368
Configuration procedure
1. Configure DHCPv6 snooping:
# Enable DHCPv6 snooping globally.
<Device> system-view
[Device] ipv6 dhcp snooping enable
# Enable DHCPv6 snooping in VLAN 2.
[Device] vlan 2
[Device-vlan2] ipv6 dhcp snooping vlan enable
[Device-vlan2] quit
# Configure the port connecting to the DHCP server as a trusted port.
[Device] interface ethernet 1/0/2
[Device-Ethernet1/0/2] ipv6 dhcp snooping trust
[Device-Ethernet1/0/2] quit
2. Configure the IPv6 source guard feature:
# Configure the IPv6 source guard feature on Ethernet 1/0/1 to filter packets based on both the
source IP address and MAC address.
[Device] interface ethernet 1/0/1
[Device-Ethernet1/0/1] ipv6 verify source ipv6-address mac-address
[Device-Ethernet1/0/1] quit
Verifying the configuration
# Display the dynamic IPv6 source guard binding entries generated on Ethernet 1/0/1.
[Device] display ipv6 source binding
Total entries found: 1
MAC Address IP Address VLAN Interface Type
040a-0000-0001 2001::1 2 Eth1/0/1 DHCPv6-SNP
# Display all DHCPv6 snooping entries.
[Device] display ipv6 dhcp snooping user-binding dynamic
IP Address MAC Address Lease VLAN Interface
============================== ============== ========== ==== ==================
2001::1 040a-0000-0001 286 2 Ethernet1/0/1
--- 1 DHCPv6 snooping item(s) found ---
The output shows that a dynamic IPv6 source guard binding entry has been generated on Ethernet
1/0/1 based on the DHCPv6 snooping entry.
Dynamic IPv6 source guard using ND snooping configuration
example
Network requirements
As shown in Figure 114 , enable ND snooping on the device, establishing ND snooping entries by
listening to DAD NS messages.
Enable the IPv6 source guard feature on Ethernet 1/0/1 to filter packets based on the ND snooping
entries, allowing only packets with a legally obtained IPv6 address to pass.
To Next Page
Loading...
Need help?
General