367
Figure 112 Network diagram
Configuration procedure
# Configure the IPv6 source guard feature on Ethernet 1/0/1 to filter packets based on both the source
IP address and MAC address.
<Device> system-view
[Device] interface ethernet 1/0/1
[Device-Ethernet1/0/1] ipv6 verify source ipv6-address mac-address
# Configure Ethernet 1/0/1 to allow only IPv6 packets with the source MAC address of
0001-0202-0202 and the source IPv6 address of 2001::1 to pass.
[Device-Ethernet1/0/1] ipv6 source binding ipv6-address 2001::1 mac-address
0001-0202-0202
[Device-Ethernet1/0/1] quit
Verifying the configuration
# Display the information about static IPv6 source guard binding entries on the device. The output shows
that the binding entry is configured successfully.
[Device] display ipv6 source binding static
Total entries found: 1
MAC Address IP Address VLAN Interface Type
0001-0202-0202 2001::1 N/A Eth1/0/1 Static-IPv6
Dynamic IPv6 source guard using DHCPv6 snooping
configuration example
Network requirements
As shown in Figure 113 , enable DHCPv6 and DHCPv6 snooping on the device. The host can obtain an
IP address through the DHCPv6 server and the IPv6 IP address and the MAC address of the host can be
recorded in a DHCPv6 snooping entry.
Enable IPv6 source guard feature on the device's port Ethernet 1/0/1 to filter packets based on DHCPv6
snooping entries, allowing only packets from a client that obtains an IP address through the DHCP server
to pass.
Figure 113 Network diagram
To Next Page
Loading...
