These commands configure ND Snooping and ND Inspection as well as their related attributes.
|
|
|
|
NOTE: Run these commands from within the switch configuration.
|
|
|
Configuring ND MAC-check globally
Syntax
Description
Enable global administrative status of ND MAC-check. The MAC-check is not performed on any ND packets if the global administrative status is disabled. The default is disabled
Options
|
mac-check
|
Enable global administrative status of ND MAC-check.
|
Enabling ND Snooping globally
Syntax
Description
Enable global administrative status of ND Snooping. ND packets are not snooped and inspected if the global administrative status of ND Snooping is disabled.
Options
|
snooping
|
Enable global administrative status of ND Snooping.
|
Enabling ND Snooping on a VLAN range
Syntax
ipv6 nd snooping vlan VLAN-ID-RANGE
Description
Enable or disable ND Snooping on a VLAN. When ND Snooping is enabled on a VLAN, the ND packets are inspected to form the ND Binding table and the invalid packets are dropped.
When [no] is specified, the ND Snooping feature is disabled on the VLANs.
Default is disabled.
Options
|
snooping
|
Enable the administrative status of ND Snooping.
|
Clearing ND Snooping bindings
Clear ND Snooping Bindings of IPv6-addr, MAC or VLAN.
Syntax
clear ipv6 nd snooping bindings ipv6-address | vlan vlan-id | mac mac-addr
Description
Clear all ND Snooping binding entries or binding entries on the specified IPv6-address, VLAN, or MAC-address.
Options
|
nd
|
Neighbor Discovery.
|
|
snooping
|
Clear ND Snooping information.
|
Configure the prefix lists
Syntax
This is a command in the VLAN context.
[no] ipv6 nd snooping prefix-list IPV6-ADDR
Description
Configure IPv6 prefix-list for ND Snooping. Prefix-list allows the user to specify network prefix ranges that are allowed. The prefix-list should be configured when there are no router advertisements received by the switch.
Options
|
Prefix-list
|
Configure IPv6 prefix-list for ND Snooping. Configures network prefix ranges to be specified as allowed. The prefix-list should be configured when no router advertisements are received by the switch.
|
Configuring maximum learn entries on an port
Configures the maximum number of ND Snooping entries that can be learned on a port.
If the maximum bindings value is configured before enabling ND Snooping, the limit is immediately applied and the bindings are not allowed to exceed the max-bindings value. If the max-bindings value is set after enabling ND Snooping, the following applies:
-
The current bindings are greater than the max-binding value, the configuration is applied as and when the ND Snooping entry ages out.
-
Current bindings are less than that of the value entered, the configuration is immediately applied.
|
|
|
|
NOTE: This is similar to the features DSNOOPv4, DSNOOPv6 in some switches.
|
|
|
Maximum number of ND Snooping entries
Syntax
ipv6 nd snooping max-binding PORT-LIST 1-16384
Description
Configures the maximum number of ND Snooping entries that can be learned by an interface.
The default for number of interface learned entries is 16384.
Options
|
max-bindings
|
Maximum number of ND Snooping entries that can be learned on a port.
|
Configuring a port as trusted for ND Snooping
Allows users to configure the trusted port for the ND Snooping.
Syntax
ipv6 nd snooping trust ethernetPORT-LIST
Description
Configure trusted ports for ND Snooping. Routers are connected to the trusted ports. Router advertisements and Router redirects are processed in the trusted ports and dropped in the untrusted ports.
Options
|
snooping
|
Neighbor discovery snooping.
|
|
trust
|
Configure trusted ports.
|
Clearing IPv6 ND Snooping statistics
Clears the ND Snooping statistics for a given port.
Syntax
clear ipv6 nd snooping statistics ethernet PORT-LIST
Description
Clears the IPv6 ND Snooping statistics on the given port. The statistics can also be cleared for a port list.
Options
|
snooping
|
Clears all types of statistics related to ND Snooping.
|
|
statistics
|
Clears all ND Snooping port statistics.
|
Configuring traps for ND Snooping
Syntax
[no] snmp-server enable traps nd-snooping | out-of-resources | violations
Description
Allows user to configure traps for ND Snooping. Enable traps for out-of-resources or for ND Snooping violations. If traps are enabled for out-of-resources, traps are sent when no hardware resources are available to apply ND Snooping. If traps are enabled for ND Snooping violations, traps are sent for any ND Snooping violations.
Options
|
out-of-resources
|
when the number of bindings exceed the maximum limit of 16384 bindings
|
|
violations
|
when an invalid ND packet is detected.
|
Usage
[no] snmp-server enable traps nd-snooping [out-of-resources |violations]
Description
Set the trap for nd snooping
Usage
[no]snmp-server enable traps nd-snooping out-of-resources
Description
Set the trap for ND Snooping out of resources. This trap is sent when the number of bindings exceed the maximum limit of 16384.
Usage
[no]snmp-server enable traps nd-snooping violations
Description
Set the trap for ND Snooping violations. This trap is sent when an invalid ND packet is received. Command <TAB> help:
Enable debug for IPv6 ND Snooping
Enable and disable debug option for IPv6 ND Snooping.
Syntax
[no]debug ipv6 nd snooping
Description
Debug messages are useful while debugging error cases. Generally enabled only during the debug session.
Options
|
snooping
|
Display all IPv6 ND Snooping messages.
|
![[NOTE: ]](images/note.gif)