Cisco Systems EA6500 Manual De Usuario

These sections describe configuring Cisco IOS Unicast Reverse Path Forwarding (Unicast RPF):

The PFC2 supports Unicast RPF with hardware processing for packets that have a single return path. The 
MSFC2 processes traffic in software that has multiple return paths (for example, load sharing).

With a PFC2, if you configure Unicast RPF to filter with an ACL, the PFC2 determines whether or not 
traffic matches the ACL. The PFC2 sends the traffic denied by the RPF ACL to the MSFC2 for the 
Unicast RPF check. 

Because the packets in a denial-of-service attack typically match the deny ACE and are sent to the 
MSFC2 for the unicast RPF check, they can overload the MSFC2.

The PFC2 provides hardware support for traffic that does not match the Unicast RPF ACL, but that 
does match an input security ACL.

With Supervisor Engine 1 and PFC, the MSFC or MSFC 2 supports Unicast RPF in software.

For configuration procedures, refer to the Cisco IOS Security Configuration Guide, Release 12.1, “Other 
Security Features,” “Configuring Unicast Reverse Path Forwarding” at this URL:

With Unicast RPF enabled, the switch cannot ping itself. To enable self-pinging, perform this task:

Router(config)# interface {{vlan vlan_ID} | 

{type

1

 slot/port} | {port-channel number}} 

1.

type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet 

Selects the interface to configure.

Router(config-if)# ip verify unicast source 

 

Enables the switch to ping itself or a secondary address.

Router(config-if)# no ip verify unicast source 

 

Disables self-pinging.

Router(config-if)# exit 

Exits interface configuration mode.