Configuration Procedure; Displaying And Maintaining Urpf; Urpf Configuration Example - HP FlexNetwork 10500 Series Security Configuration Manual
Hide thumbs
Also See for FlexNetwork 10500 Series:
- Configuration manual (512 pages) ,
- Specifications (42 pages) ,
- Datasheet (20 pages)
Table of Contents
Advertisement
Configuration procedure
A device supports uRPF configuration globally. Global uRPF configuration takes effect on all
interfaces.
Follow these guidelines when you configure uRPF:
•
uRPF is not supported on the LSUM1TGS48SG0(JH197A, JH205A) module.
•
uRPF checks only incoming packets on an interface.
•
uRPF does not check tunneled packets. For more information about tunneling, see Layer 3—IP
Services Configuration Guide.
•
In an MPLS network, an egress node cannot perform strict uRPF check on packets from the
penultimate hop to which the egress assigns an implicit null label. For more information about
the implicit null label, see MPLS Configuration Guide.
•
Do not configure the allow-default-route keyword for loose uRPF check. Otherwise, uRPF
might fail to work.
To enable uRPF globally:
Step
1.
Enter system view.
2.
Enable uRPF globally.
Displaying and maintaining uRPF
Execute display commands in any view.
Task
Display uRPF configuration (in standalone
mode).
Display uRPF configuration (in IRF mode).
uRPF configuration example
Network requirements
As shown in
Configure strict uRPF check on Switch A and allow using the default route for uRPF check.
Figure 135 Network diagram
Switch A
Configuration procedure
1.
Configure strict uRPF check on Switch B.
Command
system-view
ip urpf { loose
[ allow-default-route ] | strict
[ allow-default-route ] }
Figure
135, configure strict uRPF check on Switch B.
Switch B
Command
display ip urpf [ slot slot-number ]
display ip urpf [ chassis chassis-number slot
slot-number ]
IP network
451
Remarks
N/A
By default, uRPF is disabled.
Advertisement
Table of Contents
Troubleshooting
