Navigation
Supported Platforms
Enabling IPv6 Neighbor Discovery Inspection
IPv6 Neighbor Discovery inspection protects switches against IPv6 address spoofing. Neighbor Discovery inspection validates IPv6 packets carrying Neighbor Discovery messages against the DHCPv6 binding table. The source IP address and source MAC address of each packet are checked against the table, and if a valid match is not found, the packet is dropped.
Before you can enable Neighbor Discovery inspection on a VLAN, you must configure the VLAN. See Configuring VLANs for EX Series Switches (CLI Procedure).
To enable Neighbor Discovery inspection on a VLAN:
[edit vlans vlan-name forwarding-options dhcp-security]
user@switch# set nd-inspection | Note: DHCPv6 snooping is enabled automatically when Neighbor Discovery inspection is configured. There is no explicit configuration required for DHCPv6 snooping. |
