285
NOTE:
To create IPv6 static bindings with IP source guard, use the user-bind ipv6 command. For more information, see
the chapter
“
IP source guard configuration.”
The DHCPv6 snooping table is created automatically by the DHCPv6 snooping module. For more information,
see the
Layer 3—IP Services Configuration Guide
.
The ND snooping table is created automatically by the ND snooping module. For more information, see the
Layer 3—IP Services Configuration Guide
.
Configuring ND detection
Follow these steps to configure ND detection:
Required
Disabled by default.
Enter Layer 2 Ethernet interface view
or Layer 2 aggregate interface view
interface interface-type interface-
number
Configure the port as an ND-trusted
port
Optional
A port does not trust sources
of ND packets by default.
NOTE:
ND detection performs source check by using the binding tables of IP source guard, DHCPv6 snooping, and ND
snooping. To prevent an ND-untrusted port from discarding legal ND packets in an ND detection-enabled
VLAN, ensure that at least one of the three functions is available.
When creating an IPv6 static binding with IP source guard for ND detection in a VLAN, specify the VLAN ID for
the binding. If not, no ND packets in the VLAN can match the binding.
Displaying and maintaining ND detection
Display the ND detection
configuration
display ipv6 nd detection [ | { begin | exclude
| include } regular-expression ]
Display the statistics of
discarded packets when the ND
detection checks the user
legality
display ipv6 nd detection statistics [ interface
interface-type interface-number ] [ | { begin |
exclude | include } regular-expression ]
Clear the statistics by ND
detection
reset ipv6 nd detection statistics [ interface
interface-type interface-number ]
To Next Page
Loading...
Need help?
General