Login
- Table of Contents
-
- 10-Security Command Reference
- 00-Preface
- 01-AAA commands
- 02-Password control commands
- 03-Public key management commands
- 04-PKI commands
- 05-IPsec commands
- 06-SSH commands
- 07-IP source guard commands
- 08-ARP attack protection commands
- 09-uRPF commands
- 10-SSL commands
- 11-Crypto engine commands
- 12-FIPS commands
- 13-Portal commands
- 14-MACsec commands
- 15-Attack detection and prevention commands
- 16-Object group commands
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 09-uRPF commands | 64.05 KB |
uRPF commands
display ip urpf interface
Use display ip urpf interface to display uRPF configuration on an interface.
Syntax
In standalone mode:
display ip urpf interface interface-type interface-number [ slot slot-number [ cpu cpu-number ] ]
In IRF mode:
display ip urpf interface interface-type interface-number [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
interface interface-type interface-number: Specifies an interface by its type and number.
slot slot-number: Specifies a card by slot number. (In standalone mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument specifies the ID of the IRF member device, and the slot number argument specifies the number of the slot that holds the card. (In IRF mode.)
cpu cpu-number: Specifies a CPU by its number.
Usage guidelines
To display uRPF configuration on an interface, check whether the interface is a global interface:
· If it is a global interface, specify the card where the interface resides. If you do not specify the slot slot-number or chassis chassis-number slot slot-number option, the command displays uRPF configuration for the MPU. A global interface has a one-dimensional number, such as VLAN-interface 10.
· If it is not a global interface, you do not need to specify the card for the command to display the interface uRPF configuration. A non-global interface has a multiple-dimensional number, such as GigabitEthernet 3/0/1.
Examples
# Display uRPF configuration on VLAN-interface 10 for the card in slot 0.
<Sysname> display ip urpf interface Vlan-interface 10 slot 0
uRPF configuration information of interface Vlan-interface10:
Check type: strict
Allow default route
Table 1 Command output
|
Field |
Description |
|
uRPF configuration information of interface |
uRPF configuration on the interface. |
|
(failed) |
Failed to deliver the uRPF configuration to the forwarding chip because of insufficient chip resources. If this field is not displayed, the delivery is successful. |
|
Check type |
uRPF check mode is strict. |
|
Allow default route |
Allow use of the default route. |
ip urpf strict
Use ip urpf strict to enable strict uRPF check.
Use undo ip urpf to disable strict uRPF check.
Syntax
ip urpf strict [ link-check ]
undo ip urpf
Default
Strict uRPF check is disabled.
Views
Interface view
Predefined user roles
network-admin
mdc-admin
Parameters
strict: Enables strict uRPF check. To pass strict uRPF check, the source address and receiving interface of a packet must match the destination address and output interface of a FIB entry.
link-check: Enables link layer check (Ethernet link).
Usage guidelines
Use this command on a VLAN interface. Otherwise, this command does not take effect.
uRPF can be deployed on a PE connected to a CE or another ISP, or on a CE.
If a Layer 3 PE interface connects a large number of PCs, configure the link-check keyword on the interface to enable link layer check. uRPF checks the validity of the source MAC address.
Examples
# Configure strict uRPF check on VLAN-interface 10.
<Sysname> system-view
[Sysname] interface Vlan-interface 10
[Sysname-Vlan-interface10] ip urpf strict
Related commands
display ip urpf interface
