373
NOTE:
If a port on the SAVI enabled device is down for three minutes or more, the device deletes the DHCPv6
snooping entries and ND snooping entries corresponding to the port.
SAVI configuration in DHCPv6-only address
assignment scenario
Network requirements
Figure 144 Network diagram
Eth1/0/1
Switch A
DHCPv6 server
Switch B
Eth1/0/2
Eth1/0/3
DHCPv6 clientDHCPv6 client
As shown in Figure 144, Switch A is the DHCPv6 server. Switch B connects to the DHCPv6 server through
interface Ethernet 1/0/1, and connects to two DHCPv6 clients through interfaces Ethernet 1/0/2 and
Ethernet 1/0/3. The three interfaces of Switch B belong to VLAN 2. The client can obtain IP address only
through DHCPv6. Configure SAVI on Switch B to automatically bind the IP addresses assigned through
DHCPv6 and permit only packets from bound addresses and link-local addresses.
Configuration considerations
Configure Switch B as follows:
• Enable SAVI.
• Enable DHCPv6 snooping. For more information about DHCPv6 snooping, see Layer 3—IP
Services Configuration Guide.
• Enable link-local address ND snooping. For more information about ND snooping, see Layer 3—IP
Services Configuration Guide.
• Enable ND detection in VLAN 2 to check the ND packets arrived on the ports. For more information
about ND detection, see the chapter “ND attack defense configuration.”
• Configure a static IPv6 source guard binding entry on each interface connected to a client. This step
is optional. If this step is not performed, SAVI does not check packets against static binding entries.
For more information about static IPv6 source guard binding entries, see the chapter “IP source
guard configuration.”
• Configure dynamic IPv6 source guard binding on the interfaces connected to the clients. For more
information about dynamic IPv6 source guard binding, see the chapter “IP source guard
configuration.”
To Next Page
Loading...
Need help?
General