300-101 第202题疑问
QUESTION 202When unicast reverse path forwarding is configured on an interface, which action does
the interface take first when it receives a packet?
A. It check the ingress access list
B. It check the egress access list
C. It verifies that the source has a valid CEF adjacency
D. It verifies a reverse path via the FIB to the source
Correct Answer: D
Section: part 5
Explanation
Explanation/Reference:
When a packet is received at the interface where Unicast RPF and ACLs have been configured, the
following actions occur:
Step 1: Input ACLs configured on the inbound interface are checked.
Step 2: Unicast RPF checks to see if the packet has arrived on the best return path to the source, which it
does by doing a reverse lookup in the FIB table
下面的解析中的第一步 说的是先检查进口ACL那么为啥不会选A呢。。。。。
我觉得题库是错的,不过有一点需要考虑,就是题干并没有指明ACL有被配置。
思科官网链接:https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_urpf/configuration/15-sy/sec-data-urpf-15-sy-book/cfg-unicast-rfp.html?dtid=osscdc000283#GUID-07331556-315A-4327-9679-0390DD2F6FC1
思科给出的带ACL的uRPF配置案例:
int eth0/1/1
ip address 192.168.200.1 255.255.255.0
ip verify unicast reverse-path 197
!
int eth0/1/2
ip address 192.168.201.1 255.255.255.0
!
access-list 197 deny ip 192.168.201.0 0.0.0.63 any log-input
access-list 197 permit ip 192.168.201.64 0.0.0.63 any log-input
access-list 197 deny ip 192.168.201.128 0.0.0.63 any log-input
access-list 197 permit ip 192.168.201.192 0.0.0.63 any log-input
access-list 197 deny ip host 0.0.0.0 any log
页:
[1]