describes commands used to monitor and maintain Unicast RPF.
global router statistics about Unicast RPF drops and suppressed drops.
Device# show ip interface type
per-interface statistics about Unicast RPF drops and suppressed drops.
Device# show access-lists
the number of matches to a specific ACL.
Device(config-if)# no ip verify unicast reverse-path list
Unicast RPF at the interface. Use the
list option to
disable Unicast RPF for a specific ACL at the interface.
To disable CEF, you must first disable Unicast RPF.
Failure to disable Unicast RPF before disabling CEF can cause HSRP failure. If
you want to disable CEF on the router, you must first disable Unicast RPF.
Unicast RPF counts
the number of packets dropped or suppressed because of malformed or forged
source addresses. Unicast RPF counts dropped or forwarded packets that include
the following global and per-interface information:
traffic command shows the total number (global
count) of dropped or suppressed packets for all interfaces on the router. The
Unicast RPF drop count is included in the IP statistics section.
Device# show ip traffic
Rcvd: 1471590 total, 887368 local destination
0 format errors, 0 checksum errors, 301274 bad hop count
0 unknown protocol, 0 not a gateway
0 security failures, 0 bad options, 0 with options
Opts: 0 end, 0 nop, 0 basic security, 0 loose source route
0 timestamp, 0 extended security, 0 record route
0 stream ID, 0 strict source route, 0 alert, 0 other
Frags: 0 reassembled, 0 timeouts, 0 couldn't reassemble
0 fragmented, 0 couldn't fragment
Bcast: 205233 received, 0 sent
Mcast: 463292 received, 462118 sent
Sent: 990158 generated, 282938 forwarded
! The second line below (“0 unicast RPF”) displays Unicast RPF packet dropping information.
Drop: 3 encapsulation failed, 0 unresolved, 0 no adjacency
0 no route, 0 unicast RPF, 0 forced drop
A nonzero value for
the count of dropped or suppressed packets can mean one of two things:
Unicast RPF is
dropping or suppressing packets that have a bad source address (normal
Unicast RPF is
dropping or suppressing legitimate packets because the route is misconfigured
to use Unicast RPF in environments where asymmetric routing exists; that is,
where multiple paths can exist as the best return path for a source address.
interface command shows the total of dropped or
suppressed packets at a specific interface. If Unicast RPF is configured to use
a specific ACL, that ACL information is displayed along with the drop
Device> show ip interface ethernet0/1/1
Unicast RPF ACL 197
1 unicast RPF drop
1 unicast RPF suppressed drop
access-lists command displays the number of
matches found for a specific entry in a specific access list.
Device> show access-lists
Extended IP access list 197
deny ip 192.168.201.0 0.0.0.63 any log-input (1 match)
permit ip 192.168.201.64 0.0.0.63 any log-input (1 match)
deny ip 192.168.201.128 0.0.0.63 any log-input
permit ip 192.168.201.192 0.0.0.63 any log-input