IPv6 first hop security features on CML
When implementing first-hop security features for IPv6 on CML, you may find that they do not function correctly. The ipv6 nd command may be available based on the context-sensitive help provided by the CLI, but there are none of the expected options and keywords to input after this.
For example:
SW1(config)#inter gig 0/1 SW1(config-if)#ipv6 n? nd next-hop-self SW1(config-if)#ipv6 nd ? % Unrecognized command SW1(config-if)#ipv6 nd
Note that the ipv6 nd command is available under the interface configuration mode, but there are no available keywords to input after this. This has been observed when using the following vIOS_L2 version:
Cisco IOS Software, vios_l2 Software (vios_l2-ADVENTERPRISEK9-M), Version 15.2(CML_NIGHTLY_20180619)FLO_DSGS7
The expected output is something similar to the following:
dad-proxy Configure DAD proxy on the interface inspection Configure NDP inspection on the interface ra-throttler Configure RA throttler on the interface raguard Configure RA guard on the interface SW1(config-if)#ipv6 nd
It has been reported that the following version of vIOS_L2 functions correctly:
Cisco IOS Software, vios_l2 Software (vios_l2-ADVENTERPRISEK9-M), Version 15.2(4.0.55)E, TEST ENGINEERING ESTG_WEEKLY BUILD, synced to END_OF_FLOW_ISP
Links:
https://networklessons.com/cisco/ccie-routing-switching-written/ipv6-nd-inspection/