Login
- Table of Contents
-
- 05-Network Connectivity
- 00-Preface
- 01-MAC address table commands
- 02-Ethernet link aggregation commands
- 03-VLAN commands
- 04-Loop detection commands
- 05-Spanning tree commands
- 06-LLDP commands
- 07-Layer 2 forwarding commands
- 08-L2TP commands
- 09-ARP commands
- 10-IP addressing commands
- 11-DHCP commands
- 12-DHCP snooping commands
- 13-DHCPv6 commands
- 14-DHCPv6 snooping commands
- 15-DNS commands
- 16-HTTP commands
- 17-IP forwarding basics commands
- 18-Fast forwarding commands
- 19-Adjacency table commands
- 20-IP performance optimization commands
- 21-IPv6 basics commands
- 22-IPv6 neighbor discovery commands
- 23-IPv6 fast forwarding commands
- 24-NAT commands
- 25-Basic IP routing commands
- 26-Static routing commands
- 27-RIP commands
- 28-OSPF commands
- 29-Policy-based routing commands
- 30-IPv6 policy-based routing commands
- 31-IPv6 static routing commands
- 32-RIPng commands
- 33-GRE commands
- 34-IGMP snooping commands
- 35-MLD snooping commands
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 22-IPv6 neighbor discovery commands | 231.82 KB |
IPv6 neighbor discovery commands
display ipv6 nd proxy statistics
display ipv6 nd snooping count vlan
display ipv6 nd user-ip-conflict record
display ipv6 nd user-move record
display ipv6 neighbors entry-limit
display ipv6 neighbors statistics
ipv6 nd autoconfig managed-address-flag
ipv6 nd online-offline-log enable
ipv6 nd ra dns search-list suppress
ipv6 nd ra dns server suppress
ipv6 nd ra hop-limit unspecified
ipv6 nd route-direct advertise
ipv6 nd route-direct prefix convert-length
ipv6 nd snooping dad retrans-timer
ipv6 nd snooping enable global
ipv6 nd snooping enable link-local
ipv6 nd snooping max-learning-num
ipv6 nd unsolicited-na-learning enable
ipv6 nd user-ip-conflict record enable
ipv6 nd user-move record enable
ipv6 neighbor link-local minimize
ipv6 neighbor timer stale-aging
ipv6 neighbors max-learning-num
IPv6 neighbor discovery commands
The router in this document refers to the device that supports routing.
display ipv6 nd proxy statistics
Use display ipv6 nd proxy statistics to display statistics for ND proxy reply packets.
Syntax
display ipv6 nd proxy statistics
Views
Any view
Predefined user roles
network-admin
network-operator
Usage guidelines
You can view statistics for ND proxy reply packets in the most recent hour.
This command displays the ND proxy reply statistics within the most recent minute on a per-second basis and displays the statistics one minute ago on a five-minute basis.
Examples
# Display statistics for ND proxy reply packets.
<Sysname> display ipv6 nd proxy statistics
Last 1 sec proxy count: 200
Last 2 sec proxy count: 400
……
Last 1 min proxy count: 12000
Last 5 min proxy count: 18000
Last 10 min proxy count: 24000
……
Last 60 min proxy count: 182445
Related commands
local-proxy-nd enable
proxy-nd enable
display ipv6 nd snooping count vlan
Use display ipv6 nd snooping count vlan to display the number of IPv6 ND snooping entries for VLANs.
Syntax
display ipv6 nd snooping count vlan [ interface interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays the total number of ND snooping entries in all VLANs.
Examples
# Display the total number of IPv6 ND snooping entries in all VLANs.
<Sysname> display ipv6 nd snooping count vlan
Total entries for VLANs: 5
# Display the total number of IPv6 ND snooping entries on GigabitEthernet 1/0/1.
<Sysname> display ipv6 nd snooping count vlan interface gigabitethernet 1/0/1
Total entries on interface GE1/0/1: 2
Table 1 Command output
|
Field |
Description |
|
Total entries for VLANs |
Total number of ND snooping entries in all VLANs. |
|
Total entries on interface xxx |
Total number of ND snooping entries on the interface. |
Related commands
ipv6 nd snooping enable global
ipv6 nd snooping enable link-local
reset ipv6 nd snooping vlan
display ipv6 nd snooping vlan
Use display ipv6 nd snooping vlan to display ND snooping entries in the specified VLAN.
Syntax
display ipv6 nd snooping vlan [ [ vlan-id | interface interface-type interface-number ] [ global | link-local ] | ipv6-address ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
vlan vlan-id: Displays ND snooping entries for the specified VLAN. The value range for the VLAN ID is 1 to 4094.
interface interface-type interface-number: Displays ND snooping entries for the specified interface in a VLAN. The interface-type interface-number argument specifies an interface by its type and number.
global: Displays ND snooping entries for global unicast addresses in the VLAN.
link-local: Displays ND snooping entries for link-local addresses in the VLAN.
ipv6-address: Displays the ND snooping entry for the specified IPv6 address.
verbose: Displays detailed information about ND snooping entries in the VLAN. If you do not specify this keyword, the command displays brief information about ND snooping entries.
Usage guidelines
If you do not specify any parameters, this command displays all ND snooping entries.
Examples
# Display brief information about IPv6 ND snooping entries for VLAN 1.
<Sysname> display ipv6 nd snooping vlan 1
IPv6 address MAC address VID Interface Status Age
1::2 0000-1234-0c01 1 GE1/0/2 VALID 57
# Display detailed information about IPv6 ND snooping entries for VLAN 1.
<Sysname> display ipv6 nd snooping vlan 1 verbose
IPv6 address: 1::2
MAC address: 0000-1234-0c01
Interface: GE1/0/2
First VLAN ID: 1 Second VLAN ID: N/A
Status: VALID Age: 57
Table 2 Command output
|
Field |
Description |
|
IPv6 address |
IPv6 address in the ND snooping entry. |
|
MAC address |
MAC address in the ND snooping entry. |
|
VID |
ID of the VLAN to which the ND snooping entry belongs. |
|
First VLAN ID |
ID of the SVLAN to which the ND snooping entry belongs. |
|
Second VLAN ID |
ID of the CVLAN to which the ND snooping entry belongs. If no CVLAN is configured, this field displays N/A. |
|
Interface |
Input interface in the ND snooping entry. |
|
Status |
Status of the ND snooping entry: · TENTATIVE—The entry is ineffective. · VALID—The entry is effective. · TESTING_TPLT—The entry is being tested by DAD. The device performs DAD for the entry in the following situations: ¡ The entry ages out. ¡ An ND trusted interface in the VLAN receives an ND message from the IPv6 address in the entry. · TESTING_VP—The entry is being tested by DAD. The device performs DAD when an ND untrusted interface in the VLAN receives an ND message from the IPv6 address in the entry. |
|
Age |
For an ND snooping entry in VALID status, this field displays its remaining aging time in seconds. For an ND snooping entry in other status, this field displays a pound sign (#). |
Related commands
ipv6 nd snooping enable global
ipv6 nd snooping enable link-local
display ipv6 nd user-ip-conflict record
Use display ipv6 nd user-ip-conflict record to display user IPv6 address conflict records.
Syntax
display ipv6 nd user-ip-conflict record
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display all user IPv6 address conflict records.
<Sysname> display ipv6 nd user-ip-conflict record
IPv6 address: 10::1
System time: 2020-02-02 11:22:29
Conflict count: 1
Log suppress count: 0
Old interface: GigabitEthernet1/0/1
New interface: GigabitEthernet1/0/2
Old SVLAN/CVLAN: 100/2
New SVLAN/CVLAN: 100/2
Old MAC: 00e0-ca63-8141
New MAC: 00e0-ca63-8142
IPv6 address: 10::2
System time: 2020-02-02 10:20:30
Conflict count: 1
Log suppress count: 0
Old interface: GigabitEthernet1/0/1
New interface: GigabitEthernet1/0/2
Old SVLAN/CVLAN: 100/--
New SVLAN/CVLAN: 100/--
Old MAC: 00e0-ca63-8141
New MAC: 00e0-ca63-8142
Table 3 Command output
|
Field |
Description |
|
IPv6 address |
IPv6 address of a user. |
|
System time |
Time when the user IPv6 address conflict occurred. |
|
Conflict count |
Number of times user IPv6 address conflicts occurred. |
|
Log suppress count |
Number of times user IPv6 address conflict log generation has been suppressed. |
|
Old interface |
Output interface in the old ND entry. |
|
New interface |
Output interface in the new ND entry. |
|
Old SVLAN/CVLAN |
ID of the outer VLAN or inner VLAN in the old ND entry. This field displays hyphens (--) if the ND entry does not belong to any outer VLAN or inner VLAN. |
|
New SVLAN/CVLAN |
ID of the outer VLAN or inner VLAN in the new ND entry. This field displays hyphens (--) if the ND entry does not belong to any outer VLAN or inner VLAN. |
|
Old MAC |
MAC address in the old ND entry. |
|
New MAC |
MAC address in the new ND entry. |
Related commands
ipv6 nd user-ip-conflict record enable
display ipv6 nd user-move record
Use display ipv6 nd user-move record to display user port migration records.
Syntax
display ipv6 nd user-move record
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display all user port migration records.
<Sysname> display ipv6 nd user-move record
IPv6 address: 10::1
MAC address: 00e0-ca63-8141
System time: 2020-02-02 11:22:29
Move count: 1
Log suppress count: 0
Before:
interface: GigabitEthernet1/0/1
SVLAN/CVLAN: 100/2
After:
interface: GigabitEthernet1/0/2
SVLAN/CVLAN: 100/2
IPv6 address: 10::2
MAC address: 00e0-ca63-8142
System time: 2020-02-02 10:20:30
Move count: 1
Log suppress count: 0
Before:
interface: GigabitEthernet1/0/1
SVLAN/CVLAN: 100/--
After:
interface: GigabitEthernet1/0/2
SVLAN/CVLAN: 100/--
Table 4 Command output
|
Field |
Description |
|
IPv6 address |
IPv6 address of the user. |
|
MAC address |
MAC address of the user. |
|
System time |
Time when the user port migration occurred. |
|
Move count |
Number of times the user port migrated. |
|
Log suppress count |
Number of times user port migration log generation has been suppressed. |
|
Before |
Information before the user port migration. |
|
interface |
Interface information in the ND entry. |
|
SVLAN/CVLAN |
ID of the outer VLAN or inner VLAN in the ND entry. This field displays hyphens (--) if the ND entry does not belong to any outer VLAN or inner VLAN. |
|
After |
Information after the user port migration. |
Related commands
ipv6 nd user-move record enable
display ipv6 neighbors
Use display ipv6 neighbors to display IPv6 neighbor information.
Syntax
display ipv6 neighbors { ipv6-address | all | dynamic | interface interface-type interface-number | static | vlan vlan-id } [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
ipv6-address: Specifies the IPv6 address of a neighbor whose information is displayed.
all: Displays information about all neighbors, including neighbors acquired dynamically and configured statically on the public network and all private networks.
dynamic: Displays information about all neighbors acquired dynamically.
static: Displays information about all neighbors configured statically.
interface interface-type interface-number: Specifies an interface by its type and number.
vlan vlan-id: Displays information about neighbors in the specified SVLAN. The value range for the SVLAN ID is 1 to 4094.
verbose: Displays detailed neighbor information.
Examples
# Display all neighbor information.
<Sysname> display ipv6 neighbors all
Type: S-Static D-Dynamic R-Rule IS-Invalid static
IPv6 address MAC address VLAN/VSI Interface State T Aging
1::2 6864-6839-0202 1 GE1/0/1 STALE D 136
FE80::6A64:68FF:FE39:202 6864-6839-0202 1 GE1/0/1 STALE D 126
1::3 6864-6839-0203 1 Tunnel1 STALE D 136
1::4 6864-6839-0204 1 GE1/0/2 STALE D 136
# Display detailed information about all neighbors.
<Sysname> display ipv6 neighbors all verbose
IPv6 address : 1::2
MAC address : 6864-6839-0202 Type : Dynamic
State : STALE Aging: 136 seconds
Interface : GE1/0/1 SVLAN/CVLAN : 1/--
VPN instance : --
Service instance : --
Link ID : --
VXLAN ID : --
VSI name : --
VSI interface : --
IPv6 address : FE80::6A64:68FF:FE39:202
MAC address : 6864-6839-0202 Type : Dynamic
State : STALE Aging: 136 seconds
Interface : GE1/0/1 SVLAN/CVLAN : 1/--
VPN instance : --
Service instance : --
Link ID : --
VXLAN ID : --
VSI name : --
VSI interface : --
IPv6 address : 1::3
MAC address : 6864-6839-0203 Type : Dynamic
State : STALE Aging: 136 seconds
Interface : Tunnel1 SVLAN/CVLAN : 1/--
VPN instance : --
Service instance : --
Link ID : 0x5000001
VXLAN ID : 10
VSI name : --
VSI interface : --
IPv6 address : 1::4
MAC address : 6864-6839-0204 Type : Dynamic
State : STALE Aging: 136 seconds
Interface : GE1/0/2 SVLAN/CVLAN : 1/--
VPN instance : --
Service instance : 1
Link ID : 0x1
VXLAN ID : 10
VSI name : --
VSI interface : --
Table 5 Command output
|
Field |
Description |
|
IPv6 address |
IPv6 address of the neighbor. |
|
MAC address |
MAC address of the neighbor. |
|
VLAN/VSI |
ID of the VLAN to which the neighbor entry belongs. This field displays hyphens (--) if the neighbor entry does not belong to a VLAN. |
|
Interface |
Interface connected to the neighbor. If the interface name is not available, the field displays hyphens (--). |
|
State |
State of the neighbor: · INCMP—The address is being resolved. The link layer address of the neighbor is unknown. · REACH—The neighbor is reachable. · STALE—Whether the neighbor is reachable is unknown. The device does not verify the reachability any longer unless data is sent to the neighbor. · DELAY—Whether the neighbor is reachable is unknown. The device sends an NS message after a delay. · PROBE—Whether the neighbor is reachable is unknown. The device sends an NS message to verify the reachability of the neighbor. |
|
Type |
Neighbor information type: · Static—Statically configured. · Dynamic—Dynamically obtained. · Rule—Learned from the Portal module. · Invalid static—Invalid static configuration. |
|
Aging |
Reachable time of the neighbor: · For a static neighbor entry, this field displays hyphens (--), representing the neighbor entry never expires. · For a dynamic entry, this field displays the elapsed time in seconds. If the neighbor is never reachable, this field displays a pound sign (#). |
|
SVLAN/CVLAN |
SVLAN and CVLAN to which the interface connected to the neighbor belongs. This field displays hyphens (--) if the interface does not belong to a VLAN. |
|
VPN instance |
This field is not supported in the current software version. Name of a VPN instance. This field displays hyphens (--) if no VPN instance is configured. |
|
Service instance |
This field is not supported in the current software version. Ethernet service instance. If the neighbor entry does not belong to any Ethernet service instance for the related Layer 2 Ethernet interface or Layer 2 aggregate interface, this field displays hyphens (--). |
|
Link ID |
This field is not supported in the current software version. ID of the link that connects to the neighbor. The link ID is a string with a maximum of eight hexadecimal numbers. If the neighbor entry does not belong to any VSI, the field displays hyphens (--). |
|
VXLAN ID |
This field is not supported in the current software version. ID of the VXLAN associated with the VSI in the neighbor entry. If no VXLAN is specified, the field displays hyphens (--). |
|
VSI name |
This field is not supported in the current software version. Name of the VSI to which the neighbor entry belongs. This field displays hyphens (--) if the neighbor entry does not belong to a VSI. |
|
VSI interface |
This field is not supported in the current software version. VSI interface associated with a VSI. This field displays hyphens (--) if no VSI interface associated with the VSI is specified. |
Related commands
ipv6 neighbor
reset ipv6 neighbors
display ipv6 neighbors count
Use display ipv6 neighbors count to display the number of neighbor entries.
Syntax
display ipv6 neighbors { { all | dynamic | static }| interface interface-type interface-number | vlan vlan-id } count
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
all: Displays the total number of all neighbor entries, including neighbor entries created dynamically and configured statically.
dynamic: Displays the total number of neighbor entries created dynamically.
static: Displays the total number of neighbor entries configured statically.
interface interface-type interface-number: Specifies an interface by its type and number.
vlan vlan-id: Displays the total number of neighbor entries in the specified VLAN. The value range for VLAN ID is 1 to 4094.
Examples
# Display the total number of neighbor entries created dynamically.
<Sysname> display ipv6 neighbors dynamic count
Total number of dynamic entries: 2
display ipv6 neighbors entry-limit
Use display ipv6 neighbors entry-limit to display the maximum number of ND entries that a device supports.
Syntax
display ipv6 neighbors entry-limit
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display the maximum number of ND entries that the device supports.
<Sysname> display ipv6 neighbors entry-limit
ND entries: 2048
display ipv6 neighbors statistics
Use display ipv6 neighbors statistics to display ND entry statistics.
Syntax
display ipv6 neighbors statistics { all | interface { interface-name | interface-type interface-number } }
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
all: Displays all ND entry statistics.
interface interface-type interface-number: Specifies an interface by its type and number.
Usage guidelines
Use ND entry statistics to monitor the usage of entry resources. When an error occurs during packet forwarding, you can view ND entry statistics to identify whether it is because too many entry resources are occupied.
Examples
# Display ND entry statistics on GigabitEthernet 1/0/1.
<Sysname> display ipv6 neighbors statistics interface gigabitethernet 1/0/1
-----------------------------------------------
State Dynamic Static Rule
-----------------------------------------------
Incmp 0 0 0
Reach 0 2 0
Stale 1 - -
Delay 0 - -
Probe 0 - -
-----------------------------------------------
Total 1 2 0
# Display all ND entry statistics.
<Sysname> display ipv6 neighbors statistics all
-----------------------------------------------
State Dynamic Static Rule
-----------------------------------------------
Incmp 0 4 0
Reach 1 2 0
Stale 0 - -
Delay 0 - -
Probe 0 - -
-----------------------------------------------
Total 1 6 0
Table 6 Command output
|
Field |
Description |
|
Dynamic |
Number of ND entries obtained dynamically. |
|
Static |
Number of ND entries configured statically. |
|
Rule |
Number of ND entries obtained from the IPoE or Portal module. |
|
Incmp |
Number of ND entries in Incmp state. |
|
Reach |
Number of ND entries in Reach state. |
|
Stale |
Number of ND entries in Stale state. |
|
Delay |
Number of ND entries in Delay state. |
|
Probe |
Number of ND entries in Probe state. |
display ipv6 neighbors usage
Use display ipv6 neighbors usage to display the ND table usage.
Syntax
display ipv6 neighbors usage
Views
Any view
Predefined user roles
network-admin
network-operator
Usage guidelines
You can use this command to monitor the number of ND entries on the device and to determine whether ND attacks exist on the network.
The ND table usage is the ratio of the real-time ND entry count to the ND table capacity. When a network-side port is a VLAN interface, the dynamic ND learning limit might fail to reach the ND table capacity because it is restricted to the next hop hardware resources. Therefore, it might happen that the displayed ND table usage is low but the maximum number of dynamic ND entries is already reached.
The ND table usage provides statistics in the most recent hour.
Examples
# Display the ND table usage.
<Sysname> display ipv6 neighbors usage
ND table upper limit: 65000
Time ND entry count Usage
Current 52000 80%
1 min ago 51351 79%
2 min ago 50711 78%
3 min ago 47748 77%
……
59 min ago 13656 21%
60 min ago 13007 20%
Table 7 Command output
|
Field |
Description |
|
ND table upper limit |
Maximum number of ND entries supported by the ND table. |
|
Time |
Time when the ND table usage was recorded. |
|
ND entry count |
Real-time number of ND entries. |
|
Usage |
Usage of the ND table, which is the ratio of the real-time ND entry count to the ND table upper limit. |
Related commands
display ipv6 neighbors entry-limit
ipv6 nd autoconfig managed-address-flag
Use ipv6 nd autoconfig managed-address-flag to set the managed address configuration flag (M) to 1 in RA advertisements to be sent.
Use undo ipv6 nd autoconfig managed-address-flag to restore the default.
Syntax
ipv6 nd autoconfig managed-address-flag
undo ipv6 nd autoconfig managed-address-flag
Default
The M flag is set to 0 in RA advertisements. Hosts receiving the advertisements will obtain IPv6 addresses through stateless autoconfiguration.
Views
Interface view
Predefined user roles
network-admin
Usage guidelines
The M flag in RA advertisements determines whether receiving hosts use stateful autoconfiguration to obtain IPv6 addresses.
· If the M flag is set to 1 in RA advertisements, receiving hosts use stateful autoconfiguration (for example, from a DHCPv6 server) to obtain IPv6 addresses.
· If the M flag is set to 0 in RA advertisements, receiving hosts use stateless autoconfiguration. Stateless autoconfiguration generates IPv6 addresses according to link-layer addresses and the prefix information in the RA advertisements.
Examples
# Set the M flag to 1 in RA advertisements to be sent.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 nd autoconfig managed-address-flag
ipv6 nd autoconfig other-flag
Use ipv6 nd autoconfig other-flag to set the other stateful configuration flag (O) to 1 in RA advertisements to be sent.
Use undo ipv6 nd autoconfig other-flag to restore the default.
Syntax
ipv6 nd autoconfig other-flag
undo ipv6 nd autoconfig other-flag
Default
The O flag is set to 0 in RA advertisements. Hosts receiving the advertisements will acquire other information through stateless autoconfiguration.
Views
Interface view
Predefined user roles
network-admin
Usage guidelines
The O flag in RA advertisements determines whether receiving hosts use stateful autoconfiguration to obtain configuration information other than IPv6 addresses.
· If the O flag is set to 1 in RA advertisements, receiving hosts use stateful autoconfiguration (for example, from a DHCPv6 server) to obtain configuration information other than IPv6 addresses.
· If the O flag is set to 0 in RA advertisements, receiving hosts use stateless autoconfiguration to obtain configuration information other than IPv6 addresses.
Examples
# Set the O flag to 0 in RA advertisements to be sent.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] undo ipv6 nd autoconfig other-flag
ipv6 nd dad attempts
Use ipv6 nd dad attempts to set the number of attempts to send an NS message for DAD.
Use undo ipv6 nd dad attempts to restore the default.
Syntax
ipv6 nd dad attempts times
undo ipv6 nd dad attempts
Default
The number of attempts to send an NS message for DAD is 1.
Views
Interface view
Predefined user roles
network-admin
Parameters
times: Specifies the number of attempts to send an NS message for DAD, in the range of 0 to 600. If it is set to 0, DAD is disabled.
Usage guidelines
An interface sends an NS message for DAD after obtaining an IPv6 address.
If the interface does not receive a response within the time specified by using ipv6 nd ns retrans-timer, it resends an NS message.
If the interface receives no response after making the maximum sending attempts (set by using ipv6 nd dad attempts), the interface uses the obtained address.
Examples
# Set the number of attempts to send an NS message for DAD to 20.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 nd dad attempts 20
Related commands
display ipv6 interface
ipv6 nd ns retrans-timer
ipv6 nd mode uni
Use ipv6 nd mode uni to configure a port as a customer-side port.
Use undo ipv6 nd mode to restore the default.
Syntax
ipv6 nd mode uni
undo ipv6 nd mode
Default
A port acts as a network-side port.
Views
VLAN interface view
Predefined user roles
network-admin
Usage guidelines
By default, the device associates an ND entry with routing information when the device learns an ND entry. The ND entry provides the next hop information for routing. To save hardware resources, you can use this command to specify a port that connects to a user terminal as a customer-side port. The device will not associate the routing information with the learned ND entries.
Examples
# Specify VLAN-interface 2 as a customer-side port.
<Sysname> system-view
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] ipv6 nd mode uni
ipv6 nd ns retrans-timer
Use ipv6 nd ns retrans-timer to set the interval for retransmitting an NS message.
Use undo ipv6 nd ns retrans-timer to restore the default.
Syntax
ipv6 nd ns retrans-timer value
undo ipv6 nd ns retrans-timer
Default
The local interface sends NS messages at every an interval of 1000 milliseconds, and the Retrans Timer field in the RA messages sent is 0. The interval for retransmitting an NS message is determined by the receiving device.
Views
Interface view
Predefined user roles
network-admin
Parameters
value: Specifies the interval value in the range of 1000 to 4294967295 milliseconds.
Usage guidelines
If a device does not receive a response from the peer within the specified interval, the device resends an NS message. The device retransmits an NS message at the specified interval and uses the interval value to fill the Retrans Timer field in RA messages to be sent.
Examples
# Specify VLAN-interface 100 to retransmit NS messages every 10000 milliseconds.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 nd ns retrans-timer 10000
Related commands
display ipv6 interface
ipv6 nd nud reachable-time
Use ipv6 nd nud reachable-time to set the neighbor reachable time on an interface.
Use undo ipv6 nd nud reachable-time to restore the default.
Syntax
ipv6 nd nud reachable-time time
undo ipv6 nd nud reachable-time
Default
The neighbor reachable time on the local interface is 1200000 milliseconds, and the value of the Reachable Time field in RA messages is 0. The reachable time is determined by the receiving device.
Views
Interface view
Predefined user roles
network-admin
Parameters
time: Specifies the neighbor reachable time in the range of 1 to 3600000 milliseconds.
Usage guidelines
If the neighbor reachability detection shows that a neighbor is reachable, the device considers the neighbor reachable within the specified reachable time. If the device must send a packet to the neighbor after the specified reachable time expires, the device reconfirms whether the neighbor is reachable. The device sets the specified value as the neighbor reachable time on the local interface and uses the value to fill the Reachable Time field in RA messages to be sent.
Examples
# Set the neighbor reachable time on VLAN-interface 100 to 10000 milliseconds.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 nd nud reachable-time 10000
Related commands
display ipv6 interface
ipv6 nd online-offline-log enable
Use ipv6 nd online-offline-log enable to enable ND logging for user online and offline events.
Use undo ipv6 nd online-offline-log enable to disable ND logging for user online and offline events.
Syntax
ipv6 nd online-offline-log enable [ rate rate ]
undo ipv6 nd online-offline-log enable
Default
ND logging for user online and offline events is disabled.
Views
System view
Predefined user roles
network-admin
Parameters
rate rate: Specifies the maximum number of logs that can be output per second. The value range is 3 to 500. If you do not specify this option, the maximum log output rate is 100 logs per second.
Usage guidelines
A higher log output rate consumes more CPU resources. Adjust the log output rate based the CPU performance and usage.
Examples
# Enable ND logging for user online and offline events, and set the maximum log output rate to 100 logs per second.
<Sysname> system-view
[Sysname] ipv6 nd online-offline-log enable rate 100
Related commands
ipv6 neighbor
ipv6 nd ra boot-file-url
Use ipv6 nd ra boot-file-url to specify the URL of the boot file in RA messages.
Use undo ipv6 nd ra boot-file-url to restore the default.
Syntax
ipv6 nd ra boot-file-url url-string
undo ipv6 nd ra boot-file-url
Default
RA messages do not contain the URL of the boot file.
Views
Interface view
Predefined user roles
network-admin
Parameters
url-string: Specifies the URL address of the boot file, a case-sensitive string of 1 to 127 characters. The URL address must be started with http://, https://. ftp://, or tftp://.
Usage guidelines
In a data center, a device follows the steps to implement automatic configuration:
1. Obtains an IPv6 address through ND or DHCPv6.
2. Obtains the URL address for downloading the boot file from the DHCPv6 server.
3. Downloads the boot file from the FTP server and installs it.
With the boot file URL specified in RA messages, the device can use the ND protocol to obtain both the IPv6 address and the boot file URL for automatic configuration. DHCPv6 is not required in the network, simplifying the network deployment.
Examples
# Specify the boot file URL address as tftp://169.254.0.1/file/softimg.iso in RA messages on VLAN-interface 100.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 nd ra boot-file-url tftp://169.254.0.1/file/softimg.iso
ipv6 nd ra dns search-list
Use ipv6 nd ra dns search-list to specify DNS suffix information to be advertised in RA messages.
Use undo ipv6 nd ra dns search-list to remove a DNS suffix from RA message advertisement.
Syntax
ipv6 nd ra dns search-list domain-name [ seconds | infinite ] sequence seqno
undo ipv6 nd ra dns search-list domain-name
Default
DNS suffix information is not specified and RA messages do not contain DNS suffix options.
Views
Interface view
Predefined user roles
network-admin
Parameters
domain-name: Specifies a DNS suffix. It is a dot-separated, case-insensitive string that can include letters, digits, hyphens (-), underscores (_), and dots (.), for example, aabbcc.com. The DNS suffix can include a maximum of 253 characters, and each separated string includes no more than 63 characters.
seconds: Specifies the lifetime of the DNS suffix, in seconds. The value range is 4 to 4294967295. Value 4294967295 indicates that the lifetime of the DNS suffix is infinite.
infinite: Sets the lifetime of the DNS suffix to infinite.
seqno: Specifies the sequence number of the DNS suffix, in the range of 0 to 4294967295. The sequence number for a DNS suffix must be unique. A smaller sequence number represents a higher priority.
Usage guidelines
The DNS search list (DNSSL) option in RA messages provides DNS suffix information for hosts. The RA messages allow hosts to obtain their IPv6 addresses and the DNS suffix through stateless autoconfiguration. This method is useful in a network where DHCPv6 infrastructure is not provided.
The default lifetime of the DNS suffix is three times the maximum interval for advertising RA messages. To set the maximum interval, use the ipv6 nd ra interval command.
You can configure a maximum of eight DNS suffixes on an interface. One DNSSL option contains one DNS suffix. All DNSSL options are sorted in ascending order of the sequence number of the DNS suffix.
The sequence number uniquely identifies a DNS suffix. To modify a DNS suffix or its sequence number, you must first use the undo ipv6 nd ra dns search-list command to remove the DNS suffix from RA message advertisement.
After you execute the ipv6 nd ra dns search-list command, the device immediately sends an RA message with the existing and newly specified DNS suffix information.
After you execute the undo ipv6 nd ra dns search-list command, the device immediately sends two RA messages.
· The first RA message carries information about all DNS suffixes, including DNS suffixes specified in the undo command with their lifetime set to 0 seconds.
· The second RA message carries information about remaining DNS suffixes.
Each time the device sends an RA message from an interface, it immediately refreshes the RA message advertisement interval for that interface.
Examples
# Specify the DNS suffix as com, the suffix lifetime as infinite, and the sequence number as 1 for RA messages on VLAN-interface 100.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 nd ra dns search-list com infinite sequence 1
Related commands
ipv6 nd ra dns search-list suppress
ipv6 nd ra interval
ipv6 nd ra dns search-list suppress
Use ipv6 nd ra dns search-list suppress to enable DNS suffix suppression in RA messages.
Use undo ipv6 nd ra dns search-list suppress to disable DNS suffix suppression in RA messages.
Syntax
ipv6 nd ra dns search-list suppress
undo ipv6 nd ra dns search-list suppress
Default
DNS suffix suppression in RA messages is disabled.
Views
Interface view
Predefined user roles
network-admin
Usage guidelines
This command suppresses advertising DNS suffixes in RA messages on an interface. If you specify a new DNS suffix or remove a DNS suffix on the interface, the device immediately sends an RA message without any DNSSL options.
RA messages are suppressed by default. To disable RA message suppression, use the undo ipv6 nd ra halt command.
Whether enabling this feature on an interface will trigger sending RA message immediately depends on the interface configuration:
· If the interface has DNS suffix information configured, the device immediately sends two RA messages. In the first message, the lifetime for DNS suffixes is 0 seconds. The second RA message does not contain any DNSSL options.
· If the interface has no DNS suffix information specified, no RA messages are triggered.
Whether disabling this feature on an interface will trigger sending RA message immediately depends on the interface configuration:
· If the interface has DNS suffix information configured, the device immediately sends an RA message containing the DNS suffix information.
· If the interface has no DNS suffix information specified, no RA messages are triggered.
Each time the device sends an RA message from an interface, it immediately refreshes the RA message advertisement interval for that interface.
Examples
# Enable DNS suffix suppression in RA messages on VLAN-interface 100.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 nd ra dns search-list suppress
Related commands
ipv6 nd ra dns search-list
ipv6 nd ra dns server
Use ipv6 nd ra dns server to specify DNS server information to be advertised in RA messages.
Use undo ipv6 nd ra dns server to remove a DNS server from RA message advertisement.
Syntax
ipv6 nd ra dns server ipv6-address [ seconds | infinite ] sequence seqno
undo ipv6 nd ra dns server ipv6-address
Default
DNS server information is not specified and RA messages do not contain DNS server options.
Views
Interface view
Predefined user roles
network-admin
Parameters
ipv6-address: Specifies the IPv6 address of the DNS server, which must be a global unicast address or a link-local address.
seconds: Specifies the lifetime of the DNS server, in seconds. The value range is 4 to 4294967295. Value 4294967295 indicates that the lifetime of the DNS server is infinite.
infinite: Sets the lifetime of the DNS server to infinite.
sequence seqno: Specifies the sequence number of the DNS server, in the range of 0 to 4294967295. The sequence number for a DNS server must be unique. A smaller sequence number represents a higher priority.
Usage guidelines
The DNS server option in RA messages provides DNS server information for hosts. The RA messages allow hosts to obtain their IPv6 addresses and the DNS server through stateless autoconfiguration. This method is useful in a network where DHCPv6 infrastructure is not provided.
The default lifetime of the DNS server is three times the maximum interval for advertising RA messages. To set the maximum interval, use the ipv6 nd ra interval command.
You can configure a maximum of eight DNS servers on an interface. One DNS server option contains one DNS server. All DNS server options are sorted in ascending order of the DNS server sequence number.
The sequence number uniquely identifies a DNS server. To modify the IPv6 address or sequence number of a DNS server, you must first use the undo ipv6 nd ra dns server command to remove the DNS server from RA message advertisement.
After you execute the ipv6 nd ra dns server command, the device immediately sends an RA message with the existing and newly specified DNS server options.
After you execute the undo ipv6 nd ra dns server command, the device immediately sends two RA messages.
· The first RA message carries information about all DNS servers, including the DNS servers specified in the undo command with their lifetime set to 0 seconds.
· The second RA message carries information about remaining DNS servers.
Each time the device sends an RA message from an interface, it immediately refreshes the RA message advertisement interval for that interface.
Examples
# Specify the DNS server address as 2001:10::100, the server lifetime as infinite, and the sequence number as 1 for RA messages on VLAN-interface 100.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 nd ra dns server 2001:10::100 infinite sequence 1
Related commands
ipv6 nd ra dns server suppress
ipv6 nd ra interval
ipv6 nd ra dns server suppress
Use ipv6 nd ra dns server suppress to enable DNS server suppression in RA messages.
Use undo ipv6 nd ra dns server suppress to disable DNS server suppression in RA messages.
Syntax
ipv6 nd ra dns server suppress
undo ipv6 nd ra dns server suppress
Default
DNS server suppression in RA messages is disabled.
Views
Interface view
Predefined user roles
network-admin
Usage guidelines
This command suppresses advertising DNS server addresses in RA messages on an interface. If you specify a new DNS server or remove a DNS server on the interface, the device immediately sends an RA message without any DNS server options.
RA messages are suppressed by default. To disable RA message suppression, use the undo ipv6 nd ra halt command.
Whether enabling this feature on an interface will trigger sending RA message immediately depends on the interface configuration:
· If the interface has DNS server information configured or has obtained an AAA-authorized DNS server address, the device immediately sends two RA messages. In the first message, the lifetime for DNS server addresses is 0 seconds. The second RA message does not contain any DNS server options.
· If the interface has no DNS server information specified or no AAA-authorized DNS server address assigned, no RA messages are triggered.
Whether disabling this feature on an interface will trigger sending RA message immediately depends on the interface configuration:
· If the interface has DNS server information configured or has obtained an AAA-authorized DNS server address, the device immediately sends an RA message containing the DNS server information.
· If the interface has no DNS server information specified or no AAA-authorized DNS server address assigned, no RA messages are triggered.
Each time the device sends an RA message from an interface, it immediately refreshes the RA message advertisement interval for that interface.
Examples
# Enable DNS server suppression in RA messages on VLAN-interface 100.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 nd ra dns server suppress
Related commands
ipv6 nd ra dns server
ipv6 nd ra halt
Use ipv6 nd ra halt to suppress an interface from advertising RA messages.
Use undo ipv6 nd ra halt to disable this feature.
Syntax
ipv6 nd ra halt
undo ipv6 nd ra halt
Default
An interface is suppressed from sending RA messages.
Views
Interface view
Predefined user roles
network-admin
Examples
# Disable RA message suppression on VLAN-interface 100.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] undo ipv6 nd ra halt
ipv6 nd ra hop-limit unspecified
Use ipv6 nd ra hop-limit unspecified to specify unlimited hops in RA messages.
Use undo ipv6 nd ra hop-limit unspecified to restore the default.
Syntax
ipv6 nd ra hop-limit unspecified
undo ipv6 nd ra hop-limit unspecified
Default
The maximum number of hops in the RA messages is limited to 64.
Views
Interface view
Predefined user roles
network-admin
Usage guidelines
To set the maximum number of hops to a value rather than the default setting, use the ipv6 hop-limit command.
Examples
# Specify unlimited hops in the RA messages on VLAN-interface 100.
<Sysname> system-view
[Sysname] interface vlan-interface 10
[Sysname-Vlan-interface10] ipv6 nd ra hop-limit unspecified
Related commands
ipv6 hop-limit
ipv6 nd ra interval
Use ipv6 nd ra interval to set the maximum and minimum intervals for advertising RA messages.
Use undo ipv6 nd ra interval to restore the default.
Syntax
ipv6 nd ra interval max-interval min-interval
undo ipv6 nd ra interval
Default
The maximum interval between RA messages is 600 seconds, and the minimum interval is 200 seconds.
Views
Interface view
Predefined user roles
network-admin
Parameters
max-interval: Specifies the maximum interval value in seconds, in the range of 4 to 1800.
min-interval: Specifies the minimum interval value in the range of 3 seconds to three-fourths of the maximum interval.
Usage guidelines
The device advertises RA messages randomly between the maximum interval and the minimum interval.
The maximum interval for sending RA messages should be less than or equal to the router lifetime in RA messages.
Examples
# Set the maximum interval for advertising RA messages to 1000 seconds and the minimum interval to 700 seconds.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 nd ra interval 1000 700
Related commands
ipv6 nd ra router-lifetime
ipv6 nd ra no-advlinkmtu
Use ipv6 nd ra no-advlinkmtu to turn off the MTU option in RA messages.
Use undo ipv6 nd ra no-advlinkmtu to restore the default.
Syntax
ipv6 nd ra no-advlinkmtu
undo ipv6 nd ra no-advlinkmtu
Default
RA messages contain the MTU option.
Views
Interface view
Predefined user roles
network-admin
Usage guidelines
The MTU option in the RA messages specifies the link MTU to ensure that all nodes on the link use the same MTU.
Examples
# Turn off the MTU option in RA messages on VLAN-interface 100.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 nd ra no-advlinkmtu
ipv6 nd ra prefix
Use ipv6 nd ra prefix to configure the prefix information in RA messages.
Use undo ipv6 nd ra prefix to restore the default.
Syntax
ipv6 nd ra prefix { ipv6-prefix prefix-length | ipv6-prefix/prefix-length } [ valid-lifetime preferred-lifetime [ no-autoconfig | off-link ] * | no-advertise ]
undo ipv6 nd ra prefix { ipv6-prefix | ipv6-prefix/prefix-length }
Default
No prefix information is configured for RA messages. Instead, the IPv6 address of the interface sending RA messages is used as the prefix information.
If the IPv6 address is manually configured, the prefix uses the fixed valid lifetime 2592000 seconds (30 days) and preferred lifetime 604800 seconds (7 days).
If the IPv6 address is automatically obtained (through DHCP, for example), the prefix uses the valid and preferred lifetime of the IPv6 address.
Views
Interface view
Predefined user roles
network-admin
Parameters
ipv6-prefix: Specifies the IPv6 prefix.
prefix-length: Specifies the prefix length of the IPv6 address.
valid-lifetime: Specifies the valid lifetime of a prefix, in the range of 0 to 4294967295 seconds. The default value is 2592000 seconds (30 days).
preferred-lifetime: Specifies the preferred lifetime of a prefix used for stateless autoconfiguration, in the range of 0 to 4294967295 seconds. The preferred lifetime cannot be longer than the valid lifetime. The default value is 604800 seconds (7 days).
no-autoconfig: Specifies a prefix not to be used for stateless autoconfiguration. If you do not specify this keyword, the prefix is used for stateless autoconfiguration.
off-link: Indicates that the address with the prefix is not directly reachable on the link. If you do not specify this keyword, the address with the prefix is directly reachable on the link.
no-advertise: Disables the device from advertising the prefix specified in this command. If you do not specify this keyword, the device advertises the prefix specified in this command.
Usage guidelines
After hosts on the same link receive RA messages, they can use the prefix information in the RA messages for stateless autoconfiguration.
A prefix specified without a parameter in this command preferentially uses the default settings configured by using the ipv6 nd ra prefix default command. If the default settings are unavailable, the prefix uses the following settings:
· Valid lifetime of 2592000 seconds (30 days).
· Preferred lifetime of 604800 seconds (7 days).
· The prefix is used for stateless autoconfiguration.
· The address with the prefix is directly reachable on the link.
· The prefix is advertised in RA messages.
Examples
# Configure the prefix information in RA messages on VLAN-interface 100.
Method 1:
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 nd ra prefix 2001:10::100/64 100 10
Method 2:
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 nd ra prefix 2001:10::100 64 100 10
ipv6 nd ra prefix default
Use ipv6 nd ra prefix default to configure the default settings for prefixes advertised in RA messages.
Use undo ipv6 nd ra prefix default to restore the default.
Syntax
ipv6 nd ra prefix default [ valid-lifetime preferred-lifetime [ no-autoconfig | off-link ] * | no-advertise ]
undo ipv6 nd ra prefix default
Default
No default settings are configured for prefixes advertised in RA messages.
Views
Interface view
Predefined user roles
network-admin
Parameters
valid-lifetime: Specifies the valid lifetime of a prefix, in the range of 0 to 4294967295 seconds. The default value is 2592000 seconds (30 days).
preferred-lifetime: Specifies the preferred lifetime of a prefix used for stateless autoconfiguration, in the range of 0 to 4294967295 seconds. The preferred lifetime cannot be longer than the valid lifetime. The default value is 604800 seconds (7 days).
no-autoconfig: Specifies a prefix not to be used for stateless autoconfiguration. If you do not specify this keyword, the prefix is used for stateless autoconfiguration.
off-link: Indicates that the address with the prefix is not directly reachable on the link. If you do not specify this keyword, the address with the prefix is directly reachable on the link.
no-advertise: Disables the device from advertising the prefix specified in this command. If you do not specify this keyword, the device advertises the prefix specified in this command.
Usage guidelines
This command specifies the default settings for the prefix specified by using the ipv6 nd ra prefix command. If none of the parameters (valid-lifetime, preferred-lifetime, no-autoconfig, off-link, and no-advertise) is configured in the ipv6 nd ra prefix command, the prefix uses the default settings.
Examples
# Configure the default settings for prefixes advertised in RA messages on VLAN-interface 100.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 nd ra prefix default 100 10
ipv6 nd ra router-lifetime
Use ipv6 nd ra router-lifetime to set the router lifetime in RA messages.
Use undo ipv6 nd ra router-lifetime to restore the default.
Syntax
ipv6 nd ra router-lifetime time
undo ipv6 nd ra router-lifetime
Default
The router lifetime in RA messages is three times as long as the maximum interval for advertising RA messages.
Views
Interface view
Predefined user roles
network-admin
Parameters
time: Specifies the router lifetime in the range of 0 to 9000 seconds. If the value is set to 0, the router does not act as the default router.
Usage guidelines
The router lifetime in RA messages specifies how long the router sending the RA messages acts as the default router. Hosts receiving the RA messages check this value to determine whether to use the sending router as the default router. If the router lifetime is 0, the router cannot be used as the default router.
The router lifetime in RA messages must be greater than or equal to the advertising interval.
Examples
# Set the router lifetime in RA messages on VLAN-interface 100 to 1000 seconds.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 nd ra router-lifetime 1000
Related commands
ipv6 nd ra interval
ipv6 nd route-direct advertise
Use ipv6 nd route-direct advertise to enable ND direct route advertisement.
Use undo ipv6 nd route-direct advertise to disable ND direct route advertisement.
Syntax
ipv6 nd route-direct advertise
undo ipv6 nd route-direct advertise
Default
The ND direct route advertisement feature is disabled.
Views
Interface view
Predefined user roles
network-admin
Examples
# Enable ND direct route advertisement for GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] ipv6 nd route-direct advertise
ipv6 nd route-direct prefix convert-length
Use ipv6 nd route-direct prefix convert-length to specify a prefix length for generating a network route for identified ND entries.
Use undo ipv6 nd route-direct prefix to restore the default.
Syntax
ipv6 nd route-direct prefix ipv6-prefix prefix-length convert-length convert-length [ retain-host-route ]
undo ipv6 nd route-direct prefix ipv6-prefix prefix-length
Default
No prefix length is specified for generating a network route for identified ND entries.
Views
Interface view
Predefined user roles
network-admin
Parameters
ipv6-prefix: Specifies an IPv6 prefix.
prefix-length: Specifies an IPv6 prefix length in the range of 1 to 128. The ipv6-prefix prefix-length arguments identify ND entries for which the network route is generated.
convert-length: Specifies an IPv6 prefix length for the generated network route, in the range of 1 to 127. The value for this argument must be higher than the value for the prefix-length argument.
retain-host-route: Retains the generated 128-bit host route. If you do not specify this keyword, the device deletes the host route after generating the corresponding network route.
Usage guidelines
After you execute the ipv6 nd route-direct advertise command on an interface, the device generates 128-bit host routes for ND entries learned on the interface. As a result, the routing table might be populated with excessive host routes. To reduce the routing table size, execute the ipv6 nd route-direct prefix convert-length command for the device to generate network routes for identified ND entries instead of host routes.
In scenarios where network routes and host routes are both required, specify the retain-host-route keyword to retain the generated host routes. In other scenarios, to avoid too many host routes, do not specify the retain-host-route keyword.
The specified IPv6 prefix must be the same as the IPv6 address prefix of the interface.
Examples
# On VLAN-interface 100, set the prefix length to 70 for generating a network route for ND entries with IPv6 prefix 2001::1/64.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 nd route-direct prefix 2001::1 64 convert-length 70
Related commands
ipv6 nd route-direct advertise
ipv6 nd router-preference
Use ipv6 nd router-preference to set a router preference in RA messages.
Use undo ipv6 nd router-preference to restore the default.
Syntax
ipv6 nd router-preference { high | low | medium }
undo ipv6 nd router-preference
Default
The router preference is medium.
Views
Interface view
Predefined user roles
network-admin
Parameters
high: Sets the router preference to the highest setting.
low: Sets the router preference to the lowest setting.
medium: Sets the router preference to the medium setting.
Usage guidelines
A host selects a router with the highest preference as the default router.
When router preferences are the same in RA messages, a host selects the router corresponding to the first received RA message as the default gateway.
Examples
# Set the router preference in RA messages to the highest on VLAN-interface 100.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 nd router-preference high
ipv6 nd snooping dad retrans-timer
Use ipv6 nd snooping dad retrans-timer to set the DAD NS message retransmission interval.
Use undo ipv6 nd snooping dad retrans-timer to restore the default.
Syntax
ipv6 nd snooping dad retrans-timer interval
undo ipv6 nd snooping dad retrans-timer
Default
The DAD NS message retransmission interval is 250 milliseconds.
Views
System view
Predefined user roles
network-admin
Parameters
interval: Specifies the DAD NS message retransmission interval, in the range of 100 to 500 milliseconds.
Usage guidelines
When an ND snooping entry is created, updated, or deleted, the device sends an NS message to test the entry by DAD. When both of the following conditions exist, the device retransmits an NS message:
· The device does not receive a reply within the retransmission interval.
· The retransmission interval is less than or equal to the timeout time for ND snooping entries in INVALID status.
For the device to send the NS message only once, set a retransmission interval longer than the timeout time for ND snooping entries in INVALID status.
Example
# Set the DAD NS message retransmission interval to 200 milliseconds.
<Sysname> system-view
[Sysname] ipv6 nd snooping dad retrans-timer 200
ipv6 nd snooping enable global
Use ipv6 nd snooping enable global to enable ND snooping for global unicast addresses.
Use undo ipv6 nd snooping enable global to disable ND snooping for global unicast addresses.
Syntax
ipv6 nd snooping enable global
undo ipv6 nd snooping enable global
Default
ND snooping is disabled for global unicast addresses.
Views
VLAN view
Predefined user roles
network-admin
Examples
# Enable ND snooping for global unicast addresses.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2] ipv6 nd snooping enable global
ipv6 nd snooping enable link-local
Use ipv6 nd snooping enable link-local to enable ND snooping for link-local addresses.
Use undo ipv6 nd snooping enable link-local to disable ND snooping for link-local addresses.
Syntax
ipv6 nd snooping enable link-local
undo ipv6 nd snooping enable link-local
Default
ND snooping is disabled for link-local addresses.
Views
VLAN view
Predefined user roles
network-admin
Examples
# Enable ND snooping for link-local addresses.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2] ipv6 nd snooping enable link-local
ipv6 nd snooping glean source
Use ipv6 nd snooping glean source to enable ND snooping for data packets from unknown sources.
Use undo ipv6 nd snooping glean source to disable ND snooping for data packets from unknown sources.
Syntax
ipv6 nd snooping glean source
undo ipv6 nd snooping glean source
Default
ND snooping is disabled for data packets from unknown sources.
Views
VLAN view
Predefined user roles
network-admin
Usage guidelines
This command enables the device to learn ND snooping entries from data packets originated by unknown sources.
For this command to take effect, execute the ipv6 nd snooping enable global command or the ipv6 nd snooping enable link-local command.
Before enabling ND snooping entries learning from data packets for a VLAN, you must configure IPv6 source guard on all untrusted interfaces in the same VLAN. This operation ensures correct forwarding of the data packets received by all these interfaces.
Examples
# Enable ND snooping for data packets from unknown sources.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2] ipv6 nd snooping glean source
ipv6 nd snooping lifetime
Use ipv6 nd snooping lifetime to set timeout timers for ND snooping entries.
Use undo ipv6 nd snooping lifetime to restore the default.
Syntax
ipv6 nd snooping lifetime { invalid invalid-lifetime | valid valid-lifetime }
undo ipv6 nd snooping lifetime { invalid | valid }
Default
The timeout timer for ND snooping entries in INVALID status (TENTATIVE, TESTING_TPLT, or TESTING_VP) is 500 milliseconds.
The timeout timer for ND snooping entries in VALID status is 300 seconds.
Views
System view
Predefined user roles
network-admin
Parameters
invalid invalid-lifetime: Sets a timeout timer for ND snooping entries in INVALID status (TENTATIVE, TESTING_TPLT, or TESTING_VP). The value range is 250 to 1000 milliseconds.
valid valid-lifetime: Sets a timeout timer for ND snooping entries in VALID status. The value range is 60 to 900 seconds.
Examples
# Set the timeout timer to 250 seconds for ND snooping entries in VALID status.
<Sysname> system-view
[Sysname] ipv6 nd snooping lifetime valid 250
ipv6 nd snooping max-learning-num
Use ipv6 nd snooping max-learning-num to set the maximum number of ND snooping entries that an interface can learn.
Use undo ipv6 nd snooping max-learning-num to restore the default.
Syntax
ipv6 nd snooping max-learning-num max-number
undo ipv6 nd snooping max-learning-num
Default
An interface can learn a maximum of 4096 ND snooping entries.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
Predefined user roles
network-admin
Parameters
max-number: Specifies the maximum number of ND snooping entries that an interface can learn. The value range is 1 to 4096.
Examples
# Allow GigabitEthernet 1/0/1 to learn a maximum of 64 ND snooping entries.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] ipv6 nd snooping max-learning-num 64
ipv6 nd snooping uplink
Use ipv6 nd snooping uplink to configure the port as an ND snooping uplink port. The ND snooping uplink port cannot learn ND snooping entries.
Use undo ipv6 nd snooping uplink to restore the default.
Syntax
ipv6 nd snooping uplink
undo ipv6 nd snooping uplink
Default
The port is not an ND snooping uplink port. After ND snooping is enabled, the port can learn ND snooping entries.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
Predefined user roles
network-admin
Examples
# Configure GigabitEthernet 1/0/1 as an ND snooping uplink port.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] ipv6 nd snooping uplink
# Configure Bridge-Aggregation 1 as an ND snooping uplink port.
<Sysname> system-view
[Sysname] interface bridge-aggregation 1
[Sysname-Bridge-Aggregation1] ipv6 nd snooping uplink
ipv6 nd unsolicited-na-learning enable
Use ipv6 nd unsolicited-na-learning enable to enable unsolicited NA learning.
Use undo ipv6 nd unsolicited-na-learning enable to disable unsolicited NA learning.
Syntax
ipv6 nd unsolicited-na-learning enable
undo ipv6 nd unsolicited-na-learning enable
Default
Unsolicited NA learning is disabled.
Views
Layer 3 interface view
Predefined user roles
network-admin
Usage guidelines
To ensure that the device learns ND entries from trusted NA messages, enable this feature only on a secure network.
This feature might cause the device to learn excessive ND entries that consume too many system resources. As a best practice, execute the ipv6 neighbor stale-aging command to set a smaller aging timer before you enable this feature. The smaller aging timer accelerates the aging of ND entries in stale state.
Examples
# Enable unsolicited NA learning on VLAN-interface 2.
<Sysname> system-view
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] ipv6 nd unsolicited-na-learning enable
Related commands
ipv6 neighbor stale-aging
ipv6 nd user-ip-conflict record enable
Use ipv6 nd user-ip-conflict record enable to enable recording user IPv6 address conflicts.
Use undo ipv6 nd user-ip-conflict record enable to disable recording user IPv6 address conflicts.
Syntax
ipv6 nd user-ip-conflict record enable
undo ipv6 nd user-ip-conflict record enable
Default
Recording user IPv6 address conflicts is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
This feature detects and records user IPv6 address conflicts. A conflict occurs if an incoming NA packet has the same source IPv6 address as an existing ND entry but a different source MAC address. The device generates a user IPv6 address conflict record, logs the conflict, and sends the log to the information center. For information about the log destination and output rule configuration in the information center, see the information center in System Management Configuration Guide.
The device can generate a maximum of 10 user IPv6 address conflict logs per second. When this maximum number is reached, the device suppresses generating user IPv6 address conflict logs and records the suppression times. The device can save a maximum of 200 user IPv6 address conflict records.
When the number of saved user IPv6 address conflict records reaches the upper limit, new records overwrite old ones.
Examples
# Enable recording user IPv6 address conflicts.
<Sysname> system-view
[Sysname] ipv6 nd user-ip-conflict record enable
display ipv6 nd user-ip-conflict record
ipv6 nd user-move record enable
Use ipv6 nd user-move record enable to enable recording user port migrations.
Use undo ipv6 nd user-move record enable to disable recording user port migrations.
Syntax
ipv6 nd user-move record enable
undo ipv6 nd user-move record enable
Default
Recording user port migrations is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
This feature enables the device to detect and record user port migrations. A user port migrates if an incoming NA packet has the same source IPv6 address and source MAC address as an existing ND entry but a different port. The device generates a user port migration record, logs the migration event, and sends the log to the information center. For information about the log destination and output rule configuration in the information center, see the information center in System Management Configuration Guide.
The device can generate a maximum of 10 user port migration logs per second. When this maximum number is reached, the device suppresses generating user port migration logs and records the suppression times. The device can save a maximum of 200 user port migration records.
When the number of saved user port migration records reaches the upper limit, new records overwrite old ones.
Examples
# Enable recording user port migrations.
<Sysname> system-view
[Sysname] ipv6 nd user-move record enable
Related commands
display ipv6 nd user-move record
ipv6 neighbor
Use ipv6 neighbor to configure a static neighbor entry.
Use undo ipv6 neighbor to delete a neighbor entry.
Syntax
ipv6 neighbor ipv6-address mac-address { vlan-id port-type port-number | interface interface-type interface-number }
undo ipv6 neighbor ipv6-address interface-type interface-number
Default
No static neighbor entries exist.
Views
System view
Predefined user roles
network-admin
Parameters
ipv6-address: Specifies the IPv6 address of the static neighbor entry.
mac-address: Specifies the MAC address (48 bits) of the static neighbor entry, in the format of H-H-H.
vlan-id: Specifies the VLAN ID of the static neighbor entry, in the range of 1 to 4094.
port-type port-number: Specifies a Layer 2 port of the static neighbor entry by its type and number.
interface interface-type interface-number: Specifies a Layer 3 interface of the static neighbor entry by its type and number.
Usage guidelines
A neighbor entry stores information about a link-local node. The entry can be created dynamically through NS and NA messages, or configured statically.
The device uniquely identifies a static neighbor entry by using the neighbor's IPv6 address and the number of the Layer 3 interface that connects to the neighbor. You can configure a static neighbor entry by using either of the following methods:
· Method 1—Associate a neighbor IPv6 address and link-layer address with the Layer 3 interface of the local node.
· Method 2—Associate a neighbor IPv6 address and link-layer address with a Layer 2 port in a VLAN containing the local node.
To configure a static neighbor entry for a VLAN interface, use Method 1 or Method 2.
· If Method 1 is used, the neighbor entry is in INCMP state. After the device obtains the corresponding Layer 2 port information, the neighbor entry goes into REACH state.
· If Method 2 is used, the port specified by port-type port-number must belong to the VLAN specified by vlan-id and the corresponding VLAN interface must already exist. After the static neighbor entry is configured, the device associates the VLAN interface with the IPv6 address to uniquely identify the static neighbor entry. The entry will be in REACH state.
To delete a neighbor entry for a VLAN interface, specify only the VLAN interface.
You can use the undo ipv6 neighbor command to delete both static and dynamic neighbor entries.
To delete a neighbor entry for a VLAN interface, specify only the VLAN interface.
Examples
# Configure a static neighbor entry for VLAN-interface 1.
<Sysname> system-view
[Sysname] ipv6 neighbor 2000::1 fe-e0-89 interface Vlan-interface 1
Related commands
display ipv6 neighbors
reset ipv6 neighbors
ipv6 neighbor link-local minimize
Use ipv6 neighbor link-local minimize to minimize link-local ND entries.
Use undo ipv6 neighbor link-local minimize to restore the default.
Syntax
ipv6 neighbor link-local minimize
undo ipv6 neighbor link-local minimize
Default
All ND entries are assigned to the driver.
Views
System view
Predefined user roles
network-admin
Usage guidelines
Perform this command to minimize link-local ND entries assigned to the driver. Link-local ND entries refer to ND entries that contain link-local addresses.
With this feature enabled, the device does not add newly learned link-local ND entries whose link local addresses are not the next hop of any route to the driver. This saves driver resources.
This feature affects only newly learned link-local ND entries rather than existing ND entries.
Examples
# Minimize link-local ND entries.
<Sysname> system-view
[Sysname] ipv6 neighbor link-local minimize
ipv6 neighbor stale-aging
Use ipv6 neighbor stale-aging to set the aging timer for ND entries in stale state.
Use undo ipv6 neighbor stale-aging to restore the default.
Syntax
ipv6 neighbor stale-aging { aging-minutes | second aging-seconds }
undo ipv6 neighbor stale-aging
Default
The aging timer for ND entries in stale state is 240 minutes.
Views
System view
Predefined user roles
network-admin
Parameters
aging-minutes: Specifies the aging timer in minutes for ND entries in stale state, in the range of 1 to 1440.
second aging-seconds: Specifies the aging timer in seconds for ND entries in stale state, in the range of 60 to 86400.
Usage guidelines
This aging time applies to all ND entries in stale state. If an ND entry in stale state is not updated before the timer expires, it moves to the delay state. If it is still not updated in 5 seconds, the ND entry moves to the probe state. The device sends an NS message for detection a maximum of three times. If no response is received, the device deletes the ND entry.
Examples
# Set the aging timer for ND entries in stale state to 120 minutes.
<Sysname> system-view
[Sysname] ipv6 neighbor stale-aging 120
ipv6 neighbor timer stale-aging
Use ipv6 neighbor timer stale-aging to set the aging timer for ND entries in stale state on an interface.
Use undo ipv6 neighbor timer stale-aging to restore the default.
Syntax
ipv6 neighbor timer stale-aging { aging-minutes | second aging-seconds }
undo ipv6 neighbor timer stale-aging
Default
The aging timer of ND entries in stale state is not configured on an interface. The aging timer is determined by the configuration of the ipv6 neighbor stale-aging command in system view.
Views
Layer 3 Ethernet interface/subinterface view
VLAN interface view
Tunnel interface view
Predefined user roles
network-admin
Parameters
aging-minutes: Specifies the aging timer in minutes for ND entries in stale state, in the range of 1 to 1440.
second aging-seconds: Specifies the aging timer in seconds for ND entries in stale state, in the range of 60 to 86400.
Usage guidelines
This aging timer applies to ND entries in stale state on the interface. If an ND entry in stale state is not updated before the timer expires, it changes to the delay state. If it is still not updated in 5 seconds, the ND entry changes to the probe state. The device sends an NS message for probe and a maximum of three attempts is allowed. If no response is received, the device deletes the ND entry.
You can set the aging timer for ND entries in stale state in system view and interface view. For ND entries in stale state on an interface, the aging timer in interface view has higher priority than the aging timer in system view.
Examples
# On VLAN-interface 2, set the aging timer to 200 minutes for ND entries in stale state.
<Sysname> system-view
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] ipv6 neighbor timer stale-aging 200
Related commands
ipv6 neighbor stale-aging
ipv6 neighbors max-learning-num
Use ipv6 neighbors max-learning-num to set the maximum number of dynamic neighbor entries that an interface can learn. This prevents the interface from occupying too many neighbor table resources.
Use undo ipv6 neighbors max-learning-num to restore the default.
Syntax
ipv6 neighbors max-learning-num max-number
undo ipv6 neighbors max-learning-num
Default
The following compatibility matrixes show the default maximum number of dynamic neighbor entries that an interface can learn:
|
Series |
Models |
Product codes |
Default |
|
WX3500X series |
WX3510X WX3520X WX3540X |
EWP-WX3510X EWP-WX3520X EWP-WX3540X |
EWP-WX3510X: 15360 EWP-WX3520X: 30720 EWP-WX3540X: 61440 |
|
WCG380 series |
WCG382 |
EWP-WCG382 |
EWP-WCG382: 16384 |
|
Series |
Models |
Product codes |
Default |
|
WX3800X series |
WX3820X WX3840X |
EWP-WX3820X EWP-WX3840X |
EWP-WX3820X: 30720 EWP-WX3840X: 61440 |
Views
Layer 2/Layer 3 interface view
Layer 2 aggregate interface view
Predefined user roles
network-admin
Parameters
max-number: Specifies the maximum number of dynamic neighbor entries that an interface can learn. The value range for this argument varies by device model.
The following compatibility matrixes show the value ranges for this argument:
|
Series |
Models |
Product codes |
Value ranges |
|
WX3500X series |
WX3510X WX3520X WX3540X |
EWP-WX3510X EWP-WX3520X EWP-WX3540X |
EWP-WX3510X: 1 to 15360 EWP-WX3520X: 1 to 30720 EWP-WX3540X: 1 to 61440 |
|
WCG380 series |
WCG382 |
EWP-WCG382 |
EWP-WCG382: 1 to 16384 |
|
Series |
Models |
Product codes |
Value ranges |
|
WX3800X series |
WX3820X WX3840X |
EWP-WX3820X EWP-WX3840X |
EWP-WX3820X: 1 to 30720 EWP-WX3840X: 1 to 61440 |
Usage guidelines
The device can dynamically acquire the link-layer address of a neighboring node through NS and NA messages and add it into the neighbor table.
When the number of dynamic neighbor entries reaches the threshold, the interface stops learning neighbor information.
Examples
# Set the maximum number of dynamic neighbor entries that VLAN-interface 100 can learn to 10.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 neighbors max-learning-num 10
local-proxy-nd enable
Use local-proxy-nd enable to enable local ND proxy.
Use undo local-proxy-nd enable to disable local ND proxy.
Syntax
local-proxy-nd enable
undo local-proxy-nd enable
Default
Local ND proxy is disabled.
Views
VLAN interface view
Layer 3 Ethernet interface view
Layer 3 Ethernet subinterface view
Predefined user roles
network-admin
Examples
# Enable local ND proxy on VLAN-interface 100.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] local-proxy-nd enable
Related commands
proxy-nd enable
proxy-nd enable
Use proxy-nd enable to enable common ND proxy.
Use undo proxy-nd enable to disable common ND proxy.
Syntax
proxy-nd enable
undo proxy-nd enable
Default
Common ND proxy is disabled.
Views
VLAN interface view
Layer 3 Ethernet interface view
Layer 3 Ethernet subinterface view
Predefined user roles
network-admin
Examples
# Enable common ND proxy on VLAN-interface 100.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] proxy-nd enable
Related commands
local-proxy-nd enable
proxy-nd span-segment enable
Use proxy-nd span-segment enable to enable cross-segment ND proxy.
Use undo proxy-nd span-segment enable to disable cross-segment ND proxy.
Syntax
proxy-nd span-segment enable
undo proxy-nd span-segment enable
Default
Cross-segment ND proxy is disabled.
Views
VLAN interface view
Layer 3 Ethernet interface view
Layer 3 Ethernet subinterface view
Predefined user roles
network-admin
Usage guidelines
ND proxy enables a device to answer an NS message requesting the hardware address of a host on another network. With ND proxy, hosts in different broadcast domains can communicate with each other as they would on the same network.
Cross-segment ND proxy allows neighbor discovery when the hosts are connected to different Layer 3 interfaces or subinterfaces and the IP addresses of the hosts and the interfaces are not in the same network.
Examples
# Enable cross-segment ND proxy on VLAN-interface 100.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] proxy-nd span-segment enable
reset ipv6 nd snooping vlan
Use reset ipv6 nd snooping vlan to clear ND snooping entries in VLANs.
Syntax
reset ipv6 nd snooping vlan { [ vlan-id ] [ global | link-local ] | vlan-id ipv6-address }
Views
User view
Predefined user roles
network-admin
Parameters
vlan-id: Clears ND snooping entries for the specified VLAN. The value range for the VLAN ID is 1 to 4094.
global: Clears ND snooping entries for global unicast addresses.
link-local: Clears ND snooping entries for link-local addresses.
vlan-id ipv6-address: Clears the ND snooping entry of the specified IPv6 address in the specified VLAN. The value range for the vlan-id argument is 1 to 4094.
Usage guidelines
If you do not specify any parameters, this command clears ND snooping entries in all VLANs.
Examples
# Clear ND snooping entries in all VLANs.
<Sysname> reset ipv6 nd snooping vlan
Related commands
display ipv6 nd snooping count vlan
display ipv6 nd snooping vlan
reset ipv6 neighbors
Use reset ipv6 neighbors to clear IPv6 neighbor information.
Syntax
reset ipv6 neighbors { all | dynamic | interface interface-type interface-number | static }
Views
User view
Predefined user roles
network-admin
Parameters
all: Clears static and dynamic neighbor information for all interfaces.
dynamic: Clears dynamic neighbor information for all interfaces.
interface interface-type interface-number: Clears dynamic neighbor information for the interface specified by its type and number.
static: Clears static neighbor information for all interfaces.
Examples
# Clear neighbor information for all interfaces.
<Sysname> reset ipv6 neighbors all
This will delete all the entries. Continue? [Y/N]:Y
# Clear dynamic neighbor information for all interfaces.
<Sysname> reset ipv6 neighbors dynamic
This will delete all the dynamic entries. Continue? [Y/N]:Y
# Clear all neighbor information for GigabitEthernet 1/0/1.
<Sysname> reset ipv6 neighbors interface gigabitethernet 1/0/1
This will delete all the dynamic entries by the interface you specified. Continue? [Y/N]:Y
Related commands
display ipv6 neighbors
ipv6 neighbor
