Packets sourced from
10.1.1.0/24 subnet arriving at serial0/0 and failing the uRPF check are logged by the ACL log statement and
dropped by the ACL deny action. Packets sourced from 172.16.1.0/24 subnet arriving at serial0/0 and failing the
uRPF check are logged by the ACL log statement and forwarded by the ACL permit action.
Example 7-16. Configuring uRPF (Strict Mode) with ACL
Code View:
Router(config)# access-list 101 deny ip 10.1.1.0 0.0.0.255 any log-input
Router(config)# access-list 101 permit ip 172.16.1.0 0.0.0.255 any log-input
Router(config)# interface
Router(config-if)# ip verify unicast reverse-path 101
The show ip interface command displays uRPF statistics for dropped or suppressed
packets for the specified interface and can be used with the show ip access-list command to detect IP address
spoofing. If ACL logging is enabled, the data logs can be reviewed to gather additional information about the
network attack, as shown in Example 7-17.
Example 7-17. Verifying uRPF Configuration and Statistics
Router# show ip interface
...
IP verify source reachable-via RX, allow default, ACL 101
56 verification drops
192 suppressed verification drops
!
Router# show ip access-lists 101
Extended IP access list 101
deny ip 10.
Pages:
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395