does not ipv4 verify unicast source reachable-via rx cover doing ingress access-list on the access edge? I'm trying to figure this out, but i'm not 100% sure it does. I'm trying to figure out if i need both. I probably need to do any if i turn to hsrp, but i'm not positive on that either.
Hello,
in what context is the access list used ? RX (strict) checking needs a match in the FIB for either the packet source address or the ingress / Unicast RPF interface.
Can you elaborate ? Or post the part of the config you are referring to ?
this is an example. My question is should i do an explicit acl also here with
ipv4 access-list BCP38
10 permit ipv4 5.5.5.0 0.0.0.255 any
20 deny ipv4 any any log-input
interface BVI117
description Inet_VLAN_117
vrf Internet_Edge
ipv4 address 5.5.5.65 255.255.255.192
ipv4 verify unicast source reachable-via rx
if the unicast verify is compromised (blocked) is there a way to get it logged?