KB.15.15

When a pair of IPv6 devices in a VLAN exchange communication, they enter each other's IPv6

and corresponding MAC addresses in their respective neighbor caches. These entries are maintained

for a time after communication ceases and then dropped.

To view or clear the content of the neighbor cache, see “Viewing the neighbor cache” (page 36).

For related information, see RFC 2461: "Neighbor Discovery for IP Version 6 (IPv6)."

Duplicate address detection (DAD)

DAD verifies that a configured unicast IPv6 address is unique before it is assigned to a VLAN

interface on the switch. DAD is enabled in the default IPv6 configuration and can be reconfigured,

disabled, or re-enabled at the global config or per-interface command level. DAD can be useful

in helping to troubleshoot erroneous replies to DAD requests, or where the neighbor cache contains

a large number of invalid entries caused by an unauthorized station sending false replies to the

switch's ND queries. If DAD verifies that a unicast IPv6 address is a duplicate, the address is not

used. If the link-local address of the VLAN interface is found to be a duplicate of an address for

another device on the interface, the interface stops processing IPv6 traffic.

DAD operation

On a given VLAN interface, when a new unicast address is configured, the switch runs DAD for

this address by sending a neighbor solicitation to the All-Nodes multicast address (ff02::1). This

operation discovers other devices on the VLAN and verifies whether the proposed unicast address

assignment is unique on the VLAN. (During this time, the address being checked for uniqueness is

held in a tentative state and cannot be used to receive traffic other than neighbor solicitations and

neighbor advertisements.) A device that receives the neighbor solicitation responds with a neighbor

advertisement that includes its link-local address. If the newly configured address is from a static

or DHCPv6 source and is found to be a duplicate, it is labeled as duplicate in the "Address Status"

field of the show ipv6 command and is not used. If an autoconfigured address is found to be a

duplicate, it is dropped and the following message appears in the Event Log:

W date time 00019 ip: ip address IPv6-address removed from

vlan id vid

DAD does not perform periodic checks of existing addresses. However, when a VLAN comes up

with IPv6 unicast addresses configured (as can occur during a reboot), the switch runs DAD for

each address on the interface by sending neighbor solicitations to the All-Nodes multicast address,

as described above.

If an address is configured while DAD is disabled, the address is assumed to be unique and is

assigned to the interface. If you want to verify the uniqueness of an address configured while DAD

was disabled, re-enable DAD and then either delete and reconfigure the address, or reboot the

switch.

Configuring DAD

Syntax:

ipv6 nd dad-attempts 0 - 255

This command is executed at the global or per-interface config level, and configures

the number of neighbor solicitations to send when performing DAD for a unicast

address configured on a VLAN or tunnel interface. A per-interface configuration

overrides a globally set configuration.

0 - 255

The number of consecutive neighbor solicitation messages sent for DAD inquiries

on an interface. Setting this value to 0 disables DAD on the interface, which

bypasses checks for uniqueness on newly configured addresses. If a reboot is

Configuring DAD 31