C
HAPTER
44
| IP Interface Commands
ND Snooping
– 1424 –
ipv6 nd snooping This command enables ND snooping globally or on a specified VLAN or
range of VLANs. Use the no form to disable this feature.
SYNTAX
[no] ipv6 nd snooping [vlan {vlan-id | vlan-range}]
vlan-id - VLAN ID. (Range: 1-4094)
vlan-range - A consecutive range of VLANs indicated by the use a
hyphen, or a random group of VLANs with each entry separated by
a comma.
DEFAULT SETTING
Disabled
COMMAND MODE
Global Configuration
COMMAND USAGE
â—† Use this command without any keywords to enable ND snooping
globally on the switch. Use the VLAN keyword to enable ND snooping
on a specific VLAN or a range of VLANs.
â—† Once ND snooping is enabled both globally and on the required VLANs,
the switch will start monitoring RA messages to build an address prefix
table as described below:
â–
If an RA message is received on an untrusted interface, it is
dropped. If received on a trusted interface, the switch adds an entry
in the prefix table according to the Prefix Information option in the
RA message. The prefix table records prefix, prefix length, valid
lifetime, as well as the VLAN and port interface which received the
message.
â–
If an RA message is not received updating a table entry with the
same prefix for a specified timeout period, the entry is deleted.
â—† Once ND snooping is enabled both globally and on the required VLANs,
the switch will start monitoring NS messages to build a dynamic user
binding table for use in Duplicate Address Detection (DAD) or for use by
other security filtering protocols (e.g., IPv6 Source Guard) as described
below:
â–
If an NS message is received on an trusted interface, it is forwarded
without further processing.
â–
If an NS message is received on an untrusted interface, and the
address prefix does not match any entry in the prefix table, it drops
the packet.
If the message does match an entry in the prefix table, it adds an
entry to the dynamic user binding table after a fixed delay, and
forwards the packet. Each entry in the dynamic binding table
includes the link-layer address, IPv6 address, lifetime, as well as
the VLAN and port interface which received the message.
To Next Page
Loading...
Need help?
General
