Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
624
Views
0
Helpful
2
Replies

bcp38 vs ipv4 verify unicast source reachable-via

jwilde
Level 1
Level 1

‎05-09-2018 06:31 PM - edited ‎03-05-2019 10:25 AM

does not  ipv4 verify unicast source reachable-via rx cover doing ingress access-list on the access edge?  I'm trying to figure this out, but i'm not 100% sure it does. I'm trying to figure out if i need both.  I probably need to do any if i turn to hsrp, but i'm not positive on that either.  

Labels:
0 Helpful
2 Replies 2

Georg Pauwen
VIP
VIP

‎05-10-2018 12:59 AM

Hello,

 

in what context is the access list used ? RX (strict) checking needs a match in the FIB for either the packet source address or the ingress / Unicast RPF interface.

Can you elaborate ? Or post the part of the config you are referring to ?

0 Helpful

jwilde
Level 1
Level 1
In response to Georg Pauwen

‎05-10-2018 08:41 AM

this is an example.  My question is should i do an explicit acl also here with

ipv4 access-list BCP38

10 permit ipv4 5.5.5.0 0.0.0.255 any
20 deny ipv4 any any log-input

 

interface BVI117
description Inet_VLAN_117
vrf Internet_Edge
ipv4 address 5.5.5.65 255.255.255.192
ipv4 verify unicast source reachable-via rx

 

if the unicast verify is compromised (blocked) is there a way to get it logged?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card