For a router connected to two ISPs for redundancy, using IPSLA and static routing, how would you
configure uRPF on the uplink interface?
A.
ip verify unicast source reachable-via any
B.
ip verify unicast reverse-path
C.
ip verify unicast reverse-path loose
D.
ip verify unicast reverse-path strict
Explanation:
Unicast RPF Examples
Cisco IOS Devices
An important consideration for deployment is that Cisco Express Forwarding switching must be
enabled for Unicast RPF to function. This command has been enabled by default as of IOS
version 12.2. If it is not enabled, administrators can enable it with the following global configuration
command: ip cef Unicast RPF is enabled on a per-interface basis. The ip verify unicast source
reachable-via rx command enables Unicast RPF in strict mode. To enable loose mode,
administrators can use the any option to enforce the requirement that the source IP address for a
packet must appear in the routing table. The allow-default option may be used with either therx or
any option to include IP addresses not specifically contained in the routing table. The allow-selfping option should not be used because it could create a denial of service condition. An access list
such as the one that follows may also be configured to specifically permit or deny a list ofaddresses through Unicast RPF:
interface FastEthernet 0/0
ip verify unicast source reachable-via {rx | any} [allow-default]
[allow-self-ping] [list]
Addresses that should never appear on a network can be dropped by entering a route to a null
interface. The following command will cause all traffic received from the 10.0.0.0/8 network to be
dropped even if Unicast RPF is enabled in loose mode with the allow-default option: ip route
10.0.0.0 255.0.0.0 Null0http://www.cisco.com/web/about/security/intelligence/unicast-rpf.html