Unicast Reverse Path Forwarding (Urpf) Commands - D-Link DXS-3600 Series Reference Manual

DXS-3600 Series Layer 3 Managed 10Gigabit Ethernet Switch CLI Reference Guide
108. Unicast Reverse Path Forwarding (URPF)
Commands
108-1 ip urpf
This command is used to enable Unicast Reverse Path Forwarding (URPF) checking globally. Use the no
form of this command to disable the global state of URPF.
ip urpf
no ip urpf
Parameters
None.
Default
By default, this option is disabled.
Command Mode
Global Configuration Mode.
Command Default Level
Level: 12.
Usage Guideline
One common method to initiate an attack is to utilize IPv4/IPv6 source address spoofing. When using this
method, a hacker attempts to send traffic into the network with a source address that is known or trusted
by the target. If no protection exists, the organizational network will allow the traffic and potentially be
open to a number of different attack types. URPF helps to mitigate problems caused by malformed or
forged IPv4/IPv6 source addresses passing through a router.
The ip urpf global configuration command is used to enable URPF globally and the ip verify unicast
source interface mode command is used to enable URPF on the interface. To enable URPF on an
interface, enable the function both globally and on the interface.
Example
This example shows how to enable the URPF checking globally.
Switch# configure terminal
Switch(config)# ip urpf
WARNING: The command does not take effect until after the next reboot.
Switch(config)#
108-2 ip verify unicast source
This command is used to configure URPF on interfaces. Use the no form of this command to disable
URPF checking on an interface or to revert the settings to the default.
ip verify unicast source [reachable-via {any | rx}] [allow-default] [access-group IP-ACCESS-
LIST-NAME] [ipv6-access-group IPV6-ACCESS-LIST-NAME]
no ip verify unicast source [reachable-via] [allow-default] [access-group] [ipv6-access-group]
1202