User Manual

ManualsBrandsNETGEAR ManualsComputers & Accessories32x100G/50G/40G QSFP28 Managed Switch

961

962

963

964

965

966

967

968

969

970

Table Of Contents

NETGEAR M4500 Series Switches CLI Command Reference Manual 968

8.6. DHCPv6 Snooping Commands

DHCPv6 snooping is a security feature that monitors DHCPv6 messages between a DHCPv6 client and DHCPv6

servers to filter harmful DHCPv6 messages and to build a bindings database of {MAC address, IPv6 address,

VLAN ID, port} tuples that are considered authorized. You can enable DHCPv6 snooping globally and on specific

VLANs, and configure ports within the VLAN to be trusted or untrusted. DHCPv6 servers must be reached

through trusted ports.

DHCPv6 snooping enforces the following security rules:

DHCPv6 packets from a DHCPv6 server (Advertise and Reply) are dropped if received on an untrusted port.

DHCPv6 Release and DHCPv6 Decline messages are dropped if for a MAC address in the snooping database, but

the binding's interface is other than the interface where the message was received.

DHCPv6 Snooping doe not support the DHCPv6 relay function, and other behaviors are the same as DHCP

Snooping. For more information, refer to the DHCP Snooping Commands section.

8.6.1. show ipv6 dhcp snooping

This command displays the DHCPv6 snooping global configurations and summaries of port configurations.

Format show ipv6 dhcp snooping

Default None

Mode Privileged Exec

Example:

(M4500-32C) #show ipv6 dhcp snooping

DHCP snooping is Enabled

DHCP snooping source MAC verification is enabled

DHCP snooping is enabled on the following VLANs:

Interface Trusted Log Invalid Pkts

----------- ---------- ----------------

0/1 Yes No

0/2 No No

0/3 No No

0/4 No No

0/5 No No

0/6 No No

0/7 No No

0/8 No No

0/9 No No

0/10 No No

0/11 No No

0/12 No No

0/13 No No

0/14 No No

0/15 No No