Information about ipv6 – Cisco ASA 5505 User Manual
Page 304
8-12
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 8 Completing Interface Configuration (Routed Mode)
Completing Interface Configuration in Routed Mode
•
Information About IPv6, page 8-12
•
Configuring a Global IPv6 Address and Other Options, page 8-13
Information About IPv6
This section includes information about how to configure IPv6, and includes the following topics:
•
•
Duplicate Address Detection, page 8-12
•
Modified EUI-64 Interface IDs, page 8-13
IPv6 Addressing
You can configure two types of unicast addresses for IPv6:
•
Global—The global address is a public address that you can use on the public network.
•
Link-local—The link-local address is a private address that you can only use on the
directly-connected network. Routers do not forward packets using link-local addresses; they are
only for communication on a particular physical network segment. They can be used for address
configuration or for the ND functions such as address resolution and neighbor discovery.
At a minimum, you need to configure a link-local addresses for IPv6 to operate. If you configure a global
address, a link-local address is automatically configured on the interface, so you do not also need to
specifically configure a link-local address. If you do not configure a global address, then you need to
configure the link-local address, either automatically or manually.
Note
If you want to only configure the link-local addresses, see the ipv6 enable (to auto-configure) or ipv6
address link-local (to manually configure) command in the command reference.
Duplicate Address Detection
During the stateless autoconfiguration process, duplicate address detection (DAD) verifies the
uniqueness of new unicast IPv6 addresses before the addresses are assigned to interfaces (the new
addresses remain in a tentative state while duplicate address detection is performed). Duplicate address
detection is performed first on the new link-local address. When the link-local address is verified as
unique, then duplicate address detection is performed all the other IPv6 unicast addresses on the
interface.
Duplicate address detection is suspended on interfaces that are administratively down. While an
interface is administratively down, the unicast IPv6 addresses assigned to the interface are set to a
pending state. An interface returning to an administratively up state restarts duplicate address detection
for all of the unicast IPv6 addresses on the interface.
When a duplicate address is identified, the state of the address is set to DUPLICATE, the address is not
used, and the following error message is generated:
%ASA-4-325002: Duplicate address ipv6_address/MAC_address on interface
If the duplicate address is the link-local address of the interface, the processing of IPv6 packets is
disabled on the interface. If the duplicate address is a global address, the address is not used. However,
all configuration commands associated with the duplicate address remain as configured while the state
of the address is set to DUPLICATE.