D-Link DGS-3630 User Manual 1 - Page 269
URPF Settings, L3 Features > URPF Settings
View all D-Link DGS-3630 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 269 highlights
DGS-3630 Series Layer 3 Stackable Managed Switch Web UI Reference Guide URPF Settings This window is used to display and configure the Unicast Reverse Path Forwarding (URPF) settings. One common method to initiate an attack on a network is to utilize IPv4/IPv6 source address spoofing. When using this method, traffic is sent into the network with a source address that is known or trusted by the target. If no protection exists, the organizational network will allow the traffic and potentially be open to a number of different attack types. Unicast RPF helps to mitigate problems caused by malformed or forged IPv4/IPv6 source addresses passing through the router. To view the following window, click L3 Features > URPF Settings, as shown below: Figure 6-35 URPF Settings Window The fields that can be configured in URPF Global Settings are described below: Parameter URPF State Description Select to globally enable or disable the URPF state here. Click the Apply button to accept the changes made. NOTE: When enabled, the hardware routing table needs to be searched using the Session Initiation Protocol (SIP) first and then using the Dynamic Inspection Protocol (DIP). This is achieved by splitting the table into two halves so that the size of the IP routing table will be reduced by half. This will not take effect until the configuration was saved and the Switch was rebooted. The fields that can be configured in URPF Port Default Settings are described below: Parameter Unit From Port - To Port Reachable Via Allow Default IP Access List Name IPv6 Access List Name Description Select the Switch unit that will be used for this configuration here. Select the range of ports that will be used for this configuration here. Select this option to use the default reachable via setting, which is RX. Select this option to use the 'default allow' default setting, which is False. Select this option to use the default IP access list configuration. Select this option to use the default IPv6 access list configuration. 257