dhcpv6 snooping check ipv6 enable (Interface view)

Function

The dhcpv6 snooping check ipv6 enable command enables a device to check invalid IPv6 packets.

The undo dhcpv6 snooping check ipv6 enable command disables a device from checking invalid IPv6 packets.

By default, invalid IPv6 packet check is disabled.

Format

dhcpv6 snooping check ipv6 enable

undo dhcpv6 snooping check ipv6 enable

Parameters

None

Views

100GE interface view, 10GE interface view, 25GE interface view, 400GE interface view, 40GE interface view, 50GE interface view, Eth-Trunk interface view, FlexE sub-interface view, FlexE interface view, GE optical interface view, GE interface view, GE electrical interface view, Global VE sub-interface view, VE sub-interface view, Sub-interface view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
dhcp write

Usage Guidelines

Usage Scenario

In DHCPv6 applications, if IPv6/MAC spoofing attacks exists, you can configure a device to check whether the source IPv6 address and source MAC address in IPv6 packets match entries in the DHCPv6 snooping binding table.

Prerequisites

DHCPv6 snooping has been enabled globally using the dhcpv6 snooping enable command in the system view.

DHCPv6 snooping has been enabled on the interface using the dhcpv6 snooping enable command in the interface view.

Example

# Enable the invalid IPv6 packet check on GE 0/1/0.
<HUAWEI> system-view
[~HUAWEI] dhcpv6 snooping enable
[*HUAWEI] interface GigabitEthernet 0/1/0
[*HUAWEI-GigabitEthernet0/1/0] dhcpv6 snooping enable
[*HUAWEI-GigabitEthernet0/1/0] dhcpv6 snooping check ipv6 enable
Parent Topic: DHCPv6 Snooping Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >