UMN:CLI
User Manual
V8102
286
no deny ipv6
{
host X:X::X:X
|
X:X::X:X/M
|
any
}
mac pattern
WORD offset
<0-5>
host: sender host
MACADDR: sender MAC address
X:X::X:X: start/end IPv6 address of sender
X:X::X:X/M: sender IPv6 network address
no deny ipv6 range X:X::X:X
X:X::X:X mac any
By the following command, the ND access list also refers to a DHCP snooping binding
table to permit the ND packets for DHCP users. This feature enables the system to permit
ND packets only for the IPv6 addresses on the DHCP snooping binding table. The ND
access list with the DHCP snooping allows IP communications to users authorized by the
DHCP snooping. The source IP address and MAC address of each packet are checked
against the table, and if a valid match is not found, the packet is dropped.
To permit/discard ND packets for the users authorized by the DHCPv6 snooping, use the
following command.
Command
Mode
Description
permit dhcpv6-snoop-inspection
ND-ACL
Permits ND packets of users authorized by the
DHCPv6 snooping.
no
permit
dhcpv6-snoop-
inspection
Discards the configured ND packets of users author-
ized by the DHCPv6 snooping.
To display the configured ND access lists, use the following command.
Command
Mode
Description
show
ipv6
nd
access-list
[
NAME
]
Global
Displays the existing ND access lists.
8.2.10.2
Enabling ND Inspection Filtering
To enable/disable the ND inspection filtering of a certain range of IPv6 addresses from
the ND access list, use the following command.
Command
Mode
Description
ipv6 nd inspection filter
NAME
vlan
VLANS
Global
Enables ND inspection filtering with the configured ND
access list on the VLAN.
NAME: ND access list name
no ipv6 nd inspection filter
NAME
vlan
VLANS
Disables ND inspection filtering with a configured ND
access list on specified VLAN.
ND inspection actually runs in the system after the configured ND access list applies to
specific VLAN ID using the
ip nd inspection filter
command.
i