cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

106
Views
0
Helpful
0
Replies
Beginner

uRPF and suppressed verification counter

Hi, everyone

 

When I run a simulation of uRPF loose mode on the GNS3, I found that the suppressed verification counter increased.

And from the document,

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_urpf/configuration/xe-3s/sec-data-urpf-xe-3s-book/urpf-acl-sup.html

The Unicast RPF suppressed drop count tracks the number of packets that failed the Unicast RPF check but were forwarded because of the permit permission set up in the ACL.

However, I didn't configure any ACL in this simulation.

 

Why suppressed drop counter still increases?

 

Here are my lab configuration

 

擷取.PNG

R1:

interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip verify unicast source reachable-via any
duplex auto
speed auto
end

interface FastEthernet0/1
ip address 10.1.1.1 255.255.255.0
ip verify unicast source reachable-via any
duplex auto
speed auto
end

Routing table on R1

Gateway of last resort is not set

1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback1
172.16.0.0/24 is subnetted, 1 subnets
S 172.16.1.0 [1/0] via 10.1.1.3
10.0.0.0/24 is subnetted, 1 subnets
C 10.1.1.0 is directly connected, FastEthernet0/1
C 192.168.1.0/24 is directly connected, FastEthernet0/0

 

Before I ping 192.168.1.1 with source 172.16.1.2

R1#show ip int f0/0 | in veri
IP verify source reachable-via ANY
0 verification drops
0 suppressed verification drops

 

After I ping 192.168.1.1 with source 172.16.1.2

R1#show ip int f0/0 | in veri
IP verify source reachable-via ANY
0 verification drops
5 suppressed verification drops

 

Thanks

James Tu

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards