Manualshelf

R2511-HP MSR Router Series Security Command Reference(V5)

ManualsBrandsHP ManualsNetwork HardwareHP MSR1003-8 AC Router
561562563564565566567568569570
547
URPF configuration commands
ip urpf
Use ip urpf to enable URPF check on an interface to prevent source address spoofing attacks.
Use undo ip urpf to disable URPF check.
Syntax
ip urpf { loose | strict } [ allow-default-route ] [ acl acl-number ]
undo ip urpf
Default
URPF check is disabled.
Views
Interface view
Default command level
2: System level
Parameters
loose: Enables loose URPF check. To pass loose URPF check, the source address of a packet must match
the destination address of a FIB entry.
strict: Enables strict URPF check. To pass strict URPF check, the source address and receiving interface of
a packet must match the destination address and output interface of a FIB entry.
allow-default-route: Allows using the default route for URPF check.
acl acl-number: ACL number in the range of 2000 to 3999.
For a basic ACL, the value range is 2000 to 2999.
For an advanced ACL, the value range is 3000 to 3999.
Usage guidelines
Configuring URPF in interface view takes effect only on the interface.
You can use the display ip interface command to view statistics about packets discarded by URPF.
Examples
# Configure strict URPF check on interface Ethernet 1/2, which allows using the default route and uses
ACL 2999 to match packets.
<Sysname> system-view
[Sysname] interface ethernet 1/2
[Sysname-Ethernet1/2] ip urpf strict allow-default-route acl 2999
# Enable loose URPF check on Ethernet 1/1.
<Sysname> system-view
[Sysname] interface ethernet 1/1
[Sysname-Ethernet1/1] ip urpf loose