RFC3069 example setup for Cisco
Mikael Abrahamsson
swmike at swm.pp.se
Mon Nov 1 08:23:30 CET 2010
On Mon, 1 Nov 2010, Jay Hennigan wrote:
> Should you not also have a static route to null0 for the /24?
> Otherwise people can still hijack any unassigned IPs in the block via
> proxy-arp.
Yes, but you really need antispoofing ACLs on the vlan interface (either
on the port of the L2 device or on the router) as well to make it work
securely. Otherwise people can do blind spoofing.
--
Mikael Abrahamsson email: swmike at swm.pp.se
More information about the ipv6-ops
mailing list