ip urpf strict enable

Function

The ip urpf strict enable command enables IPv4 URPF for PPPoE users in the virtual template view.

The undo ip urpf strict enable command disables IPv4 URPF check for PPPoE users in the virtual template view.

By default, IPv4 URPF for PPPoE users is enabled.

This command is supported only on the NetEngine 8000 F1A.

Format

ip urpf strict enable [ check subnet ]

undo ip urpf strict enable [ check subnet ]

Parameters

Parameter	Description	Value
check subnet	Enables strict URPF check for the PPPoE leased line users and common PPPoE users. If the parameter is not specified, URPF strict check is enabled only for common PPPoE users.	-

Parameter

Description

Value

check subnet

Enables strict URPF check for the PPPoE leased line users and common PPPoE users. If the parameter is not specified, URPF strict check is enabled only for common PPPoE users.

Views

Virtual template view

Default Level

2: Configuration level

Task Name and Operations

Task Name	Operations
bras-control	write

Usage Guidelines

Usage Scenario

To prevent source address spoofing attacks, run the ip urpf strict enable command to enable IPv4 URPF for PPPoE users.

If the check subnet parameter is not specified in the ip urpf strict enable command, IPv4 URPF takes effect only for common PPPoE users. If the check subnet parameter is specified in the ip urpf strict enable command, IPv4 URPF also takes effect for PPPoE leased line users based on the Framed-Route or Framed-IP-Netmask subnet.

Configuration Impact

IPv4 URPF is enabled for all PPPoE users that use the virtual template.

Precautions

In VS mode, this command is supported only by the admin VS.

Example

# Enable IPv4 URPF in the view of virtual template 100 for PPPoE users.

<HUAWEI> system-view
[~HUAWEI] interface Virtual-Template100
[*HUAWEI-Virtual-Template100] ip urpf strict enable