From the course: Cisco CCNP ENARSI v1.1 (300-410) Cert Prep: 3 Infrastructure Security

Unlock this course with a free trial

Join today to access over 22,700 courses taught by industry experts.

DHCPv6 Guard

DHCPv6 Guard

From the course: Cisco CCNP ENARSI v1.1 (300-410) Cert Prep: 3 Infrastructure Security

Start my 1-month free trial Buy for my team

DHCPv6 Guard

- [Instructor] If you're familiar with the concept of DHCP snooping for IP version four, then DHCP version six Guard is a very similar feature for IP version six networks. DHCP version six Guard blocks DHCP reply and advertisement messages that originate from unauthorized DHCP servers or DHCP relay agents in order to prevent rogue servers from handing out addresses on our network. Very similar to what we looked at with RA Guard, DHCP version six Guard requires first a policy to be configured in DHCP Guard configuration mode, and then that policy can be applied on a per interface basis or at the VLAN level, applying the policy itself to the selected interfaces. Let's say we have a switch in our network and off of Gig 0/1, we have a legitimate DHCP server that we do want to trust. In order to configure DHCP version six Guard for this, we would first create a policy with the command IP version six DHCP guard policy followed by the name of the policy. In this example, you can see that's…

Contents