Step 1 |
enable
|
Enables
privileged EXEC mode.
|
Step 2 |
configure
terminal
Device# configure terminal
|
Enters global
configuration mode.
|
Step 3 |
ipv6
access-list
access-list-name
Device(config)# ipv6 access-list acl1
|
Defines the
IPv6 access list and enters IPv6 access list configuration mode.
|
Step 4 |
permit
host
address
any
Device(config-ipv6-acl)# permit host FE80::A8BB:CCFF:FE01:F700 any
|
Sets the
conditions in the named IP access list.
|
Step 5 |
exit
Device(config-ipv6-acl)# exit
|
Exits IPv6
access list configuration mode and returns to global configuration mode.
|
Step 6 |
ipv6
prefix-list
list-name
permit
ipv6-prefix
128
Device(config)# ipv6 prefix-list abc permit 2001:0DB8::/64 le 128
|
Creates an
entry in an IPv6 prefix list.
|
Step 7 |
ipv6
dhcp
guard
policy
policy-name
Device(config)# ipv6 dhcp guard policy pol1
|
Defines the
DHCPv6 guard policy name and enters DHCP guard configuration mode.
|
Step 8 |
device-role {client |
server }
Device(config-dhcp-guard)# device-role server
|
Specifies the
device role of the device attached to the target (interface or VLAN).
|
Step 9 |
match
server
access-list
ipv6-access-list-name
Device(config-dhcp-guard)# match server access-list acl1
|
(Optional)
Enables verification of the advertised DHCP server and relay address in
inspected messages from the configured authorized server access list. If not
configured, this check will be bypassed. An empty access list is treated as a
permit.
|
Step 10 |
match
reply
prefix-list
ipv6-prefix-list-name
Device(config-dhcp-guard)# match reply prefix-list abc
|
(Optional)
Enables verification of the advertised prefixes in DHCP reply messages from the
configured authorized prefix list. If not configured, this check will be
bypassed. An empty prefix list is treated as a permit.
|
Step 11 |
preference
min
limit
Device(config-dhcp-guard)# preference min 0
|
(Optional)
Enables verification that the advertised preference (in preference option) is
greater than the specified limit. If not specified, this check will be
bypassed.
|
Step 12 |
preference
max
limit
Device(config-dhcp-guard)# preference max 255
|
(Optional)
Enables verification that the advertised preference (in preference option) is
less than the specified limit. If not specified, this check will be bypassed.
|
Step 13 |
trusted-port
Device(config-dhcp-guard)# trusted-port
|
(Optional)
Specifies that this policy is being applied to trusted ports. All DHCP guard
policing will be disabled.
|
Step 14 |
exit
Device(config-dhcp-guard)# exit
|
Exits DHCP
guard configuration mode and returns to global configuration mode.
|
Step 15 |
interface
type
number
Device(config)# interface GigabitEthernet 0/2/0
|
Specifies an
interface and enters interface configuration mode.
|
Step 16 |
switchport
Device(config-if)# switchport
|
Puts an
interface that is in Layer 3 mode into Layer 2 mode for Layer 2 configuration.
|
Step 17 |
exit
|
Exits
interface configuration mode and returns to global configuration mode.
|
Step 18 |
vlan
configuration
vlan-id
Device(config)# vlan configuration 1
|
Specifies a
VLAN and enters VLAN configuration mode.
|
Step 19 |
ipv6
dhcp
guard [attach-policy
policy-name]
Device(config-vlan-config)# ipv6 dhcp guard attach-policy pol1
|
Attaches a
DHCPv6 guard policy to a VLAN.
|
Step 20 |
exit
Device(config-vlan-config)# exit
|
Exits VLAN
configuration mode and returns to global configuration mode.
|
Step 21 |
exit
|
Exits global
configuration mode and returns to privileged EXEC mode.
|
Step 22 |
show
ipv6
dhcp
guard
policy [policy-name]
Device# show ipv6 dhcp policy guard pol1
|
(Optional)
Displays the policy configuration as well as all the interfaces where the
policy is applied.
|