EasyManuals Logo
Home>Cisco>Network Router>7609

Cisco 7609 User Manual

Cisco 7609
572 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #341 background imageLoading...
Page #341 background image
23-19
Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E
78-14064-04
Chapter 23 Configuring Network Security
Configuring Unicast Reverse Path Forwarding
Configuring Unicast Reverse Path Forwarding
These sections describe configuring Cisco IOS Unicast Reverse Path Forwarding (Unicast RPF):
Understanding Unicast RPF Support, page 23-19
Configuring Unicast RPF, page 23-19
Enabling Self-Pinging, page 23-19
Configuring the Unicast RPF Checking Mode, page 23-20
Understanding Unicast RPF Support
The PFC2 supports Unicast RPF with hardware processing for packets that have a single return path. The
MSFC2 processes traffic in software that has multiple return paths (for example, load sharing).
With a PFC2, if you configure Unicast RPF to filter with an ACL, the PFC2 determines whether or not
traffic matches the ACL. The PFC2 sends the traffic denied by the RPF ACL to the MSFC2 for the
Unicast RPF check.
Note Because the packets in a denial-of-service attack typically match the deny ACE and are sent to the
MSFC2 for the unicast RPF check, they can overload the MSFC2.
The PFC2 provides hardware support for traffic that does not match the Unicast RPF ACL, but that
does match an input security ACL.
With Supervisor Engine 1 and PFC, the MSFC or MSFC 2 supports Unicast RPF in software.
Configuring Unicast RPF
For configuration procedures, refer to the Cisco IOS Security Configuration Guide, Release 12.1, Other
Security Features, Configuring Unicast Reverse Path Forwarding at this URL:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_c/scprt5/scdrpf.htm
Enabling Self-Pinging
With Unicast RPF enabled, the router cannot ping itself. To enable self-pinging, perform this task:
Command Purpose
Step 1
Router(config)# interface {{vlan vlan_ID} |
{type
1
slot/port} | {port-channel number}}
1. type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet
Selects the interface to configure.
Step 2
Router(config-if)# ip verify unicast source
reachable-via any allow-self-ping
Enables the router to ping itself or a secondary address.
Router(config-if)# no ip verify unicast source
reachable-via any allow-self-ping
Disables self-pinging.
Step 3
Router(config-if)# exit
Exits interface configuration mode.

Table of Contents

Other manuals for Cisco 7609

Preview: Datasheet
Datasheet5 pages
Preview: Frequently Asked Questions
Frequently Asked Questions5 pages
Preview: Installing
Installing22 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco 7609 and is the answer not in the manual?

Cisco 7609 Specifications

General IconGeneral
BrandCisco
Model7609
CategoryNetwork Router
LanguageEnglish

Related product manuals