Chapter 118 Unicast Reverse Path Forwarding (Urpf) Commands - D-Link xstack DGS-3620 series Reference Manual

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Chapter 118 Unicast Reverse
Path Forwarding (URPF)
Commands
config ip urpf ports [<portlist> | all] mode [loose | strict] {default_route_check state [enable |
disable]}
enable ip urpf
disable ip urpf
show ip urpf {ports <portlist>}
delete ip urpf ports [<portlist> | all]
118-1 config ip urpf ports
Description
This command is used to add URPF checking on one or more ports. URPF helps to mitigate
problems caused by the introduction of malformed or forged IP source addresses into a network by
discarding IP packets that lack a verifiable IP source address.
Format
config ip urpf ports [<portlist> | all] mode [loose | strict] {default_route_check state [enable
| disable]}
Parameters
ports - Specifies the list of ports that will be used for this configuration.
<portlist> - Enter the list of ports that will be used for this configuration.
all - Specifies that all the ports will be used for this configuration.
mode - Specifies the URPF checking mode.
loose - Specifies that it will merely verify whether the source IP address is present in the
routing table.
strict - Specifies to perform checks to ensure that the SIP address is present in the routing
table and the incoming Layer 3 interface matches the SIP's Layer 3 interface in the routing
table.
default_route_check - (Optional) Specifies to perform a URPF check on the default route in the
routing table.
state - Specifies that default route checking state.
enable - Specifies that if the source IP address of the incoming packet only matches the
default route, the packet will be dropped.
disable - Specifies that if the source IP address of the incoming packet only matches the
default route, the packet will be passed.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
1229