ipv6 nd source-mac max-detect-number

Function

The ipv6 nd source-mac max-detect-number command sets the maximum number of ND messages with fixed source MAC addresses that can be detected.

The undo ipv6 nd source-mac max-detect-number command restores the default maximum number of ND messages with fixed source MAC addresses that can be detected.

By default, a maximum number of 1024 ND messages with fixed source MAC addresses can be detected.

Format

ipv6 nd source-mac max-detect-number max-detect-value

undo ipv6 nd source-mac max-detect-number [ max-detect-value ]

Parameters

Parameter Description Value
max-detect-value

Specifies the maximum number of ND messages with fixed source MAC addresses that can be detected.

The value is an integer ranging from 10 to 2048.

Views

System view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
nd write

Usage Guidelines

Usage Scenario

The ND protocol has powerful functions. However, if there is no security mechanism, the ND protocol can be easily used by attackers. The system collects statistics about ND messages sent to the CPU based on the source MAC addresses of the messages. You can run the ipv6 nd source-mac max-detect-number command to set the maximum number of ND messages with fixed source MAC addresses that can be detected, preventing message attacks.

Example

# Set the maximum number of ND messages with fixed source MAC addresses that can be detected to 1500.
<HUAWEI> system-view
[~HUAWEI] ipv6 nd source-mac max-detect-number 1500
Parent Topic: IPv6 ND Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >