No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Command Reference

S7700 and S9700 V200R011C10

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
SAVI Configuration Commands

SAVI Configuration Commands

Command Support

Commands provided in this section and all the parameters in the commands are supported by all switch models by default, unless otherwise specified. For details, see specific commands.

savi max dad-delay

Function

The savi max dad-delay command sets the time for listening to an NA packet responding to address conflicts.

The undo savi max dad-delay command restores the default setting.

By default, the time for listening to an NA packet responding to address conflicts is 2 seconds.

Format

savi max dad-delay value

undo savi max dad-delay

Parameters

Parameter Description Value
value Specifies the time for listening to an NA packet responding to address conflicts. The value is an integer that ranges from 1 to 100, in seconds.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The savi max dad-delay command is applicable only for SLAAC-Only scenarios and DHCPv6+SLAAC scenarios.

  • In SLAAC-Only scenarios:

    When obtaining an IP address in SLAAC mode, an ND client generates the IPv6 address based on the prefix in the RA packet. After the IPv6 address is generated, the ND client sends an NS packet to check whether duplicate addresses exist on the network. When detecting the NS packet in the DAD process from the ND client, the device generates an ND snooping entry, sets the entry to the detect state, and listens to the mapping NA packet.

    • If a mapping NA packet is detected in the configured listening period, IPv6 address conflict occurs and the device deletes this ND snooping entry.
    • If no mapping NA packet is detected in the configured listening period, the IPv6 address is available and the device sets the ND snooping entry to the bound state. The device deletes the ND snooping entry only when the entry ages out. If automatic user status detection for users mapping ND snooping dynamic binding entries is enabled using the nd user-bind detect enable command on the device, and no NA packet is returned from the user after NS packets are sent for times configured using the nd user-bind detect retransmit retransmit-times interval retransmit-interval command, the device considers the user to be offline and deletes the mapping ND snooping entry.
  • In DHCPv6+SLAAC scenarios:

    • The procedure for processing packets by SAVI in SLAAC mode is the same as that in SLAAC-Only scenarios.

    • When obtaining an IP address in DHCPv6 mode, a DHCPv6 client may send an NS packet to check whether duplicate addresses exist on the network. When detecting the NS packet in the DAD process from the DHCPv6 client, the device sets the mapping DHCPv6 snooping entry to the detect state, and listens to the mapping NA packet.

      • If a mapping NA packet is detected in the configured listening period, IPv6 address conflict occurs and the device deletes this DHCPv6 snooping entry.
      • If no mapping NA packet is detected in the configured listening period, the IPv6 address is available and the device sets the DHCPv6 snooping entry to the bound state.

      When the DHCPv6 Snooping entry is in detection state, the device deletes this entry after detecting the NA packets within the time of listening on NA packets with response address conflicts. When the DHCPv6 Snooping entry is in bound state, the device deletes this entry after detecting the DHCPv6 Decline or DHCPv6 Release packets sent from the DHCPv6 clients.

Prerequisites

The SAVI function has been enabled using the savi enable command.

Precautions

This command is used together with ND snooping and DHCPv6 snooping.

Example

# Set the time for listening to an NA packet responding to address conflicts to 5 seconds.

<HUAWEI> system-view
[HUAWEI] savi enable 
[HUAWEI] savi max dad-delay 5
Related Topics

savi max dad-prepare-delay

Function

The savi max dad-prepare-delay command sets the time for listening to the duplicate address detection performed by the DHCPv6 client.

The undo savi max dad-prepare-delay command restores the default setting.

By default, the time for listening to the duplicate address detection performed by the DHCPv6 client is 2 seconds.

Format

savi max dad-prepare-delay value

undo savi max dad-prepare-delay

Parameters

Parameter Description Value
value Specifies the time for listening to the duplicate address detection performed by the DHCPv6 client. The value is an integer that ranges from 1 to 100, in seconds.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The savi max dad-prepare-delay command is applicable only for DHCPv6-Only scenarios and DHCPv6+SLAAC scenarios.

After detecting that the DHCPv6 client obtains the IPv6 address, the device detects whether the DHCPv6 client sends an NS packet for duplicate address detection.

  • In DHCPv6-Only scenarios:
    • If no NS packet in the DAD process is detected in the configured listening period, the device sets the DHCPv6 snooping entry to the bound state. It indicates that the DHCPv6 does not perform the duplicate address detection on the obtained IPv6 address or no duplicate IPv6 address exists.
    • If an NS packet in the DAD process is detected in the configured listening period, the device does not change the status of the mapping DHCPv6 snooping entry. The device sets the DHCPv6 snooping entry to the bound state only when the listening period expires.

    In DHCPv6-Only scenarios, when detecting the DHCPv6 Decline packet or DHCPv6 Release packet from the DHCPv6 client, the device deletes the corresponding DHCPv6 snooping entry.

  • In DHCPv6+SLAAC scenarios:
    • If no NS packet in the DAD process is detected in the configured listening period, the device sets the DHCPv6 snooping or ND snooping entry to the bound state. It indicates that the client does not perform the duplicate address detection on the obtained IPv6 address or no duplicate IPv6 address exists, and the client can use this IPv6 address.
    • If an NS packet in the DAD process is detected in the configured listening period, the device sets the mapping DHCPv6 snooping or ND snooping entry to the detection state, and listens to the mapping NA packet. For the listening method, see savi max dad-delay.

Prerequisites

The SAVI function has been enabled using the savi enable command.

Precautions

This command is used together with ND snooping and DHCPv6 snooping.

Example

# Set the time for listening to the duplicate address detection performed by the DHCPv6 client to 5 seconds.

<HUAWEI> system-view
[HUAWEI] savi enable 
[HUAWEI] savi max dad-prepare-delay 5
Related Topics

savi max-binding-table

Function

The savi max-binding-table command sets the maximum number of SAVI binding entries on an interface.

The undo savi max-binding-table command restores the default maximum number of SAVI binding entries on an interface.

By default, the maximum number of SAVI binding entries is the same as the number of binding entries supported by the device.

Format

savi max-binding-table max-number

undo savi max-binding-table

Parameters

Parameter

Description

Value

max-number

Specifies the maximum number of SAVI binding entries on an interface.

The value is an integer that varies depending on product models.

Views

Ethernet interface view, GE interface view, XGE interface view, 40GE interface view, 100GE interface view, Eth-Trunk interface view, port group view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

An SAVI binding table is a set of the ND snooping binding table and DHCPv6 snooping binding table. When the sum of ND snooping binding entries and DHCPv6 snooping binding entries on an interface reaches the configured maximum number of SAVI binding entries, subsequent users cannot connect to the network. After the maximum number of SAVI binding entries is set, the device does not process many ND packets and DHCPv6 packets with invalid source addresses to defend against attacks.

Prerequisites

Ensure that SAVI has been enabled globally using the savi enable command.

Example

# Set the maximum number of SAVI binding entries on the GE1/0/1 to 8.

<HUAWEI> system-view
[HUAWEI] savi enable
[HUAWEI] interface gigabitethernet 1/0/1
[HUAWEI-GigabitEthernet1/0/1] savi max-binding-table 8
Related Topics

savi enable

Function

The savi enable command enables the SAVI function.

The undo savi enable command disables the SAVI function.

By default, the SAVI function is disabled.

Format

savi enable

undo savi enable

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After the SAVI function is enabled, the device checks the validity of the source addresses in the ND, DHCPv6, and IPv6 data packets based on the bindings between IP addresses and ports and filters out invalid packets. The bindings between IP addresses and ports are generated based on ND snooping and DHCPv6 snooping.

Precautions

The SAVI function must be used together with ND snooping, DHCPv6 snooping, or IP source guard.

After the SAVI function is enabled, only when both ND snooping and IP source guard are enabled or both DHCPv6 snooping and IP source guard are enabled on an interface, the device checks the validity of the source addresses in IPv6 data packets received on this interface.

Example

# Enable the SAVI function.

<HUAWEI> system-view
[HUAWEI] savi enable
Translation
Download
Updated: 2019-10-18

Document ID: EDOC1000178288

Views: 29375

Downloads: 109

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next