Configuring nd snooping, Introduction, For dad – H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 127
116
NOTE:
•
The maximum interval for sending RA messages should be less than or equal to the router lifetime in RA
messages, so that the router can be updated through an RA message before expiration.
•
The values of the NS retransmission timer and the reachable time configured for an interface are sent to
hosts via RA messages. Furthermore, this interface sends NS messages at the interval of the NS
retransmission timer and considers a neighbor reachable within the reachable time.
Configuring the maximum number of attempts to send an NS
message for DAD
An interface sends an NS message for DAD after acquiring an IPv6 address. If the interface does not
receive a response within a specified time (determined by the ipv6 nd ns retrans-timer command), it
continues to send an NS message. If it still does not receive a response after the number of sent attempts
reaches the threshold (specified with the ipv6 nd dad attempts command), the acquired address is
considered usable.
Follow these steps to configure the attempts to send an NS message for DAD:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enter interface view
interface interface-type
interface-number
—
Configure the number of attempts
to send an NS message for DAD
ipv6 nd dad attempts value
Optional
1 by default. When the value argument is
set to 0, DAD is disabled.
Configuring ND snooping
Introduction
The ND snooping feature is used in Layer 2 switching networks. It creates ND snooping entries using
DAD NS messages.
ND snooping entries are used to:
•
Cooperate with the ND detection function. For more information about ND detection, see the
Security Configuration Guide.
•
Cooperate with the IP Source Guard function. For more information about IP source guard, see the
Security Configuration Guide.
•
Work in all SAVI scenarios. For more information about SAVI, see the Security Configuration Guide.
After you enable ND snooping on a VLAN of a device, ND packets received by the interfaces of the
VLAN are redirected to the CPU. When ND snooping is enabled globally, the CPU uses the ND packets
to create or update ND snooping entries comprising source IPv6 address, source MAC address,
receiving VLAN, and receiving port information.
The following items describe how an ND snooping entry is created, updated, and aged out.
1.
Creating an ND snooping entry
The device only uses received DAD NS messages to create ND snooping entries.