UMN:CLI User Manual
V5808
236
no ipv6 neighbor X:X::X:X
INTERFACE
7.16.12 Setting the Stale Timer
Reachability of the IPv6 neighbors is confirmed only after the stale timer has expired. For
example, by setting the stale timer to 80000 seconds, users can specify that IPv6
neighbor reachability be confirmed every 80000 seconds.
To set the stale timer for IPv6 neighbor reachability confirmation, use the following
command.
ipv6 neighbor stale-time <10-
4294967295>
Sets the stale timer for IPv6 neighbor reachability.
Default: 86400 seconds
no ipv6 neighbor stale-time
Reverts the default stale timer.
7.16.13 IPv6 Neighbor Discovery (ND) Inspection
IPv6 Neighbor Discovery (ND) inspection feature can protect switches against IPv6
address spoofing. It provides IPv6 communication by mapping an IPv6 address to a MAC
address. However, a malicious user can attack ND caches of system by intercepting the
traffic intended for other hosts on the subnet. ND inspection is a security feature that
validates ND packets in a network. It discards ND packets with invalid IP-MAC address
binding.
To activate/deactivate the ND inspection function on a VLAN, use the following command.
ipv6 nd inspection vlan VLANS
Activates ND inspection on a VLAN.
VLANS: VLAN ID (1-4094)
no ipv6 nd inspection vlan
VLANS
Deactivates ND inspection on a VLAN.
7.16.13.1 ND Access List
You can exclude a given range of IP addresses from the ND inspection using ND access
lists. ND access lists are created by the ipv6 nd access-list command on the Global
Configuration mode. ND access list permits or denies the ND packets of a given range of
IPv6 addresses.
To create/delete ND access control list (ACL), use the following command.
Opens ND ACL configuration mode and creates a ND
access list.
NAME: ND access list name
no ipv6 nd access-list NAME
Deletes a ND access list.
ipv6 nd access-list delete all
Deletes all ND access lists.
To Next Page
Loading...