From the course: Cisco CCNP ENARSI v1.1 (300-410) Cert Prep: 3 Infrastructure Security

Unlock this course with a free trial

Join today to access over 22,600 courses taught by industry experts.

IPv6 neighbor discovery inspection and snooping

IPv6 neighbor discovery inspection and snooping

From the course: Cisco CCNP ENARSI v1.1 (300-410) Cert Prep: 3 Infrastructure Security

Start my 1-month free trial Buy for my team

IPv6 neighbor discovery inspection and snooping

- [Instructor] The IP version six neighbor discovery inspection feature, otherwise known as IP version six snooping, is another way that we can mitigate threats in our neighbor discovery process on a network. IP version six nodes use the neighbor discovery protocol or NDP to discover the presence and link layer addresses of other nodes that reside on the same link. This is used by both routers and hosts. With hosts, NDP is leveraged in order to find neighboring routers that can forward the packets. And routers use that to advertise their own presence on the network. The NDP process is based on the exchange of neighbor solicitation and advertisement messages. And these NDP messages are unsecure, meaning that they are susceptible to attacks. And that's the reason that IP version six snooping was developed. With IP version six snooping, a device learns and populates a binding table called the DHCP version six snooping table. This is built by snooping DHCP version six message exchanges…

Contents