Displaying the dhcpv6 snooping binding database, Dhcpv6 snooping configuration example, Multi-vrf support for dhcpv6 snooping – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 359

Advertising
background image

Syntax: show ipv6 dhcp6 snooping vlan vlan-id

Displaying the DHCPv6 snooping binding database

To see DHCPv6 snooping binding database, enter the show ipv6 dhcp6 snooping info command.
The following is an example of the output.

Brocade# show ipv6 dhcp6 snooping info

IP dhcpv6 snooping enabled on 1 VLANS(s):

IPv6 Address LinkLayer-Addr Age VRF

2002::24 0000.0343.0958 259198 0

2002::4a 7c00.030c.ccc9 259198 0

Syntax: show ipv6 dhcp6 snooping info

DHCPv6 snooping configuration example

The following example configures VLAN 10, and changes the CLI to the global configuration level to
enable DHCPv6 snooping on the configured VLANs. The commands are as follows.

device(config)#vlan 10

device(config-vlan-10)#untagged ethe 1/1/1 to 1/1/3

device(config-vlan-10)#exit

device(config)#ipv6 dhcp6 snooping vlan 10

Syntax: ipv6 dhcp6 snooping vlan vlan-id

On VLAN 10, client ports 1/1/2 and 1/1/3 are untrusted. By default, all client ports are untrusted. Only
DHCPv6 client’s SOLICIT and REQUEST packets received on ports 1/1/2 and 1/1/3 are forwarded.

Port 1/1/1 is connected to a DHCPv6 server. DHCPv6 server port is set to be a trusted port as
displayed in the following example.

device(config)#interface ethernet 1/1/1

device(config-if-e10000-1/1/1)#dhcp6 snooping trust

device(config-if-e10000-1/1/1)#exit

The DHCPv6 server ADVERTISE and REPLY packets received on port 1/1/1 are forwarded.

Multi-VRF support for DHCPv6 snooping

NOTE
For how to configure VRF, refer to the FastIron Ethernet Switch Layer 3 Routing Configuration Guide .

DHCPv6 snooping supports Multi-VRF (Virtual Routing and Forwarding) instances. You can deploy
multiple VRFs on a Brocade Ethernet switch. Each VLAN having a Virtual Interface (VE) is assigned to
a VRF.

You can enable DHCPv6 snooping on individual VLANs and assign any interface as the DHCPv6 trust
interface. If an interface is a tagged port in this VLAN, you can turn on the trust port per VRF, so that
traffic intended for other VRF VLANs will not be trusted.

To configure DHCPv6 snooping to support a Multi-VRF instance, do the following:

• DHCPv6 snooping requires that the acl-per-port-per-vlan setting be enabled. To enable the setting:

Brocade(config)# enable acl-per-port-per-vlan

Reload required. Please write memory and then reload or power cycle.

Displaying the DHCPv6 snooping binding database

FastIron Ethernet Switch Security Configuration Guide

359

53-1003088-03

Advertising
Popular Brands
Popular manuals