Table of Contents
Advertisement
DHCPv6 Snooping
DHCPv6 snooping is a useful feature that provides security by filtering untrusted DHCP
messages and by building and maintaining a DHCP snooping binding table. An untrusted
message is a message that is received from outside the network or firewall and that can
cause traffic attacks within your network. The DHCP snooping binding table contains the
MAC address, IP address, lease time, binding type, VLAN number, and interface information
that corresponds to the local untrusted interfaces of a switch. An untrusted interface is an
interface that is configured to receive messages from outside the network or firewall. A
trusted interface is an interface that is configured to receive only messages from within the
network.
DHCPv6 snooping acts like a firewall between untrusted hosts and DHCP servers. It also
provides way to differentiate between untrusted interfaces connected to the end user and
trusted interfaces connected to the DHCP server or another switch.
Global Configuration
Use this screen to view and configure the global settings for DHCPv6 snooping.
To configure DHCPv6 snooping global settings:
1.
Select System> Services > DHCPv6 Snooping > Global Configuration.
2.
Next to DHCPv6 Snooping Mode, enable the DHCPv6 Snooping feature. The factory
default is Disabled.
3.
(Optionally) Next to MAC Address Validation, enable the verification of the sender MAC
address for DHCPv6 snooping. The factory default is Enabled.
When MAC address validation is enabled, the device checks packets that are received on
an untrusted interface to verify that the MAC address and the DHCPv6 client hardware
address match. If the addresses do not match, the device drops the packet.
4.
Click the Apply button.
To enable DHCPv6 snooping for all interfaces that are members of a VLAN:
1.
In the VLAN ID field, specify the VLAN on which DHCPv6 snooping is enabled.
2.
From the DHCPv6 Snooping Mode list, select Enable.
3.
Click the Apply button.
Interface Configuration
Use the DHCPv6 Snooping Interface Configuration screen to view and configure each port as
a trusted or untrusted port. Any DHCPv6 responses received on a trusted port are forwarded.
If a port is configured as untrusted, any DHCPv6 (or BootP) responses received on that port
are discarded.
To configure DHCPv6 snooping interface settings:
1.
Select System> Services > DHCPv6 Snooping > Interface Configuration.
S3300 Smart Managed Pro Switch
Configure System Information
122
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
