Prerequisites To Configuring Unicast Rpf - Cisco Catalyst 4500 series Administration Manual
Hide thumbs
Also See for Catalyst 4500 series:
- Software configuration manual (2086 pages) ,
- Configuration manual (1610 pages) ,
- Command reference manual (1230 pages)
Table of Contents
Advertisement
Chapter 36
Configuring Unicast Reverse Path Forwarding
Prerequisites to Configuring Unicast RPF
Prior to configuring Unicast RPF, configure ACLs:
•
•
Unicast RPF Configuration Tasks
The following sections describe the configuration tasks for Unicast RPF. Each task in the list is identified
as either optional or required.
•
•
See the section
chapter.
Configuring Unicast RPF
Unicast RPF is an input-side function that is enabled on an interface operates on IP packets received by
the switch.
OL_28731-01
Ingress filtering applies filters to traffic received at a network interface from either internal or
–
external networks. With ingress filtering, packets that arrive from other networks or the Internet
and that have a source address that matches a local network, private, or broadcast address are
dropped. In ISP environments, for example, ingress filtering can apply to traffic received at the
switch from either the client (customer) or the Internet.
Egress filtering applies filters to traffic exiting a network interface (the sending interface). By
–
filtering packets on switches that connect your network to the Internet or to other networks, you
can permit only packets with valid source IP addresses to leave your network.
For more information on network filtering, refer to RFC 2267 and to the Cisco IOS IP Configuration
Guide.
Configure standard or extended ACLs to mitigate transmission of invalid IP addresses (perform
egress filtering). Permit only valid source addresses to leave your network and get onto the Internet.
Prevent all other source addresses from leaving your network for the Internet.
Configure standard or extended ACLs entries to drop (deny) packets that have invalid source IP
addresses (perform ingress filtering). Invalid source IP addresses include the following types:
Reserved addresses
–
Loopback addresses
–
Private addresses (RFC 1918, Address Allocation for Private Internets)
–
–
Broadcast addresses (including multicast addresses)
–
Source addresses that fall outside the range of valid addresses associated with the protected
network
Configuring Unicast RPF, page 36-9
Verifying Unicast RPF, page 36-10
"Unicast RPF Configuration Example: Inbound and Outbound
(Required)
(Optional)
Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E
Unicast RPF Configuration Tasks
Filters" at the end of this
36-9
Advertisement
Chapters
Table of Contents
Troubleshooting
