Login
- Table of Contents
-
- 03-Security Command Reference
- 00-Preface
- 01-Security zone commands
- 02-Security policy commands
- 03-ASPF commands
- 04-Session management commands
- 05-Object group commands
- 06-Object policy commands
- 07-IP source guard commands
- 08-AAA commands
- 09-User identification commands
- 10-Password control commands
- 11-Portal commands
- 12-MAC authentication commands
- 13-IPoE commands
- 14-Public key management commands
- 15-PKI commands
- 16-SSH commands
- 17-SSL commands
- 18-Connection limit commands
- 19-Attack detection and prevention commands
- 20-Server connection detection commands
- 21-ARP attack protection commands
- 22-ND attack defense commands
- 23-uRPF commands
- 24-IP-MAC binding commands
- 25-IP reputation commands
- 26-APR commands
- 27-Keychain commands
- 28-Crypto engine commands
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 22-ND attack defense commands | 37.21 KB |
ND attack defense commands
Source MAC consistency check commands
ipv6 nd check log enable
Use ipv6 nd check log enable to enable the ND logging feature.
Use undo ipv6 nd check log enable to restore the default.
Syntax
ipv6 nd check log enable
undo ipv6 nd check log enable
Default
The ND logging feature is disabled.
Views
System view
Predefined user roles
network-admin
context-admin
Usage guidelines
The ND logging feature logs source MAC inconsistency events, and sends the log messages to the information center. The information center can then output log messages from different source modules to different destinations. For more information about the information center, see Network Management and Monitoring Configuration Guide.
As a best practice, disable the ND logging feature to avoid excessive ND logs.
Examples
# Enable the ND logging feature.
<Sysname> system-view
[Sysname] ipv6 nd check log enable
Related commands
ipv6 nd mac-check enable
ipv6 nd mac-check enable
Use ipv6 nd mac-check enable to enable source MAC consistency check for ND messages.
Use undo ipv6 nd mac-check enable to disable source MAC consistency check for ND messages.
Syntax
ipv6 nd mac-check enable
undo ipv6 nd mac-check enable
Default
Source MAC consistency check for ND messages is disabled.
Views
System view
Predefined user roles
network-admin
context-admin
Usage guidelines
Use this command to enable source MAC consistency check on a gateway. The gateway checks the source MAC address and the source link-layer address for consistency for each ND message. If an inconsistency is found, the gateway drops the ND message.
Examples
# Enable source MAC consistency check for ND messages.
<Sysname> system-view
[Sysname] ipv6 nd mac-check enable
