Configuring Unicast RPF for IPv4
This section contains payload examples and CLIs to demonstrate how to use the NX-API REST API to configure Unicast RPF on Cisco Nexus 3000 and 9000 Series switches and to show how the REST APIs correspond to the CLI commands. For more information, see the Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 7.x.
Configuring Loose Unicast RPF for IPv4 Packets on a Cisco Nexus 9500 Series Switch with an -R Line Card
Configuring Loose Unicast RPF for IPv4 Packets on a Cisco Nexus 9500 Series Switch with an -R Line Card
POST http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"ipv4Entity": {
"children": [
{
"ipv4Inst": {
"children": [
{
"ipv4Dom": {
"attributes": {
"name": "default"
},
"children": [
{
"ipv4If": {
"attributes": {
"id": "eth2/3",
"urpf": "loose"
},
"children": [
{
"ipv4Addr": {
"attributes": {
"addr": "172.23.231.240/23"
}}}]}}]}}]}}]}}]}}
{
imdata:[]
}
<System>
<ipv4-items>
<inst-items>
<dom-items>
<Dom-list>
<name>default</name>
<if-items>
<If-list>
<id>eth2/3</id>
<urpf>loose</urpf>
<addr-items>
<Addr-list>
<addr>172.23.231.240/23</addr>
</Addr-list>
</addr-items>
</If-list>
</if-items>
</Dom-list>
</dom-items>
</inst-items>
</ipv4-items>
</System>
Note: This example was added in Release 7.0(3)I7(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
interface Ethernet2/3
ip address 172.23.231.240/23
ip verify unicast source reachable-via any
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/media/dme/index.html
Disabling Loose Unicast RPF for IPv4 Packets on a Cisco Nexus 9500 Series Switch with an -R Line Card
Disabling Loose Unicast RPF for IPv4 Packets on a Cisco Nexus 9500 Series Switch with an -R Line Card
POST http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"ipv4Entity": {
"children": [
{
"ipv4Inst": {
"children": [
{
"ipv4Dom": {
"attributes": {
"name": "default"
},
"children": [
{
"ipv4If": {
"attributes": {
"id": "eth2/3",
"urpf": "disabled"
},
"children": [
{
"ipv4Addr": {
"attributes": {
"addr": "172.23.231.240/23"
}}}]}}]}}]}}]}}]}}
{
imdata:[]
}
<System>
<ipv4-items>
<inst-items>
<dom-items>
<Dom-list>
<name>default</name>
<if-items>
<If-list>
<id>eth2/3</id>
<urpf>disabled</urpf>
<addr-items>
<Addr-list>
<addr>172.23.231.240/23</addr>
</Addr-list>
</addr-items>
</If-list>
</if-items>
</Dom-list>
</dom-items>
</inst-items>
</ipv4-items>
</System>
Note: This example was added in Release 7.0(3)I7(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
interface Ethernet2/3
ip address 172.23.231.240/23
no ip verify unicast source reachable-via any
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/media/dme/index.html
Configuring Loose Unicast RPF for IPv4 Packets on a Cisco Nexus 9300 Series Switch
Configuring Loose Unicast RPF for IPv4 Packets on a Cisco Nexus 9300 Series Switch
POST http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"ipv4Entity": {
"children": [
{
"ipv4Inst": {
"children": [
{
"ipv4Dom": {
"attributes": {
"name": "default"
},
"children": [
{
"ipv4If": {
"attributes": {
"id": "eth2/3",
"urpf": "loose"
},
"children": [
{
"ipv4Addr": {
"attributes": {
"addr": "172.23.231.240/23"
}
}
}
]
}
}
]
}
}
]
}
}
]
}
},
{
"platformEntity": {
"attributes": {
"urpfStatus": "disabled"
}}}]}}
{
imdata:[]
}
<System>
<ipv4-items>
<inst-items>
<dom-items>
<Dom-list>
<name>default</name>
<if-items>
<If-list>
<id>eth2/3</id>
<urpf>loose</urpf>
<addr-items>
<Addr-list>
<addr>172.23.231.240/23</addr>
</Addr-list>
</addr-items>
</If-list>
</if-items>
</Dom-list>
</dom-items>
</inst-items>
</ipv4-items>
<pltfm-items>
<urpfStatus>disabled</urpfStatus>
</pltfm-items>
</System>
Note: This example was added in Release 7.0(3)I7(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
system urpf disable
interface Ethernet2/3
ip address 172.23.231.240/23
ip verify unicast source reachable-via any
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/media/dme/index.html
Disabling Loose Unicast RPF for IPv4 Packets on a Cisco Nexus 9300 Series Switch
Disabling Loose Unicast RPF for IPv4 Packets on a Cisco Nexus 9300 Series Switch
POST http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"ipv4Entity": {
"children": [
{
"ipv4Inst": {
"children": [
{
"ipv4Dom": {
"attributes": {
"name": "default"
},
"children": [
{
"ipv4If": {
"attributes": {
"id": "eth2/3",
"urpf": "disabled"
},
"children": [
{
"ipv4Addr": {
"attributes": {
"addr": "172.23.231.240/23"
}
}
}
]
}
}
]
}
}
]
}
}
]
}
},
{
"platformEntity": {
"attributes": {
"urpfStatus": "disabled"
}}}]}}
{
imdata:[]
}
<System>
<ipv4-items>
<inst-items>
<dom-items>
<Dom-list>
<name>default</name>
<if-items>
<If-list>
<id>eth2/3</id>
<urpf>disabled</urpf>
<addr-items>
<Addr-list>
<addr>172.23.231.240/23</addr>
</Addr-list>
</addr-items>
</If-list>
</if-items>
</Dom-list>
</dom-items>
</inst-items>
</ipv4-items>
<pltfm-items>
<urpfStatus>disabled</urpfStatus>
</pltfm-items>
</System>
Note: This example was added in Release 7.0(3)I7(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
system urpf disable
interface Ethernet2/3
ip address 172.23.231.240/23
no ip verify unicast source reachable-via any
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/media/dme/index.html
Configuring Strict Unicast RPF for IPv4 Packets on a Cisco Nexus 9300 Series Switch
Configuring Strict Unicast RPF for IPv4 Packets on a Cisco Nexus 9300 Series Switch
POST http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"ipv4Entity": {
"children": [
{
"ipv4Inst": {
"children": [
{
"ipv4Dom": {
"attributes": {
"name": "default"
},
"children": [
{
"ipv4If": {
"attributes": {
"id": "eth2/2",
"urpf": "strict"
},
"children": [
{
"ipv4Addr": {
"attributes": {
"addr": "172.23.231.240/23"
}
}
}
]
}
}
]
}
}
]
}
}
]
}
},
{
"platformEntity": {
"attributes": {
"urpfStatus": "disabled"
}}}]}}
{
imdata:[]
}
<System>
<ipv4-items>
<inst-items>
<dom-items>
<Dom-list>
<name>default</name>
<if-items>
<If-list>
<id>eth2/2</id>
<urpf>strict</urpf>
<addr-items>
<Addr-list>
<addr>172.23.231.240/23</addr>
</Addr-list>
</addr-items>
</If-list>
</if-items>
</Dom-list>
</dom-items>
</inst-items>
</ipv4-items>
<pltfm-items>
<urpfStatus>disabled</urpfStatus>
</pltfm-items>
</System>
Note: This example was added in Release 7.0(3)I7(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
system urpf disable
interface Ethernet2/2
ip address 172.23.231.240/23
ip verify unicast source reachable-via rx
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/media/dme/index.html
Disabling Strict Unicast RPF for IPv4 Packets on a Cisco Nexus 9300 Series Switch
Disabling Strict Unicast RPF for IPv4 Packets on a Cisco Nexus 9300 Series Switch
POST http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"ipv4Entity": {
"children": [
{
"ipv4Inst": {
"children": [
{
"ipv4Dom": {
"attributes": {
"name": "default"
},
"children": [
{
"ipv4If": {
"attributes": {
"id": "eth2/2",
"urpf": "disabled"
},
"children": [
{
"ipv4Addr": {
"attributes": {
"addr": "172.23.231.240/23"
}
}
}
]
}
}
]
}
}
]
}
}
]
}
},
{
"platformEntity": {
"attributes": {
"urpfStatus": "disabled"
}
}
}
]
}
}
{
imdata:[]
}
<System>
<ipv4-items>
<inst-items>
<dom-items>
<Dom-list>
<name>default</name>
<if-items>
<If-list>
<id>eth2/2</id>
<urpf>disabled</urpf>
<addr-items>
<Addr-list>
<addr>172.23.231.240/23</addr>
</Addr-list>
</addr-items>
</If-list>
</if-items>
</Dom-list>
</dom-items>
</inst-items>
</ipv4-items>
<pltfm-items>
<urpfStatus>disabled</urpfStatus>
</pltfm-items>
</System>
Note: This example was added in Release 7.0(3)I7(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
system urpf disable
interface Ethernet2/2
ip address 172.23.231.240/23
no ip verify unicast source reachable-via rx
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/media/dme/index.html
Configuring the Source as Reachable via the Interface on Which a Packet was Received
Configuring the Source as Reachable via the Interface on Which a Packet was Received
POST http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"ipv4Entity": {
"children": [
{
"ipv4Inst": {
"children": [
{
"ipv4Dom": {
"attributes": {
"name": "default"
},
"children": [
{
"ipv4If": {
"attributes": {
"id": "eth1/4",
"urpf": "strict"
}
}
}
]
}
}
]
}
}
]
}
},
{
"interfaceEntity": {
"children": [
{
"l1PhysIf": {
"attributes": {
"id": "eth1/4",
"layer": "Layer3",
"userCfgdFlags": "admin_layer"
}
}
}
]
}
}
]
}
}
{
"imdata": []
}
<System>
<ipv4-items>
<inst-items>
<dom-items>
<Dom-list>
<name>default</name>
<if-items>
<If-list>
<id>eth1/4</id>
<urpf>strict</urpf>
</If-list>
</if-items>
</Dom-list>
</dom-items>
</inst-items>
</ipv4-items>
<intf-items>
<phys-items>
<PhysIf-list>
<id>eth1/4</id>
<layer>Layer3</layer>
<userCfgdFlags>admin_layer</userCfgdFlags>
</PhysIf-list>
</phys-items>
</intf-items>
</System>
Note: This example was added in Release 7.0(3)I7(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
interface ethernet 1/4
no switchportip verify unicast source reachable-via rx
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/media/dme/index.html
Deleting the Source Configured as Reachable via the Interface on Which a Packet was Received
Deleting the Source Configured as Reachable via the Interface on which a Packet was Received
POST http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"ipv4Entity": {
"children": [
{
"ipv4Inst": {
"children": [
{
"ipv4Dom": {
"attributes": {
"name": "default"
},
"children": [
{
"ipv4If": {
"attributes": {
"id": "eth1/4",
"urpf": "disabled"
}
}
}
]
}
}
]
}
}
]
}
},
{
"interfaceEntity": {
"children": [
{
"l1PhysIf": {
"attributes": {
"id": "eth1/4",
"layer": "Layer3",
"userCfgdFlags": "admin_layer"
}
}
}
]
}
}
]
}
}
{
"imdata": []
}
<System>
<ipv4-items>
<inst-items>
<dom-items>
<Dom-list>
<name>default</name>
<if-items>
<If-list>
<id>eth1/4</id>
<urpf>disabled</urpf>
</If-list>
</if-items>
</Dom-list>
</dom-items>
</inst-items>
</ipv4-items>
<intf-items>
<phys-items>
<PhysIf-list>
<id>eth1/4</id>
<layer>Layer3</layer>
<userCfgdFlags>admin_layer</userCfgdFlags>
</PhysIf-list>
</phys-items>
</intf-items>
</System>
Note: This example was added in Release 7.0(3)I7(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
interface ethernet 1/4
no switchportno ip verify unicast source reachable-via rx
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/media/dme/index.html
Configuring the Source as Reachable Via Any Interface With Loose Default Route Unicast Reverse Path Forwarding
Configuring the Source as Reachable Via Any Interface With Loose Default Route Unicast Reverse Path Forwarding
POST http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"ipv4Entity": {
"children": [
{
"ipv4Inst": {
"children": [
{
"ipv4Dom": {
"attributes": {
"name": "default"
},
"children": [
{
"ipv4If": {
"attributes": {
"id": "eth1/4",
"urpf": "loose-allow-default"
}
}
}
]
}
}
]
}
}
]
}
},
{
"interfaceEntity": {
"children": [
{
"l1PhysIf": {
"attributes": {
"id": "eth1/4",
"layer": "Layer3",
"userCfgdFlags": "admin_layer"
}
}
}
]
}
}
]
}
}
{
"imdata": []
}
<System>
<ipv4-items>
<inst-items>
<dom-items>
<Dom-list>
<name>default</name>
<if-items>
<If-list>
<id>eth1/4</id>
<urpf>loose-allow-default</urpf>
</If-list>
</if-items>
</Dom-list>
</dom-items>
</inst-items>
</ipv4-items>
<intf-items>
<phys-items>
<PhysIf-list>
<id>eth1/4</id>
<layer>Layer3</layer>
<userCfgdFlags>admin_layer</userCfgdFlags>
</PhysIf-list>
</phys-items>
</intf-items>
</System>
Note: This example was added in Release 7.0(3)I7(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
interface ethernet 1/4
no switchportip verify unicast source reachable-via any allow-default
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/media/dme/index.html
Deleting a Source Configured as Reachable Via Any Interface With Loose Default Route Unicast Reverse Path Forwarding
Deleting a Source Configured as Reachable Via Any Interface With Loose Default Route Unicast Reverse Path Forwarding
POST http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"ipv4Entity": {
"children": [
{
"ipv4Inst": {
"children": [
{
"ipv4Dom": {
"attributes": {
"name": "default"
},
"children": [
{
"ipv4If": {
"attributes": {
"id": "eth1/4",
"urpf": "disabled"
}
}
}
]
}
}
]
}
}
]
}
},
{
"interfaceEntity": {
"children": [
{
"l1PhysIf": {
"attributes": {
"id": "eth1/4",
"layer": "Layer3",
"userCfgdFlags": "admin_layer"
}
}
}
]
}
}
]
}
}
{
"imdata": []
}
<System>
<ipv4-items>
<inst-items>
<dom-items>
<Dom-list>
<name>default</name>
<if-items>
<If-list>
<id>eth1/4</id>
<urpf>disabled</urpf>
</If-list>
</if-items>
</Dom-list>
</dom-items>
</inst-items>
</ipv4-items>
<intf-items>
<phys-items>
<PhysIf-list>
<id>eth1/4</id>
<layer>Layer3</layer>
<userCfgdFlags>admin_layer</userCfgdFlags>
</PhysIf-list>
</phys-items>
</intf-items>
</System>
Note: This example was added in Release 7.0(3)I7(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
interface ethernet 1/4
no switchportno ip verify unicast source reachable-via any allow-default
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/media/dme/index.html