IPv6 equivalent to DHCP Option 82 for geolocating customer MACs to certain ports of Multi-port Layer 2 demarcation devices
fw at deneb.enyo.de
Sun May 8 11:43:36 CEST 2011
* Gert Doering:
> SeND alone will validate the IPv6-to-MAC layer mapping, which nicely
> solves all attacks against redirecting IPv6 packets to a different
> MAC address. Combine with static MAC addressing at switch ports
> (port-security or static) and you have solved the problem of one
> customer stealing another customer's IPv6 packets.
You still need unicast flood protection.
Does this type of static address configuration really work in
practice? I would expect to cause it trouble with mobile devices and
More information about the ipv6-ops