Information
Enables the unicast Reverse-Path Forwarding (uRPF) on untrusted interfaces.
Rationale:
The unicast Reverse-Path Forwarding(uRPF) enabled on an interface ensures that for a packet received on an interface, the security appliance checks the routing table to make sure that the same interface is used to get back to the source IP address. If it is not the case, the packet will be dropped. This should be enabled by default on untrusted interfaces in order to prevent attackers from spoofing internal IP addresses. For the other internal interfaces, the uRPF should be enabled if there is no case of asymmetric routing for which the path to send a packet to the source IP address is different of the path from which the packet is received.
Solution
Step 1: Acquire the name of the untrusted interface <interface_name>
Step 2: Run the following command to enable protection against IP spoofing
hostname(config)# ip verify reverse-path interface <interface_name>
Default Value:
Disabled by default