Create a DHCPv6 Guard Policy for the Router

About this task

Create a DHCPv6 Guard policy to provide Layer 2 security to DHCPv6 clients by protecting them against rogue DHCPv6 servers.

Procedure

  1. Enter Global Configuration mode:

    enable

    configure terminal

  2. Enter DHCP Guard mode with the DHCPv6 Guard policy name (dhcpv6g_pol_1). The DHCPv6 Guard policy for the interface is connected to a router.

    ipv6 fhs dhcp-guard policy dhcpv6g_pol_1

  3. Configure the source IPv6 access list to allow only a DHCPv6 server replies that originate from the IPv6 address fe80:0:0:0:cef9:54ff:feb4:9481/128 and check the preceding IPv6 ACL configuration for ipv6_acl_1 list.

    match server access-list ipv6_acl_1

  4. Verify the prefixes sent in the DHCPv6 server reply message so that the ipv6_acl_2 IPv6 ACL configuration allows only the prefix 1000::1/64.

    match reply prefix-list ipv6_acl_1

9037809-01 Rev AA