This section describes how to configure IP source address check to prevent routers from network attacks.
By default, an interface does not perform source address validity check on the received packets. The reason for this is that broadcast or multicast addresses may be used as the source address in actual situations. However, hackers may use a broadcast or multicast address as the source address to launch a network attack. You can enable source address validity check to filter this type of illegitimate packets with the purpose of improving device security.
The system view is displayed.
The interface view is displayed.
Source address validity check is enabled on the interface, and the interface will drop packets with an illegitimate source address.