Use the IPv6 DHCP Snooping Interface Configuration page to view and configure the IPv6 DHCP (Dynamic Host Configuration Protocol) snooping settings for each interface. The IPv6 DHCP snooping feature processes incoming DHCPv6 messages.
For RELEASE and DECLINE messages, the feature compares the receive interface and VLAN with the client's interface and VLAN in the binding database. If the interfaces do not match, the application logs the event (when logging of invalid packets is enabled) and drops the message. If MAC address validation is globally enabled, messages that pass the initial validation are checked to verify that the source MAC address and the DHCPv6 client hardware address match. Where there is a mismatch, IPv6 DHCP snooping logs the event (when logging of invalid packets is enabled) and drops the packet. To change the IPv6 DHCP Snooping settings for one or more interfaces, select each entry to modify and click Edit. The same settings are applied to all selected interfaces.
To access this page, click
in the navigation menu.Field | Description |
---|---|
Interface | The interface associated with the rest of the data in the row. When configuring the settings for one or more interfaces, this field identifies each interface that is being configured. |
Trust State | The trust state configured on the interface. The trust state is one of the following:
|
Log Invalid Packets | The administrative mode of invalid packet logging on the interface. When enabled, the IPv6 DHCP snooping feature generates a log message when an invalid packet is received and dropped by the interface. |
Rate Limit (pps) | The rate limit value for DHCPv6 packets received on the interface. To prevent DHCPv6 packets from being used as a DoS attack when IPv6 DHCP snooping is enabled, the snooping application enforces a rate limit for DHCPv6 packets received on untrusted interfaces. If the incoming rate of DHCPv6 packets exceeds the value of this object during the amount of time specified for the burst interval, the port will be shut down. You must administratively enable the port to allow it to resume traffic forwarding. |
Burst Interval (Seconds) | The burst interval value for rate limiting on this interface. If the rate limit is unspecified, then burst interval has no meaning. |
If you change any of the parameters, click Submit to apply the changes to the system. If you want the switch to retain the new values across a power cycle, you must save the configuration.
Click Refresh to refresh the page with the most current data from the switch.