On Fri, 29 Jan 2010, Devon True wrote:
I am curious what the purpose of uRPF's "allow-default" option is? Based on Cisco's page explaining the command, I interpret that it allows uRPF to match on a default route... but doesn't that defeat the purpose of uRPF?
See below.
interface Vlan100 ip verify unicast source reachable-via any allow-default ! ip route 192.168.0.0 255.255.255.0 null0 ip route 0.0.0.0 0.0.0.0 x.x.x.x uRPF would allow Vlan100 to use any source IP address except 192.168.0.0/24. Is that correct?
Yes but that's not the interface where you would apply it. You apply 'allow-default' on your upstream interface that you point your default route to. Ie. if you set your default-route at a particular interface or IP address, then you add urpf 'allow-default' on the interface that leads to your upstream gateway.
Antonio Querubin 808-545-5282 x3003 e-mail/xmpp: [email protected] _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
