ip verify unicast rpf

Unanswered Question
Oct 7th, 2007
User Badges:


Can u specify what does this command exactly do "ip verify unicast rpf" .

Bcz when i remove this command on one of my interface , i start receiving Checksum error messages .

Is there any other alternate for this command..

Thnx in advance.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
vijayasankar Sun, 10/07/2007 - 22:38
User Badges:
  • Silver, 250 points or more


This is security feature used as a best practice standard configurations to prevent spoof attacks.

When you put this command under a ip interface, whenever the router/switch receives a incoming traffic on this interfaces, it does the following

1) Will take the source ip address it sees on the incoming packets

2) Check the ip routing table to see whether this interface is the outbound interface to reach that source ip.

3) If the check on step 2 is a success, then the router/switch will allow that packet for processing and further transmission

4) if that check on step 2 fails, then it might be a indicator for spoofed packet, claiming a false source ip address, hence the packet will be dropped.

Due to this nature, We should be very careful when applying this command, if the network has any assymetric routing.

Please provide more captures/cli outputs related to your checksum error messages, to verify the problem in your scenario.

Hope this helps.


atif-siddiqui Sun, 10/28/2007 - 08:26
User Badges:

what is the difference between this command and the one with vrf in it:

ip verify unicast source reachable-via any allow-self-ping

Can this command be used iwht VRF interfaces?


This Discussion