Allowing same security level communication, For mor, Allowing same security level – Cisco ASA 5505 User Manual
Page 328: There is an implic, Allowing same security
9-18
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 9 Completing Interface Configuration (Transparent Mode)
Completing Interface Configuration in Transparent Mode
Allowing Same Security Level Communication
By default, interfaces on the same security level cannot communicate with each other, and packets
cannot enter and exit the same interface. This section describes how to enable inter-interface
communication when interfaces are on the same security level.
Information About Inter-Interface Communication
Allowing interfaces on the same security level to communicate with each other is useful if you want
traffic to flow freely between all same security interfaces without access lists.
If you enable same security interface communication, you can still configure interfaces at different
security levels as usual.
Step 3
(Optional)
ipv6 nd suppress-ra
Example:
hostname(config-if)# ipv6 nd suppress-ra
Suppresses Router Advertisement messages on an interface. By
default, Router Advertisement messages are automatically sent in
response to router solicitation messages. You may want to disable
these messages on any interface for which you do not want the
ASA to supply the IPv6 prefix (for example, the outside
interface).
Step 4
(Optional)
ipv6 nd dad attempts
value
Example:
hostname(config-if)# ipv6 nd dad attempts
3
Changes the number of duplicate address detection attempts. The
value argument can be any value from 0 to 600. Setting the value
argument to 0 disables duplicate address detection on the
interface.
By default, the number of times an interface performs duplicate
address detection is 1. See the
for more information.
Step 5
(Optional)
ipv6 nd ns-interval
value
Example:
hostname(config-if)# ipv6 nd ns-interval
2000
Changes the neighbor solicitation message interval. When you
configure an interface to send out more than one duplicate address
detection attempt with the ipv6 nd dad attempts command, this
command configures the interval at which the neighbor
solicitation messages are sent out. By default, they are sent out
once every 1000 milliseconds. The value argument can be from
1000 to 3600000 milliseconds.
Note
Changing this value changes it for all neighbor
solicitation messages sent out on the interface, not just
those used for duplicate address detection.
Step 6
(Optional)
ipv6 enforce-eui64
if_name
Example:
hostname(config)# ipv6 enforce-eui64
inside
Enforces the use of Modified EUI-64 format interface identifiers
in IPv6 addresses on a local link.
The if_name argument is the name of the interface, as specified by
the nameif command, on which you are enabling the address
format enforcement.
See the
“Modified EUI-64 Interface IDs” section on page 9-16
for
more information.
Command
Purpose