Feature |
Product |
Release introduced |
---|---|---|
DHCPv6 Guard |
5420 Series |
VOSS 8.4 |
5520 Series |
VOSS 8.2.5 |
|
VSP 4450 Series |
VOSS 5.0 |
|
VSP 4900 Series |
VOSS 8.1 |
|
VSP 7200 Series |
VOSS 5.0 |
|
VSP 7400 Series |
VOSS 8.0 |
|
VSP 8200 Series |
VOSS 5.0 |
|
VSP 8400 Series |
VOSS 5.0 |
|
VSP 8600 Series |
Not Supported |
|
XA1400 Series |
Not Supported |
DHCPv6 Guard is a type of security for IPv6 deployments in an enterprise environment, it provides Layer 2 security to DHCPv6 clients by protecting them against rogue DHCPv6 servers. The basic concept of DHCPv6 Guard is that a Layer 2 device filters DHCPv6 messages meant to DHCPv6 clients, based on a number of different criteria. The basic filtering criterion is, the DHCPv6 server generated packets which are received on non-server ports or from an untrusted server will be dropped by the Layer 2 device.
Various levels of granularity are provided. Following are the policies that are supported:
Port based filtering using device role (server or client)
Server or relay agent IPv6 address based filtering
Advertising IPv6 prefix based filtering
DHCPv6 packet filtering based on Server Preference checks
The following figures are DHCPv6 topology samples: