Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
280
Views
0
Helpful
0
Replies

uRPF on VLAN SVI logging issue

andrewswanson
Level 7
Level 7

‎06-06-2017 06:05 AM - edited ‎03-08-2019 10:52 AM

Hi

I'm working on getting uRPF enabled on vlan SVI's with a VSS C6880-X-LE running c6880x-ipservicesk9-mz.SPA.151-2.SY9.bin.

The configuration below works well with spoofed source IP Addresses being dropped on vlan 100:

access-list 155 remark *** DENY SELF ASSIGNED ***
access-list 155 deny ip 169.254.0.0 0.0.255.255 any
access-list 155 remark *** DENY ANY AND LOG ***
access-list 155 deny ip any any log-input
!
interface vlan 100
ip verify unicast source reachable-via rx 155

The only issue I'm having is logging - whenever a packet fails uRPF I don't see any hits either with ACL logging or in the "show ip traffic" output.

The switch has the default auto copp policy applied which I thought may be the issue but the output from the command below also shows no drops:

show policy-map control-plane input class class-copp-ucast-rpf-fail

I'm happy the configuration drops spoofed ip traffic but I'd like to be notified whenever this happens. Any ideas on how to log uRPF drops?

Thanks
Andy

1 person had this problem
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card