Login
- Table of Contents
-
- 08-Security Command Reference
- 00-Preface
- 01-AAA commands
- 02-802.1X commands
- 03-MAC authentication commands
- 04-Portal commands
- 05-Port security commands
- 06-Password control commands
- 07-Public key management commands
- 08-PKI commands
- 09-IPsec commands
- 10-SSH commands
- 11-SSL commands
- 12-IP source guard commands
- 13-ARP attack protection commands
- 14-MFF commands
- 15-uRPF commands
- 16-Crypto engine commands
- 17-FIPS commands
- 18-ND attack defense commands
- 19-User profile commands
- 20-Attack detection and prevention commands
- 21-MACsec commands
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 15-uRPF commands | 31.35 KB |
uRPF commands
display ip urpf
Use display ip urpf to display uRPF configuration.
Syntax
display ip urpf [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies an IRF member device. The slot number argument specifies the ID of the IRF member device.
Examples
# Display uRPF configuration.
<Sysname> display ip urpf
Global uRPF configuration information:
Check type: strict
Allow default route
Table 1 Command output
|
Field |
Description |
|
Global uRPF configuration information |
Global uRPF configuration. |
|
(failed) |
Failed to deliver the uRPF configuration to the forwarding chip because of insufficient chip resources. If this field does not exist, the delivery is successful. |
|
Check type |
uRPF check mode: loose or strict. |
|
Allow default route |
Allow use of the default route. |
ip urpf
Use ip urpf to enable uRPF.
Use undo ip urpf to disable uRPF.
Syntax
ip urpf { loose | strict }
undo ip urpf
Default
uRPF is disabled.
Views
System view
Predefined user roles
network-admin
Parameters
loose: Enables loose uRPF check. To pass loose uRPF check, the source address of a packet must match the destination address of a FIB entry.
strict: Enables strict uRPF check. To pass strict uRPF check, the source address and receiving interface of a packet must match the destination address and output interface of a FIB entry.
Usage guidelines
Global uRPF configuration takes effect on both IPv4 and IPv6 routes.
uRPF can be deployed on a PE connected to a CE or another ISP, or on a CE.
Configure strict uRPF check on a PE interface connected to a CE, and configure loose uRPF check on a PE interface connected to another ISP.
For asymmetrical routing where the interface receiving upstream traffic is different from the interface forwarding downstream traffic on a PE device, configure loose uRPF to avoid discarding valid packets. If the two interfaces are the same (symmetrical routing), configure strict uRPF. An ISP usually adopts symmetrical routing on a PE device.
Examples
# Enable strict uRPF check globally.
<Sysname> system-view
[Sysname] ip urpf strict
Related commands
display ip urpf
