SNR S2940-8G-v2 Switch Configuration Guide
SAVI Configuration
Chapter 57
SAVI Configuration
57.1 Introduction to SAVI
SAVI (Source Address Validation Improvement) is a security authentication method that provides
the granularity level of the node source address. It gets the trust node information (such as port,
MAC address information), namely, anchor information by monitoring the interaction process of
the relative protocol packets (such as ND protocol, DHCPv6 protocol) and using CPS (Control
Packet Snooping) mechanism. After that, it binds the anchor information with the node source
address and sends the corresponding filter rules, allow the packets which match the filter rules to
pass only, so as to reach the aim that check the validity of node source address.
SAVI function includes ND Snooping function, DHCPv6 Snooping function and RA Snooping
according to the protocol packet type. ND Snooping function is used to detect ND protocol packet,
it sets IPv6 address binding obtained by nodes with the stateless address configuration. DHCPv6
Snooping function is used to detect DHCPv6 protocol packet, it sets IPv6 address binding obtained
by nodes with the stateful address configuration. RA Snooping function is used to avoid the lawless
node sending the spurious RA packet.
57.2 SAVI Configuration
SAVI configuration task list:
1. Enable or disable SAVI function
2. Enable or disable application scene function for SAVI
3. Configure SAVI binding function
4. Configure the global max-dad-delay for SAVI
5. Configure the global max-dad-prepare-delay for SAVI
6. Configure the global max-slaac-life for SAVI
7. Configure the lifetime period for SAVI bind-protect
8. Enable or disable SAVI prefix check function
370
To Next Page
Loading...
General