Cisco Catalyst 3560-X Software Configuration Manual page 1160

Understanding IPv6
IPv6 DHCP Address Gleaning
The IPv6 DHCP address gleaning feature provides the ability to extract addresses from DHCP messages
and populate the binding table. The switch extracts address binding information from the following types
of DHCPv6 exchanges (using User Datagram Protocol (UDP), ports 546 and 547):
•
•
•
•
•
•
•
After a switch receives a DHCP-REQUEST message from a client, one of the following can happen:
•
•
•
•
To enable this feature, configure a policy using the ipv6 snooping policy policy-name global
configuration command. For more information, see the
on page
You can configure a policy and attach it to a DHCP guard to prevent the binding table from being filled
with forged DHCP messages. For more information, see the
and
IPv6 Data Address Gleaning
The IPv6 data address gleaning feature provides the ability to extract addresses from redirected data
traffic, to discover neighbors and to populate binding tables.
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
1-6
DHCP-REQUEST
DHCP-CONFIRM
DHCP- RENEW
DHCP-REBIND
DHCP-REPLY
DHCP-RELEASE
DHCP-DECLINE
The switch receives a DHCP-REPLY message from DHCP server and a binding table entry is
created in the REACHABLE state and completed. The reply contains the IP address and the MAC
address in the Layer 2 (L2) DMAC field.
Creating an entry in the binding table allows the switch to learn addresses assigned by DHCP. A
binding table can have one of the following states:
INCOMPLETE—Address resolution is in progress and the link-layer address is not yet known.
–
REACHABLE—The table is known to be reachable within the last reachable time interval.
–
STALE—The table requires re-resolution.
–
SEARCH—The feature creating the entry does not have the L2 address and requests the binding
–
table to search for the L2 address.
VERIFY—The L2 and Layer 3 (L3) addresses are known and a duplicate address detection
–
(DAD) Neighbor solicitation (NS) unicast message is sent to the L2 and L3 destinations to
verify the addresses.
DOWN—The interface from which the entry was learnt is down, preventing verification.
–
The DHCP server sends a DHCP-DECLINE or DHCP release message and the entry is deleted.
The client sends a DHCP-RENEW message to the server that allocated the address or a
DHCP-REBIND message to any server and the lifespan of the entry is extended.
The server does not reply and the session is timed-out.
1-20.
"Configuring IPv6 DHCP Guard" section on page
Chapter 1 Configuring IPv6 Unicast Routing
"Configuring an IPv6 Snooping Policy" section
"IPv6 DHCP Guard" section on page 1-8
1-21.
OL-25303-03