IPv6

Arista switches support Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6) for routing packets across network boundaries. This section describes Arista’s implementation of IPv6 and includes these topics:

Introduction

Routing transmits network layer data packets over connected independent subnets. Each subnet is assigned an IP address range and each device on the subnet is assigned an IP address from that range.

Connected subnets have IP address ranges that do not overlap. A router is a network device connecting multiple subnets. Routers forward inbound packets to the subnet whose address range includes the packets’ destination address.

IPv4 and IPv6 are Internet layer protocols that define packet-switched inter-networking, including source-to-destination datagram transmission across multiple networks. The switch supports IP version 4 (IPv4) and IP version 6 (IPv6).

IPv6 is described by RFC 2460: Internet Protocol, Version 6 (IPv6) Specification. RFC 2463 describes ICMPv6 for IPv6. ICMPv6 is a core protocol of the Internet Protocol suite.

IPv6 Description

Internet Protocol version 6 (IPv6) is a communications protocol used for relaying network packets across a set of connected networks using the Internet Protocol suite. Each network device is assigned a 128 bit IP address that identifies its network location.

IPv6 specifies a packet format that minimizes router processing of packet headers. Since the IPv4 and IPv6 packet headers differ significantly, the protocols are not interoperable. Many transport and application-layer protocols require little or no change to operate over IPv6.

IPv6 Address Format

IPv6 addresses have 128 bits, represented by eight 16-bit hexadecimal numbers separated by colons. IPv6 addresses are abbreviated as follows:
  • Leading zeros in each 16-bit number may be omitted.
  • One set of consecutive 16-bit numbers that equal zero may be replaced by a double colon.

Example

The following three IPv6 hexadecimal number representations refer to the same address:
d28e:0000:0000:0000:0234:812f:61ed:4419
d28e:0:0:0:234:812f:61ed:4419
d28e::234:812f:61ed:4419

IPv6 addresses typically denote a 64-bit network prefix and a 64-bit host address.

Unicast and Anycast Addressing

Unicast addressing defines a one-to-one association between the destination address and a network endpoint. Each destination address uniquely identifies a single receiver endpoint. Anycast addressing defines a one-to-one-of-many association: packets to a single member of a group of potential receivers identified by the same destination address.

Unicast and anycast addresses are typically composed as follows:
  • A 64-bit network prefix that identifies the network segment.
  • A 64-bit interface identifier that is based on interface MAC address.
The format of a network address identifies the scope of the address:
  • Global address: valid in all networks and connect with other addresses with global scope anywhere or to addresses with link-local scope on the directly attached network.
  • Link-local address: scope extends only to the link to which the interface is directly connected. Link-local addresses are not routable off the link.

Link-local addresses are created by the switch and are not configurable. The following figure depicts the switch’s link local address derivation method.

Figure 1. Link Local Address Derivation

Multicast Addressing

Multicast addressing defines a one-to-many association: packets are simultaneously routed from a single sender to multiple endpoints in a single transmission. The network replicates packets as required by network links that contain a recipient endpoint. One multicast address is assigned to an interface for each multicast group to which the interface belongs.

A solicited-node multicast address is an IPv6 multicast address whose scope extends only to the link to which the interface is directly connected. All IPv6 hosts have at least one such address per interface. Solicited-node multicast addresses are used by the Neighbor Discovery Protocol to obtain Layer 2 link-layer addresses of other nodes.

IPv6 DHCP Snooping

Dynamic Host Configuration Protocol (DHCP) snooping is a Layer 2 feature that is configured on LAN switches. The Arista EOS switch supports Option-37 insertion that allows relay agents to provide remote-id information in DHCP request packets. DHCP servers use this information to determine the originating port of DHCP requests and associate a corresponding IP address to that port. DHCP servers use port information to track host location and IP address usage by authorized physical ports.

DHCP snooping uses the information option (Option-37) to include the switch MAC address (router-id) along with the physical interface name and VLAN number (remote-id) in DHCP packets. After adding the information to the packet, the DHCP relay agent forwards the packet to the DHCP server as specified by the DHCP protocol.

Neighbor Discovery Protocol

The Neighbor Discovery Protocol (RFC 4861) operates with IPv6 to facilitate the following tasks for nodes within a specified prefix space:
  • autoconfiguring a node's IPv6 address
  • sensing other nodes on the link
  • discovering the link-local addresses of other nodes on the link
  • detecting duplicate addresses
  • discovering available routers
  • discovering DNS servers
  • discovering the link's address prefix
  • maintaining path reachability data to other active neighbor nodes
The Neighbor Discovery Protocol protocol defines five different ICMPv6 packet types:
  • Router Solicitation
  • Router Advertisement
  • Neighbor Solicitation
  • Neighbor Advertisement
  • Redirect

Configuring IPv6

Configuring IPv6 on the Switch

Enabling IPv6 Unicast Routing on the Switch

The ipv6 unicast-routing command enables the forwarding of IPv6 unicast packets. When routing is enabled, the switch attempts to deliver inbound packets to destination addresses by forwarding them to interfaces or next hop addresses specified by the IPv6 routing table.

Example

This command enables IPv6 unicast-routing.
switch(config)# ipv6 unicast-routing
switch(config)#

Configuring Default and Static IPv6 Routes

The ipv6 route command creates an IPv6 static route. The destination is a IPv6 prefix; the source is an IPv6 address or a routable interface port. When multiple routes exist to a destination prefix, the route with the lowest administrative distance takes precedence.

By default, the administrative distance assigned to static routes is 1. Assigning a higher administrative distance to a static route configures it to be overridden by dynamic routing data. For example, a static route with a distance value of 200 is overridden by OSPF intra-area routes, which have a default distance of 110.

Example

This command creates an IPv6 static route.
switch(config)# ipv6 route 10:23:31:00:01:32:93/24 vlan 300
switch(config)#

The default route denotes the packet forwarding rule that takes effect when no other route is configured for a specified IPv6 address. All packets with destinations that are not established in the routing table are sent to the destination specified by the default route.

The IPv6 default route source is ::/0. The default route destination is referred to as the default gateway.

Example

This command creates a default route and establishes fd7a:629f:52a4:fe61::2 as the default gateway address.
switch(config)# ipv6 route ::/0 fd7a:629f:52a4:fe61::2
switch(config)#

IPv6 ECMP

Multiple routes that are configured to the same destination with the same administrative distance comprise an Equal Cost Multi-Path (ECMP) route. The switch attempts to spread outbound traffic across all ECMP route paths equally. All ECMP paths are assigned the same tag value; commands that change the tag value of any ECMP path change the tag value of all paths in the ECMP.

Resilient ECMP is available for IPv6 routes. Equal Cost Multipath Routing (ECMP) and Load Sharing describes resilient ECMP. The ipv6 hardware fib ecmp resilience command implements IPv6 resilient ECMP.

Example

This command implements IPv6 resilient ECMP by configuring a hardware ECMP table space of 15 entries for IPv6 address 2001:db8:0::/64. A maximum of five nexthop addresses can be specified for the address. When the table contains five addresses, each appears in the table three times. When the table contains fewer than five addresses, each is duplicated until the 15 table entries are filled.
switch(config)# ipv6 hardware fib ecmp resilience 2001:db8:0::/64 capacity 5 
redundancy 3
switch(config)#

Configuring IPv6 on an Interface

Enabling IPv6 on an Interface

The ipv6 enable command enables IPv6 on the configuration mode interface if it does not have a configured IPv6 address. It also configures the interface with an IPv6 address.

The no ipv6 enable command disables IPv6 on a configuration mode interface not configured with an IPv6 address. Interfaces configured with an IPv6 address are not disabled by this command.

Example

This command enables IPv6 on interface vlan 200.
switch(config)# interface vlan 200
switch(config-vl200)# ipv6 enable
switch(config-vl200)#

Assigning an IPv6 Address to an Interface

The ipv6 address command enables IPv6 on the configuration mode interface, assigns a global IPv6 address to the interface, and defines the prefix length. This command is supported on routable interfaces. Multiple global IPv6 addresses can be assigned to an interface.

Example

These commands configure an IPv6 address with subnet mask for vlan 200:
switch(config)# interface vlan 200
switch(config-if-Vl200)# ipv6 address 10:23:31::1:32:93/64
switch(config-if-Vl200)#

IPv6 Neighbor Discovery

The IPv6 Neighbor Discovery protocol defines a method for nodes to perform the following network maintenance tasks:
  • determine Layer 2 addresses for neighbors known to reside on attached links.
  • detect changed Layer 2 addresses.
  • purge invalid values from the neighbor cache table.
  • (hosts) find neighboring routers to forward packets.
  • track neighbor reachability status.

IPv6 Neighbor Discovery is defined by RFC 2461. IPv6 Stateless Address Autoconfiguration is described by RFC 2462.

The following sections describe Neighbor Discovery configuration tasks.

Reachable Time

The ipv6 nd reachable-time command specifies the time period that the switch includes in the reachable time field of Router Advertisements (RAs) sent from the configuration mode interface. The reachable time defines the period that a remote IPv6 node is considered reachable after a reachability confirmation event.

Example

These commands configure the entry of 25000 (25 seconds) in the reachable time field of RAs sent from vlan 200.
switch(config)# interface vlan 200
switch(config-if-Vl200)# ipv6 nd reachable-time 25000
switch(config-if-Vl200)# show active
   interface Vlan200
   ipv6 address fd7a:4321::1/64 
   ipv6 nd reachable-time 25000 
switch(config-if-Vl200)#
Router Advertisement Interval

The ipv6 nd ra interval command configures the interval between IPv6 RA transmissions from the configuration mode interface.

Example

These commands configure a RA transmission interval of 60 seconds on interface vlan 200, then displays the interface status.
switch(config)# interface vlan 200
switch(config-if-Vl200)# ipv6 nd ra interval 60
switch(config-if-Vl200)# show active
interface Vlan200
   ipv6 nd ra interval 60
switch(config-if-Vl200)#
Router Lifetime

The ipv6 nd ra lifetime command specifies the value that the switch places in the router lifetime field of IPv6 RAs sent from the configuration mode interface.

If the value is set to 0, IPv6 peers connected to the specified interface will remove the switch from their lists of default routers. Values greater than 0 indicate the time in seconds that peers should keep the router on their default router lists without receiving further RAs from the switch. Unless the value is 0, the router lifetime value should be equal to or greater than the interval between unsolicited RAs sent on the interface.

Example

This command configures the switch to enter 2700 in the router lifetime field of RAs transmitted from interface vlan 200.
switch(config)# interface vlan 200
switch(config-if-Vl200)# ipv6 nd ra lifetime 2700
switch(config-if-Vl200)# show active
interface Vlan200
   ipv6 nd ra lifetime 2700
switch(config-if-Vl200)#
Router Advertisement Prefix

The ipv6 nd prefix command configures neighbor discovery router advertisement prefix inclusion for RAs sent from the configuration mode interface.

By default, all prefixes configured as IPv6 addresses are advertised in the interface’s RAs. The ipv6 nd prefix command with the no-advertise option prevents advertising of the specified prefix without affecting the advertising of other prefixes specified as IPv6 addresses. When an interface configuration includes at least one ipv6 nd prefix command that enables prefix advertising, RAs advertise only prefixes specified through ipv6 nd prefix commands.

Commands enabling prefix advertising also specify the advertised valid and preferred lifetime periods. Default periods are 2,592,000 (valid) and 604,800 (preferred) seconds.

Example

These commands enable neighbor discovery advertising for IPv6 address 3012:D678::/64, specifying a valid lifetime of 1,296,000 seconds and the default preferred lifetime.
switch(config)# interface vlan 200
switch(config-if-Vl200)# ipv6 nd prefix 3012:D678::/64 1296000
switch(config-if-Vl200)#
Router Advertisement Suppression

The ipv6 nd ra disabled command suppress IPv6 RA transmissions on the configuration mode interface. By default, only unsolicited RAs that are transmitted periodically are suppressed. The all option configures the switch to suppress all RAs, including those responding to a router solicitation.

Example

This command suppresses all RAs on interface vlan 200.
switch(config)# interface vlan 200
switch(config-vl200)# ipv6 nd ra disabled all
switch(config-vl200)#
Router Advertisement MTU Suppression

The ipv6 nd ra mtu suppress command suppresses the router advertisement MTU option on the configuration mode interface. The MTU option causes an identical MTU value to be advertised by all nodes on a link. By default, the router advertisement MTU option is not suppressed.

Example

This command suppresses the MTU option on interface vlan 200.
switch(config)# interface vlan 200
switch(config-vl200)# ipv6 nd ra mtu suppress
switch(config-vl200)#
Router Advertisement Flag Configuration

The following commands set the specified configuration flag in IPv6 RAs transmitted from the configuration mode interface:
  • The ipv6 nd managed-config-flag command sets the managed address configuration flag. This bit instructs hosts to use stateful address autoconfiguration.
  • The ipv6 nd other-config-flag command sets the other stateful configuration flag. This bit indicates availability of autoconfiguration information, other than addresses. Hosts should use stateful autoconfiguration when available. The setting of this flag has no effect if the managed address configuration flag is set.
  • These commands configure the switch to set the managed address configuration flag in advertisements sent from interface vlan 200.
    switch(config)# interface vlan 200
    switch(config-if-Vl200)# ipv6 nd managed-config-flag
    switch(config-if-Vl200)#
  • These commands configure the switch to set the other stateful configuration flag in advertisements sent from interface vlan 200.
    switch(config)# interface vlan 200
    switch(config-if-Vl200)# ipv6 nd other-config-flag
    switch(config-if-Vl200)#

IPv6 Router Preference

The IPv6 Router Preference protocol supports an extension to RA messages for communicating default router preferences and more specific routes from routers to hosts. This provides assistance to hosts when selecting a router. RFC 4191 describes the IPv6 Router Preference Protocol.

The ipv6 nd router-preference command specifies the value that the switch enters in the Default Router Preference (DRP) field of RAs that it sends from the configuration mode interface. The default field entry value is medium.

Example

This command configures the switch as a medium preference router on RAs sent from interface vlan 200.
switch(config)# interface vlan 200
switch(config-if-Vl200)# ipv6 nd router-preference medium
switch(config-if-Vl200)#

uRPF Configuration

Unicast Reverse Path Forwarding (uRPF) verifies the accessibility of source IP addresses in packets that the switch forwards. Unicast Reverse Path Forwarding (uRPF) describes uRPF. uRPF is enabled for IPv6 packets entering the configuration mode interface through the ipv6 verify command.

uRPF defines two operational modes: strict mode and loose mode.
  • Strict mode: uRPF verifies that a packet is received on the interface that its routing table entry specifies for its return packet.
  • Loose mode: uRPF validation does not consider the inbound packet’s ingress interface only that there is a valid return path.

Example

This command enables uRPF strict mode on interface vlan 100. If a default route is configured on the interface, all inbound packets will pass the uRPF check as valid.
switch(config)# interface vlan 100
switch(config-if-Vl100)# ipv6 verify unicast source reachable-via rx allow-default
switch(config-if-Vl100)# show active
 interface Vlan100
   ipv6 verify unicast source reachable-via rx allow-default
switch(config-if-Vl100)#

Configuring IPv6 DHCP Snooping

Enabling IPv6 DHCP Snooping on the Switch

The ipv6 dhcp snooping command enables DHCP snooping globally on the switch. DHCP snooping is a Layer 2 feature that can be configured on LAN switches. The Arista switch supports Option-37 insertion that allows relay agents to provide remote-ID information in DHCP request packets.

Note: DHCPv6 VLAN classification and DHCPv4 VLAN classification share same hardware resource.
Examples
  • The following configuration enables IPv6 DHCP snooping feature at the global level.
    switch(config)# ipv6 dhcp snooping
    switch(config)# ipv6 dhcp snooping remote-id option
    switch(config)# ipv6 dhcp snooping vlan <vlan|vlan-range>
  • The following command display IPv6 DHCP snooping state.
    switch(config)# ipv6 dhcp snooping
    switch(config)# show ipv6 dhcp snooping
    DHCPv6 Snooping is enabled
    DHCPv6 Snooping is operational
    DHCPv6 Snooping is configured on following VLANs:
      2789-2790
    DHCPv6 Snooping is operational on following VLANs:
      2789
    Insertion of Option-37 is enabled

Viewing IPv6 Network Components

Displaying RIB Route Information

Use the show rib route ipv6 command view the IPv6 Routing Information Base (RIB) information.

Example

This command displays IPv6 RIB BGP routes.
switch# show rib route ipv6 bgp
VRF name: default, VRF ID: 0xfe, Protocol: bgp
Codes: C - Connected, S - Static, P - Route Input
       B - BGP, O - Ospf, O3 - Ospf3, I - Isis
       > - Best Route, * - Unresolved Nexthop
       L - Part of a recursive route resolution loop
 B    2001:10:1::/64 [200/42]
         via 2001:10:1::100 [0/1]
            via Ethernet1, directly connected
>B    2001:10:100::/64 [200/200]
         via 2001:10:1::100 [0/1]
            via Ethernet1, directly connected
>B    2001:10:100:1::/64 [200/0]
         via 2001:10:1::100 [0/1]
            via Ethernet1, directly connected
>B    2001:10:100:2::/64 [200/42]
         via 2001:10:1::100 [0/1]
            via Ethernet1, directly connected

switch#

Displaying the FIB and Routing Table

The show ipv6 route command displays routing table entries that are in the Forwarding Information Base (FIB), including static routes, routes to directly connected networks, and dynamically learned routes. Multiple equal cost paths to the same prefix are displayed contiguously as a block, with the destination prefix displayed only on the first line.

Example

This command displays a route table entry for a specific IPv6 route.
switch> show ipv6 route fd7a:3418:52a4:fe18::/64
IPv6 Routing Table - 77 entries
Codes: C - connected, S - static, K - kernel, O - OSPF, B - BGP, R - RIP, A - 
Aggregate

O   fd7a:3418:52a4:fe18::/64 [10/20]
     via f180::21c:73ff:fe00:1319, Vlan3601
     via f180::21c:73ff:fe00:1319, Vlan3602
     via f180::21c:73ff:fe00:1319, Vlan3608
     via f180::21c:73ff:fe0f:6a80, Vlan3610
     via f180::21c:73ff:fe00:1319, Vlan3611

switch>

Displaying the Route Age

The show ipv6 route age command displays the IPv6 route age to the specified IPv6 address or prefix.

Example

This command displays the route age for the specified prefix.
switch> show ipv6 route 2001::3:0/11 age
IPv6 Routing Table - 74 entries
Codes: C - connected, S - static, K - kernel, O - OSPF, B - BGP, R - RIP, A - 
Aggregate

C 2001::3:0/11 age 00:02:34
switch>

Displaying Host Routes

The show ipv6 route host command displays all host routes in the IPv6 host forwarding table. Host routes are those whose destination prefix is the entire address (prefix = /128). Each displayed host route is labeled with its purpose:
  • F      static routes from the FIB.
  • R      routes defined because the IP address is an interface address.
  • A      routes to any neighboring host for which the switch has an ARP entry.

Example

This command displays all IPv6 host routes in the host forwarding table.
switch# show ipv6 route host
R - receive F - FIB, A - attached

 F  ::1 to cpu
 A  fee7:48a2:0c11:1900:400::1 on Vlan102
 R  fee7:48a2:0c11:1900:400::2 to cpu
 F  fee7:48a2:0c11:1a00::b via fe80::21c:73ff:fe0b:a80e on Vlan3902
 R  fee7:48a2:0c11:1a00::17 to cpu
 F  fee7:48a2:0c11:1a00::20 via fe80::21c:73ff:fe0b:33e on Vlan3913
 F  fee7:48a2:0c11:1a00::22 via fe80::21c:73ff:fe01:5fe1 on Vlan3908
                            via fe80::21c:73ff:fe01:5fe1 on Vlan3902

switch#

Displaying Route Summaries

The show ipv6 route summary command displays the current number of routes of the IPv6 routing table in summary format.

Example

This command displays the route source and the corresponding number of routes in the IPv6 routing table.
switch> show ipv6 route summary   
Route Source    Number Of Routes
------------------ ----------------
   connected                      2
   static                         0
   ospf                           5
   bgp                            7
   isis                           0
   internal                       1
   attached                       0
   aggregate                      2

   Total Routes                   17
switch>

DHCP Relay Agent for IPv6

Configuring IPv6 DHCP Relay

Configuring the IPv6 DHCP Relay Agent (Global)

The ipv6 dhcp relay always-on command enables the switch DHCP relay agent globally regardless of the DHCP relay agent status ond any interface. The DHCP relay agent is enabled by default if at least one routable interface is configured with an ipv6 dhcp relay destination statement.

Example

This command enables the DHCP relay agent.
switch(config)# ipv6 dhcp relay always-on
switch(config)#
Configuring DHCP for IPv6 Relay Agent

The ipv6 dhcp relay destination command enables the DHCPv6 relay agent function and specifies the client message destination address on an interface.

Example

This command enables the DHCPv6 relay agent function and sets the client message destination address to 2001:0db8:0:1::1 on interface ethernet 4.
switch(config)# interface ethernet 4
switch(config-if-Et4)# ipv6 dhcp relay destination 2001:0db8:0:1::1
switch(config-if-Et4)
Clearing IPv6 DHCP Relay Counters

The clear ipv6 dhcp relay counters command resets the DHCP relay counters. The configuration mode determines which counters are reset:
  • Global configuration: the command clears the counters for the switch and for all interfaces.
  • Interface configuration: the command clears the counter for the configuration mode interface.
Examples
  • These commands clear all DHCP relay counters on the switch.
    switch(config-if-Et4)# exit
    switch(config)# clear ipv6 dhcp relay counters
    switch(config)#
  • These commands clear the DHCP relay counters for interface ethernet 4.
    switch(config)# interface ethernet 4
    switch(config-if-Et4)# clear ipv6 dhcp relay counters
    switch(config)#

Viewing IPv6 DHCP Relay Information

IPv6 DHCP Status

The show ip dhcp relay command displays the status of DHCP relay agent parameters on the switch and each interface where at least one feature parameter is listed. The command displays the status for both global and interface configurations.

Example

This command displays the DHCP Agent Relay parameter status.
switch(config)# interface ethernet 1/2
switch(config-if-Et1/2)# show ip dhcp relay
DHCP Relay is active
DHCP Relay Option 82 is disabled
DHCPv6 Relay Link-layer Address Option (79) is disabled
DHCP Smart Relay is disabled
Interface: Ethernet1/2
  DHCP Smart Relay is disabled
  DHCP servers: 1::1
                2001:db8:0:1::1
switch(config-if-Et1/2)#
IPv6 DHCP Relay Counters

The show ipv6 dhcp relay counters command displays the number of DHCP packets received, forwarded, or dropped on the switch and on all interfaces enabled as DHCP relay agents.

Example

This command displays the IP DHCP relay counter table.
switch> show ipv6 dhcp relay counters

          |  Dhcp Packets  |
Interface | Rcvd Fwdd Drop |         Last Cleared
----------|----- ---- -----|---------------------
  All Req |  376  376    0 | 4 days, 19:55:12 ago
 All Resp |  277  277    0 |
          |                |
Ethernet4 |  207  148    0 | 4 days, 19:54:24 ago

switch>

TCP MSS Clamping for IPv6

TCP MSS clamping limits the value of the Maximum Segment Size (MSS) in the TCP header of TCP SYN packets transiting a specified Ethernet or tunnel interface. Setting the MSS ceiling can avoid IP fragmentation in tunnel scenarios by ensuring that the MSS is low enough to account for the extra overhead of GRE and tunnel outer IP headers. TCP MSS clamping can be used when connecting via GRE to cloud providers that require asymmetric routing.

When MSS clamping is configured on an interface, if the TCP MSS value in a SYN packet transiting that interface exceeds the configured ceiling limit it will be overwritten with the configured limit and the TCP checksum will be recomputed and updated.

TCP MSS clamping is handled by default in the software data path, but the process can be supported through hardware configuration to minimize possible packet loss and a reduction in the number of TCP sessions which the switch can establish per second.

Configuring the TCP MSS Ceiling on an IPv6 Interface

The TCP MSS ceiling limit is set on an interface using command tcp mss ceiling ipv6. This also enables TCP MSS clamping on the switch.

Note:Clamping routes all TCP SYN packets through software, even on interfaces where no TCP MSS ceiling has been configured without any hardware support. This significantly limits the number of TCP sessions the switch can establish per second, and can potentially cause packet loss if the CPU traffic exceeds control plane policy limits.
On platform switches DCS-7280R3, DCS-7500R3 Line Cards and DCS-7800R3 Line Cards, the following limitations apply:
  • This command works only on egress.
  • TCP MSS ceiling is supported on unicast packets entering the switch; the configuration has no effect on GRE transit packets.
  • It is not supported on L2 (switchport) interfaces.
  • This is not supported on VXLAN, Loopback or management interfaces.
  • This is only supported on unicast packets entering the switch. The configuration has no effect on GRE transit packets or GRE decap, even if the egress interface has a TCP MSS ceiling configured.
  • This cannot co-exist with Policy Based Routing (PBR) on switches running releases EOS-4.21.5F or older.
  • Only hardware TCP MSS clamping is supported from release EOS-4.26.1F.
Example
These commands configure interface ethernet 26 as a routed port, then specify a maximum MSS ceiling value of 1436 bytes for TCP SYN packets exiting that port.
switch(config)# interface ethernet 26
switch(config-if-Et5)# no switchport
switch(config-if-Et5)# tcp mss ceiling ipv6 1436 egress
switch(config-if-Et5)#

IPv6 Commands

clear ipv6 dhcp relay counters

The clear ipv6 dhcp relay counters command resets the DHCP relay counters. When no port is specified, the command clears the counters for the switch and for all interfaces. Otherwise, the command clears the counter for the specified interface.

Command Mode

Privileged EXEC

Command Syntax

clear ipv6 dhcp relay counters [PORT]

Parameters

PORT Interface through which neighbor is accessed. Options include:
  • no parameter     all dynamic entries are removed.
  • interface ethernet e_num     Ethernet interface specified by e_num.
  • interface loopback l_num     Loopback interface specified by l_num.
  • interface port-channel p_num     Port-channel interface specified by p_num p_num.
  • interface vlan v_num     VLAN interface specified by v_num.

Example

These commands clear the DHCP relay counters for interface ethernet 4 and shows the counters before and after the clear command.
switch(config)# show ipv6 dhcp relay counters

          |  Dhcp Packets  |
Interface | Rcvd Fwdd Drop |         Last Cleared
----------|----- ---- -----|---------------------
  All Req |  376  376    0 | 4 days, 19:55:12 ago
 All Resp |  277  277    0 |
          |                |
Ethernet4 |  207  148    0 | 4 days, 19:54:24 ago


switch(config)# interface ethernet 4
switch(config-if-Et4)# clear ipv6 dhcp relay counters

          |  Dhcp Packets  |
Interface | Rcvd Fwdd Drop |         Last Cleared
----------|----- ---- -----|---------------------
  All Req |  380  380    0 | 4 days, 21:19:17 ago
 All Resp |  281  281    0 |
          |                |
Ethernet4 |    0    0    0 |4 days, 21:18:30 ago
These commands clear all DHCP relay counters on the switch.
switch(config-if-Et4)# exit

switch(config)# clear ipv6 dhcp relay counters

switch(config)# show ipv6 dhcp relay counters
          |  Dhcp Packets  |
Interface | Rcvd Fwdd Drop | Last Cleared
----------|----- ---- -----|-------------
  All Req |    0    0    0 |  0:00:03 ago
 All Resp |    0    0    0 |
          |                |
Ethernet4 |    0    0    0 | 0:00:03 ago
switch(config)#

clear ipv6 dhcp snooping counters

The clear ipv6 dhcp snooping counters command resets the DHCP snooping packet counters.

Command Mode

Privileged EXEC

Command Syntax

clear ipv6 dhcp snooping counters [COUNTER_TYPE]

Parameters
  • COUNTER_TYPE     The type of counter that the command resets.
  • no parameter     command clears the counters for each VLAN.
  • debug     command clears aggregate counters and drop cause counters.

Examples
  • This command clears the number of DHCP packets sent and received on each VLAN.
    switch# clear ipv6 dhcp snooping counters
    switch# show ipv6 dhcp snooping counters
    
         | Dhcpv6 Request Pkts | Dhcpv6 Reply Pkts | 
    Vlan |  Rcvd   Fwdd   Drop |  Rcvd  Fwdd  Drop | Last Cleared
    -----|------ ------ -------|------ ----- ------|------------- 
    2789 |     1      1      0 |     1     1     0 |  0:03:09 ago
  • This command clears the number of DHCP packets sent on the switch.
    switch# clear ipv6 dhcp snooping counters debug
    switch# show ipv6 dhcp snooping counters debug
    
    Counter                       Snooping to Relay Relay to Snooping
    ----------------------------- ----------------- -----------------
    Received                                      1                 1
    Forwarded                                     1                 1
    Dropped - Invalid VlanId                      0                 0
    Dropped - Parse error                         0                 0
    Dropped - Invalid Dhcp Optype                 0                 0
    Dropped - Invalid Remote-ID Option            0                 0
    Dropped - Snooping disabled                   0                 0
    
    Last Cleared:  0:04:29 ago

clear ipv6 neighbors

The clear ipv6 neighbors command removes the specified dynamic IPv6 neighbor discovery cache entries. Commands that do not specify an IPv6 address remove all dynamic entries for the listed interface. Commands that do not specify an interface remove all dynamic entries.

Command Mode

Privileged EXEC

Command Syntax

clear ipv6 neighbors [PORT][DYNAMIC_IPV6]

Parameters
  • PORT Interface through which neighbor is accessed. Options include:
    • no parameter     all dynamic entries are removed.
    • ethernet e_num     Ethernet interface specified by e_num.
    • loopback l_num     Loopback interface specified by l_num.
    • management m_num     Management interface specified by m_num.
    • port-channel p_num     Port-channel interface specified by p_num.
    • vlan v_num     VLAN interface specified by v_num.
    • vxlan vx_num     VXLAN interface specified by vx_num.
  • DYNAMIC_IPV6 Address of entry removed by the command. Options include:
    • no parameter     All dynamic entries for specified interface are removed.
    • ipv6_addr IPv6 address of entry.

Example

This command removes all dynamic neighbor entries for vlan 200.
switch# clear ipv6 neighbors vlan 200
switch#

ipv6 address

The ipv6 address command assigns a global IPv6 address to the IPv6 interface, and defines the prefix length. This command is supported on routable interfaces. Multiple global IPv6 addresses can be assigned to an interface.

The no ipv6 address and default ipv6 address commands remove the IPv6 address assignment from the configuration mode interface by deleting the corresponding ipv6 address command from running-config. If the command does not include an address, all address assignments are removed from the interface. IPv6 remains enabled on the interface after the removal of all IPv6 addresses only if an ipv6 enable command is configured on the interface.

Command Mode

Interface-Ethernet Configuration

Interface-Loopback Configuration

Interface-Management Configuration

Interface-Port-channel Configuration

Interface-VLAN Configuration

Command Syntax

ipv6 address [ipv6_prefix]

no ipv6 address [ipv6_prefix]

default ipv6 address [ipv6_prefix]

Parameter

ipv6_prefix     address assigned to the interface (CIDR notation).

Guidelines

This command is supported on routable interfaces.

Example

These commands configure an IPv6 address and prefix length for interface vlan 200:
switch(config)# interface vlan 200
switch(config-if-Vl200)# ipv6 address 10:23:31:00:01:32:93/64
switch(config-if-Vl200)#

ipv6 dhcp relay always-on

The iv6p dhcp relay always-on command enables the switch DHCP relay agent on the switch regardless of the DHCP relay agent status on any interface. By default, the DHCP relay agent is enabled only if at least one routable interface is configured with an ipv6 dhcp relay destination statement.

The no ipv6 dhcp relay always-on and default ipv6 dhcp relay always-on commands remove the ipv6 dhcp relay always-on command from running-config.

Command Mode

Global Configuration

Command Syntax

ipv6 dhcp relay always-on

no ipv6 dhcp relay always-on

default ipv6 dhcp relay always-on

Example
This command enables the DHCP relay agent.
switch(config)# ipv6 dhcp relay always-on
switch(config)#

ipv6 dhcp relay destination

The ipv6 dhcp relay destination command enables the DHCPv6 relay agent and sets the destination address on the configuration mode interface.

The no ipv6 dhcp relay destination and default ipv6 dhcp relay destination commands remove the corresponding ipv6 dhcp relay destination command from running-config. When the commands do not list an IPv6 address, all ipv6 dhcp relay destination commands are removed from running-config.

Command Mode

Interface-Ethernet Configuration

Interface-Port-channel Configuration

Interface-VLAN Configuration

Command Syntax

ipv6 dhcp relay destination [ipv6_addr][source-address ipv6_addr]

no ipv6 dhcp relay destination [ipv6_addr]

default ipv6 dhcp relay destination [ipv6_addr]

Parameters
  • ipv6_addr     DCHP Server’s IPv6 address.
  • source-address ipv6_addr specify the source IPv6 address to communicate with DHCP server.

Guidelines

If the source-address parameter is specified, then the DHCP client receives an IPv6 address from the subnet of source IP address. The source-address must be one of the configured addresses on the interface.

Example

This command enables the DHCPv6 relay agent and sets the destination address to 2001:0db8:0:1::1 on interface ethernet 4.

switch(config)# interface ethernet 4
switch(config-if-Et4)# ipv6 dhcp relay destination 2001:0db8:0:1::1
switch(config-if-Et4)# show ip dhcp relay
DHCP Relay is active
DHCP Relay Option 82 is disabled
DHCPv6 Relay Link-layer Address Option (79) is disabled
DHCP Smart Relay is disabled
Interface: Ethernet4
  DHCP Smart Relay is disabled
  DHCP servers: 1::1
                2001:db8:0:1::1
switch(config-if-Et4)#

ipv6 dhcp relay option link-layer address

The ipv6 dhcp relay option link-layer address command enables the DHCPv6 relay agent to configure the client link layer address option to solicit and request messages. In other words, the command enables the link layer address option (79) in the global configuration mode.

The no ipv6 dhcp relay option link-layer address command disables the link layer address option (79) in the global configuration mode.

Command Mode

Global Configuration

Command Syntax

ipv6 dhcp relay option link-layer address

no ipv6 dhcp relay option link-layer address

default ipv6 dhcp relay option link-layer address

Example

This command enables the insertion of link layer address option (79) in the global configuration mode.
switch(config)# ipv6 dhcp relay option link-layer address

ipv6 enable

The ipv6 enable command enables IPv6 on the configuration mode interface. Assigning an IPv6 address to an interface also enables IPv6 on the interface.

The no ipv6 enable and default ipv6 enable command remove the corresponding ipv6 enable command from running-config. This action disables IPv6 on interfaces that are not configured with an IPv6 address.

Command Mode

Interface-Ethernet Configuration

Interface-Loopback Configuration

Interface-Management Configuration

Interface-Port-channel Configuration

Interface-VLAN Configuration

Command Syntax

ipv6 enable

no ipv6 enable

default ipv6 enable

Example

This command enables IPv6 on interface vlan 200.
switch(config)# interface vlan 200
switch(config-vl200)# ipv6 enable
switch(config-vl200)#

ipv6 hardware fib aggregate-address

The ipv6 hardware fib aggregate-address command specifies the routing table repository of specified IPv6 route.

By default, routes that are created statically through the CLI or dynamically through routing protocols are initially stored in software routing tables, then entered in the hardware routing table by the routing agent. This command prevents the entry of the specified route into the hardware routing table. Specified routes that are in the hardware routing table are removed by this command. Specific routes that are encompassed within the specified route prefix are affected by this command.

The no ipv6 hardware fib aggregate-address and default ipv6 hardware fib aggregate-address commands remove the restriction from the hardware routing table for the specified routes by removing the corresponding ipv6 hardware fib aggregate-address command from running-config.

Command Mode

Global Configuration

Command Syntax

ipv6 hardware fib aggregate-address ipv6_prefix summary-only software-forward

no ipv6 hardware fib aggregate-address ipv6_prefix

default ipv6 hardware fib aggregate-address ipv6_prefix

Parameters

ipv6_prefix     IPv6 prefix that is restricted from the hardware routing table (CIDR notation).

Example

These commands configure a hardware routing restriction for an IPv6 prefix, then displays that restriction.
switch(config)# ipv6 hardware fib aggregate-address fd77:4890:5313:ffed::/64 
summary-only software-forward
switch(config)# show ipv6 hardware fib aggregate-address
Codes: S - Software Forwarded
S  fd77:4890:5313:ffed::/64

switch(config)#

ipv6 hardware fib ecmp resilience

The ip hardware fib ecmp resilience command configures a fixed number of next hop entries in the hardware ECMP table for the specified IPv6 address prefix. In addition to specifying the maximum number of next hop addresses that the table can contain for the prefix, the command introduces a redundancy factor that allows duplication of each next hop address. The fixed table space for the address is the maximum number of next hops multiplied by the redundancy factor.

The default method of adding or removing next hop entries when required by the active hashing algorithm leads to inefficient management of the ECMP table, which can result in the rerouting of packets to different next hops that breaks TCP packet flows. Implementing fixed table entries for a specified IP address allows data flows that are hashed to a valid next hop number to remain intact. Additionally, traffic is evenly distributed over a new set of next hops.

The no ip hardware fib ecmp resilience and default ip hardware fib ecmp resilience commands restore the default hardware ECMP table management by removing the ip hardware fib ecmp resilience command from running-config.

Command Mode

Global Configuration

Command Syntax

ipv6 hardware fib ecmp resilience net_prfx capacity nhop_max redundancy duplicates

no ipv6 hardware fib ecmp resilience net_addr

default ipv6 hardware fib ecmp resilience net_addr

Parameters
  • net_prfx      IPv6 address prefix managed by command.
  • nhop_max      Specifies maximum number of nexthop entries for specified IP address prefix. Value range varies by platform:
    • Helix: <2 to 64>
    • Trident: <2 to 32>
    • Trident II: <2 to 64>
  • duplicates      Specifies the redundancy factor. Value ranges from 1 to 128.

Example

This command configures a hardware ECMP table space of 15 entries for the IPv6 address 2001:db8:0::/64. A maximum of five nexthop addresses can be specified for the address. When the table contains five nexthop addresses, each appears in the table three times. When the table contains fewer than five nexthop addresses, each is duplicated until the 15 table entries are filled.
switch(config)#ipv6 hardware fib ecmp resilience 2001:db8:0::/64 capacity 5 redundancy 3

ipv6 hardware fib nexthop-index

The ipv6 hardware fib nexthop-index command deterministically selects the next hop used for ECMP routes. By default, routes that are created statically through the CLI or dynamically through routing protocols are initially stored in software routing tables, then entered in the hardware routing table by the routing agent. This command specifies the method of creating an index-offset number that points to the next hop from the list of the route’s ECMP next hops.

The index-offset is calculated by adding the next hop index to a prefix offset.
  • Next hop index: specified in the command.
  • Prefix offset: the least significant bits of the route’s prefix.

The command specifies the number of bits that comprise the prefix offset. The prefix offset is set to the prefix when the command specifies a prefix size larger than the prefix. If the command specifies an prefix size of zero, the prefix-offset is also zero and the index-offset is set to the next hop index.

When the index-offset is greater than the number of next hops in the table, the position of the next hop is the remainder of the division of the index-offset by the number of next hop entries.

The no ipv6 hardware fib nexthop-index and default ipv6 hardware fib nexthop-index commands remove the specified nexthop used for ECMP routes by removing the ipv6 hardware fib nexthop-index command from running-config.

Command Mode

Global Configuration

Command Syntax

ipv6 hardware fib nexthop nxthop_index [PREFIX]

no ipv6 hardware fib nexthop

default ipv6 hardware fib nexthop

Parameters
  • nxthop_index      specifies the next hop index. Value ranges from 0 to 32.
  • PREFIX      Number of bits of the route’s prefix to use as the prefix-offset. Value ranges from 0 to 64.
    • no parameter     The prefix offset is set to zero.
    • prefix-bits 0 to 64     Specifies the number bits to use as the prefix-offset.

Example

This command specifies the next hop from the list of ECMP next hops for the route.
switch(config)# ipv6 hardware fib nexthop-index 5 prefix-bits 10

switch> show ip
IP Routing : Enabled
IP Multicast Routing : Disabled
VRRP: Configured on 0 interfaces

IPv6 Unicast Routing : Enabled
IPv6 ECMP Route support : False
IPv6 ECMP Route nexthop index: 5
IPv6 ECMP Route num prefix bits for nexthop index: 10
switch>

ipv6 nd managed-config-flag

The ipv6 nd managed-config-flag command causes the managed address configuration flag to be set in IPv6 RA packets transmitted from the configuration mode interface.

The no ipv6 nd managed-config-flag and default ipv6 nd managed-config-flag commands restore the default setting where the managed address configuration flag is not set in IPv6 RA packets transmitted by the interface by removing the corresponding ipv6 nd managed-config-flag command from running-config.

Command Mode

Interface-Ethernet Configuration

Interface-Loopback Configuration

Interface-Management Configuration

Interface-Port-channel Configuration

Interface-VLAN Configuration

Command Syntax

ipv6 nd managed-config-flag

no ipv6 nd managed-config-flag

default ipv6 nd managed-config-flag

Example

These commands cause the managed address configuration flag to be set in IPv6 RA packets sent from interface vlan 200.
switch(config)# interface vlan 200
switch(config-if-Vl200)# ipv6 nd managed-config-flag
switch(config-if-Vl200)#

ipv6 nd ns-interval

The ipv6 nd ns-interval command configures the interval between IPv6 Neighbor Solicitation (NS) transmissions from the configuration mode interface.

The no ipv6 nd ns-interval and default ipv6 nd ns-interval commands return the IPv6 NS transmission interval for the configuration mode interface to the default value of 1000 milliseconds by removing the corresponding ipv6 nd ns-interval command from running-config.

Command Mode

Interface-Ethernet Configuration

Interface-Loopback Configuration

Interface-Management Configuration

Interface-Port-channel Configuration

Interface-VLAN Configuration

Command Syntax

ipv6 nd ns-interval period no ipv6 nd ns-interval

default ipv6 nd ns-interval

Parameter

period    interval in milliseconds between successive IPv6 neighbor solicitation transmissions. Values range from 1000 to 4294967295. The default period is 1000 milliseconds.

Example

This command configures a neighbor solicitation transmission interval of 30 seconds on interface vlan 200.
switch(config)# interface vlan 200
switch(config-if-Vl200)# ipv6 nd ns-interval 30000
switch(config-if-Vl200)#

ipv6 nd other-config-flag

The ipv6 nd other-config-flag command configures the configuration mode interface to send IPv6 RAs with the other stateful configuration flag set.

The no ipv6 nd other-config-flag and default ipv6 nd other-config-flag commands restore the default setting by removing the corresponding ipv6 nd other-config-flag command from running-config.

Command Mode

Interface-Ethernet Configuration

Interface-Loopback Configuration

Interface-Management Configuration

Interface-Port-channel Configuration

Interface-VLAN Configuration

Command Syntax

ipv6 nd other-config-flag

no ipv6 nd other-config-flag

default ipv6 nd other-config-flag

Example

These commands configure the switch to set the other stateful configuration flag in advertisements sent from interface vlan 200.
switch(config)# interface vlan 200
switch(config-if-Vl200)# ipv6 nd other-config-flag
switch(config-if-Vl200)#

ipv6 nd prefix

The ipv6 nd prefix command configures neighbor discovery Router Advertisements (RAs) prefix inclusion for RAs sent from the configuration mode interface.

By default, all prefixes configured as IPv6 addresses are advertised in the interface’s RAs. The ipv6 nd prefix command with the no-advertise option prevents advertising of the specified prefix without affecting the advertising of other prefixes specified as IPv6 addresses. When an interface configuration includes at least one ipv6 nd prefix command that enables prefix advertising, RAs advertise only prefixes specified through ipv6 nd prefix commands.

Commands enabling prefix advertising also specify the advertised valid and preferred lifetime periods. Default periods are 2,592,000 (valid) and 604,800 (preferred) seconds.

The no ipv6 nd prefix and default ipv6 nd prefix commands remove the corresponding ipv6 nd prefix command from running-config.

Command Mode

Interface-Ethernet Configuration

Interface-Loopback Configuration

Interface-Management Configuration

Interface-Port-channel Configuration

Interface-VLAN Configuration

Command Syntax

ipv6 nd prefix ipv6_prefix LIFETIME [FLAGS]

ipv6 nd prefix ipv6_prefix no-advertise

no ipv6 nd prefix ipv6_prefix

default ipv6 nd prefix ipv6_prefix

Parameters
  • ipv6_prefix     IPv6 prefix (CIDR notation).
  • no-advertise     Prevents advertising of the specified prefix.
  • LIFETIME     Period that the specified IPv6 prefix is advertised (seconds). Options include:
    • valid  preferred     Two values that set the valid and preferred lifetime periods.
    • valid   One value that sets the valid lifetime. The preferred lifetime is set to the default value.
    • no parameter     The valid and preferred lifetime periods are set to their default values.
Options for valid: 0 to 4294967295 and infinite. Default value is 2592000 Options for preferred: 0 to 4294967295 and infinite. The default value is 604800. The maximum value (4294967295) and infinite are equivalent settings.
  • FLAGS    on-link and autonomous address-configuration flag values in RAs.
    • no parameter      both flags are set.
    • no-autoconfig     autonomous address-configuration flag is reset.
    • no-onlink      on-link flag is reset.
    • no-autoconfig no-onlink      both flags are reset.
    • no-onlink no-autoconfig      both flags are reset.

Example

These commands enable neighbor discovery advertising for IPv6 address 3012:D678::/64, on interface vlan 200, specifying a valid lifetime of 1,296,000 seconds and the default preferred lifetime.
switch(config)# interface vlan 200
switch(config-if-Vl200)# ipv6 nd prefix 3012:D678::/64 1296000

ipv6 nd ra disabled

The ipv6 nd ra disabled command suppress IPv6 Router Advertisement (RA) transmissions on the configuration mode interface. By default, only unsolicited RAs that are transmitted periodically are suppressed. The all option configures the switch to suppress all RAs, including those responding to a router solicitation.

The no ipv6 nd ra disabled and default ipv6 nd ra disabled commands restore the transmission of RAs on the configuration mode interface by deleting the corresponding ipv6 nd ra disabled command from running-config.

Command Mode

Interface-Ethernet Configuration

Interface-Loopback Configuration

Interface-Management Configuration

Interface-Port-channel Configuration

Interface-VLAN Configuration

Command Syntax

ipv6 nd ra disabled [SCOPE]

no ipv6 nd ra disabled

default ipv6 nd ra disabled

Parameters

SCOPE    specifies the RAs that are suppressed.
  • no parameter     Periodic unsolicited RAs are suppressed.
  • all     All RAs are suppressed.

Example

This command suppresses all RAs on interface vlan 200.
switch(config)# interface vlan 200
switch(config-vl200)# ipv6 nd ra disabled all
switch(config-vl200)#

ipv6 nd ra dns-server

The ipv6 nd ra dns-server command configures the IPv6 address of a preferred Recursive DNS Server (RDNSS) for the command mode interface to include in its neighbor-discovery Router Advertisements (RAs). Including RDNSS information in RAs provides DNS server configuration for connected IPv6 hosts without requiring DHCPv6.

Multiple servers can be configured on the interface by using the command repeatedly. A lifetime value for the RDNSS can optionally be specified with this command, and overrides any default value configured for the interface using the ipv6 nd ra dns-servers lifetime command.

The no ipv6 nd ra dns-server and default ipv6 nd ra dns-server commands remove the corresponding ipv6 nd ra dns-server command from running-config.

Command Mode

Interface-Ethernet Configuration

Interface-Loopback Configuration

Interface-Management Configuration

Interface-Port-channel Configuration

Interface-VLAN Configuration

Command Syntax

ipv6 nd ra dns-server ipv6_addr SERVER_LIFE

no ipv6 nd ra dns-server ipv6_addr

default ipv6 nd ra dns-server ipv6_addr

Parameters
  • ipv6_addr     RDNSS address to be included in RAs from the command mode interface.
  • SERVER_LIFE    maximum lifetime value for the specified RDNSS entry. This value overrides any default lifetime value. Value should be between the RA interval configured on the interface and two times that interval. Options include:
    • no parameter     lifetime period is the default lifetime period configured on the interface. If no lifetime period is configured on the interface, the default value is 1.5 times the maximum RA interval set by the ipv6 nd ra interval command.
    • lifetime 0     the configured RDNSS is not to be used.
    • lifetime 1 to 4294967295      specifies the lifetime period for this RDNSS in seconds.

Example

This command configures the RDNSS at 2001:0db8:0:1::1 as a preferred RDNSS for interface vlan 200 to include in its neighbor-discovery route advertisements, and sets its lifetime value to 300 seconds.
switch(config)# interface vlan 200
switch(config-if-Vl200)# ipv6 nd ra dns-server 2001:0db8:0:1::1 lifetime 300
switch(config-if-Vl200)#

ipv6 nd ra dns-servers lifetime

The ipv6 nd ra dns-servers lifetime command sets the default value that the configuration mode interface uses for the lifetime of any Recursive DNS Server (RDNSS) configured on the interface. A lifetime value set for an individual RDNSS overrides this value. The lifetime value is the maximum amount of time after a route advertisement packet is sent that the RDNSS referenced in the packet may be used for name resolution.

The no ipv6 nd ra dns-servers lifetime and default ipv6 nd ra dns-servers lifetime commands remove the default lifetime value from the interface by removing the corresponding ipv6 nd ra dns-servers lifetime command from running-config. When there is no default RDNSS lifetime value configured on the interface, an RDNSS without a custom lifetime value will default to 1.5 times the RA interval configured on the interface. A lifetime of zero seconds means that the RDNSS must not be used for name resolution.

Command Mode

Interface-Ethernet Configuration

Interface-Loopback Configuration

Interface-Management Configuration

Interface-Port-channel Configuration

Interface-VLAN Configuration

Command Syntax

ipv6 nd ra dns-servers lifetime period

no ipv6 nd ra dns-servers lifetime

default ipv6 nd ra dns-servers lifetime

Parameters

period     the RDNSS lifetime value for the configuration mode interface. Options include:
  • 0     any RDNSS configured on the command mode interface without a custom lifetime value must not be used.
  • 1 to 4294967295      maximum RDNSS lifetime value for the configuration mode interface. This value is overridden by any lifetime value set with the ipv6 nd ra dns-server command. Should be between the router advertisement interval configured on the interface and two times that interval.

Example

This command sets the default RDNSS maximum lifetime value for interface vlan 200 to 350 seconds.
switch(config)# interface vlan 200
switch(config-if-Vl200)# ipv6 nd ra dns-servers lifetime 350 
switch(config-if-Vl200)#

ipv6 nd ra dns-suffix

The ipv6 nd ra dns-suffix command creates a DNS Search List (DNSSL) for the command mode interface to include in its neighbor-discovery Router Advertisements as defined in RFC 6106 . The DNSSL contains the domain names of DNS suffixes for IPv6 hosts to append to short, unqualified domain names for DNS queries.

Multiple DNS domain names can be added to the DNSSL by using the command repeatedly. A lifetime value for the DNSSL can optionally be specified with this command, and overrides any default value configured for the interface using the ipv6 nd ra dns-suffixes lifetime command.

The no ipv6 nd ra dns-suffix and default ipv6 nd ra dns-suffix commands remove the corresponding ipv6 nd ra dns-suffix command from running-config.

Command Mode

Interface-Ethernet Configuration

Interface-Loopback Configuration

Interface-Management Configuration

Interface-Port-channel Configuration

Interface-VLAN Configuration

Command Syntax

ipv6 nd ra dns-suffix domain SUFFIX_LIFE

no ipv6 nd ra dns-suffix ipv6_addr

default ipv6 nd ra dns-suffix ipv6_addr

Parameters
  • domain     domain suffix for IPv6 hosts to append to short, unqualified domain names for DNS queries. Suffix must contain only alphanumeric characters, “.” and “-” and must begin and end with an alphanumeric character.
  • SUFFIX_LIFE    maximum lifetime value for the specified domain suffix. This value overrides any default lifetime value. Value should be between the RA interval configured on the interface and two times that interval. Options include:
    • no parameter     lifetime period is the default lifetime period configured on the interface. If no lifetime period is configured on the interface, the default value is 1.5 times the maximum RA interval set by the ipv6 nd ra interval command.
    • lifetime 0      the configured domain suffix is not to be used.
    • lifetime 1 to 4294967295      specifies the lifetime period for this domain suffix in seconds.

Example

These commands create a DNSSL for interface vlan 200 to include in its neighbor-discovery route advertisements, and set its lifetime value to 300 seconds.
switch(config)# interface vlan 200
switch(config-if-Vl200)# ipv6 nd ra dns-suffix test.com lifetime 300
switch(config-if-Vl200)#

ipv6 nd ra dns-suffixes lifetime

The ipv6 nd ra dns-suffixes lifetime command sets the default value that the configuration mode interface uses for the lifetime of any DNS Search List (DNSSL) configured on the interface. A lifetime value set for an individual DNSSL overrides this value. The lifetime value is the maximum amount of time after a route advertisement packet is sent that the DNSSL included in the packet may be used for name resolution.

The no ipv6 nd ra dns-suffixes lifetime and default ipv6 nd ra dns-suffixes lifetime commands remove the default lifetime value from the interface by removing the corresponding ipv6 nd ra dns-suffixes lifetime command from running-config. When there is no default DNSSL lifetime value configured on the interface, a DNSSL without a custom lifetime value will default to 1.5 times the RA interval configured on the interface. A lifetime of zero seconds means that the DNSSL must not be used for name resolution.

Command Mode

Interface-Ethernet Configuration

Interface-Loopback Configuration

Interface-Management Configuration

Interface-Port-channel Configuration

Interface-VLAN Configuration

Command Syntax

ipv6 nd ra dns-suffixes lifetime period

no ipv6 nd ra dns-suffixes lifetime

default ipv6 nd ra dns-suffixes lifetime

Parameters

period     the DNSSL lifetime value for the configuration mode interface. Options include:
  • 0     any DNSSL configured on the command mode interface without a custom lifetime value must not be used.
  • 1 to 4294967295     maximum DNSSL lifetime value for the configuration mode interface. This value is overridden by any lifetime value set with the ipv6 nd ra dns-suffix command. Should be between the RA interval configured on the interface and two times that interval.

Example

This command sets the default DNSSL maximum lifetime value for interface vlan 200 to 350 seconds.
switch(config)# interface vlan 200
switch(config-if-Vl200)# ipv6 nd ra dns-suffixes lifetime 350
switch(config-if-Vl200)#

ipv6 nd ra hop-limit

The ipv6 nd ra hop-limit command sets a suggested hop-limit value to be included in Router Advertisement (RA) packets. The hop-limit value is to be used by attached hosts in outgoing packets.

The no ipv6 nd ra hop-limit and default ipv6 nd ra hop-limit commands remove the corresponding ipv6 nd ra hop-limit command from running-config.

Command Mode

Interface-Ethernet Configuration

Interface-Loopback Configuration

Interface-Management Configuration

Interface-Port-channel Configuration

Interface-VLAN Configuration

Command Syntax

ipv6 nd ra hop-limit quantity

no ipv6 nd ra hop-limit lifetime

default ipv6 nd ra hop-limit lifetime

Parameters

quantity     the hop-limit value to be included in RA packets sent by the configuration mode interface. Options include:
  • 0     indicates that outgoing packets from attached hosts are to be immediately discarded.
  • 1 to 255     number of hops. The default value is 64.

Example

These commands include a hop-limit value of 100 in RA packets sent by interface vlan 200.
switch(config)# interface vlan 200
switch(config-if-Vl200)# ipv6 nd ra hop-limit
switch(config-if-Vl200)#

ipv6 nd ra interval

The ipv6 nd ra interval command configures the interval between IPv6 Router Advertisement transmissions from the configuration mode interface.

The no ipv6 nd ra interval and default ipv6 nd ra interval commands return the IPv6 RA transmission interval for the configuration mode interface to the default value of 200 seconds by removing the corresponding ipv6 nd ra interval command from running-config.

Command Mode

Interface-Ethernet Configuration

Interface-Loopback Configuration

Interface-Management Configuration

Interface-Port-channel Configuration

Interface-VLAN Configuration

Command Syntax

ipv6 nd ra interval [SCALE] ra_period [minimum_period]

no ipv6 nd ra interval

default ipv6 nd ra interval

Parameters
  • SCALE     timescale in which command parameter values are expressed.
    • no parameter     seconds.
    • msec     milliseconds.
  • ra_period    maximum interval between successive IPv6 RA transmissions. The default period is 200 seconds.
    • 4 - 1800     valid range when SCALE is set to default value (seconds).
    • 500 - 1800000     valid range when SCALE is set to msec.
  • minimum_period     minimum interval between successive IPv6 RA transmissions. Must be smaller than ra_period. By default, a minimum period is not defined.
    • no parameter     Command does not specify a minimum period.
    • 3 - 1799    valid range when scale is set to default value (seconds).
    • 375 - 1799999     valid range when scale is set to msec.

Example

These commands configure a RA transmission interval of 60 seconds on VLAN interface interface vlan 200, then displays the interface status.
switch(config)# interface vlan 200
switch(config-if-Vl200)# ipv6 nd ra interval 60
switch(config-if-Vl200)# show active
interface Vlan200
   ipv6 nd ra interval 60
switch(config-if-Vl200)#

ipv6 nd ra lifetime

The ipv6 nd ra lifetime command specifies the value that the switch places in the router lifetime field of IPv6 Router Advertisements sent from the configuration mode interface.

If the value is set to 0, IPv6 peers connected to the specified interface will remove the switch from their lists of default routers. Values greater than 0 indicate the time in seconds that peers should keep the router on their default router lists without receiving further RAs from the switch. Unless the value is 0, the router lifetime value should be equal to or greater than the interval between unsolicited RAs sent on the interface.

The no ipv6 nd ra lifetime and default ipv6 nd ra lifetime commands return the IPv6 RA lifetime data entry filed for the configuration mode interface to the default value of 1800 seconds by removing the corresponding ipv6 nd ra lifetime command from running-config.

Command Mode

Interface-Ethernet Configuration

Interface-Loopback Configuration

Interface-Management Configuration

Interface-Port-channel Configuration

Interface-VLAN Configuration

Command Syntax

ipv6 nd ra lifetime ra_lifetime

no ipv6 nd ra lifetime

default ipv6 nd ra lifetime

Parameters

ra_lifetime    router lifetime period (seconds). Default value is 1800. Options include:
  • 0     Router should not be considered as a default router.
  • 1 - 65535     Lifetime period advertised in RAs. Should be greater than or equal to the interval between IPv6 RA transmissions from the configuration mode interface as set by the ipv6 nd ra interval command.

Example

This command configures the switch to enter 2700 in the router lifetime field of RAs transmitted from interface vlan 200.
switch(config)# interface vlan 200
switch(config-if-Vl200)# ipv6 nd ra lifetime 2700
switch(config-if-Vl200)# show active
interface Vlan20
   ipv6 nd ra lifetime 2700
switch(config-if-Vl200)#

ipv6 nd ra mtu suppress

The ipv6 nd ra mtu suppress command suppresses the Router Advertisement (RA) MTU option on the configuration mode interface. The MTU option causes an identical MTU value to be advertised by all nodes on a link. By default, the RA MTU option is not suppressed.

The no ipv6 nd ra mtu suppress and default ipv6 nd ra mtu suppress commands restores the MTU option setting to enabled by for the configuration mode interface by removing the corresponding ipv6 nd ra mtu suppress command from running-config.

Command Mode

Interface-Ethernet Configuration

Interface-Loopback Configuration

Interface-Management Configuration

Interface-Port-channel Configuration

Interface-VLAN Configuration

Command Syntax

ipv6 nd ra mtu suppress

no ipv6 nd ra mtu suppress

default ipv6 nd ra mtu suppress

Example

This command suppresses the MTU option on interface vlan 200.
switch(config)# interface vlan 200
switch(config-vl200)# ipv6 nd ra mtu suppress
switch(config-vl200)#

ipv6 nd reachable-time

The ipv6 nd reachable-time command specifies the time period that the switch includes in the reachable time field of RAs sent from the configuration mode interface. The reachable time defines the period that a remote IPv6 node is considered reachable after a reachability confirmation event.

RAs that advertise zero seconds indicate that the router does not specify a reachable time. The default advertisement value is 0 seconds. The switch reachability default period is 30 seconds.

The no ipv6 nd reachable-time and default ipv6 nd reachable-time commands restore the entry of the default value (0) in RAs sent from the configuration mode interface by deleting the corresponding ipv6 nd reachable-time command from running-config.

Command Mode

Interface-Ethernet Configuration

Interface-Loopback Configuration

Interface-Management Configuration

Interface-Port-channel Configuration

Interface-VLAN Configuration

Command Syntax

ipv6 nd reachable-time period

no ipv6 nd reachable-time

default ipv6 nd reachable-time

Parameter

period     Reachable time value (milliseconds). Value ranges from 0 to 4294967295. Default is 0.

Example

These commands configure the entry of 25000 (25 seconds) in the reachable time field of RAs sent from interface vlan 200.
switch(config)# interface vlan 200
switch(config-if-Vl200)# ipv6 nd reachable-time 25000
interface Vlan200
   ipv6 address fd7a:4321::1/64
   ipv6 nd reachable-time 25000
switch(config-if-Vl200)#

ipv6 nd router-preference

The ipv6 nd router-preference command specifies the value that the switch enters in the Default Router Preference (DRP) field of Router Advertisements (RAs) that it sends from the configuration mode interface. The default field entry value is medium.

The no ipv6 nd router-preference and default ipv6 nd router-preference commands restore the switch to enter the default DRP field value of medium in RAs sent from the configuration mode interface by deleting the corresponding ipv6 nd router-preference command from running-config.

Command Mode

Interface-Ethernet Configuration

Interface-Loopback Configuration

Interface-Management Configuration

Interface-Port-channel Configuration

Interface-VLAN Configuration

Command Syntax

ipv6 nd router-preference RANK

no ipv6 nd router-preference

default ipv6 nd router-preference

Parameters

RANK    Router preference value. Options include:
  • high
  • low
  • medium

Example

This command configures the switch as a medium preference router on RAs sent from interface vlan 200.
switch(config)# interface vlan 200
switch(config-if-Vl200)# ipv6 nd router-preference medium
switch(config-if-Vl200)#

ipv6 neighbor cache persistent

The ipv6 neighbor cache persistent command restores the IPv6 neighbor cache after reboot.

The no ipv6 neighbor cache persistent and default ipv6 neighbor cache persistent commands remove the ARP cache persistant configuration from the running-config.

Command Mode

Global Configuration

Command Syntax

ipv6 neighbor cache persistent

no ipv6 neighbor cache persistent

default ipv6 neighbor cache persistent

Example

This command restores the ipv6 neighbor cache after reboot.
switch(config)# ipv6 neighbor cache persistent
switch(config)#

ipv6 neighbor

The ipv6 neighbor command creates an IPv6 neighbor discovery cache static entry. The command converts pre-existing dynamic cache entries for the specified address to static entries.

The no ipv6 neighbor and default ipv6 neighborcommands remove the specified static entry from the IPV6 neighbor discovery cache and delete the corresponding ipv6 neighbor command from running-config. These commands do not affect any dynamic entries in the cache.

Command Mode

Global Configuration

Command Syntax

ipv6 neighbor ipv6_addr PORT mac_addr

no ipv6 neighbor ipv6_address PORT

default ipv6 neighbor ipv6_addr PORT

Parameters
  • ipv6_addr     Neighbor’s IPv6 address.
  • PORT Interface through which the neighbor is accessed. Options include:
    • ethernet e_num     Ethernet interface specified by e_num.
    • loopback l_num     Loopback interface specified by l_num.
    • management m_num     Management interface specified by m_num.
    • port-channel p_num     Port-channel interface specified by p_num.
    • vlan v_num     VLAN interface specified by v_num.
    • vxlan vx_num     VXLAN interface specified by vx_num.
    • mac_addr    Neighbor’s data-link (hardware) address. (48-bit dotted hex notation – H.H.H).

Example

This command will add a static entry to the neighbor discovery cache for the neighbor located at 3100:4219::3EF2 with hardware address 0100.4EA1.B100 and accessible through vlan 200.
switch(config)# ipv6 neighbor 3100:4219::3EF2 vlan 200 0100.4EA1.B100
switch(config)#

ipv6 route

The ipv6 route command creates an IPv6 static route. The destination is a IPv6 prefix; the source is an IPv6 address or a routable interface port. When multiple routes exist to a destination prefix, the route with the lowest administrative distance takes precedence.

By default, the administrative distance assigned to static routes is 1. Assigning a higher administrative distance to a static route configures it to be overridden by dynamic routing data. For example, a static route with a distance value of 200 is overridden by OSPF intra-area routes, which have a default distance of 110.

The command provides these methods of designating the nexthop location:
  • null0: Traffic to the specified destination is dropped.
  • IPv6 gateway: Switch identifies egress interface by recursively resolving the next-hop.
  • Egress interface: Switch assumes destination subnet is directly connected to interface; when routing to any subnet address, the switch sends an ARP request to find the MAC address for the first packet.
  • Combination Egress interface and IPv6 gateway: Switch does not assume subnet is directly connected to interface; the only ARP traffic is for the nexthop address for the first packet on the subnet. Combination routes are not recursively resolved.

Multiple routes that are configured to the same destination with the same administrative distance comprise an Equal Cost Multi-Path (ECMP) route. The switch attempts to spread outbound traffic across all ECMP route paths equally. All ECMP paths are assigned the same tag value; commands that change the tag value of any ECMP path change the tag value of all paths in the ECMP.

The no ipv6 route and default ipv6 route commands delete static routes by removing the corresponding ipv6 route statements from running-config. Commands not including a source delete all statements to the destination. Only statements with parameters that match specified command arguments are deleted. Parameters that are not in the command line are not evaluated.

Command Mode

Global Configuration

Command Syntax

ipv6 route dest_prefix NEXTHOP [DISTANCE][TAG_OPT][RT_NAME]

no ipv6 route dest_prefix [nexthop_addr][DISTANCE]

default ipv6 route dest_prefix [nexthop_addr][DISTANCE]

Parameters
  • dest_prefix     Destination IPv6 prefix (CIDR notation).
  • NEXTHOP Access method of next hop device. Options include:
    • null0     Null0 interface – route is dropped.
    • nexthop_addr     IPv6 address of nexthop device.
    • ethernet e_num     Ethernet interface specified by e_num.
    • loopback l_num     Loopback interface specified by l_num.
    • management m_num     Management interface specified by m_num.
    • port-channel p_num     Port-channel interface specified by p_num.
    • vlan v_num     VLAN interface specified by v_num.
    • vxlan vx_num     VXLAN interface specified by vx_num.
    • ethernet e_num  nexthop_addr     Combination route (Ethernet interface and gateway).
    • loopback l_num  nexthop_addr     Combination route (loopback interface and gateway).
    • management m_num  nexthop_addr   Combination route (management interface and gateway).
    • port-channel p_num  nexthop_addr     Combination route (port channel interface and gateway).
    • vlan v_num  nexthop_addr     Combination route (VLAN interface and gateway).
    • vxlan vx_num  nexthop_addr     Combination route (VXLAN interface and gateway).
  • DISTANCE administrative distance assigned to route. Options include:
    • no parameter      route assigned default administrative distance of one.
    • 1 to 255     The administrative distance assigned to route.
  • TAG_OPT     static route tag. Options include:
    • no parameter      assigns default static route tag of 0.
    • tag 0 to 4294967295      Static route tag value.
  • RT_NAME     Associates descriptive text to the route. Options include:
    • no parameter      No text is associated with the route.
    • name descriptive_text     The specified text is assigned to the route.

Example

This command creates an IPv6 static route.
switch(config)# ipv6 route 10:23:31:00:01:32:93/24 vlan 300

ipv6 unicast-routing

The ipv6 unicast-routing command enables the forwarding of IPv6 unicast packets. When routing is enabled, the switch attempts to deliver inbound packets to destination addresses by forwarding them to interfaces or next hop addresses specified by the IPv6 routing table.

The no ipv6 unicast-routing and default ip ipv6 unicast-routing commands disable IPv6 unicast routing by removing the ipv6 unicast-routing command from running-config. Dynamic routes added by routing protocols are removed from the routing table. Static routes are preserved by default; the delete-static-routes option removes static entries from the routing table.

IPv6 unicast routing is disabled by default.

Command Mode

Global Configuration

Command Syntax

ipv6 unicast-routing

no ipv6 unicast-routing [DELETE_ROUTES]

default ipv6 unicast-routing [DELETE_ROUTES]

Parameters

DELETE_ROUTES     Resolves routing table static entries when routing is disabled.
  • no parameter     Routing table retains static entries.
  • delete-static-routes     Static entries are removed from the routing table.

Example

This command enables IPv6 unicast-routing.
switch(config)# ipv6 unicast-routing
switch(config)#

ipv6 verify

The ipv6 verify command configures Unicast Reverse Path Forwarding (uRPF) for inbound IPv6 packets on the configuration mode interface. uRPF verifies the accessibility of source IP addresses in packets that the switch forwards.

uRPF defines two operational modes: strict mode and loose mode.
  • Strict mode: uRPF also verifies that a packet is received on the interface that its routing table entry specifies for its return packet.
  • Loose mode: uRPF validation does not consider the inbound packet’s ingress interface.

The no ipv6 verify and default ipv6 verify commands disable uRPF on the configuration mode interface by deleting the corresponding ipv6 verify command from running-config.

Command Mode

Interface-Ethernet Configuration

Interface-Loopback Configuration

Interface-Management Configuration

Interface-Port-Channel Configuration

Interface-VLAN Configuration

Command Syntax

ipv6 verify unicast source reachable-via RPF_MODE

no ipv6 verify unicast

default ipv6 verify unicast

Parameters

RPF_MODE    Specifes the uRPF mode. Options include:
  • any     Loose mode.
  • rx     Strict mode.
  • rx allow-default      Strict mode. All inbound packets are forwarded if a default route is defined.

Guidelines

The first IPv6 uRPF implementation briefly disables IPv6 unicast routing. Subsequent ip verify commands on any interface do not disable IPv6 routing.

Example

This command enables uRPF strict mode on interface vlan 100. When a default route is configured on the interface, all inbound packets are checked as valid.
switch(config)# interface vlan 100
switch(config-if-Vl100)# ipv6 verify unicast source reachable-via rx allow-default
switch(config-if-Vl100)# show active
 interface Vlan100
   ipv6 verify unicast source reachable-via rx allow-default
switch(config-if-Vl100)#

ipv6 dhcp snooping

The ipv6 dhcp snooping command enables DHCP snooping globally on the switch.

The no ipv6 dhcp snooping and default ipv6 dhcp snooping commands disable global DHCP snooping by removing the ipv6 dhcp snooping command from running-config.

Command Mode

Global Configuration

Command Syntax

ipv6 dhcp snooping [remote-id option | vlan [$ | vlan-range]]

no ipv6 dhcp snooping [remote-id option | vlan [$ | vlan-range]]

default ipv6 dhcp snooping [remote-id option | vlan [$ | vlan-range]]

Parameters
  • remote-id option configures the remote ID option.
  • vlan enables IPv6 DHCP snooping for a specific VLAN. Numbers range from 1 to 4094.
  • $ end of range.
  • vlan-range VLANs based on the snooping enabled. Formats include a number, a number range, or a comma-delimited list of numbers and ranges. Numbers range from 1 to 4094.

Examples

  • The following configuration enables IPv6 DHCP snooping feature at the global level.

    switch(config)# ipv6 dhcp snooping
    switch(config)# ipv6 dhcp snooping remote-id option
    switch(config)# ipv6 dhcp snooping vlan <vlan|vlan-range>
  • The following command display IPv6 DHCP snooping state.
    switch(config)# ipv6 dhcp snooping
    switch(config)# show ipv6 dhcp snooping
    DHCPv6 Snooping is enabled
    DHCPv6 Snooping is operational
    DHCPv6 Snooping is configured on following VLANs:
      2789-2790
    DHCPv6 Snooping is operational on following VLANs:
      2789
    Insertion of Option-37 is enabled

pim ipv6 sparse-mode

The pim ipv6 sparse-mode command enables PIM Sparse Mode (PIM-SM) and IGMP (router mode) on the configuration mode interface.

Note: PIM and multicast border router (MBR) must be mutually exclusive on an interface. If the interface is configured as an MBR, do not enable PIM on the interface.

The no pim ipv6 sparse-mode and default pim ipv6 sparse-mode commands restore the default PIM and IGMP (router mode) settings of disabled on the configuration mode interface by removing the pim ipv6 sparse-mode command from running-config.

Command Mode

Interface-Ethernet Configuration

Interface-Port-Channel

Configuration Interface-VLAN Configuration

Command Syntax

pim ipv6 sparse-mode

no pim ipv6

no pim ipv6 sparse-mode

default pim ipv6

default pim ipv6 sparse-mode

Example

This command enables pim ipv6 sparse-mode on interface vlan 4 interface.
switch(config)# interface vlan 4
switch(config-if-Vl4)# pim ipv6 sparse-mode
switch(config-if-Vl4)#

show ipv6 dhcp relay counters

The show ipv6 dhcp relay counters command displays the number of DHCP packets received, forwarded, or dropped on the switch and on all interfaces enabled as DHCP relay agents.

Command Mode

EXEC

Command Syntax

show ipv6 dhcp relay counters

Example

This command displays the IP DHCP relay counter table.
switch> show ipv6 dhcp relay counters
          |  Dhcp Packets  |
Interface | Rcvd Fwdd Drop |         Last Cleared
----------|----- ---- -----|---------------------
  All Req |  376  376    0 | 4 days, 19:55:12 ago
 All Resp |  277  277    0 |
          |                |
Ethernet4 |  207  148    0 | 4 days, 19:54:24 ago

switch> 

show ipv6 dhcp snooping

The show ipv6 dhcp snooping command displays information about the DHCP snooping configuration.

Command Mode

EXEC

Command Syntax

show ipv6 dhcp snooping

Example

This command displays the switch’s DHCP snooping configuration.

switch# show ipv6 dhcp snooping
DHCPv6 Snooping is enabled
DHCPv6 Snooping is operational
DHCPv6 Snooping is configured on following VLANs:
  2789-2790
DHCPv6 Snooping is operational on following VLANs:
  2789
Insertion of Option-37 is enabled

show ipv6 dhcp snooping counters

The show ipv6 dhcp snooping counters command displays counters that track the quantity of DHCP request and reply packets that the switch receives. Data is either presented for each VLAN or aggregated for all VLANs with counters for packets dropped.

Command Mode

EXEC

Command Syntax

show ipv6 dhcp snooping counters [COUNTER_TYPE]

Parameters
  • COUNTER_TYPE     The type of counter that the command displays.
  • no parameter     command displays counters for each VLAN.
  • debug     command displays aggregate counters and drop cause counters.
Examples
  • This command displays the number of DHCP packets sent and received on each VLAN.
    switch# show ipv6 dhcp snooping counters
    
         | Dhcpv6 Request Pkts | Dhcpv6 Reply Pkts | 
    Vlan |  Rcvd   Fwdd   Drop |  Rcvd  Fwdd  Drop | Last Cleared
    -----|------ ------ -------|------ ----- ------|------------- 
    2789 |     1      1      0 |     1     1     0 |  0:03:09 ago
  • This command displays the number of DHCP packets sent on the switch.
    switch# show ipv6 dhcp snooping counters debug
    
    Counter                       Snooping to Relay Relay to Snooping
    ----------------------------- ----------------- -----------------
    Received                                      1                 1
    Forwarded                                     1                 1
    Dropped - Invalid VlanId                      0                 0
    Dropped - Parse error                         0                 0
    Dropped - Invalid Dhcp Optype                 0                 0
    Dropped - Invalid Remote-ID Option            0                 0
    Dropped - Snooping disabled                   0                 0
    
    Last Cleared:  0:04:29 ago

show ipv6 dhcp snooping hardware

The show ipv6 dhcp snooping hardware command displays internal hardware DHCP snooping status on the switch.

Command Mode

EXEC

Command Syntax

show ipv6 dhcp snooping hardware

Example

This command displays DHCP snooping hardware status.

switch# show ipv6 dhcp snooping hardware
DHCPv6 Snooping is enabled
DHCPv6 Snooping is enabled on following VLANs:
    2789
    Vlans enabled per Slice
        Slice:  Linecard0-0
        2789
        Slice:  Linecard0-1
        2789
        Slice:  Linecard0-2
        2789
        Slice:  Linecard0-3
        2789

show ipv6 hardware fib aggregate-address

The show ipv6 hardware fib aggregate-address command displays the IPv6 prefixes that are restricted from entry into the hardware routing table. The ipv6 hardware fib aggregate-address command configures IPv6 prefix restictions.

Command Mode

EXEC

Command Syntax

show ipv6 address fib aggregate-address [ADDRESS][RESTRICTION]

Parameters
  • ROUTE_FILTER     filters by IPv6 address. Options include:
    • no parameter     Displays all routes.
    • ipv6_addr     Command displays only specified address.
    • ipv6_prefix     Command displays addresses filtered by specified prefix (CIDR notation).
  • RESTRICTION     filters by route restriction.
    • no parameter     displays routes restricted from the hardware routing table.
    • software-forward     displays routes restricted from the hardware routing table.

Example

This command displays the routes that are restricted from the hardware routing table.
switch> show ipv6 hardware fib aggregate-address
Codes: S - Software Forwarded
S  fd77:4890:5313:aaed::/64
S  fd77:4890:5313:ffed::/64

switch>

show ipv6 interface

The ipv6 interface command displays the status of specified routed interfaces that are configured for IPv6.

Command Mode

EXEC

Command Syntax

show ipv6 interface [INTERFACE_NAME][INFO_LEVEL]

Parameters
  • INTERFACE_NAME     interfaces for which command displays status.
    • no parameter     all routed interfaces.
    • ethernet e_num     Ethernet interface specified by e_num.
    • loopback l_num     Loopback interface specified by l_num.
    • management m_num     Management interface specified by m_num.
    • port-channel p_num     Port-Channel Interface specified by p_num.
    • vlan v_num     VLAN interface specified by v_num.
    • vxlan vx_num     VXLAN interface specified by vx_num.
  • INFO_LEVEL     amount of information that is displayed. Options include:
    • no parameter     command displays data block for each specified interface.
    • brief      command displays table that summarizes IPv6 interface data.

Example

This command displays the status of interface vlan 903.
switch> show ipv6 interface vlan 903
Vlan903 is up, line protocol is up (connected)
  IPv6 is enabled, link-local is fe80::21c:73ff:fe01:21e/64
  Global unicast address(es):
    fd7a:629f:52a4:fe10::3, subnet is fd7a:629f:52a4:fe10::/64
  Joined group address(es):
    ff02::1
    ff02::1:ff01:21e
    ff02::1:ff00:3
    ff01::2
switch>

show ipv6 nd ra internal state

The ipv6 nd ra internal state command displays the state of the IPv6 Router Advertisement (RA) daemon for the specified routable interface.

Command Mode

EXEC

Command Syntax

show ipv6 nd ra internal state [INTERFACE_NAME]

Parameters

INTERFACE_NAME     interfaces for which command displays status.
  • no parameter     all routed interfaces.
  • ethernet e_num     Ethernet interface specified by e_num.
  • loopback l_num     Loopback interface specified by l_num.
  • management m_num     Management interface specified by m_num.
  • port-channel p_num     Port-Channel Interface specified by p_num.
  • vlan v_num     VLAN interface specified by v_num.
  • vxlan vx_num     VXLAN interface specified by vx_num.

Example

This command displays the IPv6 RA daemon for vlan 1243.
switch> show ipv6 nd ra internal state vlan 1243
INTERFACE: Vlan3908
                                ifindex : 0x00000021
                                    mtu : 9212
                            numIpv6Addr : 2
                   numPrefixToAdvertise : 0
                    numPrefixToSuppress : 0
                             RaSuppress : 0
                          RsRspSuppress : 0
                      raIntervalMaxMsec : 200000
                      raIntervalMinMsec : 0
                      managedConfigFlag : 0
                        otherConfigFlag : 0
                          raMtuSuppress : 0
                             raLifetime : 1800
                         reacheableTime : 0
                       routerPreference : 0
                             lastRaTime : 2012-05-01 09:22:57.020634
                      lastRsRspSentTime :
                            nextTimeout : 171.474535 (sec)
                  raNotSentIntfNotReady : 0
                              numRaSent : 219
                              numRsRcvd : 0
                        numRsSuppressed : 0
                           numRsRspSent : 0
            numRsDroppedInvalidHopLimit : 0
            numPktDroppedUnexpectedType : 0
                            initialized : 1
switch>

show ipv6 neighbors

The show ipv6 neighbors command displays the IPv6 neighbor discovery cache. The command provides filters to restrict the list to a specified IPv6 address or routable interface.

Command Mode

EXEC

Command Syntax

show ipv6 neighbors [PORT][SOURCE][INFO_LEVEL]

Parameters
  • PORT Filters by interface through which neighbor is accessed. Options include:
    • no parameter     all routed interfaces.
    • ethernet e_num     Ethernet interface specified by e_num.
    • loopback l_num     Loopback interface specified by l_num.
    • management m_num     Management interface specified by m_num.
    • port-channel p_num     Port-channel interface specified by p_num.
    • vlan v_num     VLAN interface specified by v_num.
    • vxlan vx_num     VXLAN interface specified by vx_num.
  • SOURCE Filters by neighbor IPv6 address. Options include:
    • no parameter     all IPv6 neighbors.
    • ipv6_addr    IPv6 address of individual neighbor.
  • INFO_LEVEL     amount of information that is displayed. Options include:
    • no parameter     command displays the discovery cache for the specified interfaces.
    • summary     command displays summary information only.

Example

This command displays the IPv6 neighbor discovery cache for IPv6 address fe80::21c:73ff:fe01:5fe1.
switch> show ipv6 neighbors fe80::21c:73ff:fe01:5fe1
IPv6 Address                              Age Hardware Addr    State Interface
fe80::21c:73ff:fe01:5fe1                    0 001c.d147.8214   REACH Et12
fe80::21c:73ff:fe01:5fe1                    0 001c.d147.8214   REACH Po999
fe80::21c:73ff:fe01:5fe1                    0 001c.d147.8214   REACH Vl102
fe80::21c:73ff:fe01:5fe1                    0 001c.d147.8214   REACH Vl103
fe80::21c:73ff:fe01:5fe1                    0 001c.d147.8214   REACH Vl205
fe80::21c:73ff:fe01:5fe1                    0 001c.d147.8214   REACH Vl207
fe80::21c:73ff:fe01:5fe1                    0 001c.d147.8214   REACH Vl3901
fe80::21c:73ff:fe01:5fe1                    0 001c.d147.8214   REACH Vl3902
fe80::21c:73ff:fe01:5fe1                    0 001c.d147.8214   REACH Vl3903
fe80::21c:73ff:fe01:5fe1                    0 001c.d147.8214   REACH Vl3904
fe80::21c:73ff:fe01:5fe1                    0 001c.d147.8214   REACH Vl3905
fe80::21c:73ff:fe01:5fe1                    0 001c.d147.8214   REACH Vl3996

show ipv6 route

The show ipv6 route command displays IPv6 routing table entries that are in the Forwarding Information Base (FIB), including static routes, routes to directly connected networks, and dynamically learned routes. Multiple equal cost paths to the same prefix are displayed contiguously as a block, with the destination prefix displayed only on the first line.

The show running-config command displays all configured routes.

Command Mode

EXEC

Command Syntax

show ipv6 route [ADDRESS][ROUTE_TYPE][INFO_LEVEL]

Parameters

ADDRESS, when present, is always listed first. All other parameters can be placed in any order.
  • ADDRESS     filters routes by IPv6 address or prefix.
    • no parameter     all routing table entries.
    • ipv6_address     routing table entries matching specified IPv6 address.
    • ipv6_prefix     routing table entries matching specified IPv6 prefix (CIDR notation).
  • ROUTE_TYPE    filters routes by specified protocol or origin.
    • no parameter     all routing table entries.
    • aggregate     entries for BGP aggregate routes.
    • bgp     entries added through BGP protocol.
    • connected     entries for routes to networks directly connected to the switch.
    • kernel     entries appearing in Linux kernel but not added by EOS software.
    • isis     entries added through IS-IS protocol.
    • ospf     entries added through OSPF protocol.
    • static     entries added through CLI commands.
  • INFO_LEVEL     Filters entries by next hop connection.
    • no parameter     filters routes whose next hops are directly connected.
    • detail     displays all routes.

Example

This command displays a route table entry for a specific IPv6 route.
switch> show ipv6 route fd7a:3418:52a4:fe18::/64
IPv6 Routing Table - 77 entries
Codes: C - connected, S - static, K - kernel, O - OSPF, B - BGP, R - RIP, A - 
Aggregate

O   fd7a:3418:52a4:fe18::/64 [10/20]
     via fe80::21c:73ff:fe00:1319, Vlan3601
     via fe80::21c:73ff:fe00:1319, Vlan3602
     via fe80::21c:73ff:fe00:1319, Vlan3608
     via fe80::21c:73ff:fe0f:6a80, Vlan3610
     via fe80::21c:73ff:fe00:1319, Vlan3611

switch>

show ipv6 route age

The show ipv6 route age command displays the IPv6 route age to the specified IPv6 address or prefix.

Command Mode

EXEC

Command Syntax

show ipv6 route ADDRESS age

Parameters

ADDRESS     filters routes by IPv6 address or prefix.
  • ipv6_address     routing table entries matching specified address (A:B:C:D:E:F:G:H).
  • ipv6_prefix     routing table entries matching specified IPv6 prefix (A:B:C:D:E:F:G:H/PL).

Example

This command displays the route age for the specified prefix.
switch>show ipv6 route 2001::3:0/11 age
IPv6 Routing Table - 74 entries
Codes: C - connected, S - static, K - kernel, O - OSPF, B - BGP, R - RIP, A - 
Aggregate

C 2001::3:0/11 age 00:02:34
switch>

show ipv6 route host

The show ipv6 route host command displays all host routes in the IPv6 host forwarding table. Host routes are those whose destination prefix is the entire address (prefix =/128). Each displayed host route is labeled with its purpose:
  • F      static routes from the FIB.
  • A      routes to any neighboring host for which the switch has an ARP entry.
  • R     routes defined because the IP address is an interface address.

Command Mode

EXEC

Command Syntax

show ipv6 route host

Example

This command displays all IPv6 host routes in the host forwarding table.
switch> show ipv6 route host
R - receive F - FIB, A - attached

 F  ::1 to cpu
 A  fee7:48a2:0c11:1900:400::1 on Vlan102
 R  fee7:48a2:0c11:1900:400::2 to cpu
 F  fee7:48a2:0c11:1a00::b via fe80::21c:73ff:fe0b:a80e on Vlan3902
 R  fee7:48a2:0c11:1a00::17 to cpu
 F  fee7:48a2:0c11:1a00::20 via fe80::21c:73ff:fe0b:33e on Vlan3913
 F  fee7:48a2:0c11:1a00::22 via fe80::21c:73ff:fe01:5fe1 on Vlan3908
                            via fe80::21c:73ff:fe01:5fe1 on Vlan3902

switch>

show ipv6 route interface

The show ipv6 route interface command displays routing table entries on a specified routed port.

Command Mode

EXEC

Command Syntax

show ipv6 route [ADDRESS] interface PORT_NAME [INFO_LEVEL]

Parameters

ADDRESS, when present, is always listed first. All other parameters can be placed in any order.
  • ADDRESS     filters routes by IPv6 address or prefix.
    • no parameter     all routing table entries.
    • ipv6_address     routing table entries matching specified IPv6 address.
    • ipv6_prefix     routing table entries matching specified IPv6 prefix (CIDR notation).
  • PORT_NAME      interfaces for which command displays status.
    • ethernet e_num     Ethernet interface specified by e_num.
    • loopback l_num     Loopback interface specified by l_num.
    • management m_num     Management interface specified by m_num.
    • port-channel p_num     Port-Channel Interface specified by p_num.
    • vlan v_num     VLAN interface specified by v_num.
    • vxlan vx_num     VXLAN interface specified by vx_num.
  • INFO_LEVEL     Filters entries by next hop connection.
    • no parameter     filters routes whose next hops are directly connected.
    • detail     displays all routes.

Example

This command displays the IPv6 routes in interface ethernet 8.
switch> show ipv6 route interface ethernet 8
IPv6 Routing Table - 77 entries
Codes: C - connected, S - static, K - kernel, O - OSPF, B - BGP, R - RIP, A - 
Aggregate

O   fd7a:629f:63af:1232::/64 [150/11]
     via fe80::823c:73ff:fe00:3640, Ethernet8
O   fd7a:629f:63af:4118::/64 [150/11]
     via fe80::823c:73ff:fe00:3640, Ethernet8
O   fd7a:629f:63af:4119::/64 [150/11]
     via fe80::823c:73ff:fe00:3640, Ethernet8
O   fd7a:629f:63af:411a::/64 [150/11]
     via fe80::823c:73ff:fe00:3640, Ethernet8
O   fd7a:629f:63af:fe78::/64 [150/11]
     via fe80::823c:73ff:fe00:3640, Ethernet8
C   fd7a:629f:63af:fe88::/64 [0/1]
     via ::, Ethernet12
O   fd7a:629f:63af:fe8c::/64 [10/20]
     via fe80::21c:73ff:fe00:3640, Ethernet8
C   fe80:0:40::/64 [0/1]
     via ::, Ethernet8

show ipv6 route match tag

The show ipv6 route match tag command displays the route tag assigned to the specified IPv6 address or prefix. Route tags are added to static routes for use by route maps.

Command Mode

EXEC

Command Syntax

show ipv6 route ADDRESS match tag

Parameters

ADDRESS     filters routes by IPv6 address or prefix.
  • ipv6_address     routing table entries matching specified address (A:B:C:D:E:F:G:H).
  • ipv6_prefix     routing table entries matching specified IPv6 prefix (A:B:C:D:E:F:G:H/PL).

Example

This command displays the route tag for the specified prefix.
switch> show ipv6 route 2001:0DB8::/64 match tag
IPv6 Routing Table - 74 entries
Codes: C - connected, S - static, K - kernel, O3 - OSPFv3, B - BGP, R - RIP, A B 
- BGP Aggregate, I L1 - IS-IS level 1, I L2 - IS-IS level 2, DH - DHCP, NG - 
Nexthop Group Static Route, M - Martian, DP - Dynamic Policy Route, L - VRF Leaked

C   2001:0DB8::/64 tag 0

switch>

show ipv6 route summary

The show ipv6 route summary command displays the information about the IPv6 routing table.

Command Mode

EXEC

Command Syntax

show ipv6 route summary

Example

This command displays the route source and the corresponding number of routes in the IPv6 routing table.
switch> show ipv6 route summary   
Route Source    Number Of Routes
------------------ ----------------
   connected                      2
   static                         0
   ospf                           5
   bgp                            7
   isis                           0
   internal                       1
   attached                       0
   aggregate                      2

   Total Routes                   17
switch>

show platform fap mroute ipv6

The show platform fap mroute ipv6 command enables PIM Sparse Mode (PIM-SM) and IGMP (router mode) on the configuration mode interface.

Command Mode

EXEC

Command Syntax

show platform

Example

This command enables PIM sparse mode on VLAN 4 interface.

switch# show platform fap mroute ipv6
Jericho0 Multicast Routes:
--------------------------
Location  GroupId Group               Source         IIF      McId    OIF
FLP/TT    FLP/TT  TT                  FLP            FLP      FLP     FLP
----------------------------------------------------------------------------------------------------
4096/2048 1/1     ff33::1:0:0:23/128  101:1::2/128   Vlan1357 21504   Vlan1044(Et7/1) Vlan1123(Et9/1)
                                                                      Vlan1200(Et8/1) Vlan1223(Et2/1)
                                                                      Vlan1226(Et5/1) Vlan1232(Et3/1)
                                                                      Vlan1307(Et6/1) Vlan1337(Et4/1)

show rib route ipv6

The show rib route ipv6 command displays a list of IPv6 Routing Information Base (RIB) routes.

Command Mode

EXEC

Command Syntax

show rib route ipv6 [vrf vrf_name] [PREFIX][ROUTE TYPE]

Parameters
  • vrf vrf_name     displays RIB routes from the specified VRF.
  • PREFIX           displays routes filtered by the specified IPv6 information. Options include:
    • ipv6_address     displays RIB routes filtered by the specified IPv6 address.
    • ipv6_subnet_mask     displays RIB routes filtered by the specified IPv6 address and subnet mask.
    • ipv6_prefix     displays RIB routes filtered by the specified IPv6 prefix.
  • ROUTE TYPE       displays routes filtered by the specified route type. Options include:
    • bgp      displays RIB routes filtered by BGP.
    • connected      displays RIB routes filtered by connected routes.
    • dynamicPolicy      displays RIB routes filtered by dynamic policy routes.
    • host      displays RIB routes filtered by host routes.
    • isis      displays RIB routes filtered by ISIS routes.
    • ospf      displays RIB routes filtered by OSPF routes.
    • ospf3      displays RIB routes filtered by OSPF3 routes.
    • reserved      displays RIB routes filtered by reserved routes.
    • route-input      displays RIB routes filtered by route-input routes.
    • static      displays RIB routes filtered by static routes.
Examples
  • This command displays IPv6 RIB BGP routes.
    switch# show rib route ipv6 bgp
    VRF name: default, VRF ID: 0xfe, Protocol: bgp
    Codes: C - Connected, S - Static, P - Route Input
           B - BGP, O - Ospf, O3 - Ospf3, I - Isis
           > - Best Route, * - Unresolved Nexthop
           L - Part of a recursive route resolution loop
     B    2001:10:1::/64 [200/42]
             via 2001:10:1::100 [0/1]
                via Ethernet1, directly connected
    >B    2001:10:100::/64 [200/200]
             via 2001:10:1::100 [0/1]
                via Ethernet1, directly connected
    >B    2001:10:100:1::/64 [200/0]
             via 2001:10:1::100 [0/1]
                via Ethernet1, directly connected
    >B    2001:10:100:2::/64 [200/42]
             via 2001:10:1::100 [0/1]
                via Ethernet1, directly connected
    switch#
  • This command displays IPv6 RIB connected routes.
    switch# show rib route ipv6 connected
    VRF name: default, VRF ID: 0xfe, Protocol: connected
    Codes: C - Connected, S - Static, P - Route Input
           B - BGP, O - Ospf, O3 - Ospf3, I - Isis
           > - Best Route, * - Unresolved Nexthop
           L - Part of a recursive route resolution loop
    >C    2001:10:1::/64 [0/1]
             via 2001:10:1::102, Ethernet1
    >C    2001:10:2::/64 [0/1]
             via 2001:10:2::102, Ethernet2
    >C    2001:10:3::/64 [0/1]
             via 2001:10:3::102, Ethernet3
    switch#