All: I am curious what the purpose of uRPF's "allow-default" option is? Based on Cisco's page explaining the command, I interpret that it allows uRPF to match on a default route... but doesn't that defeat the purpose of uRPF?
My best guess is that it allows you to set static routes for networks whose source IPs you want to drop (using the null interface) while allowing everything else. e.g. interface Vlan100 ip verify unicast source reachable-via any allow-default ! ip route 192.168.0.0 255.255.255.0 null0 ip route 0.0.0.0 0.0.0.0 x.x.x.x uRPF would allow Vlan100 to use any source IP address except 192.168.0.0/24. Is that correct? http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/guide/secure.html Thanks! -- Devon _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/