Example: Configuring DHCPv6 snooping

Network configuration

As shown in Figure 88, Switch B is connected to the authorized DHCPv6 server through Ten-GigabitEthernet 1/0/1, to the unauthorized DHCPv6 server through Ten-GigabitEthernet 1/0/3, and to the DHCPv6 client through Ten-GigabitEthernet 1/0/2.

Configure only the port connected to the authorized DHCPv6 server to forward the responses from the DHCPv6 server. Enable the DHCPv6 snooping device to record DHCPv6 snooping address entries.

Figure 88: Network diagram

Procedure


[IMPORTANT: ]

IMPORTANT:

By default, interfaces on the device are disabled (in ADM or Administratively Down state). To have an interface operate, you must use the undo shutdown command to enable that interface.


# Enable DHCPv6 snooping.

<SwitchB> system-view
[SwitchB] ipv6 dhcp snooping enable

# Specify Ten-GigabitEthernet 1/0/1 as a trusted port.

[SwitchB] interface ten-gigabitethernet 1/0/1
[SwitchB-Ten-GigabitEthernet1/0/1] ipv6 dhcp snooping trust
[SwitchB-Ten-GigabitEthernet1/0/1] quit

# Enable recording DHCPv6 snooping address entries on Ten-GigabitEthernet 1/0/2.

[SwitchB]interface ten-gigabitethernet 1/0/2
[SwitchB-Ten-GigabitEthernet1/0/2] ipv6 dhcp snooping binding record
[SwitchB-Ten-GigabitEthernet1/0/2] quit

Verifying the configuration

# Verify that the DHCPv6 client obtains an IPv6 address and all other configuration parameters only from the authorized DHCPv6 server. (Details not shown.)

# Display DHCPv6 snooping address entries on the DHCPv6 snooping device.

[SwitchB] display ipv6 dhcp snooping binding