DHCPv6 Guard

Table 1. DHCPv6 Guard product support

Feature

Product

Release introduced

DHCPv6 Guard

5420 Series

VOSS 8.4

5520 Series

VOSS 8.2.5

VSP 4450 Series

VOSS 5.0

VSP 4900 Series

VOSS 8.1

VSP 7200 Series

VOSS 5.0

VSP 7400 Series

VOSS 8.0

VSP 8200 Series

VOSS 5.0

VSP 8400 Series

VOSS 5.0

VSP 8600 Series

Not Supported

XA1400 Series

Not Supported

DHCPv6 Guard is a type of security for IPv6 deployments in an enterprise environment, it provides Layer 2 security to DHCPv6 clients by protecting them against rogue DHCPv6 servers. The basic concept of DHCPv6 Guard is that a Layer 2 device filters DHCPv6 messages meant to DHCPv6 clients, based on a number of different criteria. The basic filtering criterion is, the DHCPv6 server generated packets which are received on non-server ports or from an untrusted server will be dropped by the Layer 2 device.

Various levels of granularity are provided. Following are the policies that are supported:

The following figures are DHCPv6 topology samples:

Click to expand in new window
DHCPv6 Topology 1
Click to expand in new window
DHCPv6 Topology 2