PurposeCommand or Action
Enables Unicast RPF on the switch.[no] system urpf disable
Step 2
Example:
You must reload the Cisco NX-OS box to apply
the Unicast RPF configuration.
Note
switch(config)# no system urpf disable
Specifies an Ethernet interface and enters interface
configuration mode.
interface ethernet slot/port
Example:
Step 3
switch(config)# interface ethernet 2/3
switch(config-if)#
Specifies an IPv4 or IPv6 address for the interface.
{ip | ipv6} address ip-address/length
Example:
Step 4
switch(config-if)# ip address 172.23.231.240/23
Configures Unicast RPF on the interface for both IPv4 and
IPv6.
{ip | ipv6} verify unicast source reachable-via {any
[allow-default] | rx}
Step 5
Example:
You can enable IPv4 and IPv6 uRPF separately for the
Cisco Nexus 9300-EX Series switches (for IPv4) and on
Cisco Nexus 9300-FX/FX2 Series switches.
switch(config-if)# ip verify unicast source
reachable-via any
When you enable Unicast RPF for IPv4 or IPv6
(using the ip or ipv6 keyword), Unicast RPF is
enabled for both IPv4 and IPv6.
You can configure only one version of the
available IPv4 and IPv6 Unicast RPF command
on an interface. When you configure one version,
all the mode changes must be done by this
version and all other versions will be blocked by
that interface.
Note
• The any keyword specifies loose Unicast RPF.
• If you specify the allow-default keyword, the source
address lookup can match the default route and use
that for verification.
The allow-default keyword is not
applicable in the ALPM routing mode.
Note
The source address lookup (in case of a
loose Unicast RPF check) does not match
the default route if you do not specify the
allow-default keyword.
Note
• The rx keyword specifies strict Unicast RPF.
Exits interface configuration mode.exit
Example:
Step 6
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
445
Configuring Unicast RPF
Configuring Unicast RPF for Cisco Nexus 9300 Switches
To Next Page
Loading...
