Table of Contents
Advertisement
29
627
•
match server address
•
match reply
•
preference
Each policy of the same type (for example, DHCPv6 Guard policies) must have a
unique name. Policies of different types can have the same policy name.
The switch supports two predefined, default DHCPv6 Guard policies named:
"vlan_default" and "port_default":
ipv6 dhcp guard policy vlan_default
exit
ipv6 dhcp guard policy port_default
exit
The default policies are empty and cannot be removed, but can be changed. The
no ipv6 dhcp guard policy does not remove the default policies, it only removes
the policy configuration defined by the user.
The default policies cannot be attached by the
(port mode)
or
ipv6 dhcp guard attach-policy (VLAN mode)
vlan_default policy is attached by default to a VLAN, if no other policy is attached
to the VLAN. The port_default policy is attached by default to a port, if no other
policy is attached to the port.
You can define a policy using the ipv6 dhcp guard policy command multiple times.
Before an attached policy is removed, a request for confirmation is presented to
the user, as shown in Example 3 below.
Examples
Example 1—The following example defines a DHCPv6 Guard policy named
policy1, places the router in DHCPv6 Guard Policy Configuration mode, configures
the port to drop unsecure messages and sets the device role as router:
switchxxxxxx(config)#
switchxxxxxx(config-dhcp-guard)#
switchxxxxxx(config-dhcp-guard)#
switchxxxxxx(config-dhcp-guard)# exit
ipv6 dhcp guard policy policy1
match server address list1
device-role server
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide
IPv6 First Hop Security
ipv6 dhcp guard attach-policy
command. The
Advertisement
Table of Contents
