Configuration procedure, Configuring the null interface, Introduction to the null interface – H3C Technologies H3C SecPath F1000-E User Manual

21

security server to permit or deny packets generated by a device, you can simplify the rule by

configuring it to permit or deny packets carrying the loopback interface address identifying the
device. Note that, when you use a loopback interface address as the source address of IP packets,

make sure that the route from the loopback interface to the peer is reachable by performing routing

configuration. All data packets sent to the loopback interface are considered as packets sent to the

device itself, so the device does not forward these packets.

•

Because a loopback interface is always up, it can be used in dynamic routing protocols. For
example, if no router ID is configured for a dynamic routing protocol, the highest loopback interface

IP address is selected as the router ID. In BGP, to avoid BGP sessions being interrupted by physical

port failure, you can use a loopback interface as the source interface of BGP packets.

Configuration procedure

To configure a loopback interface:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Create a loopback interface and
enter loopback interface view.

interface loopback
interface-number

N/A

3.

Set the interface description.

description text

Optional.
By default, the description of a

loopback interface is interface name
Interface.

4.

Shut down the loopback interface.

shutdown

Optional.
By default, a loopback interface is up.

5.

Restore the default settings for the
loopback interface.

default

Optional.

NOTE:

You can configure settings such as IP addresses and IP routes on loopback interfaces.

Configuring the null interface

Introduction to the null interface

A null interface is a completely software-based logical interface, and is always up. However, you cannot

use it to forward data packets or configure an IP address or link layer protocol on it. With a null interface
specified as the next hop of a static route to a specific network segment, any packets routed to the

network segment are dropped. The null interface provides a simpler way to filter packets than ACL. You

can filter uninteresting traffic by transmitting it to a null interface instead of applying an ACL.
For example, by executing the ip route-static 92.101.0.0 255.255.0.0 null 0 command (which configures
a static route leading to null interface 0), you can have all the packets destined to the network segment

92.101.0.0/16 discarded.
Only one null interface, interface Null 0, is supported on your device. You cannot remove or create a null

interface.

Configuration procedure

To enter null interface view: