Unicast Reverse Path Forwarding configuration using CLI
This section provides CLI procedures for Unicast Reverse Path Forwarding configuration.
Enable urpf-mode Boot Flag
To configure Unicast Reverse Path Forwarding on a port or VLAN, you are required to enable the urpf-mode boot flag. If you try to configure uRPF on an interface, that is, enable or change the urpf operating mode with the urpf-mode boot flag disabled, a consistency check error message is displayed: Unicast Reverse Path Forwarding configuration is not supported when urpf-mode boot flag is disabled.
About this task
Use the following procedure to enable the urpf-mode boot flag. By default, urpf-mode is disabled.
Procedure
-
When you get the following
prompt to reboot the switch, enter y to
reboot.
The new setting requires a reboot to take effect!
The configuration will be saved and rebooted.
Are you sure you want to re-boot the switch (y/n)?
Note
If you enter n, the following message is displayed: Warning: Please save the configuration and reboot the switch for this configuration to take effect.
Example
Enable the urpf-mode boot flag:
Switch:1> enable Switch:1# configure terminal Switch:1(config)# boot config flags urpf-mode The new setting requires a reboot to take effect! The configuration will be saved and rebooted. Are you sure you want to re-boot the switch (y/n)? y
View the status of the urpf-boot flag:
Note
Flag support can vary across hardware models.
Switch:1#show boot config flags flags advanced-feature-bandwidth-reservation low flags block-snmp false flags debug-config false flags debugmode false flags dvr-leaf-mode false flags enhancedsecure-mode false flags factorydefaults false flags flow-control-mode true flags ftpd true flags hsecure false flags ipv6-egress-filter true flags ipv6-mode false flags logging true flags macsec false flags nni-mstp false flags reboot true flags spanning-tree-mode mstp flags spbm-config-mode true flags spbm-node-scaling true flags sshd true flags syslog-rfc5424-format true flags telnetd true flags tftpd true flags trace-logging false flags urpf-mode true flags verify-config true flags vrf-scaling true
Viewing unicast reverse path forwarding configuration on a port
About this task
Use the following procedure to view the status of the uRPF configuration on a port.
Before you begin
- You must enable the urpf-mode boot flag.
Note
When you try to configure uRPF on an interface, that is, enable or change the urpf operating mode with the urpf-mode boot flag disabled, a consistency check error message is displayed: Unicast Reverse Path Forwarding configuration is not supported when urpf-mode boot flag is disabled.
You must log on to the GigabitEthernet Interface Configuration mode in CLI.
You must configure unicast reverse path forwarding on a port.
Procedure
-
Enter GigabitEthernet Interface
Configuration mode:
enable
configure terminal
interface GigabitEthernet {slot/port[/sub-port][-slot/port[/sub-port]][,...]}
Note
If the platform supports channelization and the port is channelized, you must also specify the sub-port in the format slot/port/sub-port.
Example
Switch:1> enable Switch:1# configure terminal Switch:1(config)# interface GigabitEthernet 1/10Verify the configuration on the port:
Switch:1(config-if)# show ip interface gigabitethernet
=============================================================================================
Brouter Port Ip
=============================================================================================
PORT VRF IP_ADDRESS NET_MASK BROADCAST REASM ADVERTISE DIRECT RPC RPCMODE
NUM NAME MAXSIZE WHEN_DOWN BCAST
---------------------------------------------------------------------------------------------
1/1 Glob~ 192.0.2.3 255.255.255.0 ones 1500 disable disable disable exist-only
1/10 spbo~ 198.51.100.4 255.255.255.0 ones 1500 disable disable disable exist-only
PORT VRF
NUM NAME
--------------------------------------------------------------------------------
1/1 GlobalRouter
1/10 spboip
Switch:1> enable Switch:1# configure terminal Switch:1(config)# interface GigabitEthernet 4/16Verify the configuration on the port:
Switch:1(config-if)#show ipv6 interface gigabitethernet
=============================================================================================================================
Port Ipv6 Interface
=============================================================================================================================
IFINDX BROUTER PHYSICAL ADMIN OPER TYPE MTU HOP REACHABLE RETRANSMIT MCAST IPSEC RPC RPCMODE
INDX ADDRESS STATE STATE LMT TIME TIME STATUS
-----------------------------------------------------------------------------------------------------------------------------
192 4/16 e4:5d:52:3c:65:02 enable down ETHER 1500 2 30000 1000 disable disable disable existonly
====================================================================================================
Port Ipv6 Address
====================================================================================================
IPV6 ADDRESS BROUTER TYPE ORIGIN STATUS
----------------------------------------------------------------------------------------------------
2001:db8:0:0:0:0:0:ffff/64 4/16 UNICAST MANUAL INACCESSIBLE INF INF
2001:db8:0:0:e65d:52ff:fe3c:6502/64 4/16 UNICAST LINKLAYER INACCESSIBLE INF INF
1 out of 5 Total Num of Interface Entries displayed.
2 out of 10 Total Num of Address Entries displayed.
Viewing unicast reverse path forwarding configuration on a VLAN
About this task
Use the following procedure to view the status of the uRPF configuration on a VLAN.
Before you begin
- You must enable the urpf-mode boot flag.
Note
When you try to configure uRPF on an interface, that is, enable or change the urpf operating mode with the urpf-mode boot flag disabled, a consistency check error message is displayed: Unicast Reverse Path Forwarding configuration is not supported when urpf-mode boot flag is disabled.
- You must log on to the VLAN Interface Configuration mode in CLI.
Important
You must assign a valid IP address to the selected port.
You must configure unicast reverse path forwarding on a VLAN.
Procedure
Example
Switch:1> enable Switch:1# configure terminal Switch:1(config)# interface vlan 2Verify the configuration on the VLAN:
Switch:1(config-if)# show interfaces vlan ip
==============================================================================================================
Vlan Ip
==============================================================================================================
VLAN VRF IP NET BCASTADDR REASM ADVERTISE DIRECTED RPC RPCMODE RMON
ID NAME ADDRESS MASK FORMAT MAXSIZE WHEN_DOWN BROADCAST
--------------------------------------------------------------------------------------------------------------
1050 Globa~ 192.0.2.9 255.255.255.0 ones 1500 disable disable disable exist-only disable
1102 Globa~ 198.51.100.1 255.255.255.0 ones 1500 disable disable disable exist-only disable
1133 iir3 192.0.2.10 255.255.255.0 ones 1500 disable disable disable exist-only disable
1500 spboip 192.0.2.11 255.255.255.0 ones 1500 disable disable disable exist-only disable
1590 spboip 198.51.100.2 255.255.255.0 ones 1500 disable disable disable exist-only disable
4057 Globa~ 192.0.2.12 255.255.255.0 ones 1500 disable disable disable exist-only disable
All 16 out of 16 Total Num of Vlan Ip Entries displayed
VLAN VRF
ID NAME
--------------------------------------------------------------------------------
1050 GlobalRouter
1102 GlobalRouter
1133 iir3
1500 spboip
1590 spboip
4057 GlobalRouter
All 16 out of 16 Total Num of Vlan Ip Entries displayed
Switch:1> enable Switch:1# configure terminal Switch:1(config)# interface vlan 2Verify the configuration on the VLAN:
Switch:1(config-if)# show ipv6 interface vlan
=============================================================================================================================
Vlan Ipv6 Interface
=============================================================================================================================
IFINDX VLAN PHYSICAL ADMIN OPER TYPE MTU HOP REACHABLE RETRANSMIT MCAST IPSEC RPC RPCMODE
INDX ADDRESS STATE STATE LMT TIME TIME STATUS
-----------------------------------------------------------------------------------------------------------------------------
3170 1122 2c:f4:c5:dc:b4:89 enable up ETHER 1500 64 30000 1000 disable disable disable existonly
3174 1126 2c:f4:c5:dc:b4:8b enable up ETHER 1500 64 30000 1000 disable disable disable existonly
3185 1137 2c:f4:c5:dc:b4:90 enable up ETHER 1500 64 30000 1000 disable disable disable existonly
================================================================================
Vlan Ipv6 Address
================================================================================
IPV6 ADDRESS VLAN-ID TYPE ORIGIN STATUS
--------------------------------------------------------------------------------
2001:db8:0:0:0:0:0:1 V-1122 UNICAST MANUAL PREFERRED
2001:db8:0:0:2ef4:c5ff:fedc:b489 V-1122 UNICAST LINKLAYER PREFERRED
2001:db8:0:0:0:0:0:1 V-1126 UNICAST MANUAL PREFERRED
2001:db8:0:0:2ef4:c5ff:fedc:b48b V-1126 UNICAST LINKLAYER PREFERRED
2001:db8:0:0:0:0:0:1 V-1137 UNICAST MANUAL PREFERRED
2001:db8:0:0:2ef4:c5ff:fedc:b490 V-1137 UNICAST LINKLAYER PREFERRED
3 out of 4 Total Num of Interface Entries displayed.
6 out of 7 Total Num of Address Entries displayed.