ipv6 nd proxy inner-access-vlan enable

Function

The ipv6 nd proxy inner-access-vlan enable command enables the intra-VLAN proxy ND function.

The undo ipv6 nd proxy inner-access-vlan enable command disables the intra-VLAN proxy ND function.

By default, the intra-VLAN proxy ND function is not enabled.

Format

ipv6 nd proxy inner-access-vlan enable

undo ipv6 nd proxy inner-access-vlan enable

Parameters

None

Views

100ge sub-interface view, 10GE sub-interface view, 200GE sub-interface view, 25GE sub-interface view, 400GE sub-interface view, 40GE sub-interface view, 50GE sub-interface view, Eth-Trunk sub-interface view, GE sub-interface view, Global VE sub-interface view, VE sub-interface view, VLANIF interface view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
nd write

Usage Guidelines

Usage Scenario

If two hosts are on the same network segment and belong to the same VLAN but user isolation has been configured on interfaces in the VLAN, the hosts cannot communicate with each other. To address this problem, run the ipv6 nd proxy inner-access-vlan enable command to enable the intra-VLAN proxy ND function on the gateway connecting the two hosts. After the command is run, the gateway uses its own MAC address and the IPv6 address of the destination host to send the source host an NA packet as a reply. Specifically, the gateway takes the place of the destination host to reply with an NA packet. In this manner, the hosts in a VLAN where user isolation has been configured can properly communicate with each other.

Prerequisites

The IPv6 function has been enabled using the ipv6 enable command.

Precautions

  • The IPv6 address of the interface enabled with proxy ND must be on the same network segment as the IPv6 address of the host connected to the interface.
  • Proxy ND cannot be enabled on an interface configured with a CGA address. Otherwise, the replied NA packets that carry the CGA/RSA option may be discarded.
  • Multiple types of proxy ND can be configured in the interface view. The priorities of these proxy ND types are as follows in descending order: any proxy ND > intra-VLAN proxy ND/inter-VLAN proxy ND/local proxy ND> routed proxy ND.
  • Proxy ND is not supported for the following types of packets:
  • NS packets with a link-local address as the target address
  • DAD NS packets with the source address of all 0s
  • NS packets with the target address and interface address on different network segments
  • NS packets with the IP address of the local host as the target address.

Example

# Enable the intra-VLAN proxy ND function on GE0/1/1.1.
<HUAWEI> system-view
[~HUAWEI] interface GigabitEthernet0/1/1.1
[~HUAWEI-GigabitEthernet0/1/1.1] ipv6 enable
[*HUAWEI-GigabitEthernet0/1/1.1] ipv6 nd proxy inner-access-vlan enable
# Enable the intra-VLAN proxy ND function on VLANIF 20.
<HUAWEI> system-view
[~HUAWEI] vlan 20
[*HUAWEI-vlan20] quit
[*HUAWEI] interface vlanif 20
[*HUAWEI-Vlanif20] ipv6 enable
[*HUAWEI-Vlanif20] ipv6 nd proxy inner-access-vlan enable
Parent Topic: IPv6 ND Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >