What catalysts support uRPF and what to do with those who lacks it.

anders.nilsson@umu.se · ‎07-30-2003

On our campus we have bought several Sup4 based cat4500 but we have now been told that there is no support for uRPF check which we rely on for antispoofcheck. Whats worse there is no sign of it coming in future releases since i'm been told that the hardware is not able to support it. Now there is the new cat3750 which looks nice but probably won't support uRPF check either. So my question in the end is if I have to switch to a bunch of cat6500 or if there are other ways to work this problem. Manually applying ACL will be hard to administrate and might harm our multicast applications. Any suggestions are welcome.

Best regards

Anders Nilsson

Network Consultant

Umeå Unversity

raymong · ‎07-31-2003

Refer to the feature navigator for the platforms that support uRPF:

http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp

anders.nilsson@umu.se · ‎07-31-2003

Thanks for the advice.

After selecting the uRPF feature I noticed that the only Catalysts on the list are the 5000 series (RSM) and the 6500 series. The conclusion is the we have to trade in all our Cat4000 series switches for 6500 series since the 6500 series seems to be the only catalyst which is "featureproof". uRPF is a very important function at least when I listened to the securitypeople at Networkers 2002. Sadly we decided to opt for the more costeffective cat4500-series but now we realize that this will be expensive lesson. Any ideas/input would be very welcome.

Where is routing applicable with cat4000. Frankly I don't get it. It's great for L2 but it seems to lack a few important functions (Supervisor 5 or 6 anyone?)

One idea I have is to keep all Cat4000 for L2-aggregation and do the Routing on a single Cat6500. If I only had the right arguments to convince our management to spend more money... ;)

Best regards

Anders Nilsson

Network Consultant

Umeå University