Enabling source MAC consistency check for ND messages

About source MAC consistency check

The source MAC consistency check feature is typically configured on gateways to prevent ND attacks.

This feature checks the source MAC address and the source link-layer address for consistency for each arriving ND message.

The ND logging feature logs source MAC inconsistency events, and it sends the log messages to the information center. The information center can then output log messages from different source modules to different destinations. For more information about the information center, see Network Management and Monitoring Configuration Guide.

Procedure

  1. Enter system view.

    system-view

  2. Enable source MAC consistency check for ND messages.

    ipv6 nd mac-check enable

    By default, source MAC consistency check is disabled for ND messages.

  3. (Optional.) Enable the ND logging feature.

    ipv6 nd check log enable

    By default, the ND logging feature is disabled.

    As a best practice, disable the ND logging feature to avoid excessive ND logs.