We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is Why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 618 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)


390 New Members signed up the last 30 days!


100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags: ,

Forum Replies

  1. First step to protect against DoS and DDoS attacks.

    Further ones may include RTBH, prefix-lists denying the bogon and spoofed prefixes, CoPP on the backplane and rate-limiters.

  2. Hello Paul

    It really depends on the platform you are using. Higher end platforms (6500/6800 with the appropriate supervisor as well as Nexus platforms for example) will support uRFP occurring in hardware thus providing for fast checking and no taxing of other resources.

    ... Continue reading in our forum

  3. Hi Laz

    Thanks for the info, but I think your second statement is incorrect. According to this page:


    When you configure an access control list (ACL) and a packet fails the Unicast RPF check, the Unicast RPF checks the ACL to see if the packet should be dropped (by using a deny statement in the ACL) or forwarded (by using a permit statement in the ACL). Regardless of whether the packet is dropped or forwarded, the packet is counted in th

    ... Continue reading in our forum

  4. Hi Rene,

    I have couple of questions.

    1. Can i enable uRPF on both ingress & egress interface?
    2. I read somewhere that uRPF rely on CEF table. So we should enable CEF as well to work with uRPF?
    3. How uRPF work with equal & unequal cost load balancing? Like OSPF & EIGRP?


  5. Hello Ajay

    uRPF is a feature that checks the source address on a packet and compares it to the routing table. This means that by definition, uRPF will ONLY function on incoming packets. It can be enabled on any interface, but it will only operate on incoming packets on that interface. Packets that are exiting an interface have already gone through the routing table lookup and

    ... Continue reading in our forum

29 more replies! Ask a question or join the discussion by visiting our Community Forum