Strict Unicast RPF mode
A strict mode check is successful when Unicast RPF finds a match in the FIB for the packet source
address and the ingress interface through which the packet is received matches one of the Unicast RPF
interfaces in the FIB match. If this check fails, the packet is discarded. You can use this type of Unicast
RPF check where packet flows are expected to be symmetrical.
Loose Unicast RPF mode
A loose mode check is successful when a lookup of a packet source address in the FIB returns a match
and the FIB result indicates that the source is reachable through at least one real interface. The ingress
interface through which the packet is received is not required to match any of the interfaces in the FIB
result.
Procedure
PurposeCommand or Action
Enters global configuration mode.configure terminal
Example:
switch# configure terminal
switch(config)#
Step 1
Specifies an ethernet interface and enters interface
configuration mode.
interface ethernet slot/port
Example:
switch(config)# interface ethernet
2/3
switch(config-if)#
Step 2
Configures unicast RPF on the interface for both IPv4
and IPv6.
{ip | ipv6} verify unicast source
reachable-via any
Step 3
Example:
switch(config-if)# ip verify
unicast source reachable-via any
You must configure unicast RPF on each
interface, since it is disabled by default. The
configuration is shared across both IPv4 and
IPv6. If you enable or disable on either IPv4
and IPv6, it affects all protocols on that
interface
Note
When you enable uRPF for IPv4 or IPv6
(using the ip or ipv6 keywords), unicast RPF
is enabled for both IPv4 and IPv6.
Note
You can configure only one version of the
available IPv4 and IPv6 Unicast RPF
command on an interface. When you configure
one version, all the mode changes must be
done by this version and all other versions will
be blocked by that interface.
Note
Exits class map configuration mode.exit
Example:
switch(config-cmap)# exit
switch(config)#
Step 4
Cisco Nexus 3600 NX-OS Security Configuration Guide, Release 7.x
105
Configuring Unicast RPF
Configuring Unicast RPF
To Next Page
Loading...
Need help?
General