Example: Configuring DHCPv6 snooping-based dynamic IPv6SG address bindings
Network configuration
As shown in Figure 155, the host (the DHCPv6 client) obtains an IP address from the DHCPv6 server. Perform the following tasks:
Enable DHCPv6 snooping on the device to make sure the DHCPv6 client obtains an IPv6 address from the authorized DHCPv6 server. To generate a DHCPv6 snooping entry for the DHCPv6 client, enable recording of client information in DHCPv6 snooping entries.
Enable dynamic IPv6SG on HundredGigE 1/0/1 to filter incoming packets by using the IPv6SG bindings generated based on DHCPv6 snooping entries. Only packets from the DHCPv6 client are allowed to pass.
Figure 155: Network diagram
Procedure
Configure DHCPv6 snooping:
# Enable DHCPv6 snooping globally.
<Device> system-view [Device] ipv6 dhcp snooping enable
# Configure HundredGigE 1/0/2 as a trusted interface.
[Device] interface hundredgige 1/0/2 [Device-HundredGigE1/0/2] ipv6 dhcp snooping trust [Device-HundredGigE1/0/2] quit
Enable IPv6SG:
# Enable IPv6SG on HundredGigE 1/0/1 and verify the source IP address and MAC address for dynamic IPv6SG.
[Device] interface hundredgige 1/0/1 [Device-HundredGigE1/0/1] ipv6 verify source ip-address mac-address
# Enable recording of client information in DHCPv6 snooping entries on HundredGigE 1/0/1.
[Device-HundredGigE1/0/1] ipv6 dhcp snooping binding record [Device-HundredGigE1/0/1] quit
Verifying the configuration
# Display dynamic IPSGv6 bindings generated based on DHCPv6 snooping entries.
[Device] display ipv6 source binding dhcpv6-snooping Total entries found: 1 IPv6 Address MAC Address Interface VLAN Type 2001::1 040a-0000-0001 HGE1/0/1 1 DHCPv6 snooping
HundredGigE 1/0/1 will filter packets based on the IPSGv6 binding.