375
SAVI configuration in SLAAC-only address
assignment scenario
Network requirements
Figure 145 Network diagram
Switch A
Switch B
Host A Host B
Eth1/0/3
Vlan-int10
10::1
Gateway
Eth1/0/1
Eth1/0/3
Eth1/0/2
VLAN 10
10::6
0001-0203-0607
10::5
0001-0203-0405
Internet
As shown in Figure 145, Switch A serves as the gateway. Switch B connects Host A and Host B. The hosts
can obtain IPv6 addresses only through SLAAC. Configure SAVI on Switch B to bind the addresses
assigned through SLAAC and permit only packets from the bound addresses.
Configuration considerations
Configure Switch B as follows:
• Enable SAVI.
• Enable global unicast address ND snooping and link-local address ND snooping. For more
information about ND snooping, see Layer 3—IP Services Configuration Guide.
• Enable ND detection in VLAN 10 to check the ND packets arrived on the ports. For more
information about ND detection, see the chapter “ND attack defense configuration.”
• Configure a static IPv6 source guard binding entry on each interface connected to a host. This step
is optional. If this step is not performed, SAVI does not check packets against static binding entries.
For more information about static IPv6 source guard binding entries, see the chapter “IP source
guard configuration.”
• Configure dynamic IPv6 source guard binding on the interfaces connected to the hosts. For more
information about dynamic IPv6 source guard binding, see the chapter “IP source guard
configuration.”
To Next Page
Loading...
Need help?
General