An engineer configured Reverse Path Forwarding on an interface and noticed that the routes are dropped when a route lookup fails on that interface for a prefix that is available in the routing table.
Which interface configuration resolves the issue?
An engineer configured Reverse Path Forwarding on an interface and noticed that the routes are dropped when a route lookup fails on that interface for a prefix that is available in the routing table.
Which interface configuration resolves the issue?
To resolve the issue, the correct interface configuration is to use 'ip verify unicast source reachable-via any'. This command configures the Unicast RPF (Reverse Path Forwarding) in exist-only check mode, which ensures that the source IP address exists in the FIB (Forwarding Information Base) table. This mode does not require the source address to be reachable through the input port, which resolves the issue where the routes are dropped when the route lookup fails for a prefix that is still available in the routing table.
Ref: Security - Configuring Network Security [Support] - Cisco Systems “… Configuring the Unicast RPF Check Mode There are two Unicast RPF check modes: • Strict check mode, which verifies that the source IP address exists in the FIB table and verifies that the source IP address is reachable through the input port. • Exist-only check mode, which only verifies that the source IP address exists in the FIB table. … When configuring the Unicast RPF check mode, note the following information: • Use the rx keyword to enable strict check mode. • Use the any keyword to enable exist-only check mode. • Use the allow-default keyword to allow use of the default route for RPF verification. …” The route lookup failed, but the prefix is in the routing table. RPF Exist-only check mode is the way to go. A. ip verify unicast source reachable-via l2-src Wrong answer. B. ip verify unicast source reachable-via allow-default Wrong answer. C. ip verify unicast source reachable-via any Correct answer. D. ip verify unicast source reachable-via rx Wrong answer.
Thank you very much for your awesome answers.
Hi, Could you please provide me your email address ? Thanks
Thanks @GreatDane for providing information about the questions, this makes easier the study
THE given answer is correct
the packet is dropped even though there is a route for the source address in the routing table - seems so much clearer what's going on
correct is C : https://www.exam-answer.com/configure-reverse-path-forwarding
C is correct