ipv4 verify unicast source reachable-via (BNG)
To enable IPv4 unicast Reverse Path Forwarding (RPF) checking, use the ipv4 verify unicast source
reachable-via command in an appropriate configuration mode. To disable unicast RPF, use the no form of
this command.
ipv4 verify unicast source reachable-via {any| rx} [allow-default] [allow-self-ping]
no ipv4 verify unicast source reachable-via {any| rx} [allow-default] [allow-self-ping]
Syntax Description
Enables loose unicast RPF checking. If loose unicast RPF is enabled, a packet is not
forwarded unless its source prefix exists in the routing table.
any
Enables strict unicast RPF checking. If strict unicast RPF is enabled, a packet is not
forwarded unless its source prefix exists in the routing table and the output interface
matches the interface on which the packet was received.
rx
(Optional) Enables the matching of default routes. This option applies to both loose
and strict RPF.
allow-default
(Optional) Enables the router to ping out an interface.This option applies to both loose
and strict RPF.
allow-self-ping
Command Default
IPv4 unicast RPF is disabled.
Command Modes
Dynamic template configuration
Command History
ModificationRelease
This command was introduced.Release 3.7.2
This command was supported in the dynamic template configuration
mode for BNG.
Release 4.2.0
Usage Guidelines
To enter the dynamic template configuration mode, run dynamic-template command in the Global
Configuration mode.
Use the ipv4 verify unicast source reachable-via interface command to mitigate problems caused by
malformed or forged (spoofed) IP source addresses that pass through a router. Malformed or forged source
addresses can indicate denial-of-service (DoS) attacks based on source IP address spoofing.
Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Command Reference,
Release 5.2.x
304
IPv4 and IPv6 Commands
ipv4 verify unicast source reachable-via (BNG)
To Next Page
Loading...
Need help?
General
