Chapter 30
| IP Interface Commands
ND Snooping
– 956 –
Related Commands
show mac-address-table (519)
ND Snooping
Neighbor Discover (ND) Snooping maintains an IPv6 prefix table and user address
binding table. These tables can be used for stateless address auto-configuration or
for address filtering by IPv6 Source Guard.
ND snooping maintains a binding table in the process of neighbor discovery. When
it receives an Neighbor Solicitation (NS) packet from a host, it creates a new
binding. If it subsequently receives a Neighbor Advertisement (NA) packet, this
means that the address is already being used by another host, and the binding is
therefore deleted. If it does not receive an NA packet after a timeout period, the
binding will be bound to the original host. ND snooping can also maintain a prefix
table used for stateless address auto-configuration by monitoring Router
Advertisement (RA) packets sent from neighboring routers.
ND snooping can also detect if an IPv6 address binding is no longer valid. When a
binding has been timed out, it checks to see if the host still exists by sending an NS
packet to the target host. If it receives an NA packet in response, it knows that the
target still exists and updates the lifetime of the binding; otherwise, it deletes the
binding.
This section describes commands used to configure ND Snooping.
Table 190: ND Snooping Commands
Command Function Mode
ipv6 nd snooping Enables ND snooping globally or on a specified VLAN or
range of VLANs
GC
ipv6 nd snooping auto-detect Enables automatic validation of binding table entries by
periodically sending NS messages and awaiting NA
replies
GC
ipv6 nd snooping auto-detect
retransmit count
Sets the number of times to send an NS message to
determine if a binding is still valid
GC
ipv6 nd snooping auto-detect
retransmit interval
Sets the interval between sending NS messages to
determine if a binding is still valid
GC
ipv6 nd snooping prefix
timeout
Sets the time to wait for an RA message before deleting
an entry in the prefix table
GC
ipv6 nd snooping
max-binding
Sets the maximum number of address entries which can
be bound to a port
IC
ipv6 nd snooping trust Configures a port as a trusted interface from which prefix
information in RA messages can be added to the prefix
table, or NS messages can be forwarded without
validation
IC
clear ipv6 nd snooping
binding
Clears all entries in the address binding table PE
clear ipv6 nd snooping prefix Clears all entries in the prefix table PE
To Next Page
Loading...
Need help?
General