Cisco Systems 3130 User Manual
38-80
Cisco Catalyst Blade Switch 3130 for Dell Software Configuration Guide
OL-13270-01
Chapter 38 Configuring IP Unicast Routing
Configuring Unicast Reverse Path Forwarding
Router(config)# router bgp 100
Router(config-router)# address-family ipv4 vrf v2
Router(config-router-af)# neighbor 83.0.0.8 remote-as 800
Router(config-router-af)# neighbor 83.0.0.8 activate
Router(config-router-af)# network 3.3.2.0 mask 255.255.255.0
Router(config-router-af)# exit
Router(config-router)# address-family ipv4 vrf vl
Router(config-router-af)# neighbor 38.0.0.8 remote-as 800
Router(config-router-af)# neighbor 38.0.0.8 activate
Router(config-router-af)# network 3.3.1.0 mask 255.255.255.0
Router(config-router-af)# end
Displaying Multi-VRF CE Status
You can use the privileged EXEC commands in
to display information about multi-VRF CE
configuration and status.
For more information about the information in the displays, see the Cisco IOS Switching Services
Command Reference, Release 12.2.
Command Reference, Release 12.2.
Configuring Unicast Reverse Path Forwarding
The unicast reverse path forwarding (unicast RPF) feature helps to mitigate problems that are caused by
the introduction of malformed or forged (spoofed) IP source addresses into a network by discarding IP
packets that lack a verifiable IP source address. For example, a number of common types of
denial-of-service (DoS) attacks, including Smurf and Tribal Flood Network (TFN), can take advantage
of forged or rapidly changing source IP addresses to allow attackers to thwart efforts to locate or filter
the attacks. For Internet service providers (ISPs) that provide public access, Unicast RPF deflects such
attacks by forwarding only packets that have source addresses that are valid and consistent with the IP
routing table. This action protects the network of the ISP, its customer, and the rest of the Internet.
the introduction of malformed or forged (spoofed) IP source addresses into a network by discarding IP
packets that lack a verifiable IP source address. For example, a number of common types of
denial-of-service (DoS) attacks, including Smurf and Tribal Flood Network (TFN), can take advantage
of forged or rapidly changing source IP addresses to allow attackers to thwart efforts to locate or filter
the attacks. For Internet service providers (ISPs) that provide public access, Unicast RPF deflects such
attacks by forwarding only packets that have source addresses that are valid and consistent with the IP
routing table. This action protects the network of the ISP, its customer, and the rest of the Internet.
For detailed IP unicast RPF configuration information, see the Other Security Features chapter in the
Cisco IOS Security Configuration Guide, Release 12.2 at this URL:
Cisco IOS Security Configuration Guide, Release 12.2 at this URL:
Table 38-13
Commands for Displaying Multi-VRF CE Information
Command
Purpose
show ip protocols vrf vrf-name
Display routing protocol information associated
with a VRF.
with a VRF.
show ip route vrf vrf-name [connected] [protocol [as-number]] [list]
[mobile] [odr] [profile] [static] [summary] [supernets-only]
[mobile] [odr] [profile] [static] [summary] [supernets-only]
Display IP routing table information associated
with a VRF.
with a VRF.
show ip vrf [brief | detail | interfaces] [vrf-name]
Display information about the defined VRF
instances.
instances.