Cisco Systems ASA5515K9, ASA 5500 Allowing Same Security Level Communication

9-18

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter9 Completing Interface Configuration (Transparent Mode)

Completing Interface Configuration in Transparent Mode

Allowing Same Security Level Communication

By default, interfaces on the same security level cannot communicate with each other, and packets

cannot enter and exit the same interface. This section describes how to enable inter-interface

communication when interfaces are on the same security level.

Information About Inter-Interface Communication

Allowing interfaces on the same security level to communicate with each other is useful if you want

traffic to flow freely between all same security interfaces without access lists.

If you enable same security interface communication, you can still configure interfaces at different

security levels as usual.

Step3 (Optional)

ipv6 nd suppress-ra

Example:

hostname(config-if)# ipv6 nd suppress-ra

Suppresses Router Advertisement messages on an interface. By

default, Router Advertisement messages are automatically sent in

response to router solicitation messages. You may want to disable

these messages on any interface for which you do not want the

ASA to supply the IPv6 prefix (for example, the outside

interface).

Step4 (Optional)

ipv6 nd dad attempts value

Example:

hostname(config-if)# ipv6 nd dad attempts

Changes the number of duplicate address detection attempts. The

value argument can be any value from 0 to 600. Setting the value

argument to 0 disables duplicate address detection on the

interface.

By default, the number of times an interface performs duplicate

address detection is 1. See the “Duplicate Address Detection”

section on page 9-15 for more information.

Step5 (Optional)

ipv6 nd ns-interval value

Example:

hostname(config-if)# ipv6 nd ns-interval

2000

Changes the neighbor solicitation message interval. When you

configure an interface to send out more than one duplicate address

detection attempt with the ipv6 nd dad attempts command, this

command configures the interval at which the neighbor

solicitation messages are sent out. By default, they are sent out

once every 1000 milliseconds. The value argument can be from

1000 to 3600000 milliseconds.

Note Changing this value changes it for all neighbor

solicitation messages sent out on the interface, not just

those used for duplicate address detection.

Step6 (Optional)

ipv6 enforce-eui64 if_name

Example:

hostname(config)# ipv6 enforce-eui64

inside

Enforces the use of Modified EUI-64 format interface identifiers

in IPv6 addresses on a local link.

The if_name argument is the name of the interface, as specified by

the nameif command, on which you are enabling the address

format enforcement.

See the “Modified EUI-64 Interface IDs” section on page9-16 for

more information.

Command Purpose