On 11/14/12 3:45 AM, Gert Doering wrote:
ip verify unicast source reachable-via any allow-default
so what is a "suppressed verification drop"? And, much more important,
"will it still do that in hardware", or will loose-uRPF ("via any") punti
it into the software path for "some packets"?
Brian gave a decent response, but because I'm drinking my morning coffee
I feel the urge to add another reply for you (since it'll delay my
departure for work). A suppressed verification drop is a packet that
would have dropped with 'ip verify unicast source reachable-via
[any|rx]', but didn't drop because you added options (which can be
allow-default, allow-self-ping, and/or an ACL to punch some additional
holes).
pt
_______________________________________________
cisco-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
