Which statement about IPv6 ND inspection is true?
Click on the arrows to vote for the correct answer
A. B. C. D.B.
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6_fhsec/configuration/15-s/ip6f-15-s-book/ip6-snooping.pdfIPv6 ND inspection is a security feature that helps protect against attacks that exploit Neighbor Discovery (ND) protocol. It works by examining ND messages and filtering out those that are invalid or potentially malicious. This feature is available on Cisco devices, such as routers and switches, that support IPv6.
The ND protocol is used by IPv6 hosts and routers to discover other devices on the local network and to resolve their IPv6 addresses to link-layer (MAC) addresses. ND is a critical component of IPv6 and is used for tasks such as address autoconfiguration, router discovery, and duplicate address detection.
Answer option A is incorrect because IPv6 ND inspection does not learn or secure bindings for stateless autoconfiguration addresses in Layer 3 neighbor tables. Stateless autoconfiguration is a method by which IPv6 hosts generate their own addresses based on the network prefix advertised by the router and a unique interface identifier (such as the MAC address). This process does not involve ND bindings, so IPv6 ND inspection has no role in it.
Answer option B is incorrect because IPv6 ND inspection does not learn or secure bindings for stateless autoconfiguration addresses in Layer 2 neighbor tables. Layer 2 neighbor tables are used to map IPv6 addresses to MAC addresses in the local network segment. They are maintained by switches and are used to forward frames between hosts. IPv6 ND inspection operates at Layer 3 and does not interact with Layer 2 neighbor tables.
Answer option C is incorrect because IPv6 ND inspection does not learn or secure bindings for stateful autoconfiguration addresses in Layer 3 neighbor tables. Stateful autoconfiguration is a method by which IPv6 hosts receive their addresses from a DHCPv6 server, which assigns them based on specific policies or criteria. This process also does not involve ND bindings, so IPv6 ND inspection does not play a role in it.
The correct answer is D. IPv6 ND inspection learns and secures bindings for stateful autoconfiguration addresses in Layer 2 neighbor tables. Stateful autoconfiguration using DHCPv6 involves the exchange of messages between the host and the server, including ND messages that allow the host to discover the server's IPv6 address and to request configuration parameters. IPv6 ND inspection can intercept these messages and verify that they are legitimate and authorized, based on the ND bindings it has learned. It can then populate the Layer 2 neighbor tables with these bindings, enabling switches to forward traffic to the correct destinations.