| IP Interface Commands
C
45
HAPTER
ND Snooping
ipv6 nd snooping
This command enables ND snooping globally or on a specified VLAN or
range of VLANs. Use the no form to disable this feature.
S
YNTAX
[no] ipv6 nd snooping [vlan {vlan-id | vlan-range}]
vlan-id - VLAN ID. (Range: 1-4093)
vlan-range - A consecutive range of VLANs indicated by the use a
hyphen, or a random group of VLANs with each entry separated by
a comma.
D
S
EFAULT
ETTING
Disabled
C
M
OMMAND
ODE
Global Configuration
C
U
OMMAND
SAGE
Use this command without any keywords to enable ND snooping
◆
globally on the switch. Use the VLAN keyword to enable ND snooping
on a specific VLAN or a range of VLANs.
Once ND snooping is enabled both globally and on the required VLANs,
◆
the switch will start monitoring RA messages to build an address prefix
table as described below:
If an RA message is received on an untrusted interface, it is
■
dropped. If received on a trusted interface, the switch adds an entry
in the prefix table according to the Prefix Information option in the
RA message. The prefix table records prefix, prefix length, valid
lifetime, as well as the VLAN and port interface which received the
message.
If an RA message is not received updating a table entry with the
■
same prefix for a specified timeout period, the entry is deleted.
Once ND snooping is enabled both globally and on the required VLANs,
◆
the switch will start monitoring NS messages to build a dynamic user
binding table for use in Duplicate Address Detection (DAD) or for use by
other security filtering protocols (e.g., IPv6 Source Guard) as described
below:
If an NS message is received on an trusted interface, it is forwarded
■
without further processing.
If an NS message is received on an untrusted interface, and the
■
address prefix does not match any entry in the prefix table, it drops
the packet.
If the message does match an entry in the prefix table, it adds an
entry to the dynamic user binding table after a fixed delay, and
forwards the packet. Each entry in the dynamic binding table
includes the link-layer address, IPv6 address, lifetime, as well as
the VLAN and port interface which received the message.
– 1410 –