Field	Description
IPv6 Address	IPv6 address assigned to the DHCPv6 client.
MAC Address	MAC address of the DHCPv6 client.
Lease	Remaining lease duration in seconds.
VLAN	When the DHCPv6 packet contains two VLAN tags, this field identifies the outer VLAN tag. Otherwise, it identifies the VLAN where the port connecting the DHCPv6 client resides.
SVLAN	When the DHCPv6 packet contains two VLAN tags, this field identifies the inner VLAN tag. Otherwise, it displays N/A.
Interface	Port connecting to the DHCPv6 client.

Related commands

ipv6 dhcp snooping binding record

reset ipv6 dhcp snooping binding

display ipv6 dhcp snooping binding database

Use display ipv6 dhcp snooping binding database to display information about DHCPv6 snooping entry auto backup.

Syntax

display ipv6 dhcp snooping binding database

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display information about DHCPv6 snooping entry auto backup.

<Sysname> display ipv6 dhcp snooping binding database

File name : database.dhcp

Username :

Password :

Update interval : 600 seconds

Latest write time : Feb 27 18:48:04 2012

Status : Last write succeeded.

Table 2 Command output

Field	Description
File name	Name of the DHCPv6 snooping entry backup file.
Username	Username for accessing the URL of the remote backup file.
Password	Password for accessing the URL of the remote backup file. This field displays ****** if a password is configured.
Update interval	Waiting time in seconds after a DHCPv6 snooping entry change for the DHCPv6 snooping device to update the backup file.
Latest write time	Time of the latest update.
Status	Status of the update: · Writing—The backup file is being updated. · Last write succeeded—The backup file was successfully updated. · Last write failed—The backup file failed to be updated.

display ipv6 dhcp snooping drni-statistics

Use display ipv6 dhcp snooping drni-statistics to display DRNI synchronization statistics for DHCPv6 snooping entries.

Syntax

display ipv6 dhcp snooping drni-statistics

Views

Any view

Predefined user roles

network-admin

network-operator

Usage guidelines

This command displays statistics about packets exchanged between DRNI primary and secondary devices for DHCPv6 snooping entry synchronization, including synchronization times and the number of synchronized DHCPv6 snooping entries.

Bringing up an IPP interface triggers entry synchronization from the primary device to the secondary device.

To determine whether DHCPv6 snooping entries are correctly synchronized, compare the values in the in the Sync start number field and the Sync end number field:

· If the two values are the same, DHCPv6 snooping entries are correctly synchronized.

· If the two values are different, a synchronization error has occurred.

Examples

# Display DRNI synchronization statistics for DHCPv6 snooping entries on the primary device.

<Sysname> display ipv6 dhcp snooping drni-statistics

Send Statistics:

Sync start number : 1

Binding valid records addr : 2

Binding temp records addr : 0

Binding valid records pd : 2

Binding temp records pd : 0

Sync end number : 1

Sync start number : 2

Binding valid records addr : 2

Binding temp records addr : 0

Binding valid records pd : 2

Binding temp records pd : 0

Sync end number : 2

Sync start number : 3

Binding valid records addr : 1

Binding temp records addr : 0

Binding valid records pd : 2

Binding temp records pd : 0

Sync end number : 3

# Display DRNI synchronization statistics for DHCPv6 snooping entries on the secondary device.

<Sysname> display ipv6 dhcp snooping drni-statistics

Recv Statistics:

Sync start number : 1

Binding valid records addr : 2

Binding temp records addr : 0

Binding valid records pd : 2

Binding temp records pd : 0

Sync end number : 1

Sync start number : 2

Binding valid records addr : 2

Binding temp records addr : 0

Binding valid records pd : 2

Binding temp records pd : 0

Sync end number : 2

Sync start number : 3

Binding valid records addr : 1

Binding temp records addr : 0

Binding valid records pd : 2

Binding temp records pd : 0

Sync end number : 3

Table 3 Command output

Field	Description
Send Statistics	Statistics about sent packets.
Recv Statistics	Statistics about received packets.
Sync start number	Synchronization start number.
Binding valid records addr	Number of valid DHCPv6 snooping address entries that have been synchronized.
Binding temp records addr	Number of temporary DHCPv6 snooping address entries that have been synchronized.
Binding valid records pd	Number of valid DHCPv6 snooping prefix entries that have been synchronized.
Binding temp records pd	Number of temporary DHCPv6 snooping prefix entries that have been synchronized.
Sync end number	Synchronization end number.

‌

Related commands

reset ipv6 dhcp snooping drni-statistics

display ipv6 dhcp snooping drni-status

Use display ipv6 dhcp snooping drni-status to display DRNI status information.

Syntax

display ipv6 dhcp snooping drni-status

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display DRNI status information.

<Sysname> display ipv6 dhcp snooping drni-status

Drni role: Secondary

IPP/IPP Index: Bridge-Aggregation3/1297

IPP State: UP

DR interface/DR group ID: Bridge-Aggregation4/4

Local DR interface state: UP

Peer DR interface state: UP

DR interface/DR group ID: Bridge-Aggregation5/5

Local DR interface state: UP

Peer DR interface state: UP

Table 4 Command output

Field	Description
Drni role	DRNI role: · Primary. · Secondary. If the device role is unknown, this field displays None.
IPP/IPP Index	IPP interface name/IPP interface index.
IPP State	Physical status of the IPP interface, up or down.
DR interface/DR group ID	DR interface name/DR group ID.
Local DR interface state	Status of the local DR interface: · UP—The DR interface is up if it has Selected ports in its aggregation group. · DOWN—The DR interface is down if it does not have Selected ports in its aggregation group.
Peer DR interface state	Status of the peer DR interface: · UP—The DR interface is up if it has Selected ports in its aggregation group. · DOWN—The DR interface is down if it does not have Selected ports in its aggregation group.

‌

display ipv6 dhcp snooping packet statistics

Use display ipv6 dhcp snooping packet statistics to display DHCPv6 packet statistics for DHCPv6 snooping.

Syntax

display ipv6 dhcp snooping packet statistics

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display DHCPv6 packet statistics for DHCPv6 snooping.

<Sysname> display ipv6 dhcp snooping packet statistics

DHCPv6 packets received : 100

DHCPv6 packets sent : 200

Invalid DHCPv6 packets dropped : 0

Related commands

reset ipv6 dhcp snooping packet statistics

display ipv6 dhcp snooping pd binding

Use display ipv6 dhcp snooping pd binding to display DHCPv6 snooping prefix entries.

Syntax

display ipv6 dhcp snooping pd binding [ prefix prefix/prefix-length [ vlan vlan-id ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

prefix prefix/prefix-length: Specifies an IPv6 prefix with its length. The value range for the prefix-length argument is 1 to 128.

vlan vlan-id: Specifies the ID of the VLAN where the IPv6 prefix resides. The value range for the vlan-id argument is 1 to 4094.

Usage guidelines

This command takes effect only after you execute the ipv6 dhcp snooping pd binding record command on the port directly connecting to the clients.

If you do not specify any parameters, this command displays all DHCPv6 snooping prefix entries.

Examples

# Display all DHCPv6 snooping prefix entries.

<Sysname> display ipv6 dhcp snooping pd binding

1 DHCPv6 snooping PD entries found.

IPv6 prefix Lease VLAN SVLAN Interface

================ =========== ==== ===== ========================

1:2::/64 54 2 N/A GigabitEthernet1/0/1

Table 5 Command output

Field	Description
n DHCPv6 snooping PD entries found.	Total number of DHCPv6 snooping prefix entries.
IPv6 prefix	IPv6 prefix assigned to the DHCPv6 client.
Lease	Remaining lease duration in seconds.
VLAN	When both DHCPv6 snooping and QinQ are enabled or the DHCPv6 packet contains two VLAN tags, this field identifies the outer VLAN tag. Otherwise, it identifies the VLAN where the port connecting the DHCPv6 client resides.
SVLAN	When both DHCPv6 snooping and QinQ are enabled or the DHCPv6 packet contains two VLAN tags, this field identifies the inner VLAN tag. Otherwise, it displays N/A.
Interface	Port connecting to the DHCPv6 client.

Related commands

ipv6 dhcp snooping pd binding record

reset ipv6 dhcp snooping pd binding

display ipv6 dhcp snooping trust

Use display ipv6 dhcp snooping trust to display information about trusted ports.

Syntax

display ipv6 dhcp snooping trust

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display information about trusted ports.

<Sysname> display ipv6 dhcp snooping trust

DHCPv6 snooping is enabled.

Interface Trusted

========================= ============

GigabitEthernet1/0/1 Trusted

VSI(Trust tunnel) Trusted

========================= ============

Interface SrvID Trusted

=================================== ============

GE1/0/1 1 Trusted

Table 6 Command output

Field	Description
Interface	Interface name.
VSI(Trust tunnel)	This field is not supported in the current software version. VSI name. This field is available when you configure the VXLAN tunnel interfaces assigned to the VSI as a DHCP snooping trusted interface by using the ipv6 dhcp snooping trust tunnel command.
SrvID	ID of the Ethernet service instance on which the mapped AC is configured as a DHCP snooping trusted interface.
Trusted	DHCP snooping trusted interface. This field displays Trusted if the interface is configured as trusted after the DHCPv6 snooping is enabled.

‌

Related commands

ipv6 dhcp snooping trust

ipv6 dhcp snooping alarm enable

Use ipv6 dhcp snooping alarm enable to enable the packet drop alarm.

Use undo ipv6 dhcp snooping alarm enable to disable the packet drop alarm.

Syntax

ipv6 dhcp snooping alarm { relay-forward | request-message } enable

undo ipv6 dhcp snooping alarm { relay-forward | request-message } enable

Default

The packet drop alarm is disabled.

Views

System view

Predefined user roles

network-admin

Parameters

relay-forward: Specifies Relay-Forward check.

request-message: Specifies DHCPv6-REQUEST check.

Usage guidelines

After you enable the packet drop alarm for a feature, the device generates an alarm log when the number of packets dropped by this feature reaches or exceeds the threshold. The alarm log is sent to the information center. You can set log message filtering and output rules by configuring the information center. For information about the information center, see information center configuration in Device Management Configuration Guide.

To set the alarm threshold, use the ipv6 dhcp snooping alarm threshold command.

For this command to take effect, you must first execute the ipv6 dhcp snooping log enable command to enable DHCPv6 snooping logging.

Examples

# Enable the packet drop alarm for Relay-Forward check.

<Sysname> system-view

[Sysname] ipv6 dhcp snooping alarm relay-forward enable

Related commands

ipv6 dhcp snooping alarm threshold

ipv6 dhcp snooping check relay-forward

ipv6 dhcp snooping check request-message

ipv6 dhcp snooping log enable

ipv6 dhcp snooping alarm threshold

Use ipv6 dhcp snooping alarm threshold to set a packet drop alarm threshold.

Use undo ipv6 dhcp snooping alarm threshold to restore the default.

Syntax

ipv6 dhcp snooping alarm { relay-forward | request-message } threshold threshold

undo ipv6 dhcp snooping alarm { relay-forward | request-message } threshold

Default

The packet drop alarm threshold is 100.

Views

System view

Predefined user roles

network-admin

Parameters

relay-forward: Specifies Relay-Forward check.

request-message: Specifies DHCPv6-REQUEST check.

threshold: Specifies the number of dropped packets that triggers a packet drop alarm. The value range is 1 to 1000.

Usage guidelines

The device generates an alarm log when the number of packets dropped due to the check failure reaches or exceeds the alarm threshold.

Examples

# Set the packet drop alarm threshold to 2 for Relay-Forward check.

<Sysname> system-view

[Sysname] ipv6 dhcp snooping alarm relay-forward threshold 2

Related commands

ipv6 dhcp snooping alarm enable

ipv6 dhcp snooping check relay-forward

ipv6 dhcp snooping check request-message

ipv6 dhcp snooping binding database filename

Use ipv6 dhcp snooping binding database filename to configure the DHCPv6 snooping device to back up DHCPv6 snooping entries to a file.

Use undo ipv6 dhcp snooping binding database filename to disable the auto backup and remove the backup file.

Syntax

ipv6 dhcp snooping binding database filename { filename | url url [ username username [ password { cipher | simple } string ] ] }

undo ipv6 dhcp snooping binding database filename

Default

The DHCPv6 snooping device does not back up DHCPv6 snooping entries.

Views

System view

Predefined user roles

network-admin

Parameters

filename: Specifies the name of a local backup file. The value for this argument is a case-insensitive string of 1 to 255 characters. For information about the filename argument, see Fundamentals Configuration Guide.

url url: Specifies the URL of a remote backup file. The URL is a case-sensitive string of 1 to 255 characters. Do not include a username or password in the URL. The supported path format type varies by server.

username username: Specifies the username for accessing the URL of the remote backup file. The username is a case-sensitive string of 1 to 32 characters. Do not specify this option if a username is not required for accessing the URL.

cipher: Specifies a password in encrypted form.

simple: Specifies a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in encrypted form.

string: Specifies the password. Its plaintext form is a case-sensitive string of 1 to 32 characters. Its encrypted form is a case-sensitive string of 1 to 73 characters. Do not specify this argument if a password is not required for accessing the URL of the remote backup file.

Usage guidelines

This command automatically creates the file if you specify a nonexistent file.

With this command executed, the DHCPv6 snooping device backs up its snooping entries immediately and runs auto backup. The snooping device, by default, waits 300 seconds after a DHCPv6 snooping entry change to update the backup file. You can use the ipv6 dhcp snooping binding database update interval command to change the waiting time. If no DHCPv6 snooping entry changes, the backup file is not updated.

As a best practice, back up the DHCPv6 snooping entries to a remote file. If you use the local storage medium, the frequent erasing and writing might damage the medium and then cause the DHCPv6 snooping device malfunction.

When the file is on a remote device, follow these restrictions and guidelines to specify the URL, username, and password:

· If the file is on an FTP server, enter URL in the format of ftp://server address:port/file path, where the port number is optional.

· If the file is on a TFTP server, enter URL in the format of tftp://server address:port/file path, where the port number is optional.

· The username and password must be the same as those configured on the FTP server. If the server authenticates only the username, the password can be omitted.

· If the IP address of the server is an IPv6 address, enclose the address in a pair of brackets, for example, ftp://[1::1]/database.dhcp.

· You can also specify the DNS domain name for the server address field, for example, ftp://company/database.dhcp.

Examples

# Configure the DHCPv6 snooping device to back up DHCPv6 snooping entries to the file database.dhcp.

<Sysname> system-view

[Sysname] ipv6 dhcp snooping binding database filename database.dhcp

# Configure the DHCPv6 snooping device to back up DHCPv6 snooping entries to the file database.dhcp in the working directory of the FTP server at 1::1.

<Sysname> system-view

[Sysname] ipv6 dhcp snooping binding database filename url ftp://[1::1]/database.dhcp username 1 password simple 1

# Configure the DHCPv6 snooping device to back up DHCPv6 snooping entries to the file database.dhcp in the working directory of the TFTP server at 2::1.

<Sysname> system-view

[Sysname] ipv6 dhcp snooping binding database filename url tftp://[2::1]/database.dhcp

Related commands

ipv6 dhcp snooping binding database update interval

Use ipv6 dhcp snooping binding database update interval to set the waiting time for the DHCPv6 snooping device to update the backup file after a DHCPv6 snooping entry change.

Use undo ipv6 dhcp snooping binding database update interval to restore the default.

Syntax

ipv6 dhcp snooping binding database update interval interval

undo ipv6 dhcp snooping binding database update interval

Default

The DHCPv6 snooping device waits 300 seconds to update the backup file after a DHCPv6 snooping entry change. If no DHCPv6 snooping entry changes, the backup file is not updated.

Views

System view

Predefined user roles

network-admin

Parameters

interval: Sets the waiting time in seconds, in the range of 60 to 864000.

Usage guidelines

When a DHCPv6 snooping entry is learned, updated, or removed, the waiting period starts. The DHCPv6 snooping device updates the backup file when the waiting period is reached. All snooping entries changed during the period will be saved to the backup file.

The waiting time takes effect only after you configure the DHCPv6 snooping entry auto backup by using the ipv6 dhcp snooping binding database filename command.

Examples

# Set the waiting time to 600 seconds for the DHCPv6 snooping device to update the backup file.

<Sysname> system-view

[Sysname] ipv6 dhcp snooping binding database update interval 600

Related commands

ipv6 dhcp snooping binding database filename

ipv6 dhcp snooping binding database update now

Use ipv6 dhcp snooping binding database update now to manually save DHCPv6 snooping entries to the backup file.

Syntax

ipv6 dhcp snooping binding database update now

Views

System view

Predefined user roles

network-admin

Usage guidelines

Each time this command is executed, the DHCPv6 snooping entries are saved to the backup file.

This command takes effect only after you configure the DHCPv6 snooping entry auto backup by using the ipv6 dhcp snooping binding database filename command.

Examples

# Manually save DHCPv6 snooping entries to the backup file.

<Sysname> system-view

[Sysname] ipv6 dhcp snooping binding database update now

Related commands

ipv6 dhcp snooping binding database filename

ipv6 dhcp snooping binding record

Use ipv6 dhcp snooping binding record to enable recording DHCPv6 snooping address entries.

Use undo ipv6 dhcp snooping binding record to disable recording DHCPv6 snooping address entries.

Syntax

ipv6 dhcp snooping binding record

undo ipv6 dhcp snooping binding record

Default

Recording of DHCPv6 snooping address entries is disabled.

Views

Layer 2 Ethernet interface/Layer 2 aggregate interface view

Predefined user roles

network-admin

Usage guidelines

You can configure this command on the ports that are directly connected to the DHCPv6 clients.

This command enables DHCPv6 snooping to record IP-to-MAC information of the DHCPv6 clients (called DHCPv6 snooping address entries).

If you configure this command in a VSI view, it takes effect on the ACs that are mapped to the VSI and the VXLAN tunnel interfaces that are assigned to the VSI.

Examples

# Enable recording DHCPv6 snooping address entries on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 dhcp snooping binding record

ipv6 dhcp snooping check relay-forward

Use ipv6 dhcp snooping check relay-forward to enable the Relay-Forward packet check.

Use undo ipv6 dhcp snooping check relay-forward to disable the Relay-Forward packet check.

Syntax

ipv6 dhcp snooping check relay-forward

undo ipv6 dhcp snooping check relay-forward

Default

The Relay-Forward packet check is disabled.

Views

Layer 2 Ethernet interface view

Layer 2 aggregate interface view

Predefined user roles

network-admin

Usage guidelines

A DHCPv6 snooping device functions between DHCPv6 clients and a DHCPv6 server, or between DHCPv6 clients and a DHCPv6 relay agent. When a DHCPv6 relay agent receives a DHCPv6 request, it generates a Relay-Forward packet, adds client information to Option 79, and then forwards the packet to the DHCPv6 server. If the DHCPv6 snooping device receives a Relay-Forward packet, it indicates that the DHCPv6 snooping device location is not correct. In this case, the DHCPv6 snooping device cannot function correctly.

This feature enables the DHCPv6 snooping device to drop Relay-Forward packets. When the number of dropped Relay-Forward packets reaches or exceeds the threshold, the device generates a log for administrators to adjust locations of the DHCPv6 devices.

Examples

# Enable the Relay-Forward packet check on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 dhcp snooping check relay-forward

Related commands

ipv6 dhcp snooping alarm enable

ipv6 dhcp snooping alarm threshold

ipv6 dhcp snooping check request-message

Use ipv6 dhcp snooping check request-message to enable the DHCPv6-REQUEST check feature.

Use undo ipv6 dhcp snooping check request-message to disable the DHCPv6-REQUEST check feature.

Syntax

ipv6 dhcp snooping check request-message

undo ipv6 dhcp snooping check request-message

Default

The DHCPv6-REQUEST check feature is disabled.

Views

Layer 2 Ethernet interface/Layer 2 aggregate interface view

Predefined user roles

network-admin

Usage guidelines

Use the DHCPv6-REQUEST check feature to protect the DHCPv6 server against DHCPv6 client spoofing attacks. The feature enables the DHCPv6 snooping device to check every received DHCPv6-RENEW, DHCPv6-DECLINE, or DHCPv6-RELEASE message against DHCPv6 snooping entries.

· If any criterion in an entry is matched, the device compares the entry with the message information.

¡ If they are consistent, the device considers the message valid and forwards it to the DHCPv6 server.

¡ If they are different, the device considers the message forged and discards it.

· If no matching entry is found, the device forwards the message to the DHCPv6 server.

Examples

# Enable DHCPv6-REQUEST check.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 dhcp snooping check request-message

ipv6 dhcp snooping client-detect

Use ipv6 dhcp snooping client-detect to enable client offline detection.

Use undo ipv6 dhcp snooping client-detect to disable client offline detection.

Syntax

ipv6 dhcp snooping client-detect

undo ipv6 dhcp snooping client-detect

Default

Client offline detection is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

When a DHCPv6 client goes offline abnormally, it does not send a message to the DHCPv6 server to release its IPv6 address. As a result, the DHCPv6 server is not aware of the offline event and cannot release the address lease of the client timely.

With this feature enabled, the DHCPv6 snooping device performs the following operations when the ND entry of a client ages out:

1. Deletes the DHCPv6 snooping entry for the client.

2. Sends a release message to the DHCPv6 server to inform the server to release the address lease of the client.

Examples

# Enable client offline detection.

<Sysname> system-view

[Sysname] ipv6 dhcp snooping client-detect

ipv6 dhcp snooping enable

Use ipv6 dhcp snooping enable to enable DHCPv6 snooping.

Use undo ipv6 dhcp snooping enable to disable DHCPv6 snooping.

Syntax

ipv6 dhcp snooping enable

undo ipv6 dhcp snooping enable

Default

DHCPv6 snooping is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

Use the DHCPv6 snooping feature together with trusted port configuration. Trusted ports forward responses from DHCPv6 servers and untrusted ports discard responses from DHCPv6 servers. This mechanism ensures that DHCPv6 clients obtain IPv6 addresses or prefixes from authorized DHCPv6 servers.

When DHCPv6 snooping is disabled, all ports on the device forward responses from DHCPv6 servers.

Examples

# Enable DHCPv6 snooping.

<Sysname> system-view

[Sysname] ipv6 dhcp snooping enable

ipv6 dhcp snooping log enable

Use ipv6 dhcp snooping log enable to enable DHCPv6 snooping logging.

Use undo ipv6 dhcp snooping log enable to disable DHCPv6 snooping logging.

Syntax

ipv6 dhcp snooping log enable

undo ipv6 dhcp snooping log enable

Default

DHCPv6 snooping logging is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This command enables the DHCPv6 snooping device to generate DHCPv6 snooping logs and send them to the information center. The log information helps administrators locate and solve problems. For information about the log destination and output rule configuration in the information center, see System Management Configuration Guide.

As a best practice, disable this feature if the log generation affects the device performance.

Examples

# Enable DHCPv6 snooping logging.

<Sysname> system-view

[Sysname] ipv6 dhcp snooping log enable

ipv6 dhcp snooping max-learning-num

Use ipv6 dhcp snooping max-learning-num to set the maximum number of DHCPv6 snooping entries for an interface to learn.

Use undo ipv6 dhcp snooping max-learning-num to restore the default.

Syntax

ipv6 dhcp snooping max-learning-num max-number

undo ipv6 dhcp snooping max-learning-num

Default

The number of DHCPv6 snooping entries for an interface to learn is not limited.

Views

Layer 2 Ethernet interface/Layer 2 aggregate interface view

Predefined user roles

network-admin

Parameters

max-number: Sets the maximum number of DHCPv6 snooping entries for an interface to learn. The value range for this argument varies by device model. The following compatibility matrixes show the value ranges for this argument:

Series	Models	Product codes	Value ranges
WX3500X series	WX3510X WX3520X WX3540X	EWP-WX3510X EWP-WX3520X EWP-WX3540X	EWP-WX3510X: 1 to 11520 EWP-WX3520X: 1 to 23040 EWP-WX3540X: 1 to 46080
WCG380 series	WCG382	EWP-WCG382	EWP-WCG382: 1 to 12288

Series

Models

Product codes

Value ranges

WX3500X series

WX3510X

WX3520X

WX3540X

EWP-WX3510X

EWP-WX3520X

EWP-WX3540X

EWP-WX3510X: 1 to 11520

EWP-WX3520X: 1 to 23040

EWP-WX3540X: 1 to 46080

WCG380 series

WCG382

EWP-WCG382

EWP-WCG382: 1 to 12288

Series	Models	Product codes	Value ranges
WX3800X series	WX3820X WX3840X	EWP-WX3820X EWP-WX3840X	EWP-WX3820X: 1 to 23040 EWP-WX3840X: 1 to 46080

Series

Models

Product codes

Value ranges

WX3800X series

WX3820X

WX3840X

EWP-WX3820X

EWP-WX3840X

EWP-WX3820X: 1 to 23040

EWP-WX3840X: 1 to 46080

Usage guidelines

When an interface learns the maximum number of DHCPv6 snooping entries, the interface stops learning DHCPv6 snooping entries. This does not affect the operation of the DHCPv6 snooping feature.

Examples

# Configure the Layer 2 Ethernet interface GigabitEthernet 1/0/1 to learn a maximum of 10 DHCPv6 snooping entries.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 dhcp snooping max-learning-num 10

ipv6 dhcp snooping option interface-id enable

Use ipv6 dhcp snooping option interface-id enable to enable support for the interface-ID option (also called Option 18).

Use undo ipv6 dhcp snooping option interface-id enable to disable support for the interface-ID option.

Syntax

ipv6 dhcp snooping option interface-id enable

undo ipv6 dhcp snooping option interface-id enable

Default

Option 18 is not supported.

Views

Layer 2 Ethernet interface/Layer 2 aggregate interface view

Predefined user roles

network-admin

Usage guidelines

This command takes effect only when DHCPv6 snooping is globally enabled.

Examples

# Enable support for Option 18.

<Sysname> system-view

[Sysname] ipv6 dhcp snooping enable

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 dhcp snooping option interface-id enable

Related commands

ipv6 dhcp snooping enable

ipv6 dhcp snooping option interface-id string

Use ipv6 dhcp snooping option interface-id string to specify the content as the interface ID for Option 18.

Use undo ipv6 dhcp snooping option interface-id to restore the default.

Syntax

ipv6 dhcp snooping option interface-id [ vlan vlan-id ] string interface-id

undo ipv6 dhcp snooping option interface-id [ vlan vlan-id ]

Default

The DHCPv6 snooping device uses its DUID as the content for Option 18.

Views

Layer 2 Ethernet interface/Layer 2 aggregate interface view

Predefined user roles

network-admin

Parameters

vlan vlan-id: Pads the interface ID for packets received from the specified VLAN. If you do not specify a VLAN, the device pads the interface ID for packets received from the default VLAN.

interface-id: Specifies a string of 1 to 128 characters as the interface ID.

Examples

# Specify company001 as the interface ID.

<Sysname> system-view

[Sysname] ipv6 dhcp snooping enable

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 dhcp snooping option interface-id enable

[Sysname-GigabitEthernet1/0/1] ipv6 dhcp snooping option interface-id string company001

Related commands

ipv6 dhcp snooping enable

ipv6 dhcp snooping option interface-id enable

ipv6 dhcp snooping option remote-id enable

Use ipv6 dhcp snooping option remote-id enable to enable support for the remote-ID option (also called Option 37).

Use undo ipv6 dhcp snooping option remote-id enable to disable support for the remote-ID option.

Syntax

ipv6 dhcp snooping option remote-id enable

undo ipv6 dhcp snooping option remote-id enable

Default

Option 37 is not supported.

Views

Layer 2 Ethernet interface/Layer 2 aggregate interface view

Predefined user roles

network-admin

Usage guidelines

This command takes effect only when DHCPv6 snooping is globally enabled.

Examples

# Enable support for Option 37.

<Sysname> system-view

[Sysname] ipv6 dhcp snooping enable

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 dhcp snooping option remote-id enable

Related commands

ipv6 dhcp snooping enable

ipv6 dhcp snooping option remote-id string

Use ipv6 dhcp snooping option remote-id string to specify the content as the remote ID for Option 37.

Use undo ipv6 dhcp snooping option remote-id to restore the default.

Syntax

ipv6 dhcp snooping option remote-id [ vlan vlan-id ] string remote-id

undo ipv6 dhcp snooping option remote-id [ vlan vlan-id ]

Default

The DHCPv6 snooping device uses its DUID as the content for Option 37.

Views

Layer 2 Ethernet interface/Layer 2 aggregate interface view

Predefined user roles

network-admin

Parameters

vlan vlan-id: Pads the remote ID for packets received from the specified VLAN. If you do not specify a VLAN, the device pads the remote ID for packets received from the default VLAN.

remote-id: Specifies a string of 1 to 128 characters as the remote ID.

Examples

# Specify device001 as the remote ID.

<Sysname> system-view

[Sysname] ipv6 dhcp snooping enable

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 dhcp snooping option remote-id enable

[Sysname-GigabitEthernet1/0/1] ipv6 dhcp snooping option remote-id string device001

Related commands

ipv6 dhcp snooping enable

ipv6 dhcp snooping option remote-id enable

ipv6 dhcp snooping pd binding record

Use ipv6 dhcp snooping pd binding record to enable recording DHCPv6 snooping prefix entries.

Use undo ipv6 dhcp snooping pd binding record to disable recording DHCPv6 snooping prefix entries.

Syntax

ipv6 dhcp snooping pd binding record

undo ipv6 dhcp snooping pd binding record

Default

Recording of DHCPv6 snooping prefix entries is disabled.

Views

Layer 2 Ethernet interface/Layer 2 aggregate interface view

Predefined user roles

network-admin

Usage guidelines

This command enables DHCPv6 snooping to record IPv6 prefix-to-port information of the DHCPv6 clients (called DHCPv6 snooping prefix entries). When IP source guard (IPSG) is configured on the DHCP snooping device, IPSG can generate dynamic bindings based on the DHCP snooping prefix entries to filter out illegitimate packets.

If you configure this command in a VSI view, this command takes effect on the ACs that are mapped to the VSI and the VXLAN tunnel interfaces that are assigned to the VSI.

Examples

# Enable DHCPv6 snooping prefix entries on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname]interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 dhcp snooping pd binding record

Related commands

display ipv6 dhcp snooping pd binding

ipv6 dhcp snooping rate-limit

Use ipv6 dhcp snooping rate-limit to enable DHCPv6 snooping packet rate limit on an interface and set the limit value.

Use undo ipv6 dhcp snooping rate-limit to disable DHCPv6 snooping packet rate limit.

Syntax

ipv6 dhcp snooping rate-limit rate

undo ipv6 dhcp snooping rate-limit

Default

The DHCPv6 snooping packet rate limit is disabled on an interface.

Views

Layer 2 Ethernet interface/Layer 2 aggregate interface view

Predefined user roles

network-admin

Parameters

rate: Specifies the maximum rate in Kbps. The value range is 64 to 512.

Usage guidelines

This command takes effect only when DHCPv6 snooping is enabled.

The DHCPv6 packet rate limit feature enables the interface to discard DHCPv6 packets that exceed the maximum rate.

The rate configured on a Layer 2 aggregate interface applies to all members of the aggregate interface. If a member interface leaves the aggregation group, it uses the rate configured in its Ethernet interface view.

The chip-supported maximum rate is an integer multiple of eight. If you set the maximum rate to 67, the value 64 or 72 takes effect.

Examples

# Configure GigabitEthernet 1/0/1 to receive DHCPv6 packets at a maximum rate of 64 Kbps.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 dhcp snooping rate-limit 64

ipv6 dhcp snooping trust

Use ipv6 dhcp snooping trust to configure a port as a trusted port.

Use undo ipv6 dhcp snooping trust to restore the default state of a port.

Syntax

ipv6 dhcp snooping trust

undo ipv6 dhcp snooping trust

Default

After you enable DHCPv6 snooping, all ports are untrusted.

Views

Layer 2 Ethernet interface view

Layer 2 aggregate interface view

Predefined user roles

network-admin

Usage guidelines

Specify the port facing the DHCP server as trusted and specify the other ports as untrusted so DHCP clients can obtain valid IP addresses.

Examples

# Specify GigabitEthernet 1/0/1 as a trusted port.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 dhcp snooping trust

Related commands

display ipv6 dhcp snooping trust

reset ipv6 dhcp snooping binding

Use reset ipv6 dhcp snooping binding to clear DHCPv6 snooping address entries.

Syntax

reset ipv6 dhcp snooping binding { all | address ipv6-address [ vlan vlan-id ] }

Views

User view

Predefined user roles

network-admin

Parameters

address ipv6-address: Clears the DHCPv6 snooping entry for the specified IPv6 address.

vlan vlan-id: Clears DHCPv6 snooping address entries for the specified VLAN. If you do not specify a VLAN, this command clears DHCPv6 snooping address entries for the default VLAN.

all: Clears all DHCPv6 snooping address entries.

Examples

# Clear all DHCPv6 snooping address entries.

<Sysname> reset ipv6 dhcp snooping binding all

Related commands

display ipv6 dhcp snooping binding

reset ipv6 dhcp snooping drni-statistics

Use reset ipv6 dhcp snooping drni-statistics to clear DRNI synchronization statistics for DHCPv6 snooping entries.

Syntax

reset ipv6 dhcp snooping drni-statistics

Views

User view

Predefined user roles

network-admin

Examples

# Clear DRNI synchronization statistics for DHCPv6 snooping entries.

<Sysname> reset ipv6 dhcp snooping drni-statistics

Related commands

display ipv6 dhcp snooping drni-statistics

reset ipv6 dhcp snooping packet statistics

Use reset ipv6 dhcp snooping packet statistics to clear DHCPv6 packet statistics for DHCPv6 snooping.

Syntax

reset ipv6 dhcp snooping packet statistics

Views

User view

Predefined user roles

network-admin

Examples

# Clear DHCPv6 packet statistics for DHCPv6 snooping.

<Sysname> reset ipv6 dhcp snooping packet statistics

Related commands

display ipv6 dhcp snooping packet statistics

reset ipv6 dhcp snooping pd binding

Use reset ipv6 dhcp snooping pd binding to clear DHCPv6 snooping prefix entries.

Syntax

reset ipv6 dhcp snooping pd binding { all | prefix prefix/prefix-length [ vlan vlan-id ] }

Views

User view

Predefined user roles

network-admin

Parameters

all: Clears all DHCPv6 snooping prefix entries.

prefix prefix/prefix-length: Clears DHCPv6 snooping entries for the specified IPv6 prefix. The value range for the prefix-length argument is 1 to 128.

vlan vlan-id: Clears DHCPv6 snooping prefix entries for the specified VLAN. The value range for the vlan-id argument is 1 to 4094.

Usage guidelines

If you do not specify any parameters, this command clears all DHCPv6 snooping prefix entries.

Examples

# Clear DHCPv6 snooping prefix entries for 1:2::/64.

<Sysname> reset ipv6 dhcp snooping pd binding prefix 1:2::/64

Related commands

display ipv6 dhcp snooping pd binding

05-Network Connectivity

DHCPv6 snooping commands

Intelligent Terminal Products

Product Support Services

Technical Service Solutions

Resource Center

Policy

Online Help

Become a Partner

Partner Policy & Program

Global Learning

Partner Sales Resources

Service Business

News & Events

Contact Us