Setting The Maximum Number Of Dhcpv6 Snooping Entries; Enabling Dhcpv6-Request Check - HP 6125XLG Layer 3-Ip Services Configuration Manual

Blade switch

Hide thumbs Also See for 6125XLG:

Layer 3 - ip routing configuration manual (492 pages)

Command reference manual (466 pages)

Configuration manual (414 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

Table of Contents

Step

(Optional.) Manually save

DHCPv6 snooping entries

to the database file.

(Optional.) Set the amount

of time to wait to update

the database file after

DHCPv6 snooping entry

changes.

Setting the maximum number of DHCPv6 snooping

entries

Perform this task to prevent the system resources from being overused.

To set the maximum number of DHCPv6 snooping entries:

Step

Enter system view.

Enter interface view.

Set the maximum number

of DHCPv6 snooping

entries for the interface to

learn.

Enabling DHCPv6-REQUEST check

Perform this task to use the DHCPv6-REQUEST check function to protect the DHCPv6 server against

DHCPv6 client spoofing attacks. Attackers can forge DHCPv6-RENEW messages to renew leases for

legitimate DHCPv6 clients that no longer need the IP addresses. The forged messages disable the victim

DHCPv6 server from releasing the IP addresses. Attackers can also forge DHCPv6-DECLINE or

DHCPv6-RELEASE messages to terminate leases for legitimate DHCPv6 clients that still need the IP

addresses.

The DHCPv6-REQUEST check function enables the DHCPv6 snooping device to check every received

DHCPv6-RENEW, DHCPv6-DECLINE, or DHCPv6-RELEASE message against DHCPv6 snooping entries.

If any of the criteria in an entry is matched, the device compares the entry with the message

•

information.

If they are consistent, the device considers the message valid and forwards it to the DHCPv6

server.

If they are different, the device considers the message forged and discards it.

If no matching entry is found, the device forwards the message to the DHCPv6 server.

•

To enable DHCPv6-REQUEST check:

Command

ipv6 dhcp snooping

binding database update

now

ipv6 dhcp snooping

binding database update

interval seconds

Command

system-view

interface interface-type

interface-number

ipv6 dhcp snooping

max-learning-num number

196

Remarks

DHCPv6 snooping entries are saved to the

database file each time this command is

executed.

The default setting is 300 seconds.

When a DHCPv6 snooping entry is learned or

removed, the device does not update the

database file until after the specified waiting

period. All changed entries during that period

will be updated.

Remarks

N/A

By default, the number of DHCPv6

snooping entries for an interface to

learn is not limited.

Table of Contents

Setting The Maximum Number Of Dhcpv6 Snooping Entries; Enabling Dhcpv6-Request Check - HP 6125XLG Layer 3-Ip Services Configuration Manual

Enabling DHCPv6-REQUEST check

Troubleshooting

Related Manuals for HP 6125XLG

Related Content for HP 6125XLG

Table of Contents