xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
1229
Chapter 118
Unicast Reverse
Path Forwarding (URPF)
Commands
config ip urpf ports [<portlist> | all] mode [loose | strict] {default_route_check state [enable |
disable]}
show ip urpf {ports <portlist>}
delete ip urpf ports [<portlist> | all]
118-1 config ip urpf ports
Description
This command is used to add URPF checking on one or more ports. URPF helps to mitigate
problems caused by the introduction of malformed or forged IP source addresses into a network by
discarding IP packets that lack a verifiable IP source address.
Format
config ip ur
pf ports [<portlist> | all] mo
de [loose | strict] {
default_route_check state
[en
able
| disable]}
Parameters
ports - Specifies the list of ports that will be used for this configuration.
<portlist> - Enter the list of ports that will be used for this configuration.
all - Specifies that all the ports will be used for this configuration.
mode - Specifies the URPF checking mode.
loose - Specifies that it will merely verify whether the source IP address is present in the
routing table.
strict - Specifies to perform checks to ensure that the SIP address is present in the routing
table and the incoming Layer 3 interface matches the SIP's Layer 3 interface in the routing
default_route_check - (Optional) Specifies to perform a URPF check on the default route in the
routing table.
state - Specifies that default route checking state.
enable - Specifies that if the source IP address of the incoming packet only matches the
default route, the packet will be dropped.
disable - Specifies that if the source IP address of the incoming packet only matches the
default route, the packet will be passed.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
To Next Page
Loading...
Need help?
General