Configuring DHCPv6 Snooping (IPv6)

DHCPv6 snooping creates a binding table, which includes the client IP address, MAC address, VLAN ID, physical port and the lease time. DHCPv6 snooping is disabled by default. The steps below explain how to enable DHCPv6 snooping and configure the trust port (by default all the ports are untrusted ports), DHCPv6 snooping binding file and the delay timer for writing the DHCPv6 snooping entries from memory to the binding file, and how to configure DHCPv6 snooping Option policy.

Procedure

Step 1 Configure DHCPv6 snooping on a VLAN.

set protocols dhcp6 snooping vlan <vlan-id> disable <true | false>

NOTE：

DHCPv6 relay and DHCPv6 snooping cannot be configured on the same VLAN.
DHCPv6 snooping should be enabled in the VLAN, it takes effect only on DHCPv6 messages received from interfaces in this VLAN. Packets that are not received from this VLAN won’t be processed by DHCPv6 snooping module and will be processed and forwarded as ordinary packets.

Step 2 Configure the interface connected to the DHCP server as DHCPv6 snooping trusted interface.

set protocols dhcp6 snooping trust-port <interface-name>

NOTE：

The port can be either physical port or aggregated port.
By default, all the ports are untrusted ports.
When DHCPv6 snooping is enabled in a VLAN without configuring the trust interface, the DHCPv6 packets received from the DHCP server in this VLAN will be dropped.

Step 3 (Optional) Configure the DHCPv6 snooping binding file and the delay timer for writing the DHCPv6 snooping entries from memory to the binding file. For non-X86 devices, the path of the binding file is /mnt/open/dhcp6_bind; for X86 devices, the binding file path should not be under /tmp.

set protocols dhcp6 snooping binding file <file-path>
set protocols dhcp6 snooping binding write-delay <write-delay-timer>

Step 4 (Optional) Configure the DHCPv6 snooping Option policy and the sub-options.

set protocols dhcp6 snooping vlan <vlan-id> option-policy <drop | keep | insert | replace>

set protocols dhcp6 snooping option18 interface-id <port-index | port-name | port-description>

set protocols dhcp6 snooping option37 remote-id <remote-id>

Configuration example

Networking Requirements

On PICA8 Switch, the interfaces ge-1/1/1 and ge-1/1/2 are in VLAN 2.
Enable DHCPv6 snooping on VLAN 2.
Configure the interface connected to the DHCP server (ge-1/1/2) as the DHCPv6 snooping trust interface.

Figure 1 DHCPv6 Snooping Networks

Procedure

Step 1 Configure VLAN.

admin@XorPlus# set vlans vlan-id 2
admin@XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switching native-vlan-id 2
admin@XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switching native-vlan-id 2

Step 2 Configure DHCPv6 snooping on VLAN 2.

admin@XorPlus#set protocols dhcp6 snooping vlan 2 disable false

Step 3 Configure the interface connected to the DHCP server as DHCPv6 snooping trusted interface.

admin@XorPlus# set protocols dhcp6 snooping trust-port ge-1/1/2

Step 4 (Optional) Configure /tmp/run/dhcpv6_bind as the DHCPv6 snooping binding file and the value of delay timer for writing the DHCPv6 snooping entries from memory to the binding file is 30s.

admin@XorPlus# set protocols dhcp6 snooping binding file /mnt/open/dhcp6_bind
admin@XorPlus# set protocols dhcp6 snooping binding write-delay 30

Step 5 Commit the configuration.

admin@XorPlus# commit

Step 6 Verify the configuration.

After the configuration is complete, run the run show dhcp6 snooping binding command to view the DHCPv6 snooping binding table.

admin@Xorplus# run show dhcp6 snooping binding 
Total count:     1
MAC Address         IPv6 Address     Port            VLAN ID   Lease(sec)                    
-------------------------------------------------------------------------------------------------------                                
14:18:77:18:2c:b9   100::1:1:1      ge-1/1/1        2         599/600

DHCPv6 client can obtain the IPv6 address normally.