ipv6-mac

Defines an action based on conflicts detected in a device‘s IPv6 and MAC addresses

Supported in the following platforms:

  • Access Points — AP505i, AP510i/e, AP560i/h
  • Service Platforms — NX5500, NX7500, NX9500, NX9600, VX9000

Syntax

ipv6-mac [conflict|routing]
ipv6-mac conflict [drop-only|log-and-drop|log-only]
ipv6-mac routing conflict [drop-only|log-and-drop|log-only]

Parameters

ipv6-mac conflict [drop-only|log-and-drop|log-only]
conflict Enables detection of conflict between a device‘s IPv6 and MAC addresses. This option is enabled by default.

This command also specifies the action to be performed when a such a conflict is detected. The options are: drop-only, log-and-drop, and log-only.

drop-only Drops a packet (with conflicting IPv6 and MAC address) without logging
log-and-drop Logs the event and drops the packet. This is the default setting.
log-only Logs the event only, the packet is not dropped
log-level If selecting the “log-and-drop” and “log-only” action type, specify the log level. The options are:
  • <0-7> – Sets the numeric logging level
  • alerts – Numerical severity 1. Indicates a condition where immediate action is required
  • critical – Numerical severity 2. Indicates a critical condition
  • debugging – Numerical severity 7. Debugging messages
  • emergencies – Numerical severity 0. System is unusable
  • errors – Numerical severity 3. Indicates an error condition
  • informational – Numerical severity 6. Indicates a informational condition
  • notifications – Numerical severity 5. Indicates a normal but significant condition
  • warnings – Numerical severity 4. Indicates a warning condition. This is the default setting.
ipv6-mac routing conflict [drop-only|log-and-drop|log-only]
routing conflict Enables detection of conflict between the next-hop‘s IPv6 and MAC addresses. This option is enabled by default.

This command also specifies the action to be performed when a such a conflict is detected. The options are: drop-only, log-and-drop, and log-only.

drop-only Drops a packet (with conflicting next-hop IPv6 and MAC addresses) without logging
log-and-drop Logs the event and drops the packet. This is the default setting.
log-only Logs the event only, the packet is not dropped
log-level If selecting the “log-and-drop” and “log-only” action type, specify the log level. The options are:
  • <0-7> – Sets the numeric logging level
  • alerts – Numerical severity 1. Indicates a condition where immediate action is required
  • critical – Numerical severity 2. Indicates a critical condition
  • debugging – Numerical severity 7. Debugging messages
  • emergencies – Numerical severity 0. System is unusable
  • errors – Numerical severity 3. Indicates an error condition
  • informational – Numerical severity 6. Indicates a informational condition
  • notifications – Numerical severity 5. Indicates a normal but significant condition
  • warnings – Numerical severity 4. Indicates a warning condition. This is the default setting.

Examples

nx9500-6C8809(config-fw-policy-testFW)#ipv6-mac routing conflict drop-only
nx9500-6C8809(config-fw-policy-testFW)#show context
firewall-policy testFW
 ip dos fraggle drop-only
 ip dos tcp-sequence-past-window drop-only
 ip dos tcp-max-incomplete high 600
 ip dos tcp-max-incomplete low 60
 ip-mac conflict drop-only
 ip-mac routing conflict log-and-drop log-level notifications
 flow timeout icmp 16000
 flow timeout udp 10000
 flow timeout tcp established 1500
 flow timeout other 16000
 dhcp-offer-convert
 ipv6 routing-type two log-and-drop log-level warnings
 ipv6 dos hop-limit-zero drop-only
 alg facetime
 dns-snoop entry-timeout 1200
 ipv6-mac routing conflict drop-only
nx9500-6C8809(config-fw-policy-testFW)#

Related Commands

no Disables actions based on IPv6 and MAC address conflict detection