Commands For Nd Snooping

6.7 Commands for ND Snooping

6.7.1 clear ipv6 nd snooping binding

Command: clear ipv6 nd snooping binding [<interface-name>] Function: Clear all ND Snooping dynamic binds.
Parameters:

  • <interface-name>: name of an Ethernet port.

Command mode: Admin Mode
Default: None.
Usage Guide: Clear all ND Snooping bind tables or bind entries for a port. The entries of the corresponding FFP hardware drive will also be cleared.
Example: Clear all ND Snooping dynamic binds.

active500EM(config)#ipv6 nd snooping enable
active500EM# clear ipv6 nd snooping binding

 

6.7.2 debug ipv6 nd snooping

Command: debug ipv6 nd snooping {packet | event | binding}
no debug ipv6 nd snooping {packet | event | binding}
Function: Open/close the ND Snooping debug function.
Parameters:

  • packet: shows received and sent ND packet debug information.
  • event: shows ND snooping packet processes and the timer event debug information.
  • binding: shows the ND snooping debug information managing the binding table.

Command mode: Port Mode
Default: Disabled.
Usage Guide: Opens ND Snooping debugging.
Example: Show the ND Snooping debug information.

active500EM#debug ipv6 nd snooping packet
Receive packet, smac 00-21-27-aa-0f-46, dmac 00-03-0f-00-de-01,
 saddr fe80::221:27ff:feaa:f46, daddr 2001::1,
 interface Ethernet1/0/17(portID 0x1000011), vid 1, length 90,
 type 135, opcode 0, target address 2001::1

 

6.7.3 ipv6 nd snooping enable (Global mode)

Command: ipv6 nd snooping enable
no ipv6 nd snooping enable
Function: Enable/disable the global ND Snooping monitoring function.
Parameters: None.
Command mode: Global Mode
Default: Disabled.
Usage Guide: Only after global ND Snooping is enabled can configuration of the ND Snooping port occur. NA/NS packets of all ports are not forwarded but are copied to the CPU. After ND Snooping processing, these packets are forwarded according to the identified rules.
Example: Enable ND Snooping globally.

active500EM(config)#ipv6 nd snooping enable

 

6.7.4 ipv6 nd snooping mac-binding-limit

Command: ipv6 nd snooping mac-binding-limit <number>
no ipv6 nd snooping mac-binding-limit
Function: Configure the max number of IPv6 addresses that can be bound to the same MAC address.
Parameters:

  • <number>: max value. It only includes the dynamic bind number. The corresponding static bind number is not limited. The valid range is from 1 to 10.

Command mode: Global Mode
Default: 10.
Usage Guide: After receiving this configuration command, the max number of dynamic binds that can occur which relate to the same MAC address is globally set. If the corresponding dynamic bind number of one MAC address exceeds the configuration value, then this command deletes some dynamic binds which have a high age value until the number of the dynamic binds equals the configured value. The bind corresponding with this MAC address is then stopped. If the bind number is less than the configuration value, the new dynamic bind can still be created.
Example: Configure the max number of IPv6 addresses that can be bound to the same MAC address.

active500EM(config)#ipv6 nd snooping enable
active500EM(config)#ipv6 nd snooping mac-binding-limit 10

 

6.7.5 ipv6 nd snooping max-dad-delay

Command: ipv6 nd snooping max-dad-delay <max-dad-delay>
no ipv6 nd snooping max-dad-delay
Function: Set the SAC-START state lifetime for a bind.
Parameters:

  • <max-dad-delay>: SAC-START state lifetime. The valid range is from 1 to 10. The unit is seconds.

Command mode: Global Mode
Default: SAC-START state binds the lifetime as 1 second.
Usage Guide: Resets the SAC-START state bind lifetime as <max-dad-delay> or 1 second.
Example: Configure the lifetime to 10 seconds.

active500EM(config)#ipv6 nd snooping enable
active500EM(config)#ipv6 nd snooping max-dad-delay 10

 

6.7.6 ipv6 nd snooping max-dad-prepare-delay

Command: ipv6 nd snooping max-dad-prepare-delay <max-dad-prepare-delay>
no ipv6 nd snooping max-dad-prepare-delay
Function: Set the SAC-QUERY state lifetime for a bind.
Parameters:

  • <max-dad-prepare-delay>: lifetime of the SAC-QUERY state. The valid range is from 1 to 10. The unit is seconds.

Command mode: Global Mode
Default: SAC-QUERY state binds the lifetime as half a second.
Usage Guide: Reset the SAC-QUERY state bind lifetime to <max-dad-prepare-delay> or half a second.
Example: Configure the lifetime to 10 seconds.

active500EM(config)#ipv6 nd snooping enable
active500EM(config)#ipv6 nd snooping max-dad-prepare-delay 10

 

6.7.7 ipv6 nd snooping max-sac-lifetime

Command: ipv6 nd snooping max-sac-lifetime <max-sac-lifetime>
no ipv6 nd snooping max-sac-lifetime
Function: Set the SAC-BOUND lifetime state for a bind.
Parameters:

  • <max-sac-lifetime>: SAC-BOUND state lifetime. The valid range is from 1 to 31536000. The unit is seconds.

Command mode: Global Mode
Default: SAC-BOUND state binds the lifetime as 2 hours. (7200 seconds)
Usage Guide: Change SAC-BOUND state lifetime.
Example: Configure the lifetime to 36000 seconds.

active500EM(config)#ipv6 nd snooping enable
active500EM(config)#ipv6 nd snooping max-sac-lifetime 36000

 

6.7.8 ipv6 nd snooping policy

Command: ipv6 nd snooping policy {bind-eui64-address | bind-non-eui64-address}
no ipv6 nd snooping policy
Function: Configure the ND Snooping addresses dynamic bind policy.
Parameters:

  • bind-eui64-address: only the address of the global unicast EUI-64 is bound.
  • bind-non-eui64-address: the global unicast address of non EUI-64 is bound. Default means the global unicast address is bound.

Command mode: Global Mode
Default: Bind any global unicast addresses.
Usage Guide: After the policy is configured, only bind the IPv6 addresses which are specified by the policy. A message is displayed for a non-policy and specifies the global unicast address to report the conflict.
Example: Configure the global unicast bind EUI-64.

active500EM(config)#ipv6 nd snooping enable
active500EM(config)#ipv6 nd snooping policy bind-eui64-address

 

6.7.9 ipv6 nd snooping port-binding-limit

Command: ipv6 nd snooping port-binding-limit <binding-number>
no ipv6 nd snooping port-binding-limit
Function: Configure the bind number of the port. This bind number only limits the dynamic port binds but does not limit the number of the static binds.
Parameters:

  • <binding-number>: the max number which can be bound for each port. The valid range is from 1 to 100.

Command mode: Port Mode
Default: 100.
Usage Guide: This command sets the max value of the dynamic binds for the port. It checks the dynamic binds of this port and identifies the dynamic bind number. If the number exceeds the configured value, then the switch deletes some high age dynamic binds until the number of the dynamic binds equals this configuration value. It stops creating new dynamic binds for this port. If the number of the dynamic binds is less than this configured value, new dynamic binds can still be created.
Example: Configure the number which can be bound by the port.

active500EM(config)#ipv6 nd snooping enable
active500EM(config-if-ethernet1/0/1)#ipv6 nd snooping port-binding-limit 100

 

6.7.10 ipv6 nd snooping static-binding

Command: ipv6 nd snooping static-binding <ipv6-address> hardware-address <hardware-address> interface <interface-name >
no ipv6 nd snooping static-binding <ipv6-address>
Function: Add a static bind.
Parameters:

  • <ipv6-address>: can bind the global unicast address only. It cannot bind the link local address, the unspecific address, and the loopback address.
  • <hardware-address>: the IEEE802 hardware MAC address.
  • <interface-name>: the corresponding port ID.

Command mode: Global Mode
Default: None.
Usage Guide: This command checks the configured IPv6 addresses. If the configured addresses are the multicast addresses of the nodes, the local address of the link, the unspecified address, or the loopback address, then show the error information. According to the IPv6 address and the MAC address configured check the static binding table. If the IPv6 address bind exists, then the command displays the bind information of this IPv6 address. If there is no bound IPv6 address, the command creates a new static bind. If ND Snooping has been enabled on the bound port, then the command sends the bind entries to the FFP hardware drive. The command also checks the dynamic bind table. If the dynamic bind matches the static bind, then the command deletes the dynamic bind and retains the entries on the FFP hardware drive. If the bind matches the IPv6 address, and the anchor information is different, then the command deletes this dynamic bind and the entries in the FFP hardware drive.
Example: Add a static bind to the static bind table.

active500EM(config)#ipv6 nd snooping enable
active500EM(config)#ipv6 nd snooping static-binding 2001::2:1 hardware-address 00-11-22-33-44-55 interface ethernet1/0/1

 

6.7.11 ipv6 nd snooping trust

Command: ipv6 nd snooping trust
no ipv6 nd snooping trust
Function: Set the trust port of the switch.
Parameters: None.
Command mode: Port Mode
Default: Untrusted port.
Usage Guide: This command sets a port, or a group of ports, as the trusted port and deletes all dynamic binds, stops creating new binds, and accessing of packets is allowed for the corresponding port (or ports).
Example: Set a port, or a group of ports, as trusted ports.

active500EM(config)#interface ethernet1/0/1
active500EM(config-if-ethernet1/0/1)#ipv6 nd snooping trust

 

6.7.12 ipv6 nd snooping user-control

Command: ipv6 nd snooping user-control
no ipv6 nd snooping user-control
Function: Enable the control function of the ports for ND Snooping.
Parameters: None.
Command mode: Port Mode.
Default: Disabled.
Usage Guide: After the control function of ND Snooping is disabled, this command clears all FFP drive entries which are sent by ND Snooping for this port. Bind information is not deleted.
Example: Configure the ND Snooping function on the port.

active500EM(config)#ipv6 nd snooping enable
active500EM(config)#interface ethernet 1/0/1
active500EM(config-if-ethernet1/0/1)#ipv6 nd snooping user-control

 

6.7.13 show ipv6 nd snooping binding

Command: show ipv6 nd snooping binding [<ipv6-address> | <hardware-address> | <interface-name> | all] Function: Show the global configuration and all ND Snooping binds or the configuration and the bind information of a port.
Parameters:

  • <ipv6-address>: show the bind information according to the specified IPv6 address.
  • <hardware-address>: show the bind information according to the specified MAC address.
  • <interface-name>: show the bind information according to the specified port.
  • all: show all information.

Command mode: Admin Mode.
Default: None.
Usage Guide: Show the configuration and the bind information of ND Snooping.
Example: Show the global configuration and all ND Snooping binds.

active500EM#show ipv6 nd snooping binding all
ND Snooping is enabled
ND Snooping max-dad-delay: 1 s
ND Snooping max-sac-lifetime:7200 s
ND Snooping max-dad-prepare-delay: 0.5 s
ND Snooping max-mac-binding-num: 10
ND Snooping binding-policy: bind-all-type-address
ND Snooping auto binding count: 0, static binding count: 1
MAC                 IPv6 address   Interface       Vlan ID   State
-----------------------------------------------------------------------------
00-11-22-33-44-55   2001::2:1      Ethernet1/0/1   1         SAC-STATIC
-----------------------------------------------------------------------------

 


Return to Controller Wired CLI Table of Contents