14-Security Command Reference

HomeSupportResource CenterReference GuidesCommand ReferencesH3C FAT AP Command References(R5436)-6W10114-Security Command Reference
12-ND attack defense commands
Title Size Download
12-ND attack defense commands 37.15 KB

ND attack defense commands

Source MAC consistency check commands

ipv6 nd check log enable

Use ipv6 nd check log enable to enable the ND logging feature.

Use undo ipv6 nd check log enable to restore the default.

Syntax

ipv6 nd check log enable

undo ipv6 nd check log enable

Default

The ND logging feature is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

The ND logging feature logs source MAC inconsistency events, and sends the log messages to the information center. The information center can then output log messages from different source modules to different destinations. For more information about the information center, see System Management Configuration Guide.

As a best practice, disable the ND logging feature to avoid excessive ND logs.

Examples

# Enable the ND logging feature.

<Sysname> system-view

[Sysname] ipv6 nd check log enable

Related commands

ipv6 nd mac-check enable

ipv6 nd mac-check enable

Use ipv6 nd mac-check enable to enable source MAC consistency check for ND messages.

Use undo ipv6 nd mac-check enable to disable source MAC consistency check for ND messages.

Syntax

ipv6 nd mac-check enable

undo ipv6 nd mac-check enable

Default

Source MAC consistency check for ND messages is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

Use this command to enable source MAC consistency check on a gateway. The gateway checks the source MAC address and the source link-layer address for consistency for each ND message. If an inconsistency is found, the gateway drops the ND message.

Examples

# Enable source MAC consistency check for ND messages.

<Sysname> system-view

[Sysname] ipv6 nd mac-check enable