Cisco Systems CL-28826-01 Security Camera User Manual


  Open as PDF
of 2616
 
45-31
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 45 Managing Firewall Devices
Configuring Firewall Device Interfaces
DAD Attempts To specify the number of consecutive neighbor solicitation messages
that are sent on an interface during duplicate address detection (DAD),
enter a number from 0 to 600 in this field. Entering 0 disables duplicate
address detection on the interface. Entering 1 configures a single
transmission without follow-up transmissions; this is the default.
Duplicate address detection verifies the uniqueness of new unicast IPv6
addresses before the addresses are assigned to interfaces (the new
addresses remain in a tentative state while duplicate address detection
is performed). Duplicate address detection uses neighbor solicitation
messages to verify the uniqueness of unicast IPv6 addresses.
When duplicate address detection identifies a duplicate address, the
state of the address is set to DUPLICATE and the address is not used.
If the duplicate address is the link-local address of the interface, the
processing of IPv6 packets is disabled on the interface and an error
message similar to the following is issued:
%PIX-4-DUPLICATE: Duplicate address FE80::1 on outside
If the duplicate address is a global address of the interface, the address
is not used and an error message is issued, similar to that shown
previously for a duplicate link-local address.
All configuration commands associated with the duplicate address
remain as-configured while the state of the address is set to
DUPLICATE. If the link-local address for an interface changes,
duplicate address detection is performed on the new link-local address,
and all other IPv6 address associated with the interface are regenerated
(that is, duplicate address detection is performed only on the new
link-local address).
NS Interval The interval between IPv6 neighbor solicitation retransmissions, in
milliseconds. Valid values range from 1000 to 3600000 milliseconds;
the default value is 1000 milliseconds.
Note This value is included in all IPv6 router advertisements sent out
on this interface.
Reachable Time The amount of time, in milliseconds, within which a remote IPv6 node
is considered still reachable, after initial reachability was confirmed.
Valid values range from 0 to 3600000 milliseconds, the default value is
0. When 0 is used for the value, the reachable time is set as
undetermined—it is up to the receiving devices to set and track
reachable time.
A configured time enables detection of unavailable neighbors. A
shorter time allows detecting unavailable neighbors more quickly;
however, shorter times consume more IPv6 network bandwidth and
processing resources in all IPv6 network devices. Very short configured
times are not recommended in normal IPv6 operation.
Managed Config Flag Whether or not to set the flag "managed-config-flag" in the IPv6 router
advertisement packet.
Table 45-5 IPv6 tab: Add/Edit Interface Dialog Box (ASA/FWSM) (Continued)
Element Description