In order to limit spoofed packets on a network, a network administrator is configuring uRPF on a Cisco router interface with the ip verify unicast source reachable-via rx command. After the configuration is completed, the administrator observes that valid packets are being dropped. What may be causing this packet discard?

In order to limit spoofed packets on a network, a network administrator is configuring uRPF on a Cisco router interface with the ip verify unicast source reachable-via rx command. After the configuration is completed, the administrator observes that valid packets are being dropped. What may be causing this packet discard?

• The uRPF is configured with loose mode and asymmetric routing occurs.
• The uRPF is configured with strict mode and symmetric routing occurs.
• The return traffic used a different path to that used by the source traffic.
• The same path is used for the source traffic and the return traffic.

Explanation: When uRPF is configured on an interface, the uRPF mode should be chosen according to the type of routing. With symmetric routing, the same path is used for the source and the return traffic. With asymmetric routing, a different path ends up being used for return traffic. The ip verify unicast reachable-via rx command configures uRPF in strict mode. If strict mode is used when asymmetric routing occurs, the legitimate traffic is dropped. Where symmetric routing is guaranteed to occur, uRPF should be configured in strict mode.

Exam with this question: CCNP ENARSI v8 Certification Practice Exam
Exam with this question: CCNP ENARSI v8 Final Exam Answers