Configuring loose mode urpf – Cisco 10000 User Manual
Page 319
13-17
Cisco 10000 Series Router Software Configuration Guide
OL-2226-23
Chapter 13 Unicast Reverse Path Forwarding
Configuration Examples of uRPF
Configuring Loose Mode uRPF
shows how to enable Loose Mode uRPF on a router over the Gigabit Ethernet Interface:
Example 13-4 Loose Mode uRPF configuration on 8/1/0 interface
Router# conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router (config)# int g8/1/0
Router (config-if)# ip verify unicast source reachable-via?
any Source is reachable via any interface
rx Source is reachable via interface on which packet was received
Router (config-if)# ip verify unicast source reachable-via any?
<1-199> IP access list (standard or extended)
<1300-2699> IP expanded access list (standard or extended)
allow-default Allow default route to match when checking source address
allow-self-ping Allow router to ping itself (opens vulnerability in
verification)
<cr>
Router (config-if)# ip verify unicast source reachable-via any
Router (config-if)# end
shows how you can use the show router interface command for verifying that Loose Mode
uRPF has been configured on a router
Example 13-5 Verifying Loose Mode uRPF on 8/1/0 interface
Router# sh ru interface gig8/1/0
!
interface GigabitEthernet8/1/0
ip address 80.1.1.1 255.255.255.0
ip verify unicast source reachable-via any
negotiation auto
end
Configuring Loose Mode uRPF with the allow-self-ping Option
shows how you can configure Loose Mode uRPF with the allow-self-ping option.
Example 13-6 Loose Mode uRPF with the allow-self-ping option
Router(config)# int g8/1/0
Router(config-if)# ip verify unicast source reachable-via any allow-self-ping
Router(config-if)# end
Router# sh ru int g8/1/0
!
interface GigabitEthernet8/1/0
ip address 80.1.1.1 255.255.255.0
ip verify unicast source reachable-via any allow-self-ping
negotiation auto
end