225
Configuring DHCPv6 snooping
NOTE:
The feature is not supported.
DHCPv6 snooping works between the DHCPv6 client and server, or between the DHCPv6 client and
DHCPv6 relay agent. It guarantees that DHCPv6 clients obtain IP addresses from authorized DHCPv6
servers. Also, it records IP-to-MAC bindings of DHCPv6 clients (called DHCPv6 snooping entries) for
security purposes.
DHCPv6 snooping does not work between the DHCPv6 server and DHCPv6 relay agent.
Overview
DHCPv6 snooping defines trusted and untrusted ports to make sure that clients obtain IPv6 addresses
only from authorized DHCPv6 servers.
•
Trusted
—A trusted port can forward DHCPv6 messages correctly to make sure the clients get IPv6
addresses from authorized DHCPv6 servers.
•
Untrusted
—An untrusted port discards received messages sent by DHCPv6 servers to prevent
unauthorized servers from assigning IPv6 addresses.
DHCPv6 snooping reads DHCP-ACK messages received from trusted ports and DHCP-REQUEST
messages to create DHCPv6 snooping entries. A DHCPv6 snooping entry includes the MAC and IP
addresses of a client, the port that connects to the DHCPv6 client, and the VLAN. You can use the
display
ipv6
dhcp
snooping
binding
command to display the IP addresses of users for management.
Application of trusted and untrusted ports
Configure ports facing the DHCPv6 server as trusted ports, and configure other ports as untrusted ports.
As shown in
, configure the DHCPv6 snooping device's port that is connected to the DHCPv6
server as a trusted port. The trusted port forwards response messages from the DHCPv6 server to the
client. The untrusted port connected to the unauthorized DHCPv6 server discards incoming DHCPv6
response messages.
Содержание MSR 2600 Series
Страница 6: ...We appreciate your comments...
Страница 33: ...18 AC vlan1 quit...
Страница 113: ...98 Figure 41 Creating a record d On the page that appears select IPv6 Host AAAA as the resource record type...
Страница 118: ...103...
Страница 168: ...153 H323 Enabled ICMP ERROR Enabled...
Страница 170: ...155 Task Command Display FIB entries display fib vpn instance vpn instance name ip address mask mask length...