Configuring dhcpv6 snooping, Enabling dhcpv6 snooping on a vlan – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Configuration notes and feature limitations for DHCPv6 snooping

The following limits and restrictions apply to DHCPv6 snooping:

• To run DHCPv6 snooping, you must first enable support for ACL filtering based on VLAN

membership or VE port membership. To do so, enter the following commands at the Global CONFIG
Level of the CLI.

device(config)#enable acl-per-port-per-vlan

device(config)#write memory

device(config)#exit

device#reload

NOTE
You must save the configuration and reload the software to place the change into effect.

• DHCPv6 snooping must be enabled on both client and server VLANs.
• For default vlan-id changes, DHCPv6 Snooping should be re-applied on the new default VLAN.

Configuring DHCPv6 snooping

Configuring DHCPv6 snooping consists of the following steps.

1. Enable DHCPv6 snooping on a VLAN. Refer to the Enabling DHCPv6 snooping on a VLAN section.
2. For ports that are connected to a DHCPv6 server, change their trust setting to trusted. Refer to

Enabling trust on a port connected to a DHCPv6 server

on page 358.

The following shows the default settings of DHCPv6 snooping.

Feature

Default

DHCPv6 snooping

Disabled

Trust setting for ports

Untrusted

Enabling DHCPv6 snooping on a VLAN

When DHCPv6 snooping is enabled on a VLAN, DHCPv6 packets are inspected.

DHCPv6 snooping is disabled by default. This feature must be enabled on the client and the DHCPv6
server VLANs. To enable DHCPv6 snooping, enter the following global command for these VLANs.

device(config)#ipv6 dhcp6 snooping vlan 2

The command enables DHCPv6 snooping on VLAN 2.

Syntax: no ipv6 dhcp6 snooping vlanvlan-id

The vlan-id variable specifies the ID of a configured client or DHCPv6 server VLAN.

Configuration notes and feature limitations for DHCPv6 snooping

FastIron Ethernet Switch Security Configuration Guide

357

53-1003088-03