F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Network Management Configuration Guide-6PW100
685
• Local ND proxy
As shown in
2881HFigure 362, both Host A and Host B belong to VLAN 2, but they connect to
GigabitEthernet 0/3 and GigabitEthernet 0/1 respectively, which are isolated at Layer 2.
Figure 362 Application environment of local ND proxy
Because Host A's IPv6 address is on the same subnet as Host B's, Host A directly sends an NS
message to obtain Host B's MAC address. However, Host B cannot receive the NS message
because they are isolated at Layer 2.
To solve this problem, enable local ND proxy on GigabitEthernet 0/2 of the firewall so that the
firewall can forward messages between Host A and Host B.
Local ND proxy implements Layer 3 communication for two hosts in the following cases:
{ The two hosts must connect to different isolated Layer 2 ports of a VLAN.
{ If isolate-user-VLAN is used, the two hosts must belong to different secondary VLANs.
1691BConfiguration procedure
You can enable ND proxy and local ND proxy in VLAN interface view, Layer 3 Ethernet interface view,
or Layer 3 Ethernet subinterface view.
To enable ND proxy:
Ste
p
Command
Remarks
960. Enter system view. system-view N/A
961. Enter interface view.
interface interface-type interface-number N/A
962. Enable ND proxy.
proxy-nd enable Disabled by default.
To enable local ND proxy:
Ste
p
Command
Remarks
963. Enter system view.
system-view N/A
964. Enter interface view.
interface interface-type interface-number N/A
965. Enable local ND proxy. local-proxy-nd enable Disabled by default.