ipv6-mac

Defines an action based on conflicts detected in a device‘s IPv6 and MAC addresses

Supported on the following devices:

Access Points: AP5010, AP310i/e, AP410i/e, AP505i, AP510i, AP510e, AP560i, AP6522, AP6562, AP7161, AP7502, AP7522, AP7532, AP7562, AP7602, AP7612, AP7622, AP763, AP7662, AP8163, AP8543, AP8533.
Service Platforms: NX5500, NX7500, NX9500, NX9600
Virtual Platforms: CX9000, VX9000

Syntax

ipv6-mac [conflict|routing]

ipv6-mac conflict [drop-only|log-and-drop|log-only]

ipv6-mac routing conflict [drop-only|log-and-drop|log-only]

Parameters

ipv6-mac conflict [drop-only|log-and-drop|log-only]


conflict	Enables detection of conflict between a device‘s IPv6 and MAC addresses. This option is enabled by default. This command also specifies the action to be performed when a such a conflict is detected. The options are: drop-only, log-and-drop, and log-only.
drop-only	Drops a packet (with conflicting IPv6 and MAC address) without logging
log-and-drop	Logs the event and drops the packet. This is the default setting.
log-only	Logs the event only, the packet is not dropped
log-level	If selecting the “log-and-drop” and “log-only” action type, specify the log level. The options are: <0-7> – Sets the numeric logging level alerts – Numerical severity 1. Indicates a condition where immediate action is required critical – Numerical severity 2. Indicates a critical condition debugging – Numerical severity 7. Debugging messages emergencies – Numerical severity 0. System is unusable errors – Numerical severity 3. Indicates an error condition informational – Numerical severity 6. Indicates a informational condition notifications – Numerical severity 5. Indicates a normal but significant condition warnings – Numerical severity 4. Indicates a warning condition. This is the default setting.

ipv6-mac routing conflict [drop-only|log-and-drop|log-only]


routing conflict	Enables detection of conflict between the next-hop‘s IPv6 and MAC addresses. This option is enabled by default. This command also specifies the action to be performed when a such a conflict is detected. The options are: drop-only, log-and-drop, and log-only.
drop-only	Drops a packet (with conflicting next-hop IPv6 and MAC addresses) without logging
log-and-drop	Logs the event and drops the packet. This is the default setting.
log-only	Logs the event only, the packet is not dropped
log-level	If selecting the “log-and-drop” and “log-only” action type, specify the log level. The options are: <0-7> – Sets the numeric logging level alerts – Numerical severity 1. Indicates a condition where immediate action is required critical – Numerical severity 2. Indicates a critical condition debugging – Numerical severity 7. Debugging messages emergencies – Numerical severity 0. System is unusable errors – Numerical severity 3. Indicates an error condition informational – Numerical severity 6. Indicates a informational condition notifications – Numerical severity 5. Indicates a normal but significant condition warnings – Numerical severity 4. Indicates a warning condition. This is the default setting.

Examples

nx9500-6C8809(config-fw-policy-testFW)#ipv6-mac routing conflict drop-only

nx9500-6C8809(config-fw-policy-testFW)#show context
firewall-policy testFW
 ip dos fraggle drop-only
 ip dos tcp-sequence-past-window drop-only
 ip dos tcp-max-incomplete high 600
 ip dos tcp-max-incomplete low 60
 ip-mac conflict drop-only
 ip-mac routing conflict log-and-drop log-level notifications
 flow timeout icmp 16000
 flow timeout udp 10000
 flow timeout tcp established 1500
 flow timeout other 16000
 dhcp-offer-convert
 ipv6 routing-type two log-and-drop log-level warnings
 ipv6 dos hop-limit-zero drop-only
 alg facetime
 dns-snoop entry-timeout 1200
 ipv6-mac routing conflict drop-only
nx9500-6C8809(config-fw-policy-testFW)#

Related Commands


no	Disables actions based on IPv6 and MAC address conflict detection