Example: Configuring DHCPv6 snooping-based dynamic IPv6SG prefix bindings
Network configuration
As shown in Figure 156, the host (the DHCPv6 client) obtains an IPv6 prefix from the DHCPv6 server. Perform the following tasks:
Enable DHCPv6 snooping on the device to make sure the DHCPv6 client obtains an IPv6 prefix from the authorized DHCPv6 server. To generate a DHCPv6 snooping prefix entry for the DHCPv6 client, enable recording IPv6 prefix information in DHCPv6 snooping entries.
Enable dynamic IPv6SG on HundredGigE 1/0/1 to filter incoming packets by using the IPv6SG bindings generated based on DHCPv6 snooping prefix entries. Only packets from the DHCPv6 client are allowed to pass.
Figure 156: Network diagram
Procedure
Configure DHCPv6 snooping.
# Enable DHCPv6 snooping globally.
<Device> system-view [Device] ipv6 dhcp snooping enable
# Configure HundredGigE 1/0/2 as a trusted interface.
[Device] interface hundredgige 1/0/2 [Device-HundredGigE1/0/2] ipv6 dhcp snooping trust [Device-HundredGigE1/0/2] quit
# Enable recording DHCPv6 snooping prefix entries on HundredGigE 1/0/1.
[Device] interface hundredgige 1/0/1 [Device-HundredGigE1/0/1] ipv6 dhcp snooping pd binding record
Enable IPv6SG.
# Enable IPv6SG on HundredGigE 1/0/1 and verify the source IP address and MAC address for dynamic IPv6SG.
[Device-HundredGigE1/0/1] ipv6 verify source ip-address mac-address [Device-HundredGigE1/0/1] quit
Verifying the configuration
# Display dynamic IPSGv6 bindings generated based on DHCPv6 snooping entries.
[Device] display ipv6 source binding pd Total entries found: 1 IPv6 prefix MAC address Interface VLAN 2001:410:1::/48 0010-9400-0004 HGE1/0/1 1
HundredGigE 1/0/1 will filter packets based on the IPSGv6 binding.