SAVI configuration in DHCPv6-only address assignment

Network requirements

As shown inFigure 133, Switch A is the DHCPv6 server. Switch B connects to the DHCPv6 server through interface GigabitEthernet 1/0/1, and connects to two DHCPv6 clients through interfaces GigabitEthernet 1/0/2 and GigabitEthernet 1/0/3. The three interfaces of Switch B belong to VLAN 2. The client can obtain IP address only through DHCPv6. Configure SAVI on Switch B to automatically bind the IP addresses assigned through DHCPv6 and permit only packets from bound addresses and link-local addresses.

Figure 133: Network diagram

Configuration considerations

Configure Switch B as follows:

Packet check principles

Switch B checks the following packets:

Configuration procedure

# Enable SAVI.

<SwitchB> system-view
[SwitchB] ipv6 savi strict

# Enable IPv6.

[SwitchB] ipv6

# Globally enable DHCPv6 snooping.

[SwitchB] ipv6 dhcp snooping enable

# Assign interfaces GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 to VLAN 2.

[SwitchB] vlan 2
[SwitchB-vlan2] port gigabitethernet 1/0/1 gigabitethernet 1/0/2 gigabitethernet 1/0/3

# Enable DHCPv6 snooping in VLAN 2.

[SwitchB-vlan2] ipv6 dhcp snooping vlan enable
[SwitchB] quit

# Configure interface GigabitEthernet 1/0/1 as a DHCP snooping trusted port.

[SwitchB] interface gigabitethernet 1/0/1
[SwitchB-GigabitEthernet1/0/1] ipv6 dhcp snooping trust
[SwitchB-GigabitEthernet1/0/1] quit

# Enable link-local address ND snooping and ND detection.

[SwitchB] ipv6 nd snooping enable link-local
[SwitchB] vlan 2
[SwitchB-vlan2] ipv6 nd snooping enable
[SwitchB-vlan2] ipv6 nd detection enable
[SwitchB-vlan2] quit

# Configure the dynamic IPv6 source guard binding function on downlink ports GigabitEthernet 1/0/2 and GigabitEthernet 1/0/3.

[SwitchB] interface gigabitethernet 1/0/2
[SwitchB-GigabitEthernet1/0/2] ipv6 verify source ipv6-address mac-address
[SwitchB-GigabitEthernet1/0/2] quit
[SwitchB] interface gigabitethernet 1/0/3
[SwitchB-GigabitEthernet1/0/3] ipv6 verify source ipv6-address mac-address
[SwitchB-GigabitEthernet1/0/3] quit