Cisco Nexus 9000 Series Configuration Manual page 471

Configuring Unicast RPF
Command or Action
Step 2 [no] system urpf disable
Example:
switch(config)# no system urpf disable
Step 3 interface ethernet slot/port
Example:
switch(config)# interface ethernet 2/3
switch(config-if)#
Step 4 {ip | ipv6} address ip-address/length
Example:
switch(config-if)# ip address 172.23.231.240/23
Step 5 {ip | ipv6} verify unicast source reachable-via {any
[allow-default] | rx}
Example:
switch(config-if)# ip verify unicast source
reachable-via any
Step 6 exit
Example:
Configuring Unicast RPF for Cisco Nexus 9300 Switches
Purpose
Enables Unicast RPF on the switch.
Note You must reload the Cisco NX-OS box to apply
the Unicast RPF configuration.
Specifies an Ethernet interface and enters interface
configuration mode.
Specifies an IPv4 or IPv6 address for the interface.
Configures Unicast RPF on the interface for both IPv4 and
IPv6.
You can enable IPv4 and IPv6 uRPF separately for the
Cisco Nexus 9300-EX Series switches (for IPv4) and on
Cisco Nexus 9300-FX/FX2 Series switches.
Note When you enable Unicast RPF for IPv4 or IPv6
(using the ip or ipv6 keyword), Unicast RPF is
enabled for both IPv4 and IPv6.
You can configure only one version of the
available IPv4 and IPv6 Unicast RPF command
on an interface. When you configure one version,
all the mode changes must be done by this
version and all other versions will be blocked by
that interface.
• The any keyword specifies loose Unicast RPF.
• If you specify the allow-default keyword, the source
address lookup can match the default route and use
that for verification.
Note
Note
• The rx keyword specifies strict Unicast RPF.
Exits interface configuration mode.
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
The allow-default keyword is not
applicable in the ALPM routing mode.
The source address lookup (in case of a
loose Unicast RPF check) does not match
the default route if you do not specify the
allow-default keyword.
445