Table of Contents
Advertisement
debug l4driver urpf {notice |warning
|error|}
no debug l4driver urpf {notice | warning |
error|}
Admin and Config Mode
show urpf
show urpf rule ipv4 num interface
ethernet IFNAME
show urpf rule ipv6 num interface
ethernet IFNAME
show urpf rule ipv4 interface ethernet
IFNAME
show urpf rule ipv6 interface ethernet
IFNAME
21.4.3 URPF Typical Example
SW1
In the network, topology shown in the graph above, IP URPF function is enabled on SW3. When there is
someone in the network pret ending to be someone else by using his IP address to launch a vicious attack, the
switch will drop all the attacking messages directly through the hardware FFP function.
Enable the URPF function in SW3 Ethernet3/ 3.
SW3 configuration task sequenc e:
Switch3#config
Switch3(config)#urpf enable
Switch3(config)#interface ethernet 3/3
Switch3(Config-If-Ethernet3/3)#ip urpf enable strict
SW2
E1/8
E1/8
Pretending to be SW2 by
using 10.1.1.10 to launch a
vicious attack
PC
access host
Vicious
21-18
Enable the URPF debug function to display
error information if failures occur during the
installation of URPF rules.
Display
which
interfaces
enabled with URPF function.
Display the number of IP v4 rules bonded to
the port.
Display the number of IP v6 rules bonded to
the port.
Display the details of IP v4 rules bonded to
the port.
Display the details of IP v6 rules bonded to
the port.
E3/2
Vlan3
E3/2
10.1.1.10/24
vlan1
E1/2
Enable URPF
PC
2002::4/64
have
been
SW3
Globally enable URPF
Vlan4
E3/3
Advertisement
Table of Contents
Troubleshooting
