IPv6 snooping bundles layer 2 IPv6 hop security features, such as IPv6 ND inspection, IPv6 address gleaning and IPv6 device tracking. When IPv6 ND is configured on a device, packet capture instructions redirect the ND protocol and DHCP for IPv6 traffic up to the controller for inspection.
A database of connected IPv6 neighbors is created from the IPv6 neighbor snoop. The database is used by IPv6 to validate the link layer address, IPv6 address and prefix binding of the neighbors to prevent spoofing and potential redirect attacks.
Access Points listen to IPv6 formatted network traffic and forward IPv6 packets to radios on which the interested hosts are connected.
To review IPv6 neighbor snooping statistics:
MAC Address | Displays the hardware encoded MAC address of an IPv6 client reporting to the controller or service platform. |
Node Type | Displays the NetBios node type from an IPv6 address pool from which IP addresses can be issued to requesting clients. |
IPv6 Address | Displays the IPv6 address used for DHCPv6 discovery and requests between the DHCPv6 server and DHCP clients. |
VLAN | Displays the controller or service platform virtual interface ID used for a new DHCPv6 configuration. |
Mint Id | Lists MiNT IDs for each listed VLAN. MiNT provides the means to secure communications at the transport layer. Using MiNT, a device can be configured to only communicate with other authorized (MiNT enabled) devices of the same model. |
Snoop Id | Lists the numeric snooping session ID generated when Access Points listen to IPv6 formatted network traffic and forward IPv6 packets to radios. |
Time Elapsed Since Last Update | Displays the amount of time elapsed since the DHCPv6 server was last updated. |