ipv6 urpf strict enable

Function

The ipv6 urpf strict enable command enables IPv6 URPF for IPv6 L2TP users and IPv6 PPPoE users in the virtual template view.

The undo ipv6 urpf strict enable command disables IPv6 URPF for IPv6 L2TP users and IPv6 PPPoE users in the virtual template view.

By default, IPv6 URPF is disabled for IPv6 L2TP users and IPv6 PPPoE users.

This command is supported only on the NetEngine 8000 F1A.

Format

ipv6 urpf strict enable [ check subnet ]

undo ipv6 urpf strict enable [ check subnet ]

Parameters

Parameter	Description	Value
check	Enables strict URPF check for common L2TP users, dual-stack L2TP users, L2TP leased line users, common PPPoE users, dual-stack PPPoE users, and PPPoE leased line users. If the parameter is not specified, strict URPF check is enabled only for common L2TP users, dual-stack L2TP users, common PPPoE users and dual-stack PPPoE users.	-
subnet	The subnet of framed-ipv6-route.	-
strict	Indicates URPF strict check. That is, a packet can pass the URPF check only when there is a matched entry in the forwarding table and the inbound interface is matched.	-

Parameter

Description

Value

check

Enables strict URPF check for common L2TP users, dual-stack L2TP users, L2TP leased line users, common PPPoE users, dual-stack PPPoE users, and PPPoE leased line users. If the parameter is not specified, strict URPF check is enabled only for common L2TP users, dual-stack L2TP users, common PPPoE users and dual-stack PPPoE users.

subnet

The subnet of framed-ipv6-route.

strict

Indicates URPF strict check. That is, a packet can pass the URPF check only when there is a matched entry in the forwarding table and the inbound interface is matched.

Views

Virtual template view

Default Level

2: Configuration level

Task Name and Operations

Task Name	Operations
bras-control	write

Usage Guidelines

Usage Scenario

To prevent source address spoofing attacks, run the ipv6 urpf strict enable command to enable IPv6 URPF for L2TP users and PPPoE users.

If the check subnet parameter is not specified in the ipv6 urpf strict enable command, IPv6 URPF takes effect only for common L2TP users, dual-stack L2TP users, common PPPoE users and dual-stack PPPoE users. If the check subnet parameter is specified in the ipv6 urpf strict enable command, IPv6 URPF also takes effect for L2TP leased line users and PPPoE leased line users based on the Framed-IPv6-Route.

Configuration Impact

When IPv6 URPF is enabled in the virtual template view, IPv6 URPF for L2TP users and PPPoE users that have access to the virtual template will be enabled.

Leased line users that are configured with static routes are considered as common users in the URPF configuration.

Precautions

In VS mode, this command is supported only by the admin VS.

When both URPF and redirection (including redirect ip-nexthop and redirect ip-multinhp) apply to an interface, URPF does not take effect.

Example

# Enable IPv6 URPF for L2TP users and PPPoE users in the view of virtual template 1.

<HUAWEI> system-view
[~HUAWEI] interface Virtual-Template 1
[*HUAWEI-Virtual-Template1] ipv6 urpf strict enable