Savi Configuration In Slaac-Only Address Assignment Scenario; Network Requirements; Configuration Considerations - H3C S5120-HI Security Configuration Manual
Hide thumbs
Also See for S5120-HI:
- Installation manual (76 pages) ,
- Configuration manual (20 pages) ,
- Compliance and safety manual (20 pages)
Table of Contents
Advertisement
[SwitchB] interface gigabitethernet 1/0/2
[SwitchB-GigabitEthernet1/0/2] ipv6 verify source ipv6-address mac-address
[SwitchB-GigabitEthernet1/0/2] quit
[SwitchB] interface gigabitethernet 1/0/3
[SwitchB-GigabitEthernet1/0/3] ipv6 verify source ipv6-address mac-address
[SwitchB-GigabitEthernet1/0/3] quit
SAVI configuration in SLAAC-only address
assignment scenario
Network requirements
Figure 99 Network diagram
Switch A
Switch B
Host A
10::5
0001-0203-0405
As shown in
can obtain IPv6 addresses only through SLAAC. Configure SAVI on Switch B to bind the addresses
assigned through SLAAC and permit only packets from the bound addresses.
Configuration considerations
Configure Switch B as follows:
Enable SAVI.
1.
Enable global unicast address ND snooping and link-local address ND snooping. For more
2.
information about ND snooping, see Layer 3—IP Services Configuration Guide.
Enable ND detection in VLAN 10 to check the ND packets arrived on the ports. For more
3.
information about ND detection, see
Internet
Gateway
GE1/0/3
Vlan-int10
10::1
VLAN 10
GE1/0/3
GE1/0/1
GE1/0/2
0001-0203-0607
Figure
99, Switch A serves as the gateway. Switch B connects Host A and Host B. The hosts
Host B
10::6
"Configuring ND attack
347
defense."
Advertisement
Table of Contents
Troubleshooting
