Hi
I'm working on getting uRPF enabled on vlan SVI's with a VSS C6880-X-LE running c6880x-ipservicesk9-mz.SPA.151-2.SY9.bin.
The configuration below works well with spoofed source IP Addresses being dropped on vlan 100:
access-list 155 remark *** DENY SELF ASSIGNED ***
access-list 155 deny ip 169.254.0.0 0.0.255.255 any
access-list 155 remark *** DENY ANY AND LOG ***
access-list 155 deny ip any any log-input
!
interface vlan 100
ip verify unicast source reachable-via rx 155
The only issue I'm having is logging - whenever a packet fails uRPF I don't see any hits either with ACL logging or in the "show ip traffic" output.
The switch has the default auto copp policy applied which I thought may be the issue but the output from the command below also shows no drops:
show policy-map control-plane input class class-copp-ucast-rpf-fail
I'm happy the configuration drops spoofed ip traffic but I'd like to be notified whenever this happens. Any ideas on how to log uRPF drops?
Thanks
Andy