URPF configuration commands
NOTE:
router
The term
ip urpf
Syntax
ip urpf { loose | strict }
undo ip urpf
View
System view
Default level
2: System level
Parameters
loose: Specifies loose URPF check. To pass loose URPF check, the source address of a packet must match
the destination address of a FIB entry.
strict: Specifies strict URPF check. To pass strict URPF check, the source address and receiving interface
of a packet must match the destination address and output interface of a FIB entry.
Description
Use the ip urpf command to enable URPF check to prevent source address spoofing attacks.
Use the undo ip urpf command to disable URPF check.
By default, URPF check is disabled.
NOTE:
The routing table size decreases by half when URPF is enabled on the 3600 v2 switches.
•
To prevent loss of routes and packets, URPF cannot be enabled on the switch if the number of route
•
entries the switch maintains exceeds half the routing table size.
Examples
# Enable strict URPF check globally.
<Sysname> system-view
[Sysname] ip urpf strict
in this document refers to both routers and Layer 3 switches.
321