nd snooping trusted

Function

The nd snooping trusted command configures the trusted interface.

The undo nd snooping trusted command restores the trusted interface to an untrusted interface.

Format

Ethernet interface view, GE interface view, XGE interface view, 25GE interface view, MultiGE interface view, 40GE interface view, 100GE interface view, Eth-Trunk interface view, port group view, BD view

nd snooping trusted

undo nd snooping trusted

VLAN view

nd snooping trusted interface interface-type interface-number

undo nd snooping trusted interface interface-type interface-number

Parameters

Parameter	Description	Value
interface interface-type interface-number	Specifies the type and number of the trusted interface. interface-type specifies the interface type. interface-number specifies the interface number.	-

Parameter

Description

Value

interface interface-type interface-number

Specifies the type and number of the trusted interface.

interface-type specifies the interface type.
interface-number specifies the interface number.

Views

VLAN view, Ethernet interface view, GE interface view, XGE interface view, 25GE interface view, MultiGE interface view, 40GE interface view, 100GE interface view, Eth-Trunk interface view, port group view, BD view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

ND snooping classifies interfaces connected to IPv6 nodes into trusted and untrusted interfaces. The trusted interfaces connect to trusted IPv6 nodes and untrusted interfaces connect to untrusted IPv6 nodes. By default, all interfaces are untrusted.

You must configure the interface connected to a trusted IPv6 node as a trusted interface so that the device can forward the ND packets received by this interface. In addition, the device creates a prefix management table according to the received RA packet to help network administrators manage IPv6 addresses.
The interface connected to an untrusted IPv6 node must be configured as an untrusted interface. The device discards the RA packets received by the untrusted interface to prevent RA attacks.

Generally, the interface connecting to the gateway is configured as the trusted interface, and other interfaces are all untrusted interfaces.

Prerequisites

ND snooping has been enabled using the nd snooping enable command in the system view.

Precautions

After the nd snooping trusted command is executed, ND snooping is enabled on the interface.

When you run the nd snooping trusted command in the VLAN view, the specified interface must belong to the VLAN.

Example

# Configure GE0/0/1 as a trusted interface.

<HUAWEI> system-view
[HUAWEI] nd snooping enable
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] nd snooping trusted

# Configure GE0/0/1 in VLAN 10 as a trusted interface.

<HUAWEI> system-view
[HUAWEI] nd snooping enable
[HUAWEI] vlan 10
[HUAWEI-vlan10] nd snooping trusted interface gigabitethernet 0/0/1