Recording ip-to-mac mappings of dhcpv6 clients, Enabling dhcpv6 snooping, Configuring a dhcpv6 snooping trusted port – H3C Technologies H3C S12500 Series Switches User Manual

188

messages from the authorized DHCPv6 server, whereas other ports are configured as untrusted so that

the DHCPv6 client can obtain an IPv6 address from the authorized DHCPv6 server only. As shown
in

Figure 77

, configure the port that connects to the DHCPv6 server as a trusted port, and other ports as

untrusted.

Recording IP-to-MAC mappings of DHCPv6 clients

DHCPv6 snooping reads DHCPv6 messages to create and update DHCPv6 snooping entries, including

MAC addresses of clients, IPv6 addresses obtained by the clients, ports that connect to DHCPv6 clients,

and VLANs to which the ports belong. You can use the display ipv6 dhcp snooping user-binding

command to view the IPv6 address obtained by each client, so that you can manage and monitor the
clients' IPv6 addresses.

Enabling DHCPv6 snooping

To allow clients to obtain IPv6 addresses from an authorized DHCPv6 server, enable DHCPv6 snooping
globally and configure trusted and untrusted ports correctly. At this point, clients can obtain IPv6

addresses from valid servers, but DHCPv6 snooping entries are not recorded. To record DHCPv6

snooping entries for a VLAN, enable DHCPv6 snooping for the VLAN.
To enable DHCPv6 snooping:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enable DHCPv6 snooping
globally.

ipv6 dhcp snooping enable

Disabled by default.

3.

Enter VLAN view.

vlan vlan-id

N/A

4.

Enable DHCPv6 snooping for the

VLAN.

ipv6 dhcp snooping vlan enable

Optional.
Disabled by default.

Configuring a DHCPv6 snooping trusted port

After enabling DHCPv6 snooping globally, you can specify trusted and untrusted ports for a VLAN as

needed. A DHCPv6 snooping trusted port forwards DHCPv6 packets it receives correctly. A DHCPv6

snooping untrusted port discards any DHCPv6 reply message received from a DHCPv6 server. Upon

receiving a DHCPv6 request from a client in the VLAN, the DHCPv6 snooping device forwards the
packet through trusted ports rather than any untrusted port in the VLAN, thus reducing network traffic.
Follow these guidelines when you configure a DHCPv6 snooping trusted port:

•

You need to specify a port connected to an authorized DHCPv6 server as trusted to make sure
DHCPv6 clients can obtain valid IPv6 addresses. The trusted port and the ports connected to the

DHCPv6 clients must be in the same VLAN.

•

If a Layer 2 Ethernet interface is added to an aggregation group, the DHCPv6 snooping
configuration of the interface will not take effect until the interface quits the aggregation group.

To configure a DHCPv6 snooping trusted port: