乾颐堂军哥一些用于IPv6无线网络最后一跳安全的技术

乾颐堂军哥一些用于IPv6无线网络最后一跳安全的技术

1.RA扼杀Router Advertisement ThrottlingRouter Advertisement (RA) throttling allows the controller to enforce rate limiting of RAs headed towards the wireless network. By enabling RA throttling, routers that are configured to send RAs frequently (every 3 seconds) can be trimmed back to a minimum frequency that will still maintain IPv6 client connectivity. This allows airtime to be optimized by reducing the number of multicast packets that must be sent. In all cases, if a client sends a Router Solicitation (RS), then an RA will be allowed through the controller and unicast to the requesting client. This is to ensure that new clients or roaming clients are not negatively impacted by RA throttling.

Note: When RA throttling occurs, only the first IPv6 capable router are allowed through. For networks that have multiple IPv6 prefixes being served by different routers, RA throttling must be disabled.扼杀RA（路由器通告）RA扼杀使得无线控制器向无线网络增强RA报文的限速。通过使能RA扼杀，路由器RA的发送频率（每3秒发送一次）可以减少到一个最小值，同时可以保持IPv6客户端的连接性。通过降低发送组播报文的数目可以优化airtime。在所有场景下，如果一个客户端发送RS报文，这时一个RA报文可以通过通过直使用单播的发送到请求的客户端。这样确保新的客户端或者漫游的客户端不被RA扼杀影响到

2.IPv6 Source GuardThe IPv6 source guard feature prevents a wireless client spoofing an IPv6 address of another client. This feature is analogous to IPv4 source guard. IPv6 source guard is enabled by defaultIPv6源保护这个特性阻止1个无线客户端冒充另外一个IPv6客户端，这个特性和IPv4的源保护类似

6.AAA Override for IPv6 ACLsIn order to support centralized access control through a centralized AAA server such as Cisco’s Identity Services Engine (ISE) or ACS, the IPv6 ACL can be provisioned on a per-client basis using AAA Override attributes. To use this feature, the IPv6 ACL must be configured on the controller and the WLAN must be configured with the AAA Override feature enabled. The actual named AAA attribute for an IPv6 ACL is Airespace-IPv6-ACL-Name similar to the Airespace-ACL-Name attribute used for provisioning an IPv4-based ACL. The AAA attribute contents must be equal to the name of the IPv6 ACL as configured in the controllerAAA覆盖IPv6访问控制列表为了实现中心化接入控制，通常采用中心化AAA服务器比如思科的ISE或者ACS，通过使用AAA覆盖属性，IPv6 acl被应用到每个客户端。

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。