Ipv6 Dhcp Snooping Deny - HPE FlexFabric 5950 Series Command Reference Manual
Hide thumbs
Also See for FlexFabric 5950 Series:
- Configuration manual (451 pages) ,
- Installation manual (53 pages) ,
- Configuration manual (223 pages)
Table of Contents
Advertisement
Views
Layer 2 Ethernet interface/Layer 2 aggregate interface view
Predefined user roles
network-admin
Usage guidelines
Use the DHCPv6-REQUEST check feature to protect the DHCPv6 server against DHCPv6 client
spoofing attacks. The feature enables the DHCPv6 snooping device to check every received
DHCPv6-RENEW, DHCPv6-DECLINE, or DHCPv6-RELEASE message against DHCPv6 snooping
entries.
•
If any criterion in an entry is matched, the device compares the entry with the message
information.
If they are consistent, the device considers the message valid and forwards it to the
DHCPv6 server.
If they are different, the device considers the message forged and discards it.
•
If no matching entry is found, the device forwards the message to the DHCPv6 server.
Examples
# Enable DHCPv6-REQUEST check.
<Sysname> system-view
[Sysname] interface hundredgige 1/0/1
[Sysname-HundredGigE1/0/1] ipv6 dhcp snooping check request-message
ipv6 dhcp snooping deny
Use ipv6 dhcp snooping deny to configure a port as DHCPv6 packet blocking port.
Use undo ipv6 dhcp snooping deny to restore the default.
Syntax
ipv6 dhcp snooping deny
undo ipv6 dhcp snooping deny
Default
A port does not block DHCPv6 requests.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
Predefined user roles
network-admin
Usage guidelines
A DHCPv6 packet blocking port drops all incoming DHCPv6 requests.
Examples
# Configure HundredGigE 1/0/1 as a DHCPv6 packet blocking port.
<Sysname> system-view
[Sysname] interface hundredgige 1/0/1
[Sysname-HundredGigE1/0/1] ipv6 dhcp snooping deny
317
- Quick Links:
- Display Ip Interface
- Ip Mtu
Hide quick links:
Advertisement
Table of Contents
