Chapter 9
| General Security Measures
DHCPv6 Snooping
– 352 –
information can be useful in tracking an IP address back to a physical port. This
section describes commands used to configure DHCPv6 snooping.
ipv6 dhcp snooping This command enables DHCPv6 snooping globally. Use the no form to restore the
default setting.
Syntax
[no] ipv6 dhcp snooping
Default Setting
Disabled
Command Mode
Global Configuration
Command Usage
â—† Network traffic may be disrupted when malicious DHCPv6 messages are
received from an outside source. DHCPv6 snooping is used to filter DHCPv6
messages received on an unsecure interface from outside the network or fire
wall. When DHCPv6 snooping is enabled globally by this command, and
enabled on a VLAN interface by the ipv6 dhcp snooping vlan command, DHCP
messages received on an untrusted interface (as specified by the no ipv6 dhcp
snooping trust command) from a device not listed in the DHCPv6 snooping
table will be dropped.
Table 60: DHCP Snooping Commands
Command Function Mode
ipv6 dhcp snooping Enables DHCPv6 snooping globally GC
ipv6 dhcp snooping option
remote-id
Enables insertion of DHCPv6 Option 37 relay agent
remote-id
GC
ipv6 dhcp snooping option
remote-id policy
Sets the information option policy for DHCPv6 client
packets that include Option 37 information
GC
ipv6 dhcp snooping vlan Enables DHCPv6 snooping on the specified VLAN GC
ipv6 dhcp snooping
max-binding
Sets the maximum number of entries which can be
stored in the binding database for an interface
IC
ipv6 dhcp snooping trust Configures the specified interface as trusted IC
clear ipv6 dhcp snooping
binding
Clears DHCPv6 snooping binding table entries from RAM PE
clear ipv6 dhcp snooping
statistics
Clears statistical counters for DHCPv6 snooping
client, server and relay packets
PE
show ipv6 dhcp snooping Shows the DHCPv6 snooping configuration settings PE
show ipv6 dhcp snooping
binding
Shows the DHCPv6 snooping binding table entries PE
show ipv6 dhcp snooping
statistics
Shows statistics for DHCPv6 snooping client, server and
relay packets
PE
To Next Page
Loading...
Need help?
General