21-ND attack defense commands
Chapters Download (31.80 KB)
Use ipv6 nd check log enable to enable the ND logging feature.
Use undo ipv6 nd check log enable to restore the default.
Syntax
ipv6 nd check log enable
undo ipv6 nd check log enable
Default
The ND logging feature is disabled.
Views
System view
Predefined user roles
network-admin
context-admin
Usage guidelines
The ND logging feature logs source MAC inconsistency events, and sends the log messages to the information center. The information center can then output log messages from different source modules to different destinations. For more information about the information center, see Network Management and Monitoring Configuration Guide.
As a best practice, disable the ND logging feature to avoid excessive ND logs.
Examples
# Enable the ND logging feature.
<Sysname> system-view
[Sysname] ipv6 nd check log enable
Related commands
ipv6 nd mac-check enable
Use ipv6 nd mac-check enable to enable source MAC consistency check for ND messages.
Use undo ipv6 nd mac-check enable to disable source MAC consistency check for ND messages.
Syntax
ipv6 nd mac-check enable
undo ipv6 nd mac-check enable
Default
Source MAC consistency check for ND messages is disabled.
Views
System view
Predefined user roles
network-admin
context-admin
Usage guidelines
Use this command to enable source MAC consistency check on a gateway. The gateway checks the source MAC address and the source link-layer address for consistency for each ND message. If an inconsistency is found, the gateway drops the ND message.
Examples
# Enable source MAC consistency check for ND messages.
<Sysname> system-view
[Sysname] ipv6 nd mac-check enable
