Manual
+7(495) 797-3311 www.qtech.ru
Москва, Новозаводская ул., 18, стр. 1
139
16.4.3 URPF Typical Example
In the network, topology shown in the graph above, IP URPF function is enabled on SW3.
When there is someone in the network pretending to be someone else by using his IP address
to launch a vicious attack, the switch will drop all the attacking messages directly through the
hardware function.
Enable the URPF function in SW3.
SW3 configuration task sequence:
Switch3#config
Switch3(config)#urpf enable
16.4.4 URPF Troubleshooting
If all configurations are normal but URPF still can’t operate as expected, please enable the
URPF debug function and use “show urpf” command to observe whether URPF is enabled,
and send the result to the technology service center.
16.5 ARP
16.5.1 Introduction to ARP
ARP (Address Resolution Protocol) is mainly used to resolve IP address to Ethernet MAC
address. Switch supports both dynamic ARP and static ARP configuration.Furthermore, switch
supports the configuration of proxy ARP for some applications. For instance, when an ARP
request is received on the port, requesting an IP address in the same IP segment of the port
but not the same physical network, if the port has enabled proxy ARP, the port would reply to
the ARP with its own MAC address and forward the actual packets received. Enabling proxy
ARP allows machines physically separated but of the same IP segment ignores the physical
Vicious access host
PC
PC
Pretending to be SW2 by
using 10.1.1.10 to launch
a vicious attack
2002::4/64
SW1
SW2
SW3
Globally enable URPF
E1/0/8
E1/0/8
10.1.1.10/24
vlan1
E1/0/2
E1/0/2
Vlan3
E3/2
Vlan4
E1/0/3
Enable URPF