Example for Configuring LDRA to Detect Client Locations
Networking Requirements
As shown in Figure 1, the R&D department and marketing department of a company connect to the Internet through the Switch and obtain IPv6 addresses using DHCPv6. The company requires that the DHCPv6 server assigns different IP addresses, access control policies, and QoS policies to the clients in different departments.
Configuration Roadmap
- Enable DHCP snooping.
- Enable LDRA. After LDRA is enabled on the Switch, the Switch can forward the client location information to the DHCPv6 server, and the DHCPv6 server can assign corresponding policies to the clients.
Procedure
- Create a VLAN and configure interfaces.
# Create VLAN 10 on the Switch.
<HUAWEI> system-view [HUAWEI] sysname Switch [Switch] vlan batch 10
# Add interfaces GE0/0/1, GE0/0/2, and GE0/0/3 to VLAN 10.
[Switch] interface gigabitethernet 0/0/1 [Switch-GigabitEthernet0/0/1] port link-type access [Switch-GigabitEthernet0/0/1] port default vlan 10 [Switch-GigabitEthernet0/0/1] quit [Switch] interface gigabitethernet 0/0/2 [Switch-GigabitEthernet0/0/2] port link-type access [Switch-GigabitEthernet0/0/2] port default vlan 10 [Switch-GigabitEthernet0/0/2] quit [Switch] interface gigabitethernet 0/0/3 [Switch-GigabitEthernet0/0/3] port link-type trunk [Switch-GigabitEthernet0/0/3] port trunk allow-pass vlan 10 [Switch-GigabitEthernet0/0/3] quit
- Enable DHCP snooping.
# Enable DHCP snooping globally.
[Switch] dhcp enable [Switch] dhcp snooping enable
# Enable DHCP snooping on the user-side interfaces.
[Switch] interface gigabitethernet 0/0/1 [Switch-GigabitEthernet0/0/1] dhcp snooping enable [Switch-GigabitEthernet0/0/1] quit [Switch] interface gigabitethernet 0/0/2 [Switch-GigabitEthernet0/0/2] dhcp snooping enable [Switch-GigabitEthernet0/0/2] quit
# Set the status of the interface connecting to the DHCPv6 server to Trusted.
[Switch] interface gigabitethernet 0/0/3 [Switch-GigabitEthernet0/0/3] dhcp snooping trusted [Switch-GigabitEthernet0/0/3] quit
- Enable the LDRA.
# Enable the LDRA in VLAN 10.
[Switch] vlan 10 [Switch-vlan10] dhcpv6 snooping relay-information enable
# Disable the interfaces in VLAN 10 from generating DHCP snooping binding entries. After DHCP snooping is enabled, the interfaces will not restrict the number of online users.
[Switch-vlan10] dhcp snooping enable no-user-binding Warning: To execute no-user-binding will delete all dynamic binding table with the same vlan. Continue? [Y/N]y [Switch-vlan10] quit
- Verify the configuration.
# Run the display dhcp snooping configuration command to verify the LDRA configuration.
[Switch] display dhcp snooping configuration # dhcp snooping enable # vlan 10 dhcp snooping enable no-user-binding dhcpv6 snooping relay-information enable # interface GigabitEthernet0/0/1 dhcp snooping enable # interface GigabitEthernet0/0/2 dhcp snooping enable # interface GigabitEthernet0/0/3 dhcp snooping trusted #
Configuration Files
Switch configuration file
# sysname Switch # vlan batch 10 # dhcp enable # dhcp snooping enable # vlan 10 dhcp snooping enable no-user-binding dhcpv6 snooping relay-information enable # interface GigabitEthernet0/0/1 port link-type access port default vlan 10 dhcp snooping enable # interface GigabitEthernet0/0/2 port link-type access port default vlan 10 dhcp snooping enable # interface GigabitEthernet0/0/3 port link-type trunk port trunk allow-pass vlan 10 dhcp snooping trusted # return