ipv6 nd na anti-attack enable

Function

The ipv6 nd na anti-attack enable command enables NA message attack defense.

The undo ipv6 nd na anti-attack enable command disables NA message attack defense.

By default, NA message attack defense is disabled.

Format

ipv6 nd na anti-attack enable

undo ipv6 nd na anti-attack enable

Parameters

None

Views

100GE interface view, 400GE interface view, 40GE interface view, Eth-Trunk interface view, GE interface view, VLANIF interface view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
forwarding write

Usage Guidelines

Usage Scenario

If a device is attacked, it receives a large number of NA messages within a short period. As a result, the device consumes many CPU resources to learn and respond to peer entries, affecting processing of other services. To resolve this issue, run the ipv6 nd na anti-attack enable command. After NA message attack defense is enabled, only NA messages in response to the NS messages sent from the device are sent to the CPU for processing. The other NA messages are discarded.

Example

# Enable NA message attack defense on GE 0/1/0.
<HUAWEI> system-view
[~HUAWEI] interface GigabitEthernet 0/1/0
[~HUAWEI-GigabitEthernet0/1/0] ipv6 nd na anti-attack enable
Parent Topic: IPv6 ND Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >