Manualshelf

R3303-HP HSR6800 Routers Security Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution
501502503504505506507508509510
496
URPF configuration commands
ip urpf
Use ip urpf to enable URPF check on an interface to prevent source address spoofing attacks.
Use undo ip urpf to disable URPF check.
Syntax
ip urpf { loose | strict } [ allow-default-route ] [ acl acl-number ]
undo ip urpf
Default
URPF check is disabled.
Views
Interface view
Default command level
2: System level
Parameters
loose: Enables loose URPF check. For a packet to pass loose URPF check, the source address of the
packet must match the destination address of a FIB entry.
strict: Enables strict URPF check. For a packet to pass strict URPF check, the source address and receiving
interface of the packet must match the destination address and output interface of a FIB entry.
allow-default-route: Allows using the default route for URPF check.
acl acl-number: ACL number in the range of 2000 to 3999.
For a basic ACL, the value range is 2000 to 2999.
For an advanced ACL, the value range is 3000 to 3999.
Usage guidelines
Configuring URPF in interface view takes effect only on the interface.
You can use the display ip interface command to view statistics about packets discarded by URPF.
Examples
# Configure strict URPF check on interface GigabitEthernet 3/0/2, which allows using the default route
and uses ACL 2999 to match packets.
<Sysname> system-view
[Sysname] interface gigabitethernet 3/0/2
[Sysname-GigabitEthernet 3/0/2] ip urpf strict allow-default-route acl 2999
# Enable loose URPF check on GigabitEthernet 3/0/1.
<Sysname> system-view
[Sysname] interface gigabitethernet 3/0/1
[Sysname-GigabitEthernet 3/0/1] ip urpf loose