Chapter 27 nd snooping configuration, 1 introduction to nd snooping, 2 nd snooping basic configuration – PLANET XGS3-24040 User Manual

Page 207: Ntroduction to, Nooping, Asic, Onfiguration

Advertising
background image

Chapter 28 DHCP Configuration

27-1

Chapter 27 ND Snooping Configuration

27.1 Introduction to ND Snooping

The purpose of developing ND snooping module: using Control Packet Snooping (CPS) mechanism, that

means to detect the validity of access packets through the method which bind the source IPv6 address and

the anchor information, so as to permit the matched packets and drop the unmatched packets that will control

access of the direct connected IPv6 nodes. The development of this module requirement refers to IPv6 NDP

and 《 Control Packet Snooping Based Binding draft-bi-savi-cps-00 》 draft. ND snooping adopts the

“first-come first-serve” of the 《 First-Come First-Serve Source-Address Validation Implementation

draft-ietf-savi-fcfs-01》 draft that means to set up the first bound nodes as the legality nodes, and it is a

principle to check the validity of the nodes.

ND snooping is mostly applied to the access device (such as layer 2 switch,wireless access node). The

access device creates the binding information table of link-local nodes (the binding refers to the IPv6 address

and the port ID and the MAC address of the nodes) according to the NDP packets received from theses ports,

then creates the rules of FFP (Fast Filter Processor) hardware drive according to the binding information table,

and implements the access control of the link-local nodes.

27.2 ND Snooping Basic Configuration

ND Snooping Configuration Task List:

1. Enable or disable the monitor function of ND Snooping

2. Configure the lifetime of ND Snooping

1)

Set the binding lifetime of SAC_BOUND state

2)

Set the binding lifetime of SAC_START state

3)

Set the binding lifetime of SAC-QUERY state

3. The binding function of ND Snooping

1)

Configure the dynamic binding policy of ND Snooping address

2)

Add a static binding

3)

Configure the max number of IPv6 addresses that can be bound to the same MAC address

4)

Set the max binding number for the ports

5)

Clear all dynamic bindings of ND Snooping

4. Set the trust port of the switch

1. Enable or disable the monitor function of ND Snooping

Command

Expalnation

Global mode

ipv6 nd snooping enable

no ipv6 nd snooping enable

Enable or disable ND Snooping

globally.

Port mode

Advertising
Popular Brands
Popular manuals