Neighbor Discovery Proxy

Information About Neighbor Discovery

In IPv6 networks, Neighbor Discovery Protocol (NDP) uses ICMPv6 messages and solicited-node multicast addresses to track and discover the other IPv6 hosts present on the other side of connected interfaces. As part of this process, a host queries for other node link-layer addresses to verify neighbor reachability using Neighbor Solicitation (NS) messages. In response to the NS messages, a Neighbor Advertisement (NA) is sent to provide information to neighbors.

Configure Neighbor Discovery Proxy (CLI)

Neighbor Discovery (ND) Proxy is the ability of the controller to respond to the Neighbor Solicitation packet destined for wireless clients. During Neighbor Discovery suppression, the controller checks if proxy is enabled for the destined wireless clients. If proxy is enabled, the controller drops the Neighbor Solicitation packet and generates a response to the Neighbor Solicitation source in such a way that the packet appears to be coming from a wireless client. This helps in limiting the traffic to the wireless clients.

If Neighbor Discovery Proxy is not enabled, the multicast Neighbor Solicitation is converted into unicast Neighbor Solicitation with the MAC address of the target client and is forwarded to that client.


Note


  • Neighbor Discovery proxy is applicable only in central switching mode.

  • A controller does not proxy the Neighbor Solicitation packet if the destination address is not that of a wireless client.


Procedure

  Command or Action Purpose

Step 1

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 2

wireless profile policy policy-profile-name

Example:

Device(config)# wireless profile policy policy-profile1

Configures WLAN policy profile and enters wireless policy configuration mode.

Step 3

ipv6 nd proxy full-proxy

Example:

Device(config-wireless-policy)# ipv6 nd proxy full-proxy

Enables ND proxy.

Configure Duplicate Address Detection Proxy (CLI)

The IPv6 Duplicate Address Detection (DAD) feature ensures that all the IP addresses assigned on a particular segment are unique. A proxy is required to ensure that multicast and unicast packets are not sent towards the wireless device for which it is enabled.

DAD verifies whether the host address is unique. The IPv6 DAD Proxy feature responds on behalf of the address owner when an address is in use.

However, in a scenario where nodes are restricted from talking to each other at Layer 2, DAD cannot detect a duplicate address. If DAD proxy is disabled, the multicast packet is converted into unicast and is sent to the target client.


Note


  • DAD proxy is applicable only in central switching mode.

  • A controller does not proxy the DAD NS packet if the destination address is not that of a wireless client.


Procedure

  Command or Action Purpose

Step 1

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 2

wireless profile policy policy-profile-name

Example:

Device(config)# wireless profile policy policy-profile1

Configures a WLAN policy profile and enters wireless policy configuration mode.

Step 3

ipv6 nd proxy dad-proxy

Example:

Device(config-wireless-policy)# ipv6 nd proxy dad-proxy

Enables DAD proxy.

Note

 

Full proxy configuration is a superset of ND proxy and DAD proxy configuration. Hence, use the ipv6 nd proxy full-proxy command also to enable DAD proxy.