Urpf Operation Mechanism; Urpf Configuration Task Sequence - Edge-Core ES4624-SFP Manual

10.4.2 URPF Operation Mechanism

At present the URPF operation mechanism is dependent on the ACL function
provided by the switch chip when enabling URPF on layer 3 interface.
First apply deny-all rule on all layer 2 ports under the layer 3 interface. All data
packet will be denied at the switch by default.
And then apply a rule to all the port under this layer 3 interface permitting the IP
address configured to the layer 3 interface which forms a direct route, so to ensure the
data packet sourced within the segment can enter the switch.
As for the route learnt by the switch which goes out through this layer 3 interface, if
there is any route in the hardware forwarding table in the switch which goes out from a
port under this layer 3 interface, then apply ACL rule on this port in which permitting
address of the packets is the destination address of this route.
With above operation, we can ensure that before the data reaches the port, only
those complying with above rules can enter the port and others will be dropped.
At present the URPF is applied with strict route check mechanism. Only the data
complying with rules can enter the switch through the port or be forwarded by the switch
As the priority of the ACL rules corresponding with URPF is low which will not block
various protocol data packet, so enabling this function will not affect the regular operation
of the switch routing protocols.

10.4.3 URPF Configuration Task Sequence

1. Enable URPF
2. Display and debug URPF relevant information
1) Globally enable URPF
Command
Port mode
urpf enable
no urpf enable
2) Display and debug URPF relevant information
Command
Admin mode
debug urpf
no debug urpf
show urpf
Explanation
Enable and disable URPF on layer 3
interface (interface vlan)
Explanation
Enable the debugging information of the
URPF module, the "no" form of this
command disables the URPF debugging
information output
Display which layer 3 interfaces has
enabled with URPF
321