Manualshelf

R0106-HP MSR Router Series Layer 3 - IP Services Command Reference(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router
351352353354355356357358359360
347
Usage guidelines
Use the DHCPv6-REQUEST check function to protect the DHCPv6 server against DHCPv6 client spoofing
attacks. The function enables the DHCPv6 snooping device to check every received DHCPv6-RENEW,
DHCPv6-DECLINE, or DHCPv6-RELEASE message against DHCPv6 snooping entries.
If any of the criteria in an entry is matched, the device compares the entry with the message
information.
{ If they are consistent, the device considers the message valid and forwards it to the DHCPv6
server.
{ If they are different, the device considers the message forged and discards it.
If no matching entry is found, the device forwards the message to the DHCPv6 server.
Examples
# Enable DHCPv6-REQUEST check.
<Sysname> system-view
[Sysname] interface gigabitethernet 2/1/1
[Sysname-GigabitEthernet2/1/1] ipv6 dhcp snooping check request-message
ipv6 dhcp snooping enable
Use ipv6 dhcp snooping enable to enable DHCPv6 snooping.
Use undo ipv6 dhcp snooping enable to disable DHCPv6 snooping.
Syntax
ipv6 dhcp snooping enable
undo ipv6 dhcp snooping enable
Default
DHCPv6 snooping is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
Use the DHCPv6 snooping function together with trusted port configuration. Before trusted ports are
configured, all ports on the DHCPv6 snooping device are untrusted and discard all responses sent from
DHCPv6 servers.
When DHCPv6 snooping is disabled, the device forwards all responses from DHCPv6 servers.
Examples
# Enable DHCPv6 snooping.
<Sysname> system-view
[Sysname] ipv6 dhcp snooping enable