display ipv6 nd security statistics
Function
The display ipv6 nd security statistics command displays the statistics of IPv6 SEND messages on a specified interface.
Example
The actual command output varies according to the device. The command output here is only an example.
<HUAWEI> display ipv6 nd security statistics gigabitethernet 0/1/1 Received Packet Statistics: ------------------------------------------------------------------------------ Type NA NS RA RS Redirect ------------------------------------------------------------------------------ Total 0 0 0 0 0 Secured 0 0 0 0 0 Unsec: No CGA 0 0 0 0 0 Unsec: No RSA 0 0 0 0 0 Unsec: KeyLen Mismatch 0 0 0 0 0 Unsec: Others 0 0 0 0 0 Sent Packet Statistics: ------------------------------------------------------------------------------ Type NA NS RA RS Redirect ------------------------------------------------------------------------------ Sent 0 0 0 0 0 Aborted 0 0 0 0 0 Dropped Packet Statistics: ------------------------------------------------------------------------------ Type NA NS RA RS Redirect ------------------------------------------------------------------------------ No Nonce 0 0 0 0 0 No TS 0 0 0 0 0 CGA Verify Fail 0 0 0 0 0 RSA Verify Fail 0 0 0 0 0 Nonce Verify Fail 0 0 0 0 0 TS Verify Fail 0 0 0 0 0 RateLimit 0 0 0 0 0 Fully Secured Mode 0 0 0 0 0
| Item | Description |
|---|---|
| Received Packet Statistics | Statistics on received messages. |
| Type | Message type, including NA, NS, Router Advertisement (RA), Router Solicitation (RS), and Redirect messages. |
| Total | Total number of received ND messages, including secure and insecure messages. |
| Secured | Number of received secure ND messages that have passed the Nonce, Timestamp, CGA, and RSA authentication. |
| Unsec: No CGA | Number of received ND messages that carry some security options but are considered insecure due to the following reasons in non-strict security mode:
|
| Unsec: No RSA | Number of received ND messages that carry some security options but are considered insecure due to the following reasons in non-strict security mode:
|
| Unsec: KeyLen Mismatch | Number of received ND messages that carry the Nonce, Timestamp, CGA, or RSA options and pass the Nonce, Timestamp, and CGA authentication but are considered insecure because the key length exceeds the allowable range in non-strict security mode. |
| Unsec: Others | Number of ND messages that are considered insecure due to but not limited to the following reasons in non-strict security mode:
|
| No Nonce | Number of received RS/NS messages that carry the RSA option but not the Nonce option in strict security mode. |
| No TS | Number of received ND messages that carry the RSA option but not the Timestamp option in strict security mode. |
| CGA Verify Fail | Number of messages that fail CGA authentication in strict security mode. |
| RSA Verify Fail | Number of messages that fail RSA authentication and the RSA key length exceeds the allowable range in strict security mode. |
| Sent Packet Statistics | Statistics on sent messages. |
| Sent | Total number of sent ND messages. |
| Aborted | Total number of messages that are discarded before being sent. |
| Dropped Packet Statistics | Statistics about discarded packets in strict security mode. |
| Nonce Verify Fail | Number of messages that fail Nonce authentication in strict security mode. |
| TS Verify Fail | Number of messages that fail Timestamp authentication in strict security mode. |
| RateLimit | Number of messages that are discarded because the RSA signature computation and authentication rates exceed the upper limits in strict security mode. |
| Fully Secured Mode | Number of messages that are discarded because they are considered insecure due to any of the following reasons in strict security mode:
|