Configuring Invalid ND Packet Attack Defense

Usage Scenario

Invalid ND packet attack defense is implemented by filtering out six types of invalid ND packets (NS/NA/RS/RA/Redirect/CPS) to protect the CPU.

In VS mode, this feature is supported only by the admin VS.

Prerequisites

None

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run set nd packet filter enable

    Invalid ND packet attack defense is enabled.

  3. Run commit

    The configuration is committed.

Verifying the Configuration of Invalid ND Packet Attack Defense

After configuring invalid ND packet attack defense, verify the configuration.

Run the display nd packet filter statistics [ slot slot-id ] command to check statistics about invalid ND packet attack defense.

Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >