Configuring a DHCPv6 snooping trusted port
After enabling DHCPv6 snooping globally, you can specify trusted and untrusted ports for a VLAN as needed. A DHCPv6 snooping trusted port normally forwards DHCPv6 packets it receives. A DHCPv6 snooping untrusted port discards any DHCPv6 reply message received from a DHCPv6 server. Upon receiving a DHCPv6 request from a client in the VLAN, the DHCPv6 snooping device forwards the packet through trusted ports rather than any untrusted port in the VLAN, thus reducing network traffic.
Follow these steps to configure a DHCPv6 snooping trusted port:
To do… | Use the command… | Remarks |
|---|---|---|
Enter system view | system-view | — |
Enter interface view | interface interface-type interface-number | — |
Configure the port as trusted | ipv6 dhcp snooping trust | Required By default, all ports of the device with DHCPv6 snooping globally enabled are untrusted. |
![[NOTE: ]](images/note.png) | NOTE: You need to specify a port connected to an authorized DHCPv6 server as trusted to ensure that DHCPv6 clients can obtain valid IPv6 addresses. The trusted port and the ports connected to the DHCPv6 clients must be in the same VLAN. If a Layer 2 Ethernet interface is added to an aggregation group, the DHCPv6 snooping configuration of the interface will not take effect until the interface quits the aggregation group. | |