Configure URPF Function
Configuration Condition
None
Configure URPF Check
Configuring the URPF check it to filter the attack packet based on the false source IP address at the receiving interface. URPF supports the strict and loose modes. In the loose mode, URPF performs the route table searching for the source IP address of the received packet. If finding the route, permit the packet to pass, while in the strict mode, we not only need to find the route, but also the egress interface and the packet receiving interface need to be the same so that the packet can be permitted to pass.
Table 16-2 Configure the URPF check
|
Step
|
Command
|
Description
|
|
Enter global configuration mode
|
configure terminal
|
-
|
|
Enable the global URPF check
|
ip urpf [ allow-default-route ]
|
Mandatory
|
|
Enter the port configuration mode
|
interface interface-name
|
-
|
|
Enable the port URPF check
|
ip urpf { loose | strict }
|
Mandatory
By default, the port does not enable the URPF check. The port URPF check can take effect only after enabling the global URPF check.
|
-
Enabling the URPF function will make the maximum number of the route tables supported by the whole device be reduced by half.
Switch
.png){kind=icon}
.png){kind=logo}
