Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1210
Views
0
Helpful
5
Replies

ip verify unicast source reachable-via rx allow-default on cisco Nexus N9k

Go to solution
Ramasamy Chandrasekar
Level 1
Level 1

‎06-05-2020 05:25 AM

HI Experts,

 

Need your advise on enabling this service in nexus N9k switches running  NXOS: version 7.0(3)I7(1). Need to apply this command set in our SVI, But i couldn't find the command set available. Please advise whether any other way to enable this service under SVI.

 

Thnaks

Ramsy

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Sergiu.Daniluk
VIP Alumni
VIP Alumni
In response to Ramasamy Chandrasekar

‎06-07-2020 05:37 AM

Hi @Ramasamy Chandrasekar 

Sorry about my poor explanation. I was trying to say that it might be possible that "ip verify unicast source" command to be available only on L3 physical ports. SVI is not a port (physical interface), but is indeed a L3 interface. Skipping the nomenclature, my motivation for this statement was that in the config guide there was nothing mentioned about SVIs.  

However, I was wrong. I managed to check in my lab, on a N9K-C93180YC-FX, running 9.2.2 and the command is allowed on SVI as well.

N9K(config-if)# sh run int vlan 101

interface Vlan101
  no shutdown
  ip verify unicast source reachable-via rx

N9K(config-if)# sh run int e1/1

interface Ethernet1/1
  description myTestIf
  ip address 10.0.0.1/30
  ip verify unicast source reachable-via rx

It might be worth upgrading to 9.x and check again.

 

Hope it helps.

Sergiu

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Sergiu.Daniluk
VIP Alumni
VIP Alumni

‎06-05-2020 06:53 AM

Hi @Ramasamy Chandrasekar 

If I am not mistaking, this is not a command available for SVI. It only works on L3 ports.

 

Regards,

Sergiu

0 Helpful

Go to solution
Ramasamy Chandrasekar
Level 1
Level 1
In response to Sergiu.Daniluk

‎06-07-2020 04:44 AM - edited ‎06-07-2020 04:45 AM

Hi @Sergiu.Daniluk 

 

Thanks for the reply. 

The SVI is L3 interface. say example when a catalyst switch accepts such command set and the same SVI is not supporting on the Nexus N9K. I have attached the screenshots for your reference.

 

Preview file
18 KB
Preview file
30 KB
0 Helpful

Go to solution
Sergiu.Daniluk
VIP Alumni
VIP Alumni
In response to Ramasamy Chandrasekar

‎06-07-2020 05:37 AM

Hi @Ramasamy Chandrasekar 

Sorry about my poor explanation. I was trying to say that it might be possible that "ip verify unicast source" command to be available only on L3 physical ports. SVI is not a port (physical interface), but is indeed a L3 interface. Skipping the nomenclature, my motivation for this statement was that in the config guide there was nothing mentioned about SVIs.  

However, I was wrong. I managed to check in my lab, on a N9K-C93180YC-FX, running 9.2.2 and the command is allowed on SVI as well.

N9K(config-if)# sh run int vlan 101

interface Vlan101
  no shutdown
  ip verify unicast source reachable-via rx

N9K(config-if)# sh run int e1/1

interface Ethernet1/1
  description myTestIf
  ip address 10.0.0.1/30
  ip verify unicast source reachable-via rx

It might be worth upgrading to 9.x and check again.

 

Hope it helps.

Sergiu

0 Helpful

Go to solution
Ramasamy Chandrasekar
Level 1
Level 1
In response to Sergiu.Daniluk

‎06-07-2020 06:05 PM

Thank you @Sergiu.Daniluk and @paul driver 

 

we will propose the upgrade to the management. 

Thanks 

Ramsy

 

0 Helpful

Go to solution
paul driver
VIP
VIP

‎06-07-2020 06:08 AM - edited ‎06-07-2020 06:08 AM

Hello
FYI - Both loose and strict URPF modes should be applicable to physical, sub-interfaces, SVI's and L3 port channels, Although strict mode isn't applicable to host addresses (/32).

Once applied check the interface to see it is enabled 
sh ip interface vlan xx | in IP


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card