Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1030
Views
10
Helpful
6
Replies

ip verify unicast reverse-path

Go to solution
cisco_lite
Level 1
Level 1

‎01-07-2009 08:24 AM - edited ‎03-06-2019 03:17 AM

On a router and ASA firewall, should RPF be enabled on all the given interfaces.

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎01-07-2009 08:34 AM

You should generally apply it at the exit point to your network because within your network you may well have asymmetrical paths. Have a look at this doc which goes into where Unicast RPF should be used -

http://www.cisco.com/en/US/docs/ios/11_1/feature/guide/uni_rpf.html#wp1042716

Jon

View solution in original post

0 Helpful

Go to solution
mikegrous
Level 3
Level 3
In response to cisco_lite

‎01-07-2009 12:14 PM

This is my understanding as well.

View solution in original post

0 Helpful
6 Replies 6

Go to solution
mikegrous
Level 3
Level 3

‎01-07-2009 08:29 AM

typically youd only apply it on your WAN interface as you should be trusting your LAN routes

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎01-07-2009 08:34 AM

You should generally apply it at the exit point to your network because within your network you may well have asymmetrical paths. Have a look at this doc which goes into where Unicast RPF should be used -

http://www.cisco.com/en/US/docs/ios/11_1/feature/guide/uni_rpf.html#wp1042716

Jon

0 Helpful

Go to solution
cisco_lite
Level 1
Level 1
In response to Jon Marshall

‎01-07-2009 11:52 AM

What is difference between

ip verify unicast reverse-path

and

ip verify unicast source reachable-via any

What is the default Unicast RPF mode; loose or strict.

Regards.

0 Helpful

Go to solution
mikegrous
Level 3
Level 3
In response to cisco_lite

‎01-07-2009 11:55 AM

In reguard to the first question:

R8(config-if)#ip verify unicast ?

reverse-path Reverse path validation of source address (old command format)

source Validation of source address

Go to solution
cisco_lite
Level 1
Level 1
In response to mikegrous

‎01-07-2009 12:12 PM

From this I understand that both of the above commands have the same effect, where in reverse-path is an old command.

Please confirm.

0 Helpful

Go to solution
mikegrous
Level 3
Level 3
In response to cisco_lite

‎01-07-2009 12:14 PM

This is my understanding as well.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card