Hi, On Sat, Jun 23, 2012 at 02:42:04PM -0700, Mike wrote: > I am trying to filter out rfc1918 addresses as either source or > destination addresses for my pppoe connected subscribers. Each
Why not
a) turn on uRPF filtering on the virtual-template
("ip verify unicast reverse")
-> this takes care of *any* garbage source address the customer
might send you, not just RFC1918 space (see also BCP38).
b) null-route the RFC1918 space
-> this takes care of the destination addresses
that way you can get much more benefits with less effort.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany [email protected]
fax: +49-89-35655025 [email protected]
pgpvNDIbouMAo.pgp
Description: PGP signature
_______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
