Unicast Reverse Path Forwarding configuration using CLI
This section provides CLI procedures for Unicast Reverse Path Forwarding configuration.
Enable urpf-mode Boot Flag
To configure Unicast Reverse Path Forwarding on a port or VLAN, you are required to enable the urpf-mode boot flag. If you try to configure uRPF on an interface, that is, enable or change the urpf operating mode with the urpf-mode boot flag disabled, a consistency check error message is displayed: Unicast Reverse Path Forwarding configuration is not supported when urpf-mode boot flag is disabled.
About this task
Use the following procedure to enable the urpf-mode boot flag. By default, urpf-mode is disabled.
Procedure
Example
Enable the urpf-mode boot flag:
Switch:1> enable Switch:1# configure terminal Switch:1(config)# boot config flags urpf-mode The new setting requires a reboot to take effect! The configuration will be saved and rebooted. Are you sure you want to re-boot the switch (y/n)? y
View the status of the urpf-boot flag:
Note
Flag support can vary across hardware models.
Switch:1#show boot config flags flags advanced-feature-bandwidth-reservation low flags block-snmp false flags debug-config false flags debugmode false flags dvr-leaf-mode false flags enhancedsecure-mode false flags factorydefaults false flags flow-control-mode true flags ftpd true flags ha-cpu true flags hsecure false flags ipv6-egress-filter true flags ipv6-mode false flags linerate-directed-broadcast false flags logging true flags macsec false flags nni-mstp false flags reboot true flags rlogind false flags savetostandby true flags spanning-tree-mode mstp flags spbm-config-mode true flags sshd true flags syslog-rfc5424-format true flags telnetd true flags tftpd true flags trace-logging false flags urpf-mode true flags verify-config true flags vrf-scaling true flags vxlan-gw-full-interworking-mode false
Viewing unicast reverse path forwarding configuration on a port
About this task
Use the following procedure to view the status of the uRPF configuration on a port.
Before you begin
- You must enable the urpf-mode boot flag.
Note
When you try to configure uRPF on an interface, that is, enable or change the urpf operating mode with the urpf-mode boot flag disabled, a consistency check error message is displayed: Unicast Reverse Path Forwarding configuration is not supported when urpf-mode boot flag is disabled.
You must log on to the GigabitEthernet Interface Configuration mode in CLI.
You must configure unicast reverse path forwarding on a port.
Procedure
Example
Switch:1> enable Switch:1# configure terminal Switch:1(config)# interface GigabitEthernet 1/10Verify the configuration on the port:
Switch:1(config-if)# show ip interface gigabitethernet ============================================================================================= Brouter Port Ip ============================================================================================= PORT VRF IP_ADDRESS NET_MASK BROADCAST REASM ADVERTISE DIRECT RPC RPCMODE NUM NAME MAXSIZE WHEN_DOWN BCAST --------------------------------------------------------------------------------------------- 1/1 Glob~ 192.0.2.3 255.255.255.0 ones 1500 disable disable disable exist-only 1/10 spbo~ 198.51.100.4 255.255.255.0 ones 1500 disable disable disable exist-only PORT VRF NUM NAME -------------------------------------------------------------------------------- 1/1 GlobalRouter 1/10 spboip
Switch:1> enable Switch:1# configure terminal Switch:1(config)# interface GigabitEthernet 4/16Verify the configuration on the port:
Switch:1(config-if)#show ipv6 interface gigabitethernet ============================================================================================================================= Port Ipv6 Interface ============================================================================================================================= IFINDX BROUTER PHYSICAL ADMIN OPER TYPE MTU HOP REACHABLE RETRANSMIT MCAST IPSEC RPC RPCMODE INDX ADDRESS STATE STATE LMT TIME TIME STATUS ----------------------------------------------------------------------------------------------------------------------------- 192 4/16 e4:5d:52:3c:65:02 enable down ETHER 1500 2 30000 1000 disable disable disable existonly ==================================================================================================== Port Ipv6 Address ==================================================================================================== IPV6 ADDRESS BROUTER TYPE ORIGIN STATUS ---------------------------------------------------------------------------------------------------- 2001:db8:0:0:0:0:0:ffff/64 4/16 UNICAST MANUAL INACCESSIBLE INF INF 2001:db8:0:0:e65d:52ff:fe3c:6502/64 4/16 UNICAST LINKLAYER INACCESSIBLE INF INF 1 out of 5 Total Num of Interface Entries displayed. 2 out of 10 Total Num of Address Entries displayed.
Viewing unicast reverse path forwarding configuration on a VLAN
About this task
Use the following procedure to view the status of the uRPF configuration on a VLAN.
Before you begin
- You must enable the urpf-mode boot flag.
Note
When you try to configure uRPF on an interface, that is, enable or change the urpf operating mode with the urpf-mode boot flag disabled, a consistency check error message is displayed: Unicast Reverse Path Forwarding configuration is not supported when urpf-mode boot flag is disabled.
- You must log on to the VLAN Interface Configuration mode in CLI.
Important
You must assign a valid IP address to the selected port.
You must configure unicast reverse path forwarding on a VLAN.
Procedure
Example
Switch:1> enable Switch:1# configure terminal Switch:1(config)# interface vlan 2Verify the configuration on the VLAN:
Switch:1(config-if)# show interfaces vlan ip ============================================================================================================== Vlan Ip ============================================================================================================== VLAN VRF IP NET BCASTADDR REASM ADVERTISE DIRECTED RPC RPCMODE RMON ID NAME ADDRESS MASK FORMAT MAXSIZE WHEN_DOWN BROADCAST -------------------------------------------------------------------------------------------------------------- 1050 Globa~ 192.0.2.9 255.255.255.0 ones 1500 disable disable disable exist-only disable 1102 Globa~ 198.51.100.1 255.255.255.0 ones 1500 disable disable disable exist-only disable 1133 iir3 192.0.2.10 255.255.255.0 ones 1500 disable disable disable exist-only disable 1500 spboip 192.0.2.11 255.255.255.0 ones 1500 disable disable disable exist-only disable 1590 spboip 198.51.100.2 255.255.255.0 ones 1500 disable disable disable exist-only disable 4057 Globa~ 192.0.2.12 255.255.255.0 ones 1500 disable disable disable exist-only disable All 16 out of 16 Total Num of Vlan Ip Entries displayed VLAN VRF ID NAME -------------------------------------------------------------------------------- 1050 GlobalRouter 1102 GlobalRouter 1133 iir3 1500 spboip 1590 spboip 4057 GlobalRouter All 16 out of 16 Total Num of Vlan Ip Entries displayed
Switch:1> enable Switch:1# configure terminal Switch:1(config)# interface vlan 2Verify the configuration on the VLAN:
Switch:1(config-if)# show ipv6 interface vlan ============================================================================================================================= Vlan Ipv6 Interface ============================================================================================================================= IFINDX VLAN PHYSICAL ADMIN OPER TYPE MTU HOP REACHABLE RETRANSMIT MCAST IPSEC RPC RPCMODE INDX ADDRESS STATE STATE LMT TIME TIME STATUS ----------------------------------------------------------------------------------------------------------------------------- 3170 1122 2c:f4:c5:dc:b4:89 enable up ETHER 1500 64 30000 1000 disable disable disable existonly 3174 1126 2c:f4:c5:dc:b4:8b enable up ETHER 1500 64 30000 1000 disable disable disable existonly 3185 1137 2c:f4:c5:dc:b4:90 enable up ETHER 1500 64 30000 1000 disable disable disable existonly ================================================================================ Vlan Ipv6 Address ================================================================================ IPV6 ADDRESS VLAN-ID TYPE ORIGIN STATUS -------------------------------------------------------------------------------- 2001:db8:0:0:0:0:0:1 V-1122 UNICAST MANUAL PREFERRED 2001:db8:0:0:2ef4:c5ff:fedc:b489 V-1122 UNICAST LINKLAYER PREFERRED 2001:db8:0:0:0:0:0:1 V-1126 UNICAST MANUAL PREFERRED 2001:db8:0:0:2ef4:c5ff:fedc:b48b V-1126 UNICAST LINKLAYER PREFERRED 2001:db8:0:0:0:0:0:1 V-1137 UNICAST MANUAL PREFERRED 2001:db8:0:0:2ef4:c5ff:fedc:b490 V-1137 UNICAST LINKLAYER PREFERRED 3 out of 4 Total Num of Interface Entries displayed. 6 out of 7 Total Num of Address Entries displayed.