IPv6 First-Hop Security Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
IPv6 Neighbor Discovery Multicast Suppress
Downloads: This chapterpdf (PDF - 237.0KB) The complete bookPDF (PDF - 640.0KB) | Feedback

IPv6 Neighbor Discovery Multicast Suppress

IPv6 Neighbor Discovery Multicast Suppress

Last Updated: January 22, 2013

Some deployment environments, such as large wireless networks, have scarce bandwidth and rely on proxy features to reduce the amount of control traffic exchanged between nodes on the link. IPv6 Neighbor Discovery Multicast Suppress, which operates on the layer 2 switch (or on the wireless controller operating as a layer 2 switch), is one of the proxy features used in such situations.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Information About IPv6 Neighbor Discovery Multicast Suppress

IPv6 Neighbor Discovery Multicast Suppress

The IPv6 neighbor discovery (ND) multicast suppress feature stops as many ND multicast neighbor solicit (NS) messages as possible by dropping them (and responding to solicitations on behalf of the targets) or converting them into unicast traffic. This feature runs on a layer 2 switch or a wireless controller and is used to reduce the amount of control traffic necessary for proper link operations.

When an address is inserted into the binding table, an address resolution request sent to a multicast address is intercepted, and the device either responds on behalf of the address owner or, at layer 2, converts the request into a unicast message and forwards it to its destination.

The following figure provides an overview of this feature:

IPv6 DAD Proxy

The IPv6 duplicate address detection (DAD) proxy feature provides host-to-host connectivity in LANs where direct communication between hosts is not possible. For example, in a Service Provider (SP) deployment, hosts must not see each other directly on the layer 2 domain. Hosts often are added to private VLANs and then directed to the same primary VLAN to reach SP servers and devices. This process raises an issue with IPv6 DAD, especially with link-local addresses, which are auto-assigned by hosts using the IPv6 stateless address autoconfiguration ND protocol.

When a host needs to verify that its address is unique, it enables the DAD procedure. However, when the two hosts cannot communicate with each other at layer 2, this procedure cannot detect a duplicate address. If the DAD procedure cannot run, there is the slight possibility that two hosts will assign the same link-local address, which will cause both hosts to fail when they try to reach the DHCPv6 server. The IPv6 DAD proxy feature responds on behalf of the address's owner when an address is already in use.

The following figure provides an overview of the IPv6 DAD proxy feature:

How to Configure IPv6 Neighbor Discovery Multicast Suppress

Configuring the IPv6 Neighbor Discovery Suppress Policy on the Device

If the IPv6 ND suppress feature and the IPv6 DAD proxy feature are both available on a device, you can perform steps 4 and 5 in this task to enable IPv6 DAD proxy, if desired.

SUMMARY STEPS

1.    enable

2.    configure terminal

3.    ipv6 nd suppress policy policy-name

4.   mode dad-proxy

5.   mode full-proxy


DETAILED STEPS
  Command or Action Purpose
Step 1
enable


Example:

Device> enable

 

Enables privileged EXEC mode.

  • Enter your password if prompted.
 
Step 2
configure terminal


Example:

Device# configure terminal

 

Enters global configuration mode.

 
Step 3
ipv6 nd suppress policy policy-name


Example:

Device(config)# ipv6 nd suppress policy policy1

 

Defines the ND suppress policy name and enters ND suppress policy configuration mode.

 
Step 4
mode dad-proxy


Example:

Device(config-nd-suppress)# mode dad-proxy

 

Enables ND suppress in IPv6 DAD proxy mode.

 
Step 5
mode full-proxy


Example:

Device(config-nd-suppress)# mode full-proxy

 

Enables ND suppress to proxy multicast and unicast NS messages.

 

Configuring IPv6 Neighbor Discovery Multicast Suppress on an Interface

SUMMARY STEPS

1.    enable

2.    configure terminal

3.    interface type number

4.    ipv6 nd suppress attach-policy [policy-name [vlan {add | except | none | remove | all} vlan [vlan1, vlan2, vlan3...]]]

5.   exit


DETAILED STEPS
  Command or Action Purpose
Step 1
enable


Example:

Device> enable

 

Enables privileged EXEC mode.

  • Enter your password if prompted.
 
Step 2
configure terminal


Example:

Device# configure terminal

 

Enters global configuration mode.

 
Step 3
interface type number


Example:

Device(config)# interface ethernet 0/0

 

Specifies an interface type and number, and places the device in interface configuration mode.

 
Step 4
ipv6 nd suppress attach-policy [policy-name [vlan {add | except | none | remove | all} vlan [vlan1, vlan2, vlan3...]]]


Example:

Device(config-if)# ipv6 nd suppress attach-policy

 

Applies the IPv6 ND suppress feature on a specific interface.

 
Step 5
exit


Example:

Device(config-if)# exit

 

Exits interface configuration mode.

 

Configuring IPv6 DAD Proxy

SUMMARY STEPS

1.    enable

2.    configure terminal

3.   ipv6 nd dad-proxy


DETAILED STEPS
  Command or Action Purpose
Step 1
enable


Example:

Device> enable

 

Enables privileged EXEC mode.

  • Enter your password if prompted.
 
Step 2
configure terminal


Example:

Device# configure terminal

 

Enters global configuration mode.

 
Step 3
ipv6 nd dad-proxy


Example:

Device(config)# ipv6 nd dad-proxy

 

Enables the IPv6 ND DAD proxy feature on the device when the IPv6 ND multicast suppress feature is not available on the device platform.

 

Configuration Examples for IPv6 Neighbor Discovery Multicast Suppress

Example: Configuring the IPv6 Neighbor Discovery Suppress Policy on the Device

Device(config)# ipv6 nd suppress policy policy1
Device(config-nd-suppress)#
      

Example: Configuring IPv6 Neighbor Discovery Suppress on an Interface

Device(config)# interface Ethernet 0/0
Device(config-if)# ipv6 nd suppress attach-policy
      

Additional References

Related Documents

Related Topic Document Title

IPv6 addressing and connectivity

IPv6 Configuration Guide

Cisco IOS commands

Cisco IOS Master Commands List, All Releases

IPv6 commands

Cisco IOS IPv6 Command Reference

Cisco IOS IPv6 features

Cisco IOS IPv6 Feature Mapping

Standards and RFCs

Standard/RFC Title

RFCs for IPv6

IPv6 RFCs

MIBs

MIB

MIBs Link

No new or modified MIBs are supported by this feature, and support for existing MIBs has not been modified by this feature.

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs

Technical Assistance

Description Link

The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

http://www.cisco.com/cisco/web/support/index.html

Feature Information for IPv6 Neighbor Discovery Multicast Suppress

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Table 1 Feature Information for
Feature Name Releases Feature Information

IPv6 Neighbor Discovery Multicast Suppress

15.1(2)SG

Cisco IOS XE Release 3.8S

Cisco IOS XE Release 3SE

The IPv6 ND multicast suppress feature is an IPv6 snooping feature that runs on a layer 2 switch or a wireless controller and is used to reduce the amount of control traffic necessary for proper link operations.

The following commands were introduced or modified: ipv6 nd dad-proxy, ipv6 nd suppress attach-policy, ipv6 nd suppress policy, mode dad-proxy, mode md-proxy.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.

© 2012-2013 Cisco Systems, Inc. All rights reserved.