Hi I would like to implement uRPF together with Inbound ACL on Customer connected SVIs. Will Sup720/PFC3BXL hardware support this without problems ?
My 6500 configuration looks like this: 1) Around ~200 SVIs with customers. On all SVIs uRPF is enabled to prevent spoofing: int VlanXXX description Customer SVI - ID: xxxxxxx ip address ... ... ip verify unicast source reachable-via rx allow-default no ip redirects no ip proxy-arp no ip unreachables Here Inbound ACL will be added - 'ip access-group from-Customers-IN in'. 2) Two SVIs to Core routers int VlanYYY description To core1 ip address x.x.x.x 255.255.255.252 ip access-group from-CORE-to-EDGE-Inbound in ip router isis no ip redirects no ip proxy-arp no ip unreachables Robert _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
