Chapter 9
| General Security Measures
DHCPv6 Snooping
– 324 –
Example
This example enables DHCPv6 snooping globally for the switch.
Console(config)#ipv6 dhcp snooping
Console(config)#
Related Commands
ipv6 dhcp snooping vlan (326)
ipv6 dhcp snooping trust (327)
ipv6 dhcp snooping
option remote-id
This command enables the insertion of remote-id option 37 information into
DHCPv6 client messages. Remote-id option information such as the port attached
to the client, DUID, and VLAN ID is used by the DHCPv6 server to assign
preassigned configuration data specific to the DHCPv6 client. Use the no form of
the command to disable this function.
Syntax
[no] ipv6 dhcp snooping option remote-id
Default Setting
Disabled
Command Mode
Global Configuration
Command Usage
◆ DHCPv6 provides a relay mechanism for sending information about the switch
and its DHCPv6 clients to the DHCPv6 server. Known as DHCPv6 Option 37, it
allows compatible DHCPv6 servers to use the information when assigning IP
addresses, or to set other services or policies for clients.
◆ When DHCPv6 Snooping Information Option 37 is enabled, the requesting
client (or an intermediate relay agent that has used the information fields to
describe itself) can be identified in the DHCPv6 request packets forwarded by
the switch and in reply packets sent back from the DHCPv6 server.
◆ When the DHCPv6 Snooping Option 37 is enabled, clients can be identified by
the switch port to which they are connected rather than just their MAC address.
DHCPv6 client-server exchange messages are then forwarded directly between
the server and client without having to flood them to the entire VLAN.
◆ DHCPv6 snooping must be enabled for the DHCPv6 Option 37 information to
be inserted into packets. When enabled, the switch will either drop, keep or
remove option 37 information in incoming DHCPv6 packets. Packets are
processed as follows:
To Next Page
Loading...
