Packet Check Principles; Configuration Procedure - HP 5500 HI Series Configuration Manual
Security
Hide thumbs
Also See for 5500 HI Series:
- Installation manual (72 pages) ,
- Compliance and safety manual (62 pages) ,
- Quickspecs (35 pages)
Table of Contents
Advertisement
4.
Configure a static IPv6 source guard binding entry on each interface connected to a host. This step
is optional. If this step is not performed, SAVI does not check packets against static binding entries.
For more information about static IPv6 source guard binding entries, see
guard."
5.
Configure dynamic IPv6 source guard binding on the interfaces connected to the hosts. For more
information about dynamic IPv6 source guard binding, see
6.
Enable DHCPv6 snooping and leave the interface connected to the gateway as its default status
(non-trusted port) so that the hosts cannot obtain IP addresses through DHCPv6. For more
information about DHCPv6 snooping, see Layer 3—IP Services Configuration Guide.
Packet check principles
Switch B checks ND protocol packets against ND snooping entries and static binding entries, and checks
the IPv6 data packets from the hosts against dynamic binding entries (including ND snooping entries)
applied on the interfaces connected to the hosts and against static binding entries. The items to be
examined include MAC address, IPv6 address, VLAN information, and ingress port.
Configuration procedure
# Enable SAVI.
<SwitchB> system-view
[SwitchB] ipv6 savi strict
# Enable IPv6.
[SwitchB] ipv6
# Assign GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 to VLAN 10.
[SwitchB] vlan 10
[SwitchB-vlan10] port gigabitethernet 1/0/1 gigabitethernet 1/0/2 gigabitethernet 1/0/3
[SwitchB-vlan10] quit
# Enable global unicast address ND snooping and link-local address ND snooping.
[SwitchB] ipv6 nd snooping enable link-local
[SwitchB] ipv6 nd snooping enable global
[SwitchB] vlan 10
[SwitchB-vlan10] ipv6 nd snooping enable
# Enable ND detection.
[SwitchB-vlan10] ipv6 nd detection enable
[SwitchB-vlan10] quit
# Enable DHCPv6 snooping.
[SwitchB] ipv6 dhcp snooping enable
# Configure uplink port GigabitEthernet 1/0/3 as an ND trusted port.
[SwitchB] interface gigabitethernet 1/0/3
[SwitchB-GigabitEthernet1/0/3] ipv6 nd detection trust
[SwitchB-GigabitEthernet1/0/3] quit
# Configure the dynamic IPv6 source guard binding function on downlink ports GigabitEthernet 1/0/1
and GigabitEthernet 1/0/2.
[SwitchB] interface gigabitethernet 1/0/1
[SwitchB-GigabitEthernet1/0/1] ipv6 verify source ipv6-address mac-address
"Configuring IP source
414
"Configuring IP source
guard."
- Quick Links:
- Configuration Guide
- Configuring Aaa
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
