Cisco ASA 5500 Series Configuration Guide using ASDM, 6.3
Configuring IPv6 Neighbor Discovery
Downloads: This chapterpdf (PDF - 277.0KB) The complete bookPDF (PDF - 22.37MB) | Feedback

Configuring IPv6 Neighbor Discovery

Table Of Contents

Configuring IPv6 Neighbor Discovery

Configuring Neighbor Solicitation Messages

Configuring the Neighbor Solicitation Message Interval

Information About Neighbor Solicitation Messages

Licensing Requirements for Neighbor Solicitation Messages

Guidelines and Limitations for the Neighbor Solicitation Message Interval

Default Settings for the Neighbor Solicitation Message Interval

Configuring the Neighbor Solicitation Message Interval

Feature History for the Neighbor Solicitation Message Interval

Configuring the Neighbor Reachable Time

Information About Neighbor Reachable Time

Licensing Requirements for Neighbor Reachable Time

Guidelines and Limitations for Neighbor Reachable Time

Default Settings for the Neighbor Reachable Time

Configuring Neighbor Reachable Time

Configuring DAD Settings

Configuring IPv6 Addresses on an Interface

Configuring IPv6 Prefixes on an Interface

Feature History for Neighbor Reachable Time

Configuring Router Advertisement Messages

Information About Router Advertisement Messages

Configuring the Router Advertisement Transmission Interval

Licensing Requirements for Router Advertisement Transmission Interval

Guidelines and Limitations for the Router Advertisement Transmission Interval

Default Settings for Router Advertisement Transmission Interval

Configuring Router Advertisement Transmission Interval

Feature History for the Router Advertisement Transmission Interval

Configuring the Router Lifetime Value

Licensing Requirements for the Router Lifetime Value

Guidelines and Limitations for the Router Lifetime Value

Default Settings for the Router Lifetime Value

Configuring the Router Lifetime Value

Feature History for the Router Lifetime Value

Configuring the IPv6 Prefix

Licensing Requirements for IPv6 Prefixes

Guidelines and Limitations for IPv6 Prefixes

Default Settings for IPv6 Prefixes

Configuring IPv6 Prefixes

Suppressing Router Advertisement Messages

Licensing Requirements for Suppressing Router Advertisement Messages

Guidelines and Limitations for Suppressing Router Advertisement Messages

Default Settings for Suppressing Router Advertisement Messages

Suppressing Router Advertisement Messages

Feature History for Suppressing Router Advertisement Messages

Configuring a Static IPv6 Neighbor

Information About a Static IPv6 Neighbor

Licensing Requirements for Static IPv6 Neighbor

Guidelines and Limitations

Default Settings

Configuring a Static IPv6 Neighbor

Editing Static Neighbors

Deleting Static Neighbors

Feature History for Configuring a Static IPv6 Neighbor


Configuring IPv6 Neighbor Discovery


The IPv6 neighbor discovery process uses ICMPv6 messages and solicited-node multicast addresses to determine the link-layer address of a neighbor on the same network (local link), verify the readability of a neighbor, and keep track of neighboring routers. For information about how to configure IPv6 Neighbor Discovery in ASDM, see the Cisco ASA 5500 Series Configuration Guide using ASDM.

This chapter describes how to enable and configure IPv6 neighbor discovery on the adaptive security appliance and includes the following sections:

Configuring Neighbor Solicitation Messages

Configuring Router Advertisement Messages

Configuring a Static IPv6 Neighbor

Configuring Neighbor Solicitation Messages

This section includes the following topics:

Configuring the Neighbor Solicitation Message Interval

Configuring the Neighbor Reachable Time

Configuring the Neighbor Solicitation Message Interval

Information About Neighbor Solicitation Messages

Licensing Requirements for Neighbor Solicitation Messages

Guidelines and Limitations for the Neighbor Solicitation Message Interval

Default Settings for the Neighbor Solicitation Message Interval

Configuring the Neighbor Solicitation Message Interval

Feature History for the Neighbor Solicitation Message Interval

Information About Neighbor Solicitation Messages

Neighbor solicitation messages (ICMPv6 Type 135) are sent on the local link by nodes attempting to discover the link-layer addresses of other nodes on the local link. The neighbor solicitation message is sent to the solicited-node multicast address. The source address in the neighbor solicitation message is the IPv6 address of the node sending the neighbor solicitation message. The neighbor solicitation message also includes the link-layer address of the source node.

After receiving a neighbor solicitation message, the destination node replies by sending a neighbor advertisement message (ICPMv6 Type 136) on the local link. The source address in the neighbor advertisement message is the IPv6 address of the node sending the neighbor advertisement message; the destination address is the IPv6 address of the node that sent the neighbor solicitation message. The data portion of the neighbor advertisement message includes the link-layer address of the node sending the neighbor advertisement message.

After the source node receives the neighbor advertisement, the source node and destination node can communicate. Figure 25-1 shows the neighbor solicitation and response process.

Figure 25-1 IPv6 Neighbor Discovery—Neighbor Solicitation Message

Neighbor solicitation messages are also used to verify the reachability of a neighbor after the link-layer address of a neighbor is identified. When a node wants to verifying the reachability of a neighbor, the destination address in a neighbor solicitation message is the unicast address of the neighbor.

Neighbor advertisement messages are also sent when there is a change in the link-layer address of a node on a local link. When there is such a change, the destination address for the neighbor advertisement is the all-nodes multicast address.

Licensing Requirements for Neighbor Solicitation Messages

The following table shows the licensing requirements for this feature:

Model
License Requirement

All models

Base License.


Guidelines and Limitations for the Neighbor Solicitation Message Interval

This section includes the guidelines and limitations for this feature.

Context Mode Guidelines

Supported in single and multiple context mode.

Firewall Mode Guidelines

Supported in routed mode only. Transparent mode is not supported.

Additional Guidelines and Limitations

The interval value is included in all IPv6 router advertisements sent out this interface.

Default Settings for the Neighbor Solicitation Message Interval

Table 25-1 lists the default settings for neighbor solicitation message parameters.

Table 25-1 Default Neighbor Solicitation Messages Parameters 

Parameters
Default

value (transmission interval)

1000 seconds between neighbor solicitation transmissions


Configuring the Neighbor Solicitation Message Interval

You can configure the interval between IPv6 neighbor solicitation retransmissions on an interface. Valid values range from 1000 to 3600000 milliseconds. The default value is 1000 milliseconds. This setting is also sent in router advertisement messages.

To configure the neighbor solicitation message interval, perform the following steps:


Step 1 Choose Configuration > Device Setup > Interfaces.

Step 2 Choose the interface on which to configure the neighbor solicitation interval. The interface must have been configured with an IPv6 address. See the "Configuring IPv6 Addresses on an Interface" section for more information.

Step 3 Click Edit. The Edit Interface dialog box appears with three tabs: General, Advanced, and IPv6.

Step 4 Click the IPv6 tab.

Step 5 In the NS Interval field, enter the time interval.

Step 6 Click OK.

Step 7 Click Apply to save the configuration.


Feature History for the Neighbor Solicitation Message Interval

Table 25-2 lists the release history for this feature.

Table 25-2 Feature History for Neighbor Solicitation Message Interval

Feature Name
Releases
Feature Information

Neighbor solicitation message interval

7.0(1)

The feature was introduced.

The ipv6 nd ns-interval command was introduced.


Configuring the Neighbor Reachable Time

This section includes the following topics:

Information About Neighbor Reachable Time

Licensing Requirements for Neighbor Reachable Time

Guidelines and Limitations for Neighbor Reachable Time

Default Settings for the Neighbor Reachable Time

Configuring Neighbor Reachable Time

Feature History for Neighbor Reachable Time

Information About Neighbor Reachable Time

The neighbor reachable time enables detecting unavailable neighbors. Shorter configured times enable detecting unavailable neighbors more quickly, however, shorter times consume more IPv6 network bandwidth and processing resources in all IPv6 network devices. Very short configured times are not recommended in normal IPv6 operation.

Licensing Requirements for Neighbor Reachable Time

The following table shows the licensing requirements for this feature:

Model
License Requirement

All models

Base License.


Guidelines and Limitations for Neighbor Reachable Time

This section includes the guidelines and limitations for this feature.

Context Mode Guidelines

Supported in single and multiple context mode.

Firewall Mode Guidelines

Supported in routed mode only. Transparent mode is not supported.

Additional Guidelines and Limitations

The interval value is included in all IPv6 router advertisements sent out this interface.

The configured time enables detecting unavailable neighbors. Shorter configured times enable detecting unavailable neighbors more quickly; however, shorter times consume more IPv6 network bandwidth and processing resources in all IPv6 network devices. Very short configured times are not recommended in normal IPv6 operation.

Default Settings for the Neighbor Reachable Time

Table 25-3 lists the default settings for neighbor reachable time parameters.

Table 25-3 Default Neighbor Reachable Time Parameters 

Parameters
Default

value (time mode is reachable)

The default is 0.


Configuring Neighbor Reachable Time

The neighbor reachable time enables detecting unavailable neighbors. Shorter configured times enable detecting unavailable neighbors more quickly; however, shorter times consume more IPv6 network bandwidth and processing resources in all IPv6 network devices. Very short configured times are not recommended in normal IPv6 operation.

Valid time values range from 0 to 3600000 milliseconds. The default is 0; however, when you use 0, the reachable time is sent as undetermined. It is up to the receiving devices to set and track the reachable time value.

To configure the amount of time that a remote IPv6 node is considered reachable after a reachability confirmation event has occurred, perform the following steps:


Step 1 Choose Configuration > Device Setup > Interfaces.

Step 2 Choose the interface for which you want to configure the time. The interface must have been configured with an IPv6 address. For more information, see the "Configuring IPv6 Addresses on an Interface" section.

Step 3 Click Edit. The Edit Interface dialog box appears with three tabs: General, Advanced, and IPv6.

Step 4 Click the IPv6 tab.

Step 5 In the Reachable Time field, enter a valid value.

Step 6 Click OK.

Step 7 Click Apply to save the configuration.


Configuring DAD Settings

Duplicate Address Detection (DAD) settings are part of the Neighbor Discovery configuration. DAD verifies the uniqueness of new unicast IPv6 addresses before they are assigned and ensures that duplicate IPv6 addresses are detected in the network on a link basis.

To specify DAD settings on the interface, perform the following steps:


Step 1 Enter the number of allowed DAD attempts. This setting configures the number of consecutive neighbor solicitation messages that are sent on an interface while DAD is performed on IPv6 addresses. Valid values are from 0 to 600. A zero value disables DAD processing on the specified interface. The default is one message.

Step 2 Enter the neighbor solicitation message interval. The neighbor solicitation message requests the link-layer address of a target node. Valid values are from 1000 to 3600000 milliseconds. The default is 1000 milliseconds.

Step 3 Enter the amount of time in seconds that a remote IPv6 node is considered reachable after a reachability confirmation event has occurred. Valid values are from 1000 to 3600000 milliseconds. The default is zero. A configured time enables the detection of unavailable neighbors. Shorter times enable detection more quickly; however, very short configured times are not recommended in normal IPv6 operation.

Step 4 Enter the amount of time that IPv6 router advertisement transmissions are considered valid. Valid values are from 3 to 1800 seconds. The default is 200 seconds. Router advertisement transmissions include a preference level and a lifetime field for each advertised router address. These transmissions provide route information and indicate that the router is still operational to network hosts. By default, these transmissions are sent every 400 to 600 seconds.

Step 5 Enter the interval between IPv6 router advertisement transmissions. Valid values are from 3 to 1800 seconds. The default is 200 seconds. To have the router advertisement transmission interval be listed in milliseconds, check the RA Interval in Milliseconds check box.

Step 6 To allow the generation of addresses for hosts, make sure that the Suppress RA check box is unchecked. This is the default setting if IPv6 unicast routing is enabled. To prevent the generation of IPv6 router advertisement transmissions, check the Suppress RA check box.

Step 7 To continue, see the "Configuring IPv6 Addresses on an Interface" section.


Configuring IPv6 Addresses on an Interface

To configure IPv6 addresses on an interface, perform the following steps:


Step 1 If you have not configured any IPv6 addresses with the CLI, to enable IPv6 addressing, check the Enable IPv6 check box.

Step 2 To make sure that the source addresses of IPv6 packets received on that interface are verified according to the source MAC addresses to ensure that the interface identifiers use the modified EUI-64 format, check the Enforce EUI-64 check box. If the interface identifiers do not conform to the modified EUI-64 format, an error message appears.

Step 3 If you are not going to assign any other IPv6 addresses, to set the link-local address manually, enter an address in the Link-local address field. A link-local address should start with FE8, FE9, FEA, or FEB, for example fe80::20d:88ff:feee:6a82. Alternatively, click the ellipsis to choose a link-local address from the Browse Link-local address dialog box.

Step 4 After you have selected the link-local address, click OK to return to the IPv6 tab.

The selected link-local address appears in the Link-local address field.

Step 5 To enable address autoconfiguration, check the Enable address autoconfiguration check box. During the stateless autoconfiguration process, duplicate address detection (DAD) verifies the uniqueness of new unicast IPv6 addresses before the addresses are assigned to interfaces (the new addresses remain in a tentative state while duplicate address detection is performed). Duplicate address detection is performed first on the new link-local address. When the link local address is verified as unique, then duplicate address detection is performed all the other IPv6 unicast addresses on the interface. For more information about DAD, see the "Configuring DAD Settings" section.

Step 6 In the Interface IPv6 Addresses area, click Add.

The Add IPv6 Address for Interface dialog box appears.

Step 7 (Optional) Check the EUI-64 check box.

Step 8 Click OK to save your settings.

The Interface IPv6 Addresses Address field appears with the modified EUI-64 address.


Note You cannot use IPv6 addresses for the failover LAN and state links. For more information, see the "Configuring Failover with the High Availability and Scalability Wizard" section on page 59-2.


Step 9 To continue, see the "Configuring IPv6 Prefixes on an Interface" section.


Configuring IPv6 Prefixes on an Interface

To configure IPv6 prefixes on an interface, perform the following steps:


Step 1 In the Interface IPv6 Prefixes area, click Add.

The Add IPv6 Prefix for Interface dialog box appears.

Step 2 Enter the IPv6 address with the prefix length.

Step 3 (Optional) To configure the IPv6 address manually, check the No Auto-Configuration check box. This setting indicates to hosts on the local link that the specified prefix cannot be used for IPv6 autoconfiguration.

Step 4 (Optional) To indicate that the IPv6 prefix is not advertised, check the No Advertisements check box.

Step 5 (Optional) The Off Link check box indicates that the specified prefix is assigned to the link. Nodes sending traffic to addresses that contain the specified prefix consider the destination to be locally reachable on the link. This prefix should not be used for on-link determination.

Step 6 In the Prefix Lifetime area, click the Lifetime Duration radio button, and specify the following:

a. A valid lifetime for the prefix in seconds from the drop-down list. This setting is the amount of time that the specified IPv6 prefix is advertised as being valid. The maximum value represents infinity. Valid values are from 0 to 4294967295. The default is 2592000 (30 days).

b. A preferred lifetime for the prefix from the drop-down list. This setting is the amount of time that the specified IPv6 prefix is advertised as being preferred. The maximum value represents infinity. Valid values are from 0 to 4294967295. The default setting is 604800 (seven days).

Step 7 To define a prefix lifetime expiration date, click the Lifetime Expiration Date radio button, and specify the following:

a. Choose a valid month and day from the drop-down list, and then enter a time in hh:mm format.

b. Choose a preferred month and day from the drop-down list, and then enter a time in hh:mm format.

Step 8 Click OK to save your settings.

The Interface IPv6 Prefixes Address field appears with the preferred and valid dates.


Feature History for Neighbor Reachable Time

Table 25-4 lists the release history for this feature.

Table 25-4 Feature History for Neighbor Reachable Time

Feature Name
Releases
Feature Information

Neighbor solicitation message interval

7.0(1)

The feature was introduced.

 


Configuring Router Advertisement Messages

An adaptive security appliance can participate in router advertisements so that neighboring devices can dynamically learn a default router address.

This section includes the following topics:

Information About Router Advertisement Messages

Configuring the Router Advertisement Transmission Interval

Configuring the Router Lifetime Value

Configuring the IPv6 Prefix

Suppressing Router Advertisement Messages

Information About Router Advertisement Messages

An adaptive security appliance can participate in router advertisements so that neighboring devices can dynamically learn a default router address. Router advertisement messages (ICMPv6 Type 134) are periodically sent out each IPv6 configured interface of the adaptive security appliance. The router advertisement messages are sent to the all-nodes multicast address.

Figure 25-2 IPv6 Neighbor Discovery—Router Advertisement Message

Router advertisement messages typically include the following information:

One or more IPv6 prefix that nodes on the local link can use to automatically configure their IPv6 addresses.

Lifetime information for each prefix included in the advertisement.

Sets of flags that indicate the type of autoconfiguration (stateless or stateful) that can be completed.

Default router information (whether the router sending the advertisement should be used as a default router and, if so, the amount of time (in seconds) the router should be used as a default router).

Additional information for hosts, such as the hop limit and MTU a host should use in packets that it originates.

The amount of time between neighbor solicitation message retransmissions on a given link.

The amount of time a node considers a neighbor reachable.

Router advertisements are also sent in response to router solicitation messages (ICMPv6 Type 133). Router solicitation messages are sent by hosts at system startup so that the host can immediately autoconfigure without needing to wait for the next scheduled router advertisement message. Because router solicitation messages are usually sent by hosts at system startup, and the host does not have a configured unicast address, the source address in router solicitation messages is usually the unspecified IPv6 address (0:0:0:0:0:0:0:0). If the host has a configured unicast address, the unicast address of the interface sending the router solicitation message is used as the source address in the message. The destination address in router solicitation messages is the all-routers multicast address with a scope of the link. When a router advertisement is sent in response to a router solicitation, the destination address in the router advertisement message is the unicast address of the source of the router solicitation message.

You can configure the following settings for router advertisement messages:

The time interval between periodic router advertisement messages.

The router lifetime value, which indicates the amount of time IPv6 nodes should consider the adaptive security appliance to be the default router.

The IPv6 network prefixes in use on the link.

Whether or not an interface transmits router advertisement messages.

Unless otherwise noted, the router advertisement message settings are specific to an interface and are entered in interface configuration mode. See the following topics for information about changing these settings:

Configuring the Router Advertisement Transmission Interval

Configuring the Router Lifetime Value

Configuring the IPv6 Prefix

Suppressing Router Advertisement Messages

Configuring the Router Advertisement Transmission Interval

This section shows how to configure the interval between IPv6 router advertisement transmissions on an interface and includes the following topics:

Licensing Requirements for Router Advertisement Transmission Interval

Guidelines and Limitations for the Router Advertisement Transmission Interval

Default Settings for Router Advertisement Transmission Interval

Configuring Router Advertisement Transmission Interval

Feature History for the Router Advertisement Transmission Interval

Licensing Requirements for Router Advertisement Transmission Interval

The following table shows the licensing requirements for this feature:

Model
License Requirement

All models

Base License.


Guidelines and Limitations for the Router Advertisement Transmission Interval

This section includes the guidelines and limitations for this feature.

Context Mode Guidelines

Supported in single and multiple context mode.

Firewall Mode Guidelines

Supported in routed mode only. Transparent mode is not supported.

Additional Guidelines and Limitations

The interval between transmissions should be less than or equal to the IPv6 router advertisement lifetime if the adaptive security appliance is configured as a default router. To prevent synchronization with other IPv6 nodes, randomly adjust the actual value used to within 20 percent of the specified value.

Default Settings for Router Advertisement Transmission Interval

Table 25-5 lists the default settings for neighbor reachable time parameters.

Table 25-5 Default Router Advertisement Transmission Interval Parameters 

Parameters
Default

value (interval between transmissions)

The default is 200 seconds.


Configuring Router Advertisement Transmission Interval

By default, router advertisements are sent out every 200 seconds. Valid values range from 3 to 1800 seconds.

The interval between transmissions should be less than or equal to the IPv6 router advertisement lifetime if the adaptive security appliance is configured as a default router. For more information, see the "Configuring the Router Lifetime Value" section. To prevent synchronization with other IPv6 nodes, randomly adjust the actual value used to within 20 percent of the desired value.

To change the interval between router advertisement transmissions on an interface, perform the following steps:


Step 1 Choose Configuration > Device Setup > Interfaces.

Step 2 Select the interface for which you want to configure the time.

The interface must have been configured with an IPv6 address. For more information, see the "Configuring IPv6 Addresses on an Interface" section.

Step 3 Click Edit. The Edit Interface dialog box appears with three tabs: General, Advanced, and IPv6.

Step 4 Click the IPv6 tab.

Step 5 In the RA Interval field, enter a valid transmission interval value.


Note (Optional) To add a router advertisement transmission interval value in milliseconds instead, check the RA Interval in Milliseconds check box, and enter a value from 500 to 1800000.


Step 6 Click OK.

Step 7 Click Apply to save the configuration.


Feature History for the Router Advertisement Transmission Interval

Table 25-6 lists the release history for this feature.

Table 25-6 Feature History for Router Advertisement Transmission Interval

Feature Name
Releases
Feature Information

Router advertisement transmission interval

7.0(1)

The feature was introduced.

 


Configuring the Router Lifetime Value

This section shows how to configure the interval between IPv6 router advertisement transmissions on an interface and includes the following topics:

Licensing Requirements for the Router Lifetime Value

Guidelines and Limitations for the Router Lifetime Value

Default Settings for the Router Lifetime Value

Configuring the Router Lifetime Value

Feature History for the Router Lifetime Value

Licensing Requirements for the Router Lifetime Value

The following table shows the licensing requirements for this feature:

Model
License Requirement

All models

Base License.


Guidelines and Limitations for the Router Lifetime Value

This section includes the guidelines and limitations for this feature.

Context Mode Guidelines

Supported in single and multiple context mode.

Firewall Mode Guidelines

Supported in routed mode only. Transparent mode is not supported.

Additional Guidelines and Limitations

The interval between transmissions should be less than or equal to the IPv6 router advertisement lifetime if the adaptive security appliance is configured as a default router. To prevent synchronization with other IPv6 nodes, randomly adjust the actual value used to within 20 percent of the specified value.

Default Settings for the Router Lifetime Value

Table 25-7 lists the default settings for neighbor reachable time parameters.

Table 25-7 Default Router Advertisement Transmission Interval Parameters 

Parameters
Default

value (interval between transmissions)

The default is 200 seconds.


Configuring the Router Lifetime Value

The router lifetime value specifies how long nodes on the local link should consider the adaptive security appliance as the default router on the link. Valid values range from 0 to 9000 seconds. The default is 1800 seconds. Entering 0 indicates that the adaptive security appliance should not be considered a default router on the selected interface.

To configure the router lifetime value in IPv6 router advertisements on an interface, perform the following steps:


Step 1 Choose Configuration > Device Setup > Interfaces.

Step 2 Select the interface for which you want to configure the lifetime value.

The interface must have been configured with an IPv6 address. For more information see the "Configuring IPv6 Addresses on an Interface" section.

Step 3 Click Edit.

The Edit Interface dialog box appears with three tabs: General, Advanced, and IPv6.

Step 4 Click the IPv6 tab.

Step 5 In the RA Lifetime field, enter a valid lifetime value.

Step 6 Click OK.

Step 7 Click Apply to save the configuration.


Feature History for the Router Lifetime Value

Table 25-8 lists the release history for this feature.

Table 25-8 Feature History for Router Advertisement Transmission Interval

Feature Name
Releases
Feature Information

Router advertisement transmission interval

7.0(1)

The feature was introduced.

 


Configuring the IPv6 Prefix

Stateless autoconfiguration uses IPv6 prefixes provided in router advertisement messages to create the global unicast address from the link-local address. The prefix advertisement can be used by neighboring devices to autoconfigure their interface addresses. You can configure which IPv6 prefixes ar e included in IPv6 router advertisements.

This section shows how to configure IPv6 prefixes and includes the following topics:

Licensing Requirements for IPv6 Prefixes

Guidelines and Limitations for IPv6 Prefixes

Default Settings for IPv6 Prefixes

Configuring IPv6 Prefixes

Licensing Requirements for IPv6 Prefixes

The following table shows the licensing requirements for this feature:

Model
License Requirement

All models

Base License.


Guidelines and Limitations for IPv6 Prefixes

This section includes the guidelines and limitations for this feature.

Context Mode Guidelines

Supported in single and multiple context mode.

Firewall Mode Guidelines

Supported in routed mode only. Transparent mode is not supported.

Additional Guidelines and Limitations

A date can be set to specify the expiration of a prefix. The valid and preferred lifetimes are counted down in real time. When the expiration date is reached, the prefix will no longer be advertised.

When onlink is on (by default), the specified prefix is assigned to the link. Nodes sending traffic to such addresses that contain the specified prefix consider the destination to be locally reachable on the link.

When autoconfig is on (by default), it indicates to hosts on the local link that the specified prefix can be used for IPv6 autoconfiguration.

For stateless autoconfiguration to work correctly, the advertised prefix length in router advertisement messages must always be 64 bits.

Default Settings for IPv6 Prefixes

Table 25-9 lists the default settings for neighbor reachable time parameters.

Table 25-9 Default for IPv6 Prefixes Parameters 

Parameters
Default

prefix lifetime

The default lifetime is 2592000 seconds (30 days) and a preferred lifetime is 604800 seconds (7 days).

on-link flag

The flag is on by default, which means that the prefix is used on the advertising interface.

autoconfig flag

The flag is on by default, which means that the prefix is used for autoconfiguration.


Configuring IPv6 Prefixes

To configure IPv6 prefixes on an interface, perform the following steps:


Step 1 In the Interface IPv6 Prefixes area, click Add.

The Add IPv6 Prefix for Interface dialog box appears.

Step 2 Enter the IPv6 address with the prefix length.

Step 3 (Optional) To configure the IPv6 address manually, check the No Auto-Configuration check box. This setting indicates to hosts on the local link that the specified prefix cannot be used for IPv6 autoconfiguration.

Step 4 (Optional) To indicate that the IPv6 prefix is not advertised, check the No Advertisements check box.

Step 5 (Optional) The Off Link check box indicates that the specified prefix is assigned to the link. Nodes sending traffic to addresses that contain the specified prefix consider the destination to be locally reachable on the link. This prefix should not be used for on-link determination.

Step 6 In the Prefix Lifetime area, click the Lifetime Duration radio button, and specify the following:

a. A valid lifetime for the prefix in seconds from the drop-down list. This setting is the amount of time that the specified IPv6 prefix is advertised as being valid. The maximum value represents infinity. Valid values are from 0 to 4294967295. The default is 2592000 (30 days).

b. A preferred lifetime for the prefix from the drop-down list. This setting is the amount of time that the specified IPv6 prefix is advertised as being preferred. The maximum value represents infinity. Valid values are from 0 to 4294967295. The default setting is 604800 (seven days).

Step 7 To define a prefix lifetime expiration date, click the Lifetime Expiration Date radio button, and specify the following:

a. Choose a valid month and day from the drop-down list, and then enter a time in hh:mm format.

b. Choose a preferred month and day from the drop-down list, and then enter a time in hh:mm format.

Step 8 Click OK to save your settings.

The Interface IPv6 Prefixes Address field appears with the preferred and valid dates.


Suppressing Router Advertisement Messages

By default, router advertisement messages are automatically sent in response to router solicitation messages. You may want to disable these messages on any interface for which you do not want the adaptive security appliance to supply the IPv6 prefix (for example, the outside interface).

This section shows how to suppress IPv6 router advertisement transmissions on an interface and includes the following topics:

Licensing Requirements for Suppressing Router Advertisement Messages

Guidelines and Limitations for Suppressing Router Advertisement Messages

Default Settings for Suppressing Router Advertisement Messages

Suppressing Router Advertisement Messages

Feature History for Suppressing Router Advertisement Messages

Licensing Requirements for Suppressing Router Advertisement Messages

The following table shows the licensing requirements for this feature:

Model
License Requirement

All models

Base License.


Guidelines and Limitations for Suppressing Router Advertisement Messages

This section includes the guidelines and limitations for this feature.

Context Mode Guidelines

Supported in single and multiple context mode.

Firewall Mode Guidelines

Supported in routed mode only. Transparent mode is not supported.

Additional Guidelines and Limitations

The router lifetime value is included in all IPv6 router advertisements sent out the interface. The value indicates the usefulness of the adaptive security appliance as a default router on this interface.

Setting the value to a non-zero value indicates that the adaptive security appliance should be considered a default router on this interface. The no-zero value for the router lifetime value should not be less than the router advertisement interval.

Default Settings for Suppressing Router Advertisement Messages

Table 25-10 lists the default settings for neighbor reachable time parameters.

Table 25-10 Default for Suppressing Router Advertisement Parameters 

Parameters
Default

router lifetime

The default lifetime is 1800 seconds. Setting the value to 0 indicates that the adaptive security appliance should not be considered a default router on this interface.


Suppressing Router Advertisement Messages

To suppress IPv6 router advertisement transmissions on an interface, perform the following steps:


Step 1 Choose Configuration > Device Setup > Interfaces.

Step 2 Select the interface for which you want to configure the lifetime value. The interface must have been configured with an IPv6 address. For more information, see the "Configuring IPv6 Addresses on an Interface" section.

Step 3 Click Edit.

The Edit Interface dialog box appears with three tabs: General, Advanced, and IPv6.

Step 4 Click the IPv6 tab.

Step 5 Check the Suppress RA check box.

Step 6 Verify that the router advertisement message is suppressed on the interface that is configured for the IPv6 address.


Feature History for Suppressing Router Advertisement Messages

Table 25-11 lists the release history for this feature.

Table 25-11 Feature History for Suppressing Router Advertisement Messages

Feature Name
Releases
Feature Information

Suppressing router advertisement messages

7.0(1)

The feature was introduced.

The ipv6 nd ra-lifetime command was introduced.


Configuring a Static IPv6 Neighbor

This section includes the following topics:

Information About a Static IPv6 Neighbor

Licensing Requirements for Static IPv6 Neighbor

Guidelines and Limitations

Default Settings

Configuring a Static IPv6 Neighbor

Feature History for Configuring a Static IPv6 Neighbor

Information About a Static IPv6 Neighbor

You can manually define a neighbor in the IPv6 neighbor cache. If an entry for the specified IPv6 address already exists in the neighbor discovery cache—learned through the IPv6 neighbor discovery process—the entry is automatically converted to a static entry. Static entries in the IPv6 neighbor discovery cache are not modified by the neighbor discovery process

Licensing Requirements for Static IPv6 Neighbor

The following table shows the licensing requirements for this feature:

Model
License Requirement

All models

Base License.


Guidelines and Limitations

This section includes the guidelines and limitations for this feature.

Context Mode Guidelines

Supported in single and multiple context mode.

Firewall Mode Guidelines

Supported in routed mode only. Transparent mode is not supported.

Default Settings

Table 25-12 lists the default settings for static IPv6 neighbor parameters.

Table 25-12 Default Static IPv6 Neighbor Parameters 

Parameters
Default

Static IPv6 neighbor

Static entries are not configured in the IPv6 neighbor discovery cache.


Configuring a Static IPv6 Neighbor

Make sure that IPv6 is enabled on at least one interface before trying to add a neighbor, or ASDM returns an error message indicating that the configuration failed. For information about configuring IPv6 on an interface, see the "Configuring IPv6 Addresses on an Interface" section.

To add an IPv6 static neighbor, perform the following steps:


Step 1 Choose Configuration > Device Management > Advanced > IPv6 Neighbor Discovery Cache.

Step 2 Click Add.

The Add IPv6 Static Neighbor dialog box appears.

Step 3 From the Interface Name drop-down list, choose an interface on which to add the neighbor.

Step 4 In the IP Address field, enter the IPv6 address that corresponds to the local data-link address, or click the ellipsis (...) to browse for an address.

If an entry for the specified IPv6 address already exists in the neighbor discovery cache—learned through the IPv6 neighbor discovery process—the entry is automatically converted to a static entry.

Step 5 In the MAC address field, enter the local data-line (hardware) MAC address.

Step 6 Click OK.


Note Before you apply the changes and save the configuration, you can click Reset to cancel any changes and restore the original values.


Step 7 Click Apply to save the configuration.


Editing Static Neighbors

To edit a static neighbor that is defined in your configuration, perform the following steps:


Step 1 Choose Configuration > Device Management > Advanced > IPv6 Neighbor Discovery Cache.

Step 2 Select the neighbor from the main pane, and click Edit.

The Edit IPv6 Static Neighbor dialog box appears.

Step 3 Enter all necessary changes, and click OK.

Step 4 Click Apply to save the changes to your configuration.


Deleting Static Neighbors

To delete a static neighbor from your configuration, perform the following steps:


Step 1 Choose Configuration > Device Management > Advanced > IPv6 Neighbor Discovery Cache.

Step 2 Select the neighbor to delete from the main pane, and click Delete.

The selected neighbor is removed from the list.

Step 3 Click Apply to save the change to your current configuration.


Note Before you apply the changes and permanently delete the neighbor from your configuration, you can click Reset to restore the original values.



Feature History for Configuring a Static IPv6 Neighbor

Table 25-13 lists the release history for this feature.

Table 25-13 Feature History for Configuring a Static IPv6 Neighbor

Feature Name
Releases
Feature Information

Static IPv6 Neighbor

7.0(1)

The feature was introduced.