Field	Description
Operate	Type of the ND entry operation: · ADD—Add the ND entry. · MOD—Modify the ND entry. · DEL—Delete the ND entry.
Reason	Source of the ND log message: · M-LAGMSG—Added in response to an ND entry update message from the M-LAG module. · PKTLEARN—Added by learning from an IPv6 packet. · STATICMSG—Added through static configuration. · ADDBYRULE—Added by the IPoE or portal feature. · ADDBYOP—Added by the OpenFlow feature. · ADDBYMSG—Added through ND entry synchronization. · ADDWADJ—Added in response to an IPv6 adjacency entry refresh message sent by the WAN link adjacency table module. · ADDWADJSYN—Added in response to an inter-card IPv6 adjacency entry synchronization message sent by the WAN link adjacency table module. · DRVRELOAD—Added in response to the ND update operation done in the driver. · ADDBYVSRP—Added through ND entry adding on the VSRP module. · STATICEVENT—Added through ND entry update in response to a long static entry event. · SYNCWITHDRV—Added in synchronization with the driver. · RELOADBYPW—Added in response to the PW reload operation. · DELBYLINKLOCAL—Added because an unassociated link-local address was removed from the driver and the corresponding ND entry was deleted. · DELBYVSRP—Added through ND entry deletion by VSRP. · DELBYNODUMMY—Added because an ND entry without a DUMMY entry was deleted. · DELBYSMOOTH—Added because ND entries were deleted upon ND entry smoothing. · DELBYRULE—Added because of ND entry deletion through the IPoE or portal feature. · DELBYSTATIC—Added because of ND entry deletion through static configuration. · DELBYBEFORESMOOTH—Added because invalid ND entries were deleted before smoothing. · DELCONFIGIPIF—Added because ND entries were deleted upon an IPv6 address or interface conflict. · DELNDSYN—Added because ND entries were deleted upon an inter-card ND entry synchronization. · DELWADJMSG—Added because an IPv6 adjacency entry was deleted from the WAN link adjacency table. · DELWADJIFMSG—Added because IPv6 adjacency entries were deleted from the WAN link adjacency table by interface. · DELWADJBI—Added because IPv6 adjacency entries were deleted upon reception of the entry deletion message sent from the WAN link adjacency table module to the link layer in the kernel. · DELWADJDUMMY—Added because DUMMY entries were deleted by the WAN link adjacency table module. · DELWADJIFEVENT—Added because IPv6 adjacency entries were deleted by the WAN link adjacency table module in response to an interface event. · DELWADJALL—Added because all IPv6 adjacency entries were deleted from the WAN link adjacency table. · DELWADJ—Added because an IPv6 adjacency entry was deleted from the WAN link adjacency table. · DELWADJSAGE—Added because IPv6 adjacency entries that aged out were deleted from the WAN link adjacency table. · DELWADJIFSYN—Added because IPv6 adjacency entries were deleted from the WAN link adjacency table in response to interface entry synchronization. · DELWADJSYNMSG—Added because IPv6 adjacency entries were deleted from the WAN link adjacency table in response to inter-card entry synchronization. · DELWADJSMOOTH—Added because IPv6 adjacency entries were deleted upon entry smoothing done by the WAN link adjacency table module. · DELWADJPULLFINISH—Added because IPv6 adjacency entries were deleted after the WAN link adjacency table module successfully obtained entries in bulk. · DELPORTLVLAN—Added because ND entries were deleted upon removal of the port from the VLAN. · DELVLANMODCHG—Added because ND entries were deleted upon VLAN mode change. · DELLIMIT—Added because ND entries were deleted when the number of ND entries had reached the limit. · DELNDBYIPIF—Added because ND entries were deleted from the specified IPv6 address or interface. · DELNDBYIFAGG—Added because ND entries were deleted after the interface was added to a link aggregation group. · DELNDBYNODE—Added upon deletion of ND entries by slot. · DELNDBYALL—Added upon deletion of all ND entries. · DELNDBYALLEM—Added upon deletion of all ND entries from non-management interfaces. · DELNDBYPW—Added upon deletion of ND entries from a PW. · DELNDBYTCPKEEP—Added upon deletion of ND entries through the topology change notification (TCN) flag. · DELBYPULLFINISH—Added because of deletion of ND entries upon a successful batch data pull. · DELSTATICCONFLICT—Added because of deletion of ND entries upon a static configuration conflict. · DELBYSPANSEG—Added upon deletion of cross-subnet ND entries. · DELBYSPANSEGBYIPIF—Added upon deletion of cross-subnet ND entries from the specified IPv6 address or interface. · DELINCOMBYALL—Added upon deletion of all ND entries in Incomplete state. · DELINCOMBYIF—Added upon deletion of ND entries in Incomplete state from the specified interface. · DELINCOMBYNODE—Added upon deletion of ND entries in Incomplete state from the specified card. · DELNDBYNETDOWN—Added because ND entries were deleted upon a down event in the network layer. · DELNDBYLINKDOWN—Added because ND entries were deleted upon a down event in the link layer.
IP	IPv6 address in the ND entry.
Mac	MAC address in the ND entry.
Interface	Output interface associated with the ND entry.
SVLAN	Service provider VLAN.
CVLAN	Customer VLAN.
Time	Time when the ND log message was generated.

‌

display ipv6 nd proxy statistics

Use display ipv6 nd proxy statistics to display statistics for ND proxy reply packets.

Syntax

display ipv6 nd proxy statistics

Views

Any view

Predefined user roles

network-admin

network-operator

Usage guidelines

You can view statistics for ND proxy reply packets in the most recent hour.

This command displays the ND proxy reply statistics within the most recent minute on a per-second basis and displays the statistics one minute ago on a five-minute basis.

Examples

# Display statistics for ND proxy reply packets.

<Sysname> display ipv6 nd proxy statistics

Last 1 sec proxy count: 200

Last 2 sec proxy count: 400

…

Last 1 min proxy count: 12000

Last 5 min proxy count: 18000

Last 10 min proxy count: 24000

…

Last 60 min proxy count: 182445

Related commands

local-proxy-nd enable

proxy-nd enable

display ipv6 nd route-direct advertise

Use display ipv6 nd route-direct advertise to display information about ND direct route advertisement.

Syntax

display ipv6 nd route-direct advertise interface interface-type interface-number

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface interface-type interface-number: Specifies an interface by its type and number. Make sure you specify the interface where the ND direct route advertisement is enabled.

Usage guidelines

When ND direct route advertisement is enabled, the device generates direct routes based on ND entries for packet forwarding and route advertisement. You can use this command to identify whether the route management module has generated direct routes for ND entries.

As a best practice, wait a period of time after you enable ND direct route advertisement and then execute this command.

Examples

# Display information about ND direct route advertisement on GigabitEthernet 1/0/1.

<Sysname> display ipv6 nd route-direct advertise interface gigabitethernet 1/0/1

IPv6 address MAC address VLAN/VSI Interface State Route

1::2 6864-6839-0202 1 GE1/0/1 STALE YES

1::3 6864-6839-0202 1 GE1/0/1 STALE NO

Table 2 Command output

Field	Description
IPv6 address	IPv6 address of the neighbor.
MAC address	MAC address of the neighbor.
VLAN/VSI	VLAN ID or VSI index to which the neighbor entry belongs. This field displays hyphens (--) if the neighbor entry does not belong to a VLAN or VSI.
Interface	Interface connected to the neighbor. · If the neighbor entry does not belong to a VSI, this field displays the interface name. If the interface name is not available, the field displays hyphens (--). · If the neighbor entry belongs to a VSI and the interface is a tunnel interface, the field value depends on the address resolution status. ¡ If the address is not resolved, this field displays the VSI. ¡ If the address is resolved, this field displays the tunnel ID. · If the neighbor entry belongs to a VSI but the interface is not a tunnel interface, the field value depends on the address resolution status. ¡ If the address is not resolved, this field displays the VSI. ¡ If the address is resolved, this field displays the interface.
State	State of a neighbor: · INCMP—The address is being resolved. The link layer address of the neighbor is unknown. · REACH—The neighbor is reachable. · STALE—The reachability of the neighbor is unknown. The device will not verify the reachability unless it has data to send to the neighbor. · DELAY—The reachability of the neighbor is unknown. The device does not send an NS message in the delay period. · PROBE—The reachability of the neighbor is unknown. The device sends an NS message to probe the reachability of the neighbor.
Route	Whether a direct route is generated for the ND entry in the route management module: · YES—A direct route is generated based on the ND entry. · NO—No direct route is generated based on the ND entry.

Related commands

ipv6 nd route-direct advertise

display ipv6 nd suppression xconnect-group

Use display ipv6 nd suppression xconnect-group to display ND suppression entries.

Syntax

display ipv6 nd suppression xconnect-group [ name group-name ] [ slot slot-number ] [ count ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

name group-name: Specifies a cross-connect group by its name, a case-sensitive string of 1 to 31 characters excluding hyphens.

count: Specifies the total number of ND suppression entries.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays ND suppression entries for all cards.

Examples

# Display ND suppression entries for all cross-connect groups.

<Sysname> display ipv6 nd suppression xconnect-group

IPv6 address MAC address Xconnect-group Connection Aging

2001::1 000c-29fe-5a8f vpna svc 25

2001::2 000c-29fe-5aa3 vpna svc 2

# Display the total number of ND suppression entries.

<Sysname> display ipv6 nd suppression xconnect-group count

Total entries: 2

Table 3 Command output

Filed	Description
IPv6 address	IPv6 address in the ND suppression entry.
MAC address	MAC address in the ND suppression entry
Xconnect-group	Name of the cross-connect group to which the ND suppression entry belongs.
Connection	Name of the cross-connect to which the ND suppression entry belongs.
Aging	Remaining aging time of the ND suppression entry, in minutes.

‌

display ipv6 nd user-ip-conflict record

Use display ipv6 nd user-ip-conflict record to display user IPv6 address conflict records.

Syntax

display ipv6 nd user-ip-conflict record [ slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays user IP address conflict records for all cards.

Examples

# Display all user IPv6 address conflict records.

<Sysname> display ipv6 nd user-ip-conflict record

IPv6 address: 10::1

System time: 2020-02-02 11:22:29

Conflict count: 1

Log suppress count: 0

Old interface: GigabitEthernet1/0/1

New interface: GigabitEthernet1/0/2

Old SVLAN/CVLAN: 100/2

New SVLAN/CVLAN: 100/2

Old MAC: 00e0-ca63-8141

New MAC: 00e0-ca63-8142

IPv6 address: 10::2

System time: 2020-02-02 10:20:30

Conflict count: 1

Log suppress count: 0

Old interface: GigabitEthernet1/0/1

New interface: GigabitEthernet1/0/2

Old SVLAN/CVLAN: 100/--

New SVLAN/CVLAN: 100/--

Old MAC: 00e0-ca63-8141

New MAC: 00e0-ca63-8142

Table 4 Command output

Field	Description
IPv6 address	IPv6 address of a user.
System time	Time when the user IPv6 address conflict occurred.
Conflict count	Number of times user IPv6 address conflicts occurred.
Log suppress count	Number of times user IPv6 address conflict log generation has been suppressed.
Old interface	Output interface in the old ND entry.
New interface	Output interface in the new ND entry.
Old SVLAN/CVLAN	ID of the outer VLAN or inner VLAN in the old ND entry. This field displays hyphens (--) if the ND entry does not belong to any outer VLAN or inner VLAN.
New SVLAN/CVLAN	ID of the outer VLAN or inner VLAN in the new ND entry. This field displays hyphens (--) if the ND entry does not belong to any outer VLAN or inner VLAN.
Old MAC	MAC address in the old ND entry.
New MAC	MAC address in the new ND entry.

Related commands

ipv6 nd user-ip-conflict record enable

display ipv6 nd user-move record

Use display ipv6 nd user-move record to display user port migration records.

Syntax

display ipv6 nd user-move record [ slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays user port migration records for all cards.

Examples

# Display all user port migration records.

<Sysname> display ipv6 nd user-move record

IPv6 address: 10::1

MAC address: 00e0-ca63-8141

System time: 2020-02-02 11:22:29

Move count: 1

Log suppress count: 0

Before:

interface: GigabitEthernet1/0/1

SVLAN/CVLAN: 100/2

After:

interface: GigabitEthernet1/0/2

SVLAN/CVLAN: 100/2

IPv6 address: 10::2

MAC address: 00e0-ca63-8142

System time: 2020-02-02 10:20:30

Move count: 1

Log suppress count: 0

Before:

interface: GigabitEthernet1/0/1

SVLAN/CVLAN: 100/--

After:

interface: GigabitEthernet1/0/2

SVLAN/CVLAN: 100/--

Table 5 Command output

Field	Description
IPv6 address	IPv6 address of the user.
MAC address	MAC address of the user.
System time	Time when the user port migration occurred.
Move count	Number of times the user port migrated.
Log suppress count	Number of times user port migration log generation has been suppressed.
Before	Information before the user port migration.
interface	Interface information in the ND entry.
SVLAN/CVLAN	ID of the outer VLAN or inner VLAN in the ND entry. This field displays hyphens (--) if the ND entry does not belong to any outer VLAN or inner VLAN.
After	Information after the user port migration.

Related commands

ipv6 nd user-move record enable

display ipv6 neighbors

Use display ipv6 neighbors to display IPv6 neighbor information.

Syntax

display ipv6 neighbors { { ipv6-address | all | dynamic | static } [ slot slot-number ] | interface interface-type interface-number | vlan vlan-id } [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

ipv6-address: Specifies the IPv6 address of a neighbor whose information is displayed.

all: Displays information about all neighbors, including neighbors acquired dynamically and configured statically on the public network and all private networks.

dynamic: Displays information about all neighbors acquired dynamically.

static: Displays information about all neighbors configured statically.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays IPv6 neighbor information for all cards.

interface interface-type interface-number: Specifies an interface by its type and number.

vlan vlan-id: Displays information about neighbors in the specified SVLAN. The value range for the SVLAN ID is 1 to 4094.

verbose: Displays detailed neighbor information.

Examples

# Display all neighbor information.

<Sysname> display ipv6 neighbors all

Type: S-Static D-Dynamic R-Rule IS-Invalid static

IPv6 address MAC address VLAN/VSI Interface State T Aging

1::2 6864-6839-0202 1 GE1/0/1 STALE D 136

FE80::6A64:68FF:FE39:202 6864-6839-0202 1 GE1/0/1 STALE D 126

1::3 6864-6839-0203 1 Tunnel1 STALE D 136

1::4 6864-6839-0204 1 GE1/0/2 STALE D 136

# Display detailed information about all neighbors.

<Sysname> display ipv6 neighbors all verbose

IPv6 address : 1::2

MAC address : 6864-6839-0202 Type : Dynamic

State : STALE Aging: 136 seconds

Interface : GE1/0/1 SVLAN/CVLAN : 1/--

VPN instance : --

Service instance : --

Link ID : --

VXLAN ID : --

VSI name : --

VSI interface : --

IPv6 address : FE80::6A64:68FF:FE39:202

MAC address : 6864-6839-0202 Type : Dynamic

State : STALE Aging: 136 seconds

Interface : GE1/0/1 SVLAN/CVLAN : 1/--

VPN instance : --

Service instance : --

Link ID : --

VXLAN ID : --

VSI name : --

VSI interface : --

IPv6 address : 1::3

MAC address : 6864-6839-0203 Type : Dynamic

State : STALE Aging: 136 seconds

Interface : Tunnel1 SVLAN/CVLAN : 1/--

VPN instance : --

Service instance : --

Link ID : 0x5000001

VXLAN ID : 10

VSI name : --

VSI interface : --

IPv6 address : 1::4

MAC address : 6864-6839-0204 Type : Dynamic

State : STALE Aging: 136 seconds

Interface : GE1/0/2 SVLAN/CVLAN : 1/--

VPN instance : --

Service instance : 1

Link ID : 0x1

VXLAN ID : 10

VSI name : --

VSI interface : --

Table 6 Command output

Field	Description
IPv6 address	IPv6 address of the neighbor.
MAC address	MAC address of the neighbor.
VLAN/VSI	ID of the VLAN or index of the VSI to which the neighbor entry belongs. This field displays hyphens (--) if the neighbor entry does not belong to a VLAN or VSI.
Interface	Interface connected to the neighbor. · If the neighbor entry does not belong to a VSI, this field displays the interface name. If the interface name is not available, the field displays hyphens (--). · If the neighbor entry belongs to a VSI and the interface is a tunnel interface, the displayed value depends on the address resolution status. ¡ If the address is not resolved, this field displays the VSI. ¡ If the address is resolved, this field displays the tunnel ID. · If the neighbor entry belongs to a VSI but the interface is not a tunnel interface, the displayed value depends on the address resolution status. ¡ If the address is not resolved, this field displays the VSI. ¡ If the address is resolved, this field displays the interface.
State	State of the neighbor: · INCMP—The address is being resolved. The link layer address of the neighbor is unknown. · REACH—The neighbor is reachable. · STALE—Whether the neighbor is reachable is unknown. The device does not verify the reachability any longer unless data is sent to the neighbor. · DELAY—Whether the neighbor is reachable is unknown. The device sends an NS message after a delay. · PROBE—Whether the neighbor is reachable is unknown. The device sends an NS message to verify the reachability of the neighbor.
Type	Neighbor information type: · Static—Statically configured. · Dynamic—Dynamically obtained. · Rule—Learned from the IPoE or Portal module. · Invalid static—Invalid static configuration.
Aging	Reachable time of the neighbor: · For a static neighbor entry, this field displays hyphens (--), representing the neighbor entry never expires. · For a dynamic entry, this field displays the elapsed time in seconds. If the neighbor is never reachable, this field displays a pound sign (#).
SVLAN/CVLAN	SVLAN and CVLAN to which the interface connected to the neighbor belongs. This field displays hyphens (--) if the interface does not belong to a VLAN.
VPN instance	Name of a VPN instance. This field displays hyphens (--) if no VPN instance is configured.
Service instance	Ethernet service instance. If the neighbor entry does not belong to any Ethernet service instance for the related Layer 2 Ethernet interface or Layer 2 aggregate interface, this field displays hyphens (--).
Link ID	ID of the link that connects to the neighbor. The link ID is a string with a maximum of eight hexadecimal numbers. If the neighbor entry does not belong to any VSI, the field displays hyphens (--).
VXLAN ID	ID of the VXLAN associated with the VSI in the neighbor entry. If no VXLAN is specified, the field displays hyphens (--).
VSI name	Name of the VSI to which the neighbor entry belongs. This field displays hyphens (--) if the neighbor entry does not belong to a VSI.
VSI interface	VSI interface associated with a VSI. This field displays hyphens (--) if no VSI interface associated with the VSI is specified.

Related commands

ipv6 neighbor

reset ipv6 neighbors

display ipv6 neighbors count

Use display ipv6 neighbors count to display the number of neighbor entries.

Syntax

display ipv6 neighbors { { all | dynamic | static } [ slot slot-number ] | interface interface-type interface-number | vlan vlan-id } count

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Displays the total number of all neighbor entries, including neighbor entries created dynamically and configured statically.

dynamic: Displays the total number of neighbor entries created dynamically.

static: Displays the total number of neighbor entries configured statically.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays the number of neighbor entries for all cards. .

interface interface-type interface-number: Specifies an interface by its type and number.

vlan vlan-id: Displays the total number of neighbor entries in the specified VLAN. The value range for VLAN ID is 1 to 4094.

Examples

# Display the total number of neighbor entries created dynamically.

<Sysname> display ipv6 neighbors dynamic count

Total number of dynamic entries: 2

display ipv6 neighbors diff

Use display ipv6 neighbors diff to display IPv6 neighbor differences between the specified slots.

Syntax

display ipv6 neighbors diff [ all | [ vpn-instance vpn-instance-name ] [ ipv6-address ] ] slot slot-number1 slot slot-number2

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Displays IPv6 neighbor differences on the public network and all private networks.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. The VPN instance name cannot contain spaces. If you do not specify a VPN instance, this command displays IPv6 neighbor differences on the public network.

ipv6-address: Displays differences for IPv6 neighbors that exactly match the specified IPv6 address. If you do not specify an IPv6 address, this command displays differences for all IPv6 neighbors.

slot slot-number1 slot slot-number2: Specifies two cards by slot number.

Usage guidelines

Application scenarios

Entry inconsistency between cards might cause packet loss between an MPU and interface card, slow packet processing of interface cards, or too many packets in queues on interface cards. To avoid such an issue, you can use this command to display IPv6 neighbor differences between the specified slots.

Operating mechanism

If you specify none of the all, vpn-instance vpn-instance-name, and ipv6-address parameters, this command displays IPv6 neighbor differences on the public network.

Restrictions and guidelines

When you execute this command, you must specify two different slots.

Examples

# Display IPv6 neighbor differences on the public network and all private networks between the specified slots.

<Sysname> display ipv6 neighbors diff all slot 0 slot 1

--- Slot 0 CPU 0

+++ Slot 1 CPU 0

@@ -1,2 +0,0 @@

-IPv6 Address:1::2 Interface:GE1/0/1

\ No newline at end of file

+IPv6 Address:1::3 Interface:GE1/0/1

\ No newline at end of file

Table 7 Command output

Field	Description
Slot	· --- Slot—The first slot specified for comparison. · +++ Slot—The second slot specified for comparison.
CPU	ID of the CPU.
IPv6 Address	IPv6 address of the neighbor. The minus sign (-) before this field indicates that the entry belongs to the first specified slot. The plus sign (+) before this field indicates that the entry belongs to the second specified slot.
Interface	Interface connected to the neighbor.
\ No newline at end of file	All IPv6 neighbor differences on the specified slot have been printed.

‌

display ipv6 neighbors entry-limit

Use display ipv6 neighbors entry-limit to display the maximum number of ND entries that a device supports.

Syntax

display ipv6 neighbors entry-limit

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display the maximum number of ND entries that the device supports.

<Sysname> display ipv6 neighbors entry-limit

ND entries: 2048

display ipv6 neighbors statistics

Use display ipv6 neighbors statistics to display ND entry statistics.

Syntax

display ipv6 neighbors statistics { [ by-slot ] all | interface { interface-name | interface-type interface-number } | slot slot-number }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Displays all ND entry statistics.

interface interface-type interface-number: Specifies an interface by its type and number.

by-slot: Displays all ND entry statistics based on cards.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays ND entry statistics for all cards.

Usage guidelines

Use ND entry statistics to monitor the usage of entry resources. When an error occurs during packet forwarding, you can view ND entry statistics to identify whether it is because too many entry resources are occupied.

Examples

# Display ND entry statistics on GigabitEthernet 1/0/1.

<Sysname> display ipv6 neighbors statistics interface gigabitethernet 1/0/1

-----------------------------------------------

State Dynamic Static Rule

-----------------------------------------------

Incmp 0 0 0

Reach 0 2 0

Stale 1 - -

Delay 0 - -

Probe 0 - -

-----------------------------------------------

Total 1 2 0

# Display all ND entry statistics.

<Sysname> display ipv6 neighbors statistics all

-----------------------------------------------

State Dynamic Static Rule

-----------------------------------------------

Incmp 0 4 0

Reach 1 2 0

Stale 0 - -

Delay 0 - -

Probe 0 - -

-----------------------------------------------

Total 1 6 0

# Display all ND entry statistics based on cards.

<Sysname> display ipv6 neighbors statistics by-slot all

Slot 1:

-----------------------------------------------

State Dynamic Static Rule

-----------------------------------------------

Incmp 0 4 0

Reach 1 2 0

Stale 0 - -

Delay 0 - -

Probe 0 - -

-----------------------------------------------

Total 1 6 0

Slot 2:

-----------------------------------------------

State Dynamic Static Rule

-----------------------------------------------

Incmp 0 4 0

Reach 1 2 0

Stale 0 - -

Delay 0 - -

Probe 0 - -

-----------------------------------------------

Total 1 6 0

# Display all ND entry statistics on slot 1.

<Sysname> display ipv6 neighbors statistics slot 1

-----------------------------------------------

State Dynamic Static Rule

-----------------------------------------------

Incmp 0 0 0

Reach 0 2 0

Stale 1 - -

Delay 0 - -

Probe 0 - -

-----------------------------------------------

Total 1 2 0

Table 8 Command output

Field	Description
Dynamic	Number of ND entries obtained dynamically.
Static	Number of ND entries configured statically.
Rule	Number of ND entries obtained from the IPoE or Portal module.
Incmp	Number of ND entries in Incmp state.
Reach	Number of ND entries in Reach state.
Stale	Number of ND entries in Stale state.
Delay	Number of ND entries in Delay state.
Probe	Number of ND entries in Probe state.

‌

display ipv6 neighbors usage

Use display ipv6 neighbors usage to display the ND table usage.

Syntax

display ipv6 neighbors usage

Views

Any view

Predefined user roles

network-admin

network-operator

Usage guidelines

You can use this command to monitor the number of ND entries on the device and to determine whether ND attacks exist on the network.

The ND table usage is the ratio of the real-time ND entry count to the ND table capacity. When a network-side port is a VLAN interface, the dynamic ND learning limit might fail to reach the ND table capacity because it is restricted to the next hop hardware resources. Therefore, it might happen that the displayed ND table usage is low but the maximum number of dynamic ND entries is already reached.

The ND table usage provides statistics in the most recent hour.

Examples

# Display the ND table usage.

<Sysname> display ipv6 neighbors usage

ND table upper limit: 65000

Time ND entry count Usage

Current 52000 80%

1 min ago 51351 79%

2 min ago 50711 78%

3 min ago 47748 77%

…

59 min ago 13656 21%

60 min ago 13007 20%

Table 9 Command output

Field	Description
ND table upper limit	Maximum number of ND entries supported by the ND table.
Time	Time when the ND table usage was recorded.
ND entry count	Number of ND entries.
Usage	Usage of ND table, which is the ratio of the real-time ND entry count to the ND table upper limit.

Related commands

display ipv6 neighbors entry-limit

display ipv6 neighbors vpn-instance

Use display ipv6 neighbors vpn-instance to display neighbor information about a VPN instance.

Syntax

display ipv6 neighbors vpn-instance vpn-instance-name [ count ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. The VPN instance must already exist.

count: Displays the total number of neighbor entries in the specified VPN instance.

Examples

# Display neighbor information about the VPN instance vpn1.

<Sysname> display ipv6 neighbors vpn-instance vpn1

Type: S-Static D-Dynamic R-Rule IS-Invalid static

IPv6 address MAC address VID Interface State T Aging

FE80::200:5EFF:FE32:B800 0000-5e32-b800 -- GE1/0/1 REACH IS --

Table 10 Command output

Field	Description
IPv6 address	IPv6 address of the neighbor.
MAC address	MAC address of the neighbor.
VID	VLAN to which the interface connected to the neighbor belongs. This field displays hyphens (--) if the neighbor entry does not belong to a VLAN.
Interface	Interface connected to the neighbor.
State	Neighbor state: · INCMP—The address is being resolved. The link layer address of the neighbor is unknown. · REACH—The neighbor is reachable. · STALE—Whether the neighbor is reachable is unknown. The device does not verify the reachability any longer unless data is sent to the neighbor. · DELAY—Whether the neighbor is reachable is unknown. The device sends an NS message after a delay. · PROBE—Whether the neighbor is reachable is unknown. The device sends an NS message to verify the reachability of the neighbor.
T	Neighbor information type: · Static—Statically configured. · Dynamic—Dynamically obtained. · Rule—Learned from IPoE or portal. · Invalid static—Invalid static configuration.
Aging	Reachable time of the neighbor: · For a static neighbor entry, this field displays hyphens (--), representing the neighbor entry never expires. · For a dynamic neighbor entry, this field displays the elapsed time in seconds. If the neighbor is never reachable, this field displays a pound sign (#).

‌

ipv6 address duplicate-detect enable

Use ipv6 address duplicate-detect enable to enable duplicate detection for duplicate addresses.

Use undo ipv6 address duplicate-detect enable to disable duplicate detection for duplicate addresses.

Syntax

ipv6 address duplicate-detect enable

undo ipv6 address duplicate-detect enable

Default

Duplicate detection for duplicate addresses is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

If the device detects that an IPv6 address on an interface has been used on the network, the device marks that IPv6 address as duplicate. The interface cannot use the address for communication.

By default, an interface does not perform duplicate detection for duplicate addresses. Once an IPv6 address is marked as duplicate on an interface, it will be unusable even after it becomes unique on the link later.

To resolve this issue, enable duplicate detection for duplicate addresses. This feature sends NS messages to the duplicate address at random intervals until it does not receive an NA response message from that address or until duplicate detection is disabled for duplicate addresses.

You can set the maximum duplicate detection interval for duplicate addresses by using the ipv6 address duplicate-detect interval command. For more information about duplicate address detection, see the configuration guide.

Examples

# Enable duplicate detection for duplicate addresses.

<Sysname> system-view

[Sysname] ipv6 address duplicate-detect enable

Related commands

ipv6 address duplicate-detect interval

Use ipv6 address duplicate-detect interval to set the maximum duplicate detection interval for duplicate addresses.

Use undo ipv6 address duplicate-detect interval to restore the default.

Syntax

ipv6 address duplicate-detect interval interval

undo ipv6 address duplicate-detect interval

Default

The maximum duplicate detection interval for duplicate addresses is 5 seconds.

Views

System view

Predefined user roles

network-admin

Parameters

interval: Sets the maximum duplicate detection interval for duplicate addresses in seconds. The value range for this argument is 1 to 60.

Usage guidelines

After the device marks a detected address as duplicate, it waits for a random amount of time between 1 and the maximum detection interval. Then, the device resends an NS message to the solicited-node multicast address of the duplicate address. This mechanism helps reduce the risk of congestion that results from the NS messages sent for duplicate detection. For more information about duplicate address detection, see the configuration guide.

Examples

# Set the maximum duplicate detection interval to 10 seconds for duplicate addresses.

<Sysname> system-view

[Sysname] ipv6 address duplicate-detect interval 10

Related commands

ipv6 address duplicate-detect enable

ipv6 nd autoconfig managed-address-flag

Use ipv6 nd autoconfig managed-address-flag to set the managed address configuration flag (M) to 1 in RA advertisements to be sent.

Use undo ipv6 nd autoconfig managed-address-flag to restore the default.

Syntax

ipv6 nd autoconfig managed-address-flag

undo ipv6 nd autoconfig managed-address-flag

Default

The M flag is set to 0 in RA advertisements. Hosts receiving the advertisements will obtain IPv6 addresses through stateless autoconfiguration.

Views

Interface view

Predefined user roles

network-admin

Usage guidelines

The M flag in RA advertisements determines whether receiving hosts use stateful autoconfiguration to obtain IPv6 addresses.

· If the M flag is set to 1 in RA advertisements, receiving hosts use stateful autoconfiguration (for example, from a DHCPv6 server) to obtain IPv6 addresses.

· If the M flag is set to 0 in RA advertisements, receiving hosts use stateless autoconfiguration. Stateless autoconfiguration generates IPv6 addresses according to link-layer addresses and the prefix information in the RA advertisements.

Examples

# Set the M flag to 1 in RA advertisements to be sent.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 nd autoconfig managed-address-flag

ipv6 nd autoconfig other-flag

Use ipv6 nd autoconfig other-flag to set the other stateful configuration flag (O) to 1 in RA advertisements to be sent.

Use undo ipv6 nd autoconfig other-flag to restore the default.

Syntax

ipv6 nd autoconfig other-flag

undo ipv6 nd autoconfig other-flag

Default

The O flag is set to 0 in RA advertisements. Hosts receiving the advertisements will acquire other information through stateless autoconfiguration.

Views

Interface view

Predefined user roles

network-admin

Usage guidelines

The O flag in RA advertisements determines whether receiving hosts use stateful autoconfiguration to obtain configuration information other than IPv6 addresses.

· If the O flag is set to 1 in RA advertisements, receiving hosts use stateful autoconfiguration (for example, from a DHCPv6 server) to obtain configuration information other than IPv6 addresses.

· If the O flag is set to 0 in RA advertisements, receiving hosts use stateless autoconfiguration to obtain configuration information other than IPv6 addresses.

Examples

# Set the O flag to 0 in RA advertisements to be sent.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] undo ipv6 nd autoconfig other-flag

ipv6 nd dad attempts

Use ipv6 nd dad attempts to set the number of attempts to send an NS message for DAD.

Use undo ipv6 nd dad attempts to restore the default.

Syntax

ipv6 nd dad attempts times

undo ipv6 nd dad attempts

Default

The number of attempts to send an NS message for DAD is 1.

Views

Interface view

Predefined user roles

network-admin

Parameters

times: Specifies the number of attempts to send an NS message for DAD, in the range of 0 to 600. If it is set to 0, DAD is disabled.

Usage guidelines

An interface sends an NS message for DAD after obtaining an IPv6 address.

If the interface does not receive a response within the time specified by using ipv6 nd ns retrans-timer, it resends an NS message.

If the interface receives no response after making the maximum sending attempts (set by using ipv6 nd dad attempts), the interface uses the obtained address.

Examples

# Set the number of attempts to send an NS message for DAD to 20.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 nd dad attempts 20

Related commands

display ipv6 interface

ipv6 nd ns retrans-timer

ipv6 nd entry-limit record enable

Use ipv6 nd entry-limit record enable to enable recording ND entry learning events.

Use undo ipv6 nd entry-limit record enable to disable recording ND entry learning events.

Syntax

ipv6 nd entry-limit record enable

undo ipv6 nd entry-limit record enable

Default

The ND module does not record ND entry learning events.

Views

System view

Predefined user roles

network-admin

Usage guidelines

An ND entry learning event occurs when the number of ND entries that a card or an interface has learnt exceeds the threshold or drops below the threshold.

After you enable this feature, the ND module logs ND entry learning events and sends them to the information center. For log messages to be sent correctly, configure the information center to set log message filtering and output rules, including output destinations.

Examples

# Enable recording ND entry learning events.

<Sysname> system-view

[Sysname] ipv6 nd entry-limit record enable

Related commands

ipv6 neighbors max-learning-num

ipv6 neighbors max-learning-number

ipv6 nd fib-miss drop

Use ipv6 nd fib-miss drop to d isable the device from sending NS messages for ND entry learning when IPv6 data packets trigger ND resolution.

Use undo ipv6 nd fib-miss drop to restore the default.

Syntax

ipv6 nd fib-miss drop

undo ipv6 nd fib-miss drop

Default

The device sends NS messages for ND entry learning when IPv6 data packets trigger ND resolution.

Views

Layer 3 Ethernet interface view

Layer 3 Ethernet subinterface view

Layer 3 aggregation interface view

Layer 3 aggregation subinterface view

VSI interface view

VLAN interface view

L3VE interface view

Predefined user roles

network-admin

Usage guidelines

Application scenarios

By default, when the device receives a data packet not destined for it and cannot find a match for the next hop in the ND table, it performs the following tasks:

1. M ulticasts an NS message to obtain the MAC address of the next hop.

2. Generates an ND entry based on the obtained MAC address.

A large number of NS messages consume too many network resources, affecting normal service operation. To resolve the issue, use this command to disable the device from sending NS messages for ND entry learning when IPv6 data packets trigger ND resolution. This suppresses ND flooding by reducing ND packets on the network.

Operating mechanism

After you configure this feature on an interface of the device, the device does not multicast an NS message for ND entry learning if one of the following conditions exists:

· The interface receives a data packet not destined for the device and the next hop for the data packet does not match any ND entry.

· ND resolution is triggered when the interface actively sends a data packet.

Restrictions and guidelines

As a best practice, configure this feature only when the network is under ND flood attacks.

Examples

# Enable GigabitEthernet 1/0/1 to disable the device from sending NS messages for ND entry learning when IPv6 data packets trigger ND resolution.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 nd fib-miss drop

ipv6 nd ip-unique learning enable

Use ipv6 nd ip-unique learning enable to enable unique ND entry learning for IPv6 addresses (learn only one ND entry for one IPv6 address).

Use undo ipv6 nd ip-unique learning enable to disable unique ND entry learning for IPv6 addresses.

Syntax

ipv6 nd ip-unique learning enable

undo ipv6 nd ip-unique learning enable

Default

Unique ND entry learning for IPv6 addresses is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

Application scenarios

If a client accesses the device from two interfaces (with client IPv6 address unchanged), the device might learn two ND entries with the same IPv6 address but different interfaces for the client according to the NS and NA packets. The forwarding entry is generated based on the first ND entry. As a result, traffic cannot be forwarded normally because the interface corresponding to the IPv6 address in the forwarding entry is different from the current access interface of the client.

Operating mechanism

Enabled with this feature, the device learns only one ND entry for one IPv6 address. It deletes the old ND entry when it receives a new ND entry with the same IPv6 address but different interfaces to ensure normal traffic forwarding.

Examples

# Enable unique ND entry learning for IPv6 addresses.

<Sysname> system-view

[Sysname] ipv6 nd ip-unique learning enable

ipv6 nd mode uni

Use ipv6 nd mode uni to configure a port as a customer-side port.

Use undo ipv6 nd mode to restore the default.

Syntax

ipv6 nd mode uni

undo ipv6 nd mode

Default

A port acts as a network-side port.

Views

VSI interface view

Predefined user roles

network-admin

Usage guidelines

By default, the device associates an ND entry with routing information when the device learns an ND entry. The ND entry provides the next hop information for routing. To save hardware resources, you can use this command to specify a port that connects to a user terminal as a customer-side port. The device will not associate the routing information with the learned ND entries.

Examples

# Specify VLAN-interface 2 as a customer-side port.

<Sysname> system-view

[Sysname] interface vlan-interface 2

[Sysname-Vlan-interface2] ipv6 nd mode uni

ipv6 nd ns retrans-timer

Use ipv6 nd ns retrans-timer to set the interval for retransmitting an NS message.

Use undo ipv6 nd ns retrans-timer to restore the default.

Syntax

ipv6 nd ns retrans-timer value

undo ipv6 nd ns retrans-timer

Default

The local interface sends NS messages at every an interval of 1000 milliseconds, and the Retrans Timer field in the RA messages sent is 0. The interval for retransmitting an NS message is determined by the receiving device.

Views

Interface view

Predefined user roles

network-admin

Parameters

value: Specifies the interval value in the range of 1000 to 4294967295 milliseconds.

Usage guidelines

If a device does not receive a response from the peer within the specified interval, the device resends an NS message. The device retransmits an NS message at the specified interval and uses the interval value to fill the Retrans Timer field in RA messages to be sent.

Examples

# Specify GigabitEthernet 1/0/1 to retransmit NS messages every 10000 milliseconds.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 nd ns retrans-timer 10000

Related commands

display ipv6 interface

ipv6 nd nud reachable-time

Use ipv6 nd nud reachable-time to set the neighbor reachable time on an interface.

Use undo ipv6 nd nud reachable-time to restore the default.

Syntax

ipv6 nd nud reachable-time time

undo ipv6 nd nud reachable-time

Default

The neighbor reachable time on the local interface is 1200000 milliseconds, and the value of the Reachable Time field in RA messages is 0. The reachable time is determined by the receiving device.

Views

Interface view

Predefined user roles

network-admin

Parameters

time: Specifies the neighbor reachable time in the range of 1 to 3600000 milliseconds.

Usage guidelines

If the neighbor reachability detection shows that a neighbor is reachable, the device considers the neighbor reachable within the specified reachable time. If the device must send a packet to the neighbor after the specified reachable time expires, the device reconfirms whether the neighbor is reachable. The device sets the specified value as the neighbor reachable time on the local interface and uses the value to fill the Reachable Time field in RA messages to be sent.

Examples

# Set the neighbor reachable time on GigabitEthernet 1/0/1 to 10000 milliseconds.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 nd nud reachable-time 10000

Related commands

display ipv6 interface

ipv6 nd online-offline-log enable

Use ipv6 nd online-offline-log enable to enable ND logging for user online and offline events.

Use undo ipv6 nd online-offline-log enable to disable ND logging for user online and offline events.

Syntax

ipv6 nd online-offline-log enable [ rate rate ]

undo ipv6 nd online-offline-log enable

Default

ND logging for user online and offline events is disabled.

Views

System view

Predefined user roles

network-admin

Parameters

rate rate: Specifies the maximum number of logs that can be output per second. The value range is 3 to 500. If you do not specify this option, the maximum log output rate is 100 logs per second.

Usage guidelines

A higher log output rate consumes more CPU resources. Adjust the log output rate based the CPU performance and usage.

Examples

# Enable ND logging for user online and offline events, and set the maximum log output rate to 100 logs per second.

<Sysname> system-view

[Sysname] ipv6 nd online-offline-log enable rate 100

Related commands

ipv6 neighbor

ipv6 nd ra boot-file-url

Use ipv6 nd ra boot-file-url to specify the URL of the boot file in RA messages.

Use undo ipv6 nd ra boot-file-url to restore the default.

Syntax

ipv6 nd ra boot-file-url url-string

undo ipv6 nd ra boot-file-url

Default

RA messages do not contain the URL of the boot file.

Views

Interface view

Predefined user roles

network-admin

Parameters

url-string: Specifies the URL address of the boot file, a case-sensitive string of 1 to 127 characters. The URL address must be started with http://, https://. ftp://, or tftp://.

Usage guidelines

In a data center, a device follows the steps to implement automatic configuration:

1. Obtains an IPv6 address through ND or DHCPv6.

2. Obtains the URL address for downloading the boot file from the DHCPv6 server.

3. Downloads the boot file from the FTP server and installs it.

With the boot file URL specified in RA messages, the device can use the ND protocol to obtain both the IPv6 address and the boot file URL for automatic configuration. DHCPv6 is not required in the network, simplifying the network deployment.

Examples

# Specify the boot file URL address as tftp://169.254.0.1/file/softimg.iso in RA messages on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 nd ra boot-file-url tftp://169.254.0.1/file/softimg.iso

ipv6 nd ra dns search-list

Use ipv6 nd ra dns search-list to specify DNS suffix information to be advertised in RA messages.

Use undo ipv6 nd ra dns search-list to remove a DNS suffix from RA message advertisement.

Syntax

ipv6 nd ra dns search-list domain-name [ seconds | infinite ] sequence seqno

undo ipv6 nd ra dns search-list domain-name

Default

DNS suffix information is not specified and RA messages do not contain DNS suffix options.

Views

Interface view

Predefined user roles

network-admin

Parameters

domain-name: Specifies a DNS suffix. It is a dot-separated, case-insensitive string that can include letters, digits, hyphens (-), underscores (_), and dots (.), for example, aabbcc.com. The DNS suffix can include a maximum of 253 characters, and each separated string includes no more than 63 characters.

seconds: Specifies the lifetime of the DNS suffix, in seconds. The value range is 4 to 4294967295. Value 4294967295 indicates that the lifetime of the DNS suffix is infinite.

infinite: Sets the lifetime of the DNS suffix to infinite.

seqno: Specifies the sequence number of the DNS suffix, in the range of 0 to 4294967295. The sequence number for a DNS suffix must be unique. A smaller sequence number represents a higher priority.

Usage guidelines

The DNS search list (DNSSL) option in RA messages provides DNS suffix information for hosts. The RA messages allow hosts to obtain their IPv6 addresses and the DNS suffix through stateless autoconfiguration. This method is useful in a network where DHCPv6 infrastructure is not provided.

The default lifetime of the DNS suffix is three times the maximum interval for advertising RA messages. To set the maximum interval, use the ipv6 nd ra interval command.

You can configure a maximum of eight DNS suffixes on an interface. One DNSSL option contains one DNS suffix. All DNSSL options are sorted in ascending order of the sequence number of the DNS suffix.

The sequence number uniquely identifies a DNS suffix. To modify a DNS suffix or its sequence number, you must first use the undo ipv6 nd ra dns search-list command to remove the DNS suffix from RA message advertisement.

After you execute the ipv6 nd ra dns search-list command, the device immediately sends an RA message with the existing and newly specified DNS suffix information.

After you execute the undo ipv6 nd ra dns search-list command, the device immediately sends two RA messages.

· The first RA message carries information about all DNS suffixes, including DNS suffixes specified in the undo command with their lifetime set to 0 seconds.

· The second RA message carries information about remaining DNS suffixes.

Each time the device sends an RA message from an interface, it immediately refreshes the RA message advertisement interval for that interface.

Examples

# Specify the DNS suffix as com, the suffix lifetime as infinite, and the sequence number as 1 for RA messages on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 nd ra dns search-list com 3600 sequence 1

Related commands

ipv6 nd ra dns search-list suppress

ipv6 nd ra interval

ipv6 nd ra dns search-list suppress

Use ipv6 nd ra dns search-list suppress to enable DNS suffix suppression in RA messages.

Use undo ipv6 nd ra dns search-list suppress to disable DNS suffix suppression in RA messages.

Syntax

ipv6 nd ra dns search-list suppress

undo ipv6 nd ra dns search-list suppress

Default

DNS suffix suppression in RA messages is disabled.

Views

Interface view

Predefined user roles

network-admin

Usage guidelines

This command suppresses advertising DNS suffixes in RA messages on an interface. If you specify a new DNS suffix or remove a DNS suffix on the interface, the device immediately sends an RA message without any DNSSL options.

RA messages are suppressed by default. To disable RA message suppression, use the undo ipv6 nd ra halt command.

Whether enabling this feature on an interface will trigger sending RA message immediately depends on the interface configuration:

· If the interface has DNS suffix information configured, the device immediately sends two RA messages. In the first message, the lifetime for DNS suffixes is 0 seconds. The second RA message does not contain any DNSSL options.

· If the interface has no DNS suffix information specified, no RA messages are triggered.

Whether disabling this feature on an interface will trigger sending RA message immediately depends on the interface configuration:

· If the interface has DNS suffix information configured, the device immediately sends an RA message containing the DNS suffix information.

· If the interface has no DNS suffix information specified, no RA messages are triggered.

Each time the device sends an RA message from an interface, it immediately refreshes the RA message advertisement interval for that interface.

Examples

# Enable DNS suffix suppression in RA messages on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 nd ra dns search-list suppress

Related commands

ipv6 nd ra dns search-list

ipv6 nd ra dns server

Use ipv6 nd ra dns server to specify DNS server information to be advertised in RA messages.

Use undo ipv6 nd ra dns server to remove a DNS server from RA message advertisement.

Syntax

ipv6 nd ra dns server ipv6-address [ seconds | infinite ] sequence seqno

undo ipv6 nd ra dns server ipv6-address

Default

DNS server information is not specified and RA messages do not contain DNS server options.

Views

Interface view

Predefined user roles

network-admin

Parameters

ipv6-address: Specifies the IPv6 address of the DNS server, which must be a global unicast address or a link-local address.

seconds: Specifies the lifetime of the DNS server, in seconds. The value range is 4 to 4294967295. Value 4294967295 indicates that the lifetime of the DNS server is infinite.

infinite: Sets the lifetime of the DNS server to infinite.

sequence seqno: Specifies the sequence number of the DNS server, in the range of 0 to 4294967295. The sequence number for a DNS server must be unique. A smaller sequence number represents a higher priority.

Usage guidelines

The DNS server option in RA messages provides DNS server information for hosts. The RA messages allow hosts to obtain their IPv6 addresses and the DNS server through stateless autoconfiguration. This method is useful in a network where DHCPv6 infrastructure is not provided.

The default lifetime of the DNS server is three times the maximum interval for advertising RA messages. To set the maximum interval, use the ipv6 nd ra interval command.

You can configure a maximum of eight DNS servers on an interface. One DNS server option contains one DNS server. All DNS server options are sorted in ascending order of the DNS server sequence number.

The sequence number uniquely identifies a DNS server. To modify the IPv6 address or sequence number of a DNS server, you must first use the undo ipv6 nd ra dns server command to remove the DNS server from RA message advertisement.

After you execute the ipv6 nd ra dns server command, the device immediately sends an RA message with the existing and newly specified DNS server options.

After you execute the undo ipv6 nd ra dns server command, the device immediately sends two RA messages.

· The first RA message carries information about all DNS servers, including the DNS servers specified in the undo command with their lifetime set to 0 seconds.

· The second RA message carries information about remaining DNS servers.

Each time the device sends an RA message from an interface, it immediately refreshes the RA message advertisement interval for that interface.

In an IPv6 environment, PPP users and IPoE IPv6-ND-RS users can obtain the IPv6 DNS server address through AAA authorization. This AAA-authorized IPv6 DNS server address is also carried in RA messages. If an interface obtains the AAA-authorized and manually specified IPv6 DNS server addresses, the RA messages contain both, with the AAA-authorized address in the front. When the two addresses conflict, the AAA-authorized address is used.

For more information about the PPP support for IPv6, see PPP configuration in Layer 2—WAN Access Configuration Guide.

For more information about IPoE IPv6-ND-RS users, see IPoE configuration in User Access and Authentication Configuration Guide.

Examples

# Specify the DNS server address as 2001:10::100, the server lifetime as infinite, and the sequence number as 1 for RA messages on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 nd ra dns server 2001:10::100 3600 sequence 1

Related commands

ipv6 nd ra dns server suppress

ipv6 nd ra interval

ipv6 nd ra dns server suppress

Use ipv6 nd ra dns server suppress to enable DNS server suppression in RA messages.

Use undo ipv6 nd ra dns server suppress to disable DNS server suppression in RA messages.

Syntax

ipv6 nd ra dns server suppress

undo ipv6 nd ra dns server suppress

Default

DNS server suppression in RA messages is disabled.

Views

Interface view

Predefined user roles

network-admin

Usage guidelines

This command suppresses advertising DNS server addresses in RA messages on an interface. If you specify a new DNS server or remove a DNS server on the interface, the device immediately sends an RA message without any DNS server options.

RA messages are suppressed by default. To disable RA message suppression, use the undo ipv6 nd ra halt command.

Whether enabling this feature on an interface will trigger sending RA message immediately depends on the interface configuration:

· If the interface has DNS server information configured or has obtained an AAA-authorized DNS server address, the device immediately sends two RA messages. In the first message, the lifetime for DNS server addresses is 0 seconds. The second RA message does not contain any DNS server options.

· If the interface has no DNS server information specified or no AAA-authorized DNS server address assigned, no RA messages are triggered.

Whether disabling this feature on an interface will trigger sending RA message immediately depends on the interface configuration:

· If the interface has DNS server information configured or has obtained an AAA-authorized DNS server address, the device immediately sends an RA message containing the DNS server information.

· If the interface has no DNS server information specified or no AAA-authorized DNS server address assigned, no RA messages are triggered.

Each time the device sends an RA message from an interface, it immediately refreshes the RA message advertisement interval for that interface.

Examples

# Enable DNS server suppression in RA messages on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 nd ra dns server suppress

Related commands

ipv6 nd ra dns server

ipv6 nd ra halt

Use ipv6 nd ra halt to suppress an interface from advertising RA messages.

Use undo ipv6 nd ra halt to disable this feature.

Syntax

ipv6 nd ra halt

undo ipv6 nd ra halt

Default

An interface is suppressed from sending RA messages.

Views

Interface view

Predefined user roles

network-admin

Examples

# Disable RA message suppression on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] undo ipv6 nd ra halt

ipv6 nd ra hop-limit unspecified

Use ipv6 nd ra hop-limit unspecified to specify unlimited hops in RA messages.

Use undo ipv6 nd ra hop-limit unspecified to restore the default.

Syntax

ipv6 nd ra hop-limit unspecified

undo ipv6 nd ra hop-limit unspecified

Default

The maximum number of hops in the RA messages is limited to 64.

Views

Interface view

Predefined user roles

network-admin

Usage guidelines

To set the maximum number of hops to a value rather than the default setting, use the ipv6 hop-limit command.

Examples

# Specify unlimited hops in the RA messages on interface GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 nd ra hop-limit unspecified

Related commands

ipv6 hop-limit

ipv6 nd ra interval

Use ipv6 nd ra interval to set the maximum and minimum intervals for advertising RA messages.

Use undo ipv6 nd ra interval to restore the default.

Syntax

ipv6 nd ra interval max-interval min-interval

undo ipv6 nd ra interval

Default

The maximum interval between RA messages is 600 seconds, and the minimum interval is 200 seconds.

Views

Interface view

Predefined user roles

network-admin

Parameters

max-interval: Specifies the maximum interval value in seconds, in the range of 4 to 1800.

min-interval: Specifies the minimum interval value in the range of 3 seconds to three-fourths of the maximum interval.

Usage guidelines

The device advertises RA messages randomly between the maximum interval and the minimum interval.

The maximum interval for sending RA messages should be less than or equal to the router lifetime in RA messages.

Examples

# Set the maximum interval for advertising RA messages to 1000 seconds and the minimum interval to 700 seconds.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 nd ra interval 1000 700

Related commands

ipv6 nd ra router-lifetime

ipv6 nd ra invalid-delegated-prefix advertise enable

Use ipv6 nd ra invalid-delegated-prefix advertise enable to enable advertising invalid delegated prefixes.

Use undo ipv6 nd ra invalid-delegated-prefix advertise enable to disable advertising invalid delegated prefixes.

Syntax

ipv6 nd ra invalid-delegated-prefix advertise enable

undo ipv6 nd ra invalid-delegated-prefix advertise enable

Default

Advertising invalid delegated prefixes is disabled.

Views

Interface view

Predefined user roles

network-admin

Usage guidelines

Application scenarios

An interface can generate an IPv6 address based on a prefix, which is assigned by the DHCPv6 server. When the assigned prefix goes invalid, the device does not advertise RA messages for the event by default. In this case, endpoints that use this prefix are not aware of the event, and continue using the IPv6 addresses generated based on the prefix, causing communication failures. To avoid this problem, you can use this feature.

Operating mechanism

When a DHCPv6 server-assigned prefix goes invalid, the device sends out RA messages immediately. The device sets both the preferred lifetime and valid lifetime to 0 in these messages, announcing that the prefix is invalid. Upon receiving the advertisement, endpoints will no longer use the IPv6 addresses generated based on the prefix. For more information about DHCPv6, see DHCPv6 configuration in Layer 3—IP Services Configuration Guide.

RA message advertisement is suppressed by default. To disable RA message suppression, use the undo ipv6 nd ra halt command.

Examples

# Enable advertising invalid delegated prefixes on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 nd ra invalid-delegated-prefix advertise enable

Related commands

ipv6 dhcp client pd

ipv6 nd ra halt

ipv6 nd ra no-advlinkmtu

Use ipv6 nd ra no-advlinkmtu to turn off the MTU option in RA messages.

Use undo ipv6 nd ra no-advlinkmtu to restore the default.

Syntax

ipv6 nd ra no-advlinkmtu

undo ipv6 nd ra no-advlinkmtu

Default

RA messages contain the MTU option.

Views

Interface view

Predefined user roles

network-admin

Usage guidelines

The MTU option in the RA messages specifies the link MTU to ensure that all nodes on the link use the same MTU.

Examples

# Turn off the MTU option in RA messages on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 nd ra no-advlinkmtu

ipv6 nd ra prefix

Use ipv6 nd ra prefix to configure the prefix information in RA messages.

Use undo ipv6 nd ra prefix to restore the default.

Syntax

ipv6 nd ra prefix { ipv6-prefix prefix-length | ipv6-prefix/prefix-length } [ valid-lifetime preferred-lifetime [ no-autoconfig | off-link | prefix-preference level ] * | no-advertise ]

undo ipv6 nd ra prefix { ipv6-prefix | ipv6-prefix/prefix-length }

Default

No prefix information is configured for RA messages. Instead, the IPv6 address of the interface sending RA messages is used as the prefix information.

If the IPv6 address is manually configured, the prefix uses the fixed valid lifetime 2592000 seconds (30 days) and preferred lifetime 604800 seconds (7 days).

If the IPv6 address is automatically obtained (through DHCP, for example), the prefix uses the valid and preferred lifetime of the IPv6 address.

Views

Interface view

Predefined user roles

network-admin

Parameters

ipv6-prefix: Specifies the IPv6 prefix.

prefix-length: Specifies the prefix length of the IPv6 address.

valid-lifetime: Specifies the valid lifetime of a prefix, in the range of 0 to 4294967295 seconds. The default value is 2592000 seconds (30 days).

preferred-lifetime: Specifies the preferred lifetime of a prefix used for stateless autoconfiguration, in the range of 0 to 4294967295 seconds. The preferred lifetime cannot be longer than the valid lifetime. The default value is 604800 seconds (7 days).

no-autoconfig: Specifies a prefix not to be used for stateless autoconfiguration. If you do not specify this keyword, the prefix is used for stateless autoconfiguration.

off-link: Indicates that the address with the prefix is not directly reachable on the link. If you do not specify this keyword, the address with the prefix is directly reachable on the link.

prefix-preference level: Specifies the prefix preference. The level argument specifies the preference value in the range of 0 to 255. A larger value indicates a higher preference. The client selects an IPv6 prefix with the highest preference for address generation. If you do not specify this option, the RA message does not contain the preference for the prefix.

no-advertise: Disables the device from advertising the prefix specified in this command. If you do not specify this keyword, the device advertises the prefix specified in this command.

Usage guidelines

Application scenarios

After hosts on the same link receive RA messages, they can use the prefix information in the RA messages for stateless autoconfiguration. You can execute this command to configure the prefix information in RA messages.

Operating mechanism

A prefix specified without a parameter in this command preferentially uses the default settings configured by using the ipv6 nd ra prefix default command. If the default settings are unavailable, the prefix uses the following settings:

· Valid lifetime of 2592000 seconds (30 days).

· Preferred lifetime of 604800 seconds (7 days).

· The prefix is used for stateless autoconfiguration.

· The address with the prefix is directly reachable on the link.

· The prefix is advertised in RA messages.

Restrictions and guidelines

Examples

# Configure the prefix information in RA messages on GigabitEthernet 1/0/1.

Method 1:

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 nd ra prefix 2001:10::100/64 100 10

Method 2:

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 nd ra prefix 2001:10::100 64 100 10

ipv6 nd ra prefix default

Use ipv6 nd ra prefix default to configure the default settings for prefixes advertised in RA messages.

Use undo ipv6 nd ra prefix default to restore the default.

Syntax

ipv6 nd ra prefix default [ valid-lifetime preferred-lifetime [ no-autoconfig | off-link | prefix-preference level ] * | no-advertise ]

undo ipv6 nd ra prefix default

Default

No default settings are configured for prefixes advertised in RA messages.

Views

Interface view

Predefined user roles

network-admin

Parameters

valid-lifetime: Specifies the valid lifetime of a prefix, in the range of 0 to 4294967295 seconds. The default value is 2592000 seconds (30 days).

no-autoconfig: Specifies a prefix not to be used for stateless autoconfiguration. If you do not specify this keyword, the prefix is used for stateless autoconfiguration.

off-link: Indicates that the address with the prefix is not directly reachable on the link. If you do not specify this keyword, the address with the prefix is directly reachable on the link.

no-advertise: Disables the device from advertising the prefix specified in this command. If you do not specify this keyword, the device advertises the prefix specified in this command.

Usage guidelines

Application scenarios

Operating mechanism

This command specifies the default settings for the prefix specified by using the ipv6 nd ra prefix command. If none of the parameters (valid-lifetime, preferred-lifetime, no-autoconfig, off-link, prefix-preference level, and no-advertise) is configured in the ipv6 nd ra prefix command, the prefix uses the default settings.

Restrictions and guidelines

Examples

# Configure the default settings for prefixes advertised in RA messages on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 nd ra prefix default 100 10

ipv6 nd ra router-lifetime

Use ipv6 nd ra router-lifetime to set the router lifetime in RA messages.

Use undo ipv6 nd ra router-lifetime to restore the default.

Syntax

ipv6 nd ra router-lifetime time

undo ipv6 nd ra router-lifetime

Default

The router lifetime in RA messages is three times as long as the maximum interval for advertising RA messages.

Views

Interface view

Predefined user roles

network-admin

Parameters

time: Specifies the router lifetime in the range of 0 to 9000 seconds. If the value is set to 0, the router does not act as the default router.

Usage guidelines

The router lifetime in RA messages specifies how long the router sending the RA messages acts as the default router. Hosts receiving the RA messages check this value to determine whether to use the sending router as the default router. If the router lifetime is 0, the router cannot be used as the default router.

The router lifetime in RA messages must be greater than or equal to the advertising interval.

Examples

# Set the router lifetime in RA messages on GigabitEthernet 1/0/1 to 1000 seconds.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 nd ra router-lifetime 1000

Related commands

ipv6 nd ra interval

ipv6 nd route-direct advertise

Use ipv6 nd route-direct advertise to enable ND direct route advertisement.

Use undo ipv6 nd route-direct advertise to disable ND direct route advertisement.

Syntax

ipv6 nd route-direct advertise [ preference preference-value | tag tag-value ] *

undo ipv6 nd route-direct advertise

Default

The ND direct route advertisement feature is disabled.

Views

Interface view

Predefined user roles

network-admin

Parameters

preference preference-value: Sets a preference value for ND-advertised direct routes. The value range for the preference-value argument is 1 to 255, and the default is 0. A smaller value represents a higher priority.

tag tag-value: Sets a tag value for ND-advertised direct routes. The value range for the tag-value argument is 1 to 4294967295, and the default is 0.

Usage guidelines

With ND direct route advertisement enabled, ND advertises ND entries to the route management module to generate direct routes. The route preference value determines the match order of a route. Dynamic routing protocols use the tag value as the route identifier when redistributing a direct route.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Enable ND direct route advertisement for L3VE interface VE-L3VPN 1.

<Sysname> system-view

[Sysname] interface ve-l3vpn 1

[Sysname-VE-L3VPN1] ipv6 nd route-direct advertise

# Enable ND direct route advertisement for GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 nd route-direct advertise

# Enable ND direct route advertisement for GigabitEthernet 1/0/1, and set both the preference value and tag value to 2 for direct routes.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 nd route-direct advertise preference 2 tag 2

# Enable ND direct route advertisement for VSI-interface 1, and set both the preference value and tag value to 2 for direct routes.

<Sysname> system-view

[Sysname] interface vsi-interface 1

[Sysname-Vsi-interface1] ipv6 nd route-direct advertise preference 2 tag 2

# Enable ND direct route advertisement for L3VE interface VE-L3VPN 1, and set both the preference value and tag value to 2 for direct routes.

<Sysname> system-view

[Sysname] interface ve-l3vpn 1

[Sysname-VE-L3VPN1] ipv6 nd route-direct advertise preference 2 tag 2

Related commands

display ipv6 nd route-direct advertise

ipv6 nd route-direct advertise delay

Use ipv6 nd route-direct advertise delay to set a delay for generating direct routes based on ND entries.

Use undo ipv6 nd route-direct advertise delay to restore the default.

Syntax

ipv6 nd route-direct advertise delay delay-time

undo ipv6 nd route-direct advertise delay

Default

The device generates a direct route immediately after an ND entry is learned on an interface enabled with ND direct route advertisement.

Views

Interface view

Predefined user roles

network-admin

Parameters

delay-time: Specifies the delay for ND-based generation of direct routes. The value range is 0 to 3600 seconds.

Usage guidelines

After you enable ND direct route advertisement on an interface by using the ipv6 nd route-direct advertise command, the device generates direct routes and adjacency table entries based on ND entries learned on that interface. If the direct routes are generated before the adjacency table entries for them, temporary packet loss will occur due to lack of Layer 2 information for packet encapsulation. To avoid such an issue, use this command to set a route generation delay for ND direct route advertisement on the interface.

You can enable ND direct route advertisement and set a delay for ND-based generation of direct routes in any order. If you set the delay first, the setting takes effect immediately after you enable ND direct route advertisement. The device must wait for the delay timer to expire before it can generate a direct route based on a learned ND entry.

After you enable ND direct route advertisement and set a route generation delay for it on an interface, a delay timer starts when an ND entry is learned on that interface. When the timer expires, the device generates a direct route based on that ND entry.

If you edit the direct route advertisement configuration before the delay timer expires, the device advertises the direct route based on the new configuration immediately. If you change the delay setting before a delay timer starts for an ND entry, the new setting takes effect. However, the timer does not reset.

· If the timer count is equal to or higher than the new delay setting, the device generates a direct route based on the ND entry.

· If the timer count is lower than the new delay setting, the device generates a direct route based on the ND entry when the amount of new delay time is reached.

Examples

# Set a route generation delay for ND direct route advertisement on L3VE interface VE-L3VPN 1.

<Sysname> system-view

[Sysname] interface ve-l3vpn 1

[Sysname-VE-L3VPN1] ipv6 nd route-direct advertise delay 100

# Set a route generation delay for ND direct route advertisement on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 nd route-direct advertise delay 200

Related commands

ipv6 nd route-direct advertise

ipv6 nd route-direct prefix convert-length

Use ipv6 nd route-direct prefix convert-length to specify a prefix length for generating a network route for identified ND entries.

Use undo ipv6 nd route-direct prefix to restore the default.

Syntax

ipv6 nd route-direct prefix ipv6-prefix prefix-length convert-length convert-length [ retain-host-route ]

undo ipv6 nd route-direct prefix ipv6-prefix prefix-length

Default

No prefix length is specified for generating a network route for identified ND entries.

Views

Interface view

Predefined user roles

network-admin

Parameters

ipv6-prefix: Specifies an IPv6 prefix.

prefix-length: Specifies an IPv6 prefix length in the range of 1 to 128. The ipv6-prefix prefix-length arguments identify ND entries for which the network route is generated.

convert-length: Specifies an IPv6 prefix length for the generated network route, in the range of 1 to 127. The value for this argument must be higher than the value for the prefix-length argument.

retain-host-route: Retains the generated 128-bit host routes. If you do not specify this keyword, the device deletes the corresponding host routes after generating network routes for identified ND entries.

Usage guidelines

After you execute the ipv6 nd route-direct advertise command on an interface, the device generates 128-bit host routes for ND entries learned on the interface. As a result, the routing table might be populated with excessive host routes. To reduce the routing table size, execute the ipv6 nd route-direct prefix convert-length command for the device to generate network routes for identified ND entries and delete the corresponding host routes.

In scenarios where both network routes and host routes are required, specify the retain-host-route keyword to retain the generated host routes. In other scenarios, to avoid a large number of host routes, do not specify the retain-host-route keyword.

For the configuration to take effect, the specified IPv6 prefix must be consistent with the IPv6 address prefix of the interface.

Examples

# On GigabitEthernet 1/0/1, set the prefix length to 70 for generating a network route for ND entries with IPv6 prefix 2001::1/64.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 nd route-direct prefix 2001::1 64 convert-length 70

# On VSI-interface 1, set the prefix length to 70 for generating a network route for ND entries with IPv6 prefix 2001::1/64.

<Sysname> system-view

[Sysname] interface vsi-interface 1

[Sysname-Vsi-interface1] ipv6 nd route-direct prefix 2001::1 64 convert-length 70

# On VE-L3VPN 1, set the prefix length to 70 for generating a network route for ND entries with IPv6 prefix 2001::1/64.

<Sysname> system-view

[Sysname] interface ve-l3vpn 1

[Sysname-VE-L3VPN1] ipv6 nd route-direct prefix 2001::1 64 convert-length 70

Related commands

ipv6 nd route-direct advertise

ipv6 nd router-preference

Use ipv6 nd router-preference to set a router preference in RA messages.

Use undo ipv6 nd router-preference to restore the default.

Syntax

ipv6 nd router-preference { high | low | medium }

undo ipv6 nd router-preference

Default

The router preference is medium.

Views

Interface view

Predefined user roles

network-admin

Parameters

high: Sets the router preference to the highest setting.

low: Sets the router preference to the lowest setting.

medium: Sets the router preference to the medium setting.

Usage guidelines

A host selects a router with the highest preference as the default router.

When router preferences are the same in RA messages, a host selects the router corresponding to the first received RA message as the default gateway.

Examples

# Set the router preference in RA messages to the lowest on interface GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 nd router-preference low

ipv6 nd suppression enable

Use ipv6 nd suppression enable to enable IPv6 ND suppression.

Use undo ipv6 nd suppression enable to disable IPv6 ND suppression.

Syntax

ipv6 nd suppression enable

undo ipv6 nd suppression enable

Default

IPv6 ND suppression is disabled.

Views

Cross-connect view

Predefined user roles

network-admin

Usage guidelines

Application scenarios

Excessive ND packets in the MPLS L2VPN network will increase the CPU workload on PEs, prevent the device from processing other services correctly. To resolve this issue, you can enable IPv6 ND suppression on PEs to ensure correct communication of the entire network.

Operating mechanism

With this feature enabled, the PE can listen ND packets that pass through. When the base station or CE initiates ND parsing again, the PE can reply to the ND request. This can avoid network flooding caused by ND parsing initiated by devices.

Restrictions and guidelines

You must enable L2VPN before configuring the cross-connect view. For more information about L2VPN, see MPLS L2VPN in MPLS Configuration Guide.

Examples

# Enable IPv6 ND suppression for cross-connect 2 in cross-connect group 1.

<Sysname> system-view

[Sysname] xconnect-group 1

[Sysname-xcg-1] connection 2

[Sysname-xcg-1-2] ipv6 nd suppression enable

Related commands

ipv6 nd suppression push interval

Use ipv6 nd suppression push interval to enable the ND suppression push feature and set a push interval.

Use undo ipv6 nd suppression push interval to disable the ND suppression push feature.

Syntax

ipv6 nd suppression push interval interval

undo ipv6 nd suppression push interval

Default

The ND suppression push feature is disabled.

Views

System view

Predefined user roles

network-admin

Parameters

interval: Specifies the push interval value in the range of 1 to 1440 minutes.

Usage guidelines

The ND suppression push feature regularly pushes ND suppression entries by advertising NA messages.

Examples

# Enable the device to push ND suppression entries every 2 minutes.

<Sysname> system-view

[Sysname]ipv6 nd suppression push interval 2

Related commands

ipv6 nd suppression enable

ipv6 nd unsolicited-na-learning enable

Use ipv6 nd unsolicited-na-learning enable to enable unsolicited NA learning.

Use undo ipv6 nd unsolicited-na-learning enable to disable unsolicited NA learning.

Syntax

ipv6 nd unsolicited-na-learning enable

undo ipv6 nd unsolicited-na-learning enable

Default

Unsolicited NA learning is disabled.

Views

Layer 3 interface view

Predefined user roles

network-admin

Usage guidelines

To ensure that the device learns ND entries from trusted NA messages, enable this feature only on a secure network.

This feature might cause the device to learn excessive ND entries that consume too many system resources. As a best practice, execute the ipv6 neighbor stale-aging command to set a smaller aging timer before you enable this feature. The smaller aging timer accelerates the aging of ND entries in stale state.

Examples

# Enable unsolicited NA learning on Layer 3 Ethernet interface GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface GigabitEthernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 nd unsolicited-na-learning enable

Related commands

ipv6 neighbor stale-aging

ipv6 nd user-ip-conflict record enable

Use ipv6 nd user-ip-conflict record enable to enable recording user IPv6 address conflicts.

Use undo ipv6 nd user-ip-conflict record enable to disable recording user IPv6 address conflicts.

Syntax

ipv6 nd user-ip-conflict record enable

undo ipv6 nd user-ip-conflict record enable

Default

Recording user IPv6 address conflicts is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This feature detects and records user IPv6 address conflicts. A conflict occurs if an incoming NA packet has the same source IPv6 address as an existing ND entry but a different source MAC address. The device generates a user IPv6 address conflict record, logs the conflict, and sends the log to the information center. For information about the log destination and output rule configuration in the information center, see the information center in System Management Configuration Guide.

Each card can generate a maximum of 10 user IPv6 address conflict logs per second. When this maximum number is reached, the card suppresses generating user IPv6 address conflict logs and records the suppression times. Each card can save a maximum of 200 user IPv6 address conflict records.

When the number of saved user IPv6 address conflict records reaches the upper limit, new records overwrite old ones.

Examples

# Enable recording user IPv6 address conflicts.

<Sysname> system-view

[Sysname] ipv6 nd user-ip-conflict record enable

Related commands

display ipv6 nd user-ip-conflict record

ipv6 nd user-move record enable

Use ipv6 nd user-move record enable to enable recording user port migrations.

Use undo ipv6 nd user-move record enable to disable recording user port migrations.

Syntax

ipv6 nd user-move record enable

undo ipv6 nd user-move record enable

Default

Recording user port migrations is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This feature enables the device to detect and record user port migrations. A user port migrates if an incoming NA packet has the same source IPv6 address and source MAC address as an existing ND entry but a different port. The device generates a user port migration record, logs the migration event, and sends the log to the information center. For information about the log destination and output rule configuration in the information center, see the information center in System Management Configuration Guide.

Each card can generate a maximum of 10 user port migration logs per second. When this maximum number is reached, the card suppresses generating user port migration logs and records the suppression times. Each card can save a maximum of 200 user port migration records.

When the number of saved user port migration records reaches the upper limit, new records overwrite old ones.

Examples

# Enable recording user port migrations.

<Sysname> system-view

[Sysname] ipv6 nd user-move record enable

Related commands

display ipv6 nd user-move record

ipv6 neighbor

Use ipv6 neighbor to configure a static neighbor entry.

Use undo ipv6 neighbor to delete a neighbor entry.

Syntax

ipv6 neighbor ipv6-address mac-address { vlan-id port-type port-number | interface interface-type interface-number | vsi-interface vsi-interface-id tunnel number vsi vsi-name | vsi-interface vsi-interface-id interface-type interface-number service-instance instance-id vsi vsi-name } [ vpn-instance vpn-instance-name ]

undo ipv6 neighbor ipv6-address interface-type interface-number

Default

No static neighbor entries exist.

Views

System view

Predefined user roles

network-admin

Parameters

ipv6-address: Specifies the IPv6 address of the static neighbor entry.

mac-address: Specifies the MAC address (48 bits) of the static neighbor entry, in the format of H-H-H.

vlan-id: Specifies the VLAN ID of the static neighbor entry, in the range of 1 to 4094.

port-type port-number: Specifies a Layer 2 port of the static neighbor entry by its type and number.

interface interface-type interface-number: Specifies a Layer 3 interface of the static neighbor entry by its type and number.

vsi-interface vsi-interface-id: Specifies an input VSI interface for packets received from the neighbor in the entry. The vsi-interface-id argument specifies the VSI interface number.

tunnel number: Specifies an output tunnel interface for packets sent to the neighbor in the entry. The number argument specifies the tunnel interface number.

interface-type interface-number: Specifies a Layer 2 interface by its type and number. The device determines an output interface for packets sent to the neighbor in the entry based on the specified Layer 2 interface and Ethernet service instance.

vsi vsi-name: Specifies a VSI name, a case-sensitive string of 1 to 31 characters.

service-instance instance-id: Specifies the Ethernet service instance of the entry. The instance-id specifies the Ethernet service instance ID in the range of 1 to 4096. You must specify this option if a Layer 2 interface is specified. This option is not configurable if an interface of another type is specified.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance to which the static neighbor entry belongs. The vpn-instance-name argument represents the VPN instance name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command configures a static neighbor entry for the public network.

Usage guidelines

A neighbor entry stores information about a link-local node. The entry can be created dynamically through NS and NA messages, or configured statically.

The device uniquely identifies a static neighbor entry by using the neighbor's IPv6 address and the number of the Layer 3 interface that connects to the neighbor. You can configure a static neighbor entry by using either of the following methods:

· Method 1—Associate a neighbor IPv6 address and link-layer address with the Layer 3 interface of the local node.

· Method 2—Associate a neighbor IPv6 address and link-layer address with a Layer 2 port in a VLAN containing the local node.

· Method 3—Specify a neighbor IPv6 address, MAC address, input interface (VSI interface), output interface (tunnel interface), and VSI name.

· Method 4—Specify a neighbor IPv6 address, MAC address, input interface (VSI interface), output interface (determined by a Layer 2 interface and Ethernet service instance), and VSI name.

To configure a static neighbor entry for a VLAN interface, use Method 1 or Method 2.

· If Method 1 is used, the neighbor entry is in INCMP state. After the device obtains the corresponding Layer 2 port information, the neighbor entry goes into REACH state.

· If Method 2 is used, the port specified by port-type port-number must belong to the VLAN specified by vlan-id and the corresponding VLAN interface must already exist. After the static neighbor entry is configured, the device associates the VLAN interface with the IPv6 address to uniquely identify the static neighbor entry. The entry will be in REACH state.

If the device and its neighbor are connected through a VSI interface, use Method 3 or Method 4 to configure the neighbor entry.

· If Method 3 is used, the neighbor entry is in REACH state. This method is applicable to the network where VXLAN gateways are connected through tunnel interfaces. In the network, a VXLAN gateway is identified by both the VSI and VSI interface. A VSI interface is associated with multiple tunnel interfaces. To create a neighbor entry, you must specify the VSI interface, VSI, and tunnel interface.

· If Method 4 is used, the neighbor entry is in REACH state. This method is applicable to the network where VXLAN gateways are associated with local sites. A VXLAN gateway is identified by both the VSI and VSI interface. One VXLAN gateway might have multiple local sites. Local sites access the VXLAN network through Layer 2 interfaces where Ethernet service instance and VSI mappings are configured. To create a neighbor entry, you must specify the VSI interface, Layer 2 interface connected to the local site, Ethernet service instance, and VSI.

For more information about VSI, VSI interfaces, and Ethernet service instances, see VXLAN overview in VXLAN Configuration Guide.

For more information about tunnel interfaces, see tunneling configuration in Layer 3—IP Services Configuration Guide.

To delete a neighbor entry for a VSI interface, specify only the VSI interface.

To delete a neighbor entry for a VLAN interface, specify only the VLAN interface.

You can use the undo ipv6 neighbor command to delete both static and dynamic neighbor entries.

To delete a neighbor entry for a VLAN interface, specify only the VLAN interface.

Examples

# Configure a static neighbor entry for Layer 3 interface GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] ipv6 neighbor 2000::1 fe-e0-89 interface gigabitethernet 1/0/1

# Configure a static neighbor entry, and specify IPv6 address 2000::1, MAC address 00e0-fc01-0000, input interface (VSI-interface 1), output interface (Tunnel-interface 1), and VSI vsi1.

<Sysname> system-view

[Sysname] ipv6 neighbor 2000::1 00e0-fc01-0000 vsi-interface 1 tunnel 1 vsi vsi1

# Configure a static neighbor entry, and specify IPv6 address 2000::1, MAC address 00e0-fc01-0000, input interface (VSI-interface 1), output interface (GigabitEthernet 1/0/1), Ethernet service instance 1, and VSI vsi1.

<Sysname> system-view

[Sysname] ipv6 neighbor 2000::1 00e0-fc01-0000 vsi-interface 1 gigabitethernet 1/0/1 service-instance 1 vsi vsi1

Related commands

display ipv6 neighbors

reset ipv6 neighbors

ipv6 neighbor aging probe-count

Use ipv6 neighbor aging probe-count to set the maximum number of probes to test the reachability of neighbors in ND entries.

Use undo ipv6 neighbor aging probe-count to restore the default.

Syntax

ipv6 neighbor aging probe-count count

undo ipv6 neighbor aging probe-count

Default

The device performs a maximum of three probes to test the reachability of neighbors in ND entries.

Views

System view

Predefined user roles

network-admin

Parameters

count: Specifies the maximum number of probes. The value range for this argument is 0 to 10. To disable the device from probing ND entries, set the value to 0.

Usage guidelines

The device probes the reachability of a neighbor when the neighbor entry is in PROBE state. Neighbor entries in DELAY state will adopt this setting when they enter into the PROBE state.

This command does not apply to ND entries in PROBE state.

Examples

# Allow the device to perform a maximum of five probes to test the reachability of neighbors in ND entries.

<Sysname> system-view

[Sysname] ipv6 neighbor aging probe-count 5

Related commands

ipv6 neighbor aging probe-interval

Use ipv6 neighbor aging probe-interval to set the interval for testing the reachability of neighbors in ND entries.

Use undo ipv6 neighbor aging probe-interval to restore the default.

Syntax

ipv6 neighbor aging probe-interval interval

undo ipv6 neighbor aging probe-interval

Default

The interval for testing the reachability of neighbors in ND entries is the same as the interval for retransmitting an NS message.

Views

System view

Predefined user roles

network-admin

Parameters

interval: Specifies the interval in seconds. The value rang is 1 to 60.

Usage guidelines

The modification takes effect immediately after you execute the command.

To set the interval for retransmitting an NS message, use the ipv6 nd ns retrans-timer command.

Examples

# Set the interval to 10 seconds for testing the reachability of neighbors in ND entries.

<Sysname> system-view

[Sysname] ipv6 neighbor aging probe-interval 10

Related commands

ipv6 neighbor aging probe-count

ipv6 neighbor link-local minimize

Use ipv6 neighbor link-local minimize to minimize link-local ND entries.

Use undo ipv6 neighbor link-local minimize to restore the default.

Syntax

ipv6 neighbor link-local minimize

undo ipv6 neighbor link-local minimize

Default

All ND entries are assigned to the driver.

Views

System view

Predefined user roles

network-admin

Usage guidelines

Perform this command to minimize link-local ND entries assigned to the driver. Link-local ND entries refer to ND entries that contain link-local addresses.

With this feature enabled, the device does not add newly learned link-local ND entries whose link local addresses are not the next hop of any route to the driver. This saves driver resources.

This feature affects only newly learned link-local ND entries rather than existing ND entries.

Examples

# Minimize link-local ND entries.

<Sysname> system-view

[Sysname] ipv6 neighbor link-local minimize

ipv6 neighbor stale-aging

Use ipv6 neighbor stale-aging to set the aging timer for ND entries in stale state.

Use undo ipv6 neighbor stale-aging to restore the default.

Syntax

ipv6 neighbor stale-aging { aging-minutes | second aging-seconds }

undo ipv6 neighbor stale-aging

Default

The aging timer for ND entries in stale state is 240 minutes.

Views

System view

Predefined user roles

network-admin

Parameters

aging-minutes: Specifies the aging timer in minutes for ND entries in stale state, in the range of 1 to 1440.

second aging-seconds: Specifies the aging timer in seconds for ND entries in stale state, in the range of 1 to 86400.

Usage guidelines

This aging time applies to all ND entries in stale state. If an ND entry in stale state is not updated before the timer expires, it moves to the delay state. If it is still not updated in 5 seconds, the ND entry moves to the probe state. The device sends an NS message for detection a maximum of three times. If no response is received, the device deletes the ND entry.

Examples

# Set the aging timer for ND entries in stale state to 120 minutes.

<Sysname> system-view

[Sysname] ipv6 neighbor stale-aging 120

ipv6 neighbor timer stale-aging

Use ipv6 neighbor timer stale-aging to set the aging timer for ND entries in stale state on an interface.

Use undo ipv6 neighbor timer stale-aging to restore the default.

Syntax

ipv6 neighbor timer stale-aging { aging-minutes | second aging-seconds }

undo ipv6 neighbor timer stale-aging

Default

The aging timer of ND entries in stale state is not configured on an interface. The aging timer is determined by the configuration of the ipv6 neighbor stale-aging command in system view.

Views

Layer 3 Ethernet interface/subinterface view

Layer 3 aggregate interface/subinterface view

Layer 3 RPR logical interface view

VXLAN VSI interface view

VLAN interface view

Tunnel interface view

POS interface view

Serial interface view

Predefined user roles

network-admin

Parameters

aging-minutes: Specifies the aging timer in minutes for ND entries in stale state, in the range of 1 to 1440.

second aging-seconds: Specifies the aging timer in seconds for ND entries in stale state, in the range of 1 to 86400.

Usage guidelines

This aging timer applies to ND entries in stale state on the interface. If an ND entry in stale state is not updated before the timer expires, it changes to the delay state. If it is still not updated in 5 seconds, the ND entry changes to the probe state. The device sends an NS message for probe and a maximum of three attempts is allowed. If no response is received, the device deletes the ND entry.

You can set the aging timer for ND entries in stale state in system view and interface view. For ND entries in stale state on an interface, the aging timer in interface view has higher priority than the aging timer in system view.

Examples

# On GigabitEthernet 1/0/1, set the aging timer to 200 minutes for ND entries in stale state.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 neighbor timer stale-aging 200

Related commands

ipv6 neighbor stale-aging

ipv6 neighbors max-learning-num

Use ipv6 neighbors max-learning-num to set the maximum number of dynamic neighbor entries that an interface can learn. This prevents the interface from occupying too many neighbor table resources.

Use undo ipv6 neighbors max-learning-num to restore the default.

Syntax

ipv6 neighbors max-learning-num max-number

undo ipv6 neighbors max-learning-num

Default

An interface can learn a maximum of 4096 dynamic neighbor entries.

‌

MPU model	Default
MSU-100	4096
MSU-200	4096
MSU-400-G	65534

‌

Views

Layer 2/Layer 3 interface view

Layer 2/Layer 3 aggregate interface view

Layer 3 RPR logical interface view

S-channel interface/S-channel aggregate interface view

Predefined user roles

network-admin

Parameters

max-number: Specifies the maximum number of dynamic neighbor entries that an interface can learn. The value range for this argument is 1 to 4096.

The following compatibility matrix shows the value ranges for the max-number argument:

MPU model	Value ranges
MSU-100	1 to 4096
MSU-200	1 to 4096
MSU-400-G	1 to 65534

‌

Usage guidelines

The device can dynamically acquire the link-layer address of a neighboring node through NS and NA messages and add it into the neighbor table.

When the number of dynamic neighbor entries reaches the threshold, the interface stops learning neighbor information.

Examples

# Set the maximum number of dynamic neighbor entries that GigabitEthernet 1/0/1 can learn to 10.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 neighbors max-learning-num 10

ipv6 neighbors max-learning-number

Use ipv6 neighbors max-learning-number to set the maximum number of dynamic neighbor entries that the device can learn.

Use undo ipv6 neighbors max-learning-number to restore the default.

Syntax

ipv6 neighbors max-learning-number max-number slot slot-number

undo ipv6 neighbors max-learning-number slot slot-number

Default

The device can learn up to 4096 dynamic neighbor entries.

‌

MPU model	Default
MSU-100	4096
MSU-200	4096
MSU-400-G	65534

‌

Views

System view

Predefined user roles

network-admin

Parameters

max-number: Specifies the maximum number of dynamic neighbor entries that the device can learn. The value range for this argument is 0 to 4096. To disable the device from learning dynamic neighbor entries, set the value for this argument to 0.

The following compatibility matrix shows the value ranges for the dynamic neighbor entry learning limit for the device:

MPU model	Value range
MSU-100	0 to 4096
MSU-200	0 to 4096
MSU-400-G	0 to 65534

‌

slot slot-number: Specifies a card by its slot number.

Usage guidelines

The device can dynamically acquire the link-layer address of a neighboring node through NS and NA messages and add it into the neighbor table.

To avoid excessive resource consumption by neighbor entries, s et the maximum number of dynamic neighbor entries that the device can learn.

When the number of dynamic neighbor entries reaches the limit, the device stops learning neighbor information.

Examples

# On slot 1, set the maximum number of dynamic neighbor entries that the device can learn to 64.

<Sysname> system-view

[Sysname] ipv6 neighbors max-learning-number 64 slot 1

local-proxy-nd enable

Use local-proxy-nd enable to enable local ND proxy.

Use undo local-proxy-nd enable to disable local ND proxy.

Syntax

local-proxy-nd enable

undo local-proxy-nd enable

Default

Local ND proxy is disabled.

Views

VLAN interface view

Layer 3 Ethernet interface view

Layer 3 Ethernet subinterface view

Layer 3 aggregate interface view

Predefined user roles

network-admin

Examples

# Enable local ND proxy on interface GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] local-proxy-nd enable

Related commands

proxy-nd enable

ping nd ipv6

Use ping nd ipv6 to verify the availability of an IPv6 address in the LAN.

Syntax

ping nd ipv6 host [ interface interface-type interface-number ] [ timeout timeout ] [ count count ]

Views

Any view

Predefined user roles

network-admin

Parameters

host: Specifies an IPv6 address or a host name. A host name is a case-insensitive string of 1 to 253 characters. The string can contain letters, digits, hyphens (-), underscores (_), and dots (.).

interface interface-type interface-number: Specifies the egress interface that sends NS packets. The interface-type and interface-number arguments represent the interface type and interface number, respectively. If you do not specify this option, the device sends NS packets out of the egress interface specified by the route entry.

timeout timeout: Specifies the NS packet timeout in milliseconds. The value range is 0 to 65535 and the default value is 3000.

count count: Specifies the maximum number of NS packet transmission attempts, in the range of 1 to 4294967295. The default value is 5.

Usage guidelines

Application scenarios

This feature allows users to verify if an IPv6 address is being used by another device in the LAN.

You can also use the ping ipv6 command to verify the IPv6 address availability. However, the test result might be inaccurate because the peer device cannot respond if a firewall is configured to forbid the device from responding to ICMPv6 packets. Compared with ping operations, ND-ping uses Layer 2 packets (ND packets), which are not blocked by firewalls in most cases, and NS packets are shorter than ICMPv6 packets and require less network resources.

Operating mechanism

After you perform this task, the device sends an NS packet to the specified IPv6 address. If no NA packet is received within the timeout, the device retransmits the NS packet. If no NA packet is received after the maximum number of transmission attempts is reached, the device considers that the IPv6 address is not being used.

Restrictions and guidelines

To test the address availability by specifying a host name, configure DNS for the device to translate the host name to an IPv6 address. For more information about DNS, see "Configuring DNS."

If multiple devices exist in the LAN, executing this command might take a long time. To stop the command execution, press Ctrl+C.

Examples

# Verify if IPv6 address 2001::2 is being used by another device in the LAN. The test result shows that the address is being used by device 0003-0003-0003.

<Sysname> ping nd ipv6 2001::2

2001::2 is used by 0003-0003-0003.

# Verify if IPv6 address 2001::2 is being used by another device in the LAN. The test result shows that the address is not being used by any other device.

<Sysname> ping nd ipv6 2001::2

The IPv6 address is not in use on the network.

ping nd mac

Use ping nd mac to obtain the IPv6 address of the device that uses the specified MAC address in a specific subnet.

Syntax

ping nd mac mac-address { interface interface-type interface-number | ipv6 ipv6-address [ vpn-instance vpn-instance-name ] } [ timeout timeout ] [ count count ]

Views

Any view

Predefined user roles

network-admin

Parameters

mac-address: Specifies a MAC address in the H-H-H format. You can omit the 0s at the start of each group. For example, you can specify MAC address 000f-00e2-0001 as f-e2-1 in this command. Make sure the MAC address is not a multicast, broadcast, or virtual address.

interface interface-type interface-number: Specifies the ICMPv6 packet egress interface to search the MAC address in the interface subnet. The interface-type and interface-number arguments represent the interface type and interface number, respectively.

ipv6 ipv6-address: Specifies an IPv6 subnet.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command searches the MAC address in the public network.

timeout timeout: Specifies the ICMPv6 packet timeout in milliseconds. The value range is 0 to 65535 and the default value is 3000.

count count: Specifies the maximum number of ICMPv6 packet transmission attempts, in the range of 1 to 4294967295. The default value is 5.

Usage guidelines

Perform this task to obtain the IPv6 address of the device that uses the specified MAC address in a specific subnet.

After you perform this task, the device broadcasts a Layer 3 ICMPv6 packet. If no ICMPv6 response is received within the timeout, the device resends the broadcast packet. If no ICMPv6 response is received after the number of maximum transmission attempts is received, the device considers that the MAC address does not exist in the subnet.

If multiple devices exist in the subnet, executing this command might take a long time. To stop the command execution, press Ctrl+C.

Examples

# Obtain the IPv6 address of device 0003-0003-0003 in the subnet where interface GigabitEthernet 1/0/1 resides.

<Sysname> ping nd mac 0003-0003-0003 interface gigabitethernet 1/0/1

ND-Ping MAC statistics:

1 packet(s) transmitted

1 packet(s) received

IPv6 address MAC address

2001::2 0003-0003-0003

# Obtain the IPv6 address of device 0003-0003-0003 in subnet 2001::0.

<Sysname> ping nd mac 0003-0003-0003 ipv6 2001::0

ND-Ping MAC statistics:

5 packet(s) transmitted

0 packet(s) received

MAC[0003-0003-0003] not in use

proxy-nd enable

Use proxy-nd enable to enable common ND proxy.

Use undo proxy-nd enable to disable common ND proxy.

Syntax

proxy-nd enable

undo proxy-nd enable

Default

Common ND proxy is disabled.

Views

VLAN interface view

Layer 3 Ethernet interface view

Layer 3 Ethernet subinterface view

Layer 3 aggregate interface view

Predefined user roles

network-admin

Examples

# Enable common ND proxy on interface GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] proxy-nd enable

Related commands

local-proxy-nd enable

proxy-nd span-segment enable

Use proxy-nd span-segment enable to enable cross-segment ND proxy.

Use undo proxy-nd span-segment enable to disable cross-segment ND proxy.

Syntax

proxy-nd span-segment enable

undo proxy-nd span-segment enable

Default

Cross-segment ND proxy is disabled.

Views

VLAN interface view

Layer 3 Ethernet interface view

Layer 3 Ethernet subinterface view

Layer 3 aggregate interface view

VSI interface view

Predefined user roles

network-admin

Usage guidelines

ND proxy enables a device to answer an NS message requesting the hardware address of a host on another network. With ND proxy, hosts in different broadcast domains can communicate with each other as they would on the same network.

Cross-segment ND proxy allows neighbor discovery when the hosts are connected to different Layer 3 interfaces or subinterfaces and the IP addresses of the hosts and the interfaces are not in the same network.

Examples

# Enable cross-segment ND proxy on interface GigabitEthernet1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] proxy-nd span-segment enable

reset ipv6 nd suppression xconnect-group

Use reset ipv6 nd suppression xconnect-group to clear ND suppression entries.

Syntax

reset ipv6 nd suppression xconnect-group [ name group-name ]

Views

User view

Predefined user roles

network-admin

Parameters

name group-name: Specifies a cross-connect group by its name, a case-sensitive string of 1 to 31 characters excluding hyphens (-).

Examples

# Clear ND suppression entries on the device.

<Sysname> reset ipv6 nd suppression xconnect-group

Related commands

display ipv6 nd suppression xconnect-group

reset ipv6 neighbors

Use reset ipv6 neighbors to clear IPv6 neighbor information.

Syntax

reset ipv6 neighbors { all | dynamic | interface interface-type interface-number | slot slot-number | static }

Views

User view

Predefined user roles

network-admin

Parameters

all: Clears static and dynamic neighbor information for all interfaces.

dynamic: Clears dynamic neighbor information for all interfaces.

interface interface-type interface-number: Clears dynamic neighbor information for the interface specified by its type and number.

slot slot-number: Specifies a card by its slot number. If you do not specify a cad, this command clears dynamic neighbor information for all cards.

static: Clears static neighbor information for all interfaces.

Examples

# Clear neighbor information for all interfaces.

<Sysname> reset ipv6 neighbors all

This will delete all the entries. Continue? [Y/N]:Y

# Clear dynamic neighbor information for all interfaces.

<Sysname> reset ipv6 neighbors dynamic

This will delete all the dynamic entries. Continue? [Y/N]:Y

# Clear all neighbor information for GigabitEthernet 1/0/1.

<Sysname> reset ipv6 neighbors interface gigabitethernet 1/0/1

This will delete all the dynamic entries by the interface you specified. Continue? [Y/N]:Y

Related commands

display ipv6 neighbors

ipv6 neighbor

07-Layer 3—IP Services Command Reference

display ipv6 neighbors

Application scenarios

Operating mechanism

Restrictions and guidelines

ipv6 nd autoconfig managed-address-flag

Application scenarios

Operating mechanism

ipv6 nd mode uni

ipv6 nd ns retrans-timer

ipv6 nd ra halt

ipv6 nd ra interval

Application scenarios

Operating mechanism

Application scenarios

Operating mechanism

Restrictions and guidelines

Application scenarios

Operating mechanism

Restrictions and guidelines

ipv6 nd router-preference

Application scenarios

Operating mechanism

Restrictions and guidelines

ipv6 neighbor

ipv6 neighbors max-learning-num

Application scenarios

Operating mechanism

Restrictions and guidelines

Intelligent Terminal Products

Product Support Services

Technical Service Solutions

Resource Center

Policy

Online Help

Become a Partner

Partner Policy & Program

Global Learning

Partner Sales Resources

Service Business

News & Events

Contact Us