Urpf configuration example, Network requirements, Configuration procedure – H3C Technologies H3C SecPath F1000-E User Manual

Page 638

Table 1 URPF check configuration items

Item Description

Security Zone

Security zone where the URPF check is to be configured. URPF configuration takes
effect on all the interfaces in the security zone.

IMPORTANT:

URPF configuration takes effect on the packets received by the interfaces in the
security zone only.

Enable URPF

Enable/disable URPF check.
If this checkbox is not selected, URPF check is disabled and the following

parameters are not configurable.
By default, URPF check is disabled.

Allow Default Route

Allow using the default route for URPF check.

ACL

Reference an ACL.

Type of Check

Set the URPF check type, Strict or Loose.

URPF Configuration Example

Network requirements

As shown in

Figure 3

, Device A directly connects to Device B. Enable strict URPF check in zoneB of

Device B to allow packets whose source addresses match ACL 2010 to pass. Enable strict URPF check in
zoneA of Device A to allow use of the default route for URPF check.

Figure 3 Network diagram for URPF configuration example

Configuration procedure

Configure Device B

# Configure the interface IP addresses and security zones they belong to. (Omitted)
# Define ACL 2010 to permit traffic from network 10.1.1.0/24 to pass.

•

Select Firewall > ACL from the navigation tree, click Add, and then perform the following
operations, as shown in

Figure 4

This manual is related to the following products:

H3C SecPath F5000-A5 Firewall H3C SecBlade FW Cards