Configure DHCPv6 snooping Basic Functions
DHCPv6 snooping basic functions include enable the DHCPv6 snooping function, configure the port trust status, and configure the number of the port DHCPv6 snooping bound entries.
Configuration Condition
None
Enable DHCPv6 snooping
After enabling the DHCPv6 snooping function, monitor the DHCPv6 packets received by all ports of the device.
- For the received DHCPv6 request packet, generate the corresponding bound entry according to the information in the packet.
- For the response packet received by the trust port, update the status and lease time of the corresponding bound entries.
- For the response packet received by the un-trust port, drop it directly.
Table 8-3 Enable DHCPv6 snooping
|
Step
|
Command
|
Description
|
|
Enter global configuration mode
|
configure terminal
|
-
|
|
Enable the DHCPv6 snooping function
|
ipv6 dhcp snooping enable
|
Either
By default, the DHCPv6 snooping function is disabled.
|
|
Enable the DHCPv6 snooping function of the specified VLAN
|
ipv6 dhcp snooping vlan vlanlist
|
Configure Port Trust Status
To prevent the DHCPv6 client from getting the address from the invalid DHCPv6 server, you can configure the port directly or indirectly connected to the valid server as the trust port.
After the port is configured as the trust port, permit the DHCPv6 response packet to be forwarded normally. Otherwise, drop the DHCPv6 response packet.
Table 8-4 Configure the port trust status
|
Step
|
Command
|
Description
|
|
Enter global configuration mode
|
configure terminal
|
-
|
|
Enter the L2 Ethernet interface configuration mode
|
interface interface-name
|
Either
After entering the L2 Ethernet interface configuration mode, the subsequent configuration just takes effect on the current port. After entering the aggregation group configuration mode, the subsequent configuration just takes effect on the aggregation group.
|
|
Enter the aggregation group configuration mode
|
interface link-aggregation link-aggregation-id
|
|
Configure the port trust status
|
ipv6 dhcp snooping trust
|
Mandatory
By default, all ports are un-trust port.
|
-
The port connected to the DHCPv6 server needs to be configured as the trust port. Otherwise, the DHCPv6 client cannot get the address.
Configure the Number of Port DHCPv6 snooping Bound Entries
Configuring the number of the DHCPv6 snooping bound entries can limit the maximum number of the dynamic entries that can be learned by the port, preventing occupying too many system resources.
Table 8-5 Configure the number of the port DHCPv6 snooping bound entries
|
Step
|
Command
|
Description
|
|
Enter global configuration mode
|
configure terminal
|
-
|
|
Enter the L2 Ethernet interface configuration mode
|
interface interface-name
|
Either
After entering the L2 Ethernet interface configuration mode, the subsequent configuration just takes effect on the current port. After entering the aggregation group configuration mode, the subsequent configuration just takes effect on the aggregation group.
|
|
Enter the aggregation group configuration mode
|
interface link-aggregation link-aggregation-id
|
|
Configure the number of the DHCPv6 snooping bound entries
|
ipv6 dhcp snooping max-learning-num number
|
Mandatory
By default, the number of the bound entries that can be learned by the port is 1024.
|
Switch
.png){kind=icon}
.png){kind=logo}
.jpg)
.png){kind=logo}
