Neighbor Discovery Proxy

Neighbor discovery

A neighbor discovery protocol (NDP) is a communication protocol that

  • uses ICMPv6 messages to allow nodes within the same IPv6 network link to detect and signal their presence

  • employs solicited-node multicast addresses to track and discover other IPv6 hosts connected to network interfaces, and

  • facilitates address resolution and reachability checks between nodes using neighbor solicitation (NS) and neighbor advertisement (NA) messages.

Neighbor discovery proxy

A neighbor discovery proxy is a controller feature that

  • intercepts IPv6 neighbor solicitation packets destined for wireless client

  • responds on behalf of the clients to reduce unnecessary multicast traffic, and

  • operates only in central switching mode for efficient network management.

If neighbor discovery proxy is not enabled, the multicast neighbor solicitation is converted into unicast neighbor solicitation with the MAC address of the target client and is forwarded to that client.


Note

A controller does not proxy the neighbor solicitation packet if the destination address is not that of a wireless client.

Configure neighbor discovery proxy (CLI)

Follow these steps to configure the neighbor discovery proxy using commands.

Procedure

Step 1

Enter the global configuration mode.

Example:

Device# configure terminal

Step 2

Configure WLAN policy profile and enter the wireless policy configuration mode.

Example:

Device(config)# wireless profile policy policy policy-name

Step 3

Enable ND proxy.

Example:

Device(config-wireless-policy)# ipv6 nd proxy full-proxy

Duplicate address detection proxy

IPv6 duplicate address detection (DAD) is a mechanism that is

  • used to verify that an IPv6 address is unique on a network segment before it is assigned to a device

  • acts on behalf of wireless clients to ensure no duplicate addresses are assigned, and

  • the proxy responds to DAD neighbor solicitation (NS) messages, preventing address conflicts among wireless clients.

DAD verifies whether a host address is unique. The IPv6 DAD Proxy feature responds on behalf of the address owner when an address is in use.

However, in a scenario where nodes are restricted from talking to each other at Layer 2, DAD cannot detect a duplicate address. If the DAD proxy is disabled, the multicast packet is converted into a unicast packet and sent to the target client.


Note

  • DAD proxy is applicable only in central switching mode.

  • A controller does not proxy the DAD NS packet if the destination address is not that of a wireless client.

Configure duplicate address detection proxy (CLI)

Enable DAD proxy to prevent duplicate IPv6 address assignment by monitoring and responding to neighbor discovery requests using commands.

Procedure

Step 1

Enter the global configuration mode.

Example:

Device# configure terminal

Step 2

Configure a WLAN policy profile and enter the wireless policy configuration mode.

Example:

Device(config)# wireless profile policy policy-profile-name

Step 3

Enable DAD proxy.

Example:

Device(config-wireless-policy)# ipv6 nd proxy dad-proxy

Note

 

Full proxy configuration includes both ND proxy and DAD proxy configurations. To enable DAD proxy, use the ipv6 nd proxy full-proxy command.