Configuring Nd Detection; Displaying And Maintaining Nd Detection - HP 3600 v2 Series Security Configuration Manual

Hide thumbs Also See for 3600 v2 Series:
Table of Contents

Advertisement

address, the ND packet is discarded. If no entry matches the source IPv6 address, the ND
detection function continues to look up the DHCPv6 snooping table and the ND snooping table.
If an exact match is found in either the DHCPv6 snooping or ND snooping table, the ND packet is
2.
forwarded. If no match is found in either table, the packet is discarded. If neither the DHCPv6
snooping table nor the ND snooping table is available, the ND packet is discarded.
NOTE:
To create IPv6 static bindings with IP source guard, use the ipv6 source binding command. For more
information, see the chapter
The DHCPv6 snooping table is created automatically by the DHCPv6 snooping module. For more
information, see
The ND snooping table is created automatically by the ND snooping module. For more information, see
Layer 3—IP Services Configuration Guide

Configuring ND detection

Follow these steps to configure ND detection:
To do...
Enter system view
Enter VLAN view
Enable ND Detection
Quit system view
Enter Layer 2 Ethernet interface view or
Layer 2 aggregate interface view
Configure the port as an ND-trusted
port
NOTE:
ND detection performs source check by using the binding tables of IP source guard, DHCPv6 snooping,
and ND snooping. To prevent an ND-untrusted port from discarding legal ND packets in an ND
detection-enabled VLAN, make sure that at least one of the three functions is available.

Displaying and maintaining ND detection

To do...
Display the ND detection
configuration
Display the statistics of discarded
packets when the ND detection
checks the user legality
Clear the statistics by ND
detection
"
IP source guard configuration."
Layer 3—IP Services Configuration Guide
Use the command...
system-view
vlan vlan-id
ipv6 nd detection enable
quit
interface interface-type
interface-number
ipv6 nd detection trust
Use the command
display ipv6 nd detection [ | { begin | exclude |
include } regular-expression ]
display ipv6 nd detection statistics [ interface
interface-type interface-number ] [ | { begin |
exclude | include } regular-expression ]
reset ipv6 nd detection statistics [ interface
interface-type interface-number ]
.
.
352
Remarks
––
––
Required
Disabled by default.
––
––
Optional
A port does not trust sources of
ND packets by default.
Remarks
Available in any view
Available in any view
Available in user view

Hide quick links:

Advertisement

Table of Contents
loading

This manual is also suitable for:

A3100-48 v2

Table of Contents