To Next Page

To Previous Page

412

4. Enable ND detection in VLAN 2 to check the ND packets arrived on the ports. For more

information about ND detection, see "Configuring ND attack defense."

5. Configure a static IPv6 source guard binding entry on each interface connected to a client. This

step is optional. If this step is not performed, SAVI does not check packets against static binding

entries. For more information about static IPv6 source guard binding entries, see "Configuring IP

sou

rce guard."

6. Configure dynamic IPv6 source guard binding on the interfaces connected to the clients. For more

information about dynamic IPv6 source guard binding, see "Configuring IP source guard."

Packet check principles

Switch B checks DHCPv6 protocol packets from DHCPv6 clients against link-local address ND snooping

entries, checks ND protocol packets against link-local address ND snooping entries, DHCPv6 snooping

entries, and static binding entries, and checks the IPv6 data packets from the clients against dynamic

binding entries (including link-local address ND snooping entries and DHCPv6 snooping entries)

applied on the interfaces connected to the clients and against static binding entries. The items to be

examined include MAC address, IPv6 address, VLAN information, and ingress port.

Configuration procedure

# Enable SAVI.

<SwitchB> system-view

[SwitchB] ipv6 savi strict

# Enable IPv6.

[SwitchB] ipv6

# Globally enable DHCPv6 snooping.

[SwitchB] ipv6 dhcp snooping enable

# Assign interfaces GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 to

VLAN 2.

[SwitchB] vlan 2

[SwitchB-vlan2] port gigabitethernet 1/0/1 gigabitethernet 1/0/2 gigabitethernet 1/0/3

# Enable DHCPv6 snooping in VLAN 2.

[SwitchB-vlan2] ipv6 dhcp snooping vlan enable

[SwitchB] quit

# Configure interface GigabitEthernet 1/0/1 as a DHCP snooping trusted port.

[SwitchB] interface gigabitethernet 1/0/1

[SwitchB-GigabitEthernet1/0/1] ipv6 dhcp snooping trust

[SwitchB-GigabitEthernet1/0/1] quit

# Enable link-local address ND snooping and ND detection.

[SwitchB] ipv6 nd snooping enable link-local

[SwitchB] vlan 2

[SwitchB-vlan2] ipv6 nd snooping enable

[SwitchB-vlan2] ipv6 nd detection enable

[SwitchB-vlan2] quit

# Configure the dynamic IPv6 source guard binding function on downlink ports GigabitEthernet 1/0/2

and GigabitEthernet 1/0/3.

Brand	HP
Model	5500 HI Series
Category	Switch
Language	English

HP 5500 HI Series User Manual

Table of Contents

Other manuals for HP 5500 HI Series

Questions and Answers:

HP 5500 HI Series Specifications

Related product manuals