ip verify unicast source reachable-via
ip verify unicast source reachable-via
To configure Unicast Reverse Path Forwarding (Unicast RPF) on an interface, use the ip verify unicast source
reachable-via command. To remove Unicast RPF from an interface, use the no form of this command.
ip verify unicast source reachable-via {any [allow-default]| rx}
no ip verify unicast source reachable-via {any [allow-default]| rx}
Syntax Description
any
allow-default
rx
Command Default
None
Command Modes
Interface configuration
Command History
Release
4.0(1)
Usage Guidelines
You can configure one the following Unicast RPF modes on an ingress interface:
Strict Unicast RPF mode—A strict mode check is successful when the following matches occur:
• Unicast RPF finds a match in the Forwarding Information Base (FIB) for the packet source address.
• The ingress interface through which the packet is received matches one of the Unicast RPF interfaces
If these checks fail, the packet is discarded. You can use this type of Unicast RPF check where packet flows
are expected to be symmetrical.
Loose Unicast RPF mode—A loose mode check is successful when a lookup of a packet source address in
the FIB returns a match and the FIB result indicates that the source is reachable through at least one real
interface. The ingress interface through which the packet is received is not required to match any of the
interfaces in the FIB result.
This command does not require a license.
Cisco Nexus 7000 Series Security Command Reference
430
in the FIB match.
Specifies loose checking.
(Optional) Specifies the MAC address to be used on
the specified interface.
Specifies strict checking.
Modification
This command was introduced.
I Commands