Chapter 9
| General Security Measures
DHCPv6 Snooping
– 326 –
Example
This example configures the switch to keep existing remote-id option 37
information within DHCPv6 client packets and forward it.
Console(config)#ipv6 dhcp snooping option remote-id policy keep
Console(config)#
ipv6 dhcp snooping
vlan
This command enables DHCPv6 snooping on the specified VLAN. Use the no form
to restore the default setting.
Syntax
[no] ipv6 dhcp snooping vlan {vlan-id | vlan-range}
vlan-id - ID of a configured VLAN (Range: 1-4094)
vlan-range - A consecutive range of VLANs indicated by the use a hyphen,
or a random group of VLANs with each entry separated by a comma.
Default Setting
Disabled
Command Mode
Global Configuration
Command Usage
◆ When DHCPv6 snooping enabled globally using the ipv6 dhcp snooping
command, and enabled on a VLAN with this command, DHCPv6 packet
filtering will be performed on any untrusted ports within the VLAN as specified
by the ipv6 dhcp snooping trust command.
◆ When the DHCPv6 snooping is globally disabled, DHCPv6 snooping can still be
configured for specific VLANs, but the changes will not take effect until DHCPv6
snooping is globally re-enabled.
◆ When DHCPv6 snooping is enabled globally, and then disabled on a VLAN, all
dynamic bindings learned for this VLAN are removed from the binding table.
Example
This example enables DHCP6 snooping for VLAN 1.
Console(config)#ipv6 dhcp snooping vlan 1
Console(config)#
Related Commands
ipv6 dhcp snooping (321)
ipv6 dhcp snooping trust (327)
To Next Page
Loading...
