On 1/29/2010 4:57 PM, Antonio Querubin wrote: > On Fri, 29 Jan 2010, Antonio Querubin wrote: > >> Yes but that's not the interface where you would apply it. You apply > ^ > necessarilly >> 'allow-default' on your upstream interface that you point your default >> route to. Ie. if you set your default-route at a particular interface >> or IP address, then you add urpf 'allow-default' on the interface that >> leads to your upstream gateway. > > Ie. you normally do not use allow-default on most of your interfaces. > You use it only on upstream interfaces.
So it is for the situation where you do not have a full table (so strict and/or loose mode would not work), but you want uRPF on the edge to be able to drop packets whose network is routed to null on your FIB? -- Devon _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
