391
Configuration guidelines
Follow these guidelines when you configure ND detection:
• To create IPv6 static bindings with IP source guard, use the ipv6 source binding command. For more
information, see "Configuring IP source guard."
• T
he DHCPv6 snooping table is created automatically by the DHCPv6 snooping module. For more
information, see Layer 3—IP Services Configuration Guide.
• The ND snooping table is created automatically by the ND snooping module. For more information,
see Layer 3—IP Services Configuration Guide.
• ND detection performs source check by using the binding tables of IP source guard, DHCPv6
snooping, and ND snooping. To prevent an ND-untrusted port from discarding legal ND packets in
an ND detection-enabled VLAN, make sure that at least one of the three functions is available.
• When creating an IPv6 static binding with IP source guard for ND detection in a VLAN, specify the
VLAN ID for the binding. If not, no ND packets in the VLAN can match the binding.
Configuration procedure
To configure ND detection:
Ste
Command
Remarks
1. Enter system view. system-view N/A
2. Enter VLAN view.
vlan vlan-id N/A
3. Enable ND Detection.
ipv6 nd detection enable Disabled by default.
4. Quit system view.
quit N/A
5. Enter Layer 2 Ethernet interface view
or Layer 2 aggregate interface view.
interface interface-type
interface-number
N/A
6. Configure the port as an ND-trusted
port.
ipv6 nd detection trust
Optional.
A port does not trust sources of
ND packets by default.
Displaying and maintaining ND detection
Task Command
Remarks
Display the ND detection
configuration.
display ipv6 nd detection [ | { begin | exclude |
include } regular-expression ]
Available in any view
Display the statistics of discarded
packets when the ND detection
checks the user legality.
display ipv6 nd detection statistics [ interface
interface-type interface-number ] [ | { begin |
exclude | include } regular-expression ]
Available in any view
Clear the statistics by ND
detection.
reset ipv6 nd detection statistics [ interface
interface-type interface-number ]
Available in user view
To Next Page
Loading...
Need help?
General
