Configuration Procedure; Displaying And Maintaining Nd Attack Detection; Configuring Ra Guard; About Ra Guard - HP FlexNetwork 10500 Series Security Configuration Manual

Configuration procedure

To configure ND attack detection:
Step
1. Enter system view.
2. Enter VLAN view.
3. Enable ND attack detection.
4. Return to system view.
5. Enter Layer 2 Ethernet or
aggregate interface view.
6. (Optional.) Configure the
interface as ND trusted
interface.

Displaying and maintaining ND attack detection

Execute display commands in any view and reset commands in user view.
Task
Display statistics for ND messages
dropped by ND attack detection.
Clear ND attack detection statistics.

Configuring RA guard

About RA guard

RA guard allows Layer 2 access devices to analyze and block unwanted and forged RA messages.
Upon receiving an RA message, the device makes the forwarding or dropping decision based on the
role of the attached device or the RA guard policy.
1. If the role of the device attached to the port is router, the device forwards all RA messages
received on the port. If the role is host, the device directly drops all RA messages received on
the port.
2. If no role is set for the port, the device uses the RA guard policy to match the information found
in the RA message.
If the RA message content matches every criterion in the policy, the device forwards the
message.
If the RA message content is not validated, the device drops the message.
Command
system-view
vlan vlan-id
ipv6 nd detection enable
quit
interface interface-type
interface-number
ipv6 nd detection trust
Command
display ipv6 nd detection statistics [ interface interface-type
interface-number ]
reset ipv6 nd detection statistics [ interface interface-type
interface-number ]
516
Remarks
N/A
N/A
By default, ND attack detection is
disabled.
N/A
N/A
By default, all interfaces are ND
untrusted interfaces.