IPv6 Commands: ipv6 mo to ipv6 ospf da

ipv6 mobile home-agent (global configuration)

To enter home agent configuration mode, use the ipv6 mobile home-agent command in global configuration mode. To reset to the default settings of the command, use the no form of this command.

ipv6 mobile home-agent

no ipv6 mobile home-agent

Syntax Description

This command has no arguments or keywords.

Command Default

Mobile IPv6 home agent is disabled.

Command Modes


Global configuration

Command History

Release

Modification

12.3(14)T

This command was introduced.

Usage Guidelines

Use the ipv6 mobile home-agent command to enter home agent configuration mode. Once in home agent configuration mode, you can configure binding parameters using the binding command. Once an interface is configured to provide the home-agent service, the ipv6 mobile home-agent global configuration command automatically appears in the global configuration.

The home agent service needs to be started on each interface using the ipv6 mobile home-agent command in interface configuration mode. The ipv6 mobile home-agent command in global configuration mode does not start home agent service on an interface.

Examples

In the following example, the user enters home agent configuration mode:


Router(config)# ipv6 mobile home-agent
Router(config-ha)#

ipv6 mobile home-agent (interface configuration)

To initialize and start the Mobile IPv6 home agent on a specific interface, use the ipv6 mobile home-agent command in interface configuration mode. To discard bindings and any interface parameter settings, and to terminate home agent operation on a specific interface, use the no form of this command.

ipv6 mobile home-agent [preference preference-value]

no ipv6 mobile home-agent

Syntax Description

preference preference-value

(Optional) Configures the Mobile IPv6 home agent preference value on a specified interface. The preference-value argument is an integer to be configured for preference in the home agent information option. The range is from 0 to 65535. The default preference value is 0.

Command Default

Mobile IPv6 home agent is disabled. The default preference value is 0.

Command Modes


Interface configuration

Command History

Release

Modification

12.3(14)T

This command was introduced.

Usage Guidelines

Before you enable the ipv6 mobile home-agent (interface configuration) command on an interface, you should configure common parameters using the binding command. Once an interface is configured to run the home agent feature, the ipv6 mobile home-agent command in global configuration mode automatically appears in the global configuration.

Once enabled, the ipv6 mobile home-agent (interface configuration) command cannot be disabled if there is a home agent configured on at least one of the interfaces. If there is no home agent service on any interfaces, the no form of the command disables home agent capability from the router.

To configure the home agent preference value, use the optional preference preference-value keyword and argument. A preference value is a 16-bit signed integer used by the home agent sending a router advertisement. The preference value orders the addresses returned to the mobile node in the home agent addresses field of a home agent address discovery reply message. The higher the preference value, the more preferable is the home agent.

If a preference value is not included in a router advertisement, the default value is 0. Values greater than 0 indicate a home agent more preferable than this default value.

Examples

In the following example, the user initializes and starts Mobile IPv6 agent on Ethernet interface 2:


Router(config)# interface Ethernet 2
Router(config-if)# ipv6 mobile home-agent

In the following example, the home agent preference value is set to 10:


Router(config-if)# ipv6 mobile home-agent preference 10

ipv6 mobile router

To enable IPv6 network mobility (NEMO) functionality on a router and place the router in IPv6 mobile router configuration mode, use the ipv6 mobile router command in global configuration mode. To disable NEMO functionality on the router, use the no form of the command.

ipv6 mobile router

no ipv6 mobile router

Syntax Description

This command has no arguments or keywords.

Command Default

NEMO functionality is not enabled.

Command Modes


Global configuration (config)

Command History

Release

Modification

12.4(20)T

This command was introduced.

Usage Guidelines

The mobile router is a router that operates as a mobile node. The mobile router can roam from its home network and still provide connectivity for devices on its networks. The mobile networks are locally attached to the router.

Examples

In the following example, the mobile router is enabled:


Router(config)# ipv6 mobile router

ipv6 mobile router-service roam

To enable the IPv6 mobile router interface to roam, use the ipv6 mobile router-service roam command in interface configuration mode. To disable roaming, use the no form of this command.

ipv6 mobile router-service roam [bandwidth-efficient | cost-efficient | priority value]

no ipv6 mobile router-service roam

Syntax Description

bandwidth-efficient

(Optional) Enables the mobile router to use the largest configured lifetime value.

cost-efficient

(Optional) Prevents a binding update unless a dialup link is up and a valid care-of address is available.

priority value

(Optional) Priority value that is compared among multiple configured interfaces to select the interface in which to send the registration request. When multiple interfaces have highest priority, the highest bandwidth is the preferred choice. When multiple interfaces have the same bandwidth, the interface with the highest IPv6 address is preferred. The range is from 0 to 255; the default is 100. Lower values equate to a higher priority.

Command Default

Roaming is not enabled.

Command Modes


Interface configuration (config-if)

Command History

Release

Modification

12.4(20)T

This command was introduced.

Usage Guidelines

The mobile router discovers home agents and foreign agents by receiving agent advertisements.

The bandwidth-efficient keyword enables the mobile router to use the largest configured lifetime value, even when the home agent recommends a shorter lifetime in a binding refresh advice message. This option can be used when the bandwidth is expensive.

Examples

The following example shows how to enable roaming for the IPv6 mobile router interface:


Router(config-if)# ipv6 mobile router-service roam

ipv6 mode host unicast

To disable IPv6 routing services and inhibit forwarding on an interface in the network, use the ipv6 mode host unicast command in interface configuration mode.

ipv6 mode host unicast

no ipv6 mode host unicast

Syntax Description

This command has no arguments or keywords

Command Default

Command Modes


Interface configuration (config-if)

Command History

Release

Modification

Prior to Cisco IOS 15.4(2)S

This command was introduced.

Cisco IOS 15.4(2)S

This command was deprecated.

Usage Guidelines

Ensure that the routing services on interfaces that forward IPv6 traffic is enabled.

Examples

The following example shows to configure how a specific route entries change when many parameters is monitored:

Device> enable
Device# configure terminal
Device(config)# interface Serial0/0
Device(config-if)# ipv6 mode host unicast

ipv6 mtu

To set the maximum transmission unit (MTU) size of IPv6 packets transmitted on an interface, use the ipv6 mtu command in interface configuration mode. To restore the default MTU size, use the no form of this command.

ipv6 mtu bytes

no ipv6 mtu bytes

Syntax Description

bytes

MTU in bytes.

Command Default

The default MTU value depends on the interface medium, but the minimum for any interface is 1280 bytes.

Command Modes


Interface configuration (config-if)

Command History

Release

Modification

Cisco IOS 12.2(2)T

This command was introduced.

Cisco IOS 12.0(21)ST

This command was integrated into Cisco IOS Release 12.0(21)ST.

Cisco IOS 12.0(22)S

This command was integrated into Cisco IOS Release 12.0(22)S.

Cisco IOS 12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

Cisco IOS 12.2(28)SB

This command was integrated into Cisco IOS Release 12.2(28)SB.

Cisco IOS 12.2(25)SG

This command was integrated into Cisco IOS Release 12.2(25)SG.

Cisco IOS 12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Cisco IOS 12.2(33)SXH

This command was integrated into Cisco IOS Release 12.2(33)SXH.

Cisco IOS XE 3.10S

This command was modified. The range for bytes argument was extended to 9676 for loopback interfaces.

Usage Guidelines

If a nondefault value is configured for an interface, an MTU option is included in router advertisements.

IPv6 routers do not fragment forwarded IPv6 packets. Traffic originating from IPv6 routers may be fragmented.

All devices on a physical medium must have the same protocol MTU in order to operate.

In addition to the “IPv6 MTU value” (set by using the ipv6 mtu command), interfaces also have a nonprotocol-specific “MTU value”.


Note


The MTU value configured by using the ipv6 mtu interface configuration command must not be less than 1280 bytes.


The MTU value configured depends on the type of interface. On a loopback interface, the MTU size can be a maximum of 9676 bytes.

Examples

The following example sets the maximum IPv6 packet size for serial interface 0/1 to 2000 bytes:


Device(config)# interface serial 0/1
Device(config-if)# ipv6 mtu 2000

ipv6 multicast aaa account receive

To enable authentication, authorization, and accounting (AAA) accounting on specified groups or channels, use the ipv6 multicast aaa account receive command in interface configuration mode. To disable AAA accounting, use the no form of this command.

ipv6 multicast aaa account receive access-list-name [throttle throttle-number]

no ipv6 multicast aaa account receive

Syntax Description

access-list-name

Access list to specify which groups or channels are to have AAA accounting enabled.

throttle

(Optional) Limits the number of records sent during channel surfing. No record is sent if a channel is viewed for less than a specified, configurable period of time.

throttle-number

(Optional) Throttle or surfing interval, in seconds.

Command Default

No AAA accounting is performed on any groups or channels.

Command Modes


Interface configuration

Command History

Release

Modification

12.4(4)T

This command was introduced.

Usage Guidelines


Note


Including information about IPv6 addresses in accounting and authorization records transmitted between the router and the RADIUS or TACACS+ server is supported. However, there is no support for using IPv6 to communicate with that server. The server must have an IPv4 address.


Use the ipv6 multicast aaa account receive command to enable AAA accounting on specific groups or channels and to set throttle interval limits on records sent during channel surfing.

Examples

The following example enables AAA accounting using an access list named list1:


Router(config-if)# ipv6 multicast aaa account receive list1

ipv6 multicast boundary

To configure an IPv6 multicast boundary on the interface for a specified scope, use the ipv6 multicast boundary command in interface configuration mode. To disable this feature, use the no form of this command.

ipv6 multicast boundary block source

no ipv6 multicast boundary block source

ipv6 multicast boundary scope scope-value

no ipv6 multicast boundary scope scope-value

Syntax Description

block source

Blocks the source of all incoming multicast traffic on an interface.

scope scope-value

Specifies the boundary for a particular scope.

The scope value can be one of the following:

  • Link-local address

  • Subnet-local address

  • Admin-local address

  • Site-local address

  • Organization-local

  • Virtual Private Network (VPN)

  • Scope number, which is from 2 through 15

Command Default

Multicast boundary is not configured on the interface.

Command Modes

Interface configuration (config-if)  

Command History

Release

Modification

Cisco IOS 12.3(14)T

This command was introduced.

Cisco IOS 12.2(18)SXE

This command was integrated into Cisco IOS Release 12.2(18)SXE.

Cisco IOS XE 3.13S

This command was modified. The block and source keywords were added.

Usage Guidelines

Use the ipv6 multicast boundary block source command to block all incoming multicast traffic on an interface. However, this command allows the multicast traffic to flow out on the interface and allows any reserved multicast packets to flow in on the interface. This command is primarily used at first-hop routers to prevent local hosts from functioning as multicast sources.

If the ipv6 multicast boundary scope command is configured for a particular scope on the Reverse Path Forwarding (RPF) interface, then packets are not accepted on that interface for groups that belong to scopes that are less than or equal to the one that is configured. Protocol Independent Multicast (PIM) join/prune messages for those groups are not sent on the RPF interface. The effect of the scope is verified by checking the output of the show ipv6 mrib route command. The output does not show the RPF interface with Accept flag.

If the ipv6 multicast boundary scope command is configured for a particular scope on an interface in the outgoing interface list, packets are not forwarded for groups that belong to scopes that are less than or equal to the one configured.

Protocol Independent Multicast (PIM) join/prune (J/P) messages are not processed when it is received on the interface for groups that belong to scopes that are less than or equal to the one configured. Registers and bootstrap router (BSR) messages are also filtered on the boundary.

Examples

The following example shows how to block the source of all incoming multicast traffic on the interface:
Device> enable
Device# configure terminal
Device(config)# int GigabitEthernet0/0/0
Device(config-if)# ipv6 multicast boundary block source

The following example sets the scope value to be a scope number of 6:


ipv6 multicast boundary scope 6

ipv6 multicast group-range

To disable multicast protocol actions and traffic forwarding for unauthorized groups or channels on all the interfaces in a router, use the ipv6 multicast group-range command in global configuration mode. To return to the command’s default settings, use the no form of this command.

ipv6 multicast [vrf vrf-name] group-range [access-list-name]

no ipv6 multicast [vrf vrf-name] group-range [access-list-name]

Syntax Description

vrf vrf-name

(Optional) Specifies a virtual routing and forwarding (VRF) configuration.

access-list-name

(Optional) Name of an access list that contains authenticated subscriber groups and authorized channels that can send traffic to the router.

Command Default

Multicast is enabled for groups and channels permitted by a specified access list and disabled for groups and channels denied by a specified access list.

Command Modes


Global configuration (config)

Command History

Release

Modification

12.4(4)T

This command was introduced.

15.0(1)M

This command was integrated into Cisco IOS Release 15.0(1)M.

12.2(33)SRE

This command was modified. It was integrated into Cisco IOS Release 12.2(33)SRE.

Cisco IOS XE Release 2.6

This command was introduced on Cisco ASR 1000 series routers.

15.1(4)M

The vrf vrf-name keyword and argument were added.

Usage Guidelines

The ipv6 multicast group-range command provides an access control mechanism for IPv6 multicast edge routing. The access list specified by the access-list-name argument specifies the multicast groups or channels that are to be permitted or denied. For denied groups or channels, the router ignores protocol traffic and actions (for example, no Multicast Listener Discovery (MLD) states are created, no mroute states are created, no Protocol Independent Multicast ( PIM) joins are forwarded), and drops data traffic on all interfaces in the system, thus disabling multicast for denied groups or channels.

Using the ipv6 multicast group-range global configuration command is equivalent to configuring the MLD access control and multicast boundary commands on all interfaces in the system. However, the ipv6 multicast group-range command can be overridden on selected interfaces by using the following interface configuration commands:

  • ipv6 mld access-group access-list-name

  • ipv6 multicast boundary scope scope-value

Because the no ipv6 multicast group-range command returns the router to its default configuration, existing multicast deployments are not broken.

Examples

The following example ensures that the router disables multicast for groups or channels denied by an access list named list2:


Router(config)# ipv6 multicast group-range list2

The following example shows that the command in the previous example is overridden on an interface specified by int2:


Router(config)# interface int2
Router(config-if)# ipv6 mld access-group int-list2

On int2, MLD states are created for groups or channels permitted by int-list2 but are not created for groups or channels denied by int-list2. On all other interfaces, the access-list named list2 is used for access control.

In this example, list2 can be specified to deny all or most multicast groups or channels, and int-list2 can be specified to permit authorized groups or channels only for interface int2.

ipv6 multicast limit

To configure per-interface multicast route (mroute) state limiters in IPv6, use the ipv6 multicast limit command in interface configuration mode. To remove the limit imposed by a per-interface mroute state limiter, use the no form of this command.

ipv6 multicast limit [connected | rpf | out] limit-acl max [threshold threshold-value]

no ipv6 multicast limit [connected | rpf | out] limit-acl max [threshold threshold-value]

Syntax Description

connected

(Optional) Limits mroute states created for an Access Control List (ACL)-classified set of multicast traffic on an incoming (Reverse Path Forwarding [RPF]) interface that is directly connected to a multicast source by counting each time that an mroute permitted by the ACL is created or deleted.

rpf

(Optional) Limits the number of mroute states created for an ACL-classified set of multicast traffic on an incoming (RPF) interface by counting each time an mroute permitted by the ACL is created or deleted.

out

(Optional) Limits mroute outgoing interface list membership on an outgoing interface for an ACL-classified set of multicast traffic by counting each time that an mroute list member permitted by the ACL is added or removed.

limit-acl

Name identifying the ACL that defines the set of multicast traffic to be applied to a per-interface mroute state limiter.

max

Maximum number of mroutes permitted by the per interface mroute state limiter. The range is from 0 to 2147483647.

threshold

(Optional) The mCAC threshold percentage.

threshold-value

(Optional) The specified percentage. The threshold notification default is 0%, meaning that threshold notification is disabled.

Command Default

No per-interface mroute state limiters are configured. Threshold notification is set to 0%; that is, it is disabled.

Command Modes


Interface configuration (config-if)

Command History

Release

Modification

12.2(33)SRE

This command was introduced.

Cisco IOS XE Release 2.6

This command was introduced on Cisco ASR 1000 series routers.

Usage Guidelines

Use the ipv6 multicast limit command to configure mroute state limiters on an interface.

For the required limit-acl argument, specify the ACL that defines the IPv6 multicast traffic to be limited on an interface. A standard or extended ACL can be specified.

The ipv6 multicast limit cost command complements the per-interface ipv6 multicast limit command. Once the limit-acl argument is matched in the ipv6 multicast limit command, the access-list argument in the ipv6 multicast limit cost command is checked to see which cost to apply to limited groups. If no cost match is found, the default cost is 1.

The threshold notification for mCAC limit feature notifies the user when actual simultaneous multicast channel numbers exceeds or fall below a specified threshold percentage.

Examples

The following example configures the interface limit on the source router’s outgoing interface Ethernet 1/3:


interface Ethernet1/3
ipv6 address FE80::40:1:3 link-local
 ipv6 address 2001:0DB8:1:1:3/64
 ipv6 multicast limit out acl1 10

ipv6 multicast limit cost

To apply a cost to mroutes that match per-interface mroute state limiters in IPv6, use the ipv6 multicast limit cost command in global configuration mode. To restore the default cost for mroutes being limited by per-interface mroute state limiters, use the no form of this command.

ipv6 multicast [vrf vrf-name] limit cost access-list cost-multiplier

no ipv6 multicast [vrf vrf-name] limit cost access-list cost-multiplier

Syntax Description

vrf vrf-name

(Optional) Specifies a virtual routing and forwarding (VRF) configuration.

access-list

Access Control List (ACL) name that defines the mroutes for which to apply a cost.

cost-multiplier

Cost value applied to mroutes that match the corresponding ACL. The range is from 0 to 2147483647.

Command Default

If the ipv6 multicast limit cost command is not configured or if an mroute that is being limited by a per-interface mroute state limiter does not match any of the ACLs applied to ipv6 multicast limit cost command configurations, a cost of 1 is applied to the mroutes being limited.

Command Modes


Global configuration (config)

Command History

Release

Modification

12.2(33)SRE

This command was introduced.

Cisco IOS XE Release 2.6

This command was introduced on Cisco ASR 1000 series routers.

15.1(4)M

The vrf vrf-name keyword and argument were added.

Usage Guidelines

Use the ipv6 multicast limit cost command to apply a cost to mroutes that match per-interface mroute state limiters (configured with the ipv6 multicast limit command in interface configuration mode). This command is primarily used to provide bandwidth-based Call Admission Control (CAC) in network environments where multicast flows utilize different amounts of bandwidth. Accordingly, when this command is configured, the configuration is usually referred to as a bandwidth-based multicast CAC policy.

The ipv6 multicast limit cost command complements the per-interface ipv6 multicast limit command. Once the limit-acl argument is matched in the ipv6 multicast limit command, the access-list argument in the ipv6 multicast limit cost command is checked to see which cost to apply to limited groups. If no cost match is found, the default cost is 1.

Examples

The following example configures the global limit on the source router.


Router(config)# ipv6 multicast limit cost costlist1 2

ipv6 multicast limit rate

To configure the maximum allowed state globally on the source router, use the ipv6 multicast limit rate command in global configuration mode. To remove the rate value, use the no form of this command.

ipv6 multicast limit rate rate-value

no ipv6 multicast limit rate rate-value

Syntax Description

rate-value

The maximum allowed state on the source router. The range is from 0 through 100.

Command Default

The maximum state is 1.

Command Modes


Global configuration (config)

Command History

Release

Modification

Cisco IOS XE Release 2.6

This command was introduced.

Usage Guidelines

The ipv6 multicast rate limit command is set to a maximum state of 1 message per second. If the default is set to 0, the syslog notification rate limiter is disabled.

Examples

The following example configures the maximum state on the source router:


ipv6 multicast limit rate 2

ipv6 multicast multipath

To enable load splitting of IPv6 multicast traffic across multiple equal-cost paths, use the ipv6 multicast multipath command in global configuration mode. To disable this function, use the no form of this command.

ipv6 multicast [vrf vrf-name] multipath

no ipv6 multicast [vrf vrf-name] multipath

Syntax Description

vrf vrf-name

(Optional) Specifies a virtual routing and forwarding (VRF) configuration.

Command Default

This command is enabled.

Command Modes


Global configuration

Command History

Release

Modification

12.3(7)T

This command was introduced.

12.2(25)S

This command was integrated into Cisco IOS Release 12.2(25)S.

15.1(4)M

The vrf vrf-name keyword and argument were added.

Usage Guidelines

The ipv6 multicast multipath command is enabled by default. In the default scenario, the reverse path forwarding (RPF) neighbor is selected randomly from the available equal-cost RPF neighbors, resulting in the load splitting of traffic from different sources among the available equal cost paths. All traffic from a single source is still received from a single neighbor.

When the no ipv6 multicast multipath command is configured, the RPF neighbor with the highest IPv6 address is chosen for all sources with the same prefix, even when there are other available equal-cost paths.

Because the ipv6 multicast multipath command changes the way an RPF neighbor is selected, it must be configured consistently on all routers in a redundant topology to avoid looping.

Examples

The following example enables load splitting of IPv6 traffic:


Router(config)# ipv6 multicast multipath

ipv6 multicast pim-passive-enable

To enable the Protocol Independent Multicast (PIM) passive feature on an IPv6 router, use the ipv6 multicast pim-passive-enable command in global configuration mode. To disable this feature, use the no form of this command.

ipv6 multicast pim-passive-enable

no ipv6 multicast pim-passive-enable

Syntax Description

This command has no arguments or keywords.

Command Default

PIM passive mode is not enabled on the router.

Command Modes


Global configuration (config)

Command History

Release

Modification

Cisco IOS XE Release 2.6

This command was introduced.

Usage Guidelines

Use the ipv6 multicast pim-passive-enable command to configure IPv6 PIM passive mode on a router. Once PIM passive mode is configured globally, use the ipv6 pim passive command in interface configuration mode to configure PIM passive mode on a specific interface.

Examples

The following example configures IPv6 PIM passive mode on a router:


Router(config)# ipv6 multicast pim-passive-enable

ipv6 multicast-routing

To enable multicast routing using Protocol Independent Multicast (PIM) and Multicast Listener Discovery (MLD) on all IPv6-enabled interfaces of the router and to enable multicast forwarding, use the ipv6 multicast-routing command in global configuration mode. To stop multicast routing and forwarding, use the no form of this command.

ipv6 multicast-routing [vrf vrf-name]

no ipv6 multicast-routing

Syntax Description

vrf vrf-name

(Optional) Specifies a virtual routing and forwarding (VRF) configuration.

Command Default

Multicast routing is not enabled.

Command Modes


Global configuration

Command History

Release

Modification

12.3(2)T

This command was introduced.

12.2(18)S

This command was integrated into Cisco IOS Release 12.2(18)S.

12.0(26)S

This command was integrated into Cisco IOS Release 12.0(26)S.

12.2(25)SG

This command was integrated into Cisco IOS Release 12.2(25)SG.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2(33)SXH

This command was integrated into Cisco IOS Release 12.2(33)SXH.

15.1(4)M

This command was modified. The vrf vrf-name keyword and argument were added.

15.0(1)SY

This command was integrated into Cisco IOS Release 15.0(1)SY.

15.0(2)SE

This command was integrated into Cisco IOS Release 15.0(2)SE.

15.1(1)SY

This command was integrated into Cisco IOS Release 15.1(1)SY.

15.4(1)S

This command was implemented on the Cisco ASR 901 series routers.

Usage Guidelines

Use the ipv6 multicast-routing command to enable multicast forwarding. This command also enables Protocol Independent Multicast (PIM) and Multicast Listener Discovery (MLD) on all IPv6-enabled interfaces of the router being configured.

You can configure individual interfaces before you enable multicast so that you can then explicitly disable PIM and MLD protocol processing on those interfaces, as needed. Use the no ipv6 pim or the no ipv6 mld router command to disable IPv6 PIM or MLD router-side processing, respectively.

For the Cisco Catalyst 6500 and Cisco 7600 series routers, you must enable the ipv6 multicast-routing command to use IPv6 multicast routing. The ipv6 multicast-routing command need not be enbaled for IPv6 unicast-routing to function.

Examples

The following example enables multicast routing and turns on PIM and MLD on all interfaces:


ipv6 multicast-routing

ipv6 multicast rpf

To enable IPv6 multicast reverse path forwarding (RPF) check to use Border Gateway Protocol (BGP) unicast routes in the Routing Information Base (RIB), use the ipv6 multicast rpf command in global configuration mode. To disable this function, use the no form of this command.

ipv6 multicast [vrf vrf-name] rpf {backoff initial-delay max-delay | use-bgp}

no ipv6 multicast [vrf vrf-name] rpf {backoff initial-delay max-delay | use-bgp}

Syntax Description

vrf vrf-name

(Optional) Specifies a virtual routing and forwarding (VRF) configuration.

backoff

Specifies the backoff delay after a unicast routing change.

initial-delay

Initial RPF backoff delay, in milliseconds (ms). The range is from 200 to 65535.

max-delay

Maximum RPF backoff delay, in ms. The range is from 200 to 65535.

use-bgp

Specifies to use BGP routes for multicast RPF lookups.

Command Default

The multicast RPF check does not use BGP unicast routes.

Command Modes


Global configuration (config)

Command History

Release

Modification

12.4(2)T

This command was introduced.

12.2(28)SB

This command was integrated into Cisco IOS Release 12.2(28)SB.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2(33)SXI3

This command was integrated into Cisco IOS Release 12.2(33)SXI3.

15.0(1)M

This command was modified in a release earlier than Cisco IOS Release 15.0(1)M. The backoff keyword and initial-delay max-delay arguments were added.

Cisco IOS XE Release 2.1

This command was integrated into Cisco IOS XE Release 2.1 and implemented on the Cisco ASR 1000 Series Aggregation Services Routers.

15.1(4)M

The vrf vrf-name keyword and argument were added.

Usage Guidelines

When the ipv6 multicast rpf command is configured, multicast RPF check uses BGP unicast routes in the RIB. This is not done by default.

Examples

The following example shows how to enable the multicast RPF check function:


Router# configure terminal
Router(config)# ipv6 multicast rpf use-bgp

ipv6 nat

To designate that traffic originating from or destined for the interface is subject to Network Address Translation--Protocol Translation (NAT-PT), use the ipv6 nat command in interface configuration mode. To prevent the interface from being able to translate, use the no form of this command.

ipv6 nat

no ipv6 nat

Syntax Description

This command has no keywords or arguments.

Command Default

Traffic leaving or arriving at this interface is not subject to NAT-PT.

Command Modes


Interface configuration

Command History

Release

Modification

12.2(13)T

This command was introduced.

Usage Guidelines

The ipv6 nat command is usually specified on at least one IPv4 interface and one IPv6 interface at the networking device where you intend to use NAT-PT.

Examples

The following example assigns the IPv4 address 192.168.30.1 to Fast Ethernet interface 1/0 and the IPv6 address 2001:0DB8:0:1::1 to Fast Ethernet interface 2/0. IPv6 routing is globally enabled and both interfaces are configured to run IPv6 and enable NAT-PT translations.


interface fastethernet 1/0
 ip address 192.168.30.1 255.255.255.0
 ipv6 nat
!
interface fastethernet 2/0
 ipv6 address 2001:0DB8:0:1::1/64
 ipv6 nat

ipv6 nat max-entries

To specify the maximum number of Network Address Translation--Protocol Translation (NAT-PT) translation entries stored by the router, use the ipv6 nat max-entries command in global configuration mode. To restore the default number of NAT-PT entries, use the no form of this command.

ipv6 nat max-entries number

no ipv6 nat max-entries

Syntax Description

number

(Optional) Specifies the maximum number (1-2147483647) of NAT-PT translation entries. Default is unlimited.

Command Default

Unlimited number of NAT-PT entries.

Command Modes


Global configuration

Command History

Release

Modification

12.2(13)T

This command was introduced.

Usage Guidelines

Use the ipv6 nat max-entries command to set the maximum number of NAT-PT translation entries stored by the router when the router memory is limited, or the actual number of translations is important.

Examples

The following example sets the maximum number of NAT-PT translation entries to 1000:


ipv6 nat max-entries 1000

ipv6 nat prefix

To assign an IPv6 prefix where matching IPv6 packets will be translated using Network Address Translation--Protocol Translation (NAT-PT), use the ipv6 nat prefix command in global configuration or interface configuration mode. To prevent the IPv6 prefix from being used by NAT-PT, use the no form of this command.

ipv6 nat prefix ipv6-prefix/prefix-length

no ipv6 nat prefix ipv6-prefix/prefix-length

Syntax Description

ipv6-prefix

The IPv6 network used as the NAT-PT prefix.

This argument must be in the form documented in RFC 2373 where the address is specified in hexadecimal using 16-bit values between colons.

/ prefix-length

The length of the IPv6 prefix. A decimal value that indicates how many of the high-order contiguous bits of the address comprise the prefix (the network portion of the address). The only prefix length supported is 96. A slash mark must precede the decimal value.

Command Default

No IPv6 prefixes are used by NAT-PT.

Command Modes


Global configuration
Interface configuration

Command History

Release

Modification

12.2(13)T

This command was introduced.

Usage Guidelines

The ipv6 nat prefix command is used to specify an IPv6 address prefix against which the destination prefix in an IPv6 packet is matched. If the match is successful, NAT-PT will translate the IPv6 packet to an IPv4 packet using the configured mapping rules.

Use the ipv6 nat prefix command in global configuration mode to assign a global NAT-PTNAT-PT prefix, or in interface configuration mode to assign a different NAT-PT prefix for each interface. Using a different NAT-PT prefix on several interfaces allows the NAT-PT router to support an IPv6 network with multiple exit points to IPv4 networks.

Examples

The following example assigns the IPv6 prefix 2001:0DB8:1::/96 as the global NAT-PT prefix:


ipv6 nat prefix 2001:0DB8:1::/96

The following example assigns the IPv6 prefix 2001:0DB8:2::/96 as the NAT-PT prefix for the Fast Ethernet interface 1/0, and the IPv6 prefix 2001:0DB8:4::/96 as the NAT-PT prefix for the Fast Ethernet interface 2/0:


interface fastethernet 1/0
 ipv6 address 2001:0DB8:2:1::1/64
 ipv6 nat prefix 2001:0DB8:2::/96
!
interface fastethernet 2/0
 ipv6 address 2001:0DB8:4:1::1/64
 ipv6 nat prefix 2001:0DB8:4::/96

ipv6 nat prefix v4-mapped

To enable customers to send traffic from their IPv6 network to an IPv4 network without configuring IPv6 destination address mapping, use the ipv6 nat prefix v4-mapped command in global configuration or interface configuration mode. To disable this feature, use the no form of this command.

ipv6 nat prefix ipv6-prefix v4-mapped {access-list-name | ipv6-prefix}

no ipv6 nat prefix ipv6-prefix v4-mapped {access-list-name | ipv6-prefix}

Syntax Description

ipv6-prefix

IPv6 prefix for Network Address Translation--Protocol Translation (NAT-PT).

access-list-name

Name of an IPv6 access list. Names cannot contain a space or quotation mark, or begin with a numeric.

Command Default

This command is not enabled.

Command Modes


Global configuration
Interface configuration

Command History

Release

Modification

12.3(14)T

This command was introduced.

Usage Guidelines

The IPv6 target address of a packet arriving at an interface is checked to discover if it has a NAT-PT prefix that was configured with the ipv6 nat prefix v4-mapped command. If the prefix does match, then an access-list check is performed to discover if the source address matches the access list or prefix list. If the prefix does not match, the packet is dropped.

If the prefix matches, source address translation is performed. If a rule has been configured for the source address translation, the last 32 bits of the destination IPv6 address is used as the IPv4 destination and a flow entry is created.

Examples

In the following example, the access list permits any IPv6 source address with the prefix 2001::/96 to go to the destination with a 2000::/96 prefix. The destination is then translated to the last 32 bit of its IPv6 address; for example: source address = 2001::1, destination address = 2000::192.168.1.1. The destination then becomes 192.168.1.1 in the IPv4 network:


ipv6 nat prefix 2000::/96 v4-mapped v4map_acl
ipv6 access-list v4map_acl 
 permit ipv6 2001::/96 2000::/96 

ipv6 nat translation

To change the amount of time after which Network Address Translation--Protocol Translation (NAT-PT) translations time out, use the ipv6 nat translation command in global configuration mode. To disable the timeout, use the no form of this command.

ipv6 nat translation {timeout | udp-timeout | dns-timeout | tcp-timeout | finrst-timeout | icmp-timeout | syn-timeout} {seconds | never}

no ipv6 nat translation {timeout | udp-timeout | dns-timeout | tcp-timeout | finrst-timeout | icmp-timeout | syn-timeout}

Syntax Description

timeout

Specifies that the timeout value applies to dynamic translations. Default is 86400 seconds (24 hours).

udp-timeout

Specifies that the timeout value applies to the User Datagram Protocol (UDP) port. Default is 300 seconds (5 minutes).

dns-timeout

Specifies that the timeout value applies to connections to the Domain Naming System (DNS). Default is 60 seconds.

tcp-timeout

Specifies that the timeout value applies to the TCP port. Default is 86400 seconds (24 hours).

finrst-timeout

Specifies that the timeout value applies to Finish and Reset TCP packets, which terminate a connection. Default is 60 seconds.

icmp-timeout

Specifies the timeout value for Internet Control Message Protocol (ICMP) flows. Default is 60 seconds.

syn-timeout

Specifies that the timeout value applies when a TCP SYN (request to synchronize sequence numbers used when opening a connection) flag is received but the flag is not followed by data belonging to the same TCP session.

seconds

Number of seconds after which the specified translation timer expires. The default is 0.

never

Specifies that the dynamic translation timer never expires.

Command Default

timeout : 86400 seconds (24 hours)udp-timeout : 300 seconds (5 minutes)dns-timeout : 60 seconds (1 minute)tcp-timeout : 86400 seconds (24 hours)finrst-timeout: 60 seconds (1 minute)icmp-timeout : 60 seconds (1 minute)

Command Modes


Global configuration

Command History

Release

Modification

12.2(13)T

This command was introduced.

Usage Guidelines

Dynamic translations time out after a period of time without any translations. The default timeout period is 24 hours. When port translation is configured, there is finer control over translation entry timeouts because each entry contains more context about the traffic that is using it. Non-DNS UDP translations time out after 5 minutes, and DNS times out in 1 minute. TCP translations time out in 24 hours, unless an RST or FIN flag is seen on the stream, in which case they will time out in 1 minute.

Examples

The following example causes UDP port translation entries to time out after 10 minutes:


ipv6 nat translation udp-timeout 600

ipv6 nat v4v6 pool

To define a pool of IPv6 addresses for Network Address Translation--Protocol Translation (NAT-PT), use the ipv6 nat v4v6 pool command in global configuration mode. To remove one or more addresses from the pool, use the no form of this command.

ipv6 nat v4v6 pool name start-ipv6 end-ipv6 prefix-length prefix-length

no ipv6 nat v4v6 pool name start-ipv6 end-ipv6 prefix-length prefix-length

Syntax Description

name

Name of the pool.

start-ipv6

Starting IPv6 address that defines the range of IPv6 addresses in the address pool.

end-ipv6

Ending IPv6 address that defines the range of IPv6 addresses in the address pool.

prefix-length prefix-length

Number that indicates how many bits of the address indicate the network. Specify the subnet of the network to which the pool addresses belong.

Command Default

No pool of addresses is defined.

Command Modes


Global configuration

Command History

Release

Modification

12.2(13)T

This command was introduced.

Usage Guidelines

This command defines a pool of IPv6 addresses using start address, end address, and prefix length. The pool is used when NAT-PT needs a dynamic mapping of an IPv6 address to translate an IPv4 address.

Examples

The following example configures a dynamic NAT-PT mapping to translate IPv4 addresses to IPv6 addresses using a pool of IPv6 addresses named v6pool. The packets to be translated by NAT-PT are filtered using an access list named pt-list2. One static NAT-PT mapping is configured to access a Domain Naming System (DNS) server. Ethernet interface 3/1 is an IPv6-only host and Ethernet interface 3/3 is an IPv4-only host.


interface Ethernet3/1 
 ipv6 address 2001:0DB8:AABB:1::9/64 
 ipv6 enable 
 ipv6 nat 
! 
interface Ethernet3/3 
 ip address 192.168.30.9 255.255.255.0 
 ipv6 nat 
! 
ipv6 nat v4v6 source list pt-list2 pool v6pool 
ipv6 nat v4v6 pool v6pool 2001:0DB8:EEFF::1 2001:0DB8:EEFF::2 prefix-length 128 
ipv6 nat v6v4 source 2001:0DB8:AABB:1::1 10.21.8.0 
ipv6 nat prefix 2001:0DB8:EEFF::/96 
! 
access-list pt-list2 permit 192.168.30.0 0.0.0.255

ipv6 nat v4v6 source

To configure IPv4 to IPv6 address translation using Network Address Translation--Protocol Translation (NAT-PT), use the ipv6 nat v4v6 source command in global configuration mode. To remove the static translation or remove the dynamic association to a pool, use the no form of this command.

ipv6 nat v4v6 source {list {access-list-number | name} pool name | ipv4-address ipv6-address}

no ipv6 nat v4v6 source {list {access-list-number | name} pool name | ipv4-address ipv6-address}

Syntax Description

list access-list-number

Standard IP access list number. Packets with source addresses that pass the access list are dynamically translated using global addresses from the named pool.

list name

Name of a standard IP access list. Packets with source addresses that pass the access list are dynamically translated using global addresses from the named pool.

pool name

Name of the pool from which global IP addresses are allocated dynamically.

ipv4-address

Sets up a single static translation. This argument establishes the local IP address assigned to a host on the inside network. The address could be randomly chosen, allocated from RFC 1918, or obsolete.

ipv6-address

Sets up a single static translation. This argument establishes the globally unique IP address of an inside host as it appears to the outside world.

Command Default

No NAT-PT translation of IPv4 to IPv6 addresses occurs.

Command Modes


Global configuration

Command History

Release

Modification

12.2(13)T

This command was introduced.

Usage Guidelines

This command has two forms: dynamic and static address translation. The form with an IPv6 access list establishes dynamic translation. Packets from IPv4 addresses that match the standard access list are translated using IPv6 addresses allocated from the pool named with the ipv6 nat v4v6 pool command. The access list is used to specify which traffic is to be translated.

Alternatively, the syntax form using the ipv4-address and ipv6-address arguments establishes a single static translation.

Examples

The following example configures a dynamic NAT-PT mapping to translate IPv4 addresses to IPv6 addresses using a pool of IPv6 addresses named v6pool. The packets to be translated by NAT-PT are filtered using an access list named pt-list2. Ethernet interface 3/1 is an IPv6-only host and Ethernet interface 3/3 is an IPv4-only host.


interface Ethernet3/1 
 ipv6 address 2001:0DB8:AABB:1::9/64 
 ipv6 enable 
 ipv6 nat 
! 
interface Ethernet3/3 
 ip address 192.168.30.9 255.255.255.0 
 ipv6 nat 
! 
ipv6 nat v4v6 source list pt-list2 pool v6pool 
ipv6 nat v4v6 pool v6pool 2001:0DB8:EEFF::1 2001:0DB8:EEFF::2 prefix-length 128 
ipv6 nat prefix 3ffe:c00:yyyy::/96 
! 
access-list pt-list2 permit 192.168.30.0 0.0.0.255

The following example shows a static translation where the IPv4 address 192.168.30.1 is translated into the IPv6 address 2001:0DB8:EEFF::2:


ipv6 nat v4v6 source 192.168.30.1 2001:0DB8:EEFF::2

ipv6 nat v6v4 pool

To define a pool of IPv4 addresses for Network Address Translation--Protocol Translation (NAT-PT), use the ipv6 nat v6v4 pool global configuration command. To remove one or more addresses from the pool, use the no form of this command.

ipv6 nat v6v4 pool name start-ipv4 end-ipv4 prefix-length prefix-length

no ipv6 nat v6v4 pool name start-ipv4 end-ipv4 prefix-length prefix-length

Syntax Description

name

Name of the pool.

start-ipv4

Starting IPv4 address that defines the range of IPv4 addresses in the address pool.

end-ipv4

Ending IPv4 address that defines the range of IPv4 addresses in the address pool.

prefix-length prefix-length

Number that indicates how many bits of the address indicate the network. Specify the subnet of the network to which the pool addresses belong.

Command Default

No pool of addresses is defined.

Command Modes


Global configuration

Command History

Release

Modification

12.2(13)T

This command was introduced.

Usage Guidelines

This command defines a pool of IPv4 addresses using start address, end address, and prefix length. The pool is used when NAT-PT needs a dynamic mapping of IPv4 addresses to translate IPv6 addresses.

Examples

The following example configures a dynamic NAT-PT mapping to translate IPv6 addresses to IPv4 addresses using a pool of IPv4 addresses named v4pool. The packets to be translated by NAT-PT are filtered using an IPv6 access list named pt-list1. One static NAT-PT mapping is configured to access a Domain Naming System (DNS) server. Ethernet interface 3/1 is an IPv6-only host and Ethernet interface 3/3 is an IPv4-only host.


interface Ethernet3/1 
 ipv6 address 2001:0DB8:AABB:1::9/64 
 ipv6 enable 
 ipv6 nat 
! 
interface Ethernet3/3 
 ip address 192.168.30.9 255.255.255.0 
 ipv6 nat 
! 
ipv6 nat v4v6 source 192.168.30.1 2001:0DB8:EEFF::2 
ipv6 nat v6v4 source list pt-list1 pool v4pool 
ipv6 nat v6v4 pool v4pool 10.21.8.1 10.21.8.10 prefix-length 24 
ipv6 nat prefix 2001:0DB8:EEFF::/96 
! 
ipv6 access-list pt-list1 
 permit ipv6 2001:0DB8:AABB:1::/64 any

ipv6 nat v6v4 source

To configure IPv6 to IPv4 address translation using Network Address Translation--Protocol Translation (NAT-PT), use the ipv6 nat v6v4 source command in global configuration mode. To remove the static translation or remove the dynamic association to a pool, use the no form of this command.

ipv6 nat v6v4 source {list access-list-name pool name | route-map map-name pool name | ipv6-address ipv4-address} [overload]

no ipv6 nat v6v4 source {list access-list-name pool name | route-map map-name pool name | ipv6-address ipv4-address} [overload]

Syntax Description

list access-list-name

IPv6 access list name. Packets with source addresses that pass the access list are translated using global addresses from the named pool.

route-map map-name

Sets up a single static translation. This keyword and argument combination establishes the globally unique IP address assigned to a host on the outside network by its owner. It was allocated from globally routable network space.

pool name

Name of the pool from which global IP addresses are allocated dynamically.

ipv6-address

Sets up a single static translation. This argument establishes the globally unique IP address of an inside host as it appears to the outside world.

ipv4-address

Sets up a single static translation. This argument establishes the local IP address assigned to a host on the inside network. The address could be randomly chosen, allocated from RFC 1918, or obsolete.

overload

Enables multiplexing of IPv6 addresses to a single IPv4 address for TCP, UDP, and ICMD.

Command Default

No NAT-PT translation of IPv6 to IPv4 addresses occurs.

Command Modes


Global configuration

Command History

Release

Modification

12.2(13)T

This command was introduced.

12.3(2)T

The overload keyword was added to support Port Address Translation (PAT), or Overload, multiplexing multiple IPv6 addresses to a single IPv4 address or to an IPv4 address pool.

Usage Guidelines

Dynamic and Static Address Translation

This command has two forms: dynamic and static address translation. The form with an IPv6 access list establishes dynamic translation. Packets from IPv6 addresses that match the IPv6 access list are translated using IPv4 addresses allocated from the pool named with the ipv6 nat v6v4 pool command. The access list is used to specify which traffic is to be translated.

Alternatively, the syntax form using the ipv6-address and ipv4-address arguments establishes a single static translation.

Port Address Translation

When used for PAT, the command can be used for a single IPv4 interface or for a pool of IPv4 interfaces.

Examples

Examples

The following example configures a dynamic NAT-PT mapping to translate IPv6 addresses to IPv4 addresses using a pool of IPv4 addresses named v4pool. The packets to be translated by NAT-PT are filtered using an IPv6 access list named pt-list1. Ethernet interface 3/1 is an IPv6-only host and Ethernet interface 3/3 is an IPv4-only host.


interface Ethernet3/1 
 ipv6 address ffe:aaaa:bbbb:1::9/64 
 ipv6 enable 
 ipv6 nat 
! 
interface Ethernet3/3 
 ip address 192.168.30.9 255.255.255.0 
 ipv6 nat 
! 
ipv6 nat v6v4 source list pt-list1 pool v4pool 
ipv6 nat v6v4 pool v4pool 10.21.8.1 10.21.8.10 prefix-length 24 
ipv6 nat prefix 3ffe:c00:::/96 
! 
ipv6 access-list pt-list1 
 permit ipv6 3ffe:aaaa:bbbb:1::/64 any

Examples

The following example shows a static translation where the IPv6 address 3ffe:aaaa:bbbb:1::1 is translated into the IPv4 address 10.21.8.10:


ipv6 nat v6v4 source 3ffe:aaaa:bbbb:1::1 10.21.8.10

Examples


ipv6 nat v6v4 pool v6pool 10.1.1.1 10.1.1.10 subnetmask 255.255.255.0
ipv6 nat v6v4 source list v6list interface e1 overload
ipv6 accesslist v6list
permit 3000::/64 any

ipv6 nd advertisement-interval

To configure the advertisement interval option in router advertisements (RAs), use the ipv6 nd advertisement-interval in interface configuration mode. To reset the interval to the default value, use the no form of this command.

ipv6 nd advertisement-interval

no ipv6 nd advertisement-interval

Syntax Description

This command has no arguments or keywords.

Command Default

Advertisement interval option is not sent.

Command Modes


Interface configuration

Command History

Release

Modification

12.3(14)T

This command was introduced.

15.2(2)S

This command was implemented on the Cisco ASR 901 Series Aggregation Services devices.

Usage Guidelines

Use the ipv6 nd advertisement-interval command to indicate to a visiting mobile node the interval at which that node may expect to receive RAs. The node may use this information in its movement detection algorithm.

Examples

The following example enables the advertisement interval option to be sent in RAs:


Device(config-if)# ipv6 nd advertisement-interval

ipv6 nd autoconfig default-router

To allow Neighbor Discovery to install a default route to the Neighbor Discovery-derived default router, use the ipv6 nd autoconfig default-router command in interface configuration mode. To remove the default route configured through interface configuration mode from the interface, use the no form of this command.

ipv6 nd autoconfig default-router

no ipv6 nd autoconfig default-router

Syntax Description

This command has no arguments or keywords.

Command Default

This command is enabled in host mode.

Command Modes

Interface configuration (config-if)#

Command History

Release

Modification

15.2(1)T

This command was introduced.

Usage Guidelines

If the ipv6 nd autoconfig default-router command is configured on a router, Neighbor Discovery installs a default route to the Neighbor Discovery-derived default router. Using this command sends a router solicitation (RS) message to solicit a router advertisement (RA), thus eliminating any delay in waiting for the next periodic RA.

Examples

Device(config-if)# ipv6 nd autoconfig default router
      

ipv6 nd autoconfig prefix

To use Neighbor Discovery to install all valid on-link prefixes from router advertisements (RAs) received on the interface, use the ipv6 nd autoconfig prefix command in interface configuration mode. To remove the prefix from the RIB, use the no form of the command.

ipv6 nd autoconfig prefix

no ipv6 nd autoconfig prefix

Syntax Description

This command has no arguments or keywords.

Command Default

This command is not enabled.

Command Modes


        Interface configuration (config-if)#
      

Command History

Release

Modification

15.2(1)T

This command was introduced.

Usage Guidelines

Using the ipv6 nd autoconfig prefix command command sends a router solicitation (RS) message to solicit a router advertisement (RA), thus eliminating any delay in waiting for the next periodic RA. The router receives a prefix from a neighboring router, and installs the prefix in the RIB.

Use of the ipv6 nd autoconfig prefix command command allows Neighbor Discovery to install all valid on-link prefixes from RAs received on the interface. The prefixes are installed as Neighbor Discovery-owned static routes in same manner as a Neighbor Discovery default route. If both ipv6 address autoconfig and ipv6 nd autoconfig prefix are both configured, then the handling of /64 autoconfiguration and on-link prefixes will be unchanged. All other valid Neighbor Discovery prefixes will be installed as static routes.

Examples

Device(config-if)# ipv6 nd autoconfig default-router
      

ipv6 nd cache expire

To configure the length of time before an IPv6 neighbor discovery (ND) cache entry expires, use the ipv6 nd cache expire command in interface configuration mode. To remove this configuration, use the no form of this command.

ipv6 nd cache expire expire-time-in-seconds [refresh]

no ipv6 nd cache expire expire-time-in-seconds [refresh]

Syntax Description

expire-time-in-seconds

The time range is from 1 through 65536 seconds. The default is 14400 seconds, or 4 hours.

refresh

(Optional) Automatically refreshes the ND cache entry.

Command Default

This expiration time is 14400 seconds (4 hours)

Command Modes


Interface configuration (config-if)

Command History

Release

Modification

12.2(33)SXI7

This command was introduced.

Cisco IOS XE Release 3.2SE

This command was integrated into Cisco IOS XE Release 3.2SE.

Usage Guidelines

By default, an ND cache entry is expired and deleted if it remains in the STALE state for 14,400 seconds, or 4 hours. The ipv6 nd cache expire command allows the user to vary the expiry time and to trigger autorefresh of an expired entry before the entry is deleted.

When the refresh keyword is used, an ND cache entry is autorefreshed. The entry moves into the DELAY state and the neighbor unreachability detection (NUD) process occurs, in which the entry transitions from the DELAY state to the PROBE state after 5 seconds. When the entry reaches the PROBE state, a neighbor solicitation (NS) is sent and then retransmitted as per the configuration.

Examples

The following example shows that the ND cache entry is configured to expire in 7200 seconds, or 2 hours:


Router(config-if)# ipv6 nd cache expire 7200

ipv6 nd cache interface-limit (global)

To configure a neighbor discovery cache limit on all interfaces on the device, use the ipv6 nd cache interface-limit command in global configuration mode. To remove the neighbor discovery from all interfaces on the device, use the no form of this command.

ipv6 nd cache interface-limit size [log rate]

no ipv6 nd cache interface-limit size [log rate]

Syntax Description

size

Cache size.

log rate

(Optional) Adjustable logging rate, in seconds. The valid values are 0 and 1.

Command Default

Default logging rate for the device is one entry every second.

Command Modes


Global configuration (config)

Command History

Release

Modification

Cisco IOS XE Release 2.6

This command was introduced.

15.1(3)T

This command was integrated into Cisco IOS Release 15.1(3)T.

15.1(1)SY

This command was integrated into Cisco IOS Release 15.1(1)SY.

15.3(1)S

This command was integrated into Cisco IOS Release 15.3(1)S.

Usage Guidelines

The ipv6 nd cache interface-limit command in global configuration mode imposes a common per-interface cache size limit on all interfaces on the device.

Issuing the no or default form of the command will remove the neighbor discovery limit from every interface on the device that was configured using global configuration mode. It will not remove the neighbor discovery limit from any interface configured using the ipv6 nd cache interface-limit command in interface configuration mode.

The default (and maximum) logging rate for the device is one entry every second.

Examples

The following example shows how to set a common per-interface cache size limit of 4 seconds on all interfaces on the device:


Device(config)#
 ipv6 nd cache interface-limit 4

ipv6 nd cache interface-limit (interface)

To configure a neighbor discovery cache limit on a specified interface on the , use the ipv6 nd cache interface-limit command in interface configuration mode. To remove the neighbor discovery limit configured through interface configuration mode from the interface, use the no form of this command.

ipv6 nd cache interface-limit size [log rate]

no ipv6 nd cache interface-limit size [log rate]

Syntax Description

size

Cache size.

log rate

(Optional) Adjustable logging rate, in seconds. The valid values are 0 and 1.

Command Default

Default logging rate for the device is one entry every second.

Command Modes


Interface configuration (config-if)

Command History

Release

Modification

Cisco IOS XE Release 2.6

This command was introduced.

15.1(3)T

This command was integrated into Cisco IOS Release 15.1(3)T.

15.1(1)SY

This command was integrated into Cisco IOS Release 15.1(1)SY.

Usage Guidelines

The ipv6 nd cache interface-limit command in interface configuration mode allows you to configure a per-interface neighbor discovery limit on the associated interface. The limit configured by this command overrides any limit configured using the ipv6 nd cache interface-limit command in global configuration mode.

Issuing the no or default form of the command removes the neighbor discovery limit configured using interface configuration mode from the interface. Then, if the ipv6 nd cache interface-limit command in global configuration mode has been issued, the neighbor discovery limit on the interface reverts to that specified by global configuration. If the globally configured limit is smaller than the interface limit, then excess entries are removed. If the ipv6 nd cache interface-limit command in global configuration mode has not been issued, then no limit is set on the interface.

The number of entries in the neighbor discovery cache is limited on an interface basis. Once the limit is reached, no new entries are allowed.

Examples

The following example shows how to set the number of entries in a neighbor discovery cache (on an interface basis) to 1:


Device(config-if)# ipv6 nd cache interface-limit 1

ipv6 nd dad attempts

To configure the number of consecutive neighbor solicitation messages that are sent on an interface while duplicate address detection is performed on the unicast IPv6 addresses of the interface, use the ipv6 nd dad attempts command in interface configuration mode. To return the number of messages to the default value, use the no form of this command.

ipv6 nd dad attempts value

no ipv6 nd dad attempts value

Syntax Description

value

The number of neighbor solicitation messages. The acceptable range is from 0 to 600. Configuring a value of 0 disables duplicate address detection processing on the specified interface; a value of 1 configures a single transmission without follow-up transmissions. Default is one message.

Command Default

Duplicate address detection on unicast IPv6 addresses with the sending of one neighbor solicitation message is enabled.

Command Modes


Interface configuration

Command History

Release

Modification

12.2(4)T

This command was introduced.

12.0(21)ST

This command was integrated into Cisco IOS Release 12.0(21)ST.

12.0(22)S

This command was integrated into Cisco IOS Release 12.0(22)S.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.2(28)SB

This command was integrated into Cisco IOS Release 12.2(28)SB.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2(33)SXH

This command was integrated into Cisco IOS Release 12.2(33)SXH.

15.2(2)SNG

Th is command was implemented on the Cisco ASR 901 Series Aggregation Services devices.

15.2(2)SA2

This command was implemented on the Cisco ME 2600X Series Ethernet Access Switches.

Usage Guidelines

Duplicate address detection verifies the uniqueness of new unicast IPv6 addresses before the addresses are assigned to interfaces (the new addresses remain in a tentative state while duplicate address detection is performed). Duplicate address detection uses neighbor solicitation messages to verify the uniqueness of unicast IPv6 addresses.

The DupAddrDetectTransmits node configuration variable (as specified in RFC 2462, IPv6 Stateless Address Autoconfiguration) is used to automatically determine the number of consecutive neighbor solicitation messages that are sent on an interface while duplicate address detection is performed on a tentative unicast IPv6 address.

The interval between duplicate address detection, neighbor solicitation messages (the duplicate address detection timeout interval) is specified by the neighbor discovery-related variable RetransTimer (as specified in RFC 2461, Neighbor Discovery for IP Version 6 [IPv6] ), which is used to determine the time between retransmissions of neighbor solicitation messages to a neighbor when resolving the address or when probing the reachability of a neighbor. This is the same management variable used to specify the interval for neighbor solicitation messages during address resolution and neighbor unreachability detection. Use the ipv6 nd ns-interval command to configure the interval between neighbor solicitation messages that are sent during duplicate address detection.

Duplicate address detection is suspended on interfaces that are administratively "down." While an interface is administratively "down," the unicast IPv6 addresses assigned to the interface are set to a pending state. Duplicate address detection is automatically restarted on an interface when the interface returns to being administratively "up."


Note


An interface returning to administratively "up" restarts duplicate address detection for all of the unicast IPv6 addresses on the interface. While duplicate address detection is performed on the link-local address of an interface, the state for the other IPv6 addresses is still set to TENTATIVE. When duplicate address detection is completed on the link-local address, duplicate address detection is performed on the remaining IPv6 addresses.


When duplicate address detection identifies a duplicate address, the state of the address is set to DUPLICATE and the address is not used. If the duplicate address is the link-local address of the interface, the processing of IPv6 packets is disabled on the interface and an error message similar to the following is issued:


%IPV6-4-DUPLICATE: Duplicate address FE80::1 on Ethernet0

If the duplicate address is a global address of the interface, the address is not used and an error message similar to the following is issued:


%IPV6-4-DUPLICATE: Duplicate address 3000::4 on Ethernet0

All configuration commands associated with the duplicate address remain as configured while the state of the address is set to DUPLICATE.

If the link-local address for an interface changes, duplicate address detection is performed on the new link-local address and all of the other IPv6 address associated with the interface are regenerated (duplicate address detection is performed only on the new link-local address).

Duplicate address detection is performed on all multicast-enabled IPv6 interfaces, including the following interface types:

  • ATM permanent virtual circuit (PVC)

  • Cisco High-Level Data Link Control (HDLC)

  • Ethernet, Fast Ethernet, and Gigabit Ethernet

  • FDDI

  • Frame Relay PVC

  • Point-to-point links

  • PPP

Examples

The following example configures five consecutive neighbor solicitation messages to be sent on Ethernet interface 0 while duplicate address detection is being performed on the tentative unicast IPv6 address of the interface. The example also disables duplicate address detection processing on Ethernet interface 1.


Device(config)# interface ethernet 0
Device(config-if)# ipv6 nd dad attempts 5
Device(config)# interface ethernet 1
Device(config-if)# ipv6 nd dad attempts 0

Note


Configuring a value of 0 with the ipv6 nd dad attempts command disables duplicate address detection processing on the specified interface; a value of 1 configures a single transmission without follow-up transmissions. The default is one message.


To display the state (OK, TENTATIVE, or DUPLICATE) of the unicast IPv6 address configured for an interface, to verify whether duplicate address detection is enabled on the interface, and to verify the number of consecutive duplicate address detection, neighbor solicitation messages that are being sent on the interface, enter the show ipv6 interface command:


Device# show ipv6 interface
Ethernet0 is up, line protocol is up
  IPv6 is stalled, link-local address is FE80::1 [TENTATIVE]
  Global unicast address(es):
    2000::1, subnet is 2000::/64 [TENTATIVE]
    3000::1, subnet is 3000::/64 [TENTATIVE]
  Joined group address(es):
    FF02::1
    FF02::2
    FF02::1:FF00:1
  MTU is 1500 bytes
  ICMP error messages limited to one every 100 milliseconds
  ICMP redirects are enabled
  ND DAD is enabled, number of DAD attempts: 1
  ND reachable time is 30000 milliseconds
  ND advertised reachable time is 0 milliseconds
  ND advertised retransmit interval is 0 milliseconds
  ND router advertisements are sent every 200 seconds
  ND router advertisements live for 1800 seconds
  Hosts use stateless autoconfig for addresses.
Ethernet1 is up, line protocol is up
  IPv6 is stalled, link-local address is FE80::2
  Global unicast address(es):
    2000::2, subnet is 2000::/64 
    3000::3, subnet is 3000::/64 
  Joined group address(es):
    FF02::1
    FF02::2
    FF02::1:FF00:1
  MTU is 1500 bytes
  ICMP error messages limited to one every 100 milliseconds
  ICMP redirects are enabled
  ND DAD is disabled, number of DAD attempts: 0
  ND reachable time is 30000 milliseconds
  ND advertised reachable time is 0 milliseconds
  ND advertised retransmit interval is 0 milliseconds
  ND router advertisements are sent every 200 seconds
  ND router advertisements live for 1800 seconds
  Hosts use stateless autoconfig for addresses.

ipv6 nd dad-proxy

To enable the IPv6 Neighbor Discovery (ND) Duplicate Address Detection (DAD) Proxy feature, use the ipv6 nd dad-proxy command in global configuration mode or interface configuration mode.

ipv6 nd dad-proxy

noipv6 nd dad-proxy

Command Default

The IPv6 ND DAD Proxy feature is disabled.

Command Modes


Global configuration (config)

Command History

Release Modification

15.1(2)SG

This command was introduced.

Usage Guidelines

Use the ipv6 nd dad-proxy command to enable the IPv6 ND DAD Proxy feature on a device or an interface.

On devices where the IPv6 ND Multicast Suppress feature is not available on the device platform, you use the ipv6 nd dad-proxy command in global configuration mode to configure the feature on the device.

Examples

The following example shows how to configure IPv6 ND DAD proxy on a device:

Device(config)# ipv6 nd dad-proxy

ipv6 nd dad time

To configure the neighbor solicitation (NS) retransmit interval for duplicate address detection (DAD) separately from the NS retransmit interval for address resolution, use the ipv6 nd dad time command in global configuration or interface configuration mode. To remove the NS retransmit interval for DAD, use the no form of this command.

ipv6 nd dad time milliseconds

no ipv6 nd dad time

Syntax Description

milliseconds

The interval between IPv6 neighbor solicit transmissions for DAD. The range is from 1000 to 3600000 milliseconds.

Command Default

Default NS retransmit interval: 1000 msec (1 second)

Command Modes


Global configuration (config)
Interface configuration (config-if)

Command History

Release

Modification

Cisco IOS XE Release 3S

This command was introduced.

Usage Guidelines

The ipv6 nd dad time command allows you to configure the NS retransmit interval for DAD separately from the NS retransmit interval for address resolution. This command also allows you to set the behavior globally for the whole router or on a per-interface basis.

Examples

The following example shows how to increase the default NS retransmit interval on an interface for address resolution to 3 seconds but keep the DAD NS retransmit interval at the default value of 1 second:


Router(config-if)# ipv6 nd ns-interval 3000 
Router(config-if)# ipv6 nd dad time 1000 

ipv6 nd host mode strict

To enable the conformant, or strict, IPv6 host mode, use the ipv6 nd host mode strict command in global configuration mode. To reenable conformant, or loose, IPv6 host mode, use the no form of this command.

ipv6 nd host mode strict

Syntax Description

This command has no arguments or keywords.

Command Default

Nonconformant, or loose, IPv6 host mode is enabled.

Command Modes


        Global configuration (config)
      

Command History

Release

Modification

15.0(2)SE

This command was introduced.

Usage Guidelines

The default IPv6 host mode type is loose, or nonconformant. To enable IPv6 strict, or conformant, host mode, use the ipv6 nd host mode strict command. You can change between the two IPv6 host modes using the no form of this command.

The ipv6 nd host mode strict command selects the type of IPv6 host mode behavior and enters interface configuration mode. However, the ipv6 nd host mode strict command is ignored if you have configured IPv6 routing with the ipv6 unicast-routing command. In this situation, the default IPv6 host mode type, loose, is used.

Examples

The following example shows how to configure the device as a strict IPv6 host and enables IPv6 address autoconfiguration on Ethernet interface 0/0:

Device(config)# ipv6 nd host mode strict
Device(config-if)# interface ethernet0/0
Device(config-if)# ipv6 address autoconfig
The following example shows how to configure the device as a strict IPv6 host and configures a static IPv6 address on Ethernet interface 0/0:
Device(config)# ipv6 nd host mode strict
Device(config-if)# interface ethernet0/0
Device(config-if)# ipv6 address 2001::1/64

ipv6 nd inspection

To apply the Neighbor Discovery Protocol (NDP) Inspection feature, use the ipv6 nd inspection command in interface configuration mode. To remove the NDP Inspection feature, use the no form of this command.

ipv6 nd inspection [ attach-policy [ policy-name] | vlan { add | except | none | remove | all} vlan vlan-id ]]

no ipv6 nd inspection

Syntax Description

attach-policy

(Optional) Attaches an NDP Inspection policy.

policy-name

(Optional) The NDP Inspection policy name.

vlan

(Optional) Applies the ND Inspection feature to a VLAN on the interface.

add

(Optional) Adds a VLAN to be inspected.

except

(Optional) Inspects all VLANs except the one specified.

none

(Optional) Specifies that no VLANs are inspected.

remove

(Optional) Removes the specified VLAN from NDP inspection.

all

(Optional) Inspects NDP traffic from all VLANs on the port.

vlan-id

(Optional) A specific VLAN on the interface. More than one VLAN can be specified. The VLAN number that can be used is from 1 to 4094.

Command Default

All NDP messages are inspected. Secure Neighbor Discovery (SeND) options are ignored. Neighbors are probed based on the criteria defined in the Neighbor Tracking feature. Per-port IPv6 address limit enforcement is disabled. Layer 2 header source MAC address validations are disabled. Per-port rate limiting of the NDP messages in software is disabled.

Command Modes


Interface configuration (config-if)

Command History

Release

Modification

12.2(50)SY

This command was introduced.

15.0(2)SE

This command was integrated into Cisco IOS Release 15.0(2)SY.

The limited-broadcast keyword was deprecated.

Cisco IOS XE Release 3.2SE

This command was integrated into Cisco IOS XE Release 3.2SE.

The limited-broadcast keyword was deprecated.

Usage Guidelines

The ipv6 nd inspection command applies the NDP Inspection feature on a specified interface. If you enable the optional attach-policy or vlan keywords, NDP traffic is inspected by policy or by VLAN. If no VLANs are specified, NDP traffic from all VLANs on the port is inspected (which is equivalent to using the vlan all keywords).

If no policy is specified in this command, the default criteria are as follows:

  • All NDP messages are inspected.

  • SeND options are ignored.

  • Neighbors are probed based on the criteria defined in neighbor tracking feature.

  • Per-port IPv6 address limit enforcement is disabled.

  • Layer 2 header source MAC address validations are disabled.

  • Per-port rate limiting of the NDP messages in software is disabled.

If a VLAN is specified, its parameter is either a single VLAN number from 1 to 4094 or a range of VLANs described by two VLAN numbers, the lesser one first, separated by a dash (for example, vlan 1-100,200,300-400 ). Do not enter any spaces between comma-separated VLAN parameters or in dash-specified ranges.

Examples

The following example enables NDP inspection on a specified interface:


Router(config-if)# ipv6 nd inspection

ipv6 nd inspection policy

To define the neighbor discovery (ND) inspection policy name and enter ND inspection policy configuration mode, use the ipv6 nd inspection command in ND inspection configuration mode. To remove the ND inspection policy, use the no form of this command.

ipv6 nd inspection policy policy-name

no ipv6 nd inspection policy policy-name

Syntax Description

policy-name

The ND inspection policy name.

Command Default

No ND inspection policies are configured.

Command Modes


ND inspection configuration (config-nd-inspection)

Command History

Release

Modification

12.2(50)SY

This command was introduced.

15.0(2)SE

This command was integrated into Cisco IOS Release 15.0(2)SE.

Cisco IOS XE Release 3.2SE

This command was integrated into Cisco IOS XE Release 3.2SE.

Usage Guidelines

The ipv6 nd inspection policy command defines the ND inspection policy name and enters ND inspection policy configuration mode. Once you are in ND inspection policy configuration mode, you can use any of the following commands:

  • device-role

  • drop-unsecure

  • limit address-count

  • sec-level minimum

  • tracking

  • trusted-port

  • validate source-mac

Examples

The following example defines an ND policy name as policy1:


Router(config)# ipv6 nd inspection policy policy1
Router(config-nd-inspection)#

ipv6 nd managed-config-flag

To set the "managed address configuration flag" in IPv6 router advertisements, use the ipv6 nd managed-config-flag command in interface configuration mode. To clear the flag from IPv6 router advertisements, use the no form of this command.

ipv6 nd managed-config-flag

no ipv6 nd managed-config-flag

Syntax Description

This command has no arguments or keywords.

Command Default

The "managed address configuration flag" flag is not set in IPv6 router advertisements.

Command Modes


Interface configuration

Command History

Release

Modification

12.2(2)T

This command was introduced.

12.0(21)ST

This command was integrated into Cisco IOS Release 12.0(21)ST.

12.0(22)S

This command was integrated into Cisco IOS Release 12.0(22)S.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.2(28)SB

This command was integrated into Cisco IOS Release 12.2(28)SB.

12.2(25)SG

This command was integrated into Cisco IOS Release 12.2(25)SG.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2(33)SXH

This command was integrated into Cisco IOS Release 12.2(33)SXH.

Usage Guidelines

Setting the "managed address configuration flag" flag in IPv6 router advertisements indicates to attached hosts whether they should use stateful autoconfiguration to obtain addresses. If the flag is set, the attached hosts should use stateful autoconfiguration to obtain addresses. If the flag is not set, the attached hosts should not use stateful autoconfiguration to obtain addresses.

Hosts may use stateful and stateless address autoconfiguration simultaneously.

Examples

The following example configures the "managed address configuration flag" flag in IPv6 router advertisements on Ethernet interface 0/0:


Router(config)# interface ethernet 0/0
Router(config-if)# ipv6 nd managed-config-flag

ipv6 nd na glean

To configure neighbor discovery (ND) to glean an entry from an unsolicited neighbor advertisement (NA), use the ipv6 nd na glean command in interface configuration mode. To disable this feature, use the no form of this command.

ipv6 nd na glean

no ipv6 nd na glean

Syntax Description

This command has no arguments or keywords.

Command Default

The router ignores an unsolicited NA.

Command Modes


Interface configuration (config-if)

Command History

Release

Modification

12.2(33)SXI7

This command was introduced.

Cisco IOS XE Release 3.2SE

This command was integrated into Cisco IOS XE Release 3.2SE.

Usage Guidelines

IPv6 nodes may choose to emit a multicast unsolicited NA packet following the successful completion of duplicate address detection (DAD). By default, these unsolicited NA packets are ignored by other IPv6 nodes. The ipv6 nd na glean command configures the router to create an ND entry on receipt of an unsolicited NA packet (assuming no such entry already exists and the NA has the link-layer address option). Use of this command allows a router to populate its ND cache with an entry for a neighbor in advance of any data traffic exchange with the neighbor.

Examples

The following example configures ND to glean an entry from an unsolicited neighbor advertisement:


Router(config-if)# ipv6 nd na glean

ipv6 nd ns-interval

To configure the interval between IPv6 neighbor solicitation (NS) retransmissions on an interface, use the ipv6 nd ns-interval command in interface configuration mode. To restore the default interval, use the no form of this command.

ipv6 nd ns-interval milliseconds

no ipv6 nd ns-interval

Syntax Description

milliseconds

The interval between IPv6 neighbor solicit transmissions for address resolution. The acceptable range is from 1000 to 3600000 milliseconds.

Command Default

0 milliseconds (unspecified) is advertised in router advertisements and the value 1000 is used for the neighbor discovery activity of the router itself.

Command Modes


Interface configuration (config-if)

Command History

Release

Modification

12.2(2)T

This command was introduced.

12.0(21)ST

This command was integrated into Cisco IOS Release 12.0(21)ST.

12.0(22)S

This command was integrated into Cisco IOS Release 12.0(22)S.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.2(28)SB

This command was integrated into Cisco IOS Release 12.2(28)SB.

12.2(25)SG

This command was integrated into Cisco IOS Release 12.2(25)SG.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2(33)SXH

This command was integrated into Cisco IOS Release 12.2(33)SXH.

15.2(2)SA2

This command was implemented on the Cisco ME 2600X Series Ethernet Access Switches.

Usage Guidelines

By default, using the ipv6 nd ns-interval command changes the NS retransmission interval for both address resolution and duplicate address detection (DAD). To specify a different NS retransmission interval for DAD, use the ipv6 nd dad time command.

This value will be included in all IPv6 router advertisements sent out this interface. Very short intervals are not recommended in normal IPv6 operation. When a nondefault value is configured, the configured time is both advertised and used by the router itself.

Examples

The following example configures an IPv6 neighbor solicit transmission interval of 9000 milliseconds for Ethernet interface 0/0:


Router(config)# interface ethernet 0/0
Router(config-if)# ipv6 nd ns-interval 9000

ipv6 nd nud retry

To configure the number of times neighbor unreachability detection (NUD) resends neighbor solicitations (NSs), use the ipv6 nd nud retry command in interface configuration mode. To disable this feature, use the no form of this command.

ipv6 nd nud retry base interval max-attempts

no ipv6 nd nud retry base interval max-attempts

Syntax Description

base

The base NUD value.

interval

The time interval, in milliseconds, between retries.

max-attempts

The maximum number of retry attempts, depending on the base value.

Command Default

Three NS packets are sent 1 second apart.

Command Modes


Interface configuration (config-if)

Command History

Release

Modification

12.2(33)SXI7

This command was introduced.

Cisco IOS XE Release 3.2SE

This command was integrated into Cisco IOS XE Release 3.2SE.

Usage Guidelines

When a router runs NUD to re-resolve the ND entry for a neighbor, it sends three NS packets 1 second apart. In certain situations (for example, spanning-tree events, high traffic, the end host being reloaded), three NS packets sent at an interval of 1 second may not be sufficient. To help maintain the neighbor cache in such situations, use the ipv6 nd nud retry command to configure exponential timers for NS retransmits.

The maximum number of retry attempts is configured using the max-attempts argument. The retransmit interval is calculated with the following formula:

tm

t = Time interval

m = Base (1, 2, or 3)

n = Current NS number (where the first NS is 0)

The ipv6 nd nud retry command affects only the retransmit rate for NUD, not for initial resolution, which uses the default of three NS packets sent 1 second apart.

Examples

The following example provides a fixed interval of 1 second and three retransmits:


Router(config-if)# ipv6 nd nud retry 1 1000 3

The following example provides a retransmit interval of 1, 2, 4, and 8:


Router(config-if)# ipv6 nd nud retry 2 1000 4

The following example provides the retransmit intervals of 1, 3, 9, 27, 81:


Router(config-if)# ipv6 nd nud retry 3 1000 5 

ipv6 nd other-config-flag

To set the "other stateful configuration" flag in IPv6 router advertisements, use the ipv6 nd other-config-flag command in interface configuration mode. To clear the flag from IPv6 router advertisements, use the no form of this command.

ipv6 nd other-config-flag

no ipv6 nd other-config-flag

Syntax Description

This command has no arguments or keywords.

Command Default

The "other stateful configuration" flag is not set in IPv6 router advertisements.

Command Modes


Interface configuration

Command History

Release

Modification

12.2(2)T

This command was introduced.

12.0(21)ST

This command was integrated into Cisco IOS Release 12.0(21)ST.

12.0(22)S

This command was integrated into Cisco IOS Release 12.0(22)S.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.2(18)SXE

This command was integrated into Cisco IOS Release 12.2(18)SXE.

12.2(28)SB

This command was integrated into Cisco IOS Release 12.2(28)SB.

12.2(25)SG

This command was integrated into Cisco IOS Release 12.2(25)SG.

12.2(33)SRE

This command was modified. It was integrated into Cisco IOS Release 12.2(33)SRE.

Usage Guidelines

The setting of the "other stateful configuration" flag in IPv6 router advertisements indicates to attached hosts how they can obtain autoconfiguration information other than addresses. If the flag is set, the attached hosts should use stateful autoconfiguration to obtain the other (nonaddress) information.


Note


If the "managed address configuration" flag is set using the ipv6 nd managed-config-flag command, then an attached host can use stateful autoconfiguration to obtain the other (nonaddress) information regardless of the setting of the "other stateful configuration" flag.


Examples

The following example configures the "other stateful configuration" flag in IPv6 router advertisements on Ethernet interface 0/0:


Router(config)# interface ethernet 0/0
Router(config-if)# ipv6 nd other-config-flag

ipv6 nd prefix

To configure IPv6 prefixes that are included in IPv6 Neighbor Discovery (ND) router advertisements, use the ipv6 nd prefix command in interface configuration mode. To remove the prefixes, use the no form of this command.

ipv6 nd prefix {ipv6-prefix/prefix-length | default} [no-advertise | [valid-lifetime preferred-lifetime [off-link | no-rtr-address | no-autoconfig | no-onlink]]]at valid-date | preferred-date [off-link | no-rtr-address | no-autoconfig]

no ipv6 nd prefix {ipv6-prefix/prefix-length | default}

Syntax Description

ipv6-prefix

Specifies the IPv6 network number to include in router advertisements (RA).

This argument must be in the form documented in RFC 2373 where the address is specified in hexadecimal format using 16-bit values between colons.

/ prefix-length

Specifies the length of the IPv6 prefix. A decimal value that indicates how many of the high-order contiguous bits of the address comprise the prefix (the network portion of the address). A slash mark must precede the decimal value.

default

Specifies that the default values are used.

no-advertise

(Optional) Specifies that the prefix is not advertised.

valid-lifetime

(Optional) Specifies the amount of time (in seconds) that the specified IPv6 prefix is advertised as being valid. The range is from 0 to 4294967295.

preferred-lifetime

(Optional) Specifies the amount of time (in seconds) that the specified IPv6 prefix is advertised as being preferred. The range is from 0 to 4294967295.

off-link

(Optional) Configures the specified prefix as off-link. The prefix will be advertised with the L-bit clear. The prefix will not be inserted into the routing table as a Connected prefix. If the prefix is already present in the routing table as a Connected prefix (for example, because the prefix was also configured using the ipv6 address command), then it will be removed.

no-rtr-address

(Optional) Indicates that the router will not send the full router address in prefix advertisements and will not set the R bit.

no-autoconfig

(Optional) Indicates to hosts on the local link that the specified prefix cannot be used for IPv6 autoconfiguration. The prefix will be advertised with the A-bit clear.

no-onlink

(Optional) Configures the specified prefix as not on-link. The prefix will be advertised with the L-bit clear.

at valid-date

(Optional) Specifies the date and time at which the lifetime and preference expire. The prefix is valid until this specified date and time are reached. Date is expressed in the form date-valid-expire month-valid-expire year-valid-expire hh:mm-valid-expire .

preferred-date

(Optional) Specifies the preferred expire date. Dates is expressed in the form date-prefer-expire month-prefer-expire year-valid-expire hh:mm-prefer-expire .

Command Default

All prefixes configured on interfaces that originate IPv6 router advertisements are advertised with a valid lifetime of 2,592,000 seconds (30 days) and a preferred lifetime of 604,800 seconds (7 days).

Note that by default:

  • All prefixes will be inserted in the routing table as Connected prefixes

  • All prefixes will be advertised as on-link (for example, the L-bit will be set in the advertisement)

  • All prefixes will be advertised as an autoconfiguration prefix (for example, the A-bit will be set in the advertisement)

Command Modes


Interface configuration (config-if)

Command History

Release

Modification

12.2(13)T

This command was introduced. This command replaces the ipv6 nd prefix-advertisement command.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.3(11)T

This command was modified. The no-rtr-address keyword was added.

12.2(28)SB

This command was integrated into Cisco IOS Release 12.2(28)SB.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2(33)SXH

This command was integrated into Cisco IOS Release 12.2(33)SXH.

12.2(32.08.01)REC154

This command was modified. The no-onlink keyword was added.

15.2(2)SA2

This command was implemented on the Cisco ME 2600X Series Ethernet Access Switches.

Usage Guidelines

This command allows control over the individual parameters per prefix, including whether the prefix should be advertised or not.

By default, prefixes configured as addresses on an interface using the ipv6 address command and additional prefixes configured using the ipv6 nd prefix command are advertised in router advertisements. If you configure prefixes for advertisement using the ipv6 nd prefix command, then only these prefixes are advertised.

If you configure the ND prefix using the ipv6 nd prefix command, both the interface IPv6 address and ND prefix is advertised.

Default Parameters

The default keyword can be used to set default parameters for all prefixes.

Prefix Lifetime and Expiration

A date can be set to specify the expiration of a prefix. The valid and preferred lifetimes are counted down in real time. When the expiration date is reached, the prefix will no longer be advertised.

On-Link

When on-link is “on” (by default), the specified prefix is assigned to the link. Nodes sending traffic to such addresses that contain the specified prefix consider the destination to be locally reachable on the link.

Autoconfiguration

When autoconfiguration is “on” (by default), it indicates to hosts on the local link that the specified prefix can be used for IPv6 autoconfiguration.

The configuration options affect the L-bit and A-bit settings associated with the prefix in the IPv6 ND Router Advertisement, and presence of the prefix in the routing table, as follows:

  • Default L=1 A=1 In Routing Table

  • no-onlink L=0 A=1 In Routing Table

  • no-autoconfig L=1 A=0 In Routing Table

  • no-onlink no-autoconfig L=0 A=0 In Routing Table

  • off-link L=0 A=1 Not in Routing Table

  • off-link no-autoconfig L=0 A=0 Not in Routing Table

Examples

The following example includes the IPv6 prefix 2001:0DB8::/35 in router advertisements sent out Ethernet interface 0/0 with a valid lifetime of 1000 seconds and a preferred lifetime of 900 seconds:


Device(config)# interface ethernet 0/0
Device(config-if)# ipv6 nd prefix 2001:0DB8::/35 1000 900

The following example advertises the prefix with the L-bit clear, so that the prefix is retained in the IPv6 routing table:


Device(config)# interface ethernet 0/0 
Device(config-if)# ipv6 address 2001::1/64 
Device(config-if)# ipv6 nd prefix 2001::/64 3600 3600 no-onlink 

ipv6 nd prefix framed-ipv6-prefix

To add the prefix in a received RADIUS framed IPv6 prefix attribute to the interface’s neighbor discovery prefix queue, use the ipv6 nd prefix framed-ipv6-prefix command in interface configuration mode. To disable this feature, use the no form of this command.

ipv6 nd prefix framed-ipv6-prefix

no ipv6 nd prefix framed-ipv6-prefix

Syntax Description

This command has no arguments or keywords.

Command Default

Prefix is sent in the router advertisements (RAs).

Command Modes


Interface configuration

Command History

Release

Modification

12.3(14)T

This command was introduced.

12.2(18)SXE

This command was integrated into Cisco IOS Release 12.2(18)SXE.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

Use the ipv6 nd prefix framed-ipv6-prefix command to add the prefix in a received RADIUS framed IPv6 prefix attribute to the interface’s neighbor discovery prefix queue and include it in RAs sent on the interface’s link. By default, the prefix is sent in RAs. If the prefix in the attribute should be used by other applications such as the Dynamic Host Configuration Protocol (DHCP) for IPv6 server, administrators can disable the default behavior with the no form of the command.

Examples

The following example adds the prefix in a received RADIUS framed IPv6 prefix attribute to the interface’s neighbor discovery prefix queue:


ipv6 nd prefix framed-ipv6-prefix

ipv6 nd prefix-advertisement


Note


Effective with Cisco IOS Release 12.2(13)T, the ipv6 nd prefix-advertisement command is replaced by the ipv6 nd prefix command. See the ipv6 nd prefix command for more information.


To configure which IPv6 prefixes are included in IPv6 router advertisements, use the ipv6 nd prefix-advertisement command in interface configuration mode. To remove the prefixes, use the no form of this command.

ipv6 nd prefix-advertisement ipv6-prefix/prefix-length valid-lifetime preferred-lifetime [onlink] [autoconfig]

no ipv6 nd prefix-advertisement ipv6-prefix/prefix-length

Syntax Description

ipv6-prefix

The IPv6 network number to include in router advertisements.

This argument must be in the form documented in RFC 2373 where the address is specified in hexadecimal using 16-bit values between colons.

/ prefix-length

The length of the IPv6 prefix. A decimal value that indicates how many of the high-order contiguous bits of the address comprise the prefix (the network portion of the address). A slash mark must precede the decimal value.

valid-lifetime

The amount of time (in seconds) that the specified IPv6 prefix is advertised as being valid.

preferred-lifetime

The amount of time (in seconds) that the specified IPv6 prefix is advertised as being preferred.

onlink

(Optional) Indicates that the specified prefix is assigned to the link. Nodes sending traffic to such addresses that contain the specified prefix consider the destination to be locally reachable on the link.

autoconfig

(Optional) Indicates to hosts on the local link that the specified prefix can be used for IPv6 autoconfiguration.

Command Default

All prefixes configured on interfaces that originate IPv6 router advertisements are advertised with a valid lifetime of 2592000 seconds (30 days) and a preferred lifetime of 604800 seconds (7 days), and with both the "onlink" and "autoconfig" flags set.

Command Modes


Interface configuration

Command History

Release

Modification

12.2(2)T

This command was introduced.

12.0(21)ST

This command was integrated into Cisco IOS Release 12.0(21)ST.

12.0(22)S

This command was integrated into Cisco IOS Release 12.0(22)S.

12.2(13)T

This command was replaced by the ipv6 nd prefix command.

12.2(25)SG

This command was integrated into Cisco IOS Release 12.2(25)SG.

Usage Guidelines

By default, prefixes configured on an interface using the ipv6 address command are advertised with "onlink" and "autoconfiguration" flags set. If you configure prefixes for advertisement using the ipv6 nd prefix-advertisement command, then only these prefixes are advertised.

Examples

The following example includes the IPv6 prefix 2001:0DB8::/35 in router advertisements sent out Ethernet interface 0/0 with a valid lifetime of 1000 seconds, a preferred lifetime of 900 seconds, and both the "onlink" and "autoconfig" flags set:


Router(config)# interface ethernet 0/0
Router(config-if)# ipv6 nd prefix-advertisement 2001:0DB8::/35 1000 900 onlink autoconfig

ipv6 nd ra dns server

To configure the IPv6 router advertisement of DNS server addresses on an interface, use the ipv6 nd ra dns server command in interface configuration mode. To remove the IPv6 router advertisement of DNS server addresses, use the no form of this command.

ipv6 nd ra dns server ipv6-address seconds

no ipv6 nd ra dns server ipv6-address

Syntax Description

seconds

The amount of time (in seconds) that the Domain Naming System (DNS) server is advertised in an IPv6 router advertisement (RA). The range is from 200 to 4294967295.

Command Default

The DNS server is not advertised in an IPv6 RA.

Command Modes

Interface configuration (config-if)

Command History

Release Modification

Cisco IOS XE Release 3.9S

This command was introduced.

Usage Guidelines

You can use the ipv6 nd ra dns server command to configure up to eight DNS server addresses in an RA.

If you configure a seconds value of zero, the DNS server will no longer be used.

Examples

The following example configures a DNS server with an IPv6 address of 2001:DB8:1::1 to be advertised in an RA with a lifetime of 600 seconds:


Router(config)# interface ethernet 0/0
Router(config-if)# ipv6 nd ra dns server 2001:DB8:1::1 600

ipv6 nd ra interval

To configure the interval between IPv6 router advertisement (RA) transmissions on an interface, use the ipv6 nd ra interval command in interface configuration mode. To restore the default interval, use the no form of this command.

ipv6 nd ra interval {maximum-secs [minimum-secs] | msec maximum-ms [minimum-ms] }

no ipv6 nd ra interval

Syntax Description

maximum-secs

Maximum interval between IPv6 RA transmissions, in seconds. The range is from 4 to 1800.

minimum-secs

(Optional) Minimum interval between IPv6 RA transmissions, in seconds. The range is from 3 to 150.

msec

Specifies that the intervals are in milliseconds.

maximum-ms

Maximum interval between IPv6 RA transmissions, in milliseconds. The range is from 70 to 1800000.

minimum-ms

(Optional) Minimum interval between IPv6 RA transmissions, in milliseconds. The smallest possible RA interval is 30 milliseconds. The range is from 30 to 53.

Command Default

The default interval between IPv6 RA transmissions is 200 seconds.

Command Modes


Interface configuration (config-if)

Command History

Release

Modification

12.4(2)T

This command was introduced. This command replaces the ipv6 nd ra-interval command.

12.2(25)SG

This command was integrated into Cisco IOS Release 12.2(25)SG.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2(33)SXH

This command was integrated into Cisco IOS Release 12.2(33)SXH.

12.2(33)SB

This command was integrated into Cisco IOS Release 12.2(33)SB.

15.2(2)SA2

This command was implemented on Cisco ME 2600X Series Ethernet Access Switches.

Usage Guidelines

The interval between transmissions should be less than or equal to the IPv6 router advertisement lifetime if you configure the route as a default router by using the ipv6 nd ra lifetime command. To prevent synchronization with other IPv6 nodes, the actual interval used is randomly selected from a value between the minimum and maximum values.

Users can explicitly configure a minimum RA interval. The minimum RA interval may never be more than 75 percent of the maximum RA interval and never less than 3 seconds (if specified in seconds). If the minimum RA interval is not configured, it is calculated as 75 percent of the maximum RA interval.

If the user specifies the time in milliseconds, then the minimum RA interval is 30 milliseconds. This limit allows configuration of very short RA intervals for Mobile IPv6.

The maximum and minimum RA intervals govern only unsolicited RA messages. Solicited RA messages are transmitted as router solicitation (RS) on the interface. However, if multiple RS messages are received every second, there is a minimum delay of 3 seconds between the RA messages. This limits the number of solicited RA messages transmitted from the interface.

Examples

The following example configures an IPv6 router advertisement interval of 201 seconds for Ethernet interface 0/0:


Device(config)# interface ethernet 0/0
Device(config-if)# ipv6 nd ra interval 201

The following examples shows a maximum RA interval of 200 seconds and a minimum RA interval of 50 seconds:


Device(config-if)# ipv6 nd ra interval 200 50

The following examples shows a maximum RA interval of 100 milliseconds and a minimum RA interval of 30 milliseconds, which is the smallest value allowed:


Device(config-if)# ipv6 nd ra interval msec 100 30

ipv6 nd ra lifetime

To configure the router lifetime value in IPv6 router advertisements on an interface, use the ipv6 nd ra lifetime command in interface configuration mode. To restore the default lifetime, use the no form of this command.

ipv6 nd ra lifetime seconds

no ipv6 nd ra lifetime

Syntax Description

seconds

The validity of this router as a default router on this interface (in seconds).

Command Default

The default lifetime value is 1800 seconds.

Command Modes


Interface configuration

Command History

Release

Modification

12.4(2)T

This command was introduced. This command replaces the ipv6 nd ra-lifetime command.

12.2(25)SG

This command was integrated into Cisco IOS Release 12.2(25)SG.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2(33)SXH

This command was integrated into Cisco IOS Release 12.2(33)SXH.

12.2(33)SB

This command was integrated into Cisco IOS Release 12.2(33)SB.

15.2(2)SA2

This command was implemented on the Cisco ME 2600X Series Ethernet Access Switches.

Usage Guidelines

The "router lifetime" value is included in all IPv6 router advertisements sent out the interface. The value indicates the usefulness of the router as a default router on this interface. Setting the value to 0 indicates that the router should not be considered a default router on this interface. The "router lifetime" value can be set to a non zero value to indicate that it should be considered a default router on this interface. The non zero value for the "router lifetime" value should not be less than the router advertisement interval.

Examples

The following example configures an IPv6 router advertisement lifetime of 1801 seconds for Ethernet interface 0/0:


Router(config)# interface ethernet 0/0
Router(config-if)# ipv6 nd ra lifetime 1801

ipv6 nd ra solicited unicast

To configure unified solicited Router Advertisement response method on an interface, use the ipv6 nd ra solicited unicast command in interface configuration mode. To remove solicited Router Advertisement response, use the no form of this command.

ipv6 nd ra solicited unicast

noipv6 nd ra solicited unicast

Syntax Description

There are no keywords or arguments for this command.

Command Default

The solicited Router Advertisement response is not configured.

Command Modes


Interface configuration

Command History

Release

Modification

15.4(2)T

This command was introduced.

15.4(2)S

This command was integrated into Cisco IOS Release 15.4(2)S.

15.2(1)SY1

This command was integrated into Cisco IOS Release 15.2(1)SY1.

Usage Guidelines

Large networks with a high concentration of mobile devices might experience like battery depletion, when solicited Router Advertisement messages are multicast . Use the ipv6 nd ra solicited unicast to unicast solicited Router Advertisement messages extend battery life of mobile device in the network.

Examples

The following example configures an IPv6 router advertisement lifetime of 1801 seconds for Ethernet interface 0/0:


Router(config)# interface ethernet 0/0
Router(config-if)# ipv6 nd ra solicited unicast

ipv6 nd ra suppress

To suppress IPv6 router advertisement transmissions on a LAN interface, use the ipv6 nd ra suppress command in interface configuration mode. To reenable the sending of IPv6 router advertisement transmissions on a LAN interface, use the no form of this command.

ipv6 nd ra suppress [all]

no ipv6 nd ra suppress

Syntax Description

all

(Optional) Suppresses all router advertisements (RAs) on an interface.

Command Default

IPv6 router advertisements are automatically sent on Ethernet and FDDI interfaces if IPv6 unicast routing is enabled on the interfaces. IPv6 router advertisements are not sent on other types of interfaces.

Command Modes


Interface configuration

Command History

Release

Modification

12.4(2)T

This command was introduced. This command replaces the ipv6 nd suppress-ra command.

12.2(25)SG

This command was integrated into Cisco IOS Release 12.2(25)SG.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2(33)SXH

This command was integrated into Cisco IOS Release 12.2(33)SXH.

12.2(33)SB

This command was integrated into Cisco IOS Release 12.2(33)SB.

Cisco IOS XE Release 2.1

This command was integrated into Cisco IOS XE Release 2.1.

15.2(2)SA2

This command was implemented on the Cisco ME 2600X Series Ethernet Access Switches.

Usage Guidelines

The ipv6 nd ra suppress command only suppresses periodic unsolicited RAs. It does not suppress RAs sent in response to a router solicitation. To suppress all RAs, including those sent in response to a router solicitation, use the ipv6 nd ra suppress command with the all keyword.

Use the no ipv6 nd ra suppress command to enable the sending of IPv6 RA transmissions on non-LAN interface types (for example, serial or tunnel interfaces).

Examples

The following example suppresses IPv6 router advertisements on Ethernet interface 0/0:


Router(config)# interface ethernet 0/0
Router(config-if)# ipv6 nd ra suppress

The following example enables the sending of IPv6 router advertisements on serial interface 0/1:


Router(config)# interface serial 0/1
Router(config-if)# no ipv6 nd ra suppress

ipv6 nd raguard

To apply the router advertisements (RA) guard feature, use the ipv6 nd raguard command in interface configuration mode.

ipv6 nd raguard

no ipv6 nd raguard

Syntax Description

This command has no arguments or keywords.

Command Default

An RA guard policy is not configured.

Command Modes


Interface configuration (config-if)

Command History

Release

Modification

12.2(33)SXI4

This command was introduced.

12.2(54)SG

This command was modified. Support for Cisco IOS Release 12.2(54)SG was added.

Usage Guidelines

The ipv6 nd raguard command enables the RA guard feature. If the RA does not match with the configured option, the packet is dropped.

Examples

The following example applies the RA guard:


Router(config-if)# ipv6 nd raguard

ipv6 nd raguard attach-policy

To apply the IPv6 router advertisement (RA) guard feature on a specified interface, use the ipv6 nd raguard attach-policy command in interface configuration mode.

ipv6 nd raguard attach-policy [policy-name [vlan {add | except | none | remove | all} vlan [vlan1, vlan2, vlan3...]]]

Syntax Description

policy-name

(Optional) IPv6 RA guard policy name.

vlan

(Optional) Applies the IPv6 RA guard feature to a VLAN on the interface.

add

Adds a VLAN to be inspected.

except

All VLANs are inspected except the one specified.

none

No VLANs are inspected.

remove

Removes the specified VLAN from RA guard inspection.

all

ND traffic from all VLANs on the port is inspected.

vlan

(Optional) A specific VLAN on the interface. More than one VLAN can be specified (vlan1 , vlan2 , vlan3 ...). The range of available VLAN numbers is from 1 through 4094.

Command Default

An IPv6 RA guard policy is not configured.

Command Modes


Interface configuration (config-if)

Command History

Release

Modification

12.2(50)SY

This command was introduced.

15.2(4)S

This command was integrated into Cisco IOS Release 15.2(4)S.

15.0(2)SE

This command was integrated into Cisco IOS Release 15.0(2)SE.

Cisco IOS XE Release 3.2SE

This command was integrated into Cisco IOS XE Release 3.2SE.

Usage Guidelines

If no policy is specified using the policy-name argument, the port device role is set to host and all inbound router traffic (for example, RA and redirect messages) is blocked.

If no VLAN is specified (which is equal to entering the vlan all keywords after the policy-name argument), RA guard traffic from all VLANs on the port is analyzed.

If specified, the VLAN parameter is either a single VLAN number from 1 through 4094 or a range of VLANs described by two VLAN numbers, the lesser one first, separated by a dash. Do not enter any spaces between comma-separated vlan parameters or in dash-specified ranges; for example, vlan 1-100,200,300-400.

Examples

In the following example, the IPv6 RA guard feature is applied on GigabitEthernet interface 0/0:


Device(config)# interface GigabitEthernet 0/0
Device(config-if)# ipv6 nd raguard attach-policy

ipv6 nd raguard policy

To define the router advertisement (RA) guard policy name and enter RA guard policy configuration mode, use the ipv6 nd raguard policy command in global configuration mode.

ipv6 nd raguardpolicy policy-name

Syntax Description

policy-name

IPv6 RA guard policy name.

Command Default

An RA guard policy is not configured.

Command Modes


Global configuration (config)#

Command History

Release

Modification

12.2(50)SY

This command was introduced.

15.2(4)S

This command was integrated into Cisco IOS Release 15.2(4)S.

15.0(2)SE

This command was integrated into Cisco IOS Release 15.0(2)SE.

Cisco IOS XE Release 3.2SE

This command was integrated into Cisco IOS XE Release 3.2SE.

Usage Guidelines

Use the ipv6 nd raguard policy command to configure RA guard globally on a router. Once the device is in ND inspection policy configuration mode, you can use any of the following commands:

  • device-role

  • drop-unsecure

  • limit address-count

  • sec-level minimum

  • trusted-port

  • validate source-mac

After IPv6 RA guard is configured globally, you can use the ipv6 nd raguard attach-policy command to enable IPv6 RA guard on a specific interface.

Examples

The following example shows how to define the RA guard policy name as policy1 and place the device in policy configuration mode:


Device(config)# ipv6 nd raguard policy policy1
Device(config-ra-guard)#

ipv6 nd reachable-time

To configure the amount of time that a remote IPv6 node is considered reachable after some reachability confirmation event has occurred, use the ipv6 nd reachable-time command in interface configuration mode. To restore the default time, use the no form of this command.

ipv6 nd reachable-time milliseconds

no ipv6 nd reachable-time

Syntax Description

milliseconds

The amount of time that a remote IPv6 node is considered reachable (in milliseconds).

Command Default

0 milliseconds (unspecified) is advertised in router advertisements and the value 30000 (30 seconds) is used for the neighbor discovery activity of the router itself.

Command Modes


Interface configuration