Hi, I have some trouble with "ip verify unicast source reachable-via " command.
I've well understood the difference between "ip verify unicast source reachable-via rx" and "ip verify unicast source reachable-via any". The first one is a strict mode and check the source is well reachable via the receiving interface while the second just check the source has a route in the FIB. But where I'm a bit lost is when you add an ACL after the command. The documentation says the ACL is checked if the uRPF fails, if the source IP matches a deny statement the packet is dropped, if it matches a permit statement it is forwarded even though it failed the uRPF. I think I've understood that part but I seem unable to make it work on real gear… Here is what I did: R1---(f0/1) R2 (f0/0)---R3 R1 and R3 have a loopback 200.0.0.1/32 R1 advertise it to R2, R2 advertise it to R3, R3 do not advertise it to anyone. If I ping R2's loopback (200.0.0.2) from R3 with 200.0.0.1 as source, I see that packet arriving on int f0/0 and response are going out to f0/1. (Normal) If I configure "ip verify unicast source reachable-via rx" on R2's f0/0 interface, the packet are simply dropped. Now If I configure "ip verify unicast source reachable-via rx 1" and "access-list 1 permit any log", I would expect the packet to not be dropped but only logged and the response to be sent out interface f0/1 as without uRPF at all. However R2 still drop the packets and do not log anything… Did I miss something? Best regards, Christophe _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com http://onlinestudylist.com/mailman/listinfo/ccie_rs
