Cisco 7604 Configuration Manual page 492

Ios software configuration guide

Hide thumbs Also See for 7604:

Configuration manual (742 pages)

Installation manual (324 pages)

User manual (98 pages)

page of 1011

/ 1011
Contents
Table of Contents
Bookmarks

Table of Contents

Configuring Unicast Reverse Path Forwarding Check

The most recently configured mode is automatically applied to all ports configured for Unicast RPF

To configure Unicast RPF check mode, perform this task:

Router(config)# interface {{vlan vlan_ID } |

slot/port } | {port-channel number }}

Router(config-if)# ip verify unicast source

reachable-via {rx | any} [allow-default] [ list ]

Router(config-if)# no ip verify unicast

Router(config-if)# exit

Router# show mls cef ip rpf

type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet

When configuring the Unicast RPF check mode, note the following information:

When you enter the ip verify unicast source reachable-via command, the Unicast RPF check mode

changes on all ports in the router.

This example shows how to enable Unicast RPF exist-only check mode on Gigabit Ethernet port 4/1:

Router(config)# interface gigabitethernet 4/1

Router(config-if)# ip verify unicast source reachable-via any

Router(config-if)# end

This example shows how to enable Unicast RPF strict check mode on Gigabit Ethernet port 4/2:

Router(config)# interface gigabitethernet 4/2

Router(config-if)# ip verify unicast source reachable-via rx

Router(config-if)# end

Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX

Exist-only check mode, which only verifies that the source IP address exists in the FIB table.

Use the rx keyword to enable strict check mode.

Use the any keyword to enable exist-only check mode.

Use the allow-default keyword to allow use of the default route for RPF verification.

Use the list option to identify an access list.

If the access list denies network access, spoofed packets are dropped at the port.

If the access list permits network access, spoofed packets are forwarded to the destination

address. Forwarded packets are counted in the interface statistics.

If the access list includes the logging action, information about the spoofed packets is sent to

the log server.

Selects an interface to configure.

Based on the input port, Unicast RPF check

verifies the best return path before forwarding the

packet on to the next destination.

Configures the Unicast RPF check mode.

Reverts to the default Unicast RPF check mode.

Exits interface configuration mode.

Verifies the configuration.

Configuring Network Security

Show Quick Links

Quick Links:
Supported Hardware and Software

Chapters

Table of Contents

7613 7606 7609-s 7600 series

Cisco 7604 Configuration Manual page 492

Hide quick links:

Chapters

Related Manuals for Cisco 7604

Related Products for Cisco 7604

This manual is also suitable for:

Table of Contents