PING Both Interfaces of Router

Unanswered Question
Apr 8th, 2009

I have a basic question. I have setup 2 routers with 2 lan & wan interfaces. I can ping each others interfaces on either segments.

But on the router itself I can ping only one interface (LAN). When I ping the WAN interface I get request times out.

Whats is the reason?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
bmcginn Wed, 04/08/2009 - 20:44

Hi Avil,

Mate, you will need to provide more information.

Does your setup look similar to:


Where are you pinging from?

Are the interfaces up?

Have you got routes in place?

Providing configs would help also.


avilt Thu, 04/09/2009 - 17:18

My setup is as follows


From PC1 I can ping any interface.

When I telnet to router A and ping LAN interface it works, But when I ping WAN side interface (its own interface) it does not ping. No ACL configured.

ROUTERA is 1800 series. ROUTERB is 2600. I do not have any issues on 2600 router.

avilt Sun, 04/12/2009 - 05:31

I found the command that causing this behaviour. I have the command "ip verify unicast reverse-path" on the WAN interface. When I remove this command I can ping the WAN interface as well. Any reason as Why this command preventing from getting ping reply? I am pinging from the router itself. I even tried extended ping by specifying the LAN side ip as source IP but no luck.

amolwaghmare Sun, 04/12/2009 - 06:48

1)Did u check whether CEF is enabled?

2)R u able to ping from PC and other end router?

avilt Sun, 04/12/2009 - 15:35

IP CEF is enabled on this router. I can ping the interface from the PC as well as from OSPF neighbors.

pkurdziel Sun, 04/12/2009 - 20:14

Use the ip verify unicast reverse-path interface command to mitigate problems caused by malformed or forged (spoofed) IP source addresses that pass through a router. Malformed or forged source addresses can indicate denial-of-service (DoS) attacks based on source IP address spoofing.

When Unicast RPF is enabled on an interface, the router examines all packets received on that interface. The router checks to make sure that the source address appears in the routing table and matches the interface on which the packet was received. This "look backwards" ability is available only when Cisco Express Forwarding (CEF) is enabled on the router because the lookup relies on the presence of the Forwarding Information Base (FIB). CEF generates the FIB as part of its operation.

The Unicast Reverse Path Forwarding feature checks to see if any packet received at a router interface arrives on one of the best return paths to the source of the packet. The feature does this by doing a reverse lookup in the CEF table. If Unicast RPF does not find a reverse path for the packet, Unicast RPF can drop or forward the packet, depending on whether an ACL is specified in the Unicast Reverse Path Forwarding command. If an ACL is specified in the command, then when (and only when) a packet fails the Unicast RPF check, the ACL is checked to see if the packet should be dropped (using a deny statement in the ACL) or forwarded (using a permit statement in the ACL). Whether a packet is dropped or forwarded, the packet is counted in the global IP traffic statistics for Unicast RPF drops and in the interface statistics for Unicast RPF.

If no ACL is specified in the Unicast Reverse Path Forwarding command, the router drops the forged or malformed packet immediately and no ACL logging occurs. The router and interface Unicast RPF counters are updated.

Unicast RPF events can be logged by specifying the logging option for the ACL entries used by the Unicast Reverse Path Forwarding command. Log information can be used to gather information about the attack, such as source address, time, and so on.

avilt Sun, 04/12/2009 - 20:46

I have gone thru this document. But here I am pinging from the router and the destination is its own interface. Is it the default behavior if I set the command "IP verify Unicast Reverse Path"?


This Discussion