38-75
Catalyst 3750-E and 3560-E Switch Software Configuration Guide
OL-9775-02
Chapter 38 Configuring IP Unicast Routing
Configuring Unicast Reverse Path Forwarding
Router(config)# router bgp 100
Router(config-router)# address-family ipv4 vrf v2
Router(config-router-af)# neighbor 83.0.0.8 remote-as 800
Router(config-router-af)# neighbor 83.0.0.8 activate
Router(config-router-af)# network 3.3.2.0 mask 255.255.255.0
Router(config-router-af)# exit
Router(config-router)# address-family ipv4 vrf vl
Router(config-router-af)# neighbor 38.0.0.8 remote-as 800
Router(config-router-af)# neighbor 38.0.0.8 activate
Router(config-router-af)# network 3.3.1.0 mask 255.255.255.0
Router(config-router-af)# end
Displaying Multi-VRF CE Status
You can use the privileged EXEC commands in Table 38-13 to display information about multi-VRF
CE configuration and status.
For more information about the information in the displays, see the Cisco IOS Switching Services
Command Reference, Release 12.2.
Configuring Unicast Reverse Path Forwarding
The unicast reverse path forwarding (unicast RPF) feature helps to mitigate problems that are caused by
the introduction of malformed or forged (spoofed) IP source addresses into a network by discarding IP
packets that lack a verifiable IP source address. For example, a number of common types of
denial-of-service (DoS) attacks, including Smurf and Tribal Flood Network (TFN), can take advantage
of forged or rapidly changing source IP addresses to allow attackers to thwart efforts to locate or filter
the attacks. For Internet service providers (ISPs) that provide public access, Unicast RPF deflects such
attacks by forwarding only packets that have source addresses that are valid and consistent with the IP
routing table. This action protects the network of the ISP, its customer, and the rest of the Internet.
Note Do not configure unicast RPF if the switch is in a mixed hardware stack of both Catalyst 3750-E and
Catalyst 3750 switches.
For detailed IP unicast RPF configuration information, see the Other Security Features chapter in the
Cisco IOS Security Configuration Guide, Release 12.2 at this URL:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_book09186a
0080087df1.html
Table 38-13 Commands for Displaying Multi-VRF CE Information
Command Purpose
show ip protocols vrf vrf-name Display routing protocol information associated
with a VRF.
show ip route vrf vrf-name [connected] [protocol [as-number]] [list]
[mobile] [odr] [profile] [static] [summary] [supernets-only]
Display IP routing table information associated
with a VRF.
show ip vrf [brief | detail | interfaces] [vrf-name] Display information about the defined VRF
instances.
