Urpf Configuration Commands; Ip Urpf - HPE FlexNetwork HSR6800 Security Command Reference

URPF configuration commands

ip urpf

Use ip urpf to enable URPF check on an interface to prevent source address spoofing attacks.
Use undo ip urpf to disable URPF check.
Syntax
ip urpf { loose | strict } [ allow-default-route ] [ acl acl-number ]
undo ip urpf
Default
URPF check is disabled.
Views
Interface view
Default command level
2: System level
Parameters
loose: Enables loose URPF check. For a packet to pass loose URPF check, the source address of
the packet must match the destination address of a FIB entry.
strict: Enables strict URPF check. For a packet to pass strict URPF check, the source address and
receiving interface of the packet must match the destination address and output interface of a FIB
entry.
allow-default-route: Allows using the default route for URPF check.
acl acl-number: ACL number in the range of 2000 to 3999.
•
For a basic ACL, the value range is 2000 to 2999.
•
For an advanced ACL, the value range is 3000 to 3999.
Usage guidelines
Configuring URPF in interface view takes effect only on the interface.
You can use the display ip interface command to view statistics about packets discarded by URPF.
Examples
# Configure strict URPF check on interface GigabitEthernet 3/0/2, which allows using the default
route and uses ACL 2999 to match packets.
<Sysname> system-view
[Sysname] interface gigabitethernet 3/0/2
[Sysname-GigabitEthernet 3/0/2] ip urpf strict allow-default-route acl 2999
# Enable loose URPF check on GigabitEthernet 3/0/1.
<Sysname> system-view
[Sysname] interface gigabitethernet 3/0/1
[Sysname-GigabitEthernet 3/0/1] ip urpf loose
472