No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Security

S7700 and S9700 V200R011C10

This document describes the configurations of Security, including ACL, reflective ACL, local attack defense, MFF, attack defense, traffic suppression and storm control, ARP security, port security, DHCP snooping, ND snooping, PPPoE+, IPSG, SAVI, URPF, keychain, separating the management plane from the service plane, security risks.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring an ND snooping Trusted Interface

Configuring an ND snooping Trusted Interface

Context

ND snooping classifies the interfaces connecting to IPv6 nodes into trusted and untrusted interfaces. The trusted interfaces connect to trusted IPv6 nodes and untrusted interfaces connect to untrusted IPv6 nodes. By default, all interfaces are untrusted.

  • You must configure the interface connecting to a trusted IPv6 node as a trusted interface so that the device can forward the ND packets received by this interface. In addition, the device creates a prefix management table according to the received RA packet to help network administrators manage IPv6 addresses.

  • The interface connecting to an untrusted IPv6 node must be configured as an untrusted interface. The device discards the RA packets received by the untrusted interface to prevent RA attacks.

You can configure the trusted interface in the interface or VLAN view. When the trusted interface is configured in the interface view, the configuration is valid to all ND packets from this interface. When the trusted interface is configured in the VLAN view, the interface must belong to the VLAN, and the configuration is valid only to ND packets that belong to the VLAN. Therefore, the configuration in the VLAN view is more accurate.

NOTE:

Generally, the interface connecting to the gateway is configured as the trusted interface, and other interfaces are all untrusted interfaces.

Procedure

  • In the interface view
    1. Run system-view

      The system view is displayed.

    2. Run interface interface-type interface-number

      The interface view is displayed.

    3. Run nd snooping trusted

      The interface is configured as the trusted interface.

      By default, all interfaces are untrusted interfaces.

  • In the interface view (DHCPv6 Only):
    1. Run system-view

      The system view is displayed.

    2. Run interface interface-type interface-number

      The interface view is displayed.

    3. Run nd snooping trusted dhcpv6 only

      The interface is configured as an ND snooping trusted interface.

      By default, all interfaces are untrusted.

  • In the VLAN view
    1. Run system-view

      The system view is displayed.

    2. Run vlan vlan-id

      The VLAN view is displayed.

    3. Run nd snooping trusted interface interface-type interface-number

      The interface that belongs to the VLAN is configured as the trusted interface.

      By default, all interfaces are untrusted interfaces.

  • In the VLAN view (DHCPv6 Only):
    1. Run system-view

      The system view is displayed.

    2. Run vlan vlan-id

      The VLAN view is displayed.

    3. Run nd snooping trusted interface interface-type interface-number dhcpv6 only

      The interfaces added to this VLAN are configured as an ND snooping trusted interfaces.

      By default, all interfaces are untrusted.

Translation
Download
Updated: 2019-09-23

Document ID: EDOC1000178319

Views: 146953

Downloads: 79

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next