Table of Contents
Advertisement
IPv6 First Hop Security
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide
no match server address
Parameters
•
ipv6-prefix-list-name
prefix-list
•
disable—Disables verification of the DHCP server's and relay's IPv6
address.
Default Configuration
Policy attached to port or port channel: the value configured in the policy attached
to the VLAN.
Policy attached to VLAN: server's addresses are not verified.
Command Mode
DHCP Guard Policy Configuration mode
User Guidelines
This command enables verification of the source IPv6 address in messages sent
by DHCPv6 servers and DHCPv6 Relays to a configured prefix list. If the source
IPv6 address does not match the configured prefix list, or if the prefix list is not
configured, the DHCPv6 reply is dropped.
IPv6 DHCP Guard verifies the source IPv6 address in the following DHCPv6
messages sent by DHCPv6 servers/relays:
•
ADVERTISE
•
REPLY
•
RECONFIGURE
•
RELAY-REPL
•
LEASEQUERY-REPLY
Use the disable keyword to disable verification of the DHCP server's and relay's
IPv6 address.
Example
The following example defines a DHCPv6 Guard policy named policy1, places the
switch in DHCPv6 Guard Policy Configuration mode, matches the server or relay
—The IPv6 prefix list to be matched.
29
686
Advertisement
Table of Contents
