05-09-2018 06:31 PM - edited 03-05-2019 10:25 AM
does not ipv4 verify unicast source reachable-via rx cover doing ingress access-list on the access edge? I'm trying to figure this out, but i'm not 100% sure it does. I'm trying to figure out if i need both. I probably need to do any if i turn to hsrp, but i'm not positive on that either.
05-10-2018 12:59 AM
Hello,
in what context is the access list used ? RX (strict) checking needs a match in the FIB for either the packet source address or the ingress / Unicast RPF interface.
Can you elaborate ? Or post the part of the config you are referring to ?
05-10-2018 08:41 AM
this is an example. My question is should i do an explicit acl also here with
ipv4 access-list BCP38
10 permit ipv4 5.5.5.0 0.0.0.255 any
20 deny ipv4 any any log-input
interface BVI117
description Inet_VLAN_117
vrf Internet_Edge
ipv4 address 5.5.5.65 255.255.255.192
ipv4 verify unicast source reachable-via rx
if the unicast verify is compromised (blocked) is there a way to get it logged?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide