04-05-2004 03:25 AM - edited 03-02-2019 02:47 PM
Hello:
In 3550 with the version 121-20. EA1 there does not exist the command " ip verify Unicast... " On the other hand if in in other one that has a previous version 121-13. EA1a. How it is possible to to activate the unicast RPF in the first case, if It is that is supported??? Thank you very much.
04-05-2004 05:33 PM
AFAIK, URPF has never been supported on the 3550. The command used to be there, but I don't think it did anything.
04-05-2004 10:54 PM
Terry,
it's very surprising for me.
I'm using
access-list 10 deny any log
ip verify unicast reverse-path 10
on all my int VLANx on 3550 running IOS 12.1(12c)EA1.
When I issue sh ip access-list, the output is:
Standard IP access list 10
deny any log (802 matches)
So it seems to work fine.
I'll try to test if the router really blocks the incorrect packest and let you know.
Regards,
Milan
04-06-2004 04:45 PM
Thanks Milan -- I'll be interested to hear your results. There was a message on another board late last year from someone who said that the uRPF counters worked on his 3550, but the packets weren't actually blocked. But he may have been using a different IOS version.
There was apparently an open bug on this issue at some point, but I never heard what came of it. If the uRPF commands are now gone, it doesn't look good.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide