HP 3600 v2 Series Security Configuration Manual page 385

Packet check principles
Switch B checks DHCPv6 protocol packets from DHCPv6 clients against link-local address ND snooping
entries; checks ND protocol packets against link-local address ND snooping entries, DHCPv6 snooping
entries, and static binding entries; and checks the IPv6 data packets from the clients against dynamic
binding entries (including link-local address ND snooping entries and DHCPv6 snooping entries)
applied on the interfaces connected to the clients and against static binding entries. The items to be
examined include MAC address, IPv6 address, VLAN information, and ingress port.
Configuration procedure
# Enable SAVI.
<SwitchB> system-view
[SwitchB] ipv6 savi strict
# Enable IPv6.
[SwitchB] ipv6
# Globally enable DHCPv6 snooping.
[SwitchB] ipv6 dhcp snooping enable
# Assign interfaces Ethernet 1/0/1, Ethernet 1/0/2, and Ethernet 1/0/3 to VLAN 2.
[SwitchB] vlan 2
[SwitchB-vlan2] port ethernet 1/0/1 ethernet 1/0/2 ethernet 1/0/3
# Enable DHCPv6 snooping in VLAN 2.
[SwitchB-vlan2] ipv6 dhcp snooping vlan enable
[SwitchB] quit
# Configure interface Ethernet 1/0/1 as a DHCP snooping trusted port.
[SwitchB] interface ethernet 1/0/1
[SwitchB-Ethernet1/0/1] ipv6 dhcp snooping trust
[SwitchB-Ethernet1/0/1] quit
# Enable link-local address ND snooping and ND detection.
[SwitchB] ipv6 nd snooping enable link-local
[SwitchB] vlan 2
[SwitchB-vlan2] ipv6 nd snooping enable
[SwitchB-vlan2] ipv6 nd detection enable
[SwitchB-vlan2] quit
# Configure the dynamic IPv6 source guard binding function on downlink ports Ethernet 1/0/2 and
Ethernet 1/0/3.
[SwitchB] interface ethernet 1/0/2
[SwitchB-Ethernet1/0/2] ipv6 verify source ipv6-address mac-address
[SwitchB-Ethernet1/0/2] quit
[SwitchB] interface ethernet 1/0/3
[SwitchB-Ethernet1/0/3] ipv6 verify source ipv6-address mac-address
[SwitchB-Ethernet1/0/3] quit
374