Login
- Table of Contents
-
- 11-Security Command Reference
- 00-Preface
- 01-Keychain commands
- 02-Public key management commands
- 03-PKI commands
- 04-Crypto engine commands
- 05-SSH commands
- 06-SSL commands
- 07-Packet filter commands
- 08-DHCP snooping commands
- 09-DHCPv6 snooping commands
- 10-ARP attack protection commands
- 11-ND attack defense commands
- 12-Attack detection and prevention commands
- 13-IP-based attack prevention commands
- 14-uRPF commands
| Title | Size | Download |
|---|---|---|
| 14-uRPF commands | 40.78 KB |
IPv4 uRPF commands
display ip urpf
Use display ip urpf to display uRPF configuration.
Syntax
display ip urpf [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies the slot number of the device, which is fixed at 1.
Examples
# Display uRPF configuration for the specified slot.
<Sysname> display ip urpf slot 1
Global uRPF configuration information(failed):
Check type: strict
Table 1 Command output
|
Field |
Description |
|
(failed) |
The system failed to deliver the uRPF configuration to the forwarding chip because of insufficient chip resources. This field is not displayed if the delivery is successful. |
|
Check type |
uRPF check mode: loose or strict. |
ip urpf
Use ip urpf to enable uRPF.
Use undo ip urpf to disable uRPF.
Syntax
ip urpf { loose | strict }
undo ip urpf
Default
uRPF is disabled.
Views
System view
Predefined user roles
network-admin
Parameters
loose: Enables loose uRPF check. To pass loose uRPF check, the source address of a packet must match the destination address of a FIB entry.
strict: Enables strict uRPF check. To pass strict uRPF check, the source address and receiving interface of a packet must match the destination address and output interface of a FIB entry.
Usage guidelines
uRPF can be deployed on a PE connected to a CE or an ISP, or on a CE.
If the specified ACL does not exist or does not contain rules, the ACL cannot match any packets.
If the vpn-instance keyword is specified in an ACL rule, the rule applies only to VPN packets. If the vpn-instance keyword is not specified in an ACL rule, the rule applies only to public network packets.
Examples
# Enable strict uRPF check globally.
<Sysname> system-view
[Sysname] ip urpf strict
Related commands
display ip urpf
