URPF Commands

This module describes the commands used in enabling the Unicast Reverse Path Forwarding (uRPF).

For detailed information about FIPS configuration tasks, and examples, see the Configuring FIPS Mode chapter in the System Security Configuration Guide for Cisco ASR 9000 Series RoutersSystem Security Configuration Guide for Cisco 8000 Series Routers.

hw-module profile cef unipath-surpf

To configure uRPF on strict mode, use the hw-module profile cef unipath-surpf command in the Global configuration mode.

hw-module profile cef unipath-surpf enable

Syntax Description

enable

Enables uRPF in strict mode.

Command Default

Strict mode in uRPF is disabled.

Command Modes

Global configuration

Command History

Release Modification

Release 7.9.1

This command was introduced.

Usage Guidelines

You must configure both IPv4 and IPv6 commands to enable uRPF in strict mode.

You must reload the router after using the hw-module profile cef unipath-surpf command.

To disable the strict mode in uRPF use the no form of the hw-module profile cef unipath-surpf command.

Task ID

Task ID Operation

acl

read, write

network

read, write

ipv4

read, write

ipv6

read, write

Examples

This example shows how to configure uRPF in strict mode on the router:


Router# configure
Router(config)# hw-module profile cef unipath-surpf enable
Router(config-if)# commit

ipv4/ipv6 verify unicast source reachable-via

To configure uRPF, use the ipv4 verify unicast source reachable-via command in the Interface configuration mode.

{ ipv4 | ipv6 } verify unicast source reachable-via { any | rx } [allow-default]

Syntax Description

any

(uRPF Loose Mode) Configures a source that is reachable through any interface.

rx

(uRPF Strict Mode) Configures a source that is reachable only through the interface that ia same the interface used to transmit the packet back to source.

allow-default

Enables the matching of default routes.

Command Default

None

Command Modes

Interface configuration

Command History

Release Modification

Release 7.9.1

The rx keyword was introduced.

Release 7.3.15

This command was introduced.

Usage Guidelines

You must configure both IPv4 and IPv6 commands to enable uRPF.

Task ID

Task ID Operation

acl

read, write

network

read, write

ipv4

read, write

ipv6

read, write

Examples

This example shows how to configure uRPF in loose mode on the router along with the default address.:


Router# configure
Router(config)# interface hundredGigE 0/0/0/0
Router(config-if)# ipv4 verify unicast source reachable-via any allow-default
Router(config-if)# ipv6 verify unicast source reachable-via any allow-default
Router(config-if)# commit

This example shows how to configure uRPF in strict mode on the router along with the default address.:

Router# configure
Router(config)# hw-module profile cef unipath-surpf enable
Router(config)# interface hundredGigE 0/0/0/0
Router(config-if)# ipv4 verify unicast source reachable-via rx allow-default
Router(config-if)# ipv6 verify unicast source reachable-via rx allow-default
Router(config-if)# commit