set protocols dhcp6 snooping trust-port
- Tracy Yang
The set protocols dhcp6 snooping trust-port command configures an interface as a trust interface for DHCPv6 snooping.
Command Syntax
set protocols dhcp6 snooping trust-port <interface-name>
Parameters
Parameter | Description |
trust-port <interface-name> | Specifies an interface name. The interface can be either a physical interface or an aggregated interface. By default, all interfaces are untrusted interfaces. |
Usage Guidelines
In order to make the DHCPv6 client obtain an IP address from a legitimate DHCPv6 server, the device interface directly or indirectly connected to the DHCPv6 server trusted by the administrator must be set to the trust interface, so as to prevent a spoofing DHCPv6 server from assigning an IP address to the DHCPv6 client.
The trusted interface forwards DHCPv6 packets received from the DHCPv6 server normally, whereas the untrusted interface discards DHCPv6 packets received from the DHCPv6 server.
Example
- Configure ge-1/1/1 as trust port for DHCPv6 snooping.
admin@Xorplus# set protocols dhcp6 snooping trust-port ge-/1/1/1 admin@Xorplus# commit
Copyright © 2024 Pica8 Inc. All Rights Reserved.