Manualshelf

R0106-HP MSR Router Series Security Configuration Guide(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR4060 Router Chassis
411412413414415416417418419420
400
Figure 118 Network diagram
Configuration procedure
# Enable IPv6 source guard on GigabitEthernet 2/1/1.
<Device> system-view
[Device] interface gigabitethernet 2/1/1
[Device-GigabitEthernet2/1/1] ipv6 verify source ip-address mac-address
# On GigabitEthernet 2/1/1, configure a static IPv6 source guard binding entry for the host.
[Device-GigabitEthernet2/1/1] ipv6 source binding ip-address 2001::1 mac-address
0001-0202-0202
[Device-GigabitEthernet2/1/1] quit
Verifying the configuration
# Display static IPv6 source guard binding entries on the device. The output shows that a static IPv6
source guard binding entry is configured successfully.
[Device] display ipv6 source binding static
Total entries found: 1
IPv6 Address MAC Address Interface VLAN Type
2001::1 0001-0202-0202 GE2/1/1 N/A Static
Dynamic IPv6 source guard using DHCPv6 snooping
configuration example
Network requirements
As shown in Figure 119:
Enable DHCPv6 snooping on the device to record the IPv6 address and the MAC address of the
host in a DHCPv6 snooping entry.
Enable dynamic IPv6 source guard on GigabitEthernet 2/1/1 to filter received packets based on
DHCPv6 snooping entries. Only packets from the client that obtains an IP address from the DHCPv6
server are allowed to pass.
Figure 119 Network diagram
Configuration procedure
1. Configure DHCPv6 snooping:
# Enable DHCPv6 snooping globally.
<Device> system-view