R0106-HP MSR Router Series Security Configuration Guide(V7)
426
Ste
p
Command
Remarks
3. Enable uRPF on the interface.
ip urpf { loose
[ allow-default-route ] [ acl
acl-number ] | strict
[ allow-default-route ] [ acl
acl-number ] [ link-check ] }
By default, uRPF is disabled.
Displaying and maintaining uRPF
Execute display commands in any view.
Task Command
Display uRPF configuration
(MSR2000/MSR3000).
display ip urpf [ interface interface-type interface-number ]
Display uRPF configuration (MSR4000).
display ip urpf [ interface interface-type interface-number ]
[ slot slot-number ]
uRPF configuration example
Network requirements
As shown in Figure 131, configure strict uRPF check on GigabitEthernet 2/1/1 of Router B and permit
packets from network 10.1.1.0/24.
Configure strict uRPF check on GigabitEthernet 2/1/1 of Router A and allow using the default route for
uRPF check.
Figure 131 Network diagram
Configuration procedure
1. Configure Router B:
# Define ACL 2010 to permit traffic from network 10.1.1.0/24.
<RouterB> system-view
[RouterB] acl number 2010
[RouterB-acl-basic-2010] rule permit source 10.1.1.0 0.0.0.255
[RouterB-acl-basic-2010] quit
# Specify the IP address of GigabitEthernet 2/1/1.
[RouterB] interface gigabitethernet 2/1/1
[RouterB-GigabitEthernet2/1/1] ip address 1.1.1.2 255.255.255.0
# Configure strict uRPF check on GigabitEthernet 2/1/1.
[RouterB-GigabitEthernet2/1/1] ip urpf strict acl 2010
2. Configure Router A:
# Specify the IP address of GigabitEthernet 2/1/1.