Ipv6 Neighbor Snooping - Motorola WiNG 5.7.1 System Reference Manual

13.3.25.8 IPv6 Neighbor Snooping

Firewall
IPv6 snooping bundles layer 2 IPv6 hop security features, such as IPv6 neighbor discovery (ND) inspection, IPv6 address
gleaning and IPv6 device tracking. When IPv6 ND is configured on a device, packet capture instructions redirect the ND protocol
and DHCP for IPv6 traffic up to the controller for inspection.
A database of connected IPv6 neighbors is created from the IPv6 neighbor snoop. The database is used by IPv6 to validate the
link layer address, IPv6 address and prefix binding of the neighbors to prevent spoofing and potential redirect attacks.
To review IPv6 neighbor snooping statistics:
1. Select the Statistics
2. Select a Wireless Controller node from the left navigation pane.
3. Expand the Firewall
4. Select IPv6 Neighbor Snooping.
The IPv6 Neighbor Snooping
MAC Address
Node Type
IPv6 Address
VLAN
Mint Id
menu from the Web UI.
menu from the left-hand side of the UI.
Figure 13-94 Access Point - Firewall IPv6 Neighbor Snooping screen
screen displays the following:
Displays the hardware encoded MAC address of an IPv6 client reporting to the controller
or service platform.
Displays the NetBios node type from an IPv6 address pool from which IP addresses can
be issued to requesting clients.
Displays the IPv6 address used for DHCPv6 discovery and requests between the DHCPv6
server and DHCP clients.
Displays the controller or service platform virtual interface ID used for a new DHCPv6
configuration.
Lists MiNT IDs for each listed VLAN. MiNT provides the means to secure communications
at the transport layer. Using MiNT, a device can be configured to only communicate with
other authorized (MiNT enabled) devices of the same model.
13 - 153