Chapter 23 Configuring Network Security
Configuring Unicast Reverse Path Forwarding
Configuring Unicast Reverse Path Forwarding
These sections describe configuring Cisco IOS Unicast Reverse Path Forwarding (Unicast RPF):
•Understanding Unicast RPF Support, page
•Configuring Unicast RPF, page
•Enabling
•Configuring the Unicast RPF Checking Mode, page
Understanding Unicast RPF Support
The PFC2 supports Unicast RPF with hardware processing for packets that have a single return path. The MSFC2 processes traffic in software that has multiple return paths (for example, load sharing).
With a PFC2, if you configure Unicast RPF to filter with an ACL, the PFC2 determines whether or not traffic matches the ACL. The PFC2 sends the traffic denied by the RPF ACL to the MSFC2 for the Unicast RPF check.
Note | • | Because the packets in a |
|
| MSFC2 for the unicast RPF check, they can overload the MSFC2. |
| • | The PFC2 provides hardware support for traffic that does not match the Unicast RPF ACL, but that |
|
| does match an input security ACL. |
|
|
|
With Supervisor Engine 1 and PFC, the MSFC or MSFC 2 supports Unicast RPF in software.
Configuring Unicast RPF
For configuration procedures, refer to the Cisco IOS Security Configuration Guide, Release 12.1, “Other Security Features,” “Configuring Unicast Reverse Path Forwarding” at this URL:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_c/scprt5/scdrpf.htm
Enabling Self-Pinging
With Unicast RPF enabled, the router cannot ping itself. To enable
| Command | Purpose |
Step 1 |
|
|
Router(config)# interface {{vlan vlan_ID} | Selects the interface to configure. | |
| {type1 slot/port} |
|
Step 2 |
|
|
Enables the router to ping itself or a secondary address. | ||
|
| |
| Disables | |
|
| |
Step 3 |
|
|
Exits interface configuration mode. | ||
|
|
|
1.type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet
|
| Cisco 7600 Series Router Cisco IOS Software Configuration |
|
| |
|
|
| |||
|
|
|
|
| |
|
|
|
|