Savi Configuration In Dhcpv6-Only Address Assignment Scenario - HP 5120 SI Series Security Configuration Manual

To do...
Set the time to wait for a
DAD NS from a DHCPv6
client
SAVI configuration in DHCPv6-only address
assignment scenario
Network requirements
Figure 113 Network diagram
GE1/0/1
GE1/0/2
DHCPv6 client
As shown in
interface GigabitEthernet 1/0/1, and connects to two DHCPv6 clients through interfaces
GigabitEthernet 1/0/2 and GigabitEthernet 1/0/3. The three interfaces of Switch B belong to VLAN 2.
The client can obtain IP address only through DHCPv6. Configure SAVI on Switch B to automatically bind
the IP addresses assigned through DHCPv6 and permit only packets from bound addresses and link-local
addresses.
Configuration considerations
Configure Switch B as follows:
Enable SAVI.
•
Enable DHCPv6 snooping. For more information about DHCPv6 snooping, see Layer 3—IP
•
Services Configuration Guide.
• Enable link-local address ND snooping. For more information about ND snooping, see Layer 3—IP
Services Configuration Guide.
Enable ND detection in VLAN 2 to check the ND packets arrived on the ports. For more information
•
about ND detection, see the chapter "ND attack defense configuration."
Use the command...
ipv6 savi dad-preparedelay
value
Switch A
DHCPv6 server
Switch B
GE1/0/3
DHCPv6 client
Figure 1 18, Switch A is the DHCPv6 server. Switch B connects to the DHCPv6 server through
Remarks
Optional
One second by default.
This command is used with the DHCPv6
snooping function. After DHCPv6 snooping
detects that a client obtains an IPv6 address, it
monitors whether the client detects IP address
conflict. If DHCPv6 snooping does not receive
any DAD NS from the client before the set
time expires, SAVI sends a DAD NS on behalf
of the client.
326