Chapter 50 savi configuration -349, Ntroduction to, Savi -349 – QTECH QSW-2800 Инструкция по настройке User Manual

Page 363: Savi, Onfiguration, Chapter 50 savi configuration, 1 introduction to savi, 2 savi configuration

Advertising
background image

+7(495) 797-3311 www.qtech.ru
Москва, Новозаводская ул., 18, стр. 1

349

Chapter 50 SAVI Configuration

50.1 Introduction to SAVI

SAVI (Source Address Validation Improvement) is a security authentication method that

provides the granularity level of the node source address. It gets the trust node information

(such as port, MAC address information), namely, anchor information by monitoring the

interaction process of the relative protocol packets (such as ND protocol, DHCPv6 protocol)

and using CPS (Control Packet Snooping) mechanism. After that, it binds the anchor

information with the node source address and sends the corresponding filter rules, allow the

packets which match the filter rules to pass only, so as to reach the aim that check the validity

of node source address.

SAVI function includes ND Snooping function, DHCPv6 Snooping function and RA Snooping

according to the protocol packet type. ND Snooping function is used to detect ND protocol

packet, it sets IPv6 address binding obtained by nodes with the stateless address

configuration. DHCPv6 Snooping function is used to detect DHCPv6 protocol packet, it sets

IPv6 address binding obtained by nodes with the stateful address configuration. RA Snooping

function is used to avoid the lawless node sending the spurious RA packet.

50.2 SAVI Configuration

SAVI configuration task list:

Enable or disable SAVI function

Enable or disable application scene function for SAVI

Configure SAVI binding function

Configure the global max-dad-delay for SAVI

Configure the global max-dad-prepare-delay for SAVI

Configure the global max-slaac-life for SAVI

Configure the lifetime period for SAVI bind-protect

Enable or disable SAVI prefix check function

Configure IPv6 address prefix for a link

Configure the filter entry number of IPv6 address

Configure the check mode for SAVI conflict binding

Enable or disable user authentication

Enable or disable DHCPv6 trust of port

Enable or disable ND trust of port

Configure the binding number

Advertising
Popular Brands
Popular manuals