we do in the same way as preventing A RP spoofing to prevent ND spoofing and attack.
23.2 Prevent ARP, ND Spoofing configuration
The steps of preventing A RP, ND spoofing configuration as below:
1.
Disable A RP, ND automatic updat e function
2.
Disable A RP, ND automatic learning function
3.
Changing dynamic ARP, ND to static ARP, ND
1. Di sable ARP, ND automatic update function
Command
Global Mode and Port Mode
ip arp-securi ty updateprotect
no ip arp-securi ty updateprotect
ipv6 nd-security updateprotect
no ipv6 nd-security updateprotect
2. Di sable ARP, ND automatic learning function
Command
Global mode and Int erface Mode
ip arp-securi ty learnprotect
no ip arp-securi ty learnprotect
ipv6 nd-security learnprotect
no ipv6 nd-security learnprotect
3. Function on changing dynamic ARP, ND to static ARP, ND
Command
Global Mode and Port Mode
ip arp-securi ty convert
ipv6 nd-s ecurity convert
23.3 Prevent ARP, ND Spoofing Example
Equipment Explanation
Equipment
switch
Switch
A
C
Configuration
IP:192.168.2.4; IP:192.168.1.4;
Explanation
Disable and enable ARP, ND automatic update
function.
Explanation
Disable and enable ARP, ND aut omatic learning
function.
Explanation
Change dynamic A RP, ND to static ARP, ND.
mac: 04-04-04-04-04-04
23-2
B
Quality
1