Ipv4 Verify Unicast Source Reachable-Via (Bng) - Cisco ASR 9000 Series Command Reference Manual

ipv4 verify unicast source reachable-via (BNG)

ipv4 verify unicast source reachable-via (BNG)
To enable IPv4 unicast Reverse Path Forwarding (RPF) checking, use the ipv4 verify unicast source
reachable-via command in an appropriate configuration mode. To disable unicast RPF, use the no form of
this command.
ipv4 verify unicast source reachable-via {any| rx} [allow-default] [allow-self-ping]
no ipv4 verify unicast source reachable-via {any| rx} [allow-default] [allow-self-ping]
Syntax Description
any
rx
allow-default
allow-self-ping
Command Default
IPv4 unicast RPF is disabled.
Command Modes
Dynamic template configuration
Command History
Release
Release 3.7.2
Release 4.2.0
Usage Guidelines
To enter the dynamic template configuration mode, run dynamic-template command in the Global
Configuration mode.
Use the ipv4 verify unicast source reachable-via interface command to mitigate problems caused by
malformed or forged (spoofed) IP source addresses that pass through a router. Malformed or forged source
addresses can indicate denial-of-service (DoS) attacks based on source IP address spoofing.
Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Command Reference,
Release 5.2.x
304
Enables loose unicast RPF checking. If loose unicast RPF is enabled, a packet is not
forwarded unless its source prefix exists in the routing table.
Enables strict unicast RPF checking. If strict unicast RPF is enabled, a packet is not
forwarded unless its source prefix exists in the routing table and the output interface
matches the interface on which the packet was received.
(Optional) Enables the matching of default routes. This option applies to both loose
and strict RPF.
(Optional) Enables the router to ping out an interface.This option applies to both loose
and strict RPF.
Modification
This command was introduced.
This command was supported in the dynamic template configuration
mode for BNG.
IPv4 and IPv6 Commands