Create DHCPv6 Guard Policy
About this task
Use this procedure to create the DHCPv6 Guard policy to block DHCPv6 reply and advertisement messages that originate from unauthorized DHCPv6 servers and relay agents.
Procedure
- In the navigation pane, expand .
- Select FHS.
- Select the DHCPv6 Guard Policy tab.
- Select Insert.
- Configure the parameters for the DHCPv6 Guard policy.
- Select Insert.
- Optional: Select Refresh to update the results.
DHCPv6 Guard Policy Field Descriptions
Use the data in the following table to use the DHCPv6 Guard Policy tab.
Name |
Description |
---|---|
PolicyName |
Specifies the policy name to create or modify DHCPv6 Guard policy. |
ServerAccessListName |
Enables verification of the sender IPv6 address in the DHCPv6 reply or advertisement packets
against attached IPv6 server access list.
Note:
If the access-list is not attached, the source IPv6 address is not validated. If the list is attached and it does not match with any entries in attached IPv6 access list, the switch drops the DHCPv6 packet. To change this behavior, add an entry in the IPv6 access list with prefix 0::0/0 with access type as allow, which changes the drop by default to allow by default. |
ReplyPrefixListName |
Enables verification of the advertised prefixes in DHCPv6 reply messages against the attached
prefix list. If not configured, this check is bypassed.
Note:
If the access-list is not attached, the advertised address/prefix is not validated. If the list is attached and it does not match with any entries in attached IPv6 access list, the switch drops the DHCPv6 packet. To change this behavior, an entry in the IPv6 access list with prefix 0::0/0 with access type as allow, which changes the drop by default to allow by default. |
PrefLimitMin |
Enables verification if the advertised preference (in reference option) is greater than the specified limit. If not specified, this check does not occur. The value range is from 0 to 255. |
PrefixLimitMax |
Enables verification if the advertised preference (in preference option) is less than the specified limit. If not specified, this check does not occur. The value range is from 0 to 255.
Note:
If both the maximum and minimum limit is 0, this preference check is ignored. |