Savi Configuration In Dhcpv6+Slaac Address Assignment Scenario; Network Requirements; Configuration Considerations - HP 5500 HI Series Configuration Manual
Security
Hide thumbs
Also See for 5500 HI Series:
- Installation manual (72 pages) ,
- Compliance and safety manual (62 pages) ,
- Quickspecs (35 pages)
Table of Contents
Advertisement
[SwitchB-GigabitEthernet1/0/1] quit
[SwitchB] interface gigabitethernet 1/0/2
[SwitchB-GigabitEthernet1/0/2] ipv6 verify source ipv6-address mac-address
[SwitchB-GigabitEthernet1/0/2] quit
SAVI configuration in DHCPv6+SLAAC address
assignment scenario
Network requirements
Figure 137 Network diagram
As shown in
1/0/1 and connects to the DHCPv6 client through interface GigabitEthernet 1/0/3. Host A and Host B
access Gateway (Switch A) through Switch B. Interfaces GigabitEthernet 1/0/1 through GigabitEthernet
1/0/5 on Switch B belong to VLAN 2. The hosts can obtain IP addresses through DHCPv6 or SLAAC.
Configure SAVI on Switch B to permit only packets from addresses assigned through DHCPv6 and the
bound addresses assigned through SLAAC.
Configuration considerations
Configure Switch B as follows:
1.
Enable SAVI.
2.
Enable DHCPv6 snooping. For more information about DHCPv6 snooping, see Layer 3—IP
Services Configuration Guide.
3.
Enable global unicast address ND snooping and link-local address ND snooping. For more
information about ND snooping, see Layer 3—IP Services Configuration Guide.
4.
Enable ND detection in VLAN 2 to check the ND packets arrived on the ports. For more
information about ND detection, see
5.
Configure a static IPv6 source guard binding entry on each interface connected to a host. This step
is optional. If this step is not performed, SAVI does not check packets against static binding entries.
Figure
137, Switch B connects to the DHCPv6 server through interface GigabitEthernet
"Configuring ND attack
415
defense."
- Quick Links:
- Configuration Guide
- Configuring Aaa
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
