Figure 8-1 Networking Diagram For Disabling Urpf For The Specified Traffic - Huawei Quidway S9300 Configuration Manual

Quidway S9300 Terabit Routing Switch
Configuration Guide - Security
strict URPF check on GE 1/0/1 and GE 2/0/1. In addition, it is required that the S9300 trusts the
packets from user A whose IP address is 10.0.0.2/24. In this case, you also need to disable URPF
check for the packets sent by user A.

Figure 8-1 Networking diagram for disabling URPF for the specified traffic

Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
3.
4.
5.
6.
Data Preparation
To complete the configuration, you need the following data:
l
l
l
l
l
Procedure
Step 1 Configure the URPF function.
# Enable the URPF function on the LPU.
<Quidway> system-view
[Quidway] urpf slot 1
[Quidway] urpf slot 2
Issue 01 (2009-07-28)
PC A
IP:10.0.0.2/24
GE1/0/1
S9300
PC B
Configure the URPF function.
Configure the ACL.
Configure the traffic classifier.
Configure the traffic behavior.
Configure the traffic policy.
Apply the traffic policy to an interface.
Interfaces enabled with URPF: GE 1/0/1 and GE 2/0/1
ACL number: 2000
IP address of user A: 10.0.0.2/24
Names of traffic classifier, traffic behavior, and traffic policy: tc1, tb1, and tp1
Interface where the traffic policy is applied: GE 1/0/1
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
GE2/0/1
8 ACL Configuration
8-13