Manualshelf

R3303-HP HSR6800 Routers Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution
451452453454455456457458459460
58
URPF configuration example
Network requirements
As shown in Figure 149, enable strict URPF check on GigabitEthernet 3/0/1 of Router B and permit
packets from network 10.1.1.0/24.
Enable strict URPF check on GigabitEthernet 3/0/1 of Router A to allow using the default route for URPF
check.
Figure 149 Network diagram
Configuration procedure
1. Configure Router B:
# Define ACL 2010 to permit traffic from network 10.1.1.0/24 to pass.
<RouterB> system-view
[RouterB] acl number 2010
[RouterB-acl-basic-2010] rule permit source 10.1.1.0 0.0.0.255
[RouterB-acl-basic-2010] quit
# Specify the IP address of GigabitEthernet 3/0/1.
[RouterB] interface gigabitethernet 3/0/1
[RouterB-GigabitEthernet3/0/1] ip address 1.1.1.2 255.255.255.0
# Enable strict URPF check on GigabitEthernet 3/0/1.
[RouterB-GigabitEthernet3/0/1] ip urpf strict acl 2010
2. Configure Router A:
# Specify the IP address of GigabitEthernet 3/0/1.
<RouterA> system-view
[RouterA] interface gigabitethernet 3/0/1
[RouterA-GigabitEthernet3/0/1] ip address 1.1.1.1 255.255.255.0
# Enable strict URPF check on GigabitEthernet 3/0/1 and allow use of the default route for URPF
check.
[RouterA-GigabitEthernet3/0/1] ip urpf strict allow-default-route