/
Configuring ND Snooping

Configuring ND Snooping

Owned by Tracy Yang
Nov 18, 2024
1 min read

Step 1   Enable ND snooping protocol in corresponding VLAN.

set protocols neighbour snooping vlan <vlan-id> enable true

Step 2   ND snooping classifies ports connected to IPv6 nodes into trusted and untrusted ports. By default, all ports of the device are untrusted.

set protocols neighbour snooping trust-port <port>

NOTE:

<port>can be a valid physical port or a LAG (Link Aggregation Group) port. The members of the LAG port don’t support configuration as a trust port.

Step 3   (Optional) Configure the maximum number of ND snooping dynamic binding table entries a device is allowed to learn.

set protocols neighbour snooping max-user-number <max-user-num>

Step 4   (Optional) If the device does not send RA messages, the prefix management table entries cannot automatically generate, in this scenario, user can configure static prefix.

set protocols neighbour snooping static-prefix <IPv6Net> vlan <vlan-id>

NOTES:

  • <IPv6Net>cannot be ::/0, multicast address.

  • <vlan-id>must be configured when add or delete.

Step 5   Commit the configuration.

commit

Step 6   View the configuration information and table entries about ND snooping.

run show neighbor snooping

run show neighbor snooping prefix [static | dynamic]

run show neighbor snooping binding

Step 7    (Optional) If needed, users can clear the entries of ND snooping.

run clear neighbor snooping prefix

run clear neighbor snooping binding

 

Copyright © 2025 Pica8 Inc. All Rights Reserved.