When unicast reverse path forwarding is configured on an interface, which action does the interface take first when it receives a packet?
A. it verifies that the source has a valid VEF adjacency.
B. It checks the egress access lists.
C. it verifies a reverse path via the FIB to the source.
D. It checks the ingress access lists.
D:
D. It checks the ingress access lists.
the first thing URPF does is to check ingress access-lsits
To me the question does not mention anything about and acl.
If an ACL is specified in the command, then when (and only when) a packet fails the Unicast RPF check, the ACL is checked to see if the packet should be dropped (using a deny statement in the ACL) or forwarded (using a permit statement in the ACL). Whether a packet is dropped or forwarded, the packet is counted in the global IP traffic statistics for Unicast RPF drops and in the interface statistics for Unicast RPF.
If no ACL is specified in the Unicast RPF command, the router drops the forged or malformed packet immediately and no ACL logging occurs. The router and interface Unicast RPF counters are updated.
When Unicast RPF is enabled on an interface, the router examines all packets received as input on that interface to make sure that the source address and source interface appear in the routing table and match the interface on which the packet was received.
When a packet is received at the interface where Unicast RPF and ACLs have been configured, the following actions occur:
Step 1 Input ACLs configured on the inbound interface are checked.
Step 2 Unicast RPF checks to see if the packet has arrived on the best return path to the source, which it does by doing a reverse lookup in the FIB table.
Step 3 CEF table (FIB) lookup is carried out for packet forwarding.
Step 4 Output ACLs are checked on the outbound interface.
Step 5 The packet is forwarded.
The answer is C. The question does not include an ACL.
But the question was: which action is taken first,
Response D, first it will check the ingress ACL
it doesn’t have to include an access-list, because URPF will check the for an ingress access-list first
no. correct arnsw is
D
It checks the ingress access lists.
Yes, I agree.
Follow the Cisco documentation:
https://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/scfrpf.html
When a packet is received at the interface where Unicast RPF and ACLs have been configured, the following actions occur:
Step 1 Input ACLs configured on the inbound interface are checked.
Step 2 Unicast RPF checks to see if the packet has arrived on the best return path to the source, which it does by doing a reverse lookup in the FIB table.
Step 3 CEF table (FIB) lookup is carried out for packet forwarding.
Step 4 Output ACLs are checked on the outbound interface.
Step 5 The packet is forwarded.