EasyManua.ls Logo

Zte ZXR10 ZSR V2 - Configuring IPv6 URPF

Zte ZXR10 ZSR V2
313 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
ZXR10ZSRV2CongurationGuide(IPv6)
LooseRPF
InlooseRPFmode,therouteronlycheckswhetherthesourceIPaddressofthepacket
existsintheroutingtable(normalsourceaddressrouteordefaultroute).Itdoesnotcheck
whethertheingressforreceivingpacketsmatcheswiththecontentoftheroutingtable.In
thisway,URPFcaneffectivelypreventnetworkfromattacks,anditcanalsopreventthe
interceptionoflegaluserpackets.
LooseRPFIgnoringDefaultRoute
Ifadefaultrouteisconguredonthedevice,whenURPFcheckssourceaddresses
accordingtotheroutingtable,thenext-hopinformationofallthesourceaddressescanbe
queried.Inthiscase,youcancongurewhethertoallowURPFtointroducedefaultroute
(ifURPFignoringthedefaultrouteiscongured,URPFdoesnotcheckthedefaultroute).
ACLApplicationinURPF
BymeansofACL,URPFprovidesamoreexiblecustomizationsolution.Whenthe
networkadministratortruststhatthepacketswithsomefeaturesarelegalpackets,hecan
congureACLrulestoforwardthesepacketsproperlythatarenotdiscardedevenifthe
packetslackasourceroute(or,thesourcerouteisdefaultroute,butthedefaultrouteis
disabledinURPF).Thatis,whenURPFcheckfails,thepacketsarepermittedordenied
accordingtotheACLrules.
21.2ConguringIPv6URPF
ThisproceduredescribeshowtoconguretheIPv6URPFfunction.
Steps
1.ConguretheIPv6URPFfunctionontheinterface.
StepCommandFunction
1ZXR10(config)#ipv6verifyunicast
sourcereachable-via{rxinterface
<interface-name>[acl-name<acl-name>]|
anyinterface<interface-name>[acl-name
<acl-name>][ignore-default-route]}
EnablesIPv6URPFfunctiononan
interface.
2ZXR10(config)#interface<interface-name>Entersinterfacecongurationmode.
3ZXR10(config-if-interface-name)#ipv6
verifyunicastsourcereachable-via{rx
[acl-name<acl-name>]|any[acl-name
<acl-name>][ignore-default-route]}
EnablesinterfaceIPv6URPF
functiononaninterfaceconguration
mode.
rx:strictmode.
any:loosemode.
21-2
SJ-20140504150128-018|2014-05-10(R1.0)ZTEProprietaryandCondential

Table of Contents

Other manuals for Zte ZXR10 ZSR V2

Preview: Configuration Guide (System Management
Configuration Guide (System Management192 pages

Related product manuals