- Table of Contents
-
- 11-Security Command Reference
- 00-Preface
- 01-AAA commands
- 02-802.1X commands
- 03-MAC authentication commands
- 04-Portal commands
- 05-Port security commands
- 06-Password control commands
- 07-Keychain commands
- 08-Public key management commands
- 09-PKI commands
- 10-IPsec commands
- 11-SSH commands
- 12-SSL commands
- 13-Attack detection and prevention commands
- 14-TCP attack prevention commands
- 15-IP source guard commands
- 16-ARP attack protection commands
- 17-ND attack defense commands
- 18-uRPF commands
- 19-MFF commands
- 20-FIPS commands
- 21-802.1X client commands
- 22-Web authentication commands
- 23-Object group commands
- 24-Microsegmentation commands
- Related Documents
-
Title | Size | Download |
---|---|---|
18-uRPF commands | 49.97 KB |
IPv4 uRPF commands
display ip urpf
Use display ip urpf to display uRPF configuration.
Syntax
In standalone mode:
display ip urpf [ slot slot-number ]
In IRF mode:
display ip urpf [ chassis chassis-number slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays uRPF configuration for all cards. (In standalone mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays uRPF configuration for all cards. (In IRF mode.)
Examples
# (In standalone mode.) Display uRPF configuration for the specified slot.
<Sysname> display ip urpf slot 1
Global uRPF configuration information(failed):
Check type: strict
Allow default route
Table 1 Command output
Field |
Description |
(failed) |
The system failed to deliver the uRPF configuration to the forwarding chip because of insufficient chip resources. This field is not displayed if the delivery is successful. |
Check type |
uRPF check mode: loose or strict. |
Allow default route |
Using the default route is allowed. |
ip urpf
Use ip urpf to enable uRPF.
Use undo ip urpf to disable uRPF.
Syntax
ip urpf { loose [ allow-default-route ] | strict [ allow-default-route ] }
undo ip urpf
Default
uRPF is disabled.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
loose: Enables loose uRPF check. To pass loose uRPF check, the source address of a packet must match the destination address of a FIB entry.
strict: Enables strict uRPF check. To pass strict uRPF check, the source address and receiving interface of a packet must match the destination address and output interface of a FIB entry. You can enable strict uRPF check only in VLAN interface view.
allow-default-route: Allows using the default route for uRPF check.
Usage guidelines
uRPF can be deployed on a PE connected to a CE or an ISP, or on a CE.
Examples
# Enable strict uRPF check globally.
<Sysname> system-view
[Sysname] ip urpf strict
Related commands
display ip urpf
IPv6 uRPF commands
display ipv6 urpf
Use display ipv6 urpf to display IPv6 uRPF configuration.
Syntax
In standalone mode:
display ipv6 urpf [ slot slot-number ]
In IRF mode:
display ipv6 urpf [ chassis chassis-number slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays IPv6 uRPF configuration for all cards. (In standalone mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays IPv6 uRPF configuration for all cards. (In IRF mode.)
Examples
# (In standalone mode.) Display IPv6 uRPF configuration for the specified slot.
<Sysname> display ipv6 urpf slot 1
Global IPv6 uRPF configuration information(failed):
Check type: strict
Allow default route
Table 2 Command output
Field |
Description |
(failed) |
The system failed to deliver the IPv6 uRPF configuration to the forwarding chip because of insufficient chip resources. This field is not displayed if the delivery is successful. |
Check type |
IPv6 uRPF check mode: loose or strict. |
Allow default route |
Using the default route is allowed. |
ipv6 urpf
Use ipv6 urpf to enable IPv6 uRPF.
Use undo ipv6 urpf to disable IPv6 uRPF.
Syntax
ipv6 urpf { loose | strict } [ allow-default-route ]
undo ipv6 urpf
Default
IPv6 uRPF is disabled.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
loose: Enables loose IPv6 uRPF check. To pass loose IPv6 uRPF check, the source address of a packet must match the destination address of an IPv6 FIB entry.
strict: Enables strict IPv6 uRPF check. To pass strict IPv6 uRPF check, the source address and receiving interface of a packet must match the destination address and output interface of an IPv6 FIB entry.
allow-default-route: Allows using the default route for IPv6 uRPF check.
Usage guidelines
IPv6 uRPF can be deployed on a CE or on a PE connected to either a CE or an ISP.
Examples
# Enable strict IPv6 uRPF check globally.
<Sysname> system-view
[Sysname] ipv6 urpf strict
Related commands
display ipv6 urpf