Login
- Table of Contents
-
- 10-Security Command Reference
- 00-Preface
- 01-AAA commands
- 02-802.1X commands
- 03-MAC authentication commands
- 04-Portal commands
- 05-Port security commands
- 06-Password control commands
- 07-Public key management commands
- 08-SSL commands
- 09-PKI commands
- 10-IPsec commands
- 11-SSH commands
- 12-IP source guard commands
- 13-ARP attack protection commands
- 14-uRPF commands
- 15-FIPS commands
- 16-Attack detection and prevention commands
- 17-MACsec commands
- 18-MFF commands
- 19-ND attack defense commands
- 20-Keychain commands
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 14-uRPF commands | 38.18 KB |
IPv4 uRPF commands
display ip urpf
Use display ip urpf to display uRPF configuration.
Syntax
display ip urpf [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies an IRF member device by its member ID or specifies a PEX by its virtual slot number. On an IRF fabric, this command displays uRPF configuration for all member devices if you do not specify a member device. On an IRF 3 system, this command displays uRPF configuration for all IRF member devices and PEXs if you do not specify an IRF member device or PEX.
Examples
# Display uRPF configuration for IRF member device 3.
<Sysname> display ip urpf slot 3
Global uRPF configuration information(failed):
Check type: strict
Allow default route
Table 1 Command output
|
Field |
Description |
|
Global uRPF configuration information |
Global uRPF configuration. |
|
(failed) |
Failed to deliver the uRPF configuration to the forwarding chip because of insufficient chip resources. If this field does not exist, the delivery is successful. |
|
Check type |
uRPF check mode: loose or strict. |
|
Allow default route |
Allow use of the default route. |
ip urpf
Use ip urpf to enable uRPF.
Use undo ip urpf to disable uRPF.
Syntax
ip urpf { loose [ allow-default-route ] | strict [ allow-default-route ] }
undo ip urpf
Default
uRPF is disabled.
Views
System view
Predefined user roles
network-admin
Parameters
loose: Enables loose uRPF check. To pass loose uRPF check, the source address of a packet must match the destination address of a FIB entry.
strict: Enables strict uRPF check. To pass strict uRPF check, the source address and receiving interface of a packet must match the destination address and output interface of a FIB entry.
allow-default-route: Allows using the default route for uRPF check.
Usage guidelines
uRPF can be deployed on a PE connected to a CE or another ISP, or on a CE.
For asymmetrical routing, configure loose uRPF to avoid discarding valid packets. For symmetrical routing, configure strict uRPF. An ISP usually adopts symmetrical routing on a PE device.
Typically, you do not need to configure the allow-default-route keyword on a PE device, because it has no default route pointing to a CE. If you enable uRPF on a CE that has a default route pointing to the PE, select the allow-default-route keyword.
Examples
# Enable strict uRPF check globally.
<Sysname>system-view
[Sysname]ip urpf strict
Related commands
display ip urpf
IPv6 uRPF commands
display ipv6 urpf
Use display ipv6 urpf to display IPv6 uRPF configuration.
Syntax
display ipv6 urpf [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies an IRF member device by its member ID or specifies a PEX by its virtual slot number. On an IRF fabric, this command displays IPv6 uRPF configuration for all member devices if you do not specify a member device. On an IRF 3 system, this command displays IPv6 uRPF configuration for all IRF member devices and PEXs if you do not specify an IRF member device or PEX.
Examples
# Display IPv6 uRPF configuration for IRF member device 3.
<Sysname> display ipv6 urpf slot 3
Global IPv6 uRPF configuration information(failed):
Check type: strict
Allow default route
Table 2 Command output
|
Field |
Description |
|
Global IPv6 uRPF configuration information |
Global IPv6 uRPF configuration. |
|
(failed) |
Failed to deliver the IPv6 uRPF configuration to the forwarding chip because of insufficient chip resources. If this field does not exist, the delivery is successful. |
|
Check type |
IPv6 uRPF check mode: loose or strict. |
|
Allow default route |
Allow use of the default route. |
ipv6 urpf
Use ipv6 urpf to enable IPv6 uRPF.
Use undo ipv6 urpf to disable IPv6 uRPF.
Syntax
ipv6 urpf { loose | strict } [ allow-default-route ]
undo ipv6 urpf
Default
IPv6 uRPF is disabled.
Views
System view
Predefined user roles
network-admin
Parameters
loose: Enables loose IPv6 uRPF check. To pass loose IPv6 uRPF check, the source address of a packet must match the destination address of an IPv6 FIB entry.
strict: Enables strict IPv6 uRPF check. To pass strict IPv6 uRPF check, the source address and receiving interface of a packet must match the destination address and output interface of an IPv6 FIB entry.
allow-default-route: Allows using the default route for IPv6 uRPF check.
Usage guidelines
IPv6 uRPF can be deployed on a CE or on a PE connected to either a CE or another ISP.
For asymmetrical routing, configure loose IPv6 uRPF to avoid discarding valid packets. For symmetrical routing, configure strict IPv6 uRPF. An ISP usually adopts symmetrical routing on a PE device.
Examples
# Enable strict IPv6 uRPF check globally.
<Sysname>system-view
[Sysname]ipv6 urpf strict
Related commands
display ipv6 urpf
