HP 5120 SI Series

HP 5120 SI Series

385 pages

To Next Page

To Next Page

To Previous Page

To Previous Page

Loading...

321

The ND detection function operates on a per VLAN basis. In an ND detection-enabled VLAN, a port is

either ND-trusted or ND-untrusted:

• An ND-trusted port does not check ND packets for address spoofing.

• An ND-untrusted port checks all ND packets but RA and RR messages in the VLAN for source

spoofing. RA and RR messages are considered illegal and discarded directly.

The ND detection function checks an ND packet by looking up the IPv6 static bindings table of the IP

source guard function, ND snooping table, and DHCPv6 snooping table in the following steps:

1. Looks up the IPv6 static bindings table of IP source guard, based on the source IPv6 address and

the source MAC address in the Ethernet frame header of the ND packet. If an exact match is found,

the ND packet is forwarded. If an entry matches the source IPv6 address but not the source MAC

address, the ND packet is discarded. If no entry matches the source IPv6 address, the ND

detection function continues to look up the DHCPv6 snooping table and the ND snooping table.

2. If an exact match is found in either the DHCPv6 snooping or ND snooping table, the ND packet is

forwarded. If no match is found in either table, the packet is discarded. If neither the DHCPv6

snooping table nor the ND snooping table is available, the ND packet is discarded.

NOTE:

• To create IPv6 static bindings with IP source guard, use the user-bind ipv6 command. For more

information, see the chapter

"

IP source guard configuration."

• The DHCPv6 snooping table is created automatically by the DHCPv6 snooping module. For more

information, see the

Layer 3—IP Services Configuration Guide

.

• The ND snoopin

g

table is created automatically by the ND snoopin

g

module. For more information, see

the

Layer 3—IP Services Configuration Guide

.

Configuring ND detection

Follow these steps to configure ND detection:

To do… Use the command…

Remarks

Enter system view system-view ––

Enter VLAN view vlan vlan-id ––

Enable ND Detection ipv6 nd detection enable

Required

Disabled by default.

Quit system view quit ––

Enter Layer 2 Ethernet interface view or

Layer 2 aggregate interface view

interface interface-type

interface-number

––

Configure the port as an ND-trusted

port

ipv6 nd detection trust

Optional

A port does not trust sources of

ND packets by default.

Table of Contents

Other manuals for HP 5120 SI Series

Command Reference395 pages

Specification33 pages

Related product manuals

Preview: HP 5120 EI Switch Series

HP 5120 EI Switch Series

Preview: HP 5120 series

Preview: HP 5120 EI Series

HP 5120 EI Series

Preview: HP A3100-8 v2 SI

HP A3100-8 v2 SI

Preview: HP A5500 SI Switch Series

HP A5500 SI Switch Series

Preview: HP 5130 EI series

HP 5130 EI series

Preview: HP 5130-24G-4SFP+ EI

HP 5130-24G-4SFP+ EI

Preview: HP 5130 EI Switch Series

HP 5130 EI Switch Series

HP HPE 5140 24G 4SFP+ EI

Preview: HP FlexNetwork 5130 HI series

HP FlexNetwork 5130 HI series

Preview: HP FlexNetwork 5140 EI Series

HP FlexNetwork 5140 EI Series

Preview: HP 5920