Configuration Guide Configuring IPv6
Interface configuration mode
To enable RA suppression on an interface, run the ipv6 suppress-ra command.
 Configuring the Maximum Number of Unresolved ND Entries
ipv6 nd unresolved number
number: Indicates the maximum number of unresolved ND entries.
Global configuration mode
To prevent malicious scanning attacks from creating a large number of unresolved ND entries and
occupying entry resources, you can restrict the number of unresolved ND entries.
 Configuring the Maximum Number of ND Entries Learned on an Interface
ipv6 nd cache interface-limit value
value: Indicates the maximum number of neighbors learned by an interface.
Interface configuration mode
Restricting the number of ND entries learned on an interface can prevent malicious neighbor attacks. If
this number is not restricted, a large number of ND entries will be generated on the device, occupying
excessive memory space. The configured value must be equal to or greater than the number of the ND
entries learned by the interface. Otherwise, the configuration does not take effect. The configuration is
subject to the ND entry capacity supported by the device.
Configuration
Example
 Enabling IPv6 Redirection on an Interface
Enable IPv6 redirection on interface GigabitEthernet 0/0.
Ruijie(config-if-GigabitEthernet 0/0)#ipv6 redirects
Run the show ipv6 interface command to check whether the configuration takes effect.
Ruijie#show ipv6 interface gigabitEthernet 0/0
interface GigabitEthernet 0/0 is Down, ifindex: 1, vrf_id 0
address(es):
Mac Address: 00:00:00:00:00:00
INET6: FE80::200:FF:FE00:1 [ TENTATIVE ], subnet is FE80::/64
Joined group address(es):
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
To Next Page
Loading...
Need help?
General
