IPv6 RA vs DHCPv6 - The chosen one?
mohacsi at niif.hu
Fri Dec 23 15:13:54 CST 2011
On Fri, 23 Dec 2011, Tomas Podermanski wrote:
> Port security does not help in that case (same as 802.1x). Port security
> is a layer 2 feature so all layer 3 attacks can be still performed. That
> prevents only against source MAC address spoofing. All other attacks
> like DAD DOS, NDP Exhaustion, RA flooding etc. can be performed even
> though the port security is implemented.
If you can limit number of ARP/NDP entries per interfaces and you
complement RAGuard and DHCPv4 snooping your are done.
With "extended port security" such a features are comming...
More information about the NANOG