Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5799
Views
0
Helpful
3
Replies

ip verify unicast source reachable-via rx allow-self-ping disallow ping VIP

Go to solution
tonywen
Level 1
Level 1

‎08-18-2006 08:02 PM - edited ‎03-03-2019 04:35 AM

Hi Team

I find the command ?ip verify unicast source reachable-via rx allow-self-ping? disallowed the ping to the HSRP VIP. Could you please check if it?s normal behavior ?the partial config is below:

interface Vlan10

mtu 9216

ip address 172.16.128.193 255.255.255.0

ip verify unicast source reachable-via rx allow-self-ping

no ip redirects

ip pim dr-priority 200

ip pim query-interval 500 msec

ip pim sparse-mode

no ip mroute-cache

load-interval 30

standby delay minimum 30 reload 120

standby 200 ip 172.16.128.195

standby 200 timers msec 500 msec 1500

standby 200 priority 105

standby 200 preempt

standby 201 ip 172.16.128.196

standby 201 timers msec 500 msec 1500

standby 201 preempt

platform cisco WS-C6509-E (R7000),IOS 12.2(18)SXE5.

Thank you very much for your help.

Tony

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎08-19-2006 11:44 AM

Tony

I see that behavior in networks that I work with and believe that it is normal behavior. I believe that what is happening is that someone attempts to ping the VIP, the ping packet is received on the switch that is not active for that HSRP group and forwards it over the VLAN to the active switch. But the switch sees a packet incoming with a remote source address and RPF rejects the packet. We have addressed this issue by using the optional access list in the verify unicast which can supply over-rides to the RFP check. If the optional access list permits ping to the VIP then things should work as you want them.

HTH

Rick

HTH

Rick

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎08-19-2006 11:44 AM

Tony

I see that behavior in networks that I work with and believe that it is normal behavior. I believe that what is happening is that someone attempts to ping the VIP, the ping packet is received on the switch that is not active for that HSRP group and forwards it over the VLAN to the active switch. But the switch sees a packet incoming with a remote source address and RPF rejects the packet. We have addressed this issue by using the optional access list in the verify unicast which can supply over-rides to the RFP check. If the optional access list permits ping to the VIP then things should work as you want them.

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
tonywen
Level 1
Level 1
In response to Richard Burts

‎08-19-2006 10:22 PM

Hi Rick

Thank you so much for your excellent explanation.Much appreciated!

Have a nice weekend!

Tony

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to tonywen

‎08-20-2006 11:33 AM

Tony

You are quite welcome.

Thanks for rating the response and markig the issue as resolved. It makes the forum more useful when people can read about an issue and know that the answer did resolve the issue.

I encourage you to continue your participation in the forum.

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents