Figure 71 Network diagram for DHCPv6 snooping configuration
GE1/0/1
GE1/0/2
DHCPv6 client
Configuration procedure
# Enable DHCPv6 snooping globally.
<SwitchB> system-view
[SwitchB] ipv6 dhcp snooping enable
# Add GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 to VLAN 2.
[SwitchB] vlan 2
[SwitchB-vlan2] port GigabitEthernet 1/0/1 GigabitEthernet 1/0/2 GigabitEthernet 1/0/3
# Enable DHCPv6 snooping for VLAN 2.
[SwitchB-vlan2] ipv6 dhcp snooping vlan enable
[SwitchB] quit
# Configure GigabitEthernet 1/0/1 as a DHCPv6 snooping trusted port.
[SwitchB] interface GigabitEthernet 1/0/1
[SwitchB-GigabitEthernet1/0/1] ipv6 dhcp snooping trust
Verification
After completing the configuration, connect GigabitEthernet 1/0/2 to a DHCPv6 client, GigabitEthernet
1/0/1 to a DHCPv6 server (Switch A), and GigabitEthernet 1/0/3 to an unauthorized DHCPv6 server.
The DHCPv6 client obtains an IPv6 address from Switch A, but cannot obtain any IPv6 address from the
unauthorized DHCPv6 server. You can use the display ipv6 dhcp snooping user-binding command to
view the DHCPv6 snooping entries on Switch B.
Switch A
DHCPv6 server
Switch B
DHCPv6 snooping
GE1/0/3
DHCP client or
Unauthorized
DHCPv6 server
165