Configuration Guide DHCPv6 Snooping Configuration
forward the DHCPv6 server’s reply message from trusted ports and discard the DHCPv6 server’s
reply message from untrusted ports.
Hence, the port connected to the legal DHCPv6 server is set to trusted port and other ports are set
to untrusted ports to shield illegal DHCPv6 server.
As specified in RFC3315 and RFC5007 and other protocols, the DHCPv6 reply message falls into
the following types-ADVERTISE, REPLY, RECONFIGURE, RELAY-REPLY,
LEASEQUERY-REPLY, LEASEQUERY-DATA and LEASEQUERY-DONE, which are filtered on
untrusted ports.
IPv6 source guard
IPv6 source guard is equivalent to adding a hardware ACL entry on a port, which filters all IPv6
packets sent over the port (except for DHCPv6 packet). After a user applies an IPv6 address
through DHCPv6 interaction or administrator manually adds a static binding entry, a hardware ACL
entry is added on the port that allows the user to do IPv6 communication through this address.
Once IPv6 source guard is enabled, all IPv6 packets will not be forwarded by
default. To enable communication through local link address, configure security
channel and associate with corresponding ACL. For details, refer to ACL
Configuration Guide.
Protocol Standards
Related protocol standards:
RFC3315 Dynamic Host Configuration Protocol For Ipv6
RFC5007 DHCPv6 Lease query
Configuration
Basic DHCPv6 Snooping features include:
Default DHCPv6 Snooping configuration
(Mandatory) Enable/disable DHCPv6 Snooping globally
(Optional) Enable/disable DHCPv6 Snooping by VLAN
(Optional) Write the bound database into Flash file periodically
(Optional) Write the bound database into Flash file in real time
(Optional) Manually add static binding entry
(Mandatory) Configure the trust attribute of a port
(Optional) Filter DHCPv6 request messages on the port
(Optional) Enable/disable IPv6 source guard
(Optional) Ignore the failure to look up the destination port
(Optional) Clear the dynamically bound entries when the port is down
(Optional) Add the bound entry to the hardware filtering table lingeringly
To Next Page
Loading...
