Cisco IOS XR RPF 过滤器错误?

网络工程 思科 cisco-ios-xr
2022-03-02 10:28:30

基于此文档:https ://www.cisco.com/c/en/us/td/docs/iosxr/ncs5500/security/62x/b-system-security-cg-ncs5500-62x/b-system-security -cg-ncs5500-62x_chapter_01001.html我正在尝试在界面中设置 URPF(严格)。路由器本身已启动并运行 IOS XE 7.1.1。

如文档所述,我已禁用 ipv4 和 ipv6 缩放:

configure
hw-module tcam fib ipv4 scaledisable
hw-module fib ipv6 scale internet-optimized-disable
commit

并重新加载路由器:

reload

我尝试设置 URPF 的接口具有默认配置,但 IPv4 和 IPv6 地址除外:

interface TenGigE0/0/0/0
 ipv4 address 22.33.44.55 255.255.255.0
 ipv6 address 2001::1/64
 shutdown

尝试为 IPv4 应用 URPF 后,我收到此错误:

RP/0/RP0/CPU0:Router(config-if)#interface TenGigE0/0/0/0
RP/0/RP0/CPU0:Router(config-if)#ipv4 verify unicast source reachable-via rx
RP/0/RP0/CPU0:Router(config-if)#commit
Tue Oct 13 12:33:44.099 UTC

% Failed to commit one or more configuration items during a pseudo-atomic operation. All changes made have been reverted. Please issue 'show configuration failed [inheritance]' from this session to view the errors
RP/0/RP0/CPU0:Router(config-if)#show configuration failed
...

interface TenGigE0/0/0/0
 ipv4 verify unicast source reachable-via rx
!!% The process 'ipv4_ma' rejected the operation but returned no error
!
end

在尝试为 IPv4 和 IPv6 应用 URPF 后,我收到此错误:

RP/0/RP0/CPU0:Router(config)#interface TenGigE0/0/0/0
RP/0/RP0/CPU0:Router(config-if)#ipv4 verify unicast source reachable-via rx
RP/0/RP0/CPU0:Router(config-if)#ipv6 verify unicast source reachable-via rx
RP/0/RP0/CPU0:Router(config-if)#commit
Tue Oct 13 12:36:06.613 UTC

% Failed to commit one or more configuration items during a pseudo-atomic operation. All changes made have been reverted. Please issue 'show configuration failed [inheritance]' from this session to view the errors
RP/0/RP0/CPU0:Router(config-if)#show configuration failed
Tue Oct 13 12:36:12.301 UTC
!! SEMANTIC ERRORS: This configuration was rejected by
!! the system due to semantic errors. The individual
!! errors with each failed configuration command can be
!! found below.


interface TenGigE0/0/0/0
 ipv4 verify unicast source reachable-via rx
!!% 'ipv4-ma' detected the 'warning' condition 'Platform doesn't support strict RPF on this card'
 ipv6 verify unicast source reachable-via rx
!!% 'ipv6-ma' detected the 'warning' condition 'Platform doesn't support loose RPF on this card'
!
end

有趣的是我尝试了 IPv4 和 IPv6 的严格(rx)配置,但错误消息告诉我平台不支持 IPv6 的松散(任何)rpf。顺便说一句,我在文档中没有看到平台对 URPF 配置的任何限制,所以我认为它是受支持的。我没有找到任何文件告诉我它不是。

0个回答
没有发现任何回复~
其它你可能感兴趣的问题
上一篇如何在wireshark中设置按目标广播排序的显示过滤器? 下一篇VLAN 在 ComNet 交换机中不起作用