Configuration Guide ND Snooping Configuration
device can use CPP function to implement complete-device flow-limiting and priority control. After ND
Snooping is enabled, the control over ND messages by CPP will be enabled automatically. For
details about ND message flow-limiting configuration in CPP and the priority relationship between ND
messages and other messages, please refer to the section of CPP function configuration.
ND Snooping and NFPP
Besides applying CPP to implement complete-device control over ND messages, the device can also
implement more accurate flow-limiting of ND messages by applying NFPP function, which is only
effective for ND messages checked by CPU. Please refer to NFPP configuration section for detailed
configuration methods. The ND message flow-limiting can meet the needs for both interface
flow-limiting and complete-device flow-limiting.
ND Snooping and IPv6 Compatibility Mode
In order to control IPv6 messages, some IPv4 security policies provide the configuration option of
IPv6 compatibility mode. ND Snooping function can only work under the strict mode of IPv6
compatibility mode. For details about IPv6 compatibility mode, please refer to the section of
IPv4+MAC binding.
Protocol Specification
RFC 2464: Transmission of IPv6 Packets over Ethernet Networks
RFC 4861: Neighbor Discovery for IP version 6 (IPv6)
RFC 4862: IPv6 Stateless Address Autoconfiguration
Default Configurations
The following example shows how to enable the IPv6 ND Snooping:
For example: enable global IPv6 ND snooping
Ruijie# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
To Next Page
Loading...
