Last Updated on August 1, 2021 by Admin 1
Which of the following commands enables Unicast Reverse Path forwarding in loose mode?
- ip verify unicast source reachable-via rx
- ip verify unicast source reachable-via any
- ip verify unicast source reachable-via rx allow default
- ip verify unicast source reachable-via allow default
The command ip verify unicast source reachable-via any enables Unicast Reverse Path Forwarding (RPF) in loose mode. In loose mode, traffic is allowed if the source address is reachable via any interface on the router as indicted in the routing table. Unicast Reverse Path forwarding uses the source IP address when it validates the packet. Packets are validated when the source address is contained in the routing table and is reachable either via the ingress interface (strict mode) or via any interface (loose mode).
The command ip verify unicast source reachable-via rx enables Unicast RPF in strict mode, not loose mode. The rx keyword indicates the source must be reachable on the interface where the packet arrived.
The command ip verify unicast source reachable-via rx allow default enables Unicast RPF in strict mode. The inclusion of the allow default keyword indicates the source can be reachable via a default route to be accepted.
The command ip verify unicast source reachable-via allow default is syntactically incorrect. The allow default keyword cannot be present by itself. It must follow either the rx or any keywords.
Objective:
Infrastructure Security
Sub-Objective:
Configure and verify router security features