding
(URPF) is configured with an access control list (ACL) that has a log
option.

Workaround: There is no workaround.



HTH,

Brian McGahan, CCIE #8593 (R&S/SP)
bmcgahan@xxxxxxxxxxxxxxxxxxxxxx 

Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987 x 705
Outside US: 775-826-4344 x 705
24/7 Support: http://forum.internetworkexpert.com
Live Chat: http://www.internetworkexpert.com/chat/


-----Original Message-----
From: nobody@xxxxxxxxxxxxxx [mailto:nobody@xxxxxxxxxxxxxx] On Behalf Of
Jim White
Sent: Thursday, February 01, 2007 4:40 PM
To: ccielab@xxxxxxxxxxxxxx; jim.t.white@xxxxxxxxx
Subject: Question Re: "ip verify unicast" feature in IOS

Hi Groupstudy,

I am a little confused about the operation of the ip verify source
feature
in IOS. In the following example I want to log an entry if the source
lookup
fails.

For example, my intrepretation of the configuration below is that it
will
perform the source lookup for all sources (permit any) and generate a
syslog
message if the source lookup fails.

I have tested this with little success other than some output at the end
of
"show ip interface serial 0/0" which suggests its doing what it should.

#------- Config Output ------#
ip cef

access-list 1 permit any log
!
interface Serial0/0
ip verify unicast source reachable-via rx 1

#--- End of Config Output ---#


After some testing..

R1#show ip interface serial 0/0
Serial0/0 is up, line protocol is up
(Output Removed)
  IP verify source reachable-via RX, ACL 1
  20 verification drops
  0 suppressed verification drops
R1#

Thanks for any input/clarification,
Jim White

(Cork, Ireland)

_______________________________________________________________________
Subscription information may be found at: 
http://www.groupstudy.com/list/CCIELab.html

References:
- Question Re: "ip verify unicast" feature in IOS
  - From: Jim White

Prev by Date: Question Re: "ip verify unicast" feature in IOS
Next by Date: RE: Question Re: "ip verify unicast" feature in IOS
Previous by thread: Question Re: "ip verify unicast" feature in IOS
Next by thread: RE: Question Re: "ip verify unicast" feature in IOS
Index(es):
- Date
- Thread