H3C Technologies H3C SecBlade LB Cards User Manual

265

•

The Ethernet frame header and the source link layer address option of the ND packet contain

different source MAC addresses.

•

The mapping between the source IPv6 address and the source MAC address in the Ethernet frame
header is invalid.

To identify forged ND packets, H3C developed the source MAC consistency check feature.
For more information about the five functions of the ND protocol, see Network Management

Configuration Guide.

Enabling source MAC consistency check for ND

packets

Use source MAC consistency check on a gateway to filter out ND packets that carry different source

MAC addresses in the Ethernet frame header and the source link layer address option.
If VRRP is used, disable source MAC consistency check for ND packets to prevent incorrect dropping of

packets. With VRRP, the NA message always conveys a MAC address different than the Source

Link-Layer Address option.
To enable source MAC consistency check for ND packets:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enable source MAC consistency check
for ND packets.

ipv6 nd mac-check enable

Disabled by default.