C
HAPTER
44
| IP Interface Commands
ND Snooping
– 1423 –
ND Snooping
Neighbor Discover (ND) Snooping maintains an IPv6 prefix table and user
address binding table. These tables can be used for stateless address auto-
configuration or for address filtering by IPv6 Source Guard.
ND snooping maintains a binding table in the process of neighbor
discovery. When it receives an Neighbor Solicitation (NS) packet from a
host, it creates a new binding. If it subsequently receives a Neighbor
Advertisement (NA) packet, this means that the address is already being
used by another host, and the binding is therefore deleted. If it does not
receive an NA packet after a timeout period, the binding will be bound to
the original host. ND snooping can also maintain a prefix table used for
stateless address auto-configuration by monitoring Router Advertisement
(RA) packets sent from neighboring routers.
ND snooping can also detect if an IPv6 address binding is no longer valid.
When a binding has been timed out, it checks to see if the host still exists
by sending an NS packet to the target host. If it receives an NA packet in
response, it knows that the target still exists and updates the lifetime of
the binding; otherwise, it deletes the binding.
This section describes commands used to configure ND Snooping.
Table 203: ND Snooping Commands
Command Function Mode
ipv6 nd snooping Enables ND snooping globally or on a specified VLAN
or range of VLANs
GC
ipv6 nd snooping
auto-detect
Enables automatic validation of binding table entries
by periodically sending NS messages and awaiting
NA replies
GC
ipv6 nd snooping auto-
detect retransmit count
Sets the number of times to send an NS message to
determine if a binding is still valid
GC
ipv6 nd snooping auto-
detect retransmit interval
Sets the interval between sending NS messages to
determine if a binding is still valid
GC
ipv6 nd snooping prefix
timeout
Sets the time to wait for an RA message before
deleting an entry in the prefix table
GC
ipv6 nd snooping
max-binding
Sets the maximum number of address entries which
can be bound to a port
IC
ipv6 nd snooping trust Configures a port as a trusted interface from which
prefix information in RA messages can be added to
the prefix table, or NS messages can be forwarded
without validation
IC
clear ipv6 nd snooping
binding
Clears all entries in the address binding table PE
clear ipv6 nd snooping
prefix
Clears all entries in the prefix table PE
show ipv6 nd snooping Shows configuration settings for ND snooping PE
show ipv6 nd snooping
binding
Shows entries in the binding table PE
show ipv6 nd snooping
prefix
Show entries in the prefix table PE
To Next Page
Loading...
Need help?
General
