About this task
Create a DHCPv6 Guard policy to provide Layer 2 security to DHCPv6 clients by
protecting them against rogue DHCPv6 servers.
Procedure
-
Enter Global Configuration mode:
enable
configure
terminal
- Enter DHCP Guard mode
with the DHCPv6 Guard policy name (dhcpv6g_pol_1). The DHCPv6 Guard policy for the interface is connected to a router.
ipv6 fhs dhcp-guard policy dhcpv6g_pol_1
- Configure the source
IPv6 access list to allow only a DHCPv6 server replies that originate
from the IPv6 address fe80:0:0:0:cef9:54ff:feb4:9481/128 and check
the preceding IPv6 ACL configuration for ipv6_acl_1 list.
match server access-list ipv6_acl_1
- Verify the prefixes sent in the DHCPv6 server reply message
so that the ipv6_acl_2 IPv6 ACL configuration allows only the prefix
1000::1/64.
match reply prefix-list ipv6_acl_1