Configuring ND Inspection
- Tracy Yang
Step 1Â Â Enable DHCPv6 snooping.
set protocols dhcp snooping vlan <vlan-id> disable <true | false>
NOTE:
ND inspection does not generate table entries by itself and needs to rely on the table entries formed by DHCPv6 snooping, thus, user needs to enable DHCPv6 snooping first.
Step 2Â Â Â Enable ND inspection for a VLAN.
set protocols neighbour inspection vlan <vlan-id> disable <true | false>
NOTE:
DAD message does not carry a source MAC address; therefore, this type of message will be skipped in ND inspection.
Step 3Â Â Â Â (Optional) Configure the device to check source MAC address against the link-layer source address.
set protocols neighbour inspection validate source-mac
Step 4Â Â Â Â (Optional) Configure the trust-port for a device.
set protocols neighbour inspection trust-port <port>
Step 5Â Â Â Â Â Commit the configurations.
commit
Step 6Â Â Â View DHCPv6 snooping dynamic binding table entries used by ND inspection.
run show nd inspection dhcp6-snooping binding
Copyright © 2024 Pica8 Inc. All Rights Reserved.