Chapter5ServiceConguration
lCongurationVerication
zte(cfg-router)#showipport
IpPortStatusIpAddressMaskMacAddressVlanIdIpMode
---------------------------------------------------------------
0up100.1.1.5255.255.0.000.00.00.00.00.0210dhcp
5.28DHCPv6Conguration
DHCPv6Overview
TheDynamicHostCongurationProtocolofIPv6(DHCPv6)isusedbyanetworkhostto
dynamicallyrequesthostcongurationfromaserver.
TheZXR105250seriessystemsupportsthefollowingDHCPv6functions:
lDHCPv6snoopingfunction:DHCPv6serversandclientsdonotsupport
authenticationmechanism.IllegallyandprivatelycreatedDHCPv6serversbring
confusiontoaddressallocation,gatewayandDNSparametersofsomehosts.Asa
result,thesehostscannotconnecttoexternalnetworksproperly.Inaddition,there
areproblemssuchasIPspoong,MACaddressspoonganduserIDspoongfrom
illegalclients,andDHCPv6serveraddressexhaustion.OnthebasisofDHCPv6
snooping,theOption82technologycansolvethesesecurityproblemseffectively.
lIPsourceguardfunction:BylisteningtotheDHCPv6interactionprocedurebetween
aclientandaserver,thesystemrecordstheIPaddressallocatedtotheclientbythe
server.ThesystemltersoutpacketswithothersourceIPaddressesonports,thus
preventingspoong.
ConguringDHCPv6
TheDHCPv6congurationincludesthefollowingcommands:
CommandFunction
zte(cfg)#setdhcpv6snooping{enable|disable}EnablesordisablestheDHCPv6
snoopingfunctionglobally.
zte(cfg)#setdhcpv6snooping{add|delete}port<portlist>EnablesordisablestheDHCPv6
snoopingfunctiononaport.
zte(cfg)#setdhcpv6port<portlist>{server|cascade|client}Setstheattributeofaportinthe
DHCPv6snoopingfunction.
zte(cfg)#setdhcpv6ip-source-guard{add|delete}port
<portlist>
Enablesordisablesthe
ip-source-guardfunctionona
port.
zte(cfg)#setdhcpv6option18{enable|disable}EnablesordisablestheDHCPv6
Option18functionglobally.
zte(cfg)#setdhcpv6option18{add|delete}port<portlist>EnablesordisablestheDHCPv6
Option18functiononaport.
5-101
SJ-20131111172707-002|2013-11-27(R1.0)ZTEProprietaryandCondential
To Next Page
Loading...
