262
Verification
# On the device, display the information about static IPv6 source guard binding entries. The output shows
that the binding entry is configured successfully.
[Device] display user-bind ipv6
Total entries found: 1
MAC Address IP Address VLAN Interface Type
0001-0202-0202 2001::1 N/A GE1/0/1 Static_IPv6
Dynamic IPv6 source guard binding by DHCPv6 snooping
configuration example
Network requirements
As shown in Figure 82, the device connects to the host (DHCPv6 client) and the DHCPv6 server through
ports GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 respectively.
Enable DHCPv6 and DHCPv6 snooping on the device, so that the host can obtain an IP address through
the DHCPv6 server and the IPv6 IP address and the MAC address of the host can be recorded in a
DHCPv6 snooping entry.
Enable dynamic IPv6 source guard binding function on port GigabitEthernet 1/0/1 of the device to filter
packets based on DHCPv6 snooping entries, allowing only packets from a client that obtains an IP
address through the DHCP server to pass.
Figure 82 Network diagram for configuring dynamic IPv6 source guard binding by DHCPv6 snooping
Host
GE1/0/1 GE1/0/2
DHCPv6 snooping
DHCPv6 server
Device
VLAN 2
Configuration procedure
1. Configure DHCPv6 snooping
# Enable DHCPv6 snooping globally.
<Device> system-view
[Device] ipv6 dhcp snooping enable
# Enable DHCPv6 snooping in VLAN 2.
[Device] vlan 2
[Device-vlan2] ipv6 dhcp snooping vlan enable
[Device-vlan2] quit
# Configure the port connecting to the DHCP server as a trusted port.
[Device] interface gigabitethernet 1/0/2
[Device-GigabitEthernet1/0/2] ipv6 dhcp snooping trust
[Device-GigabitEthernet1/0/2] quit
2. Configure the dynamic IPv6 source guard binding function
# Configure dynamic IPv6 source guard binding of packet source IP address and MAC address on
GigabitEthernet 1/0/1 to filter packets based on the dynamically generated DHCPv6 snooping entries.
To Next Page
Loading...
Need help?
General