Web Management Guide-R02
Table Of Contents
- How to Use This Guide
- Contents
- Figures
- Tables
- Getting Started
- Web Configuration
- Using the Web Interface
- Basic Management Tasks
- Displaying System Information
- Displaying Hardware/Software Versions
- Configuring Support for Jumbo Frames
- Displaying Bridge Extension Capabilities
- Managing System Files
- Setting the System Clock
- Configuring the Console Port
- Configuring Telnet Settings
- Displaying CPU Utilization
- Configuring CPU Guard
- Displaying Memory Utilization
- Resetting the System
- Interface Configuration
- VLAN Configuration
- Address Table Settings
- Spanning Tree Algorithm
- Congestion Control
- Class of Service
- Quality of Service
- VoIP Traffic Configuration
- Security Measures
- AAA (Authentication, Authorization and Accounting)
- Configuring User Accounts
- Web Authentication
- Network Access (MAC Address Authentication)
- Configuring HTTPS
- Configuring the Secure Shell
- Access Control Lists
- Filtering IP Addresses for Management Access
- Configuring Port Security
- Configuring 802.1X Port Authentication
- DoS Protection
- DHCP Snooping
- DHCPv6 Snooping
- ND Snooping
- IPv4 Source Guard
- IPv6 Source Guard
- ARP Inspection
- Application Filter
- Basic Administration Protocols
- Configuring Event Logging
- Link Layer Discovery Protocol
- Simple Network Management Protocol
- Configuring Global Settings for SNMP
- Setting Community Access Strings
- Setting the Local Engine ID
- Specifying a Remote Engine ID
- Setting SNMPv3 Views
- Configuring SNMPv3 Groups
- Configuring Local SNMPv3 Users
- Configuring Remote SNMPv3 Users
- Specifying Trap Managers
- Creating SNMP Notification Logs
- Showing SNMP Statistics
- Remote Monitoring
- Setting a Time Range
- Ethernet Ring Protection Switching
- MLAG Configuration
- OAM Configuration
- LBD Configuration
- Multicast Filtering
- Overview
- Layer 2 IGMP (Snooping and Query for IPv4)
- Configuring IGMP Snooping and Query Parameters
- Specifying Static Interfaces for a Multicast Router
- Assigning Interfaces to Multicast Services
- Setting IGMP Snooping Status per Interface
- Filtering IGMP Packets on an Interface
- Displaying Multicast Groups Discovered by IGMP Snooping
- Displaying IGMP Snooping Statistics
- Filtering and Throttling IGMP Groups
- MLD Snooping (Snooping and Query for IPv6)
- Configuring MLD Snooping and Query Parameters
- Setting Immediate Leave Status for MLD Snooping per Interface
- Specifying Static Interfaces for an IPv6 Multicast Router
- Assigning Interfaces to IPv6 Multicast Services
- Filtering MLD Query Packets on an Interface
- Showing MLD Snooping Groups and Source List
- Displaying MLD Snooping Statistics
- Filtering and Throttling MLD Groups
- Multicast VLAN Registration for IPv4
- IP Tools
- IP Configuration
- General IP Routing
- IP Services
- Appendices
Chapter 12
| Security Measures
DHCPv6 Snooping
– 372 –
■
If yes, continue to C.
■
If not, continue to B.
■
Check if IPv6 address in IA option is found in binding cache:
■
If yes, continue to C.
■
If not, check failed, and forward packet to trusted port.
B. Check status code in IA option:
■
If successful, and entry is in binding table, update lease time
and forward to original destination.
■
If successful, and entry is in binding cache, move entry from
binding cache to binding table, update lease time and forward
to original destination.
■
Otherwise, remove binding entry. and check failed.
■
If a DHCPv6 Relay packet is received, check the relay message
option in Relay-Forward or Relay-Reply packet, and process
client and server packets as described above.
◆ If DHCPv6 snooping is globally disabled, all dynamic bindings are removed
from the binding table.
◆ Additional considerations when the switch itself is a DHCPv6 client – The port(s)
through which the switch submits a client request to the DHCPv6 server must
be configured as trusted. Note that the switch will not add a dynamic entry for
itself to the binding table when it receives an ACK message from a DHCPv6
server. Also, when the switch sends out DHCPv6 client packets for itself, no
filtering takes place. However, when the switch receives any messages from a
DHCPv6 server, any packets received from untrusted ports are dropped.
DHCPv6 Snooping
Global Configuration
Use the Security > DHCP Snooping6 (Configure Global) page to enable DHCPv6
Snooping globally on the switch, or to configure MAC Address Verification.
Parameters
These parameters are displayed:
◆ DHCPv6 Snooping Status – Enables DHCPv6 snooping globally.
(Default: Disabled)
◆ DHCPv6 Snooping Option Remote ID – Enables the insertion of remote-id
option 37 information into DHCPv6 client messages. Remote-id option
information such as the port attached to the client, DUID, and VLAN ID is used