Manualshelf

R3303-HP HSR6800 Routers Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution
451452453454455456457458459460
53
The mapping between the source IPv6 address and the source MAC address in the Ethernet frame
header is invalid.
To identify forged ND packets, HP developed the ND detection feature.
For more information about the five functions of the ND protocol, see Layer 3—IP Services Configuration
Guide.
Enabling source MAC consistency check for ND
packets
Use source MAC consistency check on a gateway to filter out ND packets that carry different source
MAC addresses in the Ethernet frame header and the source link layer address option.
If VRRP is used, disable source MAC consistency check for ND packets to prevent incorrect dropping of
packets. With VRRP, the NA message always conveys a MAC address different than the Source
Link-Layer Address option.
To enable source MAC consistency check for ND packets:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enable source MAC consistency check
for ND packets.
ipv6 nd mac-check enable Disabled by default.