5 ipv6 dhcp snooping action, 6 ipv6 dhcp snooping action maxnum, Dhcp snooping action – PLANET XGS3-24040 User Manual

28-87

%Jan 16 02:18:03 2006 DHCP6SNP PACKET: to vlan 1 except port Ethernet4/11 (designPort

flag 0)

%Jan 16 02:18:03 2006 DHCP6SNP PACKET: and return packet to network stack

%Jan 16 02:18:03 2006 DHCP6SNP EVENT: Parse packet REPLY from fe80::200:ff:fe11:2233

src MAC 00-00-00-11-22-33 interface Ethernet1/2 vlan 1

%Jan 16 02:18:03 2006 DHCP6SNP PACKET: Receive DHCPv6 packet REPLY from

fe80::200:ff:fe11:2233

src MAC 00-00-00-11-22-33, dst MAC 00-19-e0-3f-d1-83,

interface Ethernet1/2 vlan 1,

transaction-ID 16424, smac host flag 1, dmac host flag 0

%Jan 16 02:18:03 2006 DHCP6SNP PACKET: Forward packet REPLY (protocol 0x819)

%Jan 16 02:18:03 2006 DHCP6SNP PACKET: to exact port Ethernet4/11 (designPort flag 1)

28.5 ipv6 dhcp snooping action

Command:

ipv6 dhcp snooping action {shutdown | blackhole} [recovery <second>]

no ipv6 dhcp snooping action

Function:

After the abnormity is detected by DHCPv6 Snooping, set the action and the duration on the port,

the no command cancels the configuration.

Parameters:

shutdown | blackhole: After DHCPv6 Snooping receives the response packet of DHCPv6 from

non-trusted port, then execute the action.

second: The duration between the action execution and recovery , ranging from 1-3600, and the

default action is not recovered.

Command Mode:

Port mode

Default Settings:

There is no user-defined action, the default action is not recovered and has no recovery time.

Usage Guide:

Set the user-defined action for non-trusted port, when the security policy is changed, clear the

security policy sent to the hardware at the same time.

Example:

Set the user-defined action for non-trusted port.

switch(config-if-ethernet1/1)# ipv6 dhcp snooping action shutdown recovery 100

28.6 ipv6 dhcp snooping action MaxNum

Command:

ipv6 dhcp snooping action {<max-num> | default}