09-15-2008 07:39 AM - edited 03-06-2019 01:23 AM
Some time ago I posted a question here regarding "ip verify unicast reverse-path". I have come to find that this command will not work on gig single mode fiber ports (WS-X6748-SFP).
The command works fine on the 100FX cards (WS-X6324-100FX-MM).
Is there a way to enable reverse path verification on the WS-X6748-SFP line cards?
Edit: Cat 6509 - 12.2(14r)S9
Solved! Go to Solution.
09-15-2008 10:31 AM
It's not supposed to work on non-routed ports as it is not running Layer3 services.
IP RPF relies on Layer3 so the behavior exhibited in the 6748 is the correct one.
As for configuring IP RPF under SVI, Yes - it can be done.
HTH,
__
Edison.
Please rate helpful posts
09-15-2008 07:53 AM
According to the documentation:
This feature is driven by the PFC and not the line card.
What error do you get while configuring such feature in the 6748 module?
HTH,
__
Edison.
09-15-2008 08:02 AM
CORE-6509(config-if)#ip verify ?
source source address
CORE-6509#sh mls cef ip rpf
RPF global mode: not enabled
I am searching for the configuration guide for a Sup720 for cef rpf. I think that's where my hangup is.
09-15-2008 09:30 AM
Make sure the interface is in routed mode
no switchport
Please post the output from typing
show ver | i IOS
Here is mine and it works:
sh ver | i IOS
IOS (tm) s72033_rp Software (s72033_rp-ADVENTERPRISEK9_WAN-M), Version 12.2(18)SXF8, RELEASE SOFTWARE (fc2)
sh mls cef ip rpf
RPF global mode: not enabled
HTH,
__
Edison.
09-15-2008 10:04 AM
edit: I hate the way this forum does replies
09-15-2008 07:57 AM
I just found a 6509 with 6748
show mod 9
Mod Ports Card Type Model Serial No.
--- ----- -------------------------------------- ------------------ -----------
9 48 CEF720 48 port 10/100/1000mb Ethernet WS-X6748-GE-TX SAD080707HU
rack3-6509(config-if)#int g9/1
rack3-6509(config-if)#ip verify ?
unicast Enable per packet validation for unicast
rack3-6509(config-if)#ip verify un
rack3-6509(config-if)#ip verify unicast ?
reverse-path Reverse path validation of source address (old command format)
source Validation of source address
rack3-6509(config-if)#ip verify unicast re
rack3-6509(config-if)#ip verify unicast reverse-path ?
<1-199> IP access list (standard or extended)
<1300-2699> IP expanded access list (standard or extended)
allow-self-ping Allow router to ping itself (opens vulnerability in
verification)
rack3-6509(config-if)#ip verify unicast reverse-path alo
rack3-6509(config-if)#ip verify unicast reverse-path
Warning: Deprecated Command.
Changed to "ip verify unicast source reachable-via rx allow-default".
rack3-6509(config-if)#do show run int g9/1
Building configuration...
Current configuration : 166 bytes
!
interface GigabitEthernet9/1
ip verify unicast source reachable-via rx allow-default
HTH,
__
Edison.
Please rate helpful posts
09-15-2008 10:05 AM
Well now why will the command work on a non routed port on the 100FX ports, but not on the gig ports?
It is ok to use this command on a vlan interface correct?
Cisco IOS Software, s72033_rp Software (s72033_rp-IPSERVICESK9_WAN-M), Version 12.2(33)SXH2, RELEASE SOFTWARE (fc1)
09-15-2008 10:31 AM
It's not supposed to work on non-routed ports as it is not running Layer3 services.
IP RPF relies on Layer3 so the behavior exhibited in the 6748 is the correct one.
As for configuring IP RPF under SVI, Yes - it can be done.
HTH,
__
Edison.
Please rate helpful posts
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide