The mapping between the source IPv6 address and the source MAC address in the Ethernet frame
•
header is invalid.
The source MAC consistency check feature can identify forged ND packets.
Enabling source MAC consistency check for ND
packets
CAUTION:
If VRRP is used, disable source MAC consistency check for ND packets to prevent incorrect dropping of
packets. With VRRP, the NA message always conveys a MAC address different than the Source Link-Layer
Address option.
Use source MAC consistency check on a gateway to filter out ND packets that carry different source
MAC addresses in the Ethernet frame header and the source link layer address option.
To enable source MAC consistency check for ND packets:
Step
1.
Enter system view.
2.
Enable source MAC consistency check
for ND packets.
Command
system-view
ipv6 nd mac-check enable
267
Remarks
N/A
Disabled by default.