| General Security Measures
C
24
HAPTER
DHCPv6 Snooping
ipv6 dhcp snooping
option remote-id
policy
either drop, keep or remove option 37 information in incoming DCHPv6
packets. Packets are processed as follows:
If an incoming packet is a DHCPv6 request packet with option 37
■
information, it will modify the option 37 information according to
settings specified with
command.
If an incoming packet is a DHCPv6 request packet without option 37
■
information, enabling the DHCPv6 snooping information option will
add option 37 information to the packet.
If an incoming packet is a DHCPv6 reply packet with option 37
■
information, enabling the DHCPv6 snooping information option will
remove option 37 information from the packet.
When this switch inserts Option 37 information in DHCPv6 client
◆
request packets, the switch's MAC address (hexadecimal) is used for
the remote ID.
E
XAMPLE
This example enables the DHCPv6 Snooping Remote-ID Option.
Console(config)#ipv6 dhcp snooping option remote-id
Console(config)#
This command sets the remote-id option policy for DHCPv6 client packets
that include Option 37 information. Use the no form to disable this
function.
S
YNTAX
ipv6 dhcp snooping option remote-id policy {drop | keep |
replace}
no ipv6 dhcp snooping option remote-id policy
drop - Drops the client's request packet instead of relaying it.
keep - Retains the Option 37 information in the client request, and
forwards the packets to trusted ports.
replace - Replaces the Option 37 remote-ID in the client's request
with the relay agent's remote-ID (when DHCPv6 snooping is
enabled), and forwards the packets to trusted ports.
D
S
EFAULT
ETTING
drop
C
M
OMMAND
ODE
Global Configuration
– 920 –
ipv6 dhcp snooping option remote-id policy