3 urpf typical example – PLANET XGS3-24040 User Manual

Chapter 21 Layer 3 Forward Configuration

21-18

3. Display and debug URPF relevant information

Command

Explanation

Admin mode

debug l4driver urpf {notice |warning

|error|}

no debug l4driver urpf {notice | warning |

error|}

Enable the URPF debug function to display

error information if failures occur during the

installation of URPF rules.

Admin and Config Mode

show urpf

Display which interfaces have been

enabled with URPF function.

show urpf rule ipv4 num interface

ethernet IFNAME

Display the number of IPv4 rules bonded to

the port.

show urpf rule ipv6 num interface

ethernet IFNAME

Display the number of IPv6 rules bonded to

the port.

show urpf rule ipv4 interface ethernet

IFNAME

Display the details of IPv4 rules bonded to

the port.

show urpf rule ipv6 interface ethernet

IFNAME

Display the details of IPv6 rules bonded to

the port.

21.4.3 URPF Typical Example

In the network, topology shown in the graph above, IP URPF function is enabled on SW3. When there is

someone in the network pretending to be someone else by using his IP address to launch a vicious attack, the

switch will drop all the attacking messages directly through the hardware FFP function.

Enable the URPF function in SW3 Ethernet3/3.

Vicious

access host

PC

PC

Pretending to be SW2 by

using 10.1.1.10 to launch a

vicious attack

2002::4/64

SW1

SW2

SW3

Globally enable URPF

E1/8

E1/8

10.1.1.10/24

vlan1

E1/2

E3/2

Vlan3

E3/2

Vlan4

E3/3

Enable URPF