Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Enabling IPv6 Neighbor Discovery Inspection


This procedure uses Junos OS with support for the Enhanced Layer 2 Software (ELS) configuration style. If your switch uses software that does not support ELS, see Configuring Port Security (CLI Procedure). For ELS details, see Using the Enhanced Layer 2 Software CLI.

IPv6 neighbor discovery inspection protects switches against IPv6 address spoofing. Neighbor discovery inspection validates IPv6 packets carrying neighbor discovery messages against the DHCPv6 binding table. The source IP address, source MAC address, VLAN and interface ID of each packet are checked against the table, and if a valid match is not found, the packet is dropped.

Before you can enable neighbor discovery inspection on a VLAN, you must configure the VLAN. See See the documentation that describes setting up basic bridging and a VLAN for your switch.

To enable neighbor discovery inspection on a VLAN:

[edit vlans vlan-name forwarding-options dhcp-security]

user@switch# set neighbor-discovery-inspection

DHCPv6 snooping is enabled automatically when neighbor discovery inspection is configured. There is no explicit configuration required for DHCPv6 snooping.