(Optional) Configuring a Policy for Checking Invalid IPv6 Packets

Context

The policy for checking IPv6 packets based on the DHCPv6 snooping binding table can be classified as a discard policy or forward policy.

• Discard policy: If no matching entry is found in the DHCPv6 snooping binding table based on the source IPv6 address, prefix, VLAN ID, and VPN information in an IPv6 packet, the IPv6 packet is discarded. If a matching entry is found in the DHCPv6 snooping binding table based on the source IPv6 address, prefix, VLAN ID, and VPN information in the IPv6 packet but the source MAC address and interface information in the IPv6 packet do not match this entry, the IPv6 packet is also discarded.
• Forward policy: If no matching entry is found in the DHCPv6 snooping binding table based on the source IPv6 address, prefix, VLAN ID, and VPN information in an IPv6 packet, the packet can be properly forwarded. If a matching entry is found in the DHCPv6 snooping binding table based on the source IPv6 address, prefix, VLAN ID, and VPN information in the IPv6 packet but the source MAC address and interface information in the IPv6 packet do not match this entry, the IPv6 packet is discarded.

Procedure

• Configure a policy for checking invalid IPv6 packets in the system view.
  1. Run system-view

     The system view is displayed.

  2. Run dhcpv6 snooping nomatch-packet ipv6 action forward

     A forward policy is configured for checking IPv6 packets based on the DHCPv6 snooping binding table.

  3. Run commit

     The configuration is committed.

• Configure a policy for checking invalid IPv6 packets in the interface view.
  1. Run system-view

     The system view is displayed.

  2. Run interface interface-type interface-number

     The interface view is displayed.

  3. Run dhcpv6 snooping nomatch-packet ipv6 action forward

     A forward policy is configured for checking IPv6 packets based on the DHCPv6 snooping binding table on the interface.

  4. Run commit

     The configuration is committed.