Configure DHCPv6 Guard in dhcp-guard Mode
About this task
Configures DHCPv6 Guard under dhcp-guard mode.
Procedure
Variable Definitions
The following table defines parameters for the dhcp-guard configuration mode commands.
Variable |
Description |
---|---|
match server access-list <ipv6–access-list-name> |
Enables verification of the sender‘s IPv6 address in inspected messages from the configured authorized device source access list specified. Note:
If the access-list is not attached, the IPv6 source address in DHCPv6 packet is not validated. If the list is attached and it does not match any entries in IPv6 access list, the switch drops the DHCPv6 packet. If you wish to change this behavior, add an entry with IPv6 prefix“0::0/0” with the Allow option, which changes the default drop to default Allow. |
{ no | default } match server access-list |
Removes the sender‘s IPv6 address based DHCPv6 Guard filtering. |
match reply prefix-list <ipv6–prefix-list-name> |
Enables verification of the advertised prefixes in DHCPv6 reply messages from the configured authorized prefix list. If prefix-list is not configured, this check is bypassed. Note:
If the access-list is not attached, the inspection does not occur. If the list is attached and advertised IPv6 address does not match any IPv6 prefixes in the list, the switch drops the DHCPv6 packet. If you wish to change this behavior, add an IPv6 access list entry with prefix 0::0/0 with the Allow option, which changes the default drop to default Allow. |
{ no | default } match reply prefix-list |
Removes the advertised prefix-based DHCPv6 Guard filtering. |
preference min-limit<0–255> |
Enables validation of advertised preference (in preference option) to check if it is greater than the specified limit. If preference is not specified, this field in the packet is not validated. While changing the preference limit, ensure the maximum limit is greater than the minimum limit. |
default preference min-limit |
Sets the specified limit to its default value. By default, the value is 0. |
preference max-limit<0–255> |
Enables validation of advertised preference (in preference option) to check if it is less than the specified limit. If preference is not specified, this field in the packet is not validated. Note:
The preference value in the packet is not validated if both minimum and maximum values are zero. |
default preference max-limit |
Sets the specified limit to its default value. By default, the value is 0. |