ipv6 nd source-mac detect-mode

The ND protocol has powerful functions. However, if there is no security mechanism, the ND protocol can be easily used by attackers. The system collects statistics about ND messages sent to the CPU based on the source MAC addresses of the messages. If the number of ND messages with the same source MAC address received within 5 seconds exceeds a specified threshold, the system considers that an attack occurs and adds the MAC address to an attack entry. Before the attack entry ages out, run the ipv6 nd source-mac detect-mode command to enable the detection of ND attack messages with fixed source MAC addresses and configure a detection mode. The system performs the following operations based on a configured detection mode:

• If the detection mode is set to filter, the system generates log information and filters out the ND messages sent from the source MAC address.
• If the detection mode is set to monitor, the system only generates log information and does not filter out the ND messages sent from the source MAC address.
  After a configured aging time expires, the ND attack entries with fixed source MAC addresses are aged out.