beautypg.com

Brocade Multi-Service IronWare Switching Configuration Guide (Supporting R05.6.00) User Manual

Page 912

background image

882

Multi-Service IronWare Switching Configuration Guide

53-1003036-02

RPF configuration

22

Configuring a timer interval for IPv6 session logging

You can use the ipv6 session-logging-age command to globally configure a timer interval for IPv6
session logging. The timer interval is set for 3 minutes in the following example.

Brocade(config)# ipv6 session-logging-age 3

Syntax: [no] ipv6 session-logging-age minutes

The minutes variable sets the timer interval for logging. Configurable values are from 1 through 10
minutes. The default value is 5 minutes.

You can use the show log command to view RPF messages, as shown in the following example.

Brocade# show log

Dec 18 19:32:52:I:IPv6 RPF: Denied 1 packet(s) on port 1/2 tcp fec0:1::2(0) ->

4500:1::2(0)

Suppressing RPF for packets with specified
address prefixes

NOTE

This section is not applicable for the Brocade NetIron CES and Brocade NetIron CER devices
because, with these devices, RPF takes precedence over PBR and ACLs.

You can suppress RPF packet drops for a specified set of packets using inbound ACLs. To suppress
RPF packets:

1. Create an IPv4 or IPv6 ACL that identifies the address range that you do not want dropped.

2. Specify the flag to the ACL permit clause of the suppress-rpf-drop command.

When a packet that fails the RPF check and matches the specified ACL permit clause with the
suppress-rpf-drop flag set, it is forwarded as a normal packet and it is accounted as a “unicast RPF
suppressed drop packet,” as described in

Table 117

.

NOTE

The suppress-rpf-drop command is not supported on Brocade NetIron CES and Brocade NetIron CER
devices.

The following example demonstrates the configuration of the IPv4 ACL named “access-list 135”
which permits traffic from the source network 10.4.4.0/24 even if the RPF check test fails.

Brocade(config)# access-list 135 permit ip 10.4.4.0.0.0.0.255 any

suppress-rpf-drop

Brocade(config)# access-list 135 permit ip any any

The following example demonstrates the configuration of the IPv6 ACL named “rpf1” which permits
traffic from the source host 2002::1 even if the RPF check test fails.

Brocade(config)# ipv6 access-list rpf1

Brocade(config-ipv6-access-list rpf1)# permit tcp host 2002::1 any

suppress-rpf-drop

See also other documents in the category Brocade Computer Accessories: