nanog mailing list archives
Re: Cisco uRPF failures
From: Saku Ytti <saku+nanog () ytti fi>
Date: Sat, 13 Sep 2008 23:00:31 +0300
On (2008-09-13 13:26 -0500), Brandon Ewing wrote: Hey Brandon,
Are you sure? According to the IOS guide for 3560E/3750E, "ip verify" is still an unsupported interface command. I don't have a 3560E handy to test on, but I know that a non-E 3560 refuses it with a notice regarding how verification is not supported by hardware.
To be honest I'm not sure. Feature-wise highlights what I've taken note of E series in 3560 is jumbo MTU support in L3 and uRPF in comparison to non E, apart from the obvious 10GE and PSU enhancements. While I haven't personally ran 3560E, I'm fairly confident that it's supported, in hardware (And software to turn it on). uRPF is mentioned here: http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps7078/product_data_sheet0900aecd805bac22.html Advanced Security • Unicast RPF feature helps mitigate problems caused by the introduction of malformed or forged (spoofed) IP source addresses into a network by discarding IP packets that lack a verifiable IP source address. -- ++ytti
Current thread:
- Cisco uRPF failures, (continued)
- Cisco uRPF failures Jo Rhett (Sep 04)
- Re: Cisco uRPF failures Anton Kapela (Sep 06)
- Re: Cisco uRPF failures Christopher Morrow (Sep 06)
- Re: Cisco uRPF failures Jo Rhett (Sep 11)
- Re: Cisco uRPF failures Sam Stickland (Sep 07)
- Re: Cisco uRPF failures Saku Ytti (Sep 08)
- Re: Cisco uRPF failures Jo Rhett (Sep 11)
- Re: Cisco uRPF failures Saku Ytti (Sep 11)
- Re: Cisco uRPF failures Jo Rhett (Sep 11)
- Re: Cisco uRPF failures Brandon Ewing (Sep 13)
- Re: Cisco uRPF failures Saku Ytti (Sep 13)
- RE: Cisco uRPF failures Tom Zingale (tomz) (Sep 15)
- Re: Force10 Gear - Opinions Brian Feeny (Sep 03)
- Re: Force10 Gear - Opinions Paul Wall (Sep 04)
- Re: Force10 Gear - Opinions Mark Tinka (Sep 04)
- uRPF Jo Rhett (Sep 04)
- Re: uRPF Mark Tinka (Sep 04)