DAD verifies that a configured unicast IPv6 address is unique before it is assigned to a VLAN interface on the switch. DAD is enabled in the default IPv6 configuration and can be reconfigured, disabled, or re-enabled at the global config or per-interface command level. DAD can be useful in helping to troubleshoot erroneous replies to DAD requests, or where the neighbor cache contains a large number of invalid entries caused by an unauthorized station sending false replies to the switch's ND queries. If DAD verifies that a unicast IPv6 address is a duplicate, the address is not used. If the link-local address of the VLAN interface is found to be a duplicate of an address for another device on the interface, the interface stops processing IPv6 traffic.
On a given VLAN interface, when a new unicast address is configured, the switch runs DAD for this address by sending a neighbor solicitation to the All-Nodes multicast address (ff02::1). This operation discovers other devices on the VLAN and verifies whether the proposed unicast address assignment is unique on the VLAN. (During this time, the address being checked for uniqueness is held in a tentative state and cannot be used to receive traffic other than neighbor solicitations and neighbor advertisements.) A device that receives the neighbor solicitation responds with a neighbor advertisement that includes its link-local address. If the newly configured address is from a static or DHCPv6 source and is found to be a duplicate, it is labeled as duplicate in the "Address Status" field of the show ipv6 command and is not used. If an autoconfigured address is found to be a duplicate, it is dropped and a similar message appears in the Event Log:
DAD does not perform periodic checks of existing addresses. However, when a VLAN comes up with IPv6 unicast addresses configured (as can occur during a reboot), the switch runs DAD for each address on the interface by sending neighbor solicitations to the All-Nodes multicast address, as described above.
If an address is configured while DAD is disabled, the address is assumed to be unique and is assigned to the interface. If you want to verify the uniqueness of an address configured while DAD was disabled, re-enable DAD and then either delete and reconfigure the address, or reboot the switch.
Syntax:
This command is executed at the global config level, and configures the number of neighbor solicitations to send when performing duplicate address detection for a unicast address configured on a VLAN interface.
<0-255>: The number of consecutive neighbor solicitation messages sent for DAD inquiries on an interface. Setting this value to 0 disables DAD on the interface, which bypasses checks for uniqueness on newly configured addresses. If a reboot is performed while DAD is disabled, the duplicate address check is not performed on any IPv6 addresses configured on the switch.Default: 3 (enabled); Range: 0–255 (0 = disabled)
The
noform of the command restores the default setting (3).
Syntax:
Used on VLAN interfaces to reconfigure the ND time in milliseconds between DAD neighbor solicitations sent for an unresolved destination, or between duplicate address detection neighbor solicitation requests. Increasing this setting is indicated where neighbor solicitation retries or failures are occurring, or in a "slow" (WAN) network.
This value can be configured in an RA to help ensure that all hosts on a VLAN are using the same retransmit interval for ND. See Setting or changing the hop-limit for host-generated packets.
Syntax:
Used on VLAN interfaces to configure the length of time in milliseconds a neighbor is considered reachable after the Neighbor Unreachability Detection algorithm has confirmed it to be reachable. When the switch operates in host mode, this setting can be overridden by a reachable time received in an RA.
This value can be configured in an RA to help ensure that all hosts on a VLAN are using the same reachable time in their neighbor cache.
To view the current setting, use
show ipv6 nd.Default: 30000 ms; Range: 1000–3600000 ms
-
A verified link-local unicast address must exist on a VLAN interface before the switch can run DAD on other addresses associated with the interface.
-
If a previously configured unicast address is changed, a neighbor advertisement (an all-nodes multicast message--ff02::1) is sent to notify other devices on the VLAN and to perform DAD.
-
IPv6 addresses on a VLAN interface are assigned to multicast address groups identified with well-known prefixes.
-
DAD is performed on all stateful, stateless, and statically configured unicast addresses.
-
Neighbor solicitations for DAD do not cause the neighbor cache of neighboring switches to be updated.
-
If a previously configured unicast address is changed, a neighbor advertisement is sent on the VLAN to notify other devices and for duplicate address detection.
-
If DAD is disabled when an address is configured, the address is assumed to be unique and is assigned to the interface.