Specifications
IP Switching Commands
ip verify unicast source reachable-via
ISW-67
Cisco IOS IP Switching Command Reference
May 2008
ip verify unicast source reachable-via
To enable Unicast Reverse Path Forwarding (Unicast RPF), use the ip verify unicast source
reachable-via command in interface configuration mode. To disable Unicast RPF, use the no form of
this command.
ip verify unicast source reachable-via {rx | any} [allow-default] [allow-self-ping] [list] [12-src]
[phys-if]
no ip verify unicast source reachable-via
Syntax Description
Command Default Unicast RPF is disabled.
Source IPv4 and source MAC address binding is disabled
Command Modes Interface configuration (config-if)
rx Examines incoming packets to determine whether the source address is in the
Forwarding Information Base (FIB) and permits the packet only if the source
is reachable through the interface on which the packet was received
(sometimes referred to as strict mode).
any Examines incoming packets to determine whether the source address is in the
FIB and permits the packet if the source is reachable through any interface
(sometimes referred to as loose mode).
allow-default (Optional) Allows the use of the default route for RPF verification.
allow-self-ping (Optional) Allows a router to ping its own interface or interfaces.
Caution Use caution when enabling the allow-self-ping keyword. This
keyword opens a denial-of-service (DoS) hole.
list (Optional) Specifies a numbered access control list (ACL) in the following
ranges:
• 1 to 99 (IP standard access list)
• 100 to 199 (IP extended access list)
• 1300 to 1999 (IP standard access list, expanded range)
• 2000 to 2699 (IP extended access list, expanded range)
l2-src (Optional) Enables source IPv4 and source MAC address binding.
phys-if (Optional) Enables physical input interface verification.