8-15
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter8 Completing Interface Configuration (Routed Mode)
Completing Interface Configuration in Routed Mode
Allowing Same Security Level Communication
By default, interfaces on the same security level cannot communicate with each other, and packets
cannot enter and exit the same interface. This section describes how to enable inter-interface
communication when interfaces are on the same security level, and how to enable intra-interface
communication.

Information About Inter-Interface Communication

Allowing interfaces on the same security level to communicate with each other provides the following
benefits:
You can configure more than 101 communicating interfaces.
If you use different levels for each interface and do not assign any interfaces to the same security
level, you can configure only one interface per level (0to 100).
You want traffic to flow freely between all same security interfaces without access lists.
Step3 (Optional)
ipv6 nd suppress-ra
Example:
hostname(config-if)# ipv6 nd suppress-ra
Suppresses Router Advertisement messages on an interface. By
default, Router Advertisement messages are automatically sent in
response to router solicitation messages. You may want to disable
these messages on any interface for which you do not want the
ASA to supply the IPv6 prefix (for example, the outside
interface).
Step4 (Optional)
ipv6 nd dad attempts value
Example:
hostname(config-if)# ipv6 nd dad attempts
3
Changes the number of duplicate address detection attempts. The
value argument can be any value from 0 to 600. Setting the value
argument to 0 disables duplicate address detection on the
interface.
By default, the number of times an interface performs duplicate
address detection is 1. See the “Duplicate Address Detection”
section on page8-12 for more information.
Step5 (Optional)
ipv6 nd ns-interval value
Example:
hostname(config-if)# ipv6 nd ns-interval
2000
Changes the neighbor solicitation message interval. When you
configure an interface to send out more than one duplicate address
detection attempt with the ipv6 nd dad attempts command, this
command configures the interval at which the neighbor
solicitation messages are sent out. By default, they are sent out
once every 1000 milliseconds. The value argument can be from
1000 to 3600000 milliseconds.
Note Changing this value changes it for all neighbor
solicitation messages sent out on the interface, not just
those used for duplicate address detection.
Step6 (Optional)
ipv6 enforce-eui64 if_name
Example:
hostname(config)# ipv6 enforce-eui64
inside
Enforces the use of Modified EUI-64 format interface identifiers
in IPv6 addresses on a local link.
The if_name argument is the name of the interface, as specified by
the nameif command, on which you are enabling the address
format enforcement.
See the “Modified EUI-64 Interface IDs” section on page8-13 for
more information.
Command Purpose