||Choose . |
||Choose the IPv6 interface on which to configure IPv6 neighbor settings, and click Edit.|
||Click the IPv6 tab. |
||Enter the number of allowed DAD Attempts.
Values range from 0 to 600. A 0 value disables DAD processing on the specified interface. The default is 1 message.
DAD ensures the uniqueness of new unicast IPv6 addresses before they are assigned, and ensures that duplicate IPv6 addresses are detected in the network on a link basis. The ASA uses neighbor solicitation messages to perform DAD.
When a duplicate address is identified, the state of the address is set to DUPLICATE, the address is not used, and the following error message is generated:
325002: Duplicate address ipv6_address/MAC_address on interface
If the duplicate address is the link-local address of the interface, the processing of IPv6 packets is disabled on the interface. If the duplicate address is a global address, the address is not used.
||Enter the NS Interval in milliseconds to set the interval between IPv6 neighbor solicitation retransmissions.
Valid values for the value argument range from 1000 to 3600000 milliseconds.
Neighbor solicitation messages (ICMPv6 Type 135) are sent on the local link by nodes attempting to discover the link-layer addresses of other nodes on the local link. After receiving a neighbor solicitation message, the destination node replies by sending a neighbor advertisement message (ICPMv6 Type 136) on the local link.
After the source node receives the neighbor advertisement, the source node and destination node can communicate. Neighbor solicitation messages are also used to verify the reachability of a neighbor after the link-layer address of a neighbor is identified. When a node wants to verifying the reachability of a neighbor, the destination address in a neighbor solicitation message is the unicast address of the neighbor.
Neighbor advertisement messages are also sent when there is a change in the link-layer address of a node on a local link.
||Enter the Reachable Time in seconds to set how long a remote IPv6 node is reachable.
Set the reachable time between 0 to 3600000 milliseconds. When you set the time to 0, then the reachable time is sent as undetermined. It is up to the receiving devices to set and track the reachable time value.
The neighbor reachable time enables detecting unavailable neighbors. Shorter configured times enable detecting unavailable neighbors more quickly, however, shorter times consume more IPv6 network bandwidth and processing resources in all IPv6 network devices. Very short configured times are not recommended in normal IPv6 operation.
||Enter the RA Lifetime in seconds to set the length of time that nodes on the local link consider the ASA as the default router on the link.
Values range from 0 to 9000 seconds. Entering 0 indicates that the ASA should not be considered a default router on the selected interface.
||Check the Suppress RA check box to suppress router advertisements.
Router advertisement messages (ICMPv6 Type 134) are automatically sent in response to router solicitation messages (ICMPv6 Type 133). Router solicitation messages are sent by hosts at system startup so that the host can immediately autoconfigure without needing to wait for the next scheduled router advertisement message.
You may want to disable these messages on any interface for which you do not want the ASA to supply the IPv6 prefix (for example, the outside interface).
Enabling this option causes the ASA to appear as a regular IPv6 neighbor on the link and not as an IPv6 router.
||Enter the RA Interval to set the interval between IPv6 router advertisement transmissions.
Valid values range from 3 to 1800 seconds. The default is 200 seconds.
To add a router advertisement transmission interval value in milliseconds instead, check the RA Interval in Milliseconds check box, and enter a value from 500 to 1800000.
||Check the Hosts should use DHCP for address config check box to inform IPv6 autoconfiguration clients that they should use DHCPv6 to obtain addresses, in addition to the derived stateless autoconfiguration address.
This option sets the Managed Address Config flag in the IPv6 router advertisement packet.
||Check the Hosts should use DHCP for non-address config check box to inform IPv6 autoconfiguration clients that they should use DHCPv6 to obtain additional information from DHCPv6, such as the DNS server address.
This option sets the Other Address Config flag in the IPv6 router advertisement packet.
||Configure which IPv6 prefixes are included in IPv6 router advertisements.|
- In the Interface IPv6 Prefixes area, click Add.
- Enter the Address/Prefix Length or check the Default check box to use the default prefix.
- Check the No Auto-Configuration check box to force hosts to configure the IPv6 address manually. Hosts on the local link with the specified prefix cannot use IPv6 autoconfiguration.
- Check the No Advertisements check box to disable prefix advertisement.
- Check the Off Link check box to configure the specified prefix as off-link. The prefix will be advertised with the L-bit clear. The prefix will not be inserted into the routing table as a Connected prefix.
- In the Prefix Lifetime area, specify a Lifetime Duration or Lifetime Expiration Date.
After the preferred lifetime expires, the address goes into a deprecated state; while an address is in a deprecated state, its use is discouraged, but not strictly forbidden. After the valid lifetime expires, the address becomes invalid and cannot be used. The valid lifetime must be greater than or equal to the preferred lifetime.
Lifetime Duration—Values range from 0 to 4294967295. The default valid lifetime is 2592000 (30 days). The default preferred lifetime is 604800 (7 days). The maximum value represents infinity.
Lifetime Expiration Date—Choose a valid and preferred month and day from the drop-down lists, and then enter a time in hh:mm format.
- Click OK to save your settings.
||Click OK. |
||Configure a static IPv6 neighbor.
The following guidelines and limitations apply for configuring a static IPv6 neighbor:
This feature is similar to adding a static ARP entry. If an entry for the specified IPv6 address already exists in the neighbor discovery cache—learned through the IPv6 neighbor discovery process—the entry is automatically converted to a static entry. These entries are stored in the configuration when the copy command is used to store the configuration.
Static entries in the IPv6 neighbor discovery cache are not modified by the neighbor discovery process.
The ICMP syslogs generated are caused by a regular refresh of IPv6 neighbor entries. The ASA default timer for IPv6 neighbor entry is 30 seconds, so the ASA would generate ICMPv6 neighbor discovery and response packets about every 30 seconds. If the ASA has both failover LAN and state interfaces configured with IPv6 addresses, then every 30 seconds, ICMPv6 neighbor discovery and response packets will be generated by both ASAs for both configured and link-local IPv6 addresses. In addition, each packet will generate several syslogs (ICMP connection and local-host creation or teardown), so it may appear that constant ICMP syslogs are being generated. The refresh time for IPV6 neighbor entry is configurable on the regular data interface, but not configurable on the failover interface. However, the CPU impact for this ICMP neighbor discovery traffic is minimal.
See also View and Clear Dynamically Discovered Neighbors.
- Choose Configuration > Device Management > Advanced > IPv6 Neighbor Discovery Cache.
- Click Add.
The Add IPv6 Static Neighbor dialog box appears.
- From the Interface Name drop-down list, choose an interface on which to add the neighbor.
- In the IP Address field, enter the IPv6 address that corresponds to the local data-link address, or click the ellipsis (...) to browse for an address.
- In the MAC address field, enter the local data-line (hardware) MAC address.
- Click OK.
||Click Apply to save the running configuration. |