Chapter 9
| General Security Measures
DHCPv6 Snooping
– 358 –
ipv6 dhcp snooping
max-binding
This command sets the maximum number of entries which can be stored in the
binding database for an interface. Use the no form to restore the default setting.
Syntax
ipv6 dhcp snooping max-binding count
no ipv6 dhcp snooping max-binding
count - Maximum number of entries. (Range: 1-5)
Default Setting
5
Command Mode
Interface Configuration (Ethernet, Port Channel)
Example
This example sets the maximum number of binding entries to 1.
Console(config)#interface ethernet 1/1
Console(config-if)#ipv6 dhcp snooping max-binding 1
Console(config-if)#
ipv6 dhcp snooping
trust
This command configures the specified interface as trusted. Use the no form to
restore the default setting.
Syntax
[no] ipv6 dhcp snooping trust
Default Setting
All interfaces are untrusted
Command Mode
Interface Configuration (Ethernet, Port Channel)
Command Usage
â—† A trusted interface is an interface that is configured to receive only messages
from within the network. An untrusted interface is an interface that is
configured to receive messages from outside the network or fire wall.
â—† Set all ports connected to DHCv6 servers within the local network or fire wall to
trusted, and all other ports outside the local network or fire wall to untrusted.
â—† When DHCPv6 snooping is enabled globally using the ipv6 dhcp snooping
command, and enabled on a VLAN with ipv6 dhcp snooping vlan command,
DHCPv6 packet filtering will be performed on any untrusted ports within the
To Next Page
Loading...
Need help?
General