How to limit DHCPv6 packets?


we can configure "cpu-defend policy"to limite the DHCPv6 packet.
For V200R001 and above , we can configure"undo dhcp snooping enable ipv6"to disable the DHCPv6 snooping function.

Other related questions:
How to configure bandwidth limiting on an AR?
Traffic shaping, traffic policing, and interface-based rate limiting can be configured to limit bandwidth. 1. Configuration commands: The qos gts command configures traffic shaping. The qos car command configures traffic policing. The qos lr command configures interface bandwidth. 2. Log in to the web system, choose QoS > Traffic Management > Policy Parameter Configuration, and set parameters.

DHCPv6 Relay configuration on S series switch
S series switches (except S1700 switches) support the DHCPv6 relay function, which can be configured using either of the following methods: - Configure an IPv6 address for the DHCPv6 server or the next-hop relay agent on an interface. [HUAWEI] dhcp enable [HUAWEI] ipv6 [HUAWEI] interface vlanif 100 [HUAWEI-Vlanif100] ipv6 enable [HUAWEI-Vlanif100] dhcpv6 relay destination fc00:1::1 //Enable DHCPv6 relay and configure an IPv6 address for the DHCPv6 server or the next-hop relay agent. - Bind a DHCPv6 server group on an interface. [HUAWEI] dhcp enable [HUAWEI] ipv6 [HUAWEI] dhcpv6 server group DHCPv6-srv1 //Create a DHCPv6 server group. [HUAWEI-dhcpv6-server-group-DHCPv6-srv1] dhcpv6-server fc00:1::1 //Add a DHCPv6 server with IPv6 address fc00:1::1 [HUAWEI-dhcpv6-server-group-DHCPv6-srv1] quit [HUAWEI] interface vlanif 100 [HUAWEI-Vlanif100] ipv6 enable [HUAWEI-Vlanif100] dhcpv6 relay server-select DHCPv6-srv1 //Bind the DHCPv6 server group on the interface. For details about DHCPv6 relay support of S series switches, see information on the right.

DHCPv6 support on S series switch
Versions and models of S series switches (except S1700 switches) that support DHCPv6 are as follows: - S9300 and S7700 series switches in V100R003 and later versions - S3700SI, S3700EI, S5700SI, and S5700EI switches in V100R005 and later versions - S3700HI, S5700HI, and S6700EI switches in V100R006 and later versions - S9700 series, S5700LI, S5700S-LI, S5710-C-LI, and S5710EI switches in V200R001 and later versions - S2750EI and S5710HI switches in V200R003 and later versions - S12708 and S12712 switches in V200R005 and later versions - S1720, S2720EI, and S5720HI switches in V200R006 and later versions - S5720EI switches in V200R007 and later versions

How can the CPU be protected from DHCPv6 messages
Run the display cpu-defend statistics command to check the statistics on CPCAR packets. If a large number of DHCPv6 messages are discarded, check whether IPv6 is required. If IPv6 is not required, configure an attack defense policy to directly discard DHCPv6 messages. Run the undo dhcp snooping enable ipv6 command to disable DHCPv6 snooping on the switch in V200R001 and later versions.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top