Dynamic IPv6SG using DHCPv6 snooping configuration example
Network requirements
As shown in Figure 200, the host (the DHCPv6 client) obtains an IP address from the DHCPv6 server. Perform the following tasks:
Enable DHCPv6 snooping on the device to make sure the DHCPv6 client obtains an IPv6 address from the authorized DHCPv6 server. To generate DHCP snooping entries for the DHCP clients, enable recording of client information in DHCPv6 snooping entries.
Enable dynamic IPv6SG on GigabitEthernet 1/0/1 to filter incoming packets by using the IPv6SG bindings generated based on DHCPv6 snooping entries. Only packets from the DHCPv6 client are allowed to pass.
Figure 195: Network diagram
Configuration procedure
Configure DHCPv6 snooping:
# Enable DHCPv6 snooping globally.
<Device> system-view [Device] ipv6 dhcp snooping enable
# Configure GigabitEthernet 1/0/2 as a trusted interface.
[Device] interface gigabitethernet 1/0/2 [Device-GigabitEthernet1/0/2] ipv6 dhcp snooping trust [Device-GigabitEthernet1/0/2] quit
Enable IPv6SG:
# Enable IPv6SG on GigabitEthernet 1/0/1 and verify the source IP address and MAC address for dynamic IPv6SG.
[Device] interface gigabitethernet 1/0/1 [Device-GigabitEthernet1/0/1] ipv6 verify source ip-address mac-address
# Enable recording of client information in DHCPv6 snooping entries on GigabitEthernet 1/0/1.
[Device-GigabitEthernet1/0/1] ipv6 dhcp snooping binding record [Device-GigabitEthernet1/0/1] quit
Verifying the configuration
# Verify that a dynamic IPv6SG binding is generated based on a DHCPv6 snooping entry.
[Device] display ipv6 source binding dhcpv6-snooping Total entries found: 1 IPv6 Address MAC Address Interface VLAN Type 2001::1 040a-0000-0001 GE1/0/1 1 DHCPv6 snooping