3 urpf typical example, 4 urpf troubleshooting, 5 arp – QTECH QSW-8300 Инструкция по настройке User Manual

+7(495) 797-3311 www.qtech.ru

Москва, Новозаводская ул., 18, стр. 1

139

16.4.3 URPF Typical Example

In the network, topology shown in the graph above, IP URPF function is enabled on SW3.

When there is someone in the network pretending to be someone else by using his IP address

to launch a vicious attack, the switch will drop all the attacking messages directly through the

hardware function.

Enable the URPF function in SW3.

SW3 configuration task sequence:

Switch3#config

Switch3(config)#urpf enable

16.4.4 URPF Troubleshooting

If all configurations are normal but URPF still can’t operate as expected, please enable the
URPF debug function and use “show urpf” command to observe whether URPF is enabled,

and send the result to the technology service center.

16.5 ARP

16.5.1 Introduction to ARP

ARP (Address Resolution Protocol) is mainly used to resolve IP address to Ethernet MAC

address. Switch supports both dynamic ARP and static ARP configuration.Furthermore, switch

supports the configuration of proxy ARP for some applications. For instance, when an ARP

request is received on the port, requesting an IP address in the same IP segment of the port

but not the same physical network, if the port has enabled proxy ARP, the port would reply to

the ARP with its own MAC address and forward the actual packets received. Enabling proxy

ARP allows machines physically separated but of the same IP segment ignores the physical

Vicious access host

PC

PC

Pretending to be SW2 by
using 10.1.1.10 to launch
a vicious attack

2002::4/64

SW1

SW2

SW3
Globally enable URPF

E1/0/8

E1/0/8

10.1.1.10/24
vlan1
E1/0/2

E1/0/2
Vlan3
E3/2

Vlan4
E1/0/3
Enable URPF