Cisco Community
English
Register
Congratulate December's Spotlight Awardees. CLICK HERE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
204
Views
0
Helpful
2
Replies
Highlighted
jwilde
Beginner
Beginner
‎05-09-2018 06:31 PM
‎05-09-2018 06:31 PM

bcp38 vs ipv4 verify unicast source reachable-via

does not  ipv4 verify unicast source reachable-via rx cover doing ingress access-list on the access edge?  I'm trying to figure this out, but i'm not 100% sure it does. I'm trying to figure out if i need both.  I probably need to do any if i turn to hsrp, but i'm not positive on that either.  

Labels:
0 Helpful
Reply
2 REPLIES 2
Highlighted
Georg Pauwen
VIP Expert VIP Expert
VIP Expert
‎05-10-2018 12:59 AM
‎05-10-2018 12:59 AM

Hello,

 

in what context is the access list used ? RX (strict) checking needs a match in the FIB for either the packet source address or the ingress / Unicast RPF interface.

Can you elaborate ? Or post the part of the config you are referring to ?

0 Helpful
Reply
Highlighted
jwilde
Beginner
Beginner
In response to Georg Pauwen
‎05-10-2018 08:41 AM
‎05-10-2018 08:41 AM

this is an example.  My question is should i do an explicit acl also here with

ipv4 access-list BCP38

10 permit ipv4 5.5.5.0 0.0.0.255 any
20 deny ipv4 any any log-input

 

interface BVI117
description Inet_VLAN_117
vrf Internet_Edge
ipv4 address 5.5.5.65 255.255.255.192
ipv4 verify unicast source reachable-via rx

 

if the unicast verify is compromised (blocked) is there a way to get it logged?

0 Helpful
Reply
Latest Contents
May the SD-WAN Force Be With You- AMA Event
Created by Cisco Moderador on 01-18-2021 07:47 AM
1
5
1
5
To participate in this event, please use the  button to ask your questions In this session attendees will receive an introduction to Software Defined-WAN (SD-WAN)  and the importance of control connections, and learn how to configure devices usi... view more
Community Live Event SLIDES - May the SD-WAN Force Be With Y...
Created by Cisco Moderador on 01-18-2021 06:56 AM
0
5
0
5
Community Live- May the SD-WAN Force Be With You (Live event -  Tuesday 19th January, 2021 at 10:00 am Pacific/ 1:00 pm Eastern / 7:00 pm Paris) This event will have place on Tuesday 19th, January 2021 at 10:00hrs PDT  Register today for this Co... view more
Cisco DNA Center Resources
Created by traviwil on 01-15-2021 03:59 PM
4
43
4
43
Cisco DNA Center Get Started Automation Assurance Platform AI/ML Deployment Support   Get Started What's new in Cisco DNA Center 2.1.2 Cisco DNA Center 2.1.2.x Features and Capabilities Cisco DNA Center -Intent Based Networki... view more
xFSU on Catalyst 9300: The Always-On Access Network
Created by arubhat on 01-15-2021 03:08 AM
0
0
0
0
A major international airport is looking to build a cutting-edge new terminal, designed to run 24/7 with no interruptions. With the airport always on round the clock, a critical component required to support this is the surveillance infrastructure, which ... view more
Automated workaround for CSCvw63161
Created by Jeffrey Keown on 01-14-2021 03:16 PM
0
5
0
5
 
Content for Community-Ad