Chapter 23 Configuring Network Security
Configuring Unicast Reverse Path Forwarding
This example shows how to enable self-pinging:
Router(config)# interface gigabitethernet 4/1
Configuring the Unicast RPF Checking Mode
There are two Unicast RPF checking modes:
•Strict checking mode, which verifies that the source IP address exists in the FIB table and verifies that the source IP address is reachable through the input port.
•
Note The most recently configured mode is automatically applied to all ports configured for Unicast RPF checking.
To configure Unicast RPF checking mode, perform this task:
| Command | Purpose | |
Step 1 |
|
| |
Router(config)# interface {{vlan vlan_ID} | Selects an interface to configure. | ||
| {type1 slot/port} | Note | Based on the input port, Unicast RPF verifies the |
|
| ||
|
|
| best return path before forwarding the packet on |
|
|
| to the next destination. |
Step 2 |
|
| |
Configures the Unicast RPF checking mode. | |||
|
|
| |
| Reverts to the default Unicast RPF checking mode. | ||
Step 3 |
|
| |
Exits interface configuration mode. | |||
|
|
|
|
1.type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet
When configuring the Unicast RPF checking mode, note the following syntax information:
•Use the rx keyword to enable strict checking mode.
•Use the any keyword to enable
•Use the
•Use the list option to identify an access list.
–If the access list denies network access, spoofed packets are dropped at the port.
–If the access list permits network access, spoofed packets are forwarded to the destination address. Forwarded packets are counted in the interface statistics.
–If the access list includes the logging action, information about the spoofed packets is sent to the log server.
Note When you enter the ip verify unicast source
| Cisco 7600 Series Router Cisco IOS Software Configuration |
|