Configuration Guide DHCPv6 Snooping Configuration
Figure 2 Network protected through DHCPv6 Snooping
As shown in Figure 2, DHCPv6 Snooping prevents abnormal packet attacks from the forged DCHP
server and illegal DHCP clients in a untrusted network.
Furthermore, the snooping packet result is generated and applied. If the DHCPv6 server allocates
IPv6 prefix, a user entry is formed based on the information like the allocated IPv6 prefix, user MAC
address, port where the user is located in, ID of the VLAN the user belongs to, and lease period, and
thus the DHCPv6 Snooping prefix database is generated. If the DHCPv6 server allocates IPv6
address, a user entry is formed based on the information like the allocated IPv6 address, user MAC
address, port where the user is located in, ID of the VLAN the user belongs to, and lease period, and
thus the DHCPv6 Snooping binding database is generated.
Basic Concepts
Trusted port
Since the DHCPv6 clients may send request messages in multicast form, the illegal DHCPv6 server
in the network will influence the normal DHCPv6 interaction process. To prevent illegal server, ports
fall into two types-trusted port and untrusted port. All ports are untrusted ports by default. Devices
To Next Page
Loading...
