Configuring Nd Snooping - HP 830 Series Configuration Manual

Poe+ unified wired-wlan switch switching engine

Hide thumbs Also See for 830 Series:

Configuration manual (530 pages)

Command reference manual (136 pages)

Installation manual (58 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

Table of Contents

Configuring ND snooping

The ND snooping feature is used in Layer 2 switching networks. You must enable ND snooping on a

VLAN of a device, ND packets received by the interfaces of the VLAN are redirected to the CPU. When

ND snooping is enabled globally, the CPU uses the ND packets to create or update ND snooping

entries.

The following items describe how an ND snooping entry is created, updated, and aged out:

Creating an ND snooping entry

The device only uses received DAD NS messages to create ND snooping entries. An ND snooping

entry includes the source IPv6 address, source MAC address, receiving VLAN, and receiving port.

Updating an ND snooping entry

Upon receiving an ND packet, the device searches the ND snooping table for an entry that

contains the source IPv6 address of the packet. If the entry was refreshed within one second, the

device does not update the entry. If the entry is not refreshed for more than one second, the device

matches the source MAC address and the receiving port of the ND packet against those in the

entry.

If both are matched, the device restarts the aging timer for the ND snooping entry.

If not both are matched and the received packet is a DAD NS message, the message is ignored.

If neither of them matches the entry and the received packet is not a DAD NS message, the

device performs active acknowledgement.

The following is the active acknowledgement process:

The device checks the validity of an existing ND snooping entry. The device sends out a DAD

NS message that contains the IPv6 address of the ND snooping entry. If an NA message is

received during the sending of NS message with the source IPv6 address, source MAC

address, receiving port, and receving VLAN matching the target entry, the device restarts the

aging timer for the existing entry. If no NA message for the NS message is received within one

second after the NS message is sent out, the device starts to check the validity of the received

ND packet.

The device sends out a DAD NS message that contains the source IPv6 address of the received

ND packet. If an NA message for the NS message is received, the device restarts the aging

timer for the entry. If no NA message for the NS message is received within one second after

the DAD NS message is sent out, the device does not update the entry.

Aging out an ND snooping entry

An ND snooping entry is aged out if the entry is not updated within 25 minutes. If an ND snooping

entry is not updated within 15 minutes, the device performs active acknowledgement.

The device sends out a DAD NS message that contains the IPv6 address of an ND snooping entry.

If an NA message is received during the sending of the NS message, the device resets the aging

timer for the entry.

If no NA message is received within one second after the NS message is sent out, the device

deletes the entry when the timer expires.

You can use ND snooping entries in DN detection and IP source guard to check user validity. For

information about ND detection and IP source guard, see Security Configuration Guide.

To configure ND snooping:

109

Table of Contents

Configuring Nd Snooping - HP 830 Series Configuration Manual

Configuring ND snooping

Troubleshooting

Related Manuals for HP 830 Series

Related Content for HP 830 Series

Table of Contents