The ND protocol has powerful functions. However, if there is no security mechanism, the ND protocol can be easily used by attackers. The system collects statistics about the ND packets sent to the CPU based on the source MAC address of ND packets. If the number of ND packets with the same source MAC address received within 5 seconds exceeds a specified threshold, the system considers that an attack occurs and adds the MAC address to the attack detection entry. Before the attack detection entry ages out, the system performs the following operations based on the configured check mode:
If a MAC address is added to an ND attack detection entry with a fixed source MAC address, the MAC address is restored to a common MAC address after the aging time expires. Some important servers may send a large number of ND packets. To prevent these packets from being filtered out, you can configure the MAC addresses of these ND packets as protected MAC addresses.
The system view is displayed.
Attack detection for ND packets with a fixed source MAC address is enabled and the check mode is specified.
The aging time of ND attack entries with a fixed source MAC address is set.
The threshold for detecting ND packets with a fixed source MAC address is set. If the number of ND packets with the same MAC address received within a specified period (5 seconds) exceeds the threshold, an ND packet attack occurs.
The MAC address of the device to be protected is configured.
The maximum number of ND packets with a fixed source MAC address detected within 5 seconds is set.
The maximum number of ND attack records with a fixed source MAC address is set.
The configuration is committed.