Maybe you should be looking at DHCPv6 if you want those kinds of logs.
On Fri, Mar 22, 2019 at 2:19 PM Jason Healy <jhe...@logn.net> wrote: > > We're starting to play around more with IPv6, and one thing we're missing is > a log of who has which address. In IPv4 we have DHCP and can check the logs, > but we're using SLAAC for v6 so that's not an option. > > I set up a quick trunk interface with all our VLANs as members and started > sniffing. While I'm seeing plenty of neighbor discoveries, I'm not seeing > any(?) neighbor advertisements. I'm guessing that because the sniffing box > doesn't have an address on each VLAN, it's not participating in ND and > registering for multicast, so we're getting pruned. IGMP snooping is on by > default on all VLANs. > > I'd prefer not to have to add an interface on each VLAN just to grab all this > traffic (more to keep in sync, security concerns, etc). Is there a way to > tell the switch to force IPv6 multicast traffic for ff02::1 to go to a > specific port? Our core is a QFX5100; the other switches in the network are > a mix of EX3200/4200/3400. > > For the moment I've got it to work by setting up firewall filters on each > VLAN in our core and port-mirroring just the ICMPv6 (type 136) traffic to a > monitoring port. That works, but it's also a lot of configuration overhead. > If there's a better way, I'd love suggestions! > > Thanks, > > Jason > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
