ipv6 nd source-mac max-entry-number

Function

The ipv6 nd source-mac max-entry-number command sets the maximum number of ND attack entries with fixed source MAC addresses.

The undo ipv6 nd source-mac max-entry-number command restores the default maximum number of ND attack entries with fixed source MAC addresses.

The default maximum number of ND attack entries with fixed source MAC addresses is 1024.

Format

ipv6 nd source-mac max-entry-number max-entry-value

undo ipv6 nd source-mac max-entry-number [ max-entry-value ]

Parameters

Parameter Description Value
max-entry-value

Specifies the maximum number of ND attack entries with fixed source MAC addresses.

The value is an integer ranging from 10 to 2048.

Views

System view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
nd write

Usage Guidelines

Usage Scenario

The ND protocol has powerful functions. However, if there is no security mechanism, the ND protocol can be easily used by attackers. The system collects statistics about ND messages sent to the CPU based on the source MAC addresses of the messages. If the number of ND messages with the same source MAC address received within 5 seconds exceeds a specified threshold, the system considers that an attack occurs and adds the MAC address to an attack entry. You can run the ipv6 nd source-mac max-entry-number command to set the maximum number of ND attack entries with fixed source MAC addresses. This prevents memory consumption by a large number of entries.

Example

# Set the maximum number of ND attack entries with fixed source MAC addresses to 1500.
<HUAWEI> system-view
[~HUAWEI] ipv6 nd source-mac max-entry-number 1500
Parent Topic: IPv6 ND Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >