To make the bindings effective for ND attack detection, you must specify the vlan vlan-id option
in the ipv6 source binding command, and enable ND attack detection for the same VLAN.
•
DHCPv6 snooping.
•
ND snooping.
Configuration procedure
To configure ND attack detection:
Step
1.
Enter system view.
2.
Enter VLAN view.
3.
Enable ND attack detection.
4.
Return to system view.
5.
Enter Layer 2 Ethernet or
aggregate interface view.
6.
(Optional.) Configure the
interface as ND trusted
interface.
Displaying and maintaining ND attack detection
Execute display commands in any view and reset commands in user view.
Task
Display statistics for ND messages
dropped by ND attack detection.
Clear ND attack detection statistics.
ND attack detection configuration example
Network requirements
As shown in
messages from Host A and Host B.
Command
system-view
vlan vlan-id
ipv6 nd detection enable
quit
interface interface-type
interface-number
ipv6 nd detection trust
Figure
143, configure ND attack detection on Device B to check user validity for ND
Remarks
N/A
N/A
By default, ND attack detection is
disabled.
N/A
N/A
By default, all interfaces are ND
untrusted interfaces.
Command
display ipv6 nd detection statistics [ interface interface-type
interface-number ]
reset ipv6 nd detection statistics [ interface interface-type
interface-number ]
533